Re: [VOTE] Apache Ranger 2.4.0 Release - rc2
+1 Apache Ranger 2.4.0 - rc2 release. Thanks & Regards Nixon On Wed, 29 Mar 2023 at 07:43, Balaji Ganesan wrote: > +1 > > On Tue, Mar 28, 2023 at 7:46 AM Ramesh Mani wrote: > > > +1 for Apache Ranger 2.4.0 rc2 > > > > - Build from the source > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz > > file was > > successful. > > - Verified some of the source code in tar files built. > > - Verified PGP signature. > > - Verified SHA256 / 512 hash. > > > > Thank you Selva for Apache Ranger 2.4.0 release candidate #2 > > > > Thanks, > > Ramesh > > > > On Mon, Mar 27, 2023 at 8:41 PM Selvamohan Neethiraj < > sneet...@apache.org> > > wrote: > > > > > Rangers: > > > > > > Apache Ranger 2.4.0 release candidate #2 is now available for a vote > > > within the dev community. > > > Links to the release artifacts are given below. Please review and vote. > > > > > > The vote will be open for at least 72 hours or until necessary votes > are > > > reached. > > > [ ] +1 approve > > > [ ] +0 no opinion > > > [ ] -1 disapprove (and reason why) > > > > > > Thanks, > > > Selva- > > > Ranger PMC > > > > > > List of issues / improvements addressed in this release: click-here < > > > > > > https://issues.apache.org/jira/browse/RANGER-4154?jql=project=RANGER%20and%20fixVersion%20%20=%202.4.0%20and%20status%20=%20Resolved%20ORDER%20BY%20key%20desc > > > > > > > > > > Git tag for the release: > > > https://github.com/apache/ranger/tree/release-2.4.0-rc2 > > > Sources for the release: > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz > > > > > > Source release verification: > > > PGP Signature: > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz.asc > > > SHA256 > > > < > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz.ascSHA256 > > > > > > Hash: > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz.sha256 > > > SHA512 > > > < > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz.sha256SHA512 > > > > > > Hash: > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz.sha512 > > > > > > Keys to verify the signature: > > > https://dist.apache.org/repos/dist/release/ranger/KEYS > > > > > > Click Here < > > > > > > https://issues.apache.org/jira/issues/?jql=project=RANGER%20and%20fixVersion%20%20=%202.4.0%20and%20status%20=%20Resolved%20and%20type%20in%20(%22New%20Feature%22,%20Improvement)%20ORDER%20BY%20key%20desc > > > > > > to view New Features/Enhancements in this release. > > > > > > > > > > > > > > > > > > > > >
Re: DockerHub Support for Ranger
+1 On Tue, 28 Feb 2023 at 02:25, Abhishek Kumar wrote: > Hi all,It's been a while since we started developing docker images for > ranger and ranger plugins. I think it would be good if we publish these > images as official images to DockerHub as part of every ranger release, > similar to other Apache projects available here: > https://hub.docker.com/u/apache.I'm reaching out for any pointers on how > to > get started with having apache/ranger repo available in DockerHub.There is > also a jira for tracking the changes here: > https://issues.apache.org/jira/browse/RANGER-4044Thanks > Abhishek K >
Re: Planning for Apache Ranger 2.4.0 release
+1 for Ranger 2.4.0 release. Thanks Selva for initiating release process Regards Nixon On Wed, 8 Feb 2023 at 07:09, Sailaja Polavarapu wrote: > +1 for Apache Ranger 2.4.0 release. > Thanks Selva for initiating this. > > - Sailaja > > On Sat, Feb 4, 2023 at 2:42 PM Ramesh Mani wrote: > > > +1 for Apache Ranger 2.4.0 release activities. > > > > Thanks > > Ramesh > > > > On Tue, Jan 31, 2023 at 7:56 AM Selvamohan Neethiraj < > sneet...@apache.org> > > wrote: > > > > > Dear Ranger Community members, There are various features and critical > > > bug fixes done in the Apache Ranger project since the release of Apache > > > Ranger 2.3.0. Around 3 New Features, 34 improvements and 60 bug fixes > > > were made from the last release. Now with that Ranger community is > > > expecting a release to adapt those changes and hence planning this > > > release. Please review and provide your opinion. > > > > > > Thanks, Selva- > > > > > > _*Improvements & New Features addressed in 2.4.0*_ > > > > > > Improvement,RANGER-2928,[Ranger Zone REST API] Resources data is > missing > > > in XML format Improvement,RANGER-3165,Upgrade Elasticsearch version in > > > Ranger to Elasticsearch 7.10.2 Improvement,RANGER-3534,Review of > > > RangerHiveAuditHandler Improvement,RANGER-3623,Add ability to enable > > > anonymous download of policy/role/tag Improvement,RANGER-3633,Remove > > > eclipse .project file from git Improvement,RANGER-3664,Ranger KMS : Add > > > refresh functionality on kms key listing page. > > > Improvement,RANGER-3763,The max limit of the requested entities is not > > > configurable in tagsync Improvement,RANGER-3767,Add text message in > HDFS > > > and YARN policy pages to highlight the fallback ACL option > > > Improvement,RANGER-3787,Non-daemon threads started by > > > ElasticSearchAuditDestination cause Spark application hanging > > > Improvement,RANGER-3794,Improve performance of delete users/groups > > > utility Improvement,RANGER-3796,Enhancement to support multiple > resource > > > sets in a policy Improvement,RANGER-3818,Upgrade Solr to 8.11.2 > > > Improvement,RANGER-3822,RangerService outputs password information in > > > plaintext Improvement,RANGER-3837,"Allow Ranger non-admins to get, > > > create, edit and delete roles" Improvement,RANGER-3856,Ranger admin > > > client option to work with non-kerberized server > > > Improvement,RANGER-3865,support for using user attributes in masking > > > expressions Improvement,RANGER-3900,"Roles deletion Takes time in > Apache > > > Ranger when there are more users,groups,roles" > > > Improvement,RANGER-3902,dbLoadTime is not added correctly in > > > RangerServicePoliciesCache Improvement,RANGER-3910,API Documentation is > > > broken for knox sso Improvement,RANGER-3934,improve tag cache handling > > > to reduce resource usage Improvement,RANGER-3940,"Add javascript > > > includes(), intersects() polyfills for array prototype to > > > RangerCommonConstants" Improvement,RANGER-3948,update serialization to > > > skip empty values Improvement,RANGER-3951,optimize memory used for tags > > > in plugins and server Improvement,RANGER-3955,optimization to reduce > > > duplicate strings Improvement,RANGER-3973,LDAP incremental search not > > > always available Improvement,RANGER-3978,Docker setup to run Ranger KMS > > > Improvement,RANGER-3982,Python client for Ranger KMS REST APIs > > > Improvement,RANGER-3983,Support getColumnMasks and getRowFilters in > > > Trino SPI 376+ Improvement,RANGER-3985,Trino plugin: Check table name > > > when creating tables Improvement,RANGER-3986,Upgrade trino guice > > > dependency to 5.1.0 Improvement,RANGER-3988,Trino plugin should > > > differntiate between views and tables Improvement,RANGER-3997,option to > > > use default value when user/group/tag does not have the attribute > > > Improvement,RANGER-4004,"During the service deletion also, we can clear > > > the in-memory cache for that service which got deleted on the ranger > > > side" Improvement,RANGER-4011,option to disable creation of default > > > policies per hierarchy New Feature,RANGER-3852,Performance and > > > scalability analyzer tool for Ranger New > > > Feature,RANGER-3855,RangerExternalUserStoreRetriever class New > > > Feature,RANGER-4028,Ranger - Upgrade bootbox.js. > > > > > > _*BUGS addressed in 2.4.0*_ > > > > > > Bug,RANGER-2737,Ranger REST API returns different infomation when GET > > > user by id and by name Bug,RANGER-3080,"A service administrator should > > > be allowed to set ""excludes"" flag for a policy resource" > > > Bug,RANGER-3108,NPE in RangerPolicyRepository.init > > > Bug,RANGER-3387,Ranger Admin Header Validation. Bug,RANGER-3394,Too > much > > > `varchar(4000)` causes table to exceed ROW SIZE limit in MySQL > > > Bug,RANGER-3500,Ranger policy list doesn't support sorting by field > > > Bug,RANGER-3670,Policy update creates unnecessary entries in > transaction > > > log table Bug,RANGER-3680,mysql ErrorCode:1118 when Importing DB schema > > >
[jira] [Comment Edited] (RANGER-3808) Ranger的REST API接口(/roles/roles/{id}/addUsersAndGroups)本地测试提示404
[
https://issues.apache.org/jira/browse/RANGER-3808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645267#comment-17645267
]
Nixon Rodrigues edited comment on RANGER-3808 at 12/9/22 12:10 PM:
---
[~ramackri] , I took this patch on 2.2.0. but on still getting 404 error,
Can you please share entire curl call with path , params and body for reference
?
cc : [~nikhil]
was (Author: nixonrodrigues):
[~ramackri] , I took this patch on 2.2.0. but on still getting 404 error,
Can you please share entire curl call with path , params and body for reference
?
cc : [~nikhilp]
> Ranger的REST API接口(/roles/roles/{id}/addUsersAndGroups)本地测试提示404
> ---
>
> Key: RANGER-3808
> URL: https://issues.apache.org/jira/browse/RANGER-3808
> Project: Ranger
> Issue Type: Test
> Components: Ranger
> Environment: 本地搭建的Ranger环境
>Reporter: 唐娇龙
>Assignee: Ramachandran
>Priority: Blocker
> Fix For: 3.0.0, 2.4.0
>
> Attachments:
> 0001-RANGER-3808-Ranger-Rest-API-roles-roles-id-addUsersA.patch,
> image-2022-06-27-16-57-59-025.png
>
>
> 该接口本地环境测试提示404:
> [https://ranger.apache.org/apidocs/ui/index.html#!/RoleREST/addUsersAndGroups2]
> !image-2022-06-27-16-53-58-761.png!
> !image-2022-06-27-16-57-59-025.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (RANGER-3808) Ranger的REST API接口(/roles/roles/{id}/addUsersAndGroups)本地测试提示404
[
https://issues.apache.org/jira/browse/RANGER-3808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645267#comment-17645267
]
Nixon Rodrigues edited comment on RANGER-3808 at 12/9/22 12:09 PM:
---
[~ramackri] , I took this patch on 2.2.0. but on still getting 404 error,
Can you please share entire curl call with path , params and body for reference
?
cc : [~nikhilp]
was (Author: nixonrodrigues):
[~ramackri] , I took this patch on 2.2.0. but on still getting 404 error,
Can you please share entire curl call with path , params and body for reference
?
> Ranger的REST API接口(/roles/roles/{id}/addUsersAndGroups)本地测试提示404
> ---
>
> Key: RANGER-3808
> URL: https://issues.apache.org/jira/browse/RANGER-3808
> Project: Ranger
> Issue Type: Test
> Components: Ranger
> Environment: 本地搭建的Ranger环境
>Reporter: 唐娇龙
>Assignee: Ramachandran
>Priority: Blocker
> Fix For: 3.0.0, 2.4.0
>
> Attachments:
> 0001-RANGER-3808-Ranger-Rest-API-roles-roles-id-addUsersA.patch,
> image-2022-06-27-16-57-59-025.png
>
>
> 该接口本地环境测试提示404:
> [https://ranger.apache.org/apidocs/ui/index.html#!/RoleREST/addUsersAndGroups2]
> !image-2022-06-27-16-53-58-761.png!
> !image-2022-06-27-16-57-59-025.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-3808) Ranger的REST API接口(/roles/roles/{id}/addUsersAndGroups)本地测试提示404
[
https://issues.apache.org/jira/browse/RANGER-3808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17645267#comment-17645267
]
Nixon Rodrigues commented on RANGER-3808:
-
[~ramackri] , I took this patch on 2.2.0. but on still getting 404 error,
Can you please share entire curl call with path , params and body for reference
?
> Ranger的REST API接口(/roles/roles/{id}/addUsersAndGroups)本地测试提示404
> ---
>
> Key: RANGER-3808
> URL: https://issues.apache.org/jira/browse/RANGER-3808
> Project: Ranger
> Issue Type: Test
> Components: Ranger
> Environment: 本地搭建的Ranger环境
>Reporter: 唐娇龙
>Assignee: Ramachandran
>Priority: Blocker
> Fix For: 3.0.0, 2.4.0
>
> Attachments:
> 0001-RANGER-3808-Ranger-Rest-API-roles-roles-id-addUsersA.patch,
> image-2022-06-27-16-57-59-025.png
>
>
> 该接口本地环境测试提示404:
> [https://ranger.apache.org/apidocs/ui/index.html#!/RoleREST/addUsersAndGroups2]
> !image-2022-06-27-16-53-58-761.png!
> !image-2022-06-27-16-57-59-025.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (RANGER-3554) [Intermittent] API call to fetch the list of policies for a particular service repo returns a deleted policy in the response
[
https://issues.apache.org/jira/browse/RANGER-3554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17643138#comment-17643138
]
Nixon Rodrigues edited comment on RANGER-3554 at 12/5/22 7:12 AM:
--
[~abhayk], [~madhan]
Can you please let know what was the cause of the issue and the how the fix
provided fixed the issue.
Here in the fix, the below code lines block is moved out of
_isParentTransactionCommitted_ if statement block. How will this fix the issue.
{noformat}
List runnables = RUNNABLES.get();
RUNNABLES.remove(); {noformat}
[~abhishek.patil] , Can you please provide the repo steps here.
Appreciate your feedback here
Please let me know.
Thanks
was (Author: nixonrodrigues):
[~abhayk], [~madhan]
Can you please let know what was the cause of the issue and the how the fix
provided fixed the issue.
Here in the fix, the below code lines block is moved out
_isParentTransactionCommitted_ if statement block. How will this the issue.
{noformat}
List runnables = RUNNABLES.get();
RUNNABLES.remove(); {noformat}
[~abhishek.patil] , Can you please provide the repo steps here.
Please let me know.
Thanks
> [Intermittent] API call to fetch the list of policies for a particular
> service repo returns a deleted policy in the response
>
>
> Key: RANGER-3554
> URL: https://issues.apache.org/jira/browse/RANGER-3554
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 3.0.0, 2.3.0
>
>
> Multiple tests are executed during the test run, and the flow of the tests is
> as follows:-
> # A set of policies needed for the test are created for a Ranger service.
> # Tests are run.
> # All existing policies in the Ranger service are deleted by fetching all
> policies in the service, and deleting them one-by-one. Each delete call are
> successful.
> # All policies in the Ranger service are fetched to ensure that no policies
> are remaining in the Ranger service.
> It is expected that in step 4, no policies are returned. However,
> intermittently, step 4 returns policy that is deleted in step 3.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (RANGER-3554) [Intermittent] API call to fetch the list of policies for a particular service repo returns a deleted policy in the response
[
https://issues.apache.org/jira/browse/RANGER-3554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17643138#comment-17643138
]
Nixon Rodrigues edited comment on RANGER-3554 at 12/5/22 7:04 AM:
--
[~abhayk], [~madhan]
Can you please let know what was the cause of the issue and the how the fix
provided fixed the issue.
Here in the fix, the below code lines block is moved out
_isParentTransactionCommitted_ if statement block. How will this the issue.
{noformat}
List runnables = RUNNABLES.get();
RUNNABLES.remove(); {noformat}
[~abhishek.patil] , Can you please provide the repo steps here.
Please let me know.
Thanks
was (Author: nixonrodrigues):
[~abhayk], @madhan
Can you please let know what was the cause of the issue and the how the fix
provided fixed the issue.
Here in the fix, the below code lines block is moved out
_isParentTransactionCommitted_ if statement block. How will this the issue.
{noformat}
List runnables = RUNNABLES.get();
RUNNABLES.remove(); {noformat}
[~abhishek.patil] , Can you please provide the repo steps here.
Please let me know.
Thanks
> [Intermittent] API call to fetch the list of policies for a particular
> service repo returns a deleted policy in the response
>
>
> Key: RANGER-3554
> URL: https://issues.apache.org/jira/browse/RANGER-3554
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 3.0.0, 2.3.0
>
>
> Multiple tests are executed during the test run, and the flow of the tests is
> as follows:-
> # A set of policies needed for the test are created for a Ranger service.
> # Tests are run.
> # All existing policies in the Ranger service are deleted by fetching all
> policies in the service, and deleting them one-by-one. Each delete call are
> successful.
> # All policies in the Ranger service are fetched to ensure that no policies
> are remaining in the Ranger service.
> It is expected that in step 4, no policies are returned. However,
> intermittently, step 4 returns policy that is deleted in step 3.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-3554) [Intermittent] API call to fetch the list of policies for a particular service repo returns a deleted policy in the response
[
https://issues.apache.org/jira/browse/RANGER-3554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17643138#comment-17643138
]
Nixon Rodrigues commented on RANGER-3554:
-
[~abhayk], @madhan
Can you please let know what was the cause of the issue and the how the fix
provided fixed the issue.
Here in the fix, the below code lines block is moved out
_isParentTransactionCommitted_ if statement block. How will this the issue.
{noformat}
List runnables = RUNNABLES.get();
RUNNABLES.remove(); {noformat}
[~abhishek.patil] , Can you please provide the repo steps here.
Please let me know.
Thanks
> [Intermittent] API call to fetch the list of policies for a particular
> service repo returns a deleted policy in the response
>
>
> Key: RANGER-3554
> URL: https://issues.apache.org/jira/browse/RANGER-3554
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 3.0.0, 2.3.0
>
>
> Multiple tests are executed during the test run, and the flow of the tests is
> as follows:-
> # A set of policies needed for the test are created for a Ranger service.
> # Tests are run.
> # All existing policies in the Ranger service are deleted by fetching all
> policies in the service, and deleting them one-by-one. Each delete call are
> successful.
