[jira] [Updated] (RANGER-3603) HDFS audit files rollover improvement to trigger rollover in monitoring thread
[ https://issues.apache.org/jira/browse/RANGER-3603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3603: Affects Version/s: 2.2.0 3.0.0 > HDFS audit files rollover improvement to trigger rollover in monitoring thread > -- > > Key: RANGER-3603 > URL: https://issues.apache.org/jira/browse/RANGER-3603 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0, 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 3.0.0, 2.3.0 > > > HDFS audit files rollover improvement to trigger rollover in monitoring > thread. Currently file rollover happens based on the audit event occurrence. > If there are no event happening, then the created hdfs or any cloud location > audit file will be kept opened until an auditing event occurs. This result in > files that are opened beyond the configured rollover time. e.g if the file > rollover time is 1 day, some files are kept opened beyond 1 day. This may > cause some inconvenience when audit files are read by an external tools for > analysis on a daily basis. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (RANGER-3603) HDFS audit files rollover improvement to trigger rollover in monitoring thread
Ramesh Mani created RANGER-3603: --- Summary: HDFS audit files rollover improvement to trigger rollover in monitoring thread Key: RANGER-3603 URL: https://issues.apache.org/jira/browse/RANGER-3603 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Ramesh Mani Assignee: Ramesh Mani HDFS audit files rollover improvement to trigger rollover in monitoring thread. Currently file rollover happens based on the audit event occurrence. If there are no event happening, then the created hdfs or any cloud location audit file will be kept opened until an auditing event occurs. This result in files that are opened beyond the configured rollover time. e.g if the file rollover time is 1 day, some files are kept opened beyond 1 day. This may cause some inconvenience when audit files are read by an external tools for analysis on a daily basis. -- This message was sent by Atlassian Jira (v8.20.1#820001)
Re: Review Request 73821: RANGER-3593: Hive authorizer fix for access to {OWNER} user
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73821/#review223998
---
Ship it!
Ship It!
- Ramesh Mani
On Jan. 26, 2022, 7:28 p.m., Madhan Neethiraj wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73821/
> ---
>
> (Updated Jan. 26, 2022, 7:28 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay
> Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and
> Velmurugan Periasamy.
>
>
> Bugs: RANGER-3593
> https://issues.apache.org/jira/browse/RANGER-3593
>
>
> Repository: ranger
>
>
> Description
> ---
>
> updated Hive authorizer to populate owner attribute in resources, so that
> policy-engine can use this to authorize access
>
>
> Diffs
> -
>
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
> 5a0a0fffe
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHivePolicyProvider.java
> 5c0fe7fc2
>
>
> Diff: https://reviews.apache.org/r/73821/diff/1/
>
>
> Testing
> ---
>
> - verified that users who created database/table have permissions granted to
> {OWNER}
>
>
> Thanks,
>
> Madhan Neethiraj
>
>
[jira] [Updated] (RANGER-3599) Behavior of chmod and chown should be consistent when fallback to hadoop acl is not enabled
[ https://issues.apache.org/jira/browse/RANGER-3599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3599: Description: Behavior for chmod and chown should be consistent when fallback to hadoop acl is not enabled. Currently even though the user is the owner of the file, chmod is not allowing the user to change the permission when fallback to hadoop ACL is not enabled. Also "chown" should behave the same way like what is there when hadoop acl is enabled. This is follow up patch for https://issues.apache.org/jira/browse/RANGER-3148 issue. was: Behavior for chmod and chown should be consistent when fallback to hadoop acl is not enabled. Currently even though the user is the owner of the file, chmod is not allowing the user to change the permission when fallback to hadoop ACL is not enabled. Also "chown" should behave the same way like what is there when hadoop acl is enabled. > Behavior of chmod and chown should be consistent when fallback to hadoop acl > is not enabled > --- > > Key: RANGER-3599 > URL: https://issues.apache.org/jira/browse/RANGER-3599 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.3.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Minor > > Behavior for chmod and chown should be consistent when fallback to hadoop acl > is not enabled. > Currently even though the user is the owner of the file, chmod is not > allowing the user to change the permission when fallback to hadoop ACL is not > enabled. > Also "chown" should behave the same way like what is there when hadoop acl is > enabled. > This is follow up patch for > https://issues.apache.org/jira/browse/RANGER-3148 issue. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Assigned] (RANGER-3599) Behavior of chmod and chown should be consistent when fallback to hadoop acl is not enabled
[ https://issues.apache.org/jira/browse/RANGER-3599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani reassigned RANGER-3599: --- Assignee: Ramesh Mani > Behavior of chmod and chown should be consistent when fallback to hadoop acl > is not enabled > --- > > Key: RANGER-3599 > URL: https://issues.apache.org/jira/browse/RANGER-3599 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.3.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Minor > > Behavior for chmod and chown should be consistent when fallback to hadoop acl > is not enabled. > Currently even though the user is the owner of the file, chmod is not > allowing the user to change the permission when fallback to hadoop ACL is not > enabled. > Also "chown" should behave the same way like what is there when hadoop acl is > enabled. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (RANGER-3599) Behavior of chmod and chown should be consistent when fallback to hadoop acl is not enabled
Ramesh Mani created RANGER-3599: --- Summary: Behavior of chmod and chown should be consistent when fallback to hadoop acl is not enabled Key: RANGER-3599 URL: https://issues.apache.org/jira/browse/RANGER-3599 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 3.0.0, 2.3.0 Reporter: Ramesh Mani Behavior for chmod and chown should be consistent when fallback to hadoop acl is not enabled. Currently even though the user is the owner of the file, chmod is not allowing the user to change the permission when fallback to hadoop ACL is not enabled. Also "chown" should behave the same way like what is there when hadoop acl is enabled. -- This message was sent by Atlassian Jira (v8.20.1#820001)
Re: Review Request 73799: RANGER-3584: ServiceTags are not computed correctly by applying incremental changes to existing ServiceTags
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73799/#review223959 --- Ship it! Ship It! - Ramesh Mani On Jan. 12, 2022, 11:29 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73799/ > --- > > (Updated Jan. 12, 2022, 11:29 p.m.) > > > Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan > Periasamy. > > > Bugs: RANGER-3584 > https://issues.apache.org/jira/browse/RANGER-3584 > > > Repository: ranger > > > Description > --- > > When incremental tags computation is enabled, instead of loading all > ServiceTags from database, only the changes from previous known tag-version > are loaded and applied to current ServiceTags. This computation is not done > currently in some cases and resulting ServiceTags does not contain > information about the newly added tags. > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerServiceTagsDeltaUtil.java > 088b2b8d6 > > > Diff: https://reviews.apache.org/r/73799/diff/1/ > > > Testing > --- > > Compiled and ran all unit tests successfully. > > > Thanks, > > Abhay Kulkarni > >
Re: Review Request 73792: RANGER-3578: Simplify code for policy label creation
