Re: Review Request 74704: RANGER-4495: Upgrade netty to 4.1.100.Final
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74704/#review225903 --- Ship it! Ship It! - Nikhil P On Oct. 30, 2023, 11:26 a.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74704/ > --- > > (Updated Oct. 30, 2023, 11:26 a.m.) > > > Review request for ranger, Dineshkumar Yadav, Harshal Chavan, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Sailaja > Polavarapu. > > > Bugs: RANGER-4495 > https://issues.apache.org/jira/browse/RANGER-4495 > > > Repository: ranger > > > Description > --- > > Upgrade netty to 4.1.100-final or higher > > > Diffs > - > > pom.xml 115580ada > > > Diff: https://reviews.apache.org/r/74704/diff/1/ > > > Testing > --- > > 1. mvn clean compile package install > > > Thanks, > > Kishor Gollapalliwar > >
Ranger XXAccessAuditv4 issue with Java 11
Hi Team I am using ranger 2.1.0 and trying to. upgrade to JAVA 11 for the same but I am seeing following issue in Ranger logs while ranger startup happens . It seems some XXAccessAuditV4 primary key annotation issue, when I checked its parent i.e XXAccessAuditBase I see @ID annotation for the parent already present, does anyone has any clues on this issue ? or has someone observed it before? [ERROR ] [main] org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.buildNativeEntityManagerFactory(AbstractEntityManagerFactoryBean.java:426) Failed to initialize JPA EntityManagerFactory: Exception [EclipseLink-28018] (Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd): org.eclipse.persistence.exceptions.EntityManagerSetupException|Exception Description: Predeployment of PersistenceUnit [defaultPU] failed.|Internal Exception: Exception [EclipseLink-7161] (Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd): org.eclipse.persistence.exceptions.ValidationException|Exception Description: Entity class [class org.apache.ranger.entity.XXAccessAuditV4] has no primary key specified. It should define either an @Id, @EmbeddedId or an @IdClass. If you have defined PK using any of these annotations then make sure that you do not have mixed access-type (both fields and properties annotated) in your entity class hierarchy. Thanks in advance. Regards, Nikhil Purbhe
Re: Review Request 74247: RANGER-4005:Add support in ranger to return the list of roles in which given role is associated
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74247/ --- (Updated Dec. 8, 2022, 8:37 p.m.) Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, Subhrat Chaudhary, and Velmurugan Periasamy. Bugs: RANGER-4005 https://issues.apache.org/jira/browse/RANGER-4005 Repository: ranger Description --- Currently Role related API's does not provide functionality to provide the list of roles in which given role is associated with. For eg.If ParentRole1 contains containingRole1, containingRole2 ParentRole2 contains containingRole2 ParentRole3 contains containingRole1 ,containingRole3 . . . ParentRole 1000 Now If I want to know containingRole1 is part of which Roles then I don't have a direct way to know the list of roles in which containingRole1 is present. we need an API in RoleREST which can give the list of roles in which given role is present. we can pass the Rolename as containingRole1 to this API which will return us the ParentRole1, ParentRole3. API input output based on above data could be as follows, Input Output containingRole1 Role Object for ParentRole1, ParentRole3. containingRole2 Role Object for ParentRole1, ParentRole2 containingRole3 Role Object for ParentRole3 Diffs - security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java c7a6ea0a6 security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 4f0edd2b0 security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java 2a123de93 Diff: https://reviews.apache.org/r/74247/diff/1/ Testing (updated) --- Added test cases to verify. Run the full build with test cases. Thanks, Nikhil P
Review Request 74247: RANGER-4005:Add support in ranger to return the list of roles in which given role is associated
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74247/ --- Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, Subhrat Chaudhary, and Velmurugan Periasamy. Bugs: RANGER-4005 https://issues.apache.org/jira/browse/RANGER-4005 Repository: ranger Description --- Currently Role related API's does not provide functionality to provide the list of roles in which given role is associated with. For eg.If ParentRole1 contains containingRole1, containingRole2 ParentRole2 contains containingRole2 ParentRole3 contains containingRole1 ,containingRole3 . . . ParentRole 1000 Now If I want to know containingRole1 is part of which Roles then I don't have a direct way to know the list of roles in which containingRole1 is present. we need an API in RoleREST which can give the list of roles in which given role is present. we can pass the Rolename as containingRole1 to this API which will return us the ParentRole1, ParentRole3. API input output based on above data could be as follows, Input Output containingRole1 Role Object for ParentRole1, ParentRole3. containingRole2 Role Object for ParentRole1, ParentRole2 containingRole3 Role Object for ParentRole3 Diffs - security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java c7a6ea0a6 security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 4f0edd2b0 security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java 2a123de93 Diff: https://reviews.apache.org/r/74247/diff/1/ Testing --- Added test cases to verify. Thanks, Nikhil P
Re: Review Request 72637: RANGER-2888: Upgrade Spring framework to version 4.3.27.RELEASE
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72637/#review221124 --- Ship it! Ship It! - Nikhil P On July 2, 2020, 10:48 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72637/ > --- > > (Updated July 2, 2020, 10:48 a.m.) > > > Review request for ranger. > > > Bugs: RANGER-2888 > https://issues.apache.org/jira/browse/RANGER-2888 > > > Repository: ranger > > > Description > --- > > Here I am proposing to Upgrade Spring Security version to 4.3.27 > > > Diffs > - > > pom.xml 3014c2130 > > > Diff: https://reviews.apache.org/r/72637/diff/3/ > > > Testing > --- > > Tested Ranger build, installation, start and login. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 72637: RANGER-2888: Upgrade Spring framework to version 4.3.27.RELEASE
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72637/#review221125 --- Ship it! Ship It! - Nikhil P On July 2, 2020, 10:48 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72637/ > --- > > (Updated July 2, 2020, 10:48 a.m.) > > > Review request for ranger. > > > Bugs: RANGER-2888 > https://issues.apache.org/jira/browse/RANGER-2888 > > > Repository: ranger > > > Description > --- > > Here I am proposing to Upgrade Spring Security version to 4.3.27 > > > Diffs > - > > pom.xml 3014c2130 > > > Diff: https://reviews.apache.org/r/72637/diff/3/ > > > Testing > --- > > Tested Ranger build, installation, start and login. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 72585: RANGER-2854: Make audit bootstrap property configurable
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72585/#review221000 --- Ship it! Ship It! - Nikhil P On June 11, 2020, 5:55 p.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72585/ > --- > > (Updated June 11, 2020, 5:55 p.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Colm > O hEigeartaigh, Gautam Borad, Jayendra Parab, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, Sailaja Polavarapu, Velmurugan Periasamy, Qiang Zhang, > and Zsombor Gegesy. > > > Bugs: RANGER-2854 > https://issues.apache.org/jira/browse/RANGER-2854 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** Current bootstrap properties are not available in > install.properties so at the first time installation user have to manually > change in the ranger-admin-site.xml. Also after the elastic search audit > feature these property should be honoured based on ranger audit source type > which can be solr or elastic search. > > **Proposed solution:** by Exposing bootstrap configs in install.properties, > setup.sh shall update them in ranger-admin-site.xml. During the start of > embeddedserver based on ranger audit source type relevant bootstrap property > will be referred. By default bootstrap config values are true. > > > Diffs > - > > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java > dc931c25d > security-admin/scripts/install.properties cb79d1295 > security-admin/scripts/setup.sh 61d351dde > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 3eb47f932 > security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5dc14ab21 > > > Diff: https://reviews.apache.org/r/72585/diff/1/ > > > Testing > --- > > Tested Ranger installation with true and false values; values are getting > populated in ranger-admin-site.xml file. > > > Thanks, > > Pradeep Agrawal > >
Review Request 71941: RANGER-2680 : Ranger Usersync and Tagsync is not updating session cookie until restart
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71941/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2680 https://issues.apache.org/jira/browse/RANGER-2680 Repository: ranger Description --- Ranger Usersync and Tagsync is not updating session cookie until restart, this is generating unnecessary login sessions in ranger admin from usersync and tagsync. Ranger clients should update the invalid session cookie and replace it with cookie which is valid and avoid unnecessary login session count increment. Diffs - tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java dff7241ca ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java b6a29878d ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 6a24213ef Diff: https://reviews.apache.org/r/71941/diff/1/ Testing --- 1.Dev tested on local VM Thanks, Nikhil P
Re: Review Request 71939: RANGER-2678: RangerUgSyncRESTClient sets password as username for basic auth
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71939/#review219104 --- Ship it! Ship It! - Nikhil P On Dec. 24, 2019, 3:58 p.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71939/ > --- > > (Updated Dec. 24, 2019, 3:58 p.m.) > > > Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh > Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2678 > https://issues.apache.org/jira/browse/RANGER-2678 > > > Repository: ranger > > > Description > --- > > **Problem Statement: ** > RANGER-2591 Introduced changes to usersync (unix/ldap). > > The following line is however broken > > https://github.com/apache/ranger/blame/master/ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java#L83 > > getClient().addFilter(new HTTPBasicAuthFilter(getPassword(), getPassword())); > > **Proposed Solution: ** > it should be > > getClient().addFilter(new HTTPBasicAuthFilter(getUsername(), getPassword())); > > > Diffs > - > > src/main/assembly/usersync.xml 220126cf8 > ugsync/pom.xml 9e33d3d3e > > ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java > e4024a25a > > > Diff: https://reviews.apache.org/r/71939/diff/1/ > > > Testing > --- > > Tested the ranger usersync module and users are getting synced to ranger > admin. > > > Thanks, > > Pradeep Agrawal > >
Review Request 71940: RANGER-2679 : upgrade spring framework version to 4.3.23 to be compatible with current spring security version(4.2.13)
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71940/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2679 https://issues.apache.org/jira/browse/RANGER-2679 Repository: ranger Description --- upgrade spring framework version to 4.3.23 to be compatible with current spring security version(4.2.13) Diffs - pom.xml 90c395a8d Diff: https://reviews.apache.org/r/71940/diff/1/ Testing --- 1.Tested on simple,kerberos,SSL 2.made sure ranger functionality does not breaks due to version/compatibility issue of spring. Thanks, Nikhil P
Re: Review Request 71616: RANGER-2660 : Option to create missing users/groups/roles while creating/updating/importing policies
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71616/ --- (Updated Dec. 16, 2019, 6:38 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2660 https://issues.apache.org/jira/browse/RANGER-2660 Repository: ranger Description --- provide an option to create missing users/groups/roles which are not present in ranger admin while creating/updating/importing policies Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerRoleValidator.java beeb888e5 security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 3846d008c security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java e8b58d1fd Diff: https://reviews.apache.org/r/71616/diff/3/ Changes: https://reviews.apache.org/r/71616/diff/2-3/ Testing --- 1.Tested with create/update/import policies for user/group/roles. Thanks, Nikhil P
Re: Review Request 71616: RANGER-2660 : Option to create missing users/groups/roles while creating/updating/importing policies
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71616/ --- (Updated Dec. 9, 2019, 6:21 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2660 https://issues.apache.org/jira/browse/RANGER-2660 Repository: ranger Description --- provide an option to create missing users/groups/roles which are not present in ranger admin while creating/updating/importing policies Diffs - agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerRoleValidator.java beeb888e5 security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 7b2356bfd security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java abb1b1013 Diff: https://reviews.apache.org/r/71616/diff/2/ Testing --- 1.Tested with create/update/import policies for user/group/roles. Thanks, Nikhil P
Re: Review Request 71617: RANGER-2644 : Improvement in Ranger encryption algorithm usage
> On Nov. 13, 2019, 1:29 a.m., Ramesh Mani wrote: > > security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java > > Lines 209 (patched) > > <https://reviews.apache.org/r/71617/diff/1/?file=2172305#file2172305line209> > > > > md5EncryptedPassword => can this be null? > > Do we need to check dbPassword.equals(md5EncryptedPassword) if that is > > the case? encryptWithOlderAlgo will always return non null md5EncryptedPassword - Nikhil --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71617/#review218604 ------- On Nov. 12, 2019, 6:40 p.m., Nikhil P wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71617/ > --- > > (Updated Nov. 12, 2019, 6:40 p.m.) > > > Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, > Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-2644 > https://issues.apache.org/jira/browse/RANGER-2644 > > > Repository: ranger > > > Description > --- > > Improvement in Ranger encryption algorithm usage > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 9e457826e > > security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java > 303705329 > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 8ebeeb555 > > > Diff: https://reviews.apache.org/r/71617/diff/1/ > > > Testing > --- > > Tested If SHA256 algorithm is used for encryption. > Made sure ranger setup process runs properly and default password change > request does not fail. > > > Thanks, > > Nikhil P > >
Review Request 71617: RANGER-2644 : Improvement in Ranger encryption algorithm usage
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71617/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2644 https://issues.apache.org/jira/browse/RANGER-2644 Repository: ranger Description --- Improvement in Ranger encryption algorithm usage Diffs - security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 9e457826e security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java 303705329 security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 8ebeeb555 Diff: https://reviews.apache.org/r/71617/diff/1/ Testing --- Tested If SHA256 algorithm is used for encryption. Made sure ranger setup process runs properly and default password change request does not fail. Thanks, Nikhil P