> # All policies in the Ranger service are fetched to ensure that no policies
> are remaining in the Ranger service.
> It is expected that in step 4, no policies are returned. However,
> intermittently, step 4 returns policy that is deleted in step 3.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-3994) Found two weird issues on Ranger 2.2.0.
Nixon Rodrigues created RANGER-3994: --- Summary: Found two weird issues on Ranger 2.2.0. Key: RANGER-3994 URL: https://issues.apache.org/jira/browse/RANGER-3994 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Nixon Rodrigues Found two weird issues on Ranger 2.2.0. * Issue 1:- After creating a Ranger role, the version in *x_ranger_global_state* table was not incremented, due to this role's json file is not synced at plugin end and due to this authorization was not working correctly. * Issue 2:- After creating policies from api client, the policies were not displayed on resource based list of Policies UI, though the audits logs for this policies was seen in admin logs After restarting ranger pods, the role version was updated correctly and newly created policies were listed in policy UI correctly. Is there any open/known issue with Ranger ? Did anybody face such issues with Ranger ? -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [VOTE] Release Apache Ranger version 2.3.0 - rc3
+1 for rc3 release. Verified the build and signatures. Thanks Ramesh for putting this together for release On Tue, 28 Jun 2022 at 11:56, Selvamohan Neethiraj wrote: > +1 > > * verified signature > * Builds successfully > > Thanks Ramesh for driving the release. > > Selva- > > On 6/25/22 3:00 AM, Ramesh Mani wrote: > > Dear Rangers, > > > > Apache Ranger 2.3.0 release candidate #3 is now available for > > a vote within the dev community. Links to the release artifacts are > > given below. Please review and vote. > > > > The vote will be open for at least 72 hours or until > > necessary votes are reached. > > [ ] +1 approve > > [ ] +0 no opinion > > [ ] -1 disapprove (and reason why) > > > > Thanks, > > Ramesh > > > > List of all issues / improvements addressed in this release: > > https://issues.apache.org/jira/issues/?jql=project=RANGER AND > > status=Resolved AND fixVersion=2.3.0 ORDER BY key DESC > > > > Git tag for the release: > > https://github.com/apache/ranger/tree/release-2.3.0-rc3 > > > > Sources for the release: > > > https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc3/apache-ranger-2.3.0.tar.gz > > > > Source release verification: > > PGP Signature: > > > https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc3/apache-ranger-2.3.0.tar.gz.asc > > SHA256 Hash: > > > https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc3/apache-ranger-2.3.0.tar.gz.sha256 > > SHA512 Hash: > > > https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc3/apache-ranger-2.3.0.tar.gz.sha512 > > > > Keys to verify the signature of the release artifacts are available > > at: https://dist.apache.org/repos/dist/release/ranger/KEYS > > > > New features/enhancements: > > > > RANGER-2846 Add support for resource[volume, bucket, key] look up in > > ozone plugin > > RANGER-2967 Add support for Amazon CloudWatch Logs as an Audit Store > > RANGER-3023 Permission tab takes longer time to load with large number > > of users and group_users data > > RANGER-3030 Replace Findbugs with Spotbugs maven plugin > > RANGER-3182 Prestosql is renamed to Trino > > RANGER-3221 Improve logging in Presto plugin > > RANGER-3276 Remove duplicate code from buildks.java > > RANGER-3290 ArrayIndexOutOfBoundsException if solr is down > > RANGER-3299 Upgrading the bouncycastle version for bcprov-jdk15on > > RANGER-3298 Add coarse URI check for Hive Agent > > RANGER-3389 Swagger UI Support for Ranger REST API > > RANGER-3435 Add unique index on guid, service and zone_id column of > > x_policy table > > RANGER-3439 Add rest api to get or delete ranger policy based on guid > > RANGER-3455 [Logout-Ranger] Should either be disabled/ should redirect > > to knox logout page > > RANGER-3459 Upgrade Ranger's Kafka dependency to 2.8 > > RANGER-3475 Promote TagRest endpoints to /public/v2 > > RANGER-3487 Update underscore js with latest version. > > RANGER-3493 Add unique index on service and resource_signature column > > of x_policy table > > RANGER-3498 RANGER : Remove log4j1 dependencies. > > RANGER-3504 Create framework to execute DB patch dependent on Java patch. > > RANGER-3510 Ranger upgrade spring framework version to 5.3.12 > > RANGER-3511 Create Java patch to update policy resource-signature to > > unique value. > > RANGER-3512 Create Java patch to update policy guid to unique value. > > RANGER-3515 Enhance Ranger Java client SSL config to be configured > > using serviceType and AppId > > RANGER-3518 Limit the query size stored in Audit logs > > RANGER-3521 Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY > > RFC 6797 > > RANGER-3526 policy evaluation ordering to use name as secondary > > sorting key > > RANGER-3533 Provide sorting on columns throughout the audits result > > set and policy listing page. > > RANGER-3538 Reduce the granularity of locking when building/retrieving > > a policy-engine within Ranger admin service > > RANGER-3539 Add jacoco-maven-plugin for code coverage > > RANGER-3540 Add support to read audit logs from Amazon CloudWatch > > RANGER-3545 Remove Logger Checks for Info Enabled > > RANGER-3548 Update performance engine test scripts > > RANGER-3550 support for using user/tag attributes in row-filter > > expressions and conditions > > RANGER-3551 Analyze & optimize module permissions related API > > RANGER-3553 Unit test coverage for XUserMgr and UserMgr class > > RANGER-3556 Ranger tagsync logs unnecessary messages > > RANGER-3561 Upgrade Storm version to 1.2.4 > > RANGER-3562 Redesign post commit tasks for updating ref-tables when > > policy/role is updated > > RANGER-3565 RangerRESTClient to support retry > > RANGER-3567 support for use of user attributes in policy resources > > RANGER-3569 Support Ranger KMS integration with Google cloud HSM > > RANGER-3573 Add vim in docker base image > > RANGER-3577 RANGER : Upgrade POI version to 5.1.0 > > RANGER-3578 Simplify code for policy label creation > > RANGER-3580 Support Ranger KMS integration with TencentKMS > > RANGER-3585 Docker setup to run Ranger
Re: Planning for Apache Ranger 2.3.0 release
Thanks Ramesh for volunteering for release. +1 for Ranger 2.3 release. Thanks for the initiative. On Fri, 29 Apr 2022 at 22:25, Sailaja Polavarapu wrote: > Hi Ramesh, > +1 for Ranger 2.3 release. Thanks for the initiative. > - Sailaja > > On Thu, Apr 28, 2022 at 7:21 AM Ramesh Mani wrote: > > > zhoutianling, > > > > Thanks for the review. These Jiras are part of the Apache Ranger 2.3 > apache > > release, it's not pulled in this published list as this may not have > > correct fixed version maintained or it is part of KMS as a component. I > > shall add it to the list in the release note. > > > > Thanks, > > Ramesh > > > > On Thu, Apr 28, 2022 at 2:19 AM KirbY ZhoU > > wrote: > > > > > Missed some commit > > > For example: > > > > > > RANGER-3299 > > > RANGER-3580 > > > RANGER-3600 > > > RANGER-3619 > > > RANGER-3669 > > > > > > 在 2022/4/27 14:49,“Ramesh Mani” 写入: > > > > > > Dear Ranger Community members, > > > > > > There are various features and critical bug fixes done in the > Apache > > > Ranger > > > project since the release of Apache Ranger 2.2.0. > > > Around 55 improvements, 45 bug fixes and a total of 527 commits > were > > > made > > > from the last release. > > > Now with that Ranger community is expecting a release to adapt > those > > > changes and hence planning this release. > > > > > > Please review and provide your opinion. > > > > > > Thanks, > > > Ramesh > > > > > > *Improvements:* > > > > > > RANGER-3687 Password Policy Best Practices for Strong Security > > > RANGER-3667 Improve feedback in policy creation UI when > resource > > > does > > > not exist > > > RANGER-3659 Ranger Admin goes to OOM when usersync is trying to > > > delete > > > existing group mappings from ranger DB > > > RANGER-3459 Upgrade Ranger's Kafka dependency to 2.8 > > > RANGER-3551 Analyze & optimize module permissions related API > > > RANGER-3539 Add jacoco-maven-plugin for code coverage > > > RANGER-3562 Redesign post commit tasks for updating ref-tables > > when > > > policy/role is updated > > > RANGER-3540 Add support to read audit logs from Amazon > CloudWatch > > > RANGER-3030 Replace Findbugs with Spotbugs maven plugin > > > RANGER-3538 Reduce the granularity of locking when > > > building/retrieving > > > a policy-engine within Ranger admin service > > > RANGER-3518 Limit the query size stored in Audit logs > > > RANGER-3276 Remove duplicate code from buildks.java > > > RANGER-3515 Enhance Ranger Java client SSL config to be > > configured > > > using serviceType and AppId > > > RANGER-3504 Create framework to execute DB patch dependent on > > Java > > > patch. > > > RANGER-3023 Permission tab takes longer time to load with large > > > number > > > of users and group_users data > > > RANGER-3487 Update underscore js with latest version. > > > RANGER-3548 Update performance engine test scripts > > > RANGER-3556 Ranger tagsync logs unnecessary messages > > > RANGER-3573 Add vim in docker base image > > > RANGER-3578 Simplify code for policy label creation > > > RANGER-3675 Upgrade tomcat due to intermittent READ TIMEOUT > > > RANGER-3686 Docker setup to run Ranger with MySQL database > > > RANGER-3628 Support fine grain authorization for different solr > > > objects > > > RANGER-3629 RANGER - Handle solr permissions during upgrade > > > RANGER-3665 "No Data Found !!" messages in Ranger admin UI > alarm > > > users > > > RANGER-3662 There should be pause button for error popup > > > RANGER-3660 [Ranger Admin UI] Improvements in tooltip hints for > > > better > > > user experience > > > RANGER-3649 Represent the Solr admin object types on the Ranger > > UI > > > RANGER-3658 Docker: Ranger containers to run as user=ranger > > > RANGER-3603 HDFS audit files rollover improvement to trigger > > > rollover > > > in monitoring thread > > > RANGER-3651 Remove jersey 1.x version dependency for knox > plugin > > > RANGER-3621 Optimise Tag/Policy iterator > > > RANGER-3521 Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT > DEFINED > > > BY RFC > > > 6797 > > > RANGER-3455 [Logout-Ranger] Should either be disabled/ should > > > redirect > > > to knox logout page > > > RANGER-3630 Support wildcards, group short names, and list of > > > memberof > > > attribute DNs for computing user search filter > > > RANGER-3597 User role should not be able to modify the Policy > > > RANGER-3512 Create Java patch to update policy guid to unique > > > value. > > > RANGER-3511 Create Java patch to update policy > resource-signature > > > to > > > unique value. > > > RANGER-3493 Add unique index on service and resource_signature
[jira] [Commented] (RANGER-3010) Rest API 'addUsersAndGroups' issue
[ https://issues.apache.org/jira/browse/RANGER-3010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17500134#comment-17500134 ] Nixon Rodrigues commented on RANGER-3010: - [~Leo Pard] where is patch ? can you contribute back and upload here if it is possible > Rest API 'addUsersAndGroups' issue > -- > > Key: RANGER-3010 > URL: https://issues.apache.org/jira/browse/RANGER-3010 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: leo sun >Priority: Major > > I want to use Ranger API functions - addUsersAndGroups & removeUsersAndGroups > to manage users and groups of role. But official reference don't have > suitable example for these two APIs. And my all attempts failed. > Another point: For example, I found the input type of addUsersAndGroups is > Boolean on official web, but the input of the implement function is two > string list and one boolean. > I don't know how to use it. Could you help me with this? [~abhayk] -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-3010) Rest API 'addUsersAndGroups' issue
[
https://issues.apache.org/jira/browse/RANGER-3010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17500072#comment-17500072
]
Nixon Rodrigues commented on RANGER-3010:
-
[~kulkabhay]
Facing similar issue.
Can you please guide how to send payload to API
_*/roles/\{id}/addUsersAndGroups*_ ?
cc : [~bhavikpatel], [~madhan]
> Rest API 'addUsersAndGroups' issue
> --
>
> Key: RANGER-3010
> URL: https://issues.apache.org/jira/browse/RANGER-3010
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
>Reporter: leo sun
>Priority: Major
>
> I want to use Ranger API functions - addUsersAndGroups & removeUsersAndGroups
> to manage users and groups of role. But official reference don't have
> suitable example for these two APIs. And my all attempts failed.
> Another point: For example, I found the input type of addUsersAndGroups is
> Boolean on official web, but the input of the implement function is two
> string list and one boolean.
> I don't know how to use it. Could you help me with this? [~abhayk]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
Re: [VOTE] Release Apache Ranger version 2.2.0 - rc1
Thanks Ramesh for putting this together for voting. +1 for ranger 2.2.0 rc1 release. Regards Nixon Rodrigues On Mon, 18 Oct 2021 at 12:11, PradeeP AgrawaL wrote: > +1 for Apache Ranger 2.2.0 rc1 release. > >- Verified the build > > On Mon, 18 Oct 2021 at 11:12, Mehul Parikh wrote: > > > Hi All, > > > > +1 for Apache Ranger 2.2.0 rc1 release. > > > >- Verified the build > >- Verified signatures. > > > > > > On Thu, Oct 14, 2021 at 2:42 AM Ramesh Mani wrote: > > > > > Dear Rangers, > > > > > > Apache Ranger 2.2.0 release candidate #1 is now available for a vote > > within > > > the dev community. Links to the release artifacts are given below. > Please > > > review and vote. > > > > > > The vote will be open for at least 72 hours or until necessary votes > are > > > reached. > > > [ ] +1 approve > > > [ ] +0 no opinion > > > [ ] -1 disapprove (and reason why) > > > > > > Thanks, > > > Ramesh > > > > > > List of all issues addressed in this release: > > > https://issues.apache.org/jira/issues/?jql=project=RANGER AND > > > status=Resolved AND fixVersion=2.2.0 ORDER BY key DESC > > > > > > Git tag for the release: > > > https://github.com/apache/ranger/tree/release-2.2.0-rc1 > > > > > > Sources for the release: > > > > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc1/apache-ranger-2.2.0.tar.gz > > > > > > Source release verification: > > > PGP Signature: > > > > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc1/apache-ranger-2.2.0.tar.gz.asc > > > SHA256 Hash: > > > > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc1/apache-ranger-2.2.0.tar.gz.sha256 > > > SHA512 Hash: > > > > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc1/apache-ranger-2.2.0.tar.gz.sha512 > > > > > > Keys to verify the signature of the release artifacts are available at: > > > https://dist.apache.org/repos/dist/release/ranger/KEYS > > > > > > New features/enhancements: > > > > > > Schema changes to improve performance of chained plugin features. > > > RANGER-3067 > > > > > > Support delegation-admin for specific permissions.RANGER-3122 > > > > > > Kafka Client improvement to use Kafka AdminClient API instead of > > Zookeeper. > > > RANGER-3001 > > > > > > GET API service/xusers/users response time improvement. RANGER-3027/ > > > RANGER-3024 > > > > > > Improvement in Ranger Latest UI's Edit Policy Page. RANGER-3130 > > > > > > Ranger UI Search by object name in page /reports/audit/admin. > RANGER-3052 > > > > > > Enhancement to trace additional information on resources. RANGER-3065 > > > > > > Improve audit log for Role operations in Ranger Hive authorizer. > > > RANGER-3170 > > > > > > Audit-filter feature implementation to help reduce volume of audit logs > > > generated.RANGER-3000 > > > > > > Need feature to make the access log file name configurable for > > > user.RANGER-3242/RANGER-3241 > > > > > > Upgrade solr version in Ranger to Solr 8.6.3 for better > > > performance.RANGER-3091 > > > > > > Enhance Ranger admin REST Client to use cookie for policy, tag and role > > > download.RANGER-3283 > > > > > > Audit Filter default policies for reducing verbosity in auditing. > > > RANGER-3260/RANGER-3283 > > > > > > Auditing for HDFS chmod and chown operations.RANGER-3148 > > > > > > Ranger HiveAuthorizer improvements to handle uncharted hive > > > commands.RANGER-3368 > > > > > > Ranger Access audit page improvement. RANGER-3109 > > > > > > Dockerfile to support building from local repository.RANGER-3012 > > > > > > Performance improvement for Ranger usersync. RANGER-2986 > > > > > > > > > -- > > > > Thanks and regards, > > Mehul Parikh > > > > M: +91 98191 54446 > > E: xsme...@gmail.com > > >
Re: Planning for Apache Ranger 2.2.0 release
+1 for 2.2 release. Thanks Ramesh for giving 2.2 release heads up and acting as release manager for 2.2. Regards Nixon Rodrigues On Wed, 22 Sept 2021 at 11:42, Vipin Rathor wrote: > +1 for 2.2 release. > Thank you Ramesh for the proposal. Looking forward to the next release. > Regards > > > On Sep 21, 2021, at 21:37, Mehul Parikh wrote: > > > +1 for Ranger 2.2 release. > > Thanks Ramesh > > On Tue, Sep 21, 2021 at 7:47 PM Velmurugan Periasamy > wrote: > >> +1 for Ranger 2.2 release. Thank you Ramesh for coordinating the release. >> >> >> >> On Tue, Sep 21, 2021 at 9:42 AM Sailaja Polavarapu < >> spolavar...@cloudera.com> wrote: >> +1 Thanks Ramesh for putting this together. >> - Sailaja. >> >> On Mon, Sep 20, 2021 at 12:46 PM Abhay Kulkarni > <mailto:ab...@apache.org>> wrote: >> +1. >> >> Thanks, Ramesh. >> >> On Mon, Sep 20, 2021 at 8:48 AM Ramesh Mani > rm...@apache.org>> wrote: >> > >> > Dear Ranger Community members, >> > >> > This is the reminder to give your opinion on Apache Ranger Release >> 2.2.0. >> > >> > Thanks, >> > Ramesh >> > >> > On Tue, Sep 14, 2021 at 2:48 PM Ramesh Mani > rm...@apache.org>> wrote: >> >> >> >> Dear Ranger Community members, >> >> >> >> >> >> >> >> There are many features and fixes done in Apache Ranger Project since >> the release of Apache Ranger 2.1.0. These features enhance the quality and >> improve the user experience of Apache Ranger overall. >> >> >> >> >> >> >> >> Some of the key enhancements/features in this release are >> >> >> >> >> >> >> >> Schema changes to improve performance of chained plugin features. >> RANGER-3067 >> >> >> >> Support delegation-admin for specific permissions.RANGER-3122 >> >> >> >> Kafka Client improvement to use Kafka AdminClient API instead of >> Zookeeper. RANGER-3001 >> >> >> >> GET API service/xusers/users response time improvement. RANGER-3027/ >> RANGER-3024 >> >> >> >> Improvement in Ranger Latest UI's Edit Policy Page. RANGER-3130 >> >> >> >> Ranger UI Search by object name in page /reports/audit/admin. >> RANGER-3052 >> >> >> >> Enhancement to trace additional information on resources. RANGER-3065 >> >> >> >> Improve audit log for Role operations in Ranger Hive authorizer. >> RANGER-3170 >> >> >> >> Audit-filter feature implementation to help reduce volume of audit >> logs generated. RANGER-3000 >> >> >> >> Need feature to make the access log file name configurable for user. >> RANGER-3242/RANGER-3241 >> >> >> >> Upgrade the solr version in Ranger to Solr 8.6.3 for better >> performance. RANGER-3091 >> >> >> >> Enhance Ranger admin REST Client to use cookies for policy, tag and >> role download. RANGER-3283 >> >> >> >> Audit Filter default policies for reducing verbosity in auditing. >> RANGER-3260/RANGER-3283 >> >> >> >> Auditing for HDFS chmod and chown operations. RANGER-3148 >> >> >> >> Ranger HiveAuthorizer improvements to handle uncharted hive commands. >> RANGER-3368 >> >> >> >> Ranger Access audit page improvement. RANGER-3109 >> >> >> >> Dockerfile to support building from local repository. RANGER-3012 >> >> >> >> Performance improvement for Ranger usersync. RANGER-2986 >> >> >> >> >> >> >> >> Bug Fixes: >> >> >> >> In this Apache Ranger release there are around 119 bug fixes done. >> >> >> >> >> >> >> >> There are 324 commits with 219 resolved JIRAs in the release branch >> ranger-2.2.0 and with these improvements it is time to do the next Apache >> Ranger release. >> >> >> >> >> >> Planned timeline to release Apache Ranger 2.2.0 is end of September >> 2021. >> >> >> >> >> >> >> >> Please review and give your comments. >> >> >> >> >> >> >> >> Thanks, >> >> >> >> Ramesh >> >> >> >> > > > > -- > > Thanks and regards, > Mehul Parikh > > M: +91 98191 54446 > E: xsme...@gmail.com > >
[jira] [Commented] (RANGER-3195) Atlas Ranger Authorizer changes to add/update/remove classification on entities.
