[jira] [Assigned] (RANGER-3182) Prestosql is renamed to Trino
[ https://issues.apache.org/jira/browse/RANGER-3182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reassigned RANGER-3182: --- Assignee: (was: Pradeep Agrawal) > Prestosql is renamed to Trino > - > > Key: RANGER-3182 > URL: https://issues.apache.org/jira/browse/RANGER-3182 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.1.0 >Reporter: Viacheslav Kriuchkov >Priority: Blocker > Attachments: 0001-RANGER-3182-Rename-Presto-to-Trino-2.1.0.patch, > 0001-RANGER-3182-Rename-Presto-to-Trino-3.0.0-master.patch, > ranger-commons-lang3-master.patch > > > All "prestosql" classes are "trino" now and Presto plugin can't integrate > with Trino because of that. It means all Presto deployments that use Ranger > are stuck on version 350 and can't upgrade further. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3381) Upgrade to junit 4.13.1
[ https://issues.apache.org/jira/browse/RANGER-3381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17412570#comment-17412570 ] Pradeep Agrawal commented on RANGER-3381: - Patch committed to master branch : [https://github.com/apache/ranger/commit/77862fe6544dac6d85830d6e69b9fdbda8be197a] 2.2 branch commit : https://github.com/apache/ranger/commit/698c415f4780e676c51745205396d43c50dc6001 > Upgrade to junit 4.13.1 > --- > > Key: RANGER-3381 > URL: https://issues.apache.org/jira/browse/RANGER-3381 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Mahesh Hanumant Bandal >Assignee: Mahesh Hanumant Bandal >Priority: Major > Fix For: 3.0.0 > > > Upgrade junit version to 4.13.1 for best practices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3381) Upgrade to junit 4.13.1
[ https://issues.apache.org/jira/browse/RANGER-3381?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3381: Fix Version/s: 2.2.0 > Upgrade to junit 4.13.1 > --- > > Key: RANGER-3381 > URL: https://issues.apache.org/jira/browse/RANGER-3381 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Mahesh Hanumant Bandal >Assignee: Mahesh Hanumant Bandal >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > Upgrade junit version to 4.13.1 for best practices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-3285) expose user source details in ranger UI
[ https://issues.apache.org/jira/browse/RANGER-3285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3285. - Fix Version/s: 2.2.0 3.0.0 Resolution: Fixed Please close the RR. > expose user source details in ranger UI > --- > > Key: RANGER-3285 > URL: https://issues.apache.org/jira/browse/RANGER-3285 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Deepesh Joshi >Assignee: Abhishek Kumar >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > In latest version two new attributes are added when users are synced. > sync source and sync source url > Those attributes are present in database but not exposed to UI. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3043) Policy export is too slow, because method ensureAdminAndAuditAccess was call for every policies
[ https://issues.apache.org/jira/browse/RANGER-3043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17412573#comment-17412573 ] Pradeep Agrawal commented on RANGER-3043: - I tried with large set of policies(around 50k), seems i have difference of around 500ms. Please retry when you have time and provide more details. > Policy export is too slow, because method ensureAdminAndAuditAccess was call > for every policies > > > Key: RANGER-3043 > URL: https://issues.apache.org/jira/browse/RANGER-3043 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.0.0, 2.1.0 >Reporter: fengxianjing >Assignee: fengxianjing >Priority: Major > Attachments: 0001-RANGER-3043-Policy-export-is-too-slow.patch, > image-2020-10-16-17-21-12-163.png > > > !image-2020-10-16-17-21-12-163.png! -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3293) Show user source details on user tab in ranger UI.
[ https://issues.apache.org/jira/browse/RANGER-3293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3293: Fix Version/s: 2.2.0 3.0.0 > Show user source details on user tab in ranger UI. > -- > > Key: RANGER-3293 > URL: https://issues.apache.org/jira/browse/RANGER-3293 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: 0001-RANGER-3293.patch, 0002-RANGER-3293.patch > > > Two new attributes are added when users are synced. > Show them to the User details page Ranger UI. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3340) Remove htrace-core.jar from Ranger modules where it is not required
[ https://issues.apache.org/jira/browse/RANGER-3340?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17412585#comment-17412585 ] Pradeep Agrawal commented on RANGER-3340: - Link : [https://github.com/apache/ranger/commit/14367daa08903b3797edcc628c610561732cf40e] https://github.com/apache/ranger/commit/7eef860348d8cc5d1a7d1ff2e1e915a04d571a02 > Remove htrace-core.jar from Ranger modules where it is not required > > > Key: RANGER-3340 > URL: https://issues.apache.org/jira/browse/RANGER-3340 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.2.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Minor > Fix For: 3.0.0, 2.2.0 > > > Remove htrace-core.jar from Ranger modules where it is not required. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3340) Remove htrace-core.jar from Ranger modules where it is not required
[ https://issues.apache.org/jira/browse/RANGER-3340?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3340: Fix Version/s: 3.0.0 > Remove htrace-core.jar from Ranger modules where it is not required > > > Key: RANGER-3340 > URL: https://issues.apache.org/jira/browse/RANGER-3340 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.2.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Minor > Fix For: 3.0.0, 2.2.0 > > > Remove htrace-core.jar from Ranger modules where it is not required. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3362) UI Improvements.
[ https://issues.apache.org/jira/browse/RANGER-3362?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3362: Fix Version/s: 2.2.0 3.0.0 > UI Improvements. > > > Key: RANGER-3362 > URL: https://issues.apache.org/jira/browse/RANGER-3362 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: 0001-RANGER-3362.patch > > > Issue 1: Even the checkbox is selected still during deletion of role > prompting pop up saying " Select the role first". > Steps: > 1.Create policy and associate any role to it. > 2.Try to delete that role - select the role and click on delete icon- > 3.Again try to delete the same role and observe- It will ask to select a role > again but role is already selected > Actual Result: > > Issue 2: Not able to save the policy when I removed the role / group and > permissions during updating. > Steps: > 1.Create a policy and associate the role/group to it and save the policy. > 2.Remove the role/group + permissions from the same policy ,click on save > and observe. > Actual Result: Getting error message saying "error code[3020], reason[All of > users, user-groups and roles collections on the policy item were null/empty]". > Expected Result: User should able to update the policy successfully. > Improvement 3: When any role is associated with the particular user and group > and the customer is trying to delete that user and group then a proper > validation message is required. > Steps: > 1.Create a role and associate any user and group to it. > 2.Try to delete that user and group and observe. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3309) Support batch upload of tags to Ranger
[ https://issues.apache.org/jira/browse/RANGER-3309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3309: Fix Version/s: 3.0.0 > Support batch upload of tags to Ranger > -- > > Key: RANGER-3309 > URL: https://issues.apache.org/jira/browse/RANGER-3309 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > Currently, tagsync uploads tags received through Kafka events to Ranger one > event at a time. Batched upload of tags will help in improving performance of > tag ingress into Ranger. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2950) Upgrade Spring framework and Spring Security libraries.
[ https://issues.apache.org/jira/browse/RANGER-2950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2950: Fix Version/s: 2.2.0 > Upgrade Spring framework and Spring Security libraries. > --- > > Key: RANGER-2950 > URL: https://issues.apache.org/jira/browse/RANGER-2950 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Minor > Fix For: 3.0.0, 2.2.0 > > Attachments: > 0001-RANGER-2950-Upgrade-Spring-framework-and-Spring-Secu.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3349) Handling multiple grant role command for same user
[ https://issues.apache.org/jira/browse/RANGER-3349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3349: Fix Version/s: 3.0.0 > Handling multiple grant role command for same user > -- > > Key: RANGER-3349 > URL: https://issues.apache.org/jira/browse/RANGER-3349 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: suja s >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > Scenario: > 1. User testuser1 is an admin on ranger side > 2. Open a hive beeline session as testuser1 > 3. Create role r1 > role r1 is created on ranger side with testuser1 as admin user for the role > 4. Execute command "grant r1 to user testuser1" > Expected - r1 should have no changes -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3329) Request for _any access-type is denied only when on all access-types are denied
[ https://issues.apache.org/jira/browse/RANGER-3329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3329: Fix Version/s: 2.2.0 3.0.0 > Request for _any access-type is denied only when on all access-types are > denied > --- > > Key: RANGER-3329 > URL: https://issues.apache.org/jira/browse/RANGER-3329 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Madhan Neethiraj >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > Currently a request for _any access-type is denied only if all access-types > in the service-def are denied by policies. Instead of this, the policy-engine > should deny _any access if there are no allowed accesses, and at least one of > the access-type is denied. This will help address following usecase: > - when accessTypeRestrictions is defined on a resource i.e. only a subset of > access-types are shown in policy-UI, it will not be possible to create > policies that deny all accesses. In such cases, the proposed change will > enable denying _any access-type with only subset of access-types denied. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3367) [Intermittent] Ranger Admin perf logs are not getting logged after Spring Security upgrade
[ https://issues.apache.org/jira/browse/RANGER-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3367: Fix Version/s: 2.2.0 > [Intermittent] Ranger Admin perf logs are not getting logged after Spring > Security upgrade > -- > > Key: RANGER-3367 > URL: https://issues.apache.org/jira/browse/RANGER-3367 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Mahesh Hanumant Bandal >Assignee: Mahesh Hanumant Bandal >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > When debug logs are enabled, PERF logs are not generated in ranger. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3336) All policies are exported, when searching reports using roles
[ https://issues.apache.org/jira/browse/RANGER-3336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3336: Fix Version/s: 3.0.0 > All policies are exported, when searching reports using roles > - > > Key: RANGER-3336 > URL: https://issues.apache.org/jira/browse/RANGER-3336 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: 0001-RANGER-3336.patch > > > On the Reports page, when policies are searched using Role name, > and then exported, all the policies are listed in the downloaded file even if > only > one policy is shown in the search result. > Steps to reproduce : > 1. Create a policy on any role > 2. On the Reports page, search for policies using only the role name. > 3. Export the policies. > 4. In the downloaded file, all policies available in Ranger will be listed > even if the search results had one or two policies. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3395) Unnecessary 'Integer.toString()' call which degrade performance
[ https://issues.apache.org/jira/browse/RANGER-3395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17412951#comment-17412951 ] Pradeep Agrawal commented on RANGER-3395: - I tried above code multiple time on my local env. and see only 20ms difference between the two. > Unnecessary 'Integer.toString()' call which degrade performance > --- > > Key: RANGER-3395 > URL: https://issues.apache.org/jira/browse/RANGER-3395 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.0.1 >Reporter: caozhiqiang >Assignee: caozhiqiang >Priority: Major > Attachments: 3395-1.png, 3395-2.png, > RANGER-3395-branch-2.0.1.001.patch > > > There are several place used unnecessary Integer.toString() call and take to > much time in program running. these should be removed. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-3072) Build Ranger2.1.0 encounter error with Apache Maven 3.6.3
[ https://issues.apache.org/jira/browse/RANGER-3072?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3072. - Resolution: Cannot Reproduce > Build Ranger2.1.0 encounter error with Apache Maven 3.6.3 > - > > Key: RANGER-3072 > URL: https://issues.apache.org/jira/browse/RANGER-3072 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 > Environment: CentOS Linux release 7.8.2003 (Core) >Reporter: HelloWorld >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 2.1.0 > > > [INFO] Building tar: > /home/liyuanfeng/software/apache-ranger-2.1.0/target/ranger-2.1.0-admin.tar.gz > [WARNING] When creating tar entry > java.lang.reflect.UndeclaredThrowableException > at com.sun.proxy.$Proxy55.getContents (Unknown Source) > at org.codehaus.plexus.components.io.resources.Deferred.getContents > (Deferred.java:60) > at > org.codehaus.plexus.components.io.resources.proxy.ResourceInvocationHandler.invoke > (ResourceInvocationHandler.java:62) > at com.sun.proxy.$Proxy55.getContents (Unknown Source) > at org.codehaus.plexus.archiver.ArchiveEntry.getInputStream > (ArchiveEntry.java:126) > at org.codehaus.plexus.archiver.tar.TarArchiver.tarFile > (TarArchiver.java:316) > at org.codehaus.plexus.archiver.tar.TarArchiver.execute > (TarArchiver.java:171) > at org.codehaus.plexus.archiver.AbstractArchiver.createArchive > (AbstractArchiver.java:916) > at > org.apache.maven.plugin.assembly.archive.archiver.AssemblyProxyArchiver.createArchive > (AssemblyProxyArchiver.java:445) > at > org.apache.maven.plugin.assembly.archive.DefaultAssemblyArchiver.createArchive > (DefaultAssemblyArchiver.java:181) > at org.apache.maven.plugin.assembly.mojos.AbstractAssemblyMojo.execute > (AbstractAssemblyMojo.java:484) > at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo > (DefaultBuildPluginManager.java:137) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:210) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:156) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:148) > at org.apache.maven.lifecycle.internal.MojoExecutor.executeForkedExecutions > (MojoExecutor.java:355) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:200) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:156) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:148) > at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:117) > at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:81) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > (SingleThreadedBuilder.java:56) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:128) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) > at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:497) > at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced > (Launcher.java:282) > at org.codehaus.plexus.classworlds.launcher.Launcher.launch > (Launcher.java:225) > at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode > (Launcher.java:406) > at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) > Caused by: java.lang.reflect.InvocationTargetException > at sun.reflect.GeneratedMethodAccessor154.invoke (Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:497) > at > org.codehaus.plexus.components.io.resources.proxy.ResourceInvocationHandler.invoke > (ResourceInvocationHandler.java:78) > at com.sun.proxy.$Proxy55.getContents (Unknown Source) > at org.codehaus.plexus.components.io.resources.Deferred.getContents > (Deferred.java:60) > at > org.codehaus.plexus.components.io.resources.proxy.ResourceInvocationHandler.invoke > (ResourceInvocationHandler.java:62) >
[jira] [Assigned] (RANGER-3142) Access control based on groups not working for presto plugin
[
https://issues.apache.org/jira/browse/RANGER-3142?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal reassigned RANGER-3142:
---
Assignee: (was: Pradeep Agrawal)
> Access control based on groups not working for presto plugin
> -
>
> Key: RANGER-3142
> URL: https://issues.apache.org/jira/browse/RANGER-3142
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.1.0
> Environment: ranger-2.1.0-presto-plugin.tar.gz
> presto-server-347.tar.gz
>Reporter: Anchal Agarwal
>Priority: Major
> Attachments: image-2021-01-29-19-53-59-145.png,
> image-2021-01-29-19-54-02-248.png, image-2021-01-29-19-54-28-329.png,
> image-2021-01-29-19-54-50-303.png, image-2021-01-29-19-55-01-685.png,
> image-2021-01-29-19-59-42-929.png, image-2021-01-29-20-00-54-796.png
>
>
> I'm using ranger-2.1.0 for access control in prestosql-347.