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73792/#review223942 --- Ship it! Ship It! - Ramesh Mani On Jan. 7, 2022, 8:23 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73792/ > --- > > (Updated Jan. 7, 2022, 8:23 p.m.) > > > Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, > Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3578 > https://issues.apache.org/jira/browse/RANGER-3578 > > > Repository: ranger > > > Description > --- > > Current design for creating policy-labels involves creating ad-loc > transaction and synchronized block. This may lead to concurrency issues when > multiple clients are creating/updating policies with same labels. > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 85adda54b > > security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelHelper.java > 2e17092cf > > > Diff: https://reviews.apache.org/r/73792/diff/1/ > > > Testing > --- > > Ran all unit tests successfully. > Used ranger-admin docker container to verify > - policy updated with labels is saved and retrieved correctly. > - policy updated by removing labels is saved and retrieved correctly. > > > Thanks, > > Abhay Kulkarni > >
Re: Review Request 73781: RANGER-3566: updated version in pom.xml to 2.3.0-SNAPSHOT
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73781/#review223916 --- Ship it! Ship It! - Ramesh Mani On Jan. 2, 2022, 8:05 a.m., Madhan Neethiraj wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73781/ > --- > > (Updated Jan. 2, 2022, 8:05 a.m.) > > > Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay > Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-3566 > https://issues.apache.org/jira/browse/RANGER-3566 > > > Repository: ranger > > > Description > --- > > updated version in pom.xml to 2.3.0-SNAPSHOT > > > Diffs > - > > agents-audit/pom.xml 821364c91 > agents-common/pom.xml 4d05f4101 > agents-cred/pom.xml 01ae297ac > agents-installer/pom.xml eda7f70cf > credentialbuilder/pom.xml ff3c79075 > dev-support/ranger-docker/.env 7381fb239 > distro/pom.xml c7af590e6 > docs/pom.xml 1f75afd7c > embeddedwebserver/pom.xml bdc93d641 > hbase-agent/pom.xml 87b5d7c7f > hdfs-agent/pom.xml 46321414c > hive-agent/pom.xml 50516e4c2 > intg/pom.xml f89badb24 > jisql/pom.xml 02c75a233 > kms/pom.xml bde268fbf > knox-agent/pom.xml 5248d89a4 > plugin-atlas/pom.xml 73d2aac7c > plugin-elasticsearch/pom.xml 41fdfaa22 > plugin-kafka/pom.xml 8e3cf033d > plugin-kms/pom.xml a8c25cbe1 > plugin-kudu/pom.xml e0f2b5caf > plugin-kylin/pom.xml e71362bb3 > plugin-nifi-registry/pom.xml dac08ecba > plugin-nifi/pom.xml 19159a28e > plugin-ozone/pom.xml d0da284f4 > plugin-presto/pom.xml 60d7f829a > plugin-schema-registry/pom.xml 559b00d27 > plugin-solr/pom.xml a2df332e9 > plugin-sqoop/pom.xml 22b616bf1 > plugin-yarn/pom.xml b6d79ed7c > pom.xml f400a9ee1 > ranger-atlas-plugin-shim/pom.xml d41494ec8 > ranger-elasticsearch-plugin-shim/pom.xml d2c25f10e > ranger-examples/conditions-enrichers/pom.xml 6b0e10be5 > ranger-examples/distro/pom.xml a7ee04455 > ranger-examples/plugin-sampleapp/pom.xml f7975bb15 > ranger-examples/pom.xml a2aeb7cd0 > ranger-examples/sample-client/pom.xml 626ea65e8 > ranger-examples/sampleapp/pom.xml 3f15c45f3 > ranger-hbase-plugin-shim/pom.xml 92a4fe358 > ranger-hdfs-plugin-shim/pom.xml 75799961b > ranger-hive-plugin-shim/pom.xml eb949d3c9 > ranger-kafka-plugin-shim/pom.xml 22d5899d2 > ranger-kms-plugin-shim/pom.xml d53d0cf7f > ranger-knox-plugin-shim/pom.xml 8aa4b1fcf > ranger-kylin-plugin-shim/pom.xml 022fa3d8b > ranger-ozone-plugin-shim/pom.xml 9710c01ba > ranger-plugin-classloader/pom.xml 0f970510f > ranger-presto-plugin-shim/pom.xml 25f09ec61 > ranger-solr-plugin-shim/pom.xml 85afc82d2 > ranger-sqoop-plugin-shim/pom.xml 296c3e5fe > ranger-storm-plugin-shim/pom.xml d22987fbb > ranger-tools/pom.xml 88f57e05a > ranger-util/pom.xml 4a52719ae > ranger-yarn-plugin-shim/pom.xml 412f8801d > security-admin/pom.xml 56d8e24c4 > storm-agent/pom.xml 0e4b9404a > tagsync/pom.xml 32435b5a7 > ugsync-util/pom.xml 128e82fff > ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml 3f5110aa2 > ugsync/pom.xml 2b44c2a4a > unixauthclient/pom.xml 7b9d4f279 > unixauthnative/pom.xml 9d9b5da90 > unixauthpam/pom.xml 7ebb7339c > unixauthservice/pom.xml 6a1e77710 > > > Diff: https://reviews.apache.org/r/73781/diff/1/ > > > Testing > --- > > - verified that ranger-2.3 branch build succeeds > - verified that Ranger admin and plugins startup successfully in docker > containers > > > Thanks, > > Madhan Neethiraj > >
Re: Review Request 73780: RANGER-3565: updated RangerRESTClient with option to retry calls to Ranger admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73780/#review223910 --- Ship it! Ship It! - Ramesh Mani On Jan. 1, 2022, 11:10 p.m., Madhan Neethiraj wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73780/ > --- > > (Updated Jan. 1, 2022, 11:10 p.m.) > > > Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay > Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-3565 > https://issues.apache.org/jira/browse/RANGER-3565 > > > Repository: ranger > > > Description > --- > > - updated RangerRESTClient to optionally retry calls to Ranger admin > - updated plugins common and ugsync modules to set retry options, based on > configuration > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > 32834879d > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java > 695212d5b > > knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java > 03166214d > > ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java > ce9d27fd8 > > ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java > 991d71f00 > > > Diff: https://reviews.apache.org/r/73780/diff/2/ > > > Testing > --- > > - verified that when calls to Ranger admin fails, plugins retry configured > number of times > > > Thanks, > > Madhan Neethiraj > >
Re: Review Request 73780: RANGER-3565: updated RangerRESTClient with option to retry calls to Ranger admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73780/#review223909 --- agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java Lines 110 (patched) <https://reviews.apache.org/r/73780/#comment312942> RangerAdminJersey2RESTClient also needs this improvement, please fix it. - Ramesh Mani On Jan. 1, 2022, 9 a.m., Madhan Neethiraj wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73780/ > --- > > (Updated Jan. 1, 2022, 9 a.m.) > > > Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay > Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-3565 > https://issues.apache.org/jira/browse/RANGER-3565 > > > Repository: ranger > > > Description > --- > > - updated RangerRESTClient to optionally retry calls to Ranger admin > - updated plugins common and ugsync modules to set retry options, based on > configuration > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > 32834879d > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java > 695212d5b > > ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java > ce9d27fd8 > > ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java > 991d71f00 > > > Diff: https://reviews.apache.org/r/73780/diff/1/ > > > Testing > --- > > - verified that when calls to Ranger admin fails, plugins retry configured > number of times > > > Thanks, > > Madhan Neethiraj > >
Re: Review Request 73771: RANGER-3557: Upgrade to use log4j 2.17.0+ version to ensure that we are using supported version of log4j
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73771/#review223883 --- Ship it! Ship It! - Ramesh Mani On Dec. 20, 2021, 4:32 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73771/ > --- > > (Updated Dec. 20, 2021, 4:32 a.m.) > > > Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, > Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3557 > https://issues.apache.org/jira/browse/RANGER-3557 > > > Repository: ranger > > > Description > --- > > RANGER-3557: Upgrade to use log4j 2.17.0+ version to ensure that we are using > supported version of log4j > > > Diffs > - > > pom.xml 9953d9757 > > > Diff: https://reviews.apache.org/r/73771/diff/1/ > > > Testing > --- > > Verified in local vm by build the project and checking for log4j jar which > are < 2.17.0 version. None of them there in Apache ranger. > Apache Ranger doesn't pack log4j jars hence it is fine, we just change the > dependency jar version which are used in some of the modules in ranger. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 73769: RANGER-3556: Ranger tagsync logs unnecessary messages