Re: Review Request 71615: RANGER-2618 : Restrict rolename change when a policy with that role exist
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71615/ --- (Updated Oct. 17, 2019, 5:11 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2618 https://issues.apache.org/jira/browse/RANGER-2618 Repository: ranger Description --- When we try to delete a role associated with a ranger policy, the operation is not allowed. Likewise, role edit for rolename change also should be restricted. Reason: Rolename edit is allowed and the ranger policy still exists with old rolename reference. Policy enforcement happens as per old policy. Rolename change is not taken into consideration during policy download. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 0854ff20e Diff: https://reviews.apache.org/r/71615/diff/3/ Changes: https://reviews.apache.org/r/71615/diff/2-3/ Testing --- Tested on local vm whether rolename update is restricted if it exists in any policy. Thanks, Nikhil P
Re: Review Request 71614: RANGER-2617 : Provide descriptive error message when role delete not allowed
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71614/ --- (Updated Oct. 17, 2019, 4:19 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- resolved review comments. added rolename in descriptive message. Bugs: RANGER-2617 https://issues.apache.org/jira/browse/RANGER-2617 Repository: ranger Description --- Scenario: Create a role r1 Create a ranger policy for role r1 Try to delete role Role delete is not allowed as a policy exists with the specified role. Response: XXRole can't be deleted Expected: Descriptive message with details on why the operation is not allowed Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 5d432f8d8 security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefRoleDao.java b92f8066f security-admin/src/main/java/org/apache/ranger/db/XXRoleRefRoleDao.java 419481079 security-admin/src/main/resources/META-INF/jpa_named_queries.xml 7e2139916 Diff: https://reviews.apache.org/r/71614/diff/4/ Changes: https://reviews.apache.org/r/71614/diff/3-4/ Testing --- Tested on local VM if descriptive response is given If role delete is not allowed. Thanks, Nikhil P
Re: Review Request 71613: RANGER-2619 : Admin Audit Details not displayed for edit role.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71613/#review218256 --- Ship it! Ship It! - Nikhil P On Oct. 16, 2019, 12:09 p.m., Mateen Mansoori wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71613/ > --- > > (Updated Oct. 16, 2019, 12:09 p.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Nikhil P, and Pradeep Agrawal. > > > Bugs: RANGER-2619 > https://issues.apache.org/jira/browse/RANGER-2619 > > > Repository: ranger > > > Description > --- > > * When an existing role is edited by adding a new group or role or users, the > details are not displayed in the admin access details popup. > > * Added changes to not generate logs when former and new values are same or > both values are empty. > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java > 17d74d5 > > security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java > ce2dc35 > > > Diff: https://reviews.apache.org/r/71613/diff/2/ > > > Testing > --- > > -> BUILD SUCCESS ON LATEST APACHE MASTER > -> Created role 'Dev_Role2' without adding any user, group and roles. > > * Edited 'Dev_Role2' by adding user or role or groups. > * Checked admin audit log generated as expected. > > > Thanks, > > Mateen Mansoori > >
Re: Review Request 71614: RANGER-2617 : Provide descriptive error message when role delete not allowed
> On Oct. 15, 2019, 9:59 p.m., Madhan Neethiraj wrote: > > security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java > > Lines 159 (patched) > > <https://reviews.apache.org/r/71614/diff/2/?file=2169119#file2169119line159> > > > > In addition to looking for references in policies, shouldn't references > > from other roles be checked as well? yes, it should be checked. - Nikhil --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71614/#review218219 ------- On Oct. 16, 2019, 2:56 p.m., Nikhil P wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71614/ > --- > > (Updated Oct. 16, 2019, 2:56 p.m.) > > > Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, > Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-2617 > https://issues.apache.org/jira/browse/RANGER-2617 > > > Repository: ranger > > > Description > --- > > Scenario: > Create a role r1 > Create a ranger policy for role r1 > Try to delete role > Role delete is not allowed as a policy exists with the specified role. > > Response: XXRole can't be deleted > > Expected: > Descriptive message with details on why the operation is not allowed > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java > dfc5be89d > > > Diff: https://reviews.apache.org/r/71614/diff/3/ > > > Testing > --- > > Tested on local VM if descriptive response is given If role delete is not > allowed. > > > Thanks, > > Nikhil P > >
Re: Review Request 71614: RANGER-2617 : Provide descriptive error message when role delete not allowed
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71614/ --- (Updated Oct. 16, 2019, 2:56 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2617 https://issues.apache.org/jira/browse/RANGER-2617 Repository: ranger Description --- Scenario: Create a role r1 Create a ranger policy for role r1 Try to delete role Role delete is not allowed as a policy exists with the specified role. Response: XXRole can't be deleted Expected: Descriptive message with details on why the operation is not allowed Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java dfc5be89d Diff: https://reviews.apache.org/r/71614/diff/3/ Changes: https://reviews.apache.org/r/71614/diff/2-3/ Testing --- Tested on local VM if descriptive response is given If role delete is not allowed. Thanks, Nikhil P
Re: Review Request 71615: RANGER-2618 : Restrict rolename change when a policy with that role exist
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71615/ --- (Updated Oct. 15, 2019, 7:24 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2618 https://issues.apache.org/jira/browse/RANGER-2618 Repository: ranger Description --- When we try to delete a role associated with a ranger policy, the operation is not allowed. Likewise, role edit for rolename change also should be restricted. Reason: Rolename edit is allowed and the ranger policy still exists with old rolename reference. Policy enforcement happens as per old policy. Rolename change is not taken into consideration during policy download. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java dfc5be89d Diff: https://reviews.apache.org/r/71615/diff/2/ Changes: https://reviews.apache.org/r/71615/diff/1-2/ Testing --- Tested on local vm whether rolename update is restricted if it exists in any policy. Thanks, Nikhil P
Re: Review Request 71614: RANGER-2617 : Provide descriptive error message when role delete not allowed
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71614/ --- (Updated Oct. 15, 2019, 7:16 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2617 https://issues.apache.org/jira/browse/RANGER-2617 Repository: ranger Description --- Scenario: Create a role r1 Create a ranger policy for role r1 Try to delete role Role delete is not allowed as a policy exists with the specified role. Response: XXRole can't be deleted Expected: Descriptive message with details on why the operation is not allowed Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java dfc5be89d Diff: https://reviews.apache.org/r/71614/diff/2/ Changes: https://reviews.apache.org/r/71614/diff/1-2/ Testing --- Tested on local VM if descriptive response is given If role delete is not allowed. Thanks, Nikhil P
Review Request 71615: RANGER-2618 : Restrict rolename change when a policy with that role exist
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71615/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2618 https://issues.apache.org/jira/browse/RANGER-2618 Repository: ranger Description --- When we try to delete a role associated with a ranger policy, the operation is not allowed. Likewise, role edit for rolename change also should be restricted. Reason: Rolename edit is allowed and the ranger policy still exists with old rolename reference. Policy enforcement happens as per old policy. Rolename change is not taken into consideration during policy download. Diffs - security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a7209 Diff: https://reviews.apache.org/r/71615/diff/1/ Testing --- Tested on local vm whether rolename update is restricted if it exists in any policy. Thanks, Nikhil P
Review Request 71614: RANGER-2617 : Provide descriptive error message when role delete not allowed
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71614/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2617 https://issues.apache.org/jira/browse/RANGER-2617 Repository: ranger Description --- Scenario: Create a role r1 Create a ranger policy for role r1 Try to delete role Role delete is not allowed as a policy exists with the specified role. Response: XXRole can't be deleted Expected: Descriptive message with details on why the operation is not allowed Diffs - security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a7209 Diff: https://reviews.apache.org/r/71614/diff/1/ Testing --- Tested on local VM if descriptive response is given If role delete is not allowed. Thanks, Nikhil P
Re: Review Request 71607: RANGER-2615:Unable to create ranger role
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71607/#review218179 --- Ship it! Ship It! - Nikhil P On Oct. 10, 2019, 2:58 p.m., Ramesh Mani wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71607/ > --- > > (Updated Oct. 10, 2019, 2:58 p.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2615 > https://issues.apache.org/jira/browse/RANGER-2615 > > > Repository: ranger > > > Description > --- > > RANGER-2615:Unable to create ranger role > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java > 4f7e9d5 > > > Diff: https://reviews.apache.org/r/71607/diff/2/ > > > Testing > --- > > - NPE during role creation was fixed in the patch > > > Thanks, > > Ramesh Mani > >
Re: Review Request 71607: RANGER-2615:Unable to create ranger role
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71607/#review218176 --- considering moving creation of new Globalstate inside createGlobalStateForRoleVersion method. security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java Line 77 (original), 78 (patched) <https://reviews.apache.org/r/71607/#comment305736> can we add this creation of new XXGlobalState in this createGlobalStateForRoleVersion method itself in order to avoid future NPE's , so that caller method will not have to make sure that globalState is not null. - Nikhil P On Oct. 10, 2019, 2:32 p.m., Ramesh Mani wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71607/ > --- > > (Updated Oct. 10, 2019, 2:32 p.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2615 > https://issues.apache.org/jira/browse/RANGER-2615 > > > Repository: ranger > > > Description > --- > > RANGER-2615:Unable to create ranger role > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java > 4f7e9d5 > > > Diff: https://reviews.apache.org/r/71607/diff/1/ > > > Testing > --- > > - NPE during role creation was fixed in the patch > > > Thanks, > > Ramesh Mani > >
Re: Review Request 71554: RANGER-2595: Improve policy delete performance using batch delete
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71554/#review218172 --- Ship it! Ship It! - Nikhil P On Sept. 29, 2019, 11:43 a.m., Andrew Luo wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71554/ > --- > > (Updated Sept. 29, 2019, 11:43 a.m.) > > > Review request for ranger. > > > Bugs: RANGER-2595 > https://issues.apache.org/jira/browse/RANGER-2595 > > > Repository: ranger > > > Description > --- > > Policy deletion is slow for policies that have a large number of users or > resources. This patch uses batch SQL deletion to speed up deletion. > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java > 055cd382b > > security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefAccessTypeDao.java > 1ef01bb28 > > security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefConditionDao.java > 2c04ab483 > > security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefDataMaskTypeDao.java > 258e3b0ba > security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefGroupDao.java > 08829d4f7 > > security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefResourceDao.java > e259ee864 > security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefRoleDao.java > b92f8066f > security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefUserDao.java > f7b6131c6 > security-admin/src/main/resources/META-INF/jpa_named_queries.xml 9714fa91b > > > Diff: https://reviews.apache.org/r/71554/diff/1/ > > > Testing > --- > > Tested manually, ran build/tests > > > Thanks, > > Andrew Luo > >
Review Request 71577: RANGER-2602 : Import is failing with "Can not construct instance of java.util.Date from String" error
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71577/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2602 https://issues.apache.org/jira/browse/RANGER-2602 Repository: ranger Description --- Steps to reproduce 1.Create a service 'Hdfsservice1' 2.Create a new policy 'Hdfspolicy1' 3.Export the policies of 'Hdfsservice1' 4.Import the same policies in 'Hdfsservice1' 5.it fails with above error. Diffs - security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f537 Diff: https://reviews.apache.org/r/71577/diff/1/ Testing --- 1.Export of unzone and zone policies. 2.Import of unzone and zone policies. 3.Checked we are getting admin audit logs for the same. 4.Checked create time and update time in policy listing page and admin audit page. Thanks, Nikhil P
Re: Review Request 71563: RANGER-2597 :Allow auditor role user to get details of services and policies from public API
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71563/#review218050 --- Ship it! Ship It! - Nikhil P On Oct. 1, 2019, 5:46 p.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71563/ > --- > > (Updated Oct. 1, 2019, 5:46 p.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Selvamohan > Neethiraj. > > > Bugs: RANGER-2597 > https://issues.apache.org/jira/browse/RANGER-2597 > > > Repository: ranger > > > Description > --- > > Allow auditor role user to get details of services and policies from public > API > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java > 673902d > > > Diff: https://reviews.apache.org/r/71563/diff/1/ > > > Testing > --- > > Auditor role user's are allowed to get details of services and policies from > public API and forbidden from creating, updating and deleting the policies. > > > Thanks, > > Fatima Khan > >
Review Request 71505: Ranger is failing to start in kerberize mode with java-11
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71505/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2576 https://issues.apache.org/jira/browse/RANGER-2576 Repository: ranger Description --- Ranger is failing to start in kerberize mode with java-11 Diffs - agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java 05d23fd05 storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java 363a6561c Diff: https://reviews.apache.org/r/71505/diff/1/ Testing --- Tested on local vm. Thanks, Nikhil P
Re: Review Request 71446: RANGER-2561 : add functionality in ranger to get default policy groups list from service config while creation of service and add that group to policies in that service