> A policy with user list in 'allow conditions' works i.e. if I connect to
> presto with a user in the allowed list, my query returns the expected results.
> But instead of users, if I use group in the policy and try accessing presto
> with a user belonging to that group, then I'm denied access.
> {code:java}
> %presto
> show tables in default
> Query failed (#20210106_032741_0_dddsy): Access Denied: Cannot access
> catalog hive
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2977) ES Plugin communication may fail in secure env due to unavailability of core-site.xml
[ https://issues.apache.org/jira/browse/RANGER-2977?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2977: Fix Version/s: (was: 3.0.0) > ES Plugin communication may fail in secure env due to unavailability of > core-site.xml > - > > Key: RANGER-2977 > URL: https://issues.apache.org/jira/browse/RANGER-2977 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > > Similar issue was seen in Kafka and storm. Refer RANGER-2810 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3123) Add AlterSchema and AlterTable access control method in Ranger Presto Plugin
[ https://issues.apache.org/jira/browse/RANGER-3123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3123: Fix Version/s: (was: 3.0.0) > Add AlterSchema and AlterTable access control method in Ranger Presto Plugin > > > Key: RANGER-3123 > URL: https://issues.apache.org/jira/browse/RANGER-3123 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > > Need to add Alter Table privilege access control method implementation in the > Ranger Presto Plugin. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3371) Update algorithm to build Ranger policy-database object from Ranger policy-view object
[ https://issues.apache.org/jira/browse/RANGER-3371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17414429#comment-17414429 ] Pradeep Agrawal commented on RANGER-3371: - Addendum patch at review board : https://reviews.apache.org/dashboard/ > Update algorithm to build Ranger policy-database object from Ranger > policy-view object > -- > > Key: RANGER-3371 > URL: https://issues.apache.org/jira/browse/RANGER-3371 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > The algorithm to build Ranger policy database object from the Ranger policy > view object leaves some fields (guid, policy-type, etc.) un-initialized > during policy creation. Values of all fields whose values are known when > database policy object was created need to be initialized so that the > policy_text field-value can be used to recreate the original policy. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3371) Update algorithm to build Ranger policy-database object from Ranger policy-view object
[ https://issues.apache.org/jira/browse/RANGER-3371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17414435#comment-17414435 ] Pradeep Agrawal commented on RANGER-3371: - master branch commit : https://github.com/apache/ranger/commit/208367b859a16cd2b8be1ddc67d24ce3b71d8916 ranger-2.2 branch commit : https://github.com/apache/ranger/commit/8bd0e9d0cbfedeb795b95a8e71e500fdb7a7d44e > Update algorithm to build Ranger policy-database object from Ranger > policy-view object > -- > > Key: RANGER-3371 > URL: https://issues.apache.org/jira/browse/RANGER-3371 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > The algorithm to build Ranger policy database object from the Ranger policy > view object leaves some fields (guid, policy-type, etc.) un-initialized > during policy creation. Values of all fields whose values are known when > database policy object was created need to be initialized so that the > policy_text field-value can be used to recreate the original policy. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3371) Update algorithm to build Ranger policy-database object from Ranger policy-view object
[ https://issues.apache.org/jira/browse/RANGER-3371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17415034#comment-17415034 ] Pradeep Agrawal commented on RANGER-3371: - RR to add service type in policy json : https://reviews.apache.org/r/73545/ > Update algorithm to build Ranger policy-database object from Ranger > policy-view object > -- > > Key: RANGER-3371 > URL: https://issues.apache.org/jira/browse/RANGER-3371 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > The algorithm to build Ranger policy database object from the Ranger policy > view object leaves some fields (guid, policy-type, etc.) un-initialized > during policy creation. Values of all fields whose values are known when > database policy object was created need to be initialized so that the > policy_text field-value can be used to recreate the original policy. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3371) Update algorithm to build Ranger policy-database object from Ranger policy-view object
[ https://issues.apache.org/jira/browse/RANGER-3371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17415304#comment-17415304 ] Pradeep Agrawal commented on RANGER-3371: - master branch commit : [https://github.com/apache/ranger/commit/cbbed8b07f38af56294c2b17606c45c172a40997] 2.2 branch commit : https://github.com/apache/ranger/commit/93bb7d6cbbffece234da682f4a2a8e0c570d217c > Update algorithm to build Ranger policy-database object from Ranger > policy-view object > -- > > Key: RANGER-3371 > URL: https://issues.apache.org/jira/browse/RANGER-3371 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > The algorithm to build Ranger policy database object from the Ranger policy > view object leaves some fields (guid, policy-type, etc.) un-initialized > during policy creation. Values of all fields whose values are known when > database policy object was created need to be initialized so that the > policy_text field-value can be used to recreate the original policy. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2341) Support for Incremental policy updates to improve performance of ranger-admin and plugins by optimal building of policy-engine
[ https://issues.apache.org/jira/browse/RANGER-2341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17416842#comment-17416842 ] Pradeep Agrawal commented on RANGER-2341: - Review request for Addendum patch : https://reviews.apache.org/r/73587/ > Support for Incremental policy updates to improve performance of ranger-admin > and plugins by optimal building of policy-engine > -- > > Key: RANGER-2341 > URL: https://issues.apache.org/jira/browse/RANGER-2341 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: master >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 2.0.0 > > > Requirements: > Currently, every change to any policy causes rebuilding of policy-engine from > scratch. There are several disadvantages: > 1. Compute time for rebuilding > 2. Large traffic from ranger-admin to each of the plugins > 3. Large demand on JVM memory system resulting in frequent garbage collection > and pauses of JVM. > It will be more optimal to communicate only the changes and apply them to > existing policy-engine. > Design notes: > Policy changes are logged into a new database table. > Cache management in ranger-admin is enhanced to use this table to figure out > changes using a previously known version number (provided by module > requesting updated policies). > Policy engine supports update operation that accepts policy-deltas and > returns a new policy engine with deltas applied. > Resource Trie structures are copied from older policy-engine selectively, and > not rebuilt from scratch. > Backward compatibility is maintained with older plugins by adding another > parameter to REST API for downloading policies. > Ranger admin as well as component plugins may be configured to optionally use > policy deltas for its internal policy-engines. Policy deltas are disabled by > default. In ranger-admin, policy-deltas are enabled in the ranger-admin by > setting configuration variable 'ranger.admin.supports.policy.deltas' to true. > In individual plugins, policy-deltas are enabled by setting configuration > variable 'ranger.plugin..policy.rest.supports.policy.deltas' to > "true". > Policy delta table is cleared of records older than a week on restart of > ranger-admin. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3435) Add unique index on guid and service id column of x_policy table
Pradeep Agrawal created RANGER-3435: --- Summary: Add unique index on guid and service id column of x_policy table Key: RANGER-3435 URL: https://issues.apache.org/jira/browse/RANGER-3435 Project: Ranger Issue Type: Sub-task Components: Ranger Affects Versions: 3.0.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 3.0.0 Add unique index on guid and service id column of x_policy table. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3435) Add unique index on guid and service id column of x_policy table
[ https://issues.apache.org/jira/browse/RANGER-3435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3435: Attachment: 0001-RANGER-3435-Add-unique-index-on-guid-and-service-id-.patch > Add unique index on guid and service id column of x_policy table > > > Key: RANGER-3435 > URL: https://issues.apache.org/jira/browse/RANGER-3435 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3435-Add-unique-index-on-guid-and-service-id-.patch > > > Add unique index on guid and service id column of x_policy table. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3439) Add rest api to get or delete ranger policy based on guid
Pradeep Agrawal created RANGER-3439: --- Summary: Add rest api to get or delete ranger policy based on guid Key: RANGER-3439 URL: https://issues.apache.org/jira/browse/RANGER-3439 Project: Ranger Issue Type: Sub-task Components: Ranger Affects Versions: 3.0.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Ranger should allow to get or delete ranger policy based on policy guid. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3439) Add rest api to get or delete ranger policy based on guid
[ https://issues.apache.org/jira/browse/RANGER-3439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3439: Attachment: 0001-RANGER-3439-REST-api-to-get-or-delete-ranger-policy-.patch > Add rest api to get or delete ranger policy based on guid > - > > Key: RANGER-3439 > URL: https://issues.apache.org/jira/browse/RANGER-3439 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Attachments: > 0001-RANGER-3439-REST-api-to-get-or-delete-ranger-policy-.patch > > > Ranger should allow to get or delete ranger policy based on policy guid. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3458) Add rest api to get policy delta for given resource
Pradeep Agrawal created RANGER-3458: --- Summary: Add rest api to get policy delta for given resource Key: RANGER-3458 URL: https://issues.apache.org/jira/browse/RANGER-3458 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 3.0.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3458) Add rest api to get policy delta for given resource
[ https://issues.apache.org/jira/browse/RANGER-3458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3458: Attachment: 0001-RANGER-3458-Add-rest-api-to-get-policy-delta-for-giv.patch > Add rest api to get policy delta for given resource > --- > > Key: RANGER-3458 > URL: https://issues.apache.org/jira/browse/RANGER-3458 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Attachments: > 0001-RANGER-3458-Add-rest-api-to-get-policy-delta-for-giv.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3359) Upgrade json-smart and nimbus-jose-jwt libraries
[ https://issues.apache.org/jira/browse/RANGER-3359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3359: Attachment: (was: 0001-RANGER-3359-Upgrade-json-smart-and-nimbus-jose-jwt-l.patch) > Upgrade json-smart and nimbus-jose-jwt libraries > > > Key: RANGER-3359 > URL: https://issues.apache.org/jira/browse/RANGER-3359 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: > 0001-RANGER-3359-Upgrade-json-smart-and-nimbus-jose-jwt-l.patch > > > Proposal to upgrade json-smart version to 2.3.1 and nimbus-jose-jwt version > to 8.22.1 and make it same in all the ranger modules. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3359) Upgrade json-smart and nimbus-jose-jwt libraries