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73769/#review223871 --- Ship it! Ship It! - Ramesh Mani On Dec. 17, 2021, 6:51 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73769/ > --- > > (Updated Dec. 17, 2021, 6:51 p.m.) > > > Review request for ranger and Ramesh Mani. > > > Bugs: RANGER-3556 > https://issues.apache.org/jira/browse/RANGER-3556 > > > Repository: ranger > > > Description > --- > > A lot of messages are seen in tagsync log when there are no messages to read > in the Kafka queue. > > > INFO org.apache.ranger.tagsync.source.atlas.AtlasTagSource: > AtlasTagSource.ConsumerRunnable.run: no message from NotificationConsumer > within 1000 milliseconds > > > Diffs > - > > > tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/AtlasTagSource.java > e9fe02f8e > > > Diff: https://reviews.apache.org/r/73769/diff/1/ > > > Testing > --- > > Compiled and passed all unit tests > > > Thanks, > > Abhay Kulkarni > >
[jira] [Resolved] (RANGER-3547) Upgrade to use log4j 2.16.0+ version to ensure that we are using supported version of log4j
[ https://issues.apache.org/jira/browse/RANGER-3547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani resolved RANGER-3547. - Resolution: Fixed > Upgrade to use log4j 2.16.0+ version to ensure that we are using supported > version of log4j > --- > > Key: RANGER-3547 > URL: https://issues.apache.org/jira/browse/RANGER-3547 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.2.0, 2.2.0 >Reporter: Selvamohan Neethiraj >Assignee: Ramesh Mani >Priority: Blocker > Fix For: 3.0.0, 2.3.0 > > > Upgrade to use log4j 2.16.0+ version to ensure that we are using supported > version of log4j -- This message was sent by Atlassian Jira (v8.20.1#820001)
Re: Review Request 73760: RANGER-3547:Upgrade to use log4j 2.16.0+ version to ensure that we are using supported version of log4j
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73760/ --- (Updated Dec. 15, 2021, 4:22 p.m.) Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- updated match due to wrong patch upload Bugs: RANGER-3547 https://issues.apache.org/jira/browse/RANGER-3547 Repository: ranger Description --- RANGER-3547:Upgrade to use log4j 2.16.0+ version to ensure that we are using supported version of log4j Diffs (updated) - pom.xml a5021bc4b Diff: https://reviews.apache.org/r/73760/diff/2/ Changes: https://reviews.apache.org/r/73760/diff/1-2/ Testing --- - Verified in local build, log4j 2.16.0 is present in the modules which are using it. Thanks, Ramesh Mani
Review Request 73760: RANGER-3547:Upgrade to use log4j 2.16.0+ version to ensure that we are using supported version of log4j
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73760/ --- Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-3547 https://issues.apache.org/jira/browse/RANGER-3547 Repository: ranger Description --- RANGER-3547:Upgrade to use log4j 2.16.0+ version to ensure that we are using supported version of log4j Diffs - agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 6430b989a pom.xml a5021bc4b Diff: https://reviews.apache.org/r/73760/diff/1/ Testing --- - Verified in local build, log4j 2.16.0 is present in the modules which are using it. Thanks, Ramesh Mani
[jira] [Updated] (RANGER-3547) Upgrade to use log4j 2.16.0+ version to ensure that we are using supported version of log4j
[ https://issues.apache.org/jira/browse/RANGER-3547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3547: Summary: Upgrade to use log4j 2.16.0+ version to ensure that we are using supported version of log4j (was: Upgrade to use log4j 2.15.0+ version to ensure that we are using supported version of log4j) > Upgrade to use log4j 2.16.0+ version to ensure that we are using supported > version of log4j > --- > > Key: RANGER-3547 > URL: https://issues.apache.org/jira/browse/RANGER-3547 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.2.0, 2.2.0 >Reporter: Selvamohan Neethiraj >Assignee: Ramesh Mani >Priority: Blocker > Fix For: 3.0.0, 2.3.0 > > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3547) Upgrade to use log4j 2.16.0+ version to ensure that we are using supported version of log4j
[ https://issues.apache.org/jira/browse/RANGER-3547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3547: Description: Upgrade to use log4j 2.16.0+ version to ensure that we are using supported version of log4j > Upgrade to use log4j 2.16.0+ version to ensure that we are using supported > version of log4j > --- > > Key: RANGER-3547 > URL: https://issues.apache.org/jira/browse/RANGER-3547 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.2.0, 2.2.0 >Reporter: Selvamohan Neethiraj >Assignee: Ramesh Mani >Priority: Blocker > Fix For: 3.0.0, 2.3.0 > > > Upgrade to use log4j 2.16.0+ version to ensure that we are using supported > version of log4j -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Reopened] (RANGER-3547) Upgrade to use log4j 2.15.0+ version to ensure that we are using supported version of log4j
[ https://issues.apache.org/jira/browse/RANGER-3547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani reopened RANGER-3547: - Reopen to update the version to log4j 2.16.0 > Upgrade to use log4j 2.15.0+ version to ensure that we are using supported > version of log4j > --- > > Key: RANGER-3547 > URL: https://issues.apache.org/jira/browse/RANGER-3547 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.2.0, 2.2.0 >Reporter: Selvamohan Neethiraj >Assignee: Ramesh Mani >Priority: Blocker > Fix For: 3.0.0, 2.3.0 > > -- This message was sent by Atlassian Jira (v8.20.1#820001)
Re: Review Request 73758: RANGER-3548: Update performance engine test scripts
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73758/#review223845 --- Ship it! Ship It! - Ramesh Mani On Dec. 13, 2021, 3:53 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73758/ > --- > > (Updated Dec. 13, 2021, 3:53 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-3548 > https://issues.apache.org/jira/browse/RANGER-3548 > > > Repository: ranger > > > Description > --- > > It is useful to have scripts to create a file containing large number of > tagged entities that can be uploaded into Ranger using file-based interface > supported by tagsync. Such scripts are useful in populating a large number of > tagged entities in Ranger for testing performance/memory characteristics of > Ranger admin and the services using Ranger as an authorizer. > > > Diffs > - > > distro/src/main/assembly/ranger-tools.xml 1eb9104b5 > ranger-tools/scripts/create_tags_file.sh PRE-CREATION > ranger-tools/scripts/gen_service_tags.sh 9a81a0a19 > > > Diff: https://reviews.apache.org/r/73758/diff/1/ > > > Testing > --- > > - Created a file containing tagged hive entities > - Uploaded generated file into Ranger using tagsync's file-based interface > - Ensured that the tagged entities are downloaded to hive service > > > Thanks, > > Abhay Kulkarni > >
[jira] [Commented] (RANGER-3547) Upgrade to use log4j 2.15.0+ version to ensure that we are using supported version of log4j
[ https://issues.apache.org/jira/browse/RANGER-3547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17458487#comment-17458487 ] Ramesh Mani commented on RANGER-3547: - [~sneethiraj] upgrading log4j 1 to log4j 2 may need more on the Apache Ranger Project as a whole. I shall raise a new Jira for that effort. In this JIRA we just upgrade the impacted log4j 2 version only. > Upgrade to use log4j 2.15.0+ version to ensure that we are using supported > version of log4j > --- > > Key: RANGER-3547 > URL: https://issues.apache.org/jira/browse/RANGER-3547 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.2.0, 2.2.0 >Reporter: Selvamohan Neethiraj >Assignee: Ramesh Mani >Priority: Blocker > Fix For: 3.0.0, 2.3.0 > > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Resolved] (RANGER-3547) Upgrade to use log4j 2.15.0+ version to ensure that we are using supported version of log4j
[ https://issues.apache.org/jira/browse/RANGER-3547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani resolved RANGER-3547. - Resolution: Fixed > Upgrade to use log4j 2.15.0+ version to ensure that we are using supported > version of log4j > --- > > Key: RANGER-3547 > URL: https://issues.apache.org/jira/browse/RANGER-3547 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.2.0, 2.2.0 >Reporter: Selvamohan Neethiraj >Assignee: Ramesh Mani >Priority: Blocker > Fix For: 3.0.0, 2.3.0 > > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3547) Upgrade to use log4j 2.15.0+ version to ensure that we are using supported version of log4j