[ https://issues.apache.org/jira/browse/RANGER-3195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17366712#comment-17366712 ] Nixon Rodrigues commented on RANGER-3195: - Changes are merged [https://github.com/apache/ranger/commit/4bd42903161404552bd5867b376c4fb081df290d] Thanks [~mehul] for merging. > Atlas Ranger Authorizer changes to add/update/remove classification on > entities. > > > Key: RANGER-3195 > URL: https://issues.apache.org/jira/browse/RANGER-3195 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > > The new requirement is to provide a way to authorize who can > Add/Remove/Update Classification for an entity even if the entities on which > classification have to be applied do not have classifications already tagged > to it. > This Jira is to track Ranger Authorizer ends changes -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-3195) Atlas Ranger Authorizer changes to add/update/remove classification on entities.
[ https://issues.apache.org/jira/browse/RANGER-3195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues resolved RANGER-3195. - Fix Version/s: 3.0.0 Resolution: Fixed > Atlas Ranger Authorizer changes to add/update/remove classification on > entities. > > > Key: RANGER-3195 > URL: https://issues.apache.org/jira/browse/RANGER-3195 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Fix For: 3.0.0 > > > The new requirement is to provide a way to authorize who can > Add/Remove/Update Classification for an entity even if the entities on which > classification have to be applied do not have classifications already tagged > to it. > This Jira is to track Ranger Authorizer ends changes -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Review Request 73212: RANGER-3195 - Atlas Ranger Authorizer changes to add/update/remove classification on entities.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73212/ --- (Updated April 21, 2021, 9:45 a.m.) Review request for ranger, Jayendra Parab, Madhan Neethiraj, Ramesh Mani, Sarath Subramanian, and Velmurugan Periasamy. Changes --- Added NOT classification resource condition for default policy creation for lookup user and tag sync user. Bugs: RANGER-3195 https://issues.apache.org/jira/browse/RANGER-3195 Repository: ranger Description --- Requirement :- The new requirement is to provide a way to authorize who can Add/Remove/Update Classification for an entity even if the entities on which classification have to be applied do not have classifications already tagged to it. Solution:- This will require changes on Ranger Atlas service defination to introduce a new resource "*classifications*" in entity authz model called classifications at level 40 [4th level], with the new classifications resource ranger authorizer will check the classification exist in policy for that add/update/remove classification request to authorize. Diffs (updated) - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json d8331dbb4 plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 79ef60465 plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java c13633ad2 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9d0cd9db2 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 1904c6847 security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 51ef67b8f security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 97ddb5df3 security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql d15015009 security-admin/src/main/java/org/apache/ranger/patch/PatchAtlasForClassificationResource_J10047.java PRE-CREATION Diff: https://reviews.apache.org/r/73212/diff/10/ Changes: https://reviews.apache.org/r/73212/diff/9-10/ Testing --- Tested Atlas with Ranger authorization with entities for add, update , add-classification, remove-classification, update-classification events. Thanks, Nixon Rodrigues
Re: Review Request 73212: RANGER-3195 - Atlas Ranger Authorizer changes to add/update/remove classification on entities.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73212/ --- (Updated April 19, 2021, 6:34 a.m.) Review request for ranger, Jayendra Parab, Madhan Neethiraj, Ramesh Mani, Sarath Subramanian, and Velmurugan Periasamy. Changes --- resolved PMD issue by removing unused local variable. Bugs: RANGER-3195 https://issues.apache.org/jira/browse/RANGER-3195 Repository: ranger Description --- Requirement :- The new requirement is to provide a way to authorize who can Add/Remove/Update Classification for an entity even if the entities on which classification have to be applied do not have classifications already tagged to it. Solution:- This will require changes on Ranger Atlas service defination to introduce a new resource "*classifications*" in entity authz model called classifications at level 40 [4th level], with the new classifications resource ranger authorizer will check the classification exist in policy for that add/update/remove classification request to authorize. Diffs (updated) - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json d8331dbb4 plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 79ef60465 plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java c13633ad2 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9d0cd9db2 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 1904c6847 security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 51ef67b8f security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 97ddb5df3 security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql d15015009 security-admin/src/main/java/org/apache/ranger/patch/PatchAtlasForClassificationResource_J10047.java PRE-CREATION Diff: https://reviews.apache.org/r/73212/diff/9/ Changes: https://reviews.apache.org/r/73212/diff/8-9/ Testing --- Tested Atlas with Ranger authorization with entities for add, update , add-classification, remove-classification, update-classification events. Thanks, Nixon Rodrigues
Re: Review Request 73212: RANGER-3195 - Atlas Ranger Authorizer changes to add/update/remove classification on entities.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73212/ --- (Updated April 16, 2021, 10:24 a.m.) Review request for ranger, Jayendra Parab, Madhan Neethiraj, Ramesh Mani, Sarath Subramanian, and Velmurugan Periasamy. Changes --- Rebased patch, resolved merged conflicts. Bugs: RANGER-3195 https://issues.apache.org/jira/browse/RANGER-3195 Repository: ranger Description --- Requirement :- The new requirement is to provide a way to authorize who can Add/Remove/Update Classification for an entity even if the entities on which classification have to be applied do not have classifications already tagged to it. Solution:- This will require changes on Ranger Atlas service defination to introduce a new resource "*classifications*" in entity authz model called classifications at level 40 [4th level], with the new classifications resource ranger authorizer will check the classification exist in policy for that add/update/remove classification request to authorize. Diffs (updated) - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json d8331dbb4 plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 79ef60465 plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java c13633ad2 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9d0cd9db2 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 1904c6847 security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 51ef67b8f security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 97ddb5df3 security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql d15015009 security-admin/src/main/java/org/apache/ranger/patch/PatchAtlasForClassificationResource_J10047.java PRE-CREATION Diff: https://reviews.apache.org/r/73212/diff/8/ Changes: https://reviews.apache.org/r/73212/diff/7-8/ Testing --- Tested Atlas with Ranger authorization with entities for add, update , add-classification, remove-classification, update-classification events. Thanks, Nixon Rodrigues
Re: Review Request 73212: RANGER-3195 - Atlas Ranger Authorizer changes to add/update/remove classification on entities.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73212/ --- (Updated April 15, 2021, 1:27 p.m.) Review request for ranger, Jayendra Parab, Madhan Neethiraj, Ramesh Mani, Sarath Subramanian, and Velmurugan Periasamy. Changes --- Minor refactoring and handled review review comments from Madhan N. Bugs: RANGER-3195 https://issues.apache.org/jira/browse/RANGER-3195 Repository: ranger Description --- Requirement :- The new requirement is to provide a way to authorize who can Add/Remove/Update Classification for an entity even if the entities on which classification have to be applied do not have classifications already tagged to it. Solution:- This will require changes on Ranger Atlas service defination to introduce a new resource "*classifications*" in entity authz model called classifications at level 40 [4th level], with the new classifications resource ranger authorizer will check the classification exist in policy for that add/update/remove classification request to authorize. Diffs (updated) - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 4ce7ec991 plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 79ef60465 plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java c13633ad2 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 7179dc998 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 40917cdf4 security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql ba9eb0157 security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 371846f1e security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 90004ec77 security-admin/src/main/java/org/apache/ranger/patch/PatchAtlasForClassificationResource_J10047.java PRE-CREATION Diff: https://reviews.apache.org/r/73212/diff/7/ Changes: https://reviews.apache.org/r/73212/diff/6-7/ Testing --- Tested Atlas with Ranger authorization with entities for add, update , add-classification, remove-classification, update-classification events. Thanks, Nixon Rodrigues
Re: Review Request 73212: RANGER-3195 - Atlas Ranger Authorizer changes to add/update/remove classification on entities.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73212/ --- (Updated April 14, 2021, 1:04 p.m.) Review request for ranger, Jayendra Parab, Madhan Neethiraj, Ramesh Mani, Sarath Subramanian, and Velmurugan Periasamy. Changes --- Addressed review comments from Madhan N. Bugs: RANGER-3195 https://issues.apache.org/jira/browse/RANGER-3195 Repository: ranger Description --- Requirement :- The new requirement is to provide a way to authorize who can Add/Remove/Update Classification for an entity even if the entities on which classification have to be applied do not have classifications already tagged to it. Solution:- This will require changes on Ranger Atlas service defination to introduce a new resource "*classifications*" in entity authz model called classifications at level 40 [4th level], with the new classifications resource ranger authorizer will check the classification exist in policy for that add/update/remove classification request to authorize. Diffs (updated) - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 4ce7ec991 plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 79ef60465 plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java c13633ad2 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 7179dc998 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 40917cdf4 security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql ba9eb0157 security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 371846f1e security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 90004ec77 security-admin/src/main/java/org/apache/ranger/patch/PatchAtlasForClassificationResource_J10047.java PRE-CREATION Diff: https://reviews.apache.org/r/73212/diff/6/ Changes: https://reviews.apache.org/r/73212/diff/5-6/ Testing --- Tested Atlas with Ranger authorization with entities for add, update , add-classification, remove-classification, update-classification events. Thanks, Nixon Rodrigues
Re: Review Request 73212: RANGER-3195 - Atlas Ranger Authorizer changes to add/update/remove classification on entities.
> On March 19, 2021, 1:48 p.m., bhavik patel wrote: > > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > > Lines 1837 (patched) > > <https://reviews.apache.org/r/73212/diff/2/?file=2248025#file2248025line1837> > > > > The current Ranger version is 2.2 than I think here we have to update > > to that. > > > > @Madhan please correct me if I am thinking in wrong direction Whatever my be version here, ranger adds own build version in x_db_version_h table. - Nixon --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73212/#review222712 ------- On April 4, 2021, 5:39 p.m., Nixon Rodrigues wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73212/ > --- > > (Updated April 4, 2021, 5:39 p.m.) > > > Review request for ranger, Jayendra Parab, Madhan Neethiraj, Ramesh Mani, > Sarath Subramanian, and Velmurugan Periasamy. > > > Bugs: RANGER-3195 > https://issues.apache.org/jira/browse/RANGER-3195 > > > Repository: ranger > > > Description > --- > > Requirement :- The new requirement is to provide a way to authorize who can > Add/Remove/Update Classification for an entity even if the entities on which > classification have to be applied do not have classifications already tagged > to it. > > Solution:- > > > This will require changes on Ranger Atlas service defination to introduce a > new resource "*classifications*" in entity authz model called classifications > at level 40 [4th level], with the new classifications resource ranger > authorizer will check the classification exist in policy for that > add/update/remove classification request to authorize. > > > Diffs > - > > agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json > 4ce7ec991 > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 79ef60465 > > plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java > c13633ad2 > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > 7179dc998 > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > 40917cdf4 > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > ba9eb0157 > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > 371846f1e > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 90004ec77 > > security-admin/src/main/java/org/apache/ranger/patch/PatchAtlasForClassificationResource_J10047.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/73212/diff/4/ > > > Testing > --- > > Tested Atlas with Ranger authorization with entities for add, update , > add-classification, remove-classification, update-classification events. > > > Thanks, > > Nixon Rodrigues > >
Re: Review Request 73212: RANGER-3195 - Atlas Ranger Authorizer changes to add/update/remove classification on entities.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73212/ --- (Updated April 4, 2021, 5:37 p.m.) Review request for ranger, Jayendra Parab, Madhan Neethiraj, and Sarath Subramanian. Changes --- Addressed review comments from Madhan and Bhavik Bugs: RANGER-3195 https://issues.apache.org/jira/browse/RANGER-3195 Repository: ranger Description --- Requirement :- The new requirement is to provide a way to authorize who can Add/Remove/Update Classification for an entity even if the entities on which classification have to be applied do not have classifications already tagged to it. Solution:- This will require changes on Ranger Atlas service defination to introduce a new resource "*classifications*" in entity authz model called classifications at level 40 [4th level], with the new classifications resource ranger authorizer will check the classification exist in policy for that add/update/remove classification request to authorize. Diffs (updated) - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 4ce7ec991 plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 79ef60465 plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java c13633ad2 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 7179dc998 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 40917cdf4 security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql ba9eb0157 security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 371846f1e security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 90004ec77 security-admin/src/main/java/org/apache/ranger/patch/PatchAtlasForClassificationResource_J10047.java PRE-CREATION Diff: https://reviews.apache.org/r/73212/diff/3/ Changes: https://reviews.apache.org/r/73212/diff/2-3/ Testing --- Tested Atlas with Ranger authorization with entities for add, update , add-classification, remove-classification, update-classification events. Thanks, Nixon Rodrigues
[jira] [Created] (RANGER-3195) Atlas Ranger Authorizer changes to add/update/remove classification on entities.
Nixon Rodrigues created RANGER-3195: --- Summary: Atlas Ranger Authorizer changes to add/update/remove classification on entities. Key: RANGER-3195 URL: https://issues.apache.org/jira/browse/RANGER-3195 Project: Ranger Issue Type: Improvement Components: plugins Reporter: Nixon Rodrigues Assignee: Nixon Rodrigues The new requirement is to provide a way to authorize who can Add/Remove/Update Classification for an entity even if the entities on which classification have to be applied do not have classifications already tagged to it. This Jira is to track Ranger Authorizer ends changes -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Review Request 73014: RANGER-3075: Add new authorization privilege - admin-audits in Ranger-Atlas service.( Patch id changed) #2
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73014/ --- (Updated Nov. 13, 2020, 11:36 a.m.) Review request for ranger, Madhan Neethiraj, Mehul Parikh, Sarath Subramanian, and Velmurugan Periasamy. Bugs: RANGER-3075 https://issues.apache.org/jira/browse/RANGER-3075 Repository: ranger Description --- Changed patch no from J10042 to J10043 since it is already taken. Diffs - security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql fd4916db8 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql c58a84f8d security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b641a910f security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql ebfea2c5f security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 97625b4c2 security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasAdminAudits_J10042.java 892e6c1e1 Diff: https://reviews.apache.org/r/73014/diff/1/ Testing --- MVN Build is working correctly. Thanks, Nixon Rodrigues
[jira] [Updated] (RANGER-3075) Add new authorization privilege - "admin-audits" in Ranger-Atlas service.