[ https://issues.apache.org/jira/browse/RANGER-3359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3359: Attachment: 0001-RANGER-3359-Upgrade-json-smart-and-nimbus-jose-jwt-l.patch > Upgrade json-smart and nimbus-jose-jwt libraries > > > Key: RANGER-3359 > URL: https://issues.apache.org/jira/browse/RANGER-3359 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: > 0001-RANGER-3359-Upgrade-json-smart-and-nimbus-jose-jwt-l.patch > > > Proposal to upgrade json-smart version to 2.3.1 and nimbus-jose-jwt version > to 8.22.1 and make it same in all the ranger modules. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3359) Upgrade json-smart and nimbus-jose-jwt libraries
[ https://issues.apache.org/jira/browse/RANGER-3359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17424591#comment-17424591 ] Pradeep Agrawal commented on RANGER-3359: - Commit Link : https://github.com/apache/ranger/commit/db9b264f61617b802b0d2fa9c3e553144fe63ae2 > Upgrade json-smart and nimbus-jose-jwt libraries > > > Key: RANGER-3359 > URL: https://issues.apache.org/jira/browse/RANGER-3359 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: > 0001-RANGER-3359-Upgrade-json-smart-and-nimbus-jose-jwt-l.patch > > > Proposal to upgrade json-smart version to 2.3.1 and nimbus-jose-jwt version > to 8.22.1 and make it same in all the ranger modules. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3359) Upgrade json-smart and nimbus-jose-jwt libraries
[ https://issues.apache.org/jira/browse/RANGER-3359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3359: Fix Version/s: (was: 2.2.0) > Upgrade json-smart and nimbus-jose-jwt libraries > > > Key: RANGER-3359 > URL: https://issues.apache.org/jira/browse/RANGER-3359 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3359-Upgrade-json-smart-and-nimbus-jose-jwt-l.patch > > > Proposal to upgrade json-smart version to 2.3.1 and nimbus-jose-jwt version > to 8.22.1 and make it same in all the ranger modules. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3480) Policy version in access audit is not matching with the policy version seen in policy view
Pradeep Agrawal created RANGER-3480: --- Summary: Policy version in access audit is not matching with the policy version seen in policy view Key: RANGER-3480 URL: https://issues.apache.org/jira/browse/RANGER-3480 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.2.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 3.0.0 Steps to reproduce the case : 1. Create a dir '/h1' with hdfs user 2. Create a policy for '/h1' having 'unix1' user in allowed condition 3. Edit the policy by adding some description 4. Check the policy version from view policy it should be 2 5. Try to create a dir '/h1/t1' he will be allowed 6. Check the policy version in access audit it showing 1 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3480) Policy version in access audit is not matching with the policy version seen in policy view
[ https://issues.apache.org/jira/browse/RANGER-3480?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3480: Attachment: 0001-RANGER-3480-Policy-version-in-access-audit-is-not-ma.patch > Policy version in access audit is not matching with the policy version seen > in policy view > -- > > Key: RANGER-3480 > URL: https://issues.apache.org/jira/browse/RANGER-3480 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.2.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3480-Policy-version-in-access-audit-is-not-ma.patch > > > Steps to reproduce the case : > 1. Create a dir '/h1' with hdfs user > 2. Create a policy for '/h1' having 'unix1' user in allowed condition > 3. Edit the policy by adding some description > 4. Check the policy version from view policy it should be 2 > 5. Try to create a dir '/h1/t1' he will be allowed > 6. Check the policy version in access audit it showing 1 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3485) db setup scripts should not convert the db user to lowercase during setup
Pradeep Agrawal created RANGER-3485: --- Summary: db setup scripts should not convert the db user to lowercase during setup Key: RANGER-3485 URL: https://issues.apache.org/jira/browse/RANGER-3485 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 3.0.0 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3493) Add unique index on service and resource_signature column of x_policy table
Pradeep Agrawal created RANGER-3493: --- Summary: Add unique index on service and resource_signature column of x_policy table Key: RANGER-3493 URL: https://issues.apache.org/jira/browse/RANGER-3493 Project: Ranger Issue Type: Sub-task Components: Ranger Affects Versions: 3.0.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 3.0.0 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3485) db setup scripts should not convert the db user to lowercase during setup
[ https://issues.apache.org/jira/browse/RANGER-3485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17432443#comment-17432443 ] Pradeep Agrawal commented on RANGER-3485: - [~bpatel] / [~bhavikpatel] : Do you remember why this change was introduced : https://github.com/apache/ranger/blame/master/security-admin/scripts/db_setup.py#L1245 > db setup scripts should not convert the db user to lowercase during setup > -- > > Key: RANGER-3485 > URL: https://issues.apache.org/jira/browse/RANGER-3485 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3485) db setup scripts should not convert the db user to lowercase during setup
[ https://issues.apache.org/jira/browse/RANGER-3485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3485: Attachment: 0001-RANGER-3485-db-setup-scripts-should-not-convert-the-.patch > db setup scripts should not convert the db user to lowercase during setup > -- > > Key: RANGER-3485 > URL: https://issues.apache.org/jira/browse/RANGER-3485 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3485-db-setup-scripts-should-not-convert-the-.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3485) db setup scripts should not convert the db user to lowercase during setup
[ https://issues.apache.org/jira/browse/RANGER-3485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17432557#comment-17432557 ] Pradeep Agrawal commented on RANGER-3485: - # Postgres sql(older version) store everything in lowercase and to avoid naming conflict we had converted. => which version ? # it retains the Naming convention like whatever you provide it will create user/group in database like "BhaVik" & "bhaVIK" (creates two database/user) to avoid this scenario => then why we dont put the value in lower case in ranger_admin_site.xml file ? > db setup scripts should not convert the db user to lowercase during setup > -- > > Key: RANGER-3485 > URL: https://issues.apache.org/jira/browse/RANGER-3485 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3485-db-setup-scripts-should-not-convert-the-.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3485) db setup scripts should not convert the db user to lowercase during setup
[ https://issues.apache.org/jira/browse/RANGER-3485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3485: Attachment: (was: 0001-RANGER-3485-db-setup-scripts-should-not-convert-the-.patch) > db setup scripts should not convert the db user to lowercase during setup > -- > > Key: RANGER-3485 > URL: https://issues.apache.org/jira/browse/RANGER-3485 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-3485) db setup scripts should not convert the db user to lowercase during setup
[ https://issues.apache.org/jira/browse/RANGER-3485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3485. - Fix Version/s: (was: 3.0.0) Resolution: Not A Bug > db setup scripts should not convert the db user to lowercase during setup > -- > > Key: RANGER-3485 > URL: https://issues.apache.org/jira/browse/RANGER-3485 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3501) Document guid based get and delete rest api
Pradeep Agrawal created RANGER-3501: --- Summary: Document guid based get and delete rest api Key: RANGER-3501 URL: https://issues.apache.org/jira/browse/RANGER-3501 Project: Ranger Issue Type: Sub-task Components: Ranger Affects Versions: 3.0.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 3.0.0 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3458) Add rest api to get policy delta for given resource
[ https://issues.apache.org/jira/browse/RANGER-3458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3458: Attachment: 0001-RANGER-3458-Add-rest-api-to-get-policy-delta-for-giv-1.patch > Add rest api to get policy delta for given resource > --- > > Key: RANGER-3458 > URL: https://issues.apache.org/jira/browse/RANGER-3458 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Attachments: > 0001-RANGER-3458-Add-rest-api-to-get-policy-delta-for-giv-1.patch, > 0001-RANGER-3458-Add-rest-api-to-get-policy-delta-for-giv.patch > > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3493) Add unique index on service and resource_signature column of x_policy table
[ https://issues.apache.org/jira/browse/RANGER-3493?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3493: Attachment: 0001-RANGER-3493-Add-unique-index-on-service-and-resource.patch > Add unique index on service and resource_signature column of x_policy table > --- > > Key: RANGER-3493 > URL: https://issues.apache.org/jira/browse/RANGER-3493 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3493-Add-unique-index-on-service-and-resource.patch > > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-3504) Create framework to execute DB patch dependent on Java patch.
[
https://issues.apache.org/jira/browse/RANGER-3504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17445687#comment-17445687
]
Pradeep Agrawal commented on RANGER-3504:
-
Patch committed :
https://github.com/apache/ranger/commit/dc6dc621fc99f1dbff355c2e2ac00472155a0baf
> Create framework to execute DB patch dependent on Java patch.
> -
>
> Key: RANGER-3504
> URL: https://issues.apache.org/jira/browse/RANGER-3504
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
>Affects Versions: 2.2.0
>Reporter: Dineshkumar Yadav
>Assignee: Dineshkumar Yadav
>Priority: Major
>
> Problem Statement
> Currently we have two sets of patches in Ranger (DB & Java patches).
> During Ranger setup, DB patches get executed first then Java patches get
> executed in an orderly manner based on their sequence.
> We don't have any mechanism where we can execute Java Patch first and it's
> dependent DB patch afterwards.
>
> Please find the below approach to handle such scenarios.
> Approach:
> # While executing DB patches, first check if any pre java patches are
> present by name starting with {*}PatchPreSql_{*}.
> # If a Pre Java patch is found then execute that java patch first.
> # Execute DB patch.
> # Check again if there are any post java patches present by name starting
> with {*}PatchPostSql_{*}.
> # If Post Java patches are found, execute them.
> # While naming the dependent Java patches we need to follow the below
> convention.
> # Currently we follow convention: *Patch_J<5 digit sequence
> number>.java*
> # Proposed naming convention for dependent Java Patch. *Patch Pre>Sql___J<5 digit sequence
> number>.java*
> Use Case:
> Suppose we have a DB patch (050-uniqueindex.sql) and there are two Java
> patches one needs to execute before and another immediately after DB patch.
> In that scenario we should use the following convention for naming java
> patches.
> Pre Java Patch : PatchPreSql_050_CleanData_J10050.java
> Post Java Patch : PatchPostSql_050_UpdateData_J10051.java
> Note: File to be changed : db_setup.py
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Updated] (RANGER-3504) Create framework to execute DB patch dependent on Java patch.