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71446/ --- (Updated Sept. 9, 2019, 12:47 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2561 https://issues.apache.org/jira/browse/RANGER-2561 Repository: ranger Description --- add functionality in ranger to get default policy groups list from service config while creation of service and add that group to policies in that service Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java 8d4e16fc4 Diff: https://reviews.apache.org/r/71446/diff/2/ Changes: https://reviews.apache.org/r/71446/diff/1-2/ Testing --- Tested on local vm. Thanks, Nikhil P
Review Request 71446: RANGER-2561 : add functionality in ranger to get default policy groups list from service config while creation of service and add that group to policies in that service
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71446/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2561 https://issues.apache.org/jira/browse/RANGER-2561 Repository: ranger Description --- add functionality in ranger to get default policy groups list from service config while creation of service and add that group to policies in that service Diffs - agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java 8d4e16fc4 Diff: https://reviews.apache.org/r/71446/diff/1/ Testing --- Tested on local vm. Thanks, Nikhil P
Re: Review Request 71217: RANGER-2535 : Good coding practices for storing and retrieving data history in ranger
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71217/ --- (Updated Aug. 21, 2019, 12:40 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2535 https://issues.apache.org/jira/browse/RANGER-2535 Repository: ranger Description --- Good coding practices for storing and retrieving data history in ranger Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java 2af5845e2 security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 113e727c4 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java e7b317265 security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java 7bd0681b1 security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelHelper.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelsService.java 1a1b56e4c security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 2be371892 Diff: https://reviews.apache.org/r/71217/diff/3/ Changes: https://reviews.apache.org/r/71217/diff/2-3/ Testing --- 1.Tested If data is getting stored and retrieved properly in data history table i.e. x_data_hist. Thanks, Nikhil P
Re: Review Request 71217: RANGER-2535 : Good coding practices for storing and retrieving data history in ranger
> On Aug. 16, 2019, 9:50 p.m., Pradeep Agrawal wrote: > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > > Line 2054 (original), 2058 (patched) > > <https://reviews.apache.org/r/71217/diff/1/?file=2160907#file2160907line2058> > > > > There is already a deletePolicy(RangerPolicy policy, RangerService > > service) method there. Possibly you can use that by passing the service > > object value as null. > > Nikhil P wrote: > we are not adding a new method but changing existing method in order to > avoid extra DB call for get policy, so I feel its better to get rid of the > method with Id param which gives additional DB call to get policy which is > already present with the caller method of it.Also there would be no backward > compatability issue as this is not the REST layer method. > > Pradeep Agrawal wrote: > Won't a call to deletePolicy(RangerPolicy policy, RangerService service) > method will serve the purpose here ? if yes, then either you can keep this > method as is "deletePolicy(Long policyId)" or remove the implementation of > this method completly(to avoid pmd issues). > > Nikhil P wrote: > This delete method with policy & service parameter is used generally for > bulk delete,i.e policy loop at the caller method,so this method does not > throw an error if one of the policy is null while deleting. it seems to > ignore that policy and proceed to next, hence this method wont throw > exception to the user. > whereas the current method with only policy parameter gets used for > single policy delete and it seems to check and throw an exception if that > policy is null, as this method has the REST level caller which deletes single > policy in one REST call. > > do we plan to keep single policy delete method in ServiceDBStore for both > buld and single policy delete, If yes then we might need to think about > throwing an exception if policy does not exists/null.But I suppose we dont > throw an exception in case of bulk delete. > > Pradeep Agrawal wrote: > In case of bulk delete also error should be thrown. Its not being checked > in the deletePolicy(RangerPolicy policy, RangerService service) method as > bulk delete call always send valid RangerPolicy object. You can add the throw > statement in deletePolicy(RangerPolicy policy, RangerService service) as well. > > Yes, there should be single method. Bulk delete call does not necessarily always send valid RangerPolicy object.for instance: call from deleteExactMatchPolicyForResource() method where RangerPolicy object could be null as well. Throwing an exception in such case would break the flow and execution will stop there.while we need all valid policies provided to be deleted, those wont be deleted if we throw an error(for single invalid policy) from bulk delete API. - Nikhil --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71217/#review217241 --- On Aug. 19, 2019, 3:21 p.m., Nikhil P wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71217/ > --- > > (Updated Aug. 19, 2019, 3:21 p.m.) > > > Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, > Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-2535 > https://issues.apache.org/jira/browse/RANGER-2535 > > > Repository: ranger > > > Description > --- > > Good coding practices for storing and retrieving data history in ranger > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java > 2af5845e2 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 113e727c4 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > e7b317265 > > security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java > 7bd0681b1 > > security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelHelper.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelsService.java > 1a1b56e4c > security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java > 2be371892 > > > Diff: https://reviews.apache.org/r/71217/diff/2/ > > > Testing > --- > > 1.Tested If data is getting stored and retrieved properly in data history > table i.e. x_data_hist. > > > Thanks, > > Nikhil P > >
Re: Review Request 71217: RANGER-2535 : Good coding practices for storing and retrieving data history in ranger
> On Aug. 16, 2019, 9:50 p.m., Pradeep Agrawal wrote: > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > > Line 2054 (original), 2058 (patched) > > <https://reviews.apache.org/r/71217/diff/1/?file=2160907#file2160907line2058> > > > > There is already a deletePolicy(RangerPolicy policy, RangerService > > service) method there. Possibly you can use that by passing the service > > object value as null. > > Nikhil P wrote: > we are not adding a new method but changing existing method in order to > avoid extra DB call for get policy, so I feel its better to get rid of the > method with Id param which gives additional DB call to get policy which is > already present with the caller method of it.Also there would be no backward > compatability issue as this is not the REST layer method. > > Pradeep Agrawal wrote: > Won't a call to deletePolicy(RangerPolicy policy, RangerService service) > method will serve the purpose here ? if yes, then either you can keep this > method as is "deletePolicy(Long policyId)" or remove the implementation of > this method completly(to avoid pmd issues). This delete method with policy & service parameter is used generally for bulk delete,i.e policy loop at the caller method,so this method does not throw an error if one of the policy is null while deleting. it seems to ignore that policy and proceed to next, hence this method wont throw exception to the user. whereas the current method with only policy parameter gets used for single policy delete and it seems to check and throw an exception if that policy is null, as this method has the REST level caller which deletes single policy in one REST call. do we plan to keep single policy delete method in ServiceDBStore for both buld and single policy delete, If yes then we might need to think about throwing an exception if policy does not exists/null.But I suppose we dont throw an exception in case of bulk delete. - Nikhil --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71217/#review217241 --- On Aug. 19, 2019, 3:21 p.m., Nikhil P wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71217/ > --- > > (Updated Aug. 19, 2019, 3:21 p.m.) > > > Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, > Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-2535 > https://issues.apache.org/jira/browse/RANGER-2535 > > > Repository: ranger > > > Description > --- > > Good coding practices for storing and retrieving data history in ranger > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java > 2af5845e2 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 113e727c4 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > e7b317265 > > security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java > 7bd0681b1 > > security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelHelper.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelsService.java > 1a1b56e4c > security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java > 2be371892 > > > Diff: https://reviews.apache.org/r/71217/diff/2/ > > > Testing > --- > > 1.Tested If data is getting stored and retrieved properly in data history > table i.e. x_data_hist. > > > Thanks, > > Nikhil P > >
Re: Review Request 71217: RANGER-2535 : Good coding practices for storing and retrieving data history in ranger
> On Aug. 16, 2019, 9:50 p.m., Pradeep Agrawal wrote: > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > > Line 2054 (original), 2058 (patched) > > <https://reviews.apache.org/r/71217/diff/1/?file=2160907#file2160907line2058> > > > > There is already a deletePolicy(RangerPolicy policy, RangerService > > service) method there. Possibly you can use that by passing the service > > object value as null. we are not adding a new method but changing existing method in order to avoid extra DB call for get policy, so I feel its better to get rid of the method with Id param which gives additional DB call to get policy which is already present with the caller method of it.Also there would be no backward compatability issue as this is not the REST layer method. - Nikhil --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71217/#review217241 ------- On Aug. 19, 2019, 3:21 p.m., Nikhil P wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71217/ > --- > > (Updated Aug. 19, 2019, 3:21 p.m.) > > > Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, > Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-2535 > https://issues.apache.org/jira/browse/RANGER-2535 > > > Repository: ranger > > > Description > --- > > Good coding practices for storing and retrieving data history in ranger > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java > 2af5845e2 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 113e727c4 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > e7b317265 > > security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java > 7bd0681b1 > > security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelHelper.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelsService.java > 1a1b56e4c > security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java > 2be371892 > > > Diff: https://reviews.apache.org/r/71217/diff/2/ > > > Testing > --- > > 1.Tested If data is getting stored and retrieved properly in data history > table i.e. x_data_hist. > > > Thanks, > > Nikhil P > >
Re: Review Request 71217: RANGER-2535 : Good coding practices for storing and retrieving data history in ranger
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71217/ --- (Updated Aug. 19, 2019, 3:21 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2535 https://issues.apache.org/jira/browse/RANGER-2535 Repository: ranger Description --- Good coding practices for storing and retrieving data history in ranger Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java 2af5845e2 security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 113e727c4 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java e7b317265 security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java 7bd0681b1 security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelHelper.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelsService.java 1a1b56e4c security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 2be371892 Diff: https://reviews.apache.org/r/71217/diff/2/ Changes: https://reviews.apache.org/r/71217/diff/1-2/ Testing --- 1.Tested If data is getting stored and retrieved properly in data history table i.e. x_data_hist. Thanks, Nikhil P
Review Request 71217: RANGER-2535 : Good coding practices for storing and retrieving data history in ranger
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71217/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2535 https://issues.apache.org/jira/browse/RANGER-2535 Repository: ranger Description --- Good coding practices for storing and retrieving data history in ranger Diffs - agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java 2af5845e2 security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 113e727c4 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java af74daf26 security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java 7bd0681b1 security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelHelper.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelsService.java 1a1b56e4c security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 2be371892 Diff: https://reviews.apache.org/r/71217/diff/1/ Testing --- 1.Tested If data is getting stored and retrieved properly in data history table i.e. x_data_hist. Thanks, Nikhil P
Review Request 71216: Ranger Admin debug config improvement
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71216/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2523 https://issues.apache.org/jira/browse/RANGER-2523 Repository: ranger Description --- Ranger Admin debug config improvement Diffs - embeddedwebserver/scripts/ranger-admin-services.sh 8f148a773 security-admin/src/main/webapp/WEB-INF/web.xml 806a066ae Diff: https://reviews.apache.org/r/71216/diff/1/ Testing --- 1.Validated If specified log4j file configuration in ranger-admin-services.sh is getting used for logging. Thanks, Nikhil P
Review Request 71169: RANGER-2406 : rangerusersync open too many session for ldap sync
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71169/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2406 https://issues.apache.org/jira/browse/RANGER-2406 Repository: ranger Description --- rangerusersync open too many session for ldap sync Diffs - ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 2c0e9ad31 Diff: https://reviews.apache.org/r/71169/diff/1/ Testing --- 1.Tested If LDAP usersync is reusing session for usersync when 'ranger.usersync.cookie.enabled' this property in ranger-ugsync-default is true(default:true). 2.Validated if Ranger Login sessions are not overloaded with usersync sessions. Thanks, Nikhil P
Re: Review Request 71155: RANGER-2516 Update Ranger default policies to provide entity-read access to public group