[ https://issues.apache.org/jira/browse/RANGER-3075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-3075: Attachment: RANGER-3075-2.patch > Add new authorization privilege - "admin-audits" in Ranger-Atlas service. > - > > Key: RANGER-3075 > URL: https://issues.apache.org/jira/browse/RANGER-3075 > Project: Ranger > Issue Type: New Feature > Components: plugins >Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Attachments: RANGER-3075-2.patch, RANGER-3075.patch > > > > > > For Atlas Admin Audits we need to add new privilege - *admin-audits* in > ranger atlas service def. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Review Request 73008: RANGER-3075 :- Add new authorization privilege - "admin-audits" in Ranger-Atlas service.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73008/ --- Review request for ranger, Jayendra Parab, Madhan Neethiraj, Pradeep Agrawal, Sarath Subramanian, and Velmurugan Periasamy. Bugs: RANGER-3075 https://issues.apache.org/jira/browse/RANGER-3075 Repository: ranger Description --- For Atlas Admin Audits we need to add new privilege - *admin-audits* in ranger atlas service def. Atlas end fix - https://reviews.apache.org/r/73007/ Diffs - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 68a3d3620 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 71e0019aa security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0137a9dda security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql d00af3756 security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 7791a9a85 security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql addb56677 security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasAdminAudits_J10042.java PRE-CREATION Diff: https://reviews.apache.org/r/73008/diff/1/ Testing --- Performed integration Testing for admin-audits authorization with ranger policy. Tested upgrade JAVA patch Thanks, Nixon Rodrigues
[jira] [Updated] (RANGER-3075) Add new authorization privilege - "admin-audits" in Ranger-Atlas service.
[ https://issues.apache.org/jira/browse/RANGER-3075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-3075: Attachment: RANGER-3075.patch > Add new authorization privilege - "admin-audits" in Ranger-Atlas service. > - > > Key: RANGER-3075 > URL: https://issues.apache.org/jira/browse/RANGER-3075 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Attachments: RANGER-3075.patch > > > > > > For Atlas Admin Audits we need to add new privilege - *admin-audits* in > ranger atlas service def. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3075) Add new authorization privilege - "admin-audits" in Ranger-Atlas service.
[ https://issues.apache.org/jira/browse/RANGER-3075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-3075: Issue Type: New Feature (was: Bug) > Add new authorization privilege - "admin-audits" in Ranger-Atlas service. > - > > Key: RANGER-3075 > URL: https://issues.apache.org/jira/browse/RANGER-3075 > Project: Ranger > Issue Type: New Feature > Components: plugins >Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Attachments: RANGER-3075.patch > > > > > > For Atlas Admin Audits we need to add new privilege - *admin-audits* in > ranger atlas service def. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-3075) Add new authorization privilege - "admin-audits" in Ranger-Atlas service.
[ https://issues.apache.org/jira/browse/RANGER-3075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues reassigned RANGER-3075: --- Assignee: Nixon Rodrigues > Add new authorization privilege - "admin-audits" in Ranger-Atlas service. > - > > Key: RANGER-3075 > URL: https://issues.apache.org/jira/browse/RANGER-3075 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > > > > > For Atlas Admin Audits we need to add new privilege - *admin-audits* in > ranger atlas service def. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3075) Add new authorization privilege - "admin-audits" in Ranger-Atlas service.
Nixon Rodrigues created RANGER-3075: --- Summary: Add new authorization privilege - "admin-audits" in Ranger-Atlas service. Key: RANGER-3075 URL: https://issues.apache.org/jira/browse/RANGER-3075 Project: Ranger Issue Type: Bug Components: plugins Reporter: Nixon Rodrigues For Atlas Admin Audits we need to add new privilege - *admin-audits* in ranger atlas service def. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3003) RangerAtlas Service doesn't auto complete Business metadata type on policy UI
[ https://issues.apache.org/jira/browse/RANGER-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-3003: Description: Though Ranger policy works effectively for business_metadata , the UI doesn't auto complete business_metadata whereas it happens for other types : entity , classification , enum , struct. > RangerAtlas Service doesn't auto complete Business metadata type on policy UI > - > > Key: RANGER-3003 > URL: https://issues.apache.org/jira/browse/RANGER-3003 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Nixon Rodrigues > Assignee: Nixon Rodrigues >Priority: Major > > Though Ranger policy works effectively for business_metadata , the UI doesn't > auto complete business_metadata whereas it happens for other types : entity , > classification , enum , struct. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3003) RangerAtlas Service doesn't auto complete Business metadata type on policy UI
[ https://issues.apache.org/jira/browse/RANGER-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17198285#comment-17198285 ] Nixon Rodrigues commented on RANGER-3003: - RR - https://reviews.apache.org/r/72884/ > RangerAtlas Service doesn't auto complete Business metadata type on policy UI > - > > Key: RANGER-3003 > URL: https://issues.apache.org/jira/browse/RANGER-3003 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Nixon Rodrigues > Assignee: Nixon Rodrigues >Priority: Major > > Though Ranger policy works effectively for business_metadata , the UI doesn't > auto complete business_metadata whereas it happens for other types : entity , > classification , enum , struct. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Review Request 72884: RANGER-3003 - RangerAtlas Service doesn't auto complete Business metadata type on policy UI
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72884/ --- Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, and Velmurugan Periasamy. Repository: ranger Description --- RangerAtlas Service doesn't auto complete Business metadata type on policy UI. Update patch to add Business metadata as part of type category list and auto search code. Diffs - plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java 5b58c06e1 Diff: https://reviews.apache.org/r/72884/diff/1/ Testing --- Tested autocomplete after typing bus* in typecategory resource textbox in policy UI. Thanks, Nixon Rodrigues
[jira] [Created] (RANGER-3003) RangerAtlas Service doesn't auto complete Business metadata type on policy UI
Nixon Rodrigues created RANGER-3003: --- Summary: RangerAtlas Service doesn't auto complete Business metadata type on policy UI Key: RANGER-3003 URL: https://issues.apache.org/jira/browse/RANGER-3003 Project: Ranger Issue Type: Bug Components: plugins Reporter: Nixon Rodrigues Assignee: Nixon Rodrigues -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2929) Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898
[ https://issues.apache.org/jira/browse/RANGER-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2929: Fix Version/s: 2.2.0 3.0.0 > Update Atlas Ranger Authorizer for "type-read" accessType changes done in > ATLAS-3898 > > > Key: RANGER-2929 > URL: https://issues.apache.org/jira/browse/RANGER-2929 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: > 0001-RANGER-2929-Update-Atlas-Ranger-Authorizer-for-type-.patch > > > Update Atlas Ranger Authorizer for "type-read" accessType changes done in > ATLAS-3898. > Currently in the Atlas-Ranger plugin for types resource READ permission is > not available and read access is available by default to all types of any > category. > This patch updates service-def with type-read permission and updates > authorizer for read of all typedefs and also filters types def based on > access provided. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Review Request 72828: RANGER-2929 :- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72828/ --- (Updated Sept. 4, 2020, 10:31 a.m.) Review request for ranger, Jayendra Parab, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, and Sarath Subramanian. Changes --- Fixed unused imports for PMD. Bugs: RANGER-2929 https://issues.apache.org/jira/browse/RANGER-2929 Repository: ranger Description --- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898. Currently in the Atlas-Ranger plugin for types resource READ permission is not available and read access is available by default to all types of any category. This patch updates service-def with "type-read" permission and updates authorizer for read of all typedefs and also filters typesdefs based on access provided. Diffs (updated) - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 7672be05a plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 28d71de21 plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java 7c89ffef5 pom.xml 1f88b27e4 ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 0e220f132 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql dfaf3c987 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 21626f6dc security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 5cd2cc798 security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 081b153a3 security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 642d6c151 security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddTypeRead_J10040.java PRE-CREATION Diff: https://reviews.apache.org/r/72828/diff/6/ Changes: https://reviews.apache.org/r/72828/diff/5-6/ Testing --- Tested Atlas UI and typedefs API functionality by setting policies in ranger Admin for type-category/type resources . Thanks, Nixon Rodrigues
Re: Review Request 72828: RANGER-2929 :- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72828/ --- (Updated Sept. 3, 2020, 12:53 p.m.) Review request for ranger, Jayendra Parab, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, and Sarath Subramanian. Changes --- Changed Patch id from J10030 to J10040 and class Name since its being used by different WIP patch Bugs: RANGER-2929 https://issues.apache.org/jira/browse/RANGER-2929 Repository: ranger Description --- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898. Currently in the Atlas-Ranger plugin for types resource READ permission is not available and read access is available by default to all types of any category. This patch updates service-def with "type-read" permission and updates authorizer for read of all typedefs and also filters typesdefs based on access provided. Diffs (updated) - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 7672be05a plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 28d71de21 plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java 7c89ffef5 pom.xml 1f88b27e4 ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 0e220f132 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql dfaf3c987 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 21626f6dc security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 5cd2cc798 security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 081b153a3 security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 642d6c151 security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddTypeRead_J10040.java PRE-CREATION Diff: https://reviews.apache.org/r/72828/diff/5/ Changes: https://reviews.apache.org/r/72828/diff/4-5/ Testing --- Tested Atlas UI and typedefs API functionality by setting policies in ranger Admin for type-category/type resources . Thanks, Nixon Rodrigues
Re: Review Request 72828: RANGER-2929 :- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72828/ --- (Updated Sept. 3, 2020, 11:33 a.m.) Review request for ranger, Jayendra Parab, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, and Sarath Subramanian. Changes --- Patch addressed with review comments by Madhan N Bugs: RANGER-2929 https://issues.apache.org/jira/browse/RANGER-2929 Repository: ranger Description --- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898. Currently in the Atlas-Ranger plugin for types resource READ permission is not available and read access is available by default to all types of any category. This patch updates service-def with "type-read" permission and updates authorizer for read of all typedefs and also filters typesdefs based on access provided. Diffs (updated) - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 7672be05a plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 28d71de21 plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java 7c89ffef5 pom.xml 1f88b27e4 ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 0e220f132 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql dfaf3c987 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 21626f6dc security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 5cd2cc798 security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 081b153a3 security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 642d6c151 security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddTypeRead_J10039.java PRE-CREATION Diff: https://reviews.apache.org/r/72828/diff/4/ Changes: https://reviews.apache.org/r/72828/diff/3-4/ Testing --- Tested Atlas UI and typedefs API functionality by setting policies in ranger Admin for type-category/type resources . Thanks, Nixon Rodrigues
Re: Review Request 72828: RANGER-2929 :- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898
> On Sept. 1, 2020, 2 p.m., Madhan Neethiraj wrote:
> > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
> > Lines 172 (patched)
> > <https://reviews.apache.org/r/72828/diff/2/?file=2238975#file2238975line172>
> >
> > Atlas calls isAccessAllowed(TYPE_READ) to enforce permission to read a
> > type-def. Such cases will result in generation of audit logs. I suggest to
> > merge methods at #168 and #176, and have audit disabled at #210 for
> > permission TYPE_READ - as shown below:
> >
> > boolean isAuditDisabled = ACCESS_TYPE_READ.equalsIgnoreCase(action);
> >
> > if (isAuditDisabled) {
> > ret = checkAccess(rangerRequest, null);
> > } else {
> > ret = checkAccess(rangerRequest);
> > }
>
> Nixon Rodrigues wrote:
> action TYPE_READ is passed from both cases, filterTypes and
> isAccessAllowed, so in both the case audits will be disabled. we need
> indentifier other than TYPE_READ
>
> Madhan Neethiraj wrote:
> Thanks for the details. It helps understand the rationale. I am not sure
> if it is neceessary/helpful to distinguish a single type-read from
> filterTypes. I suggest to treat them similary, and avoid audit log in both
> cases.
As per patch updated on RB none of type-read access events is logged in ranger
audits , the other type access events are logged correctly. If you suggest not
to log type-read access events then patch is ok.
> On Sept. 1, 2020, 2 p.m., Madhan Neethiraj wrote:
> > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
> > Lines 193 (patched)
> > <https://reviews.apache.org/r/72828/diff/2/?file=2238975#file2238975line193>
> >
> > This should not be necessary, as 'impliedGrants' defined in service-def
> > should automatically allow 'type-read' when the user has one of the
> > following permissions:
> > - type-create
> > - type-update
> > - type-delete
>
> Nixon Rodrigues wrote:
> read access is not granted by default even if non-type-read permissions
> are set. How do debug this issue.
>
> Madhan Neethiraj wrote:
> Is this in a new deployment or an existing env with patched service-def?
After updating servicedef the implicit type-read access is working correctly.
- Nixon
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72828/#review221764
---
On Sept. 2, 2020, 1:37 p.m., Nixon Rodrigues wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72828/
> ---
>
> (Updated Sept. 2, 2020, 1:37 p.m.)
>
>
> Review request for ranger, Jayendra Parab, Madhan Neethiraj, Mehul Parikh,
> and Sarath Subramanian.
>
>
> Bugs: RANGER-2929
> https://issues.apache.org/jira/browse/RANGER-2929
>
>
> Repository: ranger
>
>
> Description
> ---
>
> Update Atlas Ranger Authorizer for "type-read" accessType changes done in
> ATLAS-3898.
>
> Currently in the Atlas-Ranger plugin for types resource READ permission is
> not available and read access is available by default to all types of any
> category.
>
> This patch updates service-def with "type-read" permission and updates
> authorizer for read of all typedefs and also filters typesdefs based on
> access provided.
>
>
> Diffs
> -
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
> 7672be05a
>
> plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
> 28d71de21
>
> plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
> 7c89ffef5
> pom.xml 1f88b27e4
>
> ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
> 0e220f132
> security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
> dfaf3c987
> security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
> 21626f6dc
> security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
> 5cd2cc798
>
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
> 081b153a3
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
> 642d6c151
>
> security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddTypeRead_J10039.java
> PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/72828/diff/3/
>
>
> Testing
> ---
>
> Tested Atlas UI and typedefs API functionality by setting policies in ranger
> Admin for type-category/type resources .
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 72828: RANGER-2929 :- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898
> On Sept. 1, 2020, 2 p.m., Madhan Neethiraj wrote:
> > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
> > Lines 172 (patched)
> > <https://reviews.apache.org/r/72828/diff/2/?file=2238975#file2238975line172>
> >
> > Atlas calls isAccessAllowed(TYPE_READ) to enforce permission to read a
> > type-def. Such cases will result in generation of audit logs. I suggest to
> > merge methods at #168 and #176, and have audit disabled at #210 for
> > permission TYPE_READ - as shown below:
> >
> > boolean isAuditDisabled = ACCESS_TYPE_READ.equalsIgnoreCase(action);
> >
> > if (isAuditDisabled) {
> > ret = checkAccess(rangerRequest, null);
> > } else {
> > ret = checkAccess(rangerRequest);
> > }
action TYPE_READ is passed from both cases, filterTypes and isAccessAllowed, so
in both the case audits will be disabled. we need indentifier other than
TYPE_READ
> On Sept. 1, 2020, 2 p.m., Madhan Neethiraj wrote:
> > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
> > Lines 193 (patched)
> > <https://reviews.apache.org/r/72828/diff/2/?file=2238975#file2238975line193>
> >
> > This should not be necessary, as 'impliedGrants' defined in service-def
> > should automatically allow 'type-read' when the user has one of the
> > following permissions:
> > - type-create
> > - type-update
> > - type-delete
read access is not granted by default even if non-type-read permissions are
set. How do debug this issue.
- Nixon
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72828/#review221764
---
On Sept. 2, 2020, 1:37 p.m., Nixon Rodrigues wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72828/
> ---
>
> (Updated Sept. 2, 2020, 1:37 p.m.)
>
>
> Review request for ranger, Jayendra Parab, Madhan Neethiraj, Mehul Parikh,
> and Sarath Subramanian.
>
>
> Bugs: RANGER-2929
> https://issues.apache.org/jira/browse/RANGER-2929
>
>
> Repository: ranger
>
>
> Description
> ---
>
> Update Atlas Ranger Authorizer for "type-read" accessType changes done in
> ATLAS-3898.
>
> Currently in the Atlas-Ranger plugin for types resource READ permission is
> not available and read access is available by default to all types of any
> category.
>
> This patch updates service-def with "type-read" permission and updates
> authorizer for read of all typedefs and also filters typesdefs based on
> access provided.
>
>
> Diffs
> -
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
> 7672be05a
>
> plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
> 28d71de21
>
> plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
> 7c89ffef5
> pom.xml 1f88b27e4
>
> ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
> 0e220f132
> security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
> dfaf3c987
> security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
> 21626f6dc
> security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
> 5cd2cc798
>
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
> 081b153a3
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
> 642d6c151
>
> security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddTypeRead_J10039.java
> PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/72828/diff/3/
>
>
> Testing
> ---
>
> Tested Atlas UI and typedefs API functionality by setting policies in ranger
> Admin for type-category/type resources .