[ https://issues.apache.org/jira/browse/RANGER-3547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3547: Fix Version/s: 3.0.0 2.3.0 > Upgrade to use log4j 2.15.0+ version to ensure that we are using supported > version of log4j > --- > > Key: RANGER-3547 > URL: https://issues.apache.org/jira/browse/RANGER-3547 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.2.0, 2.2.0 >Reporter: Selvamohan Neethiraj >Assignee: Ramesh Mani >Priority: Blocker > Fix For: 3.0.0, 2.3.0 > > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Assigned] (RANGER-3547) Upgrade to use log4j 2.15.0+ version to ensure that we are using supported version of log4j
[ https://issues.apache.org/jira/browse/RANGER-3547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani reassigned RANGER-3547: --- Assignee: Ramesh Mani > Upgrade to use log4j 2.15.0+ version to ensure that we are using supported > version of log4j > --- > > Key: RANGER-3547 > URL: https://issues.apache.org/jira/browse/RANGER-3547 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.2.0, 2.2.0 >Reporter: Selvamohan Neethiraj >Assignee: Ramesh Mani >Priority: Blocker > -- This message was sent by Atlassian Jira (v8.20.1#820001)
Review Request 73757: RANGER-3547:Upgrade to use log4j 2.15.0+ version to ensure that we are using supported version of log4j
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73757/ --- Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-3547: https://issues.apache.org/jira/browse/RANGER-3547: Repository: ranger Description --- RANGER-3547:Upgrade to use log4j 2.15.0+ version to ensure that we are using supported version of log4j Diffs - pom.xml 6d3cafcf4 Diff: https://reviews.apache.org/r/73757/diff/1/ Testing --- - Verified in local vm by build the project and checking for log4j jar which are < 2.15.0 version. None of them there in Apache ranger. - Apache Ranger doesn't pack log4j jars hence it is fine, we just change the dependency jar version which are used in some of the modules in ranger. Thanks, Ramesh Mani
Re: Review Request 73752: RANGER-3536: Compress Spool JSON Audit Logs
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73752/#review223835 --- agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java Line 189 (original), 197 (patched) <https://reviews.apache.org/r/73752/#comment312886> creation of .gz spool files should be controlled nu a configuration. Current behavior should be there by default and plugin which needs this format can be enabling it. By the way audit spool files are created because either the destinations are down or through put of audit generated are high, in which case queue buffer size can be increased so spooling wont happen With the introduction of Audit filter in Ranger-3000 you can configure audit filters to reduce uncessary audits. - Ramesh Mani On Dec. 9, 2021, 7:11 p.m., David Mollitor wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73752/ > --- > > (Updated Dec. 9, 2021, 7:11 p.m.) > > > Review request for ranger. > > > Repository: ranger > > > Description > --- > > Allow audit plugins to write GZIP compressed audit log files to the spool > directory. > > > Diffs > - > > > agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java > f8c2aa5f3 > > > Diff: https://reviews.apache.org/r/73752/diff/4/ > > > Testing > --- > > > Thanks, > > David Mollitor > >
Review Request 73750: RANGER-3298:Add coarse URI check for Hive Agent-PMD fix
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73750/ --- Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-3298 https://issues.apache.org/jira/browse/RANGER-3298 Repository: ranger Description --- RANGER-3298:Add coarse URI check for Hive Agent-PMD fix Diffs - hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java ad857e424 Diff: https://reviews.apache.org/r/73750/diff/1/ Testing --- - There is a PMD in the previous patch for this jira. - Fixed the PMD and verified in local vm Thanks, Ramesh Mani
[jira] [Updated] (RANGER-3167) security-admin build failed for apache-ranger-2.1.0
[ https://issues.apache.org/jira/browse/RANGER-3167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3167: Fix Version/s: 2.1.0 > security-admin build failed for apache-ranger-2.1.0 > --- > > Key: RANGER-3167 > URL: https://issues.apache.org/jira/browse/RANGER-3167 > Project: Ranger > Issue Type: Task > Components: Ranger >Reporter: zhu jing >Priority: Major > Fix For: 2.1.0 > > > I faced below exception while package security-admin for apache-ranger-2.1.0. > by command mvn clean install -DskipTests=true > [INFO] Running 'npm install --https-proxy=http://:1081 > --proxy=http://xxx:1081' in > /root/apache-ranger-2.1.0/security-admin/target/jsmain > [WARNING] npm WARN security-admin@2.0.0 No description > [WARNING] npm WARN security-admin@2.0.0 No repository field. > [WARNING] npm WARN security-admin@2.0.0 No license field. > [ERROR] > [INFO] Uglify file: > /root/apache-ranger-2.1.0/security-admin/target/security-admin-web-2.1.0/scripts/Main.min.js > [ERROR] WARN: Output exceeds 32000 characters > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-1737) Fix potential performance issue introduced by RANGER-1181
[ https://issues.apache.org/jira/browse/RANGER-1737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-1737: Fix Version/s: 0.7.0 > Fix potential performance issue introduced by RANGER-1181 > -- > > Key: RANGER-1737 > URL: https://issues.apache.org/jira/browse/RANGER-1737 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.7.0, 0.7.1 >Reporter: Madhan Neethiraj >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 0.7.0 > > > Fix in RANGER-1181 added fallback to native authorizer for each level - > parent/ancestor/self/subAccess. In the newly added fallback cases, > FsAction.NONE was sent to the default authorizer - which caused the default > authorizer to traverse the entire sub-tree to validate subAccess. This can > cause performance issues, if the subtree has large number of > files/directories. > Calls to default authorizer should send null, instead of FsAction.NONE - this > will eliminate the unnecessary subtree traversal. > CC: [~arpitagarwal] -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-1841) Audit log record for 'use dbName' hive command contains large number of tags
[ https://issues.apache.org/jira/browse/RANGER-1841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-1841: Fix Version/s: 0.7.0 > Audit log record for 'use dbName' hive command contains large number of tags > > > Key: RANGER-1841 > URL: https://issues.apache.org/jira/browse/RANGER-1841 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Madhan Neethiraj >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 0.7.0 > > > When a Hive service is configured for tag-based authorization, the audit log > generated for ‘use dbName’ command would contain all the tags associated > with: the database, all tables in the database, all the columns in the > database. The number of tags in this audit log could be too many; and having > such large number of tags in audit logs of 'use ' command may not be > useful. It will be better not to log tags in audit logs for 'use ' > commands. Policy-id recorded in the audit log can be used to identity the > tag, if a tag-based policy authorized the command. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-1843) Tag enricher performance improvement in identifying tags for resource being accessed
[ https://issues.apache.org/jira/browse/RANGER-1843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-1843: Fix Version/s: 0.7.0 > Tag enricher performance improvement in identifying tags for resource being > accessed > > > Key: RANGER-1843 > URL: https://issues.apache.org/jira/browse/RANGER-1843 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Madhan Neethiraj >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 0.7.0 > > > Performance improvements in RANGER-1771, in finding the policies for a given > resource, should be made in tag-enricher as well - to optimize finding of > tags applicable for a given resource, -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-2847) Add support/Fix Test connection with Ozone service
[
https://issues.apache.org/jira/browse/RANGER-2847?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramesh Mani updated RANGER-2847:
Fix Version/s: 3.0.0
> Add support/Fix Test connection with Ozone service
> --
>
> Key: RANGER-2847
> URL: https://issues.apache.org/jira/browse/RANGER-2847
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.1.0
>Reporter: Abhishek Shukla
>Assignee: Abhishek Kumar
>Priority: Major
> Labels: ozone
> Fix For: 3.0.0
>
>
> Currently, Test Connection with Ozone Service is failing with this error.