[
https://issues.apache.org/jira/browse/RANGER-3504?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-3504:
Fix Version/s: 3.0.0
> Create framework to execute DB patch dependent on Java patch.
> -
>
> Key: RANGER-3504
> URL: https://issues.apache.org/jira/browse/RANGER-3504
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
>Affects Versions: 2.2.0
>Reporter: Dineshkumar Yadav
>Assignee: Dineshkumar Yadav
>Priority: Major
> Fix For: 3.0.0
>
>
> Problem Statement
> Currently we have two sets of patches in Ranger (DB & Java patches).
> During Ranger setup, DB patches get executed first then Java patches get
> executed in an orderly manner based on their sequence.
> We don't have any mechanism where we can execute Java Patch first and it's
> dependent DB patch afterwards.
>
> Please find the below approach to handle such scenarios.
> Approach:
> # While executing DB patches, first check if any pre java patches are
> present by name starting with {*}PatchPreSql_{*}.
> # If a Pre Java patch is found then execute that java patch first.
> # Execute DB patch.
> # Check again if there are any post java patches present by name starting
> with {*}PatchPostSql_{*}.
> # If Post Java patches are found, execute them.
> # While naming the dependent Java patches we need to follow the below
> convention.
> # Currently we follow convention: *Patch_J<5 digit sequence
> number>.java*
> # Proposed naming convention for dependent Java Patch. *Patch Pre>Sql___J<5 digit sequence
> number>.java*
> Use Case:
> Suppose we have a DB patch (050-uniqueindex.sql) and there are two Java
> patches one needs to execute before and another immediately after DB patch.
> In that scenario we should use the following convention for naming java
> patches.
> Pre Java Patch : PatchPreSql_050_CleanData_J10050.java
> Post Java Patch : PatchPostSql_050_UpdateData_J10051.java
> Note: File to be changed : db_setup.py
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Resolved] (RANGER-3516) Java patch 'J10045' taking more time during upgrade.
[ https://issues.apache.org/jira/browse/RANGER-3516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3516. - Resolution: Fixed Patch committed : https://github.com/apache/ranger/commit/8068996e42d79a8c0d9bb56b77bb4ec82bfe4113 > Java patch 'J10045' taking more time during upgrade. > > > Key: RANGER-3516 > URL: https://issues.apache.org/jira/browse/RANGER-3516 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Harshal Chavan >Assignee: Mateen Mansoori >Priority: Major > > J10045 patch is taking more time to apply when we upgrade -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Reopened] (RANGER-3435) Add unique index on guid and service id column of x_policy table
[ https://issues.apache.org/jira/browse/RANGER-3435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reopened RANGER-3435: - > Add unique index on guid and service id column of x_policy table > > > Key: RANGER-3435 > URL: https://issues.apache.org/jira/browse/RANGER-3435 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3435-Add-unique-index-on-guid-and-service-id-.patch > > > Add unique index on guid and service id column of x_policy table. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3435) Add unique index on guid, service and zone_id column of x_policy table
[ https://issues.apache.org/jira/browse/RANGER-3435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3435: Summary: Add unique index on guid, service and zone_id column of x_policy table (was: Add unique index on guid and service id column of x_policy table) > Add unique index on guid, service and zone_id column of x_policy table > -- > > Key: RANGER-3435 > URL: https://issues.apache.org/jira/browse/RANGER-3435 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3435-Add-unique-index-on-guid-and-service-id-.patch > > > Add unique index on guid and service id column of x_policy table. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Reopened] (RANGER-3439) Add rest api to get or delete ranger policy based on guid
[ https://issues.apache.org/jira/browse/RANGER-3439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reopened RANGER-3439: - > Add rest api to get or delete ranger policy based on guid > - > > Key: RANGER-3439 > URL: https://issues.apache.org/jira/browse/RANGER-3439 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3439-REST-api-to-get-or-delete-ranger-policy-.patch > > > Ranger should allow to get or delete ranger policy based on policy guid. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3435) Add unique index on guid, service and zone_id column of x_policy table
[ https://issues.apache.org/jira/browse/RANGER-3435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3435: Attachment: 0001-RANGER-3435-Add-unique-index-on-guid-service-and-zon.patch > Add unique index on guid, service and zone_id column of x_policy table > -- > > Key: RANGER-3435 > URL: https://issues.apache.org/jira/browse/RANGER-3435 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3435-Add-unique-index-on-guid-and-service-id-.patch, > 0001-RANGER-3435-Add-unique-index-on-guid-service-and-zon.patch > > > Add unique index on guid and service id column of x_policy table. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3439) Add rest api to get or delete ranger policy based on guid
[ https://issues.apache.org/jira/browse/RANGER-3439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3439: Attachment: 0002-RANGER-3439-Add-rest-api-to-get-or-delete-ranger-pol.patch > Add rest api to get or delete ranger policy based on guid > - > > Key: RANGER-3439 > URL: https://issues.apache.org/jira/browse/RANGER-3439 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3439-REST-api-to-get-or-delete-ranger-policy-.patch, > 0002-RANGER-3439-Add-rest-api-to-get-or-delete-ranger-pol.patch > > > Ranger should allow to get or delete ranger policy based on policy guid. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3401) Ranger Policy search based on policy guid match
[ https://issues.apache.org/jira/browse/RANGER-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3401: Summary: Ranger Policy search based on policy guid match (was: Ranger Policy import based on policy guid match) > Ranger Policy search based on policy guid match > --- > > Key: RANGER-3401 > URL: https://issues.apache.org/jira/browse/RANGER-3401 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.2.0 >Reporter: Dineshkumar Yadav >Assignee: Pradeep Agrawal >Priority: Major > > Here we will import policies based on policy GUID > 1. If Guid matched then we replace the whole policy as it is from source > otherwise create new policy with same guid. > 2. If there is another policy with same signature at Target we make that > policy as disabled. > 3. Add label to exported policy with cluster name from they are imported -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3401) Ranger Policy search based on policy guid match
[ https://issues.apache.org/jira/browse/RANGER-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3401: Description: Ranger should provide a way to search a policy based on its guid, service and zone . (was: Here we will import policies based on policy GUID 1. If Guid matched then we replace the whole policy as it is from source otherwise create new policy with same guid. 2. If there is another policy with same signature at Target we make that policy as disabled. 3. Add label to exported policy with cluster name from they are imported) > Ranger Policy search based on policy guid match > --- > > Key: RANGER-3401 > URL: https://issues.apache.org/jira/browse/RANGER-3401 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.2.0 >Reporter: Dineshkumar Yadav >Assignee: Pradeep Agrawal >Priority: Major > > Ranger should provide a way to search a policy based on its guid, service and > zone . -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Assigned] (RANGER-3495) Ranger get role by rolename not working
[
https://issues.apache.org/jira/browse/RANGER-3495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal reassigned RANGER-3495:
---
Assignee: Pradeep Agrawal
> Ranger get role by rolename not working
> ---
>
> Key: RANGER-3495
> URL: https://issues.apache.org/jira/browse/RANGER-3495
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Reporter: Nityananda Gohain
>Assignee: Pradeep Agrawal
>Priority: Blocker
>
> The `{color:#212121}public/v2/api/roles/name/\{name}{color}` and
> `{color:#212121}public/v2/api/roles/name/{color}{name}` is throws role not
> found even if the role is present.
>
> This is from the build of master branch.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Reopened] (RANGER-3135) Ranger always ponit out "User does not have permission for this operation" when user try to query a none-exist role
[
https://issues.apache.org/jira/browse/RANGER-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal reopened RANGER-3135:
-
> Ranger always ponit out "User does not have permission for this operation"
> when user try to query a none-exist role
> ---
>
> Key: RANGER-3135
> URL: https://issues.apache.org/jira/browse/RANGER-3135
> Project: Ranger
> Issue Type: Improvement
> Components: admin
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0001-optimze-log-print-for-querying-roles.patch
>
>
> when i access /role/name/{name}, a Exception "User does not have permission
> for this operation" always been taken, even if this role doesn't exist .
> it is better to prompt user this role is not exist in this case when
> execute-user has admin permission.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (RANGER-3135) Ranger always ponit out "User does not have permission for this operation" when user try to query a none-exist role
[
https://issues.apache.org/jira/browse/RANGER-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17448924#comment-17448924
]
Pradeep Agrawal commented on RANGER-3135:
-
revert commit :
https://github.com/apache/ranger/commit/5d1272335156dfc6d32862c6ee9af2e92b087169
> Ranger always ponit out "User does not have permission for this operation"
> when user try to query a none-exist role
> ---
>
> Key: RANGER-3135
> URL: https://issues.apache.org/jira/browse/RANGER-3135
> Project: Ranger
> Issue Type: Improvement
> Components: admin
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0001-optimze-log-print-for-querying-roles.patch
>
>
> when i access /role/name/{name}, a Exception "User does not have permission
> for this operation" always been taken, even if this role doesn't exist .
> it is better to prompt user this role is not exist in this case when
> execute-user has admin permission.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (RANGER-3495) Ranger get role by rolename not working
[
https://issues.apache.org/jira/browse/RANGER-3495?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17448930#comment-17448930
]
Pradeep Agrawal commented on RANGER-3495:
-
[~nityananda] : i have reverted commit of RANGER-3135 which is causing this.
Please take the latest pull and confirm.
> Ranger get role by rolename not working
> ---
>
> Key: RANGER-3495
> URL: https://issues.apache.org/jira/browse/RANGER-3495
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Reporter: Nityananda Gohain
>Assignee: Pradeep Agrawal
>Priority: Blocker
>
> The `{color:#212121}public/v2/api/roles/name/\{name}{color}` and
> `{color:#212121}public/v2/api/roles/name/{color}{name}` is throws role not
> found even if the role is present.
>
> This is from the build of master branch.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Resolved] (RANGER-3495) Ranger get role by rolename not working
[
https://issues.apache.org/jira/browse/RANGER-3495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal resolved RANGER-3495.
-
Fix Version/s: 3.0.0
Resolution: Fixed
Please reopen if issue is still there.
> Ranger get role by rolename not working
> ---
>
> Key: RANGER-3495
> URL: https://issues.apache.org/jira/browse/RANGER-3495
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Reporter: Nityananda Gohain
>Assignee: Pradeep Agrawal
>Priority: Blocker
> Fix For: 3.0.0
>
>
> The `{color:#212121}public/v2/api/roles/name/\{name}{color}` and
> `{color:#212121}public/v2/api/roles/name/{color}{name}` is throws role not
> found even if the role is present.