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71155/ --- (Updated July 26, 2019, 1:31 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Nixon Rodrigues, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2516 https://issues.apache.org/jira/browse/RANGER-2516 Repository: ranger Description --- Update Ranger default policies to provide entity-read access to public group Diffs (updated) - plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java 459e791c3 Diff: https://reviews.apache.org/r/71155/diff/3/ Changes: https://reviews.apache.org/r/71155/diff/2-3/ Testing --- Tested on local if additional policy is getting created for required resources. Thanks, Nikhil P
Re: Review Request 71155: RANGER-2516 Update Ranger default policies to provide entity-read access to public group
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71155/ --- (Updated July 25, 2019, 6:08 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Summary (updated) - RANGER-2516 Update Ranger default policies to provide entity-read access to public group Bugs: RANGER-2516 https://issues.apache.org/jira/browse/RANGER-2516 Repository: ranger Description --- Update Ranger default policies to provide entity-read access to public group Diffs (updated) - plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java 459e791c3 Diff: https://reviews.apache.org/r/71155/diff/2/ Changes: https://reviews.apache.org/r/71155/diff/1-2/ Testing --- Tested on local if additional policy is getting created for required resources. Thanks, Nikhil P
Review Request 71162: RANGER-2508 : Good coding practices for concurrent policy label creation
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71162/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2508 https://issues.apache.org/jira/browse/RANGER-2508 Repository: ranger Description --- Good coding practices for concurrent policy label creation Diffs - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 77c91ab9d security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelsService.java 788d671e7 Diff: https://reviews.apache.org/r/71162/diff/1/ Testing --- 1.Tested with multiple requests simultaneously through curl with the same labels in it. 2.Validated if labels are created properly. Thanks, Nikhil P
Re: Review Request 70821: Improvement in setting cluster Name in RangerAccessRequest
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70821/ --- (Updated June 19, 2019, 6:51 p.m.) Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. Changes --- Required changes found during internal testing Bugs: RANGER-2466 https://issues.apache.org/jira/browse/RANGER-2466 Repository: ranger Description --- handling Clustername setting part during Policy engine instantiation. instead of requiring each plugin implementation to do clusterName setting , it is handled by passing RangerPluginContext (a new class) to policyEngine during instantiation. This patch contains change for clusterName setting part, new policy condition i.e clusterType change will be handled in https://issues.apache.org/jira/browse/RANGER-2467 Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java fd4122269 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPluginContext.java PRE-CREATION agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java 4a41e6292 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java e0043ff8f agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java e854e052f agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java ddf181c16 agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java 1abd209d3 agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyDb.java 85ea679be agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java c3b31bbd0 hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java d51f0fb83 hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java 449d77d7f hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java 6efe2e3ff hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java f204c15c0 hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java df379c306 hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 625b7bb0e knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java 814aedd20 knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java e75f314d5 plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java b52a22ed2 plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java a6b024ff0 plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java 8a661d8f2 plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 07921a99a plugin-kylin/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java a745b87ff plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java 6c0201d3e plugin-sqoop/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java 17a7a6314 plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java 54f230c3c ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestEngine.java 590c1e7db ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java 7a39396d5 storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java 88ea05e9d storm-agent/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java 0fe658e24 Diff: https://reviews.apache.org/r/70821/diff/5/ Changes: https://reviews.apache.org/r/70821/diff/4-5/ Testing --- 1.Tested for hive plugin, whether clusterName is getting set properly in RangerAccessRequest. Thanks, Nikhil P
Re: Review Request 70781: RANGER-2458 : Cluster property name changes in Ranger Plugin code
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70781/#review215868 --- Ship it! Ship It! - Nikhil P On June 12, 2019, 5:30 p.m., bhavik patel wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70781/ > --- > > (Updated June 12, 2019, 5:30 p.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Oliver Szabo, Pradeep Agrawal, Ramesh Mani, > Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2458 > https://issues.apache.org/jira/browse/RANGER-2458 > > > Repository: ranger > > > Description > --- > > – The property name should be renamed to something like: > ranger.plugin.hive.access.cluster.name. i.e. replace ‘ambari’ with ‘access’. > > – Also "ambari.service.check.user" config used during service creation needs > to remove "ambari" from it. > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > 81bbdbd > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > cff768f > > knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java > e6ba110 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 2933392 > > > Diff: https://reviews.apache.org/r/70781/diff/3/ > > > Testing > --- > > Verified cluster name value specified in concern property on audit section. > > > Thanks, > > bhavik patel > >
Review Request 70776: RANGER-2454 : Remove the trailing slash in Ranger URL in RangerAdminJersey2RESTClient
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70776/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2454 https://issues.apache.org/jira/browse/RANGER-2454 Repository: ranger Description --- Remove the trailing slash in Ranger URL in RangerAdminJersey2RESTClient Diffs - knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java b04de1d06 Diff: https://reviews.apache.org/r/70776/diff/1/ Testing --- 1.Tested If Slash is getting removed in Ranger URL. Thanks, Nikhil P
Review Request 70729: RANGER-2449 : if service part of zone is not present then null pointer exception is thrown
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70729/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2449 https://issues.apache.org/jira/browse/RANGER-2449 Repository: ranger Description --- if service part of zone is not present then null pointer exception is thrown Diffs - security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java ce3ffc853 Diff: https://reviews.apache.org/r/70729/diff/1/ Testing --- 1.Verified If proper error response is thrown if Service is not present in ranger. Thanks, Nikhil P
Review Request 70703: RANGER-2445 : Import of Tagservice for zone
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70703/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2445 https://issues.apache.org/jira/browse/RANGER-2445 Repository: ranger Description --- Import of tagservice is not working for zone Diffs - security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java 8006272 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 0e7cd8f security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4647b1 security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js 94362bf security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 19f162b Diff: https://reviews.apache.org/r/70703/diff/1/ Testing --- Tested If tag based policies are getting exported and imported properly in the provided zone. Tested unzoned and zoned policies are getting imported correctly based to mapping provided. Thanks, Nikhil P
Re: Review Request 70658: RANGER-2436 - Custom condition: Access from cluster
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70658/ --- (Updated May 21, 2019, 6:57 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2436 https://issues.apache.org/jira/browse/RANGER-2436 Repository: ranger Description --- Include a custom-condition that checks if the current cluster-name matches one of the condition values. This will enable setting up different authorization policies depending on the cluster from which access was performed. Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAccessedFromClusterCondition.java PRE-CREATION agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAccessedNotFromClusterCondition.java PRE-CREATION Diff: https://reviews.apache.org/r/70658/diff/3/ Changes: https://reviews.apache.org/r/70658/diff/2-3/ Testing --- 1.Tested If cluster name condition is provided in policy/policyItem condition then access is granted if that cluster name is given in policy condition while setting up the policy. 2.If condition is specified with some cluster names and the cluster from which access request is coming is not present in condition then access is denied. 3.Tested for hive plugin Thanks, Nikhil P
Re: Review Request 70658: RANGER-2436 - Custom condition: Access from cluster
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70658/ --- (Updated May 17, 2019, 6:51 p.m.) Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. Summary (updated) - RANGER-2436 - Custom condition: Access from cluster Bugs: RANGER-2436 https://issues.apache.org/jira/browse/RANGER-2436 Repository: ranger Description --- Include a custom-condition that checks if the current cluster-name matches one of the condition values. This will enable setting up different authorization policies depending on the cluster from which access was performed. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerClusterMatcher.java PRE-CREATION agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java 5b66539 agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java 0c078a8 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java 45231e7 agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json 370ff56 security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java a54d69e Diff: https://reviews.apache.org/r/70658/diff/2/ Testing --- 1.Tested If cluster name condition is provided in policy/policyItem condition then access is granted if that cluster name is given in policy condition while setting up the policy. 2.If condition is specified with some cluster names and the cluster from which access request is coming is not present in condition then access is denied. 3.Tested for hive plugin Thanks, Nikhil P
Re: Review Request 70565: RANGER-2411 : Restrict Admin role user to create Zone for KMS service
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70565/ --- (Updated May 6, 2019, 11:20 a.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2411 https://issues.apache.org/jira/browse/RANGER-2411 Repository: ranger Description --- Restrict Admin role user to create Zone for KMS service Diffs (updated) - security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 4f6fa89 security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java edb3102 Diff: https://reviews.apache.org/r/70565/diff/3/ Changes: https://reviews.apache.org/r/70565/diff/2-3/ Testing --- Tested if Admin user is not able to create zone for KMS service. Thanks, Nikhil P
Re: Review Request 70565: RANGER-2411 : Restrict Admin role user to create Zone for KMS service
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70565/ --- (Updated May 3, 2019, 2:24 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2411 https://issues.apache.org/jira/browse/RANGER-2411 Repository: ranger Description --- Restrict Admin role user to create Zone for KMS service Diffs (updated) - security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 4f6fa89 security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java edb3102 Diff: https://reviews.apache.org/r/70565/diff/2/ Changes: https://reviews.apache.org/r/70565/diff/1-2/ Testing --- Tested if Admin user is not able to create zone for KMS service. Thanks, Nikhil P
Review Request 70565: RANGER-2411 : Restrict Admin role user to create Zone for KMS service
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70565/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2411 https://issues.apache.org/jira/browse/RANGER-2411 Repository: ranger Description --- Restrict Admin role user to create Zone for KMS service Diffs - security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 6ce5365 security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java edb3102 Diff: https://reviews.apache.org/r/70565/diff/1/ Testing --- Tested if Admin user is not able to create zone for KMS service. Thanks, Nikhil P
Re: Review Request 70493: RANGER-2351 : Implement Import / Export of Policies by Zone
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70493/ --- (Updated April 25, 2019, 5:55 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2351 https://issues.apache.org/jira/browse/RANGER-2351 Repository: ranger Description --- Implement Import / Export of Policies by Zone. Similar to, how we have Import Export by Service,Import/export by zone feature is required. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 1bd8dc0 security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 17be098 security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 6cb85f9 security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java d568d81 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 6ddb359 security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java acba730 security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java 771feec security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java 8dfbf41 security-admin/src/main/resources/META-INF/jpa_named_queries.xml 97cc58b security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 19bb04b security-admin/src/main/webapp/scripts/utils/XAGlobals.js 8036d2f security-admin/src/main/webapp/scripts/views/DownloadServicePolicy.js 2b5cfdd security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js 68022e9 security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js fd3bb4e security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 7589bfa security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js 3df0ec4 security-admin/src/main/webapp/templates/common/uploadservicepolicy_tmpl.html 150a885 security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 8f39607 Diff: https://reviews.apache.org/r/70493/diff/4/ Changes: https://reviews.apache.org/r/70493/diff/3-4/ Testing --- 1.tested If policies export after selecting a zone on "Access based policy" page, exports only policies in that zone. 2.Validated If no zone is selected on "Access based policy" page, exports only policies which are not present in any zone. 3.validated If policy import works properly and policies gets imported to destination zone , provided correct mapping is given and zones are already mapped to the services at destination. File Attachments RANGER-2351-Implement-Import-Export-of-Policies-by-Z.patch https://reviews.apache.org/media/uploaded/files/2019/04/18/beb14579-4600-4950-af31-2a758b5dfca5__RANGER-2351-Implement-Import-Export-of-Policies-by-Z.patch Thanks, Nikhil P