> {noformat}
> java.lang.NoClassDefFoundError:
> org/apache/hadoop/ozone/client/OzoneClientFactory.{noformat}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Updated] (RANGER-2910) Add kerberos and SSL support for client libraries
[ https://issues.apache.org/jira/browse/RANGER-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-2910: Fix Version/s: 3.0.0 2.2.0 > Add kerberos and SSL support for client libraries > - > > Key: RANGER-2910 > URL: https://issues.apache.org/jira/browse/RANGER-2910 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Abhishek Kumar >Assignee: Abhishek Kumar >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Original Estimate: 48h > Remaining Estimate: 48h > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3014) fix for RANGER-2789 breaks current functionality
[
https://issues.apache.org/jira/browse/RANGER-3014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramesh Mani updated RANGER-3014:
Fix Version/s: 3.0.0
2.2.0
> fix for RANGER-2789 breaks current functionality
>
>
> Key: RANGER-3014
> URL: https://issues.apache.org/jira/browse/RANGER-3014
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Reporter: Georgi Ivanov
>Assignee: Mahesh Hanumant Bandal
>Priority: Major
> Fix For: 3.0.0, 2.2.0
>
> Attachments:
> 0001-RANGER-3014-fix-for-RANGER-2789-breaks-current-funct.patch, After
> Reverting RANGER-2789.png, Reverted RANGER-2789- userlookup in permission
> tab.png, add-a-query-condition.png, cpu_utilization_for_user_lookup.png,
> ranger-crashed while user-lookup in permission tab.png, with RANGER-2789 and
> RANGER-3014 .png
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Since we upgraded to Ranger 2.1.0 in our dev env, we've noticed that user
> list page in Ranger Admin UI is not showing (or it is very very slow - in the
> order of tens of minutes).
> Looking at the commit history we found that the reason was commit
> *f45054d1b9* which was meant as a performance improvement for RANGER-2789.
> Our ranger usersync fetches users and groups from AD. Our tree is huge, here
> are some stats:
> {code:java}
> select count(*) from x_user;
> 43368
> select count(*) from x_portal_user;
> 43366
> select count(*) from x_group;
> 17865
> select count(*) from x_group_users;
> 366180 {code}
>
> Looking at the commit *f45054d1b9* what it meant to solve is perform a user
> lookup and fetching user info such as attributes and group membership in
> bulk, instead of doing it in a loop, one by one. In order to do that it
> provided couple of methods and also an override for searchXUsers in
> service/XUserService.java (before we used the parent method in
> service/XUserServiceBase.java).
>
> The new searchXUsers method (which gets invoked when we call
> /service/xusers/users REST API, calls populateViewBeans (another new method).
> It calls the parent method populateViewBeans in XUserServiceBase.java which
> build a hashmap or users and calls an override of populateViewBeans with
> input hashmap
> {code:java}
> + public List populateViewBeans(List resources) {
> + List viewBeans = new ArrayList<>();
> + if (CollectionUtils.isNotEmpty(resources)) {
> + Map resourceViewBeanMap = new
> HashMap<>(resources.size());
> + Map viewBeanResourceMap = new
> HashMap<>(resources.size());
> + for (XXUser resource : resources) {
> + VXUser viewBean = createViewObject();
> +
> viewBean.setCredStoreId(resource.getCredStoreId());
> +
> viewBean.setDescription(resource.getDescription());
> + viewBean.setName(resource.getName());
> + viewBean.setStatus(resource.getStatus());
> + resourceViewBeanMap.put(resource, viewBean);
> + viewBeanResourceMap.put(viewBean, resource);
> + viewBeans.add(viewBean);
> + }
> + populateViewBeans(resourceViewBeanMap);
> + mapEntityToViewBeans(viewBeanResourceMap);
> + }
> + return viewBeans;
> + }
> +
> + protected void populateViewBeans(Map
> resourceViewBeanMap) {
> + mapBaseAttributesToViewBeans(resourceViewBeanMap);
> + } {code}
>
> This in turns calls mapBaseAttributesToViewBeans, which calls
> daoManager.getXXPortalUser().findAllXPortalUser() and it pulls all users (no
> matter that we limit the users with a REST call to 25 by default)
> That's one thing that hampers performance. However the biggest issue is this:
> {code:java}
> + @Override
> + public List populateViewBeans(List xUsers) {
> + List vObjList = super.populateViewBeans(xUsers);
> + if (CollectionUtils.isNotEmpty(vObjList) &&
> CollectionUtils.isNotEmpty(xUsers) && xUsers.size() == vObjList.size()) {
> + Map xUserIdVObjMap = new
> HashMap<>(xUsers.size());
> + for (int i = 0; i < xUsers.size(); ++i) {
> +
[jira] [Updated] (RANGER-2940) Removing a user from a group is not reflected in Ranger
[ https://issues.apache.org/jira/browse/RANGER-2940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-2940: Fix Version/s: 3.0.0 2.2.0 > Removing a user from a group is not reflected in Ranger > --- > > Key: RANGER-2940 > URL: https://issues.apache.org/jira/browse/RANGER-2940 > Project: Ranger > Issue Type: Bug > Components: Ranger, usersync >Affects Versions: 2.0.0 >Reporter: Sailaja Polavarapu >Assignee: Sailaja Polavarapu >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: > 0001-RANGER-2940-Added-code-to-update-user-roles-when-gro.patch > > > Ranger usersync is configured to use AD/LDAP as sync source with incremental > sync option enabled and "ranger.usersync.group.based.role.assignment.rules" > with value ""_SYS_ADMIN:g:". > In this case, even after removing a user from an ADMIN privilege group, > ranger UI still shows an admin role for that user. > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3055) Make Ranger source code FIPS complaint
[ https://issues.apache.org/jira/browse/RANGER-3055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3055: Fix Version/s: 3.0.0 2.2.0 > Make Ranger source code FIPS complaint > -- > > Key: RANGER-3055 > URL: https://issues.apache.org/jira/browse/RANGER-3055 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval Shah >Assignee: Dhaval Shah >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: RANGER-3055.patch > > > We need to check and make the following components FIPS compliant. > 1.) Admin > 2.) KMS > 3.) UserSync > 4.) TagSync -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3082) User with delegated-admin is unable to create policy
[
https://issues.apache.org/jira/browse/RANGER-3082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramesh Mani updated RANGER-3082:
Fix Version/s: 3.0.0
2.2.0
> User with delegated-admin is unable to create policy
>
>
> Key: RANGER-3082
> URL: https://issues.apache.org/jira/browse/RANGER-3082
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Madhan Neethiraj
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 3.0.0, 2.2.0
>
>
> Ranger policy model supports delegated-admin model which enables an
> administrator to allow non-admin users to setup policies for a subset of
> resources. For example, following policy would allow users in finance_admin
> group to setup policies for all tables and columns in database=finance.