>
> This is from the build of master branch.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (RANGER-3472) The createPolicy() method is not thread safe. In another word, we can create policies with same resources when creating policies concurrently
[ https://issues.apache.org/jira/browse/RANGER-3472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17450307#comment-17450307 ] Pradeep Agrawal commented on RANGER-3472: - [~Xuze Yang] : Ranger support load balancing and High availability which means Its possible to have multiple ranger-admin process running and connected to single ranger db. Ranger client modules can have comma separated multiple ranger admin host url in the configuration to post create policy requests. In this case create policy request may land on any ranger-admin host thus locking or synchronisation on code level will not work. *RANGER-3493* shall create the db constraint on the x_policy table columns (service and resource_signature). RANGER-3493 [changes|https://github.com/apache/ranger/commit/de8f5e197fb93fcb924f7a59a88013b99bd1194b] has been committed so you can try to reproduce the case again with the latest code and let us know here. I am resolving this issue, please reopen if required. > The createPolicy() method is not thread safe. In another word, we can create > policies with same resources when creating policies concurrently > - > > Key: RANGER-3472 > URL: https://issues.apache.org/jira/browse/RANGER-3472 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Xuze Yang >Priority: Major > > In our production environment, we happen to find that two policies exist with > the same resources.In this case, when we want to modify either policy, ranger > doesn't allow this operation and throws message like "*Error Code : 3010 > Another policy already exists for matching resource: policy-name=[hhh9], > service=[default-Hdfs]*". > I go through the source code about create policy, find that the > createPolicy() in class ServiceREST is not thread safe. When we create > policies concurrently, we may create several policies with the same resources. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Assigned] (RANGER-3472) The createPolicy() method is not thread safe. In another word, we can create policies with same resources when creating policies concurrently
[ https://issues.apache.org/jira/browse/RANGER-3472?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reassigned RANGER-3472: --- Assignee: Pradeep Agrawal > The createPolicy() method is not thread safe. In another word, we can create > policies with same resources when creating policies concurrently > - > > Key: RANGER-3472 > URL: https://issues.apache.org/jira/browse/RANGER-3472 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Xuze Yang >Assignee: Pradeep Agrawal >Priority: Major > > In our production environment, we happen to find that two policies exist with > the same resources.In this case, when we want to modify either policy, ranger > doesn't allow this operation and throws message like "*Error Code : 3010 > Another policy already exists for matching resource: policy-name=[hhh9], > service=[default-Hdfs]*". > I go through the source code about create policy, find that the > createPolicy() in class ServiceREST is not thread safe. When we create > policies concurrently, we may create several policies with the same resources. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Resolved] (RANGER-3472) The createPolicy() method is not thread safe. In another word, we can create policies with same resources when creating policies concurrently
[ https://issues.apache.org/jira/browse/RANGER-3472?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3472. - Fix Version/s: 3.0.0 Resolution: Fixed > The createPolicy() method is not thread safe. In another word, we can create > policies with same resources when creating policies concurrently > - > > Key: RANGER-3472 > URL: https://issues.apache.org/jira/browse/RANGER-3472 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Xuze Yang >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > > In our production environment, we happen to find that two policies exist with > the same resources.In this case, when we want to modify either policy, ranger > doesn't allow this operation and throws message like "*Error Code : 3010 > Another policy already exists for matching resource: policy-name=[hhh9], > service=[default-Hdfs]*". > I go through the source code about create policy, find that the > createPolicy() in class ServiceREST is not thread safe. When we create > policies concurrently, we may create several policies with the same resources. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-3410) Fix setup for non-ssl database connection
[ https://issues.apache.org/jira/browse/RANGER-3410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17450321#comment-17450321 ] Pradeep Agrawal commented on RANGER-3410: - can you provide more details like mysql version, driver version and the actual error message. > Fix setup for non-ssl database connection > - > > Key: RANGER-3410 > URL: https://issues.apache.org/jira/browse/RANGER-3410 > Project: Ranger > Issue Type: Improvement > Components: admin >Reporter: Andrew Charneski >Priority: Major > > When running the security-admin setup script using a non-secure mysql > endpoint, a failure occurs because new versions of the mysql client driver > require useSSL=false to enable non-secure connections. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-3232) A Potential NPE in Issue RANGER-980
[
https://issues.apache.org/jira/browse/RANGER-3232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17450373#comment-17450373
]
Pradeep Agrawal commented on RANGER-3232:
-
+1 for the patch. Please raise the review request in the review board
https://reviews.apache.org/
> A Potential NPE in Issue RANGER-980
> ---
>
> Key: RANGER-3232
> URL: https://issues.apache.org/jira/browse/RANGER-3232
> Project: Ranger
> Issue Type: Improvement
> Components: usersync
>Affects Versions: 2.2.0
>Reporter: Shiyou xin
>Priority: Major
> Fix For: 3.0.0, 2.2.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> ---
> a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
> +++
> b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
> @@ -661,7 +661,7 @@ private void computeUserDelta(Map String>> sourceUsers) {
> } else {
> XUserInfo oldUser = userCache.get(userName);
> Map oldUserAttrs = oldUser.getOtherAttrsMap();
> String oldUserDN = oldUserAttrs.get(UgsyncCommonConstants.FULL_NAME);
> if (StringUtils.equalsIgnoreCase(userDN, oldUserDN)
> &&
> StringUtils.equalsIgnoreCase(oldUserAttrs.get(UgsyncCommonConstants.SYNC_SOURCE),
> newUserAttrs.get(UgsyncC
> &&
> StringUtils.equalsIgnoreCase(oldUserAttrs.get(UgsyncCommonConstants.LDAP_URL),
> newUserAttrs.get(UgsyncComm
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (RANGER-3230) Ranger Admin - Oracle 12 - java.sql.SQLSyntaxErrorException: ORA-00923: FROM keyword not found where expected
[ https://issues.apache.org/jira/browse/RANGER-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17450377#comment-17450377 ] Pradeep Agrawal commented on RANGER-3230: - [~theyaa] : This is already handled during install/setup process. [https://github.com/apache/ranger/blob/master/security-admin/scripts/setup.sh#L665] Please check your setup/install process. > Ranger Admin - Oracle 12 - java.sql.SQLSyntaxErrorException: ORA-00923: FROM > keyword not found where expected > - > > Key: RANGER-3230 > URL: https://issues.apache.org/jira/browse/RANGER-3230 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: Theyaa Matti >Priority: Major > Labels: newbie > > Ranger Admin is throwing exception when testing Pooled Connections IDLE CHECK > with oracle 12 backend. The exception is caused by running "select 1;", which > is hardcoded into ranger-admin-default-site.xml. This command was ok on > oracle versions older than 12, but with oracle 12 it is causing the exception > below. > > java.sql.SQLSyntaxErrorException: ORA-00923: FROM keyword not found where > expected > > at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:509) > at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:461) > at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:1104) > at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:553) > at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:269) > at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:655) > at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:229) > at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:41) > at > oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:765) > at > oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:983) > at > oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1168) > at > oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:1362) > at > oracle.jdbc.driver.OracleStatementWrapper.executeQuery(OracleStatementWrapper.java:369) > at > com.mchange.v2.c3p0.impl.NewProxyStatement.executeQuery(NewProxyStatement.java:220) > at > com.mchange.v2.c3p0.impl.DefaultConnectionTester.activeCheckConnection(DefaultConnectionTester.java:286) > at > com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.testPooledConnection(C3P0PooledConnectionPool.java:510) > at > com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.finerLoggingTestPooledConnection(C3P0PooledConnectionPool.java:452) > at > com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.finerLoggingTestPooledConnection(C3P0PooledConnectionPool.java:444) > at > com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.refurbishIdleResource(C3P0PooledConnectionPool.java:434) > at > com.mchange.v2.resourcepool.BasicResourcePool$AsyncTestIdleResourceTask.run(BasicResourcePool.java:2211) > at > com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread.run(ThreadPoolAsynchronousRunner.java:696) > Caused by: Error : 923, Position : 8, Sql = select 1;, OriginalSql = select > 1;, Error Msg = ORA-00923: FROM keyword not found where expected > > at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:513) > ... 20 more -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Assigned] (RANGER-3230) Ranger Admin - Oracle 12 - java.sql.SQLSyntaxErrorException: ORA-00923: FROM keyword not found where expected
[ https://issues.apache.org/jira/browse/RANGER-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reassigned RANGER-3230: --- Assignee: Pradeep Agrawal > Ranger Admin - Oracle 12 - java.sql.SQLSyntaxErrorException: ORA-00923: FROM > keyword not found where expected > - > > Key: RANGER-3230 > URL: https://issues.apache.org/jira/browse/RANGER-3230 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: Theyaa Matti >Assignee: Pradeep Agrawal >Priority: Major > Labels: newbie > > Ranger Admin is throwing exception when testing Pooled Connections IDLE CHECK > with oracle 12 backend. The exception is caused by running "select 1;", which > is hardcoded into ranger-admin-default-site.xml. This command was ok on > oracle versions older than 12, but with oracle 12 it is causing the exception > below. > > java.sql.SQLSyntaxErrorException: ORA-00923: FROM keyword not found where > expected > > at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:509) > at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:461) > at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:1104) > at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:553) > at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:269) > at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:655) > at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:229) > at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:41) > at > oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:765) > at > oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:983) > at > oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1168) > at > oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:1362) > at > oracle.jdbc.driver.OracleStatementWrapper.executeQuery(OracleStatementWrapper.java:369) > at > com.mchange.v2.c3p0.impl.NewProxyStatement.executeQuery(NewProxyStatement.java:220) > at > com.mchange.v2.c3p0.impl.DefaultConnectionTester.activeCheckConnection(DefaultConnectionTester.java:286) > at > com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.testPooledConnection(C3P0PooledConnectionPool.java:510) > at > com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.finerLoggingTestPooledConnection(C3P0PooledConnectionPool.java:452) > at > com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.finerLoggingTestPooledConnection(C3P0PooledConnectionPool.java:444) > at > com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.refurbishIdleResource(C3P0PooledConnectionPool.java:434) > at > com.mchange.v2.resourcepool.BasicResourcePool$AsyncTestIdleResourceTask.run(BasicResourcePool.java:2211) > at > com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread.run(ThreadPoolAsynchronousRunner.java:696) > Caused by: Error : 923, Position : 8, Sql = select 1;, OriginalSql = select > 1;, Error Msg = ORA-00923: FROM keyword not found where expected > > at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:513) > ... 20 more -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Resolved] (RANGER-3230) Ranger Admin - Oracle 12 - java.sql.SQLSyntaxErrorException: ORA-00923: FROM keyword not found where expected
[ https://issues.apache.org/jira/browse/RANGER-3230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3230. - Resolution: Not A Bug > Ranger Admin - Oracle 12 - java.sql.SQLSyntaxErrorException: ORA-00923: FROM > keyword not found where expected > - > > Key: RANGER-3230 > URL: https://issues.apache.org/jira/browse/RANGER-3230 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: Theyaa Matti >Assignee: Pradeep Agrawal >Priority: Major > Labels: newbie > > Ranger Admin is throwing exception when testing Pooled Connections IDLE CHECK > with oracle 12 backend. The exception is caused by running "select 1;", which > is hardcoded into ranger-admin-default-site.xml. This command was ok on > oracle versions older than 12, but with oracle 12 it is causing the exception > below. > > java.sql.SQLSyntaxErrorException: ORA-00923: FROM keyword not found where > expected > > at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:509) > at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:461) > at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:1104) > at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:553) > at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:269) > at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:655) > at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:229) > at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:41) > at > oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:765) > at > oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:983) > at > oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1168) > at > oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:1362) > at > oracle.jdbc.driver.OracleStatementWrapper.executeQuery(OracleStatementWrapper.java:369) > at > com.mchange.v2.c3p0.impl.NewProxyStatement.executeQuery(NewProxyStatement.java:220) > at > com.mchange.v2.c3p0.impl.DefaultConnectionTester.activeCheckConnection(DefaultConnectionTester.java:286) > at > com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.testPooledConnection(C3P0PooledConnectionPool.java:510) > at > com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.finerLoggingTestPooledConnection(C3P0PooledConnectionPool.java:452) > at > com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.finerLoggingTestPooledConnection(C3P0PooledConnectionPool.java:444) > at > com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.refurbishIdleResource(C3P0PooledConnectionPool.java:434) > at > com.mchange.v2.resourcepool.BasicResourcePool$AsyncTestIdleResourceTask.run(BasicResourcePool.java:2211) > at > com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread.run(ThreadPoolAsynchronousRunner.java:696) > Caused by: Error : 923, Position : 8, Sql = select 1;, OriginalSql = select > 1;, Error Msg = ORA-00923: FROM keyword not found where expected > > at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:513) > ... 20 more -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3232) A Potential NPE in Issue RANGER-980
[
https://issues.apache.org/jira/browse/RANGER-3232?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-3232:
Fix Version/s: (was: 2.2.0)
> A Potential NPE in Issue RANGER-980
> ---
>
> Key: RANGER-3232
> URL: https://issues.apache.org/jira/browse/RANGER-3232
> Project: Ranger
> Issue Type: Improvement
> Components: usersync
>Affects Versions: 2.2.0
>Reporter: Shiyou xin
>Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> ---
> a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
> +++
> b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
> @@ -661,7 +661,7 @@ private void computeUserDelta(Map String>> sourceUsers) {
> } else {
> XUserInfo oldUser = userCache.get(userName);
> Map oldUserAttrs = oldUser.getOtherAttrsMap();
> String oldUserDN = oldUserAttrs.get(UgsyncCommonConstants.FULL_NAME);
> if (StringUtils.equalsIgnoreCase(userDN, oldUserDN)
> &&
> StringUtils.equalsIgnoreCase(oldUserAttrs.get(UgsyncCommonConstants.SYNC_SOURCE),
> newUserAttrs.get(UgsyncC
> &&
> StringUtils.equalsIgnoreCase(oldUserAttrs.get(UgsyncCommonConstants.LDAP_URL),
> newUserAttrs.get(UgsyncComm
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (RANGER-3162) Deadlocks when trying to run parallel requests against REST api
[
https://issues.apache.org/jira/browse/RANGER-3162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17450461#comment-17450461
]
Pradeep Agrawal commented on RANGER-3162:
-
Can you try again on latest code of master branch ?