Re: Review Request 70493: RANGER-2351 : Implement Import / Export of Policies by Zone
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70493/ --- (Updated April 22, 2019, 4:29 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- policy renaming logic during policy import is removed due to policy name now needs to be unique within zone and service(RANGER-2400). Bugs: RANGER-2351 https://issues.apache.org/jira/browse/RANGER-2351 Repository: ranger Description --- Implement Import / Export of Policies by Zone. Similar to, how we have Import Export by Service,Import/export by zone feature is required. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 17be098 security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 6cb85f9 security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java d568d81 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 6ddb359 security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java acba730 security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java 771feec security-admin/src/main/resources/META-INF/jpa_named_queries.xml 97cc58b security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 19bb04b security-admin/src/main/webapp/scripts/utils/XAGlobals.js 8036d2f security-admin/src/main/webapp/scripts/views/DownloadServicePolicy.js 2b5cfdd security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js 68022e9 security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js fd3bb4e security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 7589bfa security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js 3df0ec4 security-admin/src/main/webapp/templates/common/uploadservicepolicy_tmpl.html 150a885 security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 8f39607 Diff: https://reviews.apache.org/r/70493/diff/3/ Changes: https://reviews.apache.org/r/70493/diff/2-3/ Testing --- 1.tested If policies export after selecting a zone on "Access based policy" page, exports only policies in that zone. 2.Validated If no zone is selected on "Access based policy" page, exports only policies which are not present in any zone. 3.validated If policy import works properly and policies gets imported to destination zone , provided correct mapping is given and zones are already mapped to the services at destination. File Attachments RANGER-2351-Implement-Import-Export-of-Policies-by-Z.patch https://reviews.apache.org/media/uploaded/files/2019/04/18/beb14579-4600-4950-af31-2a758b5dfca5__RANGER-2351-Implement-Import-Export-of-Policies-by-Z.patch Thanks, Nikhil P
Re: Review Request 70493: RANGER-2351 : Implement Import / Export of Policies by Zone
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70493/ --- (Updated April 18, 2019, 4:08 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- patch updated based on recent commits, no functionality change updates. Bugs: RANGER-2351 https://issues.apache.org/jira/browse/RANGER-2351 Repository: ranger Description --- Implement Import / Export of Policies by Zone. Similar to, how we have Import Export by Service,Import/export by zone feature is required. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 17be098 security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 6cb85f9 security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java d568d81 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 6ddb359 security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java acba730 security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java 771feec security-admin/src/main/resources/META-INF/jpa_named_queries.xml 97cc58b security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 19bb04b security-admin/src/main/webapp/scripts/utils/XAGlobals.js 8036d2f security-admin/src/main/webapp/scripts/views/DownloadServicePolicy.js 2b5cfdd security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js 68022e9 security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js fd3bb4e security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 7589bfa security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js 3df0ec4 security-admin/src/main/webapp/templates/common/uploadservicepolicy_tmpl.html 150a885 security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 8f39607 Diff: https://reviews.apache.org/r/70493/diff/2/ Changes: https://reviews.apache.org/r/70493/diff/1-2/ Testing --- 1.tested If policies export after selecting a zone on "Access based policy" page, exports only policies in that zone. 2.Validated If no zone is selected on "Access based policy" page, exports only policies which are not present in any zone. 3.validated If policy import works properly and policies gets imported to destination zone , provided correct mapping is given and zones are already mapped to the services at destination. File Attachments (updated) RANGER-2351-Implement-Import-Export-of-Policies-by-Z.patch https://reviews.apache.org/media/uploaded/files/2019/04/18/beb14579-4600-4950-af31-2a758b5dfca5__RANGER-2351-Implement-Import-Export-of-Policies-by-Z.patch Thanks, Nikhil P
Review Request 70501: RANGER-2403 : proper error should be thrown when service part of zone being deleted
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70501/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2403 https://issues.apache.org/jira/browse/RANGER-2403 Repository: ranger Description --- currently when service part of zone being deleted ERROR XXService can't be deleted is thrown, we can handle it eg: Service is associated with and can not be deleted. Diffs - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 17be098 security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 4d46d0e Diff: https://reviews.apache.org/r/70501/diff/1/ Testing --- 1.Validated If proper response comes If user tries to delete service which is present in any zone. Thanks, Nikhil P
Review Request 70493: RANGER-2351 : Implement Import / Export of Policies by Zone
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70493/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2351 https://issues.apache.org/jira/browse/RANGER-2351 Repository: ranger Description --- Implement Import / Export of Policies by Zone. Similar to, how we have Import Export by Service,Import/export by zone feature is required. Diffs - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 1d341c5 security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 2a870ef security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java d568d81 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 6ddb359 security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java acba730 security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java 771feec security-admin/src/main/resources/META-INF/jpa_named_queries.xml 7e702c1 security-admin/src/main/webapp/scripts/modules/globalize/message/en.js d4d87d7 security-admin/src/main/webapp/scripts/utils/XAGlobals.js 8036d2f security-admin/src/main/webapp/scripts/views/DownloadServicePolicy.js 2b5cfdd security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js 68022e9 security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js d3eb026 security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js daf6924 security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js 3df0ec4 security-admin/src/main/webapp/templates/common/uploadservicepolicy_tmpl.html 150a885 security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 8f39607 Diff: https://reviews.apache.org/r/70493/diff/1/ Testing --- 1.tested If policies export after selecting a zone on "Access based policy" page, exports only policies in that zone. 2.Validated If no zone is selected on "Access based policy" page, exports only policies which are not present in any zone. 3.validated If policy import works properly and policies gets imported to destination zone , provided correct mapping is given and zones are already mapped to the services at destination. Thanks, Nikhil P
Re: Review Request 70340: RANGER-2382 : Improvement to Access Audit page-Add ‘agentHostname’ column to audit log table, which records IP-address/hostname of the plugin
> On April 3, 2019, 6 a.m., Ramesh Mani wrote: > > agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java > > Lines 286 (patched) > > <https://reviews.apache.org/r/70340/diff/2/?file=2136806#file2136806line286> > > > > > > is already solr schema, could you please review this and use it in the > > UI for filtering? using existing field 'agentHost' in latest uploaded patch - Nikhil --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70340/#review214298 ------- On April 12, 2019, 7:41 p.m., Nikhil P wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70340/ > --- > > (Updated April 12, 2019, 7:41 p.m.) > > > Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, > Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-2382 > https://issues.apache.org/jira/browse/RANGER-2382 > > > Repository: ranger > > > Description > --- > > In Audit Page > > Access tab: > Add ‘agentHostname’ column to audit log table, which records > IP-address/hostname of the plugin. Having this field in audit UI can avoid > having to scan all the hosts. > > > Diffs > - > > LICENSE.txt 7aa4bf4 > > agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java > 80a6d9e > > agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java > ee95800 > agents-common/pom.xml 4486af3 > > agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java > 4421442 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java > 65f5c01 > pom.xml 2a45f8b > security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java ce577e0 > > security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java > 6687b19 > > security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java > cf2a3b4 > security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java > 7b63a63 > security-admin/src/main/webapp/scripts/modules/globalize/message/en.js > d4d87d7 > security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js daf6924 > security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java > ef149d5 > src/main/assembly/admin-web.xml 06ba8c4 > src/main/assembly/hbase-agent.xml fa79283 > src/main/assembly/hdfs-agent.xml add00e6 > src/main/assembly/hive-agent.xml 4f80a95 > src/main/assembly/kms.xml 17d6786 > src/main/assembly/knox-agent.xml 9e30c4f > src/main/assembly/plugin-atlas.xml 73b624b > src/main/assembly/plugin-elasticsearch.xml 41f73a3 > src/main/assembly/plugin-kafka.xml ca50e6b > src/main/assembly/plugin-kms.xml f3473b3 > src/main/assembly/plugin-kylin.xml 87a8154 > src/main/assembly/plugin-solr.xml 16a0696 > src/main/assembly/plugin-sqoop.xml 7ce714b > src/main/assembly/plugin-yarn.xml 04d252e > src/main/assembly/ranger-tools.xml 03d58bf > src/main/assembly/storm-agent.xml 0e1e946 > src/main/assembly/tagsync.xml 985b99a > src/main/assembly/usersync.xml 9e6a882 > > > Diff: https://reviews.apache.org/r/70340/diff/4/ > > > Testing > --- > > 1)verified if ‘agentHostname’ is getting added in solr and also getting > displayed on Ranger UI -access audit page. > 2)verified agentHostName shows destination of agents. > > > Thanks, > > Nikhil P > >
Re: Review Request 70340: RANGER-2382 : Improvement to Access Audit page-Add ‘agentHostname’ column to audit log table, which records IP-address/hostname of the plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70340/ --- (Updated April 12, 2019, 7:41 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- using existing field 'agentHost' instead of creating new field.added dependencies required in codebase.fixed test cases. Bugs: RANGER-2382 https://issues.apache.org/jira/browse/RANGER-2382 Repository: ranger Description --- In Audit Page Access tab: Add ‘agentHostname’ column to audit log table, which records IP-address/hostname of the plugin. Having this field in audit UI can avoid having to scan all the hosts. Diffs (updated) - LICENSE.txt 7aa4bf4 agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java 80a6d9e agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java ee95800 agents-common/pom.xml 4486af3 agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java 4421442 agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java 65f5c01 pom.xml 2a45f8b security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java ce577e0 security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java 6687b19 security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java cf2a3b4 security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java 7b63a63 security-admin/src/main/webapp/scripts/modules/globalize/message/en.js d4d87d7 security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js daf6924 security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java ef149d5 src/main/assembly/admin-web.xml 06ba8c4 src/main/assembly/hbase-agent.xml fa79283 src/main/assembly/hdfs-agent.xml add00e6 src/main/assembly/hive-agent.xml 4f80a95 src/main/assembly/kms.xml 17d6786 src/main/assembly/knox-agent.xml 9e30c4f src/main/assembly/plugin-atlas.xml 73b624b src/main/assembly/plugin-elasticsearch.xml 41f73a3 src/main/assembly/plugin-kafka.xml ca50e6b src/main/assembly/plugin-kms.xml f3473b3 src/main/assembly/plugin-kylin.xml 87a8154 src/main/assembly/plugin-solr.xml 16a0696 src/main/assembly/plugin-sqoop.xml 7ce714b src/main/assembly/plugin-yarn.xml 04d252e src/main/assembly/ranger-tools.xml 03d58bf src/main/assembly/storm-agent.xml 0e1e946 src/main/assembly/tagsync.xml 985b99a src/main/assembly/usersync.xml 9e6a882 Diff: https://reviews.apache.org/r/70340/diff/4/ Changes: https://reviews.apache.org/r/70340/diff/3-4/ Testing --- 1)verified if ‘agentHostname’ is getting added in solr and also getting displayed on Ranger UI -access audit page. 2)verified agentHostName shows destination of agents. Thanks, Nikhil P
Review Request 70455: RANGER-2383 : Incorrect response when trying to delete user attached to a security zone
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70455/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2383 https://issues.apache.org/jira/browse/RANGER-2383 Repository: ranger Description --- Incorrect response when trying to delete user attached to a security zone. Diffs - security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 6edfabb security-admin/src/main/webapp/scripts/utils/XAUtils.js b14f4b9 security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js 529958d security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 23d3568 Diff: https://reviews.apache.org/r/70455/diff/1/ Testing --- 1)Verified if User delete is not allowed if that user is present in zone as a zone admin/zone auditor. 2)Verified if Proper error message is shown if user is present in zone. Thanks, Nikhil P
Re: Review Request 70432: RANGER-2387 : add public api v2 for security zones
> On April 11, 2019, 12:43 a.m., Velmurugan Periasamy wrote: > > security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java > > Lines 112 (patched) > > <https://reviews.apache.org/r/70432/diff/1/?file=2138191#file2138191line112> > > > > See my comment in https://reviews.apache.org/r/70447/ > > > > Please resolve the conflict. This updated patch can be committed after RANGER-2384 is committed - Nikhil --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70432/#review214539 ------- On April 11, 2019, 6:24 p.m., Nikhil P wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70432/ > --- > > (Updated April 11, 2019, 6:24 p.m.) > > > Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, > Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-2387 > https://issues.apache.org/jira/browse/RANGER-2387 > > > Repository: ranger > > > Description > --- > > add public api v2 for security zones > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java > 073404e > > > Diff: https://reviews.apache.org/r/70432/diff/2/ > > > Testing > --- > > 1.Tested Curl response of Public api v2 are correct. > 2.validated response result for public API matches with SecurityZoneREST > > > File Attachments > > > RANGER-2387-add-public-api-v2-for-security-zones.patch > > https://reviews.apache.org/media/uploaded/files/2019/04/11/76ef5743-38ad-4ee1-959b-27431e4ddd89__RANGER-2387-add-public-api-v2-for-security-zones.patch > > > Thanks, > > Nikhil P > >