> {noformat}
> resource:database=finance; table=*; column=*
> group: finance_admin
> delegated-admin: true
> {noformat}
> However, when macros like {{\{USER\}}} are used in resource names, users with
> delegated-admin are unable to setup policies. For example, following policy
> should allow user {{scott}} to setup policies for tables in a database named
> {{test_scott}}, but it doesn't.
> {noformat}
> resource:database=test_{USER}; table=*; column=*
> user:{USER}
> delegated-admin: true
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Updated] (RANGER-3108) NPE in RangerPolicyRepository.init
[
https://issues.apache.org/jira/browse/RANGER-3108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramesh Mani updated RANGER-3108:
Fix Version/s: 3.0.0
> NPE in RangerPolicyRepository.init
> --
>
> Key: RANGER-3108
> URL: https://issues.apache.org/jira/browse/RANGER-3108
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.2.0
>Reporter: Andrew Wong
>Assignee: Ramesh Mani
>Priority: Critical
> Fix For: 3.0.0
>
> Attachments:
> 0001-RANGER-3108-NPE-in-RangerPolicyRepository.init.patch,
> ranger_client-test.txt
>
>
> Over the past few days, Kudu's {{RangerClientTestBase.TestLogging}} has
> failed consistently when trying to access the Ranger plugin with unreleased
> bits that are aligned with Ranger's {{master}} branch, at least from the
> stack trace line numbers.
> {code:java}
> 2020-12-03 23:59:46.333 [ERROR - main] (RangerBasePlugin.java:309)
> setPolicies: policy engine initialization failed! Leaving current policy
> engine as-is. Exception :
> java.lang.NullPointerException: null
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyRepository.init(RangerPolicyRepository.java:1075)
> ~[kudu-subprocess.jar:1.13.0.internal-version-SNAPSHOT]
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyRepository.(RangerPolicyRepository.java:326)
> ~[kudu-subprocess.jar:1.13.0.internal-version-SNAPSHOT]
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyRepository.(RangerPolicyRepository.java:277)
> ~[kudu-subprocess.jar:1.13.0.internal-version-SNAPSHOT]
> at
> org.apache.ranger.plugin.policyengine.PolicyEngine.(PolicyEngine.java:195)
> ~[kudu-subprocess.jar:1.13.0.internal-version-SNAPSHOT]
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.(RangerPolicyEngineImpl.java:82)
> ~[kudu-subprocess.jar:1.13.0.internal-version-SNAPSHOT]
> at
> org.apache.ranger.plugin.service.RangerBasePlugin.setPolicies(RangerBasePlugin.java:246)
> [kudu-subprocess.jar:1.13.0.internal-version-SNAPSHOT]
> at
> org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:260)
> [kudu-subprocess.jar:1.13.0.internal-version-SNAPSHOT]
> at
> org.apache.ranger.plugin.util.PolicyRefresher.startRefresher(PolicyRefresher.java:142)
> [kudu-subprocess.jar:1.13.0.internal-version-SNAPSHOT]
> at
> org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:185)
> [kudu-subprocess.jar:1.13.0.internal-version-SNAPSHOT]
> at
> org.apache.kudu.subprocess.ranger.authorization.RangerKuduAuthorizer.init(RangerKuduAuthorizer.java:90)
> [kudu-subprocess.jar:1.13.0.internal-version-SNAPSHOT]
> at
> org.apache.kudu.subprocess.ranger.RangerProtocolHandler.(RangerProtocolHandler.java:45)
> [kudu-subprocess.jar:1.13.0.internal-version-SNAPSHOT]
> at
> org.apache.kudu.subprocess.ranger.RangerSubprocessMain.main(RangerSubprocessMain.java:39)
> [kudu-subprocess.jar:1.13.0.internal-version-SNAPSHOT]
> {code}
> Poking around the codebase a bit, it seems like the line in question was
> [added
> recently|https://github.com/apache/ranger/blame/master/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java#L1075]
> (6 days ago as of writing this), while the Ranger code Kudu-side hasn't been
> touched recently at all, leading me to suspect this being a Ranger plugin
> issue rather than improper use of the plugin on our end.
> The failing Kudu test can be found
> [here|https://github.com/apache/kudu/blob/master/src/kudu/ranger/ranger_client-test.cc#L405].
> The gist of the test is that it starts a Ranger server, creates a simple
> policy, and tries to authorize some requests by sending requests over a named
> pipe to a Java process that runs a long-lived Ranger plugin (the first of
> which fails, presumably because of this NPE).
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Updated] (RANGER-3271) Ranger Knox Plugin Unable to Write Knox Audits to HDFS
[
https://issues.apache.org/jira/browse/RANGER-3271?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramesh Mani updated RANGER-3271:
Fix Version/s: 2.1.0
> Ranger Knox Plugin Unable to Write Knox Audits to HDFS
> ---
>
> Key: RANGER-3271
> URL: https://issues.apache.org/jira/browse/RANGER-3271
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 2.1.0
> Environment: HADOOP : 3.3.0
> KNOX : 1.4.0
> RANGER : 2.1.0
>Reporter: Venkat A
>Priority: Blocker
> Fix For: 2.1.0
>
>
> I see following error when Knox audits being written to HDFS after
> Ranger-Knox plugin enabled.
>
> 3322021-05-01 15:33:34,435 INFO destination.HDFSAuditDestination: Returning
> HDFS Filesystem Config: Configuration: core-default.xml, core-site.xml
> 3322021-05-01 15:33:34,435 INFO destination.HDFSAuditDestination: Returning
> HDFS Filesystem Config: Configuration: core-default.xml, core-site.xml
> 3182021-05-01 15:33:34,439 ERROR provider.BaseAuditHandler: Error writing to
> log file.