> Deadlocks when trying to run parallel requests against REST api
> ---
>
> Key: RANGER-3162
> URL: https://issues.apache.org/jira/browse/RANGER-3162
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
>Affects Versions: 2.1.0
>Reporter: Adam Rempter
>Priority: Major
>
> We use Ranger 2.1.0 and latest Mariadb (single instance). We did setup
> MariaDb transaction level on DB side to READ COMMITED to ensure that we do
> not get inconsistent reads.
> However we sometimes observe database deadlocks when using Ranger REST API
> with parallel requests.
> We use API endpoint to delete and post series of five policy Json's:
> DELETE [http://localhost:6080/service/public/v2/api/policy] and
> POST [http://localhost:6080/service/public/v2/api/policy]
>
> Ranger errors:
> 2021-01-27 11:33:21,481 [http-bio-6080-exec-304] INFO
> org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:312) - Operation
> error.
> response=VXResponse={org.apache.ranger.view.VXResponse@1810c845statusCode
> =\{1} msgDesc={Exception [EclipseLink-4002] (Eclipse Persistence Services -
> 2.5.2.v20140319-9ad6abd): org.eclipse.persistence.exceptions.DatabaseException
> Internal Exception:
> com.mysql.jdbc.exceptions.jdbc4.MySQLTransactionRollbackException: Deadlock
> found when trying to get lock; try restarting transaction
> Error Code: 1213
> Call: INSERT INTO x_policy_ref_resource (ADDED_BY_ID, CREATE_TIME, policy_id,
> resource_def_id, resource_name, UPDATE_TIME, UPD_BY_ID) VALUES (?, ?, ?, ?,
> ?, ?, ?)
> bind => [7 parameters bound]
> Query: ValueReadQuery(name="x_policy_ref_resource_SEQ" sql="SELECT
> LAST_INSERT_ID()")} messageList=\{null} }
> javax.ws.rs.WebApplicationException
>
> DB level status for innoDB:
>
> LATEST DETECTED DEADLOCK
>
> 2021-01-27 11:33:21 0x7fe624762700
> *** (1) TRANSACTION:
> TRANSACTION 24004, ACTIVE 0 sec inserting
> mysql tables in use 1, locked 1
> LOCK WAIT 17 lock struct(s), heap size 1128, 6 row lock(s), undo log entries 2
> MySQL thread id 39, OS thread handle 140626830948096, query id 78458
> 172.21.0.1 ranger Update
> INSERT INTO x_policy_ref_resource (ADDED_BY_ID, CREATE_TIME, policy_id,
> resource_def_id, resource_name, UPDATE_TIME, UPD_BY_ID) VALUES (1,
> '2021-01-27 11:33:21', 417, 73, 'path', '2021-01-27 11:33:21', 1)
> *** (1) WAITING FOR THIS LOCK TO BE GRANTED:
> RECORD LOCKS space id 64 page no 22 n bits 424 index
> x_policy_ref_res_UK_polId_resDefId of table `ranger`.`x_policy_ref_resource`
> trx id 24004 lock_mode X locks gap before rec insert intention waiting
> Record lock, heap no 358 PHYSICAL RECORD: n_fields 3; compact format; info
> bits 0
> 0: len 8; hex 81a3; asc ;;
> 1: len 8; hex 8043; asc C;;
> 2: len 8; hex 8dc4; asc ;;
> *** (2) TRANSACTION:
> TRANSACTION 24005, ACTIVE 0 sec inserting
> mysql tables in use 1, locked 1
> 17 lock struct(s), heap size 1128, 6 row lock(s), undo log entries 2
> MySQL thread id 74, OS thread handle 140626430928640, query id 78478
> 172.21.0.1 ranger Update
> INSERT INTO x_policy_ref_resource (ADDED_BY_ID, CREATE_TIME, policy_id,
> resource_def_id, resource_name, UPDATE_TIME, UPD_BY_ID) VALUES (1,
> '2021-01-27 11:33:21', 418, 53, 'schema', '2021-01-27 11:33:21', 1)
> *** (2) HOLDS THE LOCK(S):
> RECORD LOCKS space id 64 page no 22 n bits 424 index
> x_policy_ref_res_UK_polId_resDefId of table `ranger`.`x_policy_ref_resource`
> trx id 24005 lock_mode X locks gap before rec
> Record lock, heap no 358 PHYSICAL RECORD: n_fields 3; compact format; info
> bits 0
> 0: len 8; hex 81a3; asc ;;
> 1: len 8; hex 8043; asc C;;
> 2: len 8; hex 8dc4; asc ;;
> *** (2) WAITING FOR THIS LOCK TO BE GRANTED:
> RECORD LOCKS space id 64 page no 22 n bits 424 index
> x_policy_ref_res_UK_polId_resDefId of table `ranger`.`x_policy_ref_resource`
> trx id 24005 lock_mode X locks gap before rec insert intention waiting
> Record lock, heap no 358 PHYSICAL RECORD: n_fields 3; compact format; info
> bits 0
> 0: len 8; hex 81a3; asc ;;
> 1: len 8; hex 8043; asc C;;
> 2: len 8; hex 8dc4; asc ;;
>
> Please advice it this is something we could tune on Ranger side? Or maybe
> some suggestions from your side how to tune DB connection parameters?
>
> Thanks in advance
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (RANGER-3290) ArrayIndexOutOfBoundsException if solr is down
[
https://issues.apache.org/jira/browse/RANGER-3290?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17450463#comment-17450463
]
Pradeep Agrawal commented on RANGER-3290:
-
[~asalamon74] : Please create Review request on review board
https://reviews.apache.org
> ArrayIndexOutOfBoundsException if solr is down
> --
>
> Key: RANGER-3290
> URL: https://issues.apache.org/jira/browse/RANGER-3290
> Project: Ranger
> Issue Type: Improvement
> Components: audit
>Reporter: Andras Salamon
>Priority: Minor
> Attachments: RANGER-3290-01.patch, RANGER-3290-02.patch
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> [SolrCollectionBootstrapper|https://github.com/apache/ranger/blob/master/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java]
> uploads a config to solr and creates a collection.
> If solr is down (there are no live servers) during the collection creation
> phase, we got a meaningful error message (from catalina.out):
> {noformat}May 19, 2021 4:37:44 PM
> org.apache.ranger.server.tomcat.SolrCollectionBootstrapper getCollections
> SEVERE: getCollections() operation failed :
> org.apache.solr.client.solrj.SolrServerException: No live SolrServers
> available to handle this request{noformat}
> On the other hand, if solr is down during the config upload phase the error
> message is not too useful:
> {noformat}May 20, 2021 8:07:59 AM
> org.apache.ranger.server.tomcat.SolrCollectionBootstrapper uploadConfiguration
> SEVERE: Error while uploading configs :
> java.lang.ArrayIndexOutOfBoundsException: 0{noformat}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Resolved] (RANGER-1198) REST API: 404 while retrieving and updating a policy with a slash in the name
[
https://issues.apache.org/jira/browse/RANGER-1198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal resolved RANGER-1198.
-
Resolution: Not A Bug
/ in a ranger policy name is not supported.
> REST API: 404 while retrieving and updating a policy with a slash in the name
> -
>
> Key: RANGER-1198
> URL: https://issues.apache.org/jira/browse/RANGER-1198
> Project: Ranger
> Issue Type: Bug
>Affects Versions: 0.6.0, 0.7.0, 0.6.1
>Reporter: André Frimberger
>Priority: Major
>
> A policy, which is created via Ranger's admin UI can contain slashes, e.g.
> ("MyPolicy Read/Execute" or "/tmp/some/test"). However, updating or
> retrieving such a policy via the REST API _fails_ with a _Bad Request_ or
> _Not found_.
> For retrieving ({{GET}}) and updating ({{PUT}}) a policy, its name is
> transferred as {{@PathParam}}:
> {code}
> @Path("/api/service/{servicename}/policy/{policyname}")
> {code}
> Obviously, {{@PathParam}} parameters shouldn't contain slashes, because
> they're interpreted as path separators. URL encoding {{policyname}} doesn't
> work (Bad Request is returned), either. Due to security implications
> (Directoy traversal attack -
> https://en.wikipedia.org/wiki/Directory_traversal_attack) Tomcat filters %2F
> from the URL path.
> I suggest to pass {{servicename}} and {{policyname}} as "query" or in case of
> updating in the message body.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (RANGER-1198) REST API: 404 while retrieving and updating a policy with a slash in the name
[
https://issues.apache.org/jira/browse/RANGER-1198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17450465#comment-17450465
]
Pradeep Agrawal commented on RANGER-1198:
-
/ in a ranger policy name is not supported.
> REST API: 404 while retrieving and updating a policy with a slash in the name
> -
>
> Key: RANGER-1198
> URL: https://issues.apache.org/jira/browse/RANGER-1198
> Project: Ranger
> Issue Type: Bug
>Affects Versions: 0.6.0, 0.7.0, 0.6.1
>Reporter: André Frimberger
>Priority: Major
>
> A policy, which is created via Ranger's admin UI can contain slashes, e.g.
> ("MyPolicy Read/Execute" or "/tmp/some/test"). However, updating or
> retrieving such a policy via the REST API _fails_ with a _Bad Request_ or
> _Not found_.
> For retrieving ({{GET}}) and updating ({{PUT}}) a policy, its name is
> transferred as {{@PathParam}}:
> {code}
> @Path("/api/service/{servicename}/policy/{policyname}")
> {code}
> Obviously, {{@PathParam}} parameters shouldn't contain slashes, because
> they're interpreted as path separators. URL encoding {{policyname}} doesn't
> work (Bad Request is returned), either. Due to security implications
> (Directoy traversal attack -
> https://en.wikipedia.org/wiki/Directory_traversal_attack) Tomcat filters %2F
> from the URL path.