Re: Review Request 70432: RANGER-2387 : add public api v2 for security zones
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70432/ --- (Updated April 11, 2019, 6:24 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2387 https://issues.apache.org/jira/browse/RANGER-2387 Repository: ranger Description --- add public api v2 for security zones Diffs (updated) - security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 073404e Diff: https://reviews.apache.org/r/70432/diff/2/ Changes: https://reviews.apache.org/r/70432/diff/1-2/ Testing --- 1.Tested Curl response of Public api v2 are correct. 2.validated response result for public API matches with SecurityZoneREST File Attachments (updated) RANGER-2387-add-public-api-v2-for-security-zones.patch https://reviews.apache.org/media/uploaded/files/2019/04/11/76ef5743-38ad-4ee1-959b-27431e4ddd89__RANGER-2387-add-public-api-v2-for-security-zones.patch Thanks, Nikhil P
Review Request 70447: RANGER-2384 : Get All Zones API is returning response in raw format, proper response object is required.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70447/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2384 https://issues.apache.org/jira/browse/RANGER-2384 Repository: ranger Description --- Get All Zones API is returning response in raw format,proper response object is required. Diffs - security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java 299e256 security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 574166c security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java b8b8c1b security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneService.java 04003f4 security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/view/RangerSecurityZoneList.java PRE-CREATION security-admin/src/main/webapp/scripts/collection_bases/RangerZoneListBase.js 8180414 security-admin/src/main/webapp/scripts/controllers/Controller.js 934a1a2 security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js d2f8a91 security-admin/src/test/java/org/apache/ranger/biz/TestSecurityZoneDBStore.java 3d7c3ef security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java e4b5a1b Diff: https://reviews.apache.org/r/70447/diff/1/ Testing --- 1)Verified If proper response is coming in get All zones. 2)Tested on local VM. Thanks, Nikhil P
Review Request 70432: RANGER-2387 : add public api v2 for security zones
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70432/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2387 https://issues.apache.org/jira/browse/RANGER-2387 Repository: ranger Description --- add public api v2 for security zones Diffs - security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 073404e Diff: https://reviews.apache.org/r/70432/diff/1/ Testing --- 1.Tested Curl response of Public api v2 are correct. 2.validated response result for public API matches with SecurityZoneREST Thanks, Nikhil P
Re: Review Request 70340: RANGER-2382 : Improvement to Access Audit page-Add ‘agentHostname’ column to audit log table, which records IP-address/hostname of the plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70340/ --- (Updated April 3, 2019, 3 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2382 https://issues.apache.org/jira/browse/RANGER-2382 Repository: ranger Description --- In Audit Page Access tab: Add ‘agentHostname’ column to audit log table, which records IP-address/hostname of the plugin. Having this field in audit UI can avoid having to scan all the hosts. Diffs (updated) - LICENSE.txt 7aa4bf4e6 agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java 80a6d9e7b agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java ee95800c1 agents-common/pom.xml 4486af359 agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java 4421442ab agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java 65f5c017f security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java ce577e0fc security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java 6687b198c security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java cf2a3b4d8 security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java 7b63a6328 security-admin/src/main/webapp/scripts/modules/globalize/message/en.js d4d87d7d8 security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js e7b45d992 security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java ef149d5fa Diff: https://reviews.apache.org/r/70340/diff/3/ Changes: https://reviews.apache.org/r/70340/diff/2-3/ Testing --- 1)verified if ‘agentHostname’ is getting added in solr and also getting displayed on Ranger UI -access audit page. 2)verified agentHostName shows destination of agents. Thanks, Nikhil P
Re: Review Request 70340: RANGER-2382 : Improvement to Access Audit page-Add ‘agentHostname’ column to audit log table, which records IP-address/hostname of the plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70340/ --- (Updated April 2, 2019, 5:56 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- resolved review comments Bugs: RANGER-2382 https://issues.apache.org/jira/browse/RANGER-2382 Repository: ranger Description --- In Audit Page Access tab: Add ‘agentHostname’ column to audit log table, which records IP-address/hostname of the plugin. Having this field in audit UI can avoid having to scan all the hosts. Diffs (updated) - agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java 80a6d9e7b agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java ee95800c1 agents-common/pom.xml 4486af359 agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java 4421442ab agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b82ff29f6 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 5e10e0d33 agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java 65f5c017f hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java be8263911 security-admin/contrib/solr_for_audit_setup/conf/managed-schema c33f6de06 security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java ce577e0fc security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java 6687b198c security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java cf2a3b4d8 security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java 7b63a6328 security-admin/src/main/webapp/scripts/modules/globalize/message/en.js d4d87d7d8 security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js e7b45d992 security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java ef149d5fa Diff: https://reviews.apache.org/r/70340/diff/2/ Changes: https://reviews.apache.org/r/70340/diff/1-2/ Testing --- 1)verified if ‘agentHostname’ is getting added in solr and also getting displayed on Ranger UI -access audit page. 2)verified agentHostName shows destination of agents. Thanks, Nikhil P
Review Request 70340: RANGER-2382 : Improvement to Access Audit page-Add ‘agentHostname’ column to audit log table, which records IP-address/hostname of the plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70340/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2382 https://issues.apache.org/jira/browse/RANGER-2382 Repository: ranger Description --- In Audit Page Access tab: Add ‘agentHostname’ column to audit log table, which records IP-address/hostname of the plugin. Having this field in audit UI can avoid having to scan all the hosts. Diffs - agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java 80a6d9e agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java ee95800 agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java 4421442 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b82ff29 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 9fe0531 agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java 65f5c01 hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java be82639 security-admin/contrib/solr_for_audit_setup/conf/managed-schema c33f6de security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java ce577e0 security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java 6687b19 security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java cf2a3b4 security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java 7b63a63 security-admin/src/main/webapp/scripts/modules/globalize/message/en.js d4d87d7 security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js e7b45d9 security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java ef149d5 Diff: https://reviews.apache.org/r/70340/diff/1/ Testing --- 1)verified if ‘agentHostname’ is getting added in solr and also getting displayed on Ranger UI -access audit page. 2)verified agentHostName shows destination of agents. Thanks, Nikhil P
Re: Review Request 70254: RANGER-2373 : User creation POST and PUT response not showing groupIdList and groupNameList with expected data
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70254/ --- (Updated March 22, 2019, 12:47 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- resolved review comments Summary (updated) - RANGER-2373 : User creation POST and PUT response not showing groupIdList and groupNameList with expected data Bugs: RANGER-2373 https://issues.apache.org/jira/browse/RANGER-2373 Repository: ranger Description --- User creation POST and PUT response should show groupIdList and groupNameList Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java fc40917 security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 49c57a6 Diff: https://reviews.apache.org/r/70254/diff/2/ Changes: https://reviews.apache.org/r/70254/diff/1-2/ Testing --- validated If user creation and updation response is showing expected list of group Id / group Name. 1.Tested CRUD for users. 2.Tested CRUD for groups. 3.Checked adding users to group. 4.Checked users are getting deleted when groups are assigned to it. File Attachments (updated) RANGER-2373-2.patch https://reviews.apache.org/media/uploaded/files/2019/03/22/f1f0b2d5-68d1-4413-b5f7-f8836b2dc2a8__RANGER-2373-2.patch Thanks, Nikhil P
Review Request 70254: User creation POST and PUT response not showing groupIdList and groupNameList with expected data
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70254/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2373 https://issues.apache.org/jira/browse/RANGER-2373 Repository: ranger Description --- User creation POST and PUT response should show groupIdList and groupNameList Diffs - security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java fc40917 security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 49c57a6 Diff: https://reviews.apache.org/r/70254/diff/1/ Testing --- validated If user creation and updation response is showing expected list of group Id / group Name. 1.Tested CRUD for users. 2.Tested CRUD for groups. 3.Checked adding users to group. 4.Checked users are getting deleted when groups are assigned to it. Thanks, Nikhil P
Review Request 70192: Improvement on getServices API to get plugin services based on its associated tag service
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70192/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2357 https://issues.apache.org/jira/browse/RANGER-2357 Repository: ranger Description --- Improvement on getServices API to get plugin services based on its associated tag service Diffs - security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java ad38417 security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java 315946e Diff: https://reviews.apache.org/r/70192/diff/1/ Testing --- Tested on local machine. Thanks, Nikhil P
Review Request 69917: Audits: filter out service audit logs and additional users logs from user audit logs
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69917/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2334 https://issues.apache.org/jira/browse/RANGER-2334 Repository: ranger Description --- This feature of excluding service users from ranger access audits is provided because there are too many system audits generated by service users. additional filter is added in ranger UI - access audits page i.e. Exclude service user : true/false setting above filter as true & after setting below properties, ranger admin will filter out service users from access audit logs. additionally,In order to remove additional user logs from access audits, one can set another property for exclusion of audit logs for those users. 1)In order to use this feature, user should set component service users in ranger-admin-site.xml whose logs are needed to be filtered out. eg. say ranger user wants to filter out atlas and hbase service user. ranger.plugins.atlas.serviceuser atlas ranger.plugins.hbase.serviceuser hbase 2)In addition to service users new property "ranger.accesslogs.exclude.users.list" is introduced, in which user can specify list of additional users(other than service users)whose logs needs be excluded from ranger access audits. ranger.accesslogs.exclude.users.list yarn-ats,testUser after setting above properties, logs from above users will not show up in ranger access audits. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java 110f763 security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 8a0ca95 security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java f64c0db security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 4894480 security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java 40e680a Diff: https://reviews.apache.org/r/69917/diff/1/ Testing --- 1.Tested that after setting properties & sending UI flag(Exclude service user) as true ,ranger access audit logs is not showing audits for serviceusers(serviceusers are set in property ranger.plugins..serviceuser). 2.checked if additional user logs are also getting filtered out after setting those users list in property(ranger.accesslogs.exclude.users.list) and sending UI flag(Exclude service user) as true on access audits page. Thanks, Nikhil P
Review Request 69565: Improve group search on policy edit page
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69565/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2309 https://issues.apache.org/jira/browse/RANGER-2309 Repository: ranger Description --- Improve group search on policy edit page Diffs - security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java e1a6b58 Diff: https://reviews.apache.org/r/69565/diff/1/ Testing --- Tested If partial/exact group-search/user-search on policy edit page & reports page works properly. Thanks, Nikhil P
Re: Review Request 69228: Allow service admin and delegated admin user to view list of users and groups though they have 'USER' role
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69228/ --- (Updated Nov. 2, 2018, 7:01 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Nitin Galave, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2273 https://issues.apache.org/jira/browse/RANGER-2273 Repository: ranger Description --- Due to RANGER-2208 users list access is too restricted to the users who are having USER role. To create policies delegated admin and service admin need access to users and groups information. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b40d4f027 security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java febf2218d security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b5c6e9cc5 security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 4a6a76998 security-admin/src/main/webapp/scripts/views/policies/PermissionList.js 2b996b0e1 security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js d5bad70df Diff: https://reviews.apache.org/r/69228/diff/3/ Changes: https://reviews.apache.org/r/69228/diff/2-3/ Testing --- 1.tested on local VM. Thanks, Nikhil P