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 72828: RANGER-2929 :- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72828/ --- (Updated Sept. 2, 2020, 1:37 p.m.) Review request for ranger, Jayendra Parab, Madhan Neethiraj, Mehul Parikh, and Sarath Subramanian. Changes --- Updated patch with JavaPatch to update DefaultPolicies For Type with type-read permission and public group. Also updated patch with review comments. Bugs: RANGER-2929 https://issues.apache.org/jira/browse/RANGER-2929 Repository: ranger Description --- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898. Currently in the Atlas-Ranger plugin for types resource READ permission is not available and read access is available by default to all types of any category. This patch updates service-def with "type-read" permission and updates authorizer for read of all typedefs and also filters typesdefs based on access provided. Diffs (updated) - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 7672be05a plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 28d71de21 plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java 7c89ffef5 pom.xml 1f88b27e4 ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 0e220f132 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql dfaf3c987 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 21626f6dc security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 5cd2cc798 security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 081b153a3 security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 642d6c151 security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddTypeRead_J10039.java PRE-CREATION Diff: https://reviews.apache.org/r/72828/diff/3/ Changes: https://reviews.apache.org/r/72828/diff/2-3/ Testing --- Tested Atlas UI and typedefs API functionality by setting policies in ranger Admin for type-category/type resources . Thanks, Nixon Rodrigues
Re: [VOTE] Apache Ranger 2.1.0 rc0
Thanks Madhan putting ranger 2.1.0 for vote. Verified the tag on git repo. Verified the keys. Verified the signature. +1 for the Ranger 2.1.0 rc0 release. Regards Nixon On Tue, Sep 1, 2020 at 1:01 PM Mehul Parikh wrote: > +1 > > - Build succeeded > - Verified signatures > > On Tue, Sep 1, 2020 at 7:39 AM Ramesh Mani wrote: > > > +1 for Apache Ranger 2.1.0 rc0 > > > > - Build from the source file > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.1.0-rc0/apache-ranger-2.1.0.tar.gz > > was successful. > > - Verified source code of some of the files. > > - Verified PGP signature. > > - Verified SHA256 / 512 hash. > > > > Thanks, > > Ramesh > > > > > > On Sun, Aug 30, 2020 at 2:37 PM Madhan Neethiraj > > wrote: > > > > > Rangers, > > > > > > Apache Ranger 2.1.0 release candidate #0 is now available for a vote > > > within dev community. Links to the release artifacts are given below. > > > Please review and vote. > > > > > > The vote will be open for at least 72 hours or until necessary votes > are > > > reached. > > > [ ] +1 approve > > > [ ] +0 no opinion > > > [ ] -1 disapprove (and reason why) > > > > > > Regards, > > > Madhan > > > > > > List of all issues addressed in this release: > > > https://issues.apache.org/jira/issues/?jql=project=RANGER AND > > > status=Resolved AND fixVersion=2.1.0 ORDER BY key DESC > > > > > > Git tag for the release: > > > https://github.com/apache/ranger/tree/release-2.1.0-rc0 > > > Sources for the release: > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.1.0-rc0/apache-ranger-2.1.0.tar.gz > > > > > > Source release verification: > > > PGP Signature: > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.1.0-rc0/apache-ranger-2.1.0.tar.gz.asc > > > SHA256 Hash: > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.1.0-rc0/apache-ranger-2.1.0.tar.gz.sha256 > > > SHA512 Hash: > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.1.0-rc0/apache-ranger-2.1.0.tar.gz.sha512 > > > > > > Keys to verify the signature of the release artifacts are available at: > > > https://dist.apache.org/repos/dist/release/ranger/KEYS > > > > > > New features/enhancements: > > > - Hive plugin enhancement to authorize based on database/table owners > > > - Solr plugin enhancement to support document level authorization > > > - Kafka plugin enhancement to support authorization on > consumer-groups > > > - Presto plugin enhancements to support row-filtering and > > column-masking > > > - Atlas plugin enhancements to support authorization for new > operations > > > and resources > > > - Plugins enhancement to support Ranger HA without requiring a > > > load-balancer > > > - Plugins enhancements to support incremental tag updates > > > - Plugins enhancements to support super-users and super-groups > > > - Plugins enhancements to support audit excluded-users > > > - Added support for Elastic Search as audit store > > > - Ranger Admin UI improvements > > > - Performance improvement in bulk create/update of policies > > > - Ranger KMS enhancement to support Azure Key Vault > > > - Java client library to access Ranger REST APIs > > > - Python client library to access Ranger REST APIs > > > - Added docker setup to build, deploy Apache Ranger along with Ranger > > > authorization enabled HDFS/YARN/HBase/Kafka services > > > - updated versions of dependent libraries/components > > > > > > > > > > > > > > > > > -- > > Thanks and regards, > Mehul Parikh > > M: +91 98191 54446 > E: xsme...@gmail.com >
[jira] [Updated] (RANGER-2929) Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898
[ https://issues.apache.org/jira/browse/RANGER-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2929: Attachment: 0001-RANGER-2929-Update-Atlas-Ranger-Authorizer-for-type-.patch > Update Atlas Ranger Authorizer for "type-read" accessType changes done in > ATLAS-3898 > > > Key: RANGER-2929 > URL: https://issues.apache.org/jira/browse/RANGER-2929 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Attachments: > 0001-RANGER-2929-Update-Atlas-Ranger-Authorizer-for-type-.patch > > > Update Atlas Ranger Authorizer for "type-read" accessType changes done in > ATLAS-3898. > Currently in the Atlas-Ranger plugin for types resource READ permission is > not available and read access is available by default to all types of any > category. > This patch updates service-def with type-read permission and updates > authorizer for read of all typedefs and also filters types def based on > access provided. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2929) Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898
[ https://issues.apache.org/jira/browse/RANGER-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2929: Description: Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898. Currently in the Atlas-Ranger plugin for types resource READ permission is not available and read access is available by default to all types of any category. This patch updates service-def with type-read permission and updates authorizer for read of all typedefs and also filters types def based on access provided. was: Update Atlas Ranger Authorizer for "type-read" acessType changes done in ATLAS-3898. Currently in the Atlas-Ranger plugin for types resource READ permission is not available and read access is available by default to all types of any category. This patch updates service-def with type-read permission and updates authorizor for read of all typedefs and also filters types def based on access provided. > Update Atlas Ranger Authorizer for "type-read" accessType changes done in > ATLAS-3898 > > > Key: RANGER-2929 > URL: https://issues.apache.org/jira/browse/RANGER-2929 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > > Update Atlas Ranger Authorizer for "type-read" accessType changes done in > ATLAS-3898. > Currently in the Atlas-Ranger plugin for types resource READ permission is > not available and read access is available by default to all types of any > category. > This patch updates service-def with type-read permission and updates > authorizer for read of all typedefs and also filters types def based on > access provided. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2929) Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898
[ https://issues.apache.org/jira/browse/RANGER-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2929: Summary: Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898 (was: Update Atlas Ranger Authorizer for "type-read" acessType changes done in ATLAS-3898) > Update Atlas Ranger Authorizer for "type-read" accessType changes done in > ATLAS-3898 > > > Key: RANGER-2929 > URL: https://issues.apache.org/jira/browse/RANGER-2929 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > > Update Atlas Ranger Authorizer for "type-read" acessType changes done in > ATLAS-3898. > Currently in the Atlas-Ranger plugin for types resource READ permission is > not available and read access is available by default to all types of any > category. > This patch updates service-def with type-read permission and updates > authorizor for read of all typedefs and also filters types def based on > access provided. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2929) Update Atlas Ranger Authorizer for "type-read" acessType changes done in ATLAS-3898
[ https://issues.apache.org/jira/browse/RANGER-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2929: Description: Update Atlas Ranger Authorizer for "type-read" acessType changes done in ATLAS-3898. Currently in the Atlas-Ranger plugin for types resource READ permission is not available and read access is available by default to all types of any category. This patch updates service-def with type-read permission and updates authorizor for read of all typedefs and also filters types def based on access provided. was: Update Atlas Ranger Authorizer for "type-read" acessType changes done in ATLAS-3898. Currently in the Atlas-Ranger plugin for types resource READ permission is not available and read access is available by default to all types of any category. This patch authorize read for all typedefs and also filters types def based on access provided. > Update Atlas Ranger Authorizer for "type-read" acessType changes done in > ATLAS-3898 > --- > > Key: RANGER-2929 > URL: https://issues.apache.org/jira/browse/RANGER-2929 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > > Update Atlas Ranger Authorizer for "type-read" acessType changes done in > ATLAS-3898. > Currently in the Atlas-Ranger plugin for types resource READ permission is > not available and read access is available by default to all types of any > category. > This patch updates service-def with type-read permission and updates > authorizor for read of all typedefs and also filters types def based on > access provided. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2929) Update Atlas Ranger Authorizer for "type-read" acessType changes done in ATLAS-3898
[ https://issues.apache.org/jira/browse/RANGER-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2929: Description: Update Atlas Ranger Authorizer for "type-read" acessType changes done in ATLAS-3898. Currently in the Atlas-Ranger plugin for types resource READ permission is not available and read access is available by default to all types of any category. This patch authorize read for all typedefs and also filters types def based on access provided. was: Skip audit logging for authorization while filtering classification-def when all typedefs are fetched. This is done based on property logAudit in AtlasAccessRequest. so that non user request are not audited and saves unnecessary processing for audits. > Update Atlas Ranger Authorizer for "type-read" acessType changes done in > ATLAS-3898 > --- > > Key: RANGER-2929 > URL: https://issues.apache.org/jira/browse/RANGER-2929 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > > Update Atlas Ranger Authorizer for "type-read" acessType changes done in > ATLAS-3898. > Currently in the Atlas-Ranger plugin for types resource READ permission is > not available and read access is available by default to all types of any > category. > This patch authorize read for all typedefs and also filters types def based > on access provided. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2929) Update Atlas Ranger Authorizer for "type-read" acessType changes done in ATLAS-3898
[ https://issues.apache.org/jira/browse/RANGER-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2929: Attachment: (was: 0001-RANGER-2929.patch) > Update Atlas Ranger Authorizer for "type-read" acessType changes done in > ATLAS-3898 > --- > > Key: RANGER-2929 > URL: https://issues.apache.org/jira/browse/RANGER-2929 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > > Update Atlas Ranger Authorizer for "type-read" acessType changes done in > ATLAS-3898. > Currently in the Atlas-Ranger plugin for types resource READ permission is > not available and read access is available by default to all types of any > category. > This patch authorize read for all typedefs and also filters types def based > on access provided. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2929) Update Atlas Ranger Authorizer for "type-read" acessType changes done in ATLAS-3898
[ https://issues.apache.org/jira/browse/RANGER-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2929: Summary: Update Atlas Ranger Authorizer for "type-read" acessType changes done in ATLAS-3898 (was: Skip audit logging for Atlas authorization while filtering classification-def when all typedefs are fetched. ) > Update Atlas Ranger Authorizer for "type-read" acessType changes done in > ATLAS-3898 > --- > > Key: RANGER-2929 > URL: https://issues.apache.org/jira/browse/RANGER-2929 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Attachments: 0001-RANGER-2929.patch > > > Skip audit logging for authorization while filtering classification-def when > all typedefs are fetched. > This is done based on property logAudit in AtlasAccessRequest. so that non > user request are not audited and saves unnecessary processing for audits. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2929) Skip audit logging for Atlas authorization while filtering classification-def when all typedefs are fetched.
[ https://issues.apache.org/jira/browse/RANGER-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17166452#comment-17166452 ] Nixon Rodrigues commented on RANGER-2929: - Depends on ATLAS-3898 > Skip audit logging for Atlas authorization while filtering classification-def > when all typedefs are fetched. > - > > Key: RANGER-2929 > URL: https://issues.apache.org/jira/browse/RANGER-2929 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Attachments: 0001-RANGER-2929.patch > > > Skip audit logging for authorization while filtering classification-def when > all typedefs are fetched. > This is done based on property logAudit in AtlasAccessRequest. so that non > user request are not audited and saves unnecessary processing for audits. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2929) Skip audit logging for Atlas authorization while filtering classification-def when all typedefs are fetched.
[ https://issues.apache.org/jira/browse/RANGER-2929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2929: Attachment: 0001-RANGER-2929.patch > Skip audit logging for Atlas authorization while filtering classification-def > when all typedefs are fetched. > - > > Key: RANGER-2929 > URL: https://issues.apache.org/jira/browse/RANGER-2929 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Attachments: 0001-RANGER-2929.patch > > > Skip audit logging for authorization while filtering classification-def when > all typedefs are fetched. > This is done based on property logAudit in AtlasAccessRequest. so that non > user request are not audited and saves unnecessary processing for audits. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2929) Skip audit logging for Atlas authorization while filtering classification-def when all typedefs are fetched.
Nixon Rodrigues created RANGER-2929: --- Summary: Skip audit logging for Atlas authorization while filtering classification-def when all typedefs are fetched. Key: RANGER-2929 URL: https://issues.apache.org/jira/browse/RANGER-2929 Project: Ranger Issue Type: Improvement Components: plugins Reporter: Nixon Rodrigues Assignee: Nixon Rodrigues Skip audit logging for authorization while filtering classification-def when all typedefs are fetched. This is done based on property logAudit in AtlasAccessRequest. so that non user request are not audited and saves unnecessary processing for audits. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Apache Ranger 2.1.0 release
Madhan thanks for the Ranger 2.1.0 release heads up +1 for it. Thanks Nixon On Fri, Jul 17, 2020 at 11:26 PM PradeeP AgrawaL < pradeepagrawal8...@gmail.com> wrote: > +1 for Ranger 2.1.0 release. > > On Fri, 17 Jul 2020 at 10:35, Ramesh Bhanan wrote: > > > +1 for 2.1.0. Lot of good features awaited. Kudos to the team. > > > > Thanks, > > Ramesh Bhanan Byndoor > > > > On Fri, Jul 17, 2020 at 10:19 AM Mehul Parikh wrote: > > > > > +1 > > > > > > On Fri, Jul 17, 2020 at 12:03 AM Ramesh Mani wrote: > > > > > > > +1 for Ranger 2.1.0 release. > > > > > > > > Thanks, > > > > Rames > > > > > > > > On Thu, Jul 16, 2020 at 11:12 AM Abhay Kulkarni > > > > wrote: > > > > > > > > > +1 > > > > > > > > > > On Thu, Jul 16, 2020 at 10:28 AM Velmurugan Periasamy < > > v...@apache.org> > > > > > wrote: > > > > > > > > > > > +1 for 2.1.0 release. Thanks Madhan. > > > > > > > > > > > > On Thu, Jul 16, 2020 at 3:33 AM Madhan Neethiraj < > > mad...@apache.org> > > > > > > wrote: > > > > > > Rangers, > > > > > > > > > > > > Over past several months the dev community has been busy in > > enhancing > > > > > > Apache Ranger with new features, improvements and fixes. Here are > > few > > > > > > features/enhancements since last major release, Apache Ranger > > 2.0.0: > > > > > > - Hive plugin enhancement to authorize based on > database/table > > > > owners > > > > > > - Solr plugin enhancement to support document level > > authorization > > > > > > - Kafka plugin enhancement to support authorization on > > > > > consumer-groups > > > > > > - Presto plugin enhancements to support row-filtering and > > > > > > column-masking > > > > > > - Atlas plugin enhancements to support authorization for new > > > > > > operations and resources > > > > > > - Plugins enhancement to support Ranger HA without requiring > a > > > > > > load-balancer > > > > > > - Plugins enhancements to support incremental tag updates > > > > > > - Plugins enhancements to support super-users and > super-groups > > > > > > - Plugins enhancements to support audit excluded-users > > > > > > - Added support for Elastic Search as audit store > > > > > > - Ranger Admin UI improvements > > > > > > - Performance improvement in bulk create/update of policies > > > > > > - Ranger KMS enhancement to support Azure Key Vault > > > > > > - Java client library to access Ranger REST APIs > > > > > > - updated versions of dependent libraries/components > > > > > > > > > > > > With significant improvements in place, it is time for the next > > > > > > maintenance release of Apache Ranger! > > > > > > > > > > > > I propose to release Apache Ranger 2.1.0 by early next month. > > Please > > > > > > review and send your comments. > > > > > > > > > > > > Regards, > > > > > > Madhan > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Thanks and regards, > > > Mehul Parikh > > > > > > M: +91 98191 54446 > > > E: xsme...@gmail.com > > > > > >
[jira] [Commented] (RANGER-2909) Authorization support for atlas `entity-label` and `entity-business metadata`
[ https://issues.apache.org/jira/browse/RANGER-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17158095#comment-17158095 ] Nixon Rodrigues commented on RANGER-2909: - [~nityananda], Please take following patch for Atlas authz for label and BM. RANGER-2734: updated Atlas plugin for new operations in Atlas - add/remove label, update-namespace, admin-purge - [ https://gitbox.apache.org/repos/asf?p=ranger.git;h=f909896 ] AND JAVA PATCH J10034 for upgrade - https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb > Authorization support for atlas `entity-label` and `entity-business metadata` > - > > Key: RANGER-2909 > URL: https://issues.apache.org/jira/browse/RANGER-2909 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: ranger-2.0 >Reporter: Nityananda Gohain >Priority: Major > > We were using Ranger 2.0.0 with Atlas which was working perfectly fine, but > we wanted authorisation for `entity-labels` and `entity-business-metadata` > that comes with new version of Atlas i.e Atlas 2.0.0. > # We tried building ranger from the master branch, but authorisation for > roles which were attached to policies was not working (authorisation for > users and groups attached to policies was working) > # Since the above didn’t work we tried building ranger from the specific > commit where the patch to support authorisation for labels and > business-metadata was added > [https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb] > , the same problem appeared here i.e authorisation for roles attached to > policies was not working > # Finally, we added the patches to Ranger 2.0.0 > ## Applied the patches > [https://github.com/atlanhq/ranger/commit/a252ecf4b1006cc78e1c48cc3bacc518401b4825] > , > [https://github.com/atlanhq/ranger/commit/a7024c23bf6f54e39dfb3b31f6186ebd21977f93] > ## After building and running ranger I had to manually delete the entry from > `x_db_version_h` table i.e `J10034` and then restart ranger to apply the > patch by running `db_setup.py`. Even after applying the patch, the changes > are not reflected. i.e(No option for `entity-label` and > `entity-business-metadata` (have also checked `x_access_type_def` table and > entity-label and entity-business-metadata was not present) > What will be the best way to move forward to support authorisation for > `labels` and `business-metadata` where authorisation policies work with roles. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Review Request 72621: RANGER-2821 :- Update ranger authorizer for Atlas to add admin-purge and Java patch to handle upgrade.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72621/ --- (Updated July 15, 2020, 11:21 a.m.) Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, and Velmurugan Periasamy. Changes --- Handled review comments from Pradeep. Bugs: RANGER-2821 https://issues.apache.org/jira/browse/RANGER-2821 Repository: ranger Description --- This patch adds admin-purge permission into accessTypeRestrictions for atlas-service resource. Also addded Java patch to handle upgrade scenerio for old ranger deployments Diffs (updated) - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json f93d7282b Diff: https://reviews.apache.org/r/72621/diff/2/ Changes: https://reviews.apache.org/r/72621/diff/1-2/ Testing --- Testing:- Packaged Ranger 2.1.0 snapshot from master and installed and tested policy UI for Atlas - Able to see "Admin Purge" permission for atlas-service resource. Upgrade case:- Packaged Ranger-2.0.0 from release bits and installed and tested UI. Packaged Ranger-2.1.0 from master and used same install.properties from 2.0.0 and executed setup.py and started Ranger. Able to see "Admin Purge" permission for atlas-service resource. Thanks, Nixon Rodrigues
Re: Review Request 72621: RANGER-2821 :- Update ranger authorizer for Atlas to add admin-purge and Java patch to handle upgrade.