> I suggest to pass {{servicename}} and {{policyname}} as "query" or in case of
> updating in the message body.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Assigned] (RANGER-1198) REST API: 404 while retrieving and updating a policy with a slash in the name
[
https://issues.apache.org/jira/browse/RANGER-1198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal reassigned RANGER-1198:
---
Assignee: Pradeep Agrawal
> REST API: 404 while retrieving and updating a policy with a slash in the name
> -
>
> Key: RANGER-1198
> URL: https://issues.apache.org/jira/browse/RANGER-1198
> Project: Ranger
> Issue Type: Bug
>Affects Versions: 0.6.0, 0.7.0, 0.6.1
>Reporter: André Frimberger
>Assignee: Pradeep Agrawal
>Priority: Major
>
> A policy, which is created via Ranger's admin UI can contain slashes, e.g.
> ("MyPolicy Read/Execute" or "/tmp/some/test"). However, updating or
> retrieving such a policy via the REST API _fails_ with a _Bad Request_ or
> _Not found_.
> For retrieving ({{GET}}) and updating ({{PUT}}) a policy, its name is
> transferred as {{@PathParam}}:
> {code}
> @Path("/api/service/{servicename}/policy/{policyname}")
> {code}
> Obviously, {{@PathParam}} parameters shouldn't contain slashes, because
> they're interpreted as path separators. URL encoding {{policyname}} doesn't
> work (Bad Request is returned), either. Due to security implications
> (Directoy traversal attack -
> https://en.wikipedia.org/wiki/Directory_traversal_attack) Tomcat filters %2F
> from the URL path.
> I suggest to pass {{servicename}} and {{policyname}} as "query" or in case of
> updating in the message body.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Resolved] (RANGER-2338) Ranger Internal Groups doesn't solve any problem, its an Alias
[ https://issues.apache.org/jira/browse/RANGER-2338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2338. - Resolution: Information Provided > Ranger Internal Groups doesn't solve any problem, its an Alias > -- > > Key: RANGER-2338 > URL: https://issues.apache.org/jira/browse/RANGER-2338 > Project: Ranger > Issue Type: Bug > Components: usersync >Reporter: Ankesh >Priority: Major > > As I understand, the default 'user/group mapping service' will always check > groups on OS layer. Is that right ? > what is the point of creating users in Ranger, if we always need to create > them on the OS layer, and assign groups on OS layer too. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Assigned] (RANGER-2338) Ranger Internal Groups doesn't solve any problem, its an Alias
[ https://issues.apache.org/jira/browse/RANGER-2338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reassigned RANGER-2338: --- Assignee: Pradeep Agrawal > Ranger Internal Groups doesn't solve any problem, its an Alias > -- > > Key: RANGER-2338 > URL: https://issues.apache.org/jira/browse/RANGER-2338 > Project: Ranger > Issue Type: Bug > Components: usersync >Reporter: Ankesh >Assignee: Pradeep Agrawal >Priority: Major > > As I understand, the default 'user/group mapping service' will always check > groups on OS layer. Is that right ? > what is the point of creating users in Ranger, if we always need to create > them on the OS layer, and assign groups on OS layer too. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-2338) Ranger Internal Groups doesn't solve any problem, its an Alias
[ https://issues.apache.org/jira/browse/RANGER-2338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17450480#comment-17450480 ] Pradeep Agrawal commented on RANGER-2338: - This helps in other permissions in ranger ui like ranger module permissions, user/groups tab permissions, audit tab permissions. > Ranger Internal Groups doesn't solve any problem, its an Alias > -- > > Key: RANGER-2338 > URL: https://issues.apache.org/jira/browse/RANGER-2338 > Project: Ranger > Issue Type: Bug > Components: usersync >Reporter: Ankesh >Priority: Major > > As I understand, the default 'user/group mapping service' will always check > groups on OS layer. Is that right ? > what is the point of creating users in Ranger, if we always need to create > them on the OS layer, and assign groups on OS layer too. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Assigned] (RANGER-2388) db_setup is not using counTries properly
[
https://issues.apache.org/jira/browse/RANGER-2388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal reassigned RANGER-2388:
---
Assignee: Pradeep Agrawal
> db_setup is not using counTries properly
> -
>
> Key: RANGER-2388
> URL: https://issues.apache.org/jira/browse/RANGER-2388
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Affects Versions: master
>Reporter: Bolke de Bruin
>Assignee: Pradeep Agrawal
>Priority: Major
>
> line 300:
>
> {code:java}
> while(isSchemaCreated==False or countTries<2):
>
> {code}
>
> should read
>
> {code:java}
> while(isSchemaCreated==False and countTries<2):{code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Resolved] (RANGER-3528) Ranger Group creation audit is not shown during service creation
[ https://issues.apache.org/jira/browse/RANGER-3528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3528. - Fix Version/s: 3.0.0 Resolution: Fixed https://github.com/apache/ranger/commit/bb9b3cd14d5ebdb5381ca4a03db27b469c2277e1 > Ranger Group creation audit is not shown during service creation > > > Key: RANGER-3528 > URL: https://issues.apache.org/jira/browse/RANGER-3528 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Mateen N Mansoori >Assignee: Mateen Mansoori >Priority: Major > Fix For: 3.0.0 > > > Tried to create a test service in HDFS and provided below configs : > "default-policy.1.policyItem.1.group" and provided value as 'grp1' > The group provided in this config "default-policy.1.policyItem.1.groups" gets > created but its audit is not shown in the Admin Tab. > Same issue occurs when > 1) used - "default.policy.groups" config during service creation > 2) used - "ranger.default.policy.groups" config in ranger-admin-site.xml -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Assigned] (RANGER-3528) Ranger Group creation audit is not shown during service creation
[ https://issues.apache.org/jira/browse/RANGER-3528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reassigned RANGER-3528: --- Assignee: Mateen Mansoori > Ranger Group creation audit is not shown during service creation > > > Key: RANGER-3528 > URL: https://issues.apache.org/jira/browse/RANGER-3528 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Mateen N Mansoori >Assignee: Mateen Mansoori >Priority: Major > > Tried to create a test service in HDFS and provided below configs : > "default-policy.1.policyItem.1.group" and provided value as 'grp1' > The group provided in this config "default-policy.1.policyItem.1.groups" gets > created but its audit is not shown in the Admin Tab. > Same issue occurs when > 1) used - "default.policy.groups" config during service creation > 2) used - "ranger.default.policy.groups" config in ranger-admin-site.xml -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-3439) Add rest api to get or delete ranger policy based on guid
[ https://issues.apache.org/jira/browse/RANGER-3439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17452729#comment-17452729 ] Pradeep Agrawal commented on RANGER-3439: - committed the updated patch : https://github.com/apache/ranger/commit/000e6351ee4628979a20e2b72ac6f226e6dd1c0e > Add rest api to get or delete ranger policy based on guid > - > > Key: RANGER-3439 > URL: https://issues.apache.org/jira/browse/RANGER-3439 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3439-REST-api-to-get-or-delete-ranger-policy-.patch, > 0002-RANGER-3439-Add-rest-api-to-get-or-delete-ranger-pol.patch > > > Ranger should allow to get or delete ranger policy based on policy guid. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-2967) Add support for Amazon CloudWatch Logs as an Audit Store
[ https://issues.apache.org/jira/browse/RANGER-2967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2967: Attachment: 0001-RANGER-2967-Add-support-for-Amazon-CloudWatch-Logs-a.patch > Add support for Amazon CloudWatch Logs as an Audit Store > > > Key: RANGER-2967 > URL: https://issues.apache.org/jira/browse/RANGER-2967 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 2.0.0 >Reporter: Yao >Priority: Minor > Labels: newbie, patch-available > Attachments: > 0001-Add-support-for-Amazon-CloudWatch-Logs-as-an-Audit-S.patch, > 0001-RANGER-2967-Add-support-for-Amazon-CloudWatch-Logs-a.patch > > Original Estimate: 168h > Remaining Estimate: 168h > > This change is to add CloudWatch Logs to the list of Ranger supported audit > stores. With this change, Ranger users will be allowed to configure their > plugins to send audit events to Amazon CloudWatch Logs. Further, customers > can query the events using Amazon CloudWatch Insights. > This functionality is built with a newly introduced audit destination > 'AmazonCloudWatchAuditDestination'. Ranger users can enable it in the way > similar to other types of audit destinations like Solr. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-2967) Add support for Amazon CloudWatch Logs as an Audit Store
[ https://issues.apache.org/jira/browse/RANGER-2967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17454379#comment-17454379 ] Pradeep Agrawal commented on RANGER-2967: - [~yInnovation] : have resolved merge conflict and have attached the updated patch [^0001-RANGER-2967-Add-support-for-Amazon-CloudWatch-Logs-a.patch] > Add support for Amazon CloudWatch Logs as an Audit Store > > > Key: RANGER-2967 > URL: https://issues.apache.org/jira/browse/RANGER-2967 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 2.0.0 >Reporter: Yao >Priority: Minor > Labels: newbie, patch-available > Attachments: > 0001-Add-support-for-Amazon-CloudWatch-Logs-as-an-Audit-S.patch, > 0001-RANGER-2967-Add-support-for-Amazon-CloudWatch-Logs-a.patch > > Original Estimate: 168h > Remaining Estimate: 168h > > This change is to add CloudWatch Logs to the list of Ranger supported audit > stores. With this change, Ranger users will be allowed to configure their > plugins to send audit events to Amazon CloudWatch Logs. Further, customers > can query the events using Amazon CloudWatch Insights. > This functionality is built with a newly introduced audit destination > 'AmazonCloudWatchAuditDestination'. Ranger users can enable it in the way > similar to other types of audit destinations like Solr. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-2967) Add support for Amazon CloudWatch Logs as an Audit Store
[ https://issues.apache.org/jira/browse/RANGER-2967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2967: Fix Version/s: 3.0.0 > Add support for Amazon CloudWatch Logs as an Audit Store > > > Key: RANGER-2967 > URL: https://issues.apache.org/jira/browse/RANGER-2967 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 2.0.0 >Reporter: Yao >Priority: Minor > Labels: newbie, patch-available > Fix For: 3.0.0 > > Attachments: > 0001-Add-support-for-Amazon-CloudWatch-Logs-as-an-Audit-S.patch, > 0001-RANGER-2967-Add-support-for-Amazon-CloudWatch-Logs-a.patch > > Original Estimate: 168h > Remaining Estimate: 168h > > This change is to add CloudWatch Logs to the list of Ranger supported audit > stores. With this change, Ranger users will be allowed to configure their > plugins to send audit events to Amazon CloudWatch Logs. Further, customers > can query the events using Amazon CloudWatch Insights. > This functionality is built with a newly introduced audit destination > 'AmazonCloudWatchAuditDestination'. Ranger users can enable it in the way > similar to other types of audit destinations like Solr. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-2967) Add support for Amazon CloudWatch Logs as an Audit Store
[ https://issues.apache.org/jira/browse/RANGER-2967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17454429#comment-17454429 ] Pradeep Agrawal commented on RANGER-2967: - [~yInnovation] : Can you upload and publish the patch in your review request which i have attached today. > Add support for Amazon CloudWatch Logs as an Audit Store > > > Key: RANGER-2967 > URL: https://issues.apache.org/jira/browse/RANGER-2967 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 2.0.0 >Reporter: Yao >Priority: Minor > Labels: newbie, patch-available > Fix For: 3.0.0 > > Attachments: > 0001-Add-support-for-Amazon-CloudWatch-Logs-as-an-Audit-S.patch, > 0001-RANGER-2967-Add-support-for-Amazon-CloudWatch-Logs-a.patch > > Original Estimate: 168h > Remaining Estimate: 168h > > This change is to add CloudWatch Logs to the list of Ranger supported audit > stores. With this change, Ranger users will be allowed to configure their > plugins to send audit events to Amazon CloudWatch Logs. Further, customers > can query the events using Amazon CloudWatch Insights. > This functionality is built with a newly introduced audit destination > 'AmazonCloudWatchAuditDestination'. Ranger users can enable it in the way > similar to other types of audit destinations like Solr. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3502) Make GET zone APIs accessible to authorized users only
[
https://issues.apache.org/jira/browse/RANGER-3502?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-3502:
Fix Version/s: 3.0.0
> Make GET zone APIs accessible to authorized users only
> --
>
> Key: RANGER-3502
> URL: https://issues.apache.org/jira/browse/RANGER-3502
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Kishor Gollapalliwar
>Assignee: Kishor Gollapalliwar
>Priority: Major
> Fix For: 3.0.0
>
>
> Currently get
> [zones|https://ranger.apache.org/apidocs/resource_SecurityZoneREST.html#resource_SecurityZoneREST_getAllZones_GET]
> API returns all zones even for users who are not authorized to zone modules.