> 349{color:#FF}*org.apache.hadoop.fs.UnsupportedFileSystemException: No
> FileSystem for scheme "hdfs"*{color} at
> org.apache.hadoop.fs.FileSystem.getFileSystemClass(FileSystem.java:3332) at
> org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:3352) at
> org.apache.hadoop.fs.FileSystem.access$200(FileSystem.java:124) at
> org.apache.hadoop.fs.FileSystem$Cache.getInternal(FileSystem.java:3403) at
> org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:3371) at
> org.apache.hadoop.fs.FileSystem.get(FileSystem.java:477) at
> org.apache.ranger.audit.destination.HDFSAuditDestination.getLogFileStream(HDFSAuditDestination.java:277)
> at
> org.apache.ranger.audit.destination.HDFSAuditDestination.access$000(HDFSAuditDestination.java:44)
> at
> org.apache.ranger.audit.destination.HDFSAuditDestination$1.run(HDFSAuditDestination.java:157)
> at
> org.apache.ranger.audit.destination.HDFSAuditDestination$1.run(HDFSAuditDestination.java:154)
> at java.security.AccessController.doPrivileged(Native Method) at
> javax.security.auth.Subject.doAs(Subject.java:422) at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1729)
> at
> org.apache.ranger.audit.provider.MiscUtil.executePrivilegedAction(MiscUtil.java:529)
> at
> org.apache.ranger.audit.destination.HDFSAuditDestination.logJSON(HDFSAuditDestination.java:154)
> at
> org.apache.ranger.audit.queue.AuditFileSpool.sendEvent(AuditFileSpool.java:879)
> at
> org.apache.ranger.audit.queue.AuditFileSpool.runLogAudit(AuditFileSpool.java:827)
> at org.apache.ranger.audit.queue.AuditFileSpool.run(AuditFileSpool.java:757)
> at java.lang.Thread.run(Thread.java:748)2021-05-01 15:33:34,439 INFO
> destination.HDFSAuditDestination: Flushing HDFS audit. Event Size:1
> 1802021-05-01 15:33:34,439 ERROR queue.AuditFileSpool: Error sending logs to
> consumer. provider=knox.async.multi_dest.batch,
> consumer=knox.async.multi_dest.batch.hdfs 7092021-05-01 15:33:34,440 INFO
> queue.AuditFileSpool: Destination is down. sleeping for 3 milli seconds.
> indexQueue=0, queueName=knox.async.multi_dest.batch,
> consumer=knox.async.multi_dest.batch.hdfs
>
>
> Tried lot of options to avoid above error. Not sure if it is a bug or some
> sort of Compatibility issue.
> Environment :
> HADOOP : 3.3.0
> KNOX : 1.4.0
> RANGER : 2.1.0
> NOTE:
> Knox able to write audits if i give local path to store audits instead of
> HDFS File System.
> Appreciate your help on this.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Updated] (RANGER-3276) Remove duplicate code from buildks.java
[ https://issues.apache.org/jira/browse/RANGER-3276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3276: Fix Version/s: 3.0.0 > Remove duplicate code from buildks.java > --- > > Key: RANGER-3276 > URL: https://issues.apache.org/jira/browse/RANGER-3276 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Chia-Ping Tsai >Priority: Trivial > Fix For: 3.0.0 > > Attachments: RANGER-3276.v0.patch, RANGER-3276.v1.patch > > > the duplicate code are shown below. > 1. > https://github.com/apache/ranger/blob/release-ranger-2.1.0/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java#L317 > 2. > https://github.com/apache/ranger/blob/release-ranger-2.1.0/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java#L324 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3298) Add coarse URI check for Hive Agent
[ https://issues.apache.org/jira/browse/RANGER-3298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3298: Fix Version/s: 3.0.0 > Add coarse URI check for Hive Agent > --- > > Key: RANGER-3298 > URL: https://issues.apache.org/jira/browse/RANGER-3298 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Janus Chow >Priority: Major > Fix For: 3.0.0 > > Time Spent: 40m > Remaining Estimate: 0h > > In `RangerHiveAuthorizer`, the function of `checkPrivileges` will check the > permission for the `HivePrivilegeObject` with > `FileUtils.isActionPermittedForFileHierarchy`, and this method will check the > permission for all the files under the related directory by default. > For a large table with thousands of files, this operation will take a long > time, leading to breaking the SLA. Besides, in the default implementation of > `StorageBasedAuthorizationProvider` in Hive, only the directories will be > checked too. > This ticket is to add a config for users to do a coarse check for URI > permission check. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3287) Implement best practices for logging
[ https://issues.apache.org/jira/browse/RANGER-3287?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3287: Fix Version/s: 3.0.0 2.2.0 > Implement best practices for logging > > > Key: RANGER-3287 > URL: https://issues.apache.org/jira/browse/RANGER-3287 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 3.0.0, 2.2.0 >Reporter: Vishal Suvagia >Assignee: Vishal Suvagia >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: RANGER-3287.01.patch, RANGER-3287.patch > > > Implement best practice. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3414) Release Apache Ranger 2.2.0
[ https://issues.apache.org/jira/browse/RANGER-3414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3414: Fix Version/s: 2.2.0 > Release Apache Ranger 2.2.0 > --- > > Key: RANGER-3414 > URL: https://issues.apache.org/jira/browse/RANGER-3414 > Project: Ranger > Issue Type: Task > Components: Ranger >Affects Versions: 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 2.2.0 > > > Release Apache Ranger 2.2.0 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3404) user with no permissions can access and edit deligate admin only policies
[ https://issues.apache.org/jira/browse/RANGER-3404?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3404: Fix Version/s: 3.0.0 2.2.0 > user with no permissions can access and edit deligate admin only policies > - > > Key: RANGER-3404 > URL: https://issues.apache.org/jira/browse/RANGER-3404 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > From a user this was created by: > -created new regular user in ranger with no groups or anything. > -that user can see policies that he shouldn't (only ones with just delegate > admin rights). > -If a policy has a delegate admin, this user can see and edit it, but cannot > add more permissions to the policy. Also, user can create a new policy, but > it is only with no permissions and for delegating admin to other users - > again with no permissions. > -If policy has anything on top of delegate admin, then the user gets denied > properly. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3415) Change pom version from 2.2.0-SNAPSHOT to 2.2.0
[ https://issues.apache.org/jira/browse/RANGER-3415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3415: Fix Version/s: 2.2.0 > Change pom version from 2.2.0-SNAPSHOT to 2.2.0 > --- > > Key: RANGER-3415 > URL: https://issues.apache.org/jira/browse/RANGER-3415 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 2.2.0 > > Attachments: > 0001-RANGER-3415-Change-pom-version-from-2.2.0-SNAPSHOT-t.patch > > > Change pom version from 2.2.0-SNAPSHOT to 2.2.0 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3417) Publish Apache Ranger release 2.2.0 artifacts
[ https://issues.apache.org/jira/browse/RANGER-3417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3417: Fix Version/s: 2.2.0 > Publish Apache Ranger release 2.2.0 artifacts > - > > Key: RANGER-3417 > URL: https://issues.apache.org/jira/browse/RANGER-3417 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 2.2.0 > > > Publish Apache Ranger release 2.2.0 artifacts -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3418) Rotated Ranger admin access logs aren't getting removed
[
https://issues.apache.org/jira/browse/RANGER-3418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramesh Mani updated RANGER-3418:
Fix Version/s: 3.0.0
> Rotated Ranger admin access logs aren't getting removed
> ---
>
> Key: RANGER-3418
> URL: https://issues.apache.org/jira/browse/RANGER-3418
> Project: Ranger
> Issue Type: Improvement
> Components: admin, Ranger
>Affects Versions: 3.0.0, 2.1.1
>Reporter: Vishal Suvagia
>Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: RANGER-3418.patch
>
>
> {color:#172b4d}Ranger admin access logs in the configured log directory
> aren't removed and keeps up utilizing unused space. Need to have access logs
> configurable to have older logs purged.