Review Request 69228: Allow service admin and delegated admin user to view list of users and groups though they have 'USER' role
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69228/ --- Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Nitin Galave, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2273 https://issues.apache.org/jira/browse/RANGER-2273 Repository: ranger Description --- Due to RANGER-2208 users list access is too restricted to the users who are having USER role. To create policies delegated admin and service admin need access to users and groups information. Diffs - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b40d4f0 security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b5c6e9c security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 4a6a769 security-admin/src/main/webapp/scripts/views/policies/PermissionList.js 2b996b0 Diff: https://reviews.apache.org/r/69228/diff/1/ Testing --- 1.tested on local VM. Thanks, Nikhil P
Review Request 69189: Implement best coding practices for validating user input
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69189/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Nitin Galave, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2269 https://issues.apache.org/jira/browse/RANGER-2269 Repository: ranger Description --- Implement best coding practices for validating user input Diffs - security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js 60c25fa Diff: https://reviews.apache.org/r/69189/diff/1/ Testing --- 1.Tested on local Thanks, Nikhil P
Review Request 69117: Improvement of export to excel from report listing page for Oracle database
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69117/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2262 https://issues.apache.org/jira/browse/RANGER-2262 Repository: ranger Description --- Improvement of export to excel from report listing page for Oracle database Diffs - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 5dfe446 Diff: https://reviews.apache.org/r/69117/diff/1/ Testing --- 1.Tested on VM. Thanks, Nikhil P
Re: Review Request 68881: RANGER-2203: Review and update database schema for ranger policies to minimize database queries/updates
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68881/#review209359 --- security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java Lines 88 (patched) <https://reviews.apache.org/r/68881/#comment293743> null check is needed for policyItem.getGroups() as well as policyItem.getUsers() - Nikhil P On Oct. 9, 2018, 5:37 a.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68881/ > --- > > (Updated Oct. 9, 2018, 5:37 a.m.) > > > Review request for ranger, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep > Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-2186, RANGER-2195 and RANGER-2219 > https://issues.apache.org/jira/browse/RANGER-2186 > https://issues.apache.org/jira/browse/RANGER-2195 > https://issues.apache.org/jira/browse/RANGER-2219 > > > Repository: ranger > > > Description > --- > > Notes: > > This is a composite patch for updating database schema for Ranger policy and > tag related objects. > > Notes: > > This patch is more complete than the one posted earlier > (https://reviews.apache.org/r/68876/). Database scripts to drop foreign-keys > are missing for some database types. They need to be added. > > This patch also subsumes back-ports of RANGER-2186 and RANGER-2195 from > master to ranger-0.7 branch. Porting those JIRA separately involved fixing > conflicts in many common files. > > Description: > > Currently, ranger policies are fully normalized and stored in a multiple > Relational database tables. There is a performance overhead incurred when > retrieving a ranger policy, as multiple database accesses are required to > fully reconstruct it. This is significant when there are large ranger > policies (that is, the number of resources addressed by the policy is large), > and/or when there is a large number of ranger policies in an installation. > > This Jira tracks alternate design of database schema, where a policy is > stored in a de-normalized way, in its entirely, in one database table > (preferably as a JSON string). > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java > a75ca59e8 > agents-common/src/main/java/org/apache/ranger/plugin/store/TagStore.java > 5918b1292 > embeddedwebserver/scripts/ranger-admin-services.sh 19dab2a9d > security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql > PRE-CREATION > security-admin/db/mysql/patches/040-denormalize-tag-tables.sql PRE-CREATION > security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql > PRE-CREATION > security-admin/db/oracle/patches/040-denormalize-tag-tables.sql > PRE-CREATION > security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql > PRE-CREATION > security-admin/db/postgres/patches/040-denormalize-tag-tables.sql > PRE-CREATION > security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql > PRE-CREATION > security-admin/db/sqlanywhere/patches/040-denormalize-tag-tables.sql > PRE-CREATION > security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql > PRE-CREATION > security-admin/db/sqlserver/patches/040-denormalize-tag-tables.sql > PRE-CREATION > security-admin/scripts/db_setup.py d4f37ed6f > security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java > 354ab1cba > > security-admin/src/main/java/org/apache/ranger/biz/RangerTagDBRetriever.java > 53683ec04 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > ceee8cef2 > security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java > 3234be6a2 > > security-admin/src/main/java/org/apache/ranger/common/db/RangerTransactionSynchronizationAdapter.java > 2a62fb408 > security-admin/src/main/java/org/apache/ranger/db/RangerDaoManager.java > e3b878b3e > security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java > d718441ee > security-admin/src/main/java/org/apache/ranger/db/XXAccessTypeDefDao.java > 8f3a50687 > security-admin/src/main/java/org/apache/ranger/db/XXDataMaskTypeDefDao.java &
Re: Review Request 68228: Unit Test cases to cover policy operations from service admin user
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68228/ --- (Updated Aug. 7, 2018, 12:56 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2171 https://issues.apache.org/jira/browse/RANGER-2171 Repository: ranger Description --- Unit Test cases to cover policy operations from service admin user(RANGER-2168) Diffs (updated) - security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java b0b0110 security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java e669c03 Diff: https://reviews.apache.org/r/68228/diff/2/ Changes: https://reviews.apache.org/r/68228/diff/1-2/ Testing --- Tested if unit test cases are running fine on local. File Attachments (updated) RANGER-2171_2.patch https://reviews.apache.org/media/uploaded/files/2018/08/07/a83485c8-19f4-428c-b145-d271a16916f8__RANGER-2171_2.patch RANGER-2171_2.patch https://reviews.apache.org/media/uploaded/files/2018/08/07/4897e7a7-d3c0-46c0-b223-92c26eda5060__RANGER-2171_2.patch RANGER-2171_2.patch https://reviews.apache.org/media/uploaded/files/2018/08/07/81cec758-8870-4ebf-89f0-3f621a862dc9__RANGER-2171_2.patch Thanks, Nikhil P
Review Request 68228: Unit Test cases to cover policy operations from service admin user
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68228/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2171 https://issues.apache.org/jira/browse/RANGER-2171 Repository: ranger Description --- Unit Test cases to cover policy operations from service admin user(RANGER-2168) Diffs - security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java b0b0110 Diff: https://reviews.apache.org/r/68228/diff/1/ Testing --- Tested if unit test cases are running fine on local. Thanks, Nikhil P
Re: Review Request 68042: 'Email Address' search is not working properly along with other filter in user listing page, userRoles filters also needs to be improved.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68042/ --- (Updated July 27, 2018, 1:02 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2160 https://issues.apache.org/jira/browse/RANGER-2160 Repository: ranger Description --- 'Email Address' search is not working properly along with other filter in user listing page,userRoles filters also needs to be improved. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ea60e99 security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java 35b9d0a security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java 6f28e7b security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java 7df0640 security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 79f347d security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java e564e28 Diff: https://reviews.apache.org/r/68042/diff/2/ Changes: https://reviews.apache.org/r/68042/diff/1-2/ Testing --- Tested if email id filter & user roles along with other filters are working properly. Thanks, Nikhil P
Review Request 68062: Ranger to add default altlas policy for rangertagsync user.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68062/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2164 https://issues.apache.org/jira/browse/RANGER-2164 Repository: ranger Description --- Ranger Tagsync, when configured with atlas rest api end point with user rangertagsync, will need a default policy in atlas service to connect Atlas out of the box. Diffs - plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java d4c196e Diff: https://reviews.apache.org/r/68062/diff/1/ Testing --- 1.Tested if rangertagsync user is getting access to read entity. 2.Validated if rangertagsync user is getting added in atlas entity policy. Thanks, Nikhil P
Review Request 68042: 'Email Address' search is not working properly along with other filter in user listing page, userRoles filters also needs to be improved.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68042/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2160 https://issues.apache.org/jira/browse/RANGER-2160 Repository: ranger Description --- 'Email Address' search is not working properly along with other filter in user listing page,userRoles filters also needs to be improved. Diffs - security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 7f5eab7 security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java 35b9d0a security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java 6f28e7b security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java 7df0640 security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 79f347d security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java e564e28 Diff: https://reviews.apache.org/r/68042/diff/1/ Testing --- Tested if email id filter & user roles along with other filters are working properly. Thanks, Nikhil P
Review Request 67804: Improve ranger coverage of unit tests for REST layer.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67804/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: ranger-2126 https://issues.apache.org/jira/browse/ranger-2126 Repository: ranger Description --- Improve ranger coverage of unit tests for REST layer. Diffs - security-admin/src/test/java/org/apache/ranger/rest/TestServiceTagProcessor.java PRE-CREATION Diff: https://reviews.apache.org/r/67804/diff/1/ Testing --- 1.Tested on local machine Thanks, Nikhil P
Review Request 67599: Ranger UserSync port (ie 5151) supports TLSv1.0
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67599/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2131 https://issues.apache.org/jira/browse/RANGER-2131 Repository: ranger Description --- make SSL/TLS protocols for usersync configurable by user Diffs - unixauthservice/conf.dist/ranger-ugsync-default.xml c02be51 unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java 6ed2174 Diff: https://reviews.apache.org/r/67599/diff/1/ Testing --- 1.Tested if configured protocols works properly. 2.Tested if no property specified , default protocols should be supported. Thanks, Nikhil P
Re: Review Request 67545: Good coding practices for REST classes and unit tests
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67545/ --- (Updated June 14, 2018, 7:31 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2133 https://issues.apache.org/jira/browse/RANGER-2133 Repository: ranger Description --- Good coding practices for REST classes and unit tests Diffs (updated) - security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c206acb security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 15ed862 security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java 529fd5b security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefService.java f4ea957 Diff: https://reviews.apache.org/r/67545/diff/2/ Changes: https://reviews.apache.org/r/67545/diff/1-2/ Testing --- tested on local machine. Thanks, Nikhil P
Review Request 67545: Good coding practices for REST classes and unit tests
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67545/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2133 https://issues.apache.org/jira/browse/RANGER-2133 Repository: ranger Description --- Good coding practices for REST classes and unit tests Diffs - security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c206acb security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java 529fd5b security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefService.java f4ea957 Diff: https://reviews.apache.org/r/67545/diff/1/ Testing --- tested on local machine. Thanks, Nikhil P
Re: Review Request 67507: Improve ranger coverage of unit tests for REST layer.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67507/ --- (Updated June 11, 2018, 2:49 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2126 https://issues.apache.org/jira/browse/RANGER-2126 Repository: ranger Description --- Improve ranger coverage of unit tests for REST layer. Diffs (updated) - security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java df0a927 Diff: https://reviews.apache.org/r/67507/diff/2/ Changes: https://reviews.apache.org/r/67507/diff/1-2/ Testing --- Checked if unit tests run properly. Thanks, Nikhil P
Review Request 67507: Improve ranger coverage of unit tests for REST layer.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67507/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2126 https://issues.apache.org/jira/browse/RANGER-2126 Repository: ranger Description --- Improve ranger coverage of unit tests for REST layer. Diffs - security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java df0a927 Diff: https://reviews.apache.org/r/67507/diff/1/ Testing --- Checked if unit tests run properly. Thanks, Nikhil P
Review Request 67471: Improvement in ranger yarn and hdfs plugin for additional default policy creation feature during service creation
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67471/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2122 https://issues.apache.org/jira/browse/RANGER-2122 Repository: ranger Description --- Improvement in ranger yarn and hdfs plugin for additional default policy creation feature during service creation Diffs - hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/RangerServiceHdfs.java 4c9f635 plugin-yarn/src/main/java/org/apache/ranger/services/yarn/RangerServiceYarn.java 9e62152 Diff: https://reviews.apache.org/r/67471/diff/1/ Testing --- Tested on local machine Thanks, Nikhil P
Re: Review Request 67347: RANGER-2115: Atlas service-def creation failing during Ranger installation
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67347/#review203971
---
Ship it!