> Restrict this API to only users who are authorized to zone module.
> Steps to reproduce:
> # Create a internal user name, test_user1
> # Remove the permission on Security Zone module for a user
> # Login as test_user1 user to Ranger Admin, user should not be able to see
> Security Zone tab
> # Access the API using curl
> {code:java}
> curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H
> "Content-Type:application/json"
> "https://:6182/service/zones/zones"
> {code}
> {code:java}
> curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H
> "Content-Type:application/json"
> "https://:6182/service/zones/zones/{ID}"
> {code}
> {code:java}
> curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H
> "Content-Type:application/json"
> "https://:6182/service/zones/zones/name/{ZONE_NAME}"
> {code}
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (RANGER-2967) Add support for Amazon CloudWatch Logs as an Audit Store
[ https://issues.apache.org/jira/browse/RANGER-2967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17454941#comment-17454941 ] Pradeep Agrawal commented on RANGER-2967: - [~yInnovation] : please close the RR https://reviews.apache.org/r/72800/ > Add support for Amazon CloudWatch Logs as an Audit Store > > > Key: RANGER-2967 > URL: https://issues.apache.org/jira/browse/RANGER-2967 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 2.0.0 >Reporter: Yao >Priority: Minor > Labels: newbie, patch-available > Fix For: 3.0.0 > > Attachments: > 0001-Add-support-for-Amazon-CloudWatch-Logs-as-an-Audit-S.patch, > 0001-RANGER-2967-Add-support-for-Amazon-CloudWatch-Logs-a.patch > > Original Estimate: 168h > Remaining Estimate: 168h > > This change is to add CloudWatch Logs to the list of Ranger supported audit > stores. With this change, Ranger users will be allowed to configure their > plugins to send audit events to Amazon CloudWatch Logs. Further, customers > can query the events using Amazon CloudWatch Insights. > This functionality is built with a newly introduced audit destination > 'AmazonCloudWatchAuditDestination'. Ranger users can enable it in the way > similar to other types of audit destinations like Solr. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Resolved] (RANGER-3401) Ranger Policy search based on policy guid match
[ https://issues.apache.org/jira/browse/RANGER-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3401. - Resolution: Duplicate > Ranger Policy search based on policy guid match > --- > > Key: RANGER-3401 > URL: https://issues.apache.org/jira/browse/RANGER-3401 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.2.0 >Reporter: Dineshkumar Yadav >Assignee: Pradeep Agrawal >Priority: Major > > Ranger should provide a way to search a policy based on its guid, service and > zone . -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (RANGER-3539) Add jacoco-maven-plugin for code coverage
Pradeep Agrawal created RANGER-3539: --- Summary: Add jacoco-maven-plugin for code coverage Key: RANGER-3539 URL: https://issues.apache.org/jira/browse/RANGER-3539 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 3.0.0 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-2358) Upgrade Jackson Databind to 2.9.8
[ https://issues.apache.org/jira/browse/RANGER-2358?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2358: Fix Version/s: 3.0.0 > Upgrade Jackson Databind to 2.9.8 > - > > Key: RANGER-2358 > URL: https://issues.apache.org/jira/browse/RANGER-2358 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-2358-Upgrade-Jackson-Databind-to-2.9.8.patch > > > Upgrade Jackson Databind from 2.7.8 to 2.9.8 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (RANGER-3540) Add support to read audit logs from Amazon CloudWatch
Pradeep Agrawal created RANGER-3540: --- Summary: Add support to read audit logs from Amazon CloudWatch Key: RANGER-3540 URL: https://issues.apache.org/jira/browse/RANGER-3540 Project: Ranger Issue Type: Improvement Components: Ranger Affects Versions: 3.0.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 3.0.0 Add support to read audit logs from Amazon CloudWatch and display the content in Ranger UI. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3539) Add jacoco-maven-plugin for code coverage
[ https://issues.apache.org/jira/browse/RANGER-3539?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3539: Description: References : # [https://www.baeldung.com/jacoco] # [https://www.baeldung.com/sonarqube-jacoco-code-coverage] # [https://mkyong.com/maven/maven-jacoco-code-coverage-example/] # [https://medium.com/backend-habit/generate-codecoverage-report-with-jacoco-and-sonarqube-ed15c4045885] > Add jacoco-maven-plugin for code coverage > - > > Key: RANGER-3539 > URL: https://issues.apache.org/jira/browse/RANGER-3539 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > > References : > # [https://www.baeldung.com/jacoco] > # [https://www.baeldung.com/sonarqube-jacoco-code-coverage] > # [https://mkyong.com/maven/maven-jacoco-code-coverage-example/] > # > [https://medium.com/backend-habit/generate-codecoverage-report-with-jacoco-and-sonarqube-ed15c4045885] > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-3298) Add coarse URI check for Hive Agent
[ https://issues.apache.org/jira/browse/RANGER-3298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17456136#comment-17456136 ] Pradeep Agrawal commented on RANGER-3298: - PMD fix RR link : https://reviews.apache.org/r/73750/ Commits Link : https://github.com/apache/ranger/commit/fcea57497766576c97591801fcd81e63b9a532b0 https://github.com/apache/ranger/commit/00dd3fcd88aa6e10bf1f2e3a68c76a85c7218de2 > Add coarse URI check for Hive Agent > --- > > Key: RANGER-3298 > URL: https://issues.apache.org/jira/browse/RANGER-3298 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Janus Chow >Priority: Major > Fix For: 3.0.0 > > Time Spent: 40m > Remaining Estimate: 0h > > In `RangerHiveAuthorizer`, the function of `checkPrivileges` will check the > permission for the `HivePrivilegeObject` with > `FileUtils.isActionPermittedForFileHierarchy`, and this method will check the > permission for all the files under the related directory by default. > For a large table with thousands of files, this operation will take a long > time, leading to breaking the SLA. Besides, in the default implementation of > `StorageBasedAuthorizationProvider` in Hive, only the directories will be > checked too. > This ticket is to add a config for users to do a coarse check for URI > permission check. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-3490) Make policy resource signature is unique in a service
[ https://issues.apache.org/jira/browse/RANGER-3490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17456139#comment-17456139 ] Pradeep Agrawal commented on RANGER-3490: - Patch 2 commit link : https://github.com/apache/ranger/commit/65543320e43b94e09b07eba647bf347b8b64fe14 > Make policy resource signature is unique in a service > - > > Key: RANGER-3490 > URL: https://issues.apache.org/jira/browse/RANGER-3490 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0 > > > There may be multiple policies with the same resource signature within a > service (at most one enabled policy and potentially any number of disabled > policies). Therefore, the resource-signature uniqueness within a service > cannot be enforced at the database level. > The proposal is to encode GUID of a disabled policy within the resource > signature, thus making the resource signature unique within a service. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-3290) ArrayIndexOutOfBoundsException if solr is down
[
https://issues.apache.org/jira/browse/RANGER-3290?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17456877#comment-17456877
]
Pradeep Agrawal commented on RANGER-3290:
-
[~asalamon74] Please check the review comment and change the patch format.
> ArrayIndexOutOfBoundsException if solr is down
> --
>
> Key: RANGER-3290
> URL: https://issues.apache.org/jira/browse/RANGER-3290
> Project: Ranger
> Issue Type: Improvement
> Components: audit
>Reporter: Andras Salamon
>Priority: Minor
> Attachments: RANGER-3290-01.patch, RANGER-3290-02.patch
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> [SolrCollectionBootstrapper|https://github.com/apache/ranger/blob/master/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java]
> uploads a config to solr and creates a collection.
> If solr is down (there are no live servers) during the collection creation
> phase, we got a meaningful error message (from catalina.out):
> {noformat}May 19, 2021 4:37:44 PM
> org.apache.ranger.server.tomcat.SolrCollectionBootstrapper getCollections
> SEVERE: getCollections() operation failed :
> org.apache.solr.client.solrj.SolrServerException: No live SolrServers
> available to handle this request{noformat}
> On the other hand, if solr is down during the config upload phase the error
> message is not too useful:
> {noformat}May 20, 2021 8:07:59 AM
> org.apache.ranger.server.tomcat.SolrCollectionBootstrapper uploadConfiguration
> SEVERE: Error while uploading configs :
> java.lang.ArrayIndexOutOfBoundsException: 0{noformat}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Resolved] (RANGER-3427) Null Dereference in PublicApis.java
[ https://issues.apache.org/jira/browse/RANGER-3427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3427. - Fix Version/s: 3.0.0 Resolution: Fixed commit link: https://github.com/apache/ranger/commit/07b293187838c00073a34ba63b50bbeff7069e89 > Null Dereference in PublicApis.java > --- > > Key: RANGER-3427 > URL: https://issues.apache.org/jira/browse/RANGER-3427 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek Kumar >Assignee: Mallika Gogoi >Priority: Minor > Fix For: 3.0.0 > > Attachments: RANGER-3427-v3.patch > > > Dereferecing null pointer in PublicAPIs.java: line numbers 282,317,368. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3539) Add jacoco-maven-plugin for code coverage
[ https://issues.apache.org/jira/browse/RANGER-3539?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3539: Attachment: 0001-RANGER-3539-Add-jacoco-maven-plugin-for-code-coverag.patch > Add jacoco-maven-plugin for code coverage > - > > Key: RANGER-3539 > URL: https://issues.apache.org/jira/browse/RANGER-3539 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3539-Add-jacoco-maven-plugin-for-code-coverag.patch > > > References : > # [https://www.baeldung.com/jacoco] > # [https://www.baeldung.com/sonarqube-jacoco-code-coverage] > # [https://mkyong.com/maven/maven-jacoco-code-coverage-example/] > # > [https://medium.com/backend-habit/generate-codecoverage-report-with-jacoco-and-sonarqube-ed15c4045885] > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3540) Add support to read audit logs from Amazon CloudWatch
[ https://issues.apache.org/jira/browse/RANGER-3540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3540: Attachment: 0001-RANGER-3540-Add-support-to-read-audit-logs-from-Amaz.patch > Add support to read audit logs from Amazon CloudWatch > - > > Key: RANGER-3540 > URL: https://issues.apache.org/jira/browse/RANGER-3540 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3540-Add-support-to-read-audit-logs-from-Amaz.patch > > > Add support to read audit logs from Amazon CloudWatch and display the content > in Ranger UI. -- This message was sent by Atlassian Jira (v8.20.1#820001)