> On July 7, 2020, 3:57 a.m., Pradeep Agrawal wrote: > > security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddAdminPurge_J10039.java > > Lines 39 (patched) > > <https://reviews.apache.org/r/72621/diff/1/?file=2235021#file2235021line39> > > > > Can you review the changes done in patch > > https://github.com/apache/ranger/blob/master/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034.java#L65 > > > > > > I think this additional patch J10039 is not required. J10034 should > > address the required changes. if its not then you can add the required code > > change from J10039 to J10034. > > Please review again and post analysis if there is any problem with > > adding the changes in J10034. > > Nixon Rodrigues wrote: > Pradeep thanks for review. > > You are right that patch J10034 will handle the upgrade case, but since > some internal snapshot deployments where java patch J10034 is already applied > and admin-purge permission in accessTypeRestrictions is missing in serviceDef > will need patch J10039. > > Let me know if you need any information for this patch. > > Pradeep Agrawal wrote: > J10034 was introduced in current master branch(after 2.0.0 release) and > 2.1.0 is not released yet. Hence it will be good to add the necessary changes > in patch J10034 only. > > Only your local dev env may already have J10034, in that case you can > refresh your database or rerun the patch manually to make it work. Thanks Pradeep for review and your idea of reapplying patch makes sense. I have updated the patch to add "admin-purge" permission in accessTypeRestrictions which is missing in serviceDef - Nixon --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72621/#review221141 --- On June 26, 2020, 10:55 a.m., Nixon Rodrigues wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72621/ > --- > > (Updated June 26, 2020, 10:55 a.m.) > > > Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, > Sarath Subramanian, and Velmurugan Periasamy. > > > Bugs: RANGER-2821 > https://issues.apache.org/jira/browse/RANGER-2821 > > > Repository: ranger > > > Description > --- > > This patch adds admin-purge permission into accessTypeRestrictions for > atlas-service resource. > > Also addded Java patch to handle upgrade scenerio for old ranger deployments > > > Diffs > - > > agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json > f93d7282b > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > 832d650cf > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > 4576e9677 > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > 6a0941ff6 > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > b663f3b02 > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 695615626 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddAdminPurge_J10039.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/72621/diff/1/ > > > Testing > --- > > Testing:- > > Packaged Ranger 2.1.0 snapshot from master and installed and tested policy UI > for Atlas - Able to see "Admin Purge" permission for atlas-service resource. > > Upgrade case:- > Packaged Ranger-2.0.0 from release bits and installed and tested UI. > Packaged Ranger-2.1.0 from master and used same install.properties from 2.0.0 > and executed setup.py and started Ranger. Able to see "Admin Purge" > permission for atlas-service resource. > > > Thanks, > > Nixon Rodrigues > >
Re: Review Request 72621: RANGER-2821 :- Update ranger authorizer for Atlas to add admin-purge and Java patch to handle upgrade.
> On July 7, 2020, 3:57 a.m., Pradeep Agrawal wrote: > > security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddAdminPurge_J10039.java > > Lines 39 (patched) > > <https://reviews.apache.org/r/72621/diff/1/?file=2235021#file2235021line39> > > > > Can you review the changes done in patch > > https://github.com/apache/ranger/blob/master/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034.java#L65 > > > > > > I think this additional patch J10039 is not required. J10034 should > > address the required changes. if its not then you can add the required code > > change from J10039 to J10034. > > Please review again and post analysis if there is any problem with > > adding the changes in J10034. Pradeep thanks for review. You are right that patch J10034 will handle the upgrade case, but since some internal snapshot deployments where java patch J10034 is already applied and admin-purge permission in accessTypeRestrictions is missing in serviceDef will need patch J10039. Let me know if you need any information for this patch. - Nixon --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72621/#review221141 ------- On June 26, 2020, 10:55 a.m., Nixon Rodrigues wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72621/ > --- > > (Updated June 26, 2020, 10:55 a.m.) > > > Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, > Sarath Subramanian, and Velmurugan Periasamy. > > > Bugs: RANGER-2821 > https://issues.apache.org/jira/browse/RANGER-2821 > > > Repository: ranger > > > Description > --- > > This patch adds admin-purge permission into accessTypeRestrictions for > atlas-service resource. > > Also addded Java patch to handle upgrade scenerio for old ranger deployments > > > Diffs > - > > agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json > f93d7282b > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > 832d650cf > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > 4576e9677 > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > 6a0941ff6 > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > b663f3b02 > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 695615626 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddAdminPurge_J10039.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/72621/diff/1/ > > > Testing > --- > > Testing:- > > Packaged Ranger 2.1.0 snapshot from master and installed and tested policy UI > for Atlas - Able to see "Admin Purge" permission for atlas-service resource. > > Upgrade case:- > Packaged Ranger-2.0.0 from release bits and installed and tested UI. > Packaged Ranger-2.1.0 from master and used same install.properties from 2.0.0 > and executed setup.py and started Ranger. Able to see "Admin Purge" > permission for atlas-service resource. > > > Thanks, > > Nixon Rodrigues > >
[jira] [Resolved] (RANGER-2898) Upgrade httpclient from 4.5.3 to 4.5.4
[
https://issues.apache.org/jira/browse/RANGER-2898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nixon Rodrigues resolved RANGER-2898.
-
Resolution: Invalid
httpclient version is 4.5.6 in Ranger, so not a issue, closing this issue.
> Upgrade httpclient from 4.5.3 to 4.5.4
> --
>
> Key: RANGER-2898
> URL: https://issues.apache.org/jira/browse/RANGER-2898
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Nixon Rodrigues
>Priority: Major
>
> Found below exception in atlas application.log where audits were not getting
> added in SOLR from Atlas plugin.
> {code:java}
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ Request to collection [ranger_audits] failed due to (0)
> java.lang.ClassCastException: [B cannot be cast to java.lang.String, retry=0
> commError=false errorCode=0 (CloudSolrClient:925) 2020-07-01 12:22:27,019
> INFO -
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ request was not communication error it seems (CloudSolrClient:953)
> 2020-07-01 12:22:27,020 WARN -
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ failed to log audit event:
> \{"repoType":15,"repo":"xxx-xx","reqUser":"oozie_execute","evtTime":"2020-06-18
>
> 08:27:18.918","access":"entity-create","resource":"hive_db/[]/x@xxx-xxx","resType":"entity","action":"entity-create","result":0,"agent":"atlas","policy":-1,"enforcer":"ranger-acl","cliIP":"172.1.1.1","agentHost":"xxx-xxx-xx-x.xxx","logType":"RangerAudit","id":"13729e1e-e901-4e4a-ac49-0cf21701c63b-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"xx-xxx"}
> (BaseAuditHandler:374)
> org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException:
> java.lang.ClassCastException: [B cannot be cast to java.lang.String
> {code}
> its due to HTTPCLIENT-1836
> To fix above issue:- Upgrade httpclient from 4.5.3 to 4.5.4.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (RANGER-2898) Upgrade httpclient from 4.5.3 to 4.5.4
Nixon Rodrigues created RANGER-2898:
---
Summary: Upgrade httpclient from 4.5.3 to 4.5.4
Key: RANGER-2898
URL: https://issues.apache.org/jira/browse/RANGER-2898
Project: Ranger
Issue Type: Bug
Components: plugins
Reporter: Nixon Rodrigues
Found below exception in atlas application.log where audits were not getting
added in SOLR from Atlas plugin.
{code:java}
[atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:] ~
Request to collection [ranger_audits] failed due to (0)
java.lang.ClassCastException: [B cannot be cast to java.lang.String, retry=0
commError=false errorCode=0 (CloudSolrClient:925) 2020-07-01 12:22:27,019 INFO
- [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
~ request was not communication error it seems (CloudSolrClient:953) 2020-07-01
12:22:27,020 WARN -
[atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:] ~
failed to log audit event:
\{"repoType":15,"repo":"xxx-xx","reqUser":"oozie_execute","evtTime":"2020-06-18
08:27:18.918","access":"entity-create","resource":"hive_db/[]/x@xxx-xxx","resType":"entity","action":"entity-create","result":0,"agent":"atlas","policy":-1,"enforcer":"ranger-acl","cliIP":"172.1.1.1","agentHost":"xxx-xxx-xx-x.xxx","logType":"RangerAudit","id":"13729e1e-e901-4e4a-ac49-0cf21701c63b-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"xx-xxx"}
(BaseAuditHandler:374)
org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException:
java.lang.ClassCastException: [B cannot be cast to java.lang.String
{code}
its due to HTTPCLIENT-1836
To fix above issue:- Upgrade httpclient from 4.5.3 to 4.5.4.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2821) Update ranger authorizer for Atlas to add admin-purge
[ https://issues.apache.org/jira/browse/RANGER-2821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2821: Fix Version/s: 2.1.0 > Update ranger authorizer for Atlas to add admin-purge > - > > Key: RANGER-2821 > URL: https://issues.apache.org/jira/browse/RANGER-2821 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Sidharth Kumar Mishra > Assignee: Nixon Rodrigues >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2821-Update-ranger-authorizer-for-Atlas-to-ad.patch, > RANGER-2821.1.patch > > > "admin-purge" permission for atlas-service resource is missing. > > This patch adds admin-purge permission into accessTypeRestrictions for > atlas-service resource. > Also addded Java patch to handle upgrade scenario for old ranger deployments -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2821) Update ranger authorizer for Atlas to add admin-purge
[ https://issues.apache.org/jira/browse/RANGER-2821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2821: Affects Version/s: 2.0.0 > Update ranger authorizer for Atlas to add admin-purge > - > > Key: RANGER-2821 > URL: https://issues.apache.org/jira/browse/RANGER-2821 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0 >Reporter: Sidharth Kumar Mishra >Assignee: Nixon Rodrigues >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2821-Update-ranger-authorizer-for-Atlas-to-ad.patch, > RANGER-2821.1.patch > > > "admin-purge" permission for atlas-service resource is missing. > > This patch adds admin-purge permission into accessTypeRestrictions for > atlas-service resource. > Also addded Java patch to handle upgrade scenario for old ranger deployments -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2821) Update ranger authorizer for Atlas to add admin-purge
[ https://issues.apache.org/jira/browse/RANGER-2821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2821: Attachment: RANGER-2821.1.patch > Update ranger authorizer for Atlas to add admin-purge > - > > Key: RANGER-2821 > URL: https://issues.apache.org/jira/browse/RANGER-2821 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Sidharth Kumar Mishra > Assignee: Nixon Rodrigues >Priority: Major > Attachments: > 0001-RANGER-2821-Update-ranger-authorizer-for-Atlas-to-ad.patch, > RANGER-2821.1.patch > > > "admin-purge" permission for atlas-service resource is missing. > > This patch adds admin-purge permission into accessTypeRestrictions for > atlas-service resource. > Also addded Java patch to handle upgrade scenario for old ranger deployments -- This message was sent by Atlassian Jira (v8.3.4#803005)
Review Request 72621: RANGER-2821 :- Update ranger authorizer for Atlas to add admin-purge and Java patch to handle upgrade.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72621/ --- Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, and Velmurugan Periasamy. Bugs: RANGER-2821 https://issues.apache.org/jira/browse/RANGER-2821 Repository: ranger Description --- This patch adds admin-purge permission into accessTypeRestrictions for atlas-service resource. Also addded Java patch to handle upgrade scenerio for old ranger deployments Diffs - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json f93d7282b security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 832d650cf security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 4576e9677 security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 6a0941ff6 security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b663f3b02 security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 695615626 security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddAdminPurge_J10039.java PRE-CREATION Diff: https://reviews.apache.org/r/72621/diff/1/ Testing --- Testing:- Packaged Ranger 2.1.0 snapshot from master and installed and tested policy UI for Atlas - Able to see "Admin Purge" permission for atlas-service resource. Upgrade case:- Packaged Ranger-2.0.0 from release bits and installed and tested UI. Packaged Ranger-2.1.0 from master and used same install.properties from 2.0.0 and executed setup.py and started Ranger. Able to see "Admin Purge" permission for atlas-service resource. Thanks, Nixon Rodrigues
[jira] [Commented] (RANGER-2821) Update ranger authorizer for Atlas to add admin-purge
[ https://issues.apache.org/jira/browse/RANGER-2821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17141976#comment-17141976 ] Nixon Rodrigues commented on RANGER-2821: - [~pradeep], [~sidharthkmishra], I have added fix [^0001-RANGER-2821-Update-ranger-authorizer-for-Atlas-to-ad.patch] to render admin-purge permission on UI. which was missing in earlier patch. Please review. > Update ranger authorizer for Atlas to add admin-purge > - > > Key: RANGER-2821 > URL: https://issues.apache.org/jira/browse/RANGER-2821 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Sidharth Kumar Mishra > Assignee: Nixon Rodrigues >Priority: Major > Attachments: > 0001-RANGER-2821-Update-ranger-authorizer-for-Atlas-to-ad.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-2821) Update ranger authorizer for Atlas to add admin-purge
[ https://issues.apache.org/jira/browse/RANGER-2821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues reassigned RANGER-2821: --- Assignee: Nixon Rodrigues > Update ranger authorizer for Atlas to add admin-purge > - > > Key: RANGER-2821 > URL: https://issues.apache.org/jira/browse/RANGER-2821 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Sidharth Kumar Mishra > Assignee: Nixon Rodrigues >Priority: Major > Attachments: > 0001-RANGER-2821-Update-ranger-authorizer-for-Atlas-to-ad.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2821) Update ranger authorizer for Atlas to add admin-purge
[ https://issues.apache.org/jira/browse/RANGER-2821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2821: Attachment: 0001-RANGER-2821-Update-ranger-authorizer-for-Atlas-to-ad.patch > Update ranger authorizer for Atlas to add admin-purge > - > > Key: RANGER-2821 > URL: https://issues.apache.org/jira/browse/RANGER-2821 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Sidharth Kumar Mishra > Assignee: Nixon Rodrigues >Priority: Major > Attachments: > 0001-RANGER-2821-Update-ranger-authorizer-for-Atlas-to-ad.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2870) Atlas Resource based policy - classification is not honored
Nixon Rodrigues created RANGER-2870: --- Summary: Atlas Resource based policy - classification is not honored Key: RANGER-2870 URL: https://issues.apache.org/jira/browse/RANGER-2870 Project: Ranger Issue Type: Bug Components: plugins Reporter: Nixon Rodrigues Assignee: Nixon Rodrigues For an Altas policy for a given entity-type, the entity classification field is not honoured Example: A Datasteward user would like to apply tags cc.* on their hive db credit_card_db1 entity-type : hive_db,hive_table entity classification: cc.* entity-id: credit_card_db1* When the classification is * , the atlas user can add all the tags needed But wants to add tags when entity classifications hat.* or hat* or hat?* and is not able to. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2682) Add new authorization privilege - "admin-purge" in Ranger-Atlas service.
[ https://issues.apache.org/jira/browse/RANGER-2682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues resolved RANGER-2682. - Resolution: Duplicate > Add new authorization privilege - "admin-purge" in Ranger-Atlas service. > > > Key: RANGER-2682 > URL: https://issues.apache.org/jira/browse/RANGER-2682 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Attachments: RANGER-2682.1.patch > > > For Atlas Admin Purge we need to add new privilege - *admin-purge* in ranger > atlas service def. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Review Request 71945: RANGER-2682 : - Add new authorization privilege - "admin-purge" in Ranger-Atlas service.
ctions":[],"isValidLeaf":false},{"itemId":8,"name":"end-one-entity-type","type":"string","level":20,"parent":"relationship-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1
Entity Type","description":"End1 Entity Type","accessTypeRest
rictions":[],"isValidLeaf":false},{"itemId":4,"name":"entity-classification","type":"string","level":20,"parent":"entity-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity
Classification","description":"Entity
Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":2,"name":"type","type":"string","level":20,"parent":"type-category","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Type
Name","description":"Type
Name","accessTypeRestrictions":["type-create","type-delete","type-update"],"isValidLeaf":true},{"itemId":9,"name":"end-one-entity-classification","type":"string","level":3
0,"parent":"end-one-entity-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1
Entity Classification","description":"End1 Entity
Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":5,"name":"entity","type":"string","level":30,"parent":"entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity
ID","description":"Entity
ID","accessTypeRestrictions":["entity-read","entity-create","entity-update","entity-delete","entity-remove-classification","entity-add-classification","entity-update-classification"],"isValidLeaf":true},{"itemId":10,"name":"end-one-entity","ty
pe":"string","level":40,"parent":"end-one-entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1
Entity ID","description":"End1 Entity
ID","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":11,"name":"end-two-entity-type","type":"string","level":50,"parent":"end-one-entity","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2
Entity Type","description":"End2 Entity
Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":12,"name":"end-two-entity-classification","type":"string","level":60,"parent":"end-two-entity-type","mandatory":true,"lookupSupported":true,"recursiveS
upported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2
Entity Classification","description":"End2 Entity
Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":13,"name":"end-two-entity","type":"string","level":70,"parent":"end-two-entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2
Entity ID","description":"End2 Entity
ID","accessTypeRestrictions":["remove-relationship","update-relationship","add-relationship"],"isValidLeaf":true}],"accessTypes":[{"itemId":1,"name":"type-create","label":"Create
Type","impliedGrants":[]},{"itemId":2,"name":"type-update","label":"UpdateType","impliedGrants":[]},{"itemId":3,"name":"t
ype-delete","label":"Delete
Type","impliedGrants":[]},{"itemId":4,"name":"entity-read","label":"Read
Entity","impliedGrants":[]},{"itemId":5,"name":"entity-create","label":"Create
Entity","impliedGrants":[]},{"itemId":6,"name":"entity-update","label":"Update
Entity","impliedGrants":[]},{"itemId":7,"name":"entity-delete","label":"Delete
Entity","impliedGrants":[]},{"itemId":8,"name":"entity-add-classification","label":"Add
Classification","impliedGrants":[]},{"itemId":9,"name":"entity-update-classification","label":"Update
Classification","impliedGrants":[]},{"itemId":10,"name":"entity-remove-classification","label":"Remove
Classification","impliedGrants":[]},{"itemId":11,"name":"admin-export","label":"Admin
Export","impliedGrants":[]},{"itemId":12,"name":"admin-import","label":"Admin
Import","impliedGrants":[]},{"itemId":13,"name":"add-relationship","label":"Add
Relationship","impliedGrants":[]},{"itemId":14,"name":"update-relationship","label":"Update
Relationship","impliedGrants":
[]},{"itemId":15,"name":"remove-relationship","label":"Remove
Relationship","impliedGrants":[]},{"itemId":16,"name":"admin-purge","label":"Admin
Purge","impliedGrants":[]}],"policyConditions":[],"contextEnrichers":[],"enums":[],"dataMaskDef":{"maskTypes":[],"accessTypes":[],"resources":[]},"rowFilterDef":{"accessTypes":[],"resources":[]}}'
Thanks,
Nixon Rodrigues
[jira] [Updated] (RANGER-2682) Add new authorization privilege - "admin-purge" in Ranger-Atlas service.