Ship It!
- Nikhil P
On May 29, 2018, 11:13 a.m., Pradeep Agrawal wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67347/
> ---
>
> (Updated May 29, 2018, 11:13 a.m.)
>
>
> Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan
> Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan
> Periasamy.
>
>
> Bugs: RANGER-2115
> https://issues.apache.org/jira/browse/RANGER-2115
>
>
> Repository: ranger
>
>
> Description
> ---
>
> **Problem Statment:**
> Atlas service def creation failed during manual installation of Ranger with
> the following Error:
> 2018-05-29 04:32:25,888 [localhost-startStop-1] ERROR
> org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil
> (EmbeddedServiceDefsUtil.java:246) -
> EmbeddedServiceDefsUtil.getOrCreateServiceDef(): failed to load/create
> serviceType atlas
> com.google.gson.JsonSyntaxException: java.lang.IllegalStateException:
> Expected BEGIN_OBJECT but was STRING at line 1 column 1
> at
> com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:176)
> at com.google.gson.Gson.fromJson(Gson.java:803)
> at com.google.gson.Gson.fromJson(Gson.java:741)
> at
> org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil.loadEmbeddedServiceDef(EmbeddedServiceDefsUtil.java:269)
> at
> org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil.getOrCreateServiceDef(EmbeddedServiceDefsUtil.java:230)
> at
> org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil.init(EmbeddedServiceDefsUtil.java:136)
> at
> org.apache.ranger.biz.ServiceDBStore$1.doInTransaction(ServiceDBStore.java:352)
> at
> org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:133)
> at
> org.apache.ranger.biz.ServiceDBStore.initStore(ServiceDBStore.java:349)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> **Proposed Solution:**
> it seems first character of ranger-servicedef-atlas.json file contains
> '' character also which Gson library is unable to parse. by removing
> the first line and typing the '{' character is solving this issue.
> I have also replace two blank space with a tab.
>
>
> Diffs
> -
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
> 7c5170e
>
>
> Diff: https://reviews.apache.org/r/67347/diff/1/
>
>
> Testing
> ---
>
> **Steps Performed (with patch) :**
> 1. After mvn Build; untar the Ranger admin module and updated
> install.properties for MySQL DB flavor.
> 2. Called setup.sh to install Ranger admin.
> 3. Started ranger admin.
>
> **Expected behavior :**
> 1. Ranger should start and after login atlas service should appear in Ranger
> UI.
>
> **Actual behavior :**
> 1. Ranger started successfully and after login atlas service-def was
> available in Ranger UI.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>
Review Request 67151: User is not able to see revoke audits for HBASE.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67151/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2103 https://issues.apache.org/jira/browse/RANGER-2103 Repository: ranger Description --- User is not able to see revoke audits for HBASE. Diffs - security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b2a43d2 security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java 397639b Diff: https://reviews.apache.org/r/67151/diff/1/ Testing --- validated if user is able to see grant/revoke audits for hbase. validated if user is able to see grant/revoke audits for hive. Thanks, Nikhil P
Re: Review Request 67084: RANGER-2076 : Handle proxy users for Kerberos based authentication
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67084/ --- (Updated May 14, 2018, 12:30 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Summary (updated) - RANGER-2076 : Handle proxy users for Kerberos based authentication Bugs: RANGER-2076 https://issues.apache.org/jira/browse/RANGER-2076 Repository: ranger Description --- Handle proxy users for Kerberos based authentication. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java 7cdb2fe Diff: https://reviews.apache.org/r/67084/diff/2/ Changes: https://reviews.apache.org/r/67084/diff/1-2/ Testing --- Validated on simple as well as kerberised environment. Thanks, Nikhil P
Review Request 67084: Handle proxy users for Kerberos based authentication.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67084/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2076 https://issues.apache.org/jira/browse/RANGER-2076 Repository: ranger Description --- Handle proxy users for Kerberos based authentication. Diffs - security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java 7cdb2fe security-admin/src/test/java/org/apache/ranger/biz/TestRangerBizUtil.java 81bc548 security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java ce6971d Diff: https://reviews.apache.org/r/67084/diff/1/ Testing --- Validated on simple as well as kerberised environment. Thanks, Nikhil P
Review Request 67052: RANGER Admin UI login through knox proxy fails with 404
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67052/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2079 https://issues.apache.org/jira/browse/RANGER-2079 Repository: ranger Description --- RANGER Admin UI login through knox proxy fails with 404 Diffs - security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js c8b0c49 Diff: https://reviews.apache.org/r/67052/diff/1/ Testing --- 1)Tested on knox proxy environment. 2)Validated if ranger admin UI logs in successfully through knox proxy. Thanks, Nikhil P
Review Request 66985: improvement in ranger policy timezones and keeping validation at both ranger server and UI end consistent.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66985/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2098 https://issues.apache.org/jira/browse/RANGER-2098 Repository: ranger Description --- improvement in ranger policy timezones and keeping validation at both ranger server and UI end consistent. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidityScheduleValidator.java 17ff37f agents-common/src/test/resources/policyengine/validityscheduler/test-validity-schedules-valid-and-applicable.json 6081b85 security-admin/src/main/webapp/scripts/utils/XAGlobals.js 56fc3c0 Diff: https://reviews.apache.org/r/66985/diff/1/ Testing --- 1)Tested whether required timezones are supported. 2)validated If UI and server has same list of timezones supported. Thanks, Nikhil P
Review Request 66946: Good coding practice for ranger response codes
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66946/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2091 https://issues.apache.org/jira/browse/RANGER-2091 Repository: ranger Description --- Good coding practice for ranger response codes Diffs - security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java de3891e Diff: https://reviews.apache.org/r/66946/diff/1/ Testing --- 1)Tested on simple as well as kerberised environment. 2)Tested with Knox SSO,Knox Proxy, wire encryption. Thanks, Nikhil P
Re: Review Request 66584: Ranger Usersync should use cookie based authentication for subsequent requests to Ranger admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66584/ --- (Updated April 18, 2018, 8:23 p.m.) Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2021 and RANGER-2064 https://issues.apache.org/jira/browse/RANGER-2021 https://issues.apache.org/jira/browse/RANGER-2064 Repository: ranger Description --- Ranger Usersync should use cookie based authentication for subsequent requests to Ranger admin. Diffs (updated) - ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java e9e356a ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java b30b051 unixauthservice/conf.dist/ranger-ugsync-default.xml cf4ab80 Diff: https://reviews.apache.org/r/66584/diff/4/ Changes: https://reviews.apache.org/r/66584/diff/3-4/ Testing --- 1)Validated rangerusersync is not flooding table. 2)Validated if cookie is used by usersync client for subsequent requests to ranger-admin. Thanks, Nikhil P
Re: Review Request 66584: Ranger Usersync should use cookie based authentication for subsequent requests to Ranger admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66584/ --- (Updated April 17, 2018, 8:33 p.m.) Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2021 and RANGER-2064 https://issues.apache.org/jira/browse/RANGER-2021 https://issues.apache.org/jira/browse/RANGER-2064 Repository: ranger Description --- Ranger Usersync should use cookie based authentication for subsequent requests to Ranger admin. Diffs (updated) - ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java e9e356a ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java b30b051 unixauthservice/conf.dist/ranger-ugsync-default.xml cf4ab80 Diff: https://reviews.apache.org/r/66584/diff/3/ Changes: https://reviews.apache.org/r/66584/diff/2-3/ Testing --- 1)Validated rangerusersync is not flooding table. 2)Validated if cookie is used by usersync client for subsequent requests to ranger-admin. Thanks, Nikhil P
Re: Review Request 66584: Ranger Usersync should use cookie based authentication for subsequent requests to Ranger admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66584/ --- (Updated April 16, 2018, 6:38 p.m.) Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2021 and RANGER-2064 https://issues.apache.org/jira/browse/RANGER-2021 https://issues.apache.org/jira/browse/RANGER-2064 Repository: ranger Description --- Ranger Usersync should use cookie based authentication for subsequent requests to Ranger admin. Diffs (updated) - ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java e9e356a ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java b30b051 unixauthservice/conf.dist/ranger-ugsync-default.xml cf4ab80 Diff: https://reviews.apache.org/r/66584/diff/2/ Changes: https://reviews.apache.org/r/66584/diff/1-2/ Testing --- 1)Validated rangerusersync is not flooding table. 2)Validated if cookie is used by usersync client for subsequent requests to ranger-admin. Thanks, Nikhil P
Review Request 66584: Ranger Usersync should use cookie based authentication for subsequent requests to Ranger admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66584/ --- Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2021 and RANGER-2064 https://issues.apache.org/jira/browse/RANGER-2021 https://issues.apache.org/jira/browse/RANGER-2064 Repository: ranger Description --- Ranger Usersync should use cookie based authentication for subsequent requests to Ranger admin. Diffs - ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java e9e356a ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java b30b051 unixauthservice/conf.dist/ranger-ugsync-default.xml cf4ab80 Diff: https://reviews.apache.org/r/66584/diff/1/ Testing --- 1)Validated rangerusersync is not flooding table. 2)Validated if cookie is used by usersync client for subsequent requests to ranger-admin. Thanks, Nikhil P