[ https://issues.apache.org/jira/browse/RANGER-2682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2682: Attachment: RANGER-2682.1.patch > Add new authorization privilege - "admin-purge" in Ranger-Atlas service. > > > Key: RANGER-2682 > URL: https://issues.apache.org/jira/browse/RANGER-2682 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Attachments: RANGER-2682.1.patch > > > For Atlas Admin Purge we need to add new privilege - *admin-purge* in ranger > atlas service def. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-2682) Add new authorization privilege - "admin-purge" in Ranger-Atlas service.
[ https://issues.apache.org/jira/browse/RANGER-2682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues reassigned RANGER-2682: --- Assignee: Nixon Rodrigues > Add new authorization privilege - "admin-purge" in Ranger-Atlas service. > > > Key: RANGER-2682 > URL: https://issues.apache.org/jira/browse/RANGER-2682 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > > For Atlas Admin Purge we need to add new privilege - *admin-purge* in ranger > atlas service def. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2682) Add new authorization privilege - "admin-purge" in Ranger-Atlas service.
Nixon Rodrigues created RANGER-2682: --- Summary: Add new authorization privilege - "admin-purge" in Ranger-Atlas service. Key: RANGER-2682 URL: https://issues.apache.org/jira/browse/RANGER-2682 Project: Ranger Issue Type: Improvement Components: plugins Reporter: Nixon Rodrigues For Atlas Admin Purge we need to add new privilege - *admin-purge* in ranger atlas service def. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Review Request 71444: RANGER-2559 : Update Atlas Authorizer with forwardedAddresses and Remote IP to handle request from proxy.
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71444/
---
(Updated Sept. 11, 2019, 10:36 a.m.)
Review request for ranger, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, and
Velmurugan Periasamy.
Changes
---
This patch is dependent on ATLAS-3387 which is committed but not yet released,
hence updated {atlas.version} in pom.xml to 3.0.0-SNAPSHOT updated patch for
successful build.
Bugs: RANGER-2559
https://issues.apache.org/jira/browse/RANGER-2559
Repository: ranger
Description
---
This patch sets forwardedAddresses and Remote IP to from AtlasAccessRequest to
RangerAccessRequestImpl.
* This patch depends ATLAS-3387 due compilation as addition attributes are
added in AtlasAccessRequest
Diffs (updated)
-
plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
c6008ba8a
pom.xml 13d5a5bc0
Diff: https://reviews.apache.org/r/71444/diff/2/
Changes: https://reviews.apache.org/r/71444/diff/1-2/
Testing
---
Testing Ranger audits with and without following settings for various Atlas
resource authorization.
ranger.plugin.atlas.use.x-forwarded-for.ipaddress=true
ranger.plugin.atlas.trusted.proxy.ipaddresses=PROXY_IP
Thanks,
Nixon Rodrigues
[jira] [Commented] (RANGER-2559) Update Atlas Authorizer with forwardedAddresses and Remote IP to handle request from proxy..
[
https://issues.apache.org/jira/browse/RANGER-2559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16927475#comment-16927475
]
Nixon Rodrigues commented on RANGER-2559:
-
^This patch is dependent on ATLAS-3387, hence updated \{atlas.version} in
pom.xml to 3.0.0-SNAPSHOT for build in updated patch^
[^RANGER-2559-2.patch]
> Update Atlas Authorizer with forwardedAddresses and Remote IP to handle
> request from proxy..
>
>
> Key: RANGER-2559
> URL: https://issues.apache.org/jira/browse/RANGER-2559
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Nixon Rodrigues
>Assignee: Nixon Rodrigues
>Priority: Major
> Fix For: master
>
> Attachments: RANGER-2559-2.patch, RANGER-2559.patch
>
>
> Update Atlas Authorizer with forwardedAddresses and Remote IP to handle
> requests from proxy.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
[jira] [Updated] (RANGER-2559) Update Atlas Authorizer with forwardedAddresses and Remote IP to handle request from proxy..
[ https://issues.apache.org/jira/browse/RANGER-2559?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2559: Attachment: RANGER-2559-2.patch > Update Atlas Authorizer with forwardedAddresses and Remote IP to handle > request from proxy.. > > > Key: RANGER-2559 > URL: https://issues.apache.org/jira/browse/RANGER-2559 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Fix For: master > > Attachments: RANGER-2559-2.patch, RANGER-2559.patch > > > Update Atlas Authorizer with forwardedAddresses and Remote IP to handle > requests from proxy. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (RANGER-2559) Update Atlas Authorizer with forwardedAddresses and Remote IP to handle request from proxy..
[ https://issues.apache.org/jira/browse/RANGER-2559?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2559: Attachment: RANGER-2559.patch > Update Atlas Authorizer with forwardedAddresses and Remote IP to handle > request from proxy.. > > > Key: RANGER-2559 > URL: https://issues.apache.org/jira/browse/RANGER-2559 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Attachments: RANGER-2559.patch > > > Update Atlas Authorizer with forwardedAddresses and Remote IP to handle > requests from proxy. -- This message was sent by Atlassian Jira (v8.3.2#803003)
Review Request 71444: RANGER-2559 : Update Atlas Authorizer with forwardedAddresses and Remote IP to handle request from proxy.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71444/ --- Review request for ranger, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, and Velmurugan Periasamy. Bugs: RANGER-2559 https://issues.apache.org/jira/browse/RANGER-2559 Repository: ranger Description --- This patch sets forwardedAddresses and Remote IP to from AtlasAccessRequest to RangerAccessRequestImpl. * This patch depends ATLAS-3387 due compilation as addition attributes are added in AtlasAccessRequest Diffs - plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java c6008ba8a Diff: https://reviews.apache.org/r/71444/diff/1/ Testing --- Testing Ranger audits with and without following settings for various Atlas resource authorization. ranger.plugin.atlas.use.x-forwarded-for.ipaddress=true ranger.plugin.atlas.trusted.proxy.ipaddresses=PROXY_IP Thanks, Nixon Rodrigues
[jira] [Created] (RANGER-2559) Update Atlas Authorizer with forwardedAddresses and Remote IP to handle request from proxy..
Nixon Rodrigues created RANGER-2559: --- Summary: Update Atlas Authorizer with forwardedAddresses and Remote IP to handle request from proxy.. Key: RANGER-2559 URL: https://issues.apache.org/jira/browse/RANGER-2559 Project: Ranger Issue Type: Bug Components: plugins Reporter: Nixon Rodrigues Assignee: Nixon Rodrigues Update Atlas Authorizer with forwardedAddresses and Remote IP to handle requests from proxy. -- This message was sent by Atlassian Jira (v8.3.2#803003)
Review Request 70758: RANGER-2451 :- Atlas plugin is not working when security zone is created for Atlas service in Ranger Admin.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70758/ --- Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, and Ramesh Mani. Bugs: RANGER-2451 https://issues.apache.org/jira/browse/RANGER-2451 Repository: ranger Description --- Atlas plugin was working due to "java.lang.ClassCastException: java.util.Collections$EmptySet" when security zone is created for Atlas service. This patch fixes the issue of ClassCastException. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java eab2c238e Diff: https://reviews.apache.org/r/70758/diff/1/ Testing --- Tested Atlas ranger authorization for types / entity for read/create/updates when security zone created for atlas services. Thanks, Nixon Rodrigues
[jira] [Updated] (RANGER-2451) Atlas plugin is not working when security zone is created for Atlas service in Ranger Admin.
[
https://issues.apache.org/jira/browse/RANGER-2451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nixon Rodrigues updated RANGER-2451:
Attachment: (was: RANGER-2085.patch)
> Atlas plugin is not working when security zone is created for Atlas service
> in Ranger Admin.
>
>
> Key: RANGER-2451
> URL: https://issues.apache.org/jira/browse/RANGER-2451
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Nixon Rodrigues
>Assignee: Nixon Rodrigues
>Priority: Major
> Attachments: RANGER-2451.patch
>
>
> Description:
> Steps -
> 1.Go to security zone page in Ranger UI.
> 2.Create a security zone for atlas services with resources.
> {noformat}
> type-category resources
> type-category : *
> type : *
> entity-type resources
> entity-type : *
> entity-classification : *
> entity : *
> atlas-service resources
> atlas-service : *, atlas-service
> relationship-type resources
> end-one-entity-classification : *
> end-two-entity : *
> end-two-entity-type : *
> relationship-type : *
> end-two-entity-classification : *
> end-one-entity-type : *
> end-one-entity : *
> {noformat}
> 3.Save the security zone.
> 4.Go to Atlas UI and login.
> 5.Check the application.logs of Atlas.
> {code:java}
> 2019-05-27 12:26:55,508 ERROR - [pool-2-thread-7 -
> 01480084-282d-4686-8220-84aa8d233252:] ~ Error handling a request:
> e361746af898b07c (ExceptionMapperUtil:32)
> java.lang.ClassCastException: java.util.Collections$EmptySet cannot be cast
> to java.util.List
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromSingleResource(RangerPolicyEngineImpl.java:1768)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromAccessResource(RangerPolicyEngineImpl.java:1757)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.getMatchedZoneName(RangerPolicyEngineImpl.java:1636)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.zoneAwareAccessEvaluationWithNoAudit(RangerPolicyEngineImpl.java:1240)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.evaluatePolicies(RangerPolicyEngineImpl.java:463)
> at
> org.apache.ranger.plugin.service.RangerBasePlugin.isAccessAllowed(RangerBasePlugin.java:450)
> at
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.checkAccess(RangerAtlasAuthorizer.java:415)
> at
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:378)
> at
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:148)
> at
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:145)
> at
> org.apache.atlas.authorize.AtlasAuthorizationUtils.isAccessAllowed(AtlasAuthorizationUtils.java:127)
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (RANGER-2451) Atlas plugin is not working when security zone is created for Atlas service in Ranger Admin.
[
https://issues.apache.org/jira/browse/RANGER-2451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nixon Rodrigues updated RANGER-2451:
Attachment: RANGER-2451.patch
> Atlas plugin is not working when security zone is created for Atlas service
> in Ranger Admin.
>
>
> Key: RANGER-2451
> URL: https://issues.apache.org/jira/browse/RANGER-2451
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Nixon Rodrigues
>Assignee: Nixon Rodrigues
>Priority: Major
> Attachments: RANGER-2451.patch
>
>
> Description:
> Steps -
> 1.Go to security zone page in Ranger UI.
> 2.Create a security zone for atlas services with resources.
> {noformat}
> type-category resources
> type-category : *
> type : *
> entity-type resources
> entity-type : *
> entity-classification : *
> entity : *
> atlas-service resources
> atlas-service : *, atlas-service
> relationship-type resources
> end-one-entity-classification : *
> end-two-entity : *
> end-two-entity-type : *
> relationship-type : *
> end-two-entity-classification : *
> end-one-entity-type : *
> end-one-entity : *
> {noformat}
> 3.Save the security zone.
> 4.Go to Atlas UI and login.
> 5.Check the application.logs of Atlas.
> {code:java}
> 2019-05-27 12:26:55,508 ERROR - [pool-2-thread-7 -
> 01480084-282d-4686-8220-84aa8d233252:] ~ Error handling a request:
> e361746af898b07c (ExceptionMapperUtil:32)
> java.lang.ClassCastException: java.util.Collections$EmptySet cannot be cast
> to java.util.List
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromSingleResource(RangerPolicyEngineImpl.java:1768)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromAccessResource(RangerPolicyEngineImpl.java:1757)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.getMatchedZoneName(RangerPolicyEngineImpl.java:1636)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.zoneAwareAccessEvaluationWithNoAudit(RangerPolicyEngineImpl.java:1240)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.evaluatePolicies(RangerPolicyEngineImpl.java:463)
> at
> org.apache.ranger.plugin.service.RangerBasePlugin.isAccessAllowed(RangerBasePlugin.java:450)
> at
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.checkAccess(RangerAtlasAuthorizer.java:415)
> at
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:378)
> at
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:148)
> at
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:145)
> at
> org.apache.atlas.authorize.AtlasAuthorizationUtils.isAccessAllowed(AtlasAuthorizationUtils.java:127)
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (RANGER-2451) Atlas plugin is not working when security zone is created for Atlas service in Ranger Admin.
[
https://issues.apache.org/jira/browse/RANGER-2451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nixon Rodrigues updated RANGER-2451:
Attachment: RANGER-2085.patch
> Atlas plugin is not working when security zone is created for Atlas service
> in Ranger Admin.
>
>
> Key: RANGER-2451
> URL: https://issues.apache.org/jira/browse/RANGER-2451
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Nixon Rodrigues
>Assignee: Nixon Rodrigues
>Priority: Major
>
> Description:
> Steps -
> 1.Go to security zone page in Ranger UI.
> 2.Create a security zone for atlas services with resources.
> {noformat}
> type-category resources
> type-category : *
> type : *
> entity-type resources
> entity-type : *
> entity-classification : *
> entity : *
> atlas-service resources
> atlas-service : *, atlas-service
> relationship-type resources
> end-one-entity-classification : *
> end-two-entity : *
> end-two-entity-type : *
> relationship-type : *
> end-two-entity-classification : *
> end-one-entity-type : *
> end-one-entity : *
> {noformat}
> 3.Save the security zone.
> 4.Go to Atlas UI and login.
> 5.Check the application.logs of Atlas.
> {code:java}
> 2019-05-27 12:26:55,508 ERROR - [pool-2-thread-7 -
> 01480084-282d-4686-8220-84aa8d233252:] ~ Error handling a request:
> e361746af898b07c (ExceptionMapperUtil:32)
> java.lang.ClassCastException: java.util.Collections$EmptySet cannot be cast
> to java.util.List
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromSingleResource(RangerPolicyEngineImpl.java:1768)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromAccessResource(RangerPolicyEngineImpl.java:1757)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.getMatchedZoneName(RangerPolicyEngineImpl.java:1636)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.zoneAwareAccessEvaluationWithNoAudit(RangerPolicyEngineImpl.java:1240)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.evaluatePolicies(RangerPolicyEngineImpl.java:463)
> at
> org.apache.ranger.plugin.service.RangerBasePlugin.isAccessAllowed(RangerBasePlugin.java:450)
> at
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.checkAccess(RangerAtlasAuthorizer.java:415)
> at
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:378)
> at
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:148)
> at
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:145)
> at
> org.apache.atlas.authorize.AtlasAuthorizationUtils.isAccessAllowed(AtlasAuthorizationUtils.java:127)
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (RANGER-2451) Atlas plugin is not working when security zone is created for Atlas service in Ranger Admin.
Nixon Rodrigues created RANGER-2451:
---
Summary: Atlas plugin is not working when security zone is created
for Atlas service in Ranger Admin.
Key: RANGER-2451
URL: https://issues.apache.org/jira/browse/RANGER-2451
Project: Ranger
Issue Type: Bug
Components: plugins
Reporter: Nixon Rodrigues
Assignee: Nixon Rodrigues
Description:
Steps -
1.Go to security zone page in Ranger UI.
2.Create a security zone for atlas services with resources.
{noformat}
type-category resources
type-category : *
type : *
entity-type resources
entity-type : *
entity-classification : *
entity : *
atlas-service resources
atlas-service : *, atlas-service
relationship-type resources
end-one-entity-classification : *
end-two-entity : *
end-two-entity-type : *
relationship-type : *
end-two-entity-classification : *
end-one-entity-type : *
end-one-entity : *
{noformat}
3.Save the security zone.
4.Go to Atlas UI and login.
5.Check the application.logs of Atlas.
{code:java}
2019-05-27 12:26:55,508 ERROR - [pool-2-thread-7 -
01480084-282d-4686-8220-84aa8d233252:] ~ Error handling a request:
e361746af898b07c (ExceptionMapperUtil:32)
java.lang.ClassCastException: java.util.Collections$EmptySet cannot be cast to
java.util.List
at
org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromSingleResource(RangerPolicyEngineImpl.java:1768)
at
org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromAccessResource(RangerPolicyEngineImpl.java:1757)
at
org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.getMatchedZoneName(RangerPolicyEngineImpl.java:1636)
at
org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.zoneAwareAccessEvaluationWithNoAudit(RangerPolicyEngineImpl.java:1240)
at
org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.evaluatePolicies(RangerPolicyEngineImpl.java:463)
at
org.apache.ranger.plugin.service.RangerBasePlugin.isAccessAllowed(RangerBasePlugin.java:450)
at
org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.checkAccess(RangerAtlasAuthorizer.java:415)
at
org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:378)
at
org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:148)
at
org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:145)
at
org.apache.atlas.authorize.AtlasAuthorizationUtils.isAccessAllowed(AtlasAuthorizationUtils.java:127)
{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Re: Review Request 70615: RANGER-2421 - add http client to atlas plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70615/#review215361 --- src/main/assembly/plugin-atlas.xml Lines 58 (patched) <https://reviews.apache.org/r/70615/#comment302036> @Madhan, Atlas used 4.4.1 version of httpclient library. Updating httpclient jar with 4.5.3 in Atlas resolves this NoSuchMethodError exception , I think it make sense to update this version at Atlas end. - Nixon Rodrigues On May 9, 2019, 9:25 a.m., Zsombor Gegesy wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70615/ > --- > > (Updated May 9, 2019, 9:25 a.m.) > > > Review request for ranger. > > > Bugs: RANGER-2421 > https://issues.apache.org/jira/browse/RANGER-2421 > > > Repository: ranger > > > Description > --- > > Due to http client version difference, and the lack of httpclient-4.5.3.jar > inside the ranger-atlas-plugin/lib/ranger-atlas-plugin-impl/ folder, the > following exception can be seen: > > ava.lang.NoSuchMethodError: > org.apache.http.impl.client.HttpClientBuilder.evictIdleConnections(JLjava/util/concurrent/TimeUnit;)Lorg/apache/http/impl/client/HttpClientBuilder; > at > org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:311) > at > org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:330) > at > org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:268) > at > org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:255) > at > org.apache.solr.client.solrj.impl.CloudSolrClient.(CloudSolrClient.java:280) > at > org.apache.solr.client.solrj.impl.CloudSolrClient$Builder.build(CloudSolrClient.java:1600) > at > org.apache.ranger.audit.destination.SolrAuditDestination$1.run(SolrAuditDestination.java:126) > at > org.apache.ranger.audit.destination.SolrAuditDestination$1.run(SolrAuditDestination.java:123) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1730) > at > org.apache.ranger.audit.provider.MiscUtil.executePrivilegedAction(MiscUtil.java:516) > at > org.apache.ranger.audit.destination.SolrAuditDestination.connect(SolrAuditDestination.java:123) > at > org.apache.ranger.audit.destination.SolrAuditDestination.init(SolrAuditDestination.java:72) > at > org.apache.ranger.audit.provider.AuditProviderFactory.init(AuditProviderFactory.java:179) > at > org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:217) > > Atlas has a httpclient-4.4.x, which lacks the needed method. > > > Diffs > - > > src/main/assembly/plugin-atlas.xml 4de27b071 > > > Diff: https://reviews.apache.org/r/70615/diff/1/ > > > Testing > --- > > Added the necessary jars to a deployed Atlas server, and noticed that the > exception disapears, and audit correctly sent. > > > Thanks, > > Zsombor Gegesy > >
[jira] [Updated] (RANGER-2417) Set Atlas Entity owner to RangerAccessResource ownerUser attribute for Atlas Ranger Plugin
[ https://issues.apache.org/jira/browse/RANGER-2417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2417: Attachment: RANGER-2417.patch > Set Atlas Entity owner to RangerAccessResource ownerUser attribute for Atlas > Ranger Plugin > -- > > Key: RANGER-2417 > URL: https://issues.apache.org/jira/browse/RANGER-2417 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Fix For: 2.0.0 > > Attachments: RANGER-2417.patch > > > Set Atlas Entity owner value to RangerAccessResource ownerUser attribute for > Atlas Ranger Plugin. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Review Request 70624: RANGER-2417 : Set Atlas Entity owner to RangerAccessResource ownerUser attribute for Atlas Ranger Plugin
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70624/
---
Review request for ranger, Madhan Neethiraj, Mehul Parikh, and Sarath
Subramanian.
Bugs: RANGER-2417
https://issues.apache.org/jira/browse/RANGER-2417
Repository: ranger
Description
---
Atlas to set Entity owner value to RangerAccessResource ownerUser attribute for
authorization with {owner} user
Diffs
-
plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
bf588e229
plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
99510a436
Diff: https://reviews.apache.org/r/70624/diff/1/
Testing
---
1) Created entity policy for Entity resources and assigned *{owner}* as a user.
2) All the hive_table, hive_column, hive* enitites which are created by hive
hook where owner is set as *hive* were accessable when user hive was acccessing
them.
curl -u hive
http://ctr-e139-1542663976389-107809-01-04.hwx.site:21000/api/atlas/v2/entity/guid/4de39fc9-57bd-48a2-829f-231ca09aba1c
Thanks,
Nixon Rodrigues
[jira] [Updated] (RANGER-2417) Set Atlas Entity owner to RangerAccessResource ownerUser attribute for Atlas Ranger Plugin
[ https://issues.apache.org/jira/browse/RANGER-2417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2417: Description: Set Atlas Entity owner value to RangerAccessResource ownerUser attribute for Atlas Ranger Plugin. (was: Set Atlas Entity owner value to RangerAccessResource ownerUser attribute. ) > Set Atlas Entity owner to RangerAccessResource ownerUser attribute for Atlas > Ranger Plugin > -- > > Key: RANGER-2417 > URL: https://issues.apache.org/jira/browse/RANGER-2417 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Fix For: 2.0.0 > > > Set Atlas Entity owner value to RangerAccessResource ownerUser attribute for > Atlas Ranger Plugin. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2417) Set Atlas Entity owner to RangerAccessResource ownerUser attribute for Atlas Ranger Plugin
[ https://issues.apache.org/jira/browse/RANGER-2417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2417: Summary: Set Atlas Entity owner to RangerAccessResource ownerUser attribute for Atlas Ranger Plugin (was: Set Atlas Entity owner to RangerAccessResource ownerUser attribute ) > Set Atlas Entity owner to RangerAccessResource ownerUser attribute for Atlas > Ranger Plugin > -- > > Key: RANGER-2417 > URL: https://issues.apache.org/jira/browse/RANGER-2417 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Fix For: 2.0.0 > > > Set Atlas Entity owner value to RangerAccessResource ownerUser attribute. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (RANGER-2417) Set Atlas Entity owner to RangerAccessResource ownerUser attribute
Nixon Rodrigues created RANGER-2417: --- Summary: Set Atlas Entity owner to RangerAccessResource ownerUser attribute Key: RANGER-2417 URL: https://issues.apache.org/jira/browse/RANGER-2417 Project: Ranger Issue Type: Bug Components: plugins Reporter: Nixon Rodrigues Assignee: Nixon Rodrigues Fix For: 2.0.0 Set Atlas Entity owner value to RangerAccessResource ownerUser attribute. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: [VOTE] Apache Ranger Release 1.2.0-rc1
+1 for release of 1.2.0-rc1, Thanks Vel for putting Ranger 1.2.0 for release Nixon Rodrigues On Mon, Oct 1, 2018 at 8:01 AM Koji Kawamura wrote: > +1 > > verified build & signature > > Thanks, > Koji > On Mon, Oct 1, 2018 at 8:58 AM Selvamohan Neethiraj > wrote: > > > > +1 for Apache Ranger 1.2.0-rc1 release …. > > > > verified build & signature > > > > Thanks, > > Selva- > > > > > On Sep 29, 2018, at 1:27 PM, Ramesh Mani > wrote: > > > > > > +1 for release Apache Ranger 1.2.0-rc1 > > > > > > Verified build for the source with rat plugin and unit tests > > > Verified some source files > > > Verified PGP signature > > > Verified MD5/SHA > > > > > > Thanks, > > > Ramesh > > > > > > > > > > > > On 9/27/18, 4:24 PM, "Velmurugan Periasamy" wrote: > > > > > >> Hello Rangers: > > >> > > >> Thank you for your contribution to Apache Ranger community. Apache > Ranger > > >> 1.2.0 release candidate #1 is now available for a vote within dev > > >> community. > > >> > > >> Links to RC1 release artifacts are given below. Kindly request all > > >> Rangers (Dev's & PMC members) to review and vote on this release. > > >> > > >> > > >> Git tag for the release: > > >> https://github.com/apache/ranger/tree/ranger-1.2.0-rc1 (last commit > id: > > >> 39ec5a38913e1d852cffecbdb8688b2370b6318f) > > >> > > >> > > >> Sources for the release: > > >> > https://dist.apache.org/repos/dist/dev/ranger/1.2.0-rc1/apache-ranger-1.2. > > >> 0.tar.gz > > >> > > >> > > >> Source release verification: > > >> > > >> PGP Signature: > > >> > https://dist.apache.org/repos/dist/dev/ranger/1.2.0-rc1/apache-ranger-1.2. > > >> 0.tar.gz.asc > > >> > > >> MD5/SHA Hashes: > > >> > https://dist.apache.org/repos/dist/dev/ranger/1.2.0-rc1/apache-ranger-1.2. > > >> 0.tar.gz.mds > > >> > https://dist.apache.org/repos/dist/dev/ranger/1.2.0-rc1/apache-ranger-1.2. > > >> 0.tar.gz.sha1 > > >> > https://dist.apache.org/repos/dist/dev/ranger/1.2.0-rc1/apache-ranger-1.2. > > >> 0.tar.gz.sha256 > > >> > https://dist.apache.org/repos/dist/dev/ranger/1.2.0-rc1/apache-ranger-1.2. > > >> 0.tar.gz.sha512 > > >> > > >> > > >> Keys to verify the signature of the release artifact are available at: > > >> https://dist.apache.org/repos/dist/release/ranger/KEYS > > >> > > >> > > >> Release Notes: > > >> > https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+1.2.0+-+R > > >> elease+Notes > > >> > > >> > > >> Build verification steps can be found at: > > >> http://ranger.apache.org/quick_start_guide.html > > >> > > >> > > >> The vote will be open for at least 72 hours or until necessary number > of > > >> votes are reached. > > >> [ ] +1 approve > > >> [ ] +0 no opinion > > >> [ ] -1 disapprove (and reason why) > > >> > > >> Here is my +1 > > >> > > >> Thank you, > > >> Vel > > >> > > > > > >
[jira] [Commented] (RANGER-2184) Update RangerAtlas authorization to authorize add/update/remove of relationships
[ https://issues.apache.org/jira/browse/RANGER-2184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16626175#comment-16626175 ] Nixon Rodrigues commented on RANGER-2184: - [~vperiasamy] , We can resolve this issue, all the required fixes are committed, thanks > Update RangerAtlas authorization to authorize add/update/remove of > relationships > > > Key: RANGER-2184 > URL: https://issues.apache.org/jira/browse/RANGER-2184 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 1.1.0 >Reporter: Nixon Rodrigues > Assignee: Nixon Rodrigues >Priority: Major > Fix For: 2.0.0, 1.2.0 > > Attachments: RANGER-2184-1.patch, RANGER-2184.patch > > > Ranger Authorization to include authorization for new Atlas relationship > resource. > Actions : add-relationship, update-relationship, remove-relationship -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2201) Log no ranger audits when entityId value is not null or empty string
[ https://issues.apache.org/jira/browse/RANGER-2201?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2201: Fix Version/s: master > Log no ranger audits when entityId value is not null or empty string > > > Key: RANGER-2201 > URL: https://issues.apache.org/jira/browse/RANGER-2201 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Nixon Rodrigues > Assignee: Nixon Rodrigues >Priority: Major > Fix For: master > > Attachments: RANGER-2201.patch > > > Log no ranger audits when entityId value is not null or empty string -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Review Request 68522: RANGER-2201 :- Log no ranger audits when entityId value is not null or empty string
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68522/ --- Review request for ranger, Ankita Sinha, Gautam Borad, Madhan Neethiraj, Mehul Parikh, and Velmurugan Periasamy. Bugs: RANGER-2201 https://issues.apache.org/jira/browse/RANGER-2201 Repository: ranger Description --- This patch include fix to Log no ranger audits when entityId value is not null or empty string. Diffs - plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java b3aad7470 Diff: https://reviews.apache.org/r/68522/diff/1/ Testing --- Tested with null & non null entity and classification cases Thanks, Nixon Rodrigues
[jira] [Updated] (RANGER-2201) Log no ranger audits when entityId value is not null or empty string
[ https://issues.apache.org/jira/browse/RANGER-2201?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2201: Attachment: RANGER-2201.patch > Log no ranger audits when entityId value is not null or empty string > > > Key: RANGER-2201 > URL: https://issues.apache.org/jira/browse/RANGER-2201 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Nixon Rodrigues > Assignee: Nixon Rodrigues >Priority: Major > Attachments: RANGER-2201.patch > > > Log no ranger audits when entityId value is not null or empty string -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (RANGER-2201) Log no ranger audits when entityId value is not null or empty string
Nixon Rodrigues created RANGER-2201: --- Summary: Log no ranger audits when entityId value is not null or empty string Key: RANGER-2201 URL: https://issues.apache.org/jira/browse/RANGER-2201 Project: Ranger Issue Type: Bug Components: plugins Reporter: Nixon Rodrigues Assignee: Nixon Rodrigues Log no ranger audits when entityId value is not null or empty string -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Review Request 68269: RANGER-2184 : Update RangerAtlas authorization to authorize add/update/remove of relationships
> On Aug. 8, 2018, 5:13 p.m., Velmurugan Periasamy wrote: > > ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > > Lines 25 (patched) > > <https://reviews.apache.org/r/68269/diff/2/?file=2070553#file2070553line25> > > > > I am getting below compilation error in master branch. Could you please > > clarify if any atlas dependencies need to be changed? > > > > ``` > > [INFO] - > > [ERROR] COMPILATION ERROR : > > [INFO] - > > [ERROR] > > /Users/vperiasamy/git/tlp-ranger/master/ranger/ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java:[25,33] > > error: cannot find symbol > > [ERROR] symbol: class AtlasRelationshipAccessRequest > > location: package org.apache.atlas.authorize > > > > /Users/vperiasamy/git/tlp-ranger/master/ranger/ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java:[182,32] > > error: cannot find symbol > > [ERROR] symbol: class AtlasRelationshipAccessRequest > > location: class RangerAtlasAuthorizer > > > > /Users/vperiasamy/git/tlp-ranger/master/ranger/ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java:[112,16] > > error: name clash: isAccessAllowed(AtlasAdminAccessRequest) in > > RangerAtlasAuthorizer overrides a method whose erasure is the same as > > another method, yet neither overrides the other > > [ERROR] first method: isAccessAllowed(AtlasTypeAccessRequest) in > > RangerAtlasAuthorizer > > second method: isAccessAllowed(AtlasRelationshipAccessRequest) in > > RangerAtlasAuthorizer > > > > /Users/vperiasamy/git/tlp-ranger/master/ranger/ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java:[135,16] > > error: name clash: isAccessAllowed(AtlasEntityAccessRequest) in > > RangerAtlasAuthorizer overrides a method whose erasure is the same as > > another method, yet neither overrides the other > > [ERROR] first method: isAccessAllowed(AtlasTypeAccessRequest) in > > RangerAtlasAuthorizer > > second method: isAccessAllowed(AtlasRelationshipAccessRequest) in > > RangerAtlasAuthorizer > > > > /Users/vperiasamy/git/tlp-ranger/master/ranger/ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java:[158,16] > > error: name clash: isAccessAllowed(AtlasTypeAccessRequest) in > > RangerAtlasAuthorizer overrides a method whose erasure is the same as > > another method, yet neither overrides the other > > ``` I could build the patch locally, I did face above error while compile, I had to remove setting.xml from .m2 directory to get build get going, I verified that atlas libraries are published to apache repository -> https://repository.apache.org/content/repositories/snapshots/org/apache/atlas/atlas-authorization/2.0.0-SNAPSHOT/ Can you please retry. - Nixon --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68269/#review206988 --- On Aug. 8, 2018, 4:47 p.m., Nixon Rodrigues wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68269/ > --- > > (Updated Aug. 8, 2018, 4:47 p.m.) > > > Review request for ranger, Madhan Neethiraj, Mehul Parikh, and Velmurugan > Periasamy. > > > Bugs: RANGER-2184 > https://issues.apache.org/jira/browse/RANGER-2184 > > > Repository: ranger > > > Description > --- > > This patch includes update to RangerAtlas authorization to provide > authorization for Relationship with > > Actions : add-relationship, update-relationship, remove-relationship > > > Diffs > - > > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > aa815b266 > > plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java > 0ee262796 > > ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 609dddb24 > > > Diff: https://reviews.apache.org/r/68269/diff/2/ > > > Testing > --- > > Tested authorization with policies on end1 & end2 of entity-type and > classification. > > > Thanks, > > Nixon Rodrigues > >
Re: Review Request 68269: RANGER-2184 : Update RangerAtlas authorization to authorize add/update/remove of relationships
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68269/ --- (Updated Aug. 8, 2018, 4:47 p.m.) Review request for ranger, Madhan Neethiraj, Mehul Parikh, and Velmurugan Periasamy. Bugs: RANGER-2184 https://issues.apache.org/jira/browse/RANGER-2184 Repository: ranger Description --- This patch includes update to RangerAtlas authorization to provide authorization for Relationship with Actions : add-relationship, update-relationship, remove-relationship Diffs - plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java aa815b266 plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java 0ee262796 ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 609dddb24 Diff: https://reviews.apache.org/r/68269/diff/2/ Testing --- Tested authorization with policies on end1 & end2 of entity-type and classification. Thanks, Nixon Rodrigues