> {color}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Updated] (RANGER-3419) compressDeltas method returns two ranger policy entries for policy create+update case when provided lastKnownVersion is previous to create call
[ https://issues.apache.org/jira/browse/RANGER-3419?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3419: Fix Version/s: 3.0.0 2.2.0 > compressDeltas method returns two ranger policy entries for policy > create+update case when provided lastKnownVersion is previous to create call > --- > > Key: RANGER-3419 > URL: https://issues.apache.org/jira/browse/RANGER-3419 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > *Problem Statement:* compressDeltas method returns two ranger policy entries > for policy create+update case when provided lastKnownVersion is previous to > create policy operation. As per the design it should return only one last > updated entry for the policy even if multiple update policy request is made > after the create policy request. > Steps to reproduce: > 1) call the policy download api and note the policy lastKnownVersion. > 2) call create policy api > 3) call update policy api for the policy created in step 2 above. > 4) call the policy download api and provide the policy lastKnownVersion noted > in step 1 above. > *Proposed Solution:* At line 3013, we have already added the policy so in > case of create+update operation first entry alone can be considered and all > next update event can be skipped. > since x_policy table stores only latest entry of a policy, during delta > calculation for both the change type(create/update) same policy text is > fetched, hence received policy snapshot is same and there is no point of > having two entries. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3421) Key getting logged in RangerMasterKey.java
[ https://issues.apache.org/jira/browse/RANGER-3421?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3421: Fix Version/s: 3.0.0 > Key getting logged in RangerMasterKey.java > -- > > Key: RANGER-3421 > URL: https://issues.apache.org/jira/browse/RANGER-3421 > Project: Ranger > Issue Type: Task > Components: kms >Reporter: Abhishek Kumar >Assignee: Abhishek Kumar >Priority: Minor > Fix For: 3.0.0 > > > Key in line RangerMasterKey.java:100 gets logged in the case of an exception, > is not a good coding practice. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3452) Other attributes and sync source are not shown when user is converted from internal to external
[ https://issues.apache.org/jira/browse/RANGER-3452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3452: Fix Version/s: 3.0.0 > Other attributes and sync source are not shown when user is converted from > internal to external > --- > > Key: RANGER-3452 > URL: https://issues.apache.org/jira/browse/RANGER-3452 > Project: Ranger > Issue Type: Bug > Components: usersync >Reporter: Abhishek Kumar >Assignee: Abhishek Kumar >Priority: Major > Fix For: 3.0.0 > > > Other attributes and sync source are not shown when user is converted from > internal to external user -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3440) Fix Sync Source Updates during Ranger upgrades
[ https://issues.apache.org/jira/browse/RANGER-3440?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3440: Fix Version/s: 3.0.0 > Fix Sync Source Updates during Ranger upgrades > -- > > Key: RANGER-3440 > URL: https://issues.apache.org/jira/browse/RANGER-3440 > Project: Ranger > Issue Type: Bug > Components: usersync >Reporter: Abhishek Kumar >Assignee: Abhishek Kumar >Priority: Major > Fix For: 3.0.0 > > > During ranger upgrades, sync source details for users/groups are not updated. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3453) Avoid logging sensitive information in UserMgr.java
[ https://issues.apache.org/jira/browse/RANGER-3453?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3453: Fix Version/s: 3.0.0 > Avoid logging sensitive information in UserMgr.java > --- > > Key: RANGER-3453 > URL: https://issues.apache.org/jira/browse/RANGER-3453 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek Kumar >Assignee: Abhishek Kumar >Priority: Minor > Fix For: 3.0.0 > > > The changeEmailAddress, updateUser methods in UserMgr class are logging > sensitive information as well while printing error. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3455) [Logout-Ranger] Should either be disabled/ should redirect to knox logout page
[ https://issues.apache.org/jira/browse/RANGER-3455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3455: Fix Version/s: 2.3.0 2.2.0 > [Logout-Ranger] Should either be disabled/ should redirect to knox logout page > -- > > Key: RANGER-3455 > URL: https://issues.apache.org/jira/browse/RANGER-3455 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 2.2.0, 2.3.0 > > Attachments: 0001-RANGER-3455.patch, image-2021-09-23-21-30-04-791.png > > > *Steps:* > 1. Click on Ranger UI from CP > 2. Click on logout button from ranger home page. > *Observation:* > For now we see that it lands on below page. But it would be better if we > disable logout button /land on knox logout page . > !image-2021-09-23-21-30-04-791.png|width=322,height=132! -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3515) Enhance Ranger Java client SSL config to be configured using serviceType and AppId
[ https://issues.apache.org/jira/browse/RANGER-3515?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3515: Fix Version/s: 3.0.0 > Enhance Ranger Java client SSL config to be configured using serviceType and > AppId > > > Key: RANGER-3515 > URL: https://issues.apache.org/jira/browse/RANGER-3515 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.2.0 >Reporter: Abhishek Kumar >Assignee: Abhishek Kumar >Priority: Minor > Fix For: 3.0.0 > > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3514) Fix updates to sync source post upgrades
[ https://issues.apache.org/jira/browse/RANGER-3514?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3514: Fix Version/s: 3.0.0 > Fix updates to sync source post upgrades > > > Key: RANGER-3514 > URL: https://issues.apache.org/jira/browse/RANGER-3514 > Project: Ranger > Issue Type: Bug > Components: usersync >Reporter: Abhishek Kumar >Assignee: Abhishek Kumar >Priority: Major > Fix For: 3.0.0 > > Original Estimate: 168h > Remaining Estimate: 168h > > Newly added field sync source needs to be updated with correct values from > otherAttributes after an upgrade. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3522) Improve Tagsync authentication error reporting
[ https://issues.apache.org/jira/browse/RANGER-3522?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3522: Fix Version/s: 3.0.0 > Improve Tagsync authentication error reporting > -- > > Key: RANGER-3522 > URL: https://issues.apache.org/jira/browse/RANGER-3522 > Project: Ranger > Issue Type: Bug > Components: tagsync >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0 > > > TagSync is expected to cause system exit if any kerberos authentication error > is encountered. There might be situations where it starts without reporting > any errors and hence no messages are processed. This needs to be investigated > and fixed. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3516) Java patch 'J10045' taking more time during upgrade.
[ https://issues.apache.org/jira/browse/RANGER-3516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3516: Fix Version/s: 3.0.0 > Java patch 'J10045' taking more time during upgrade. > > > Key: RANGER-3516 > URL: https://issues.apache.org/jira/browse/RANGER-3516 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Harshal Chavan >Assignee: Mateen Mansoori >Priority: Major > Fix For: 3.0.0 > > > J10045 patch is taking more time to apply when we upgrade -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3535) A delegate admin user should be able to add another user with all or subset of permissions they have
[ https://issues.apache.org/jira/browse/RANGER-3535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3535: Fix Version/s: 3.0.0 > A delegate admin user should be able to add another user with all or subset > of permissions they have > > > Key: RANGER-3535 > URL: https://issues.apache.org/jira/browse/RANGER-3535 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0 > > > Steps to reproduce: > # Login to Ranger Admin as admin user > # Create normal users (steve, peter, erwin, bob) in Ranger Admin > # Create new policy p1 with resource /p1 & allowed users steve (read, > delegate-admin) & peter (read, delegate-admin) > # Create new policy p2 with resource /p2 & allowed users steve (read, write, > delegate-admin) & peter (read, delegate-admin) > # Create new policy p3 with resource /p3 & allowed users steve (write, > delegate-admin) & peter (read, delegate-admin) > # Create new policy p4 with resource /p4 & allowed users bob (read, write) & > peter (read, delegate-admin) > # Log out as admin user, and login again as peter > # Try to add user erwin (read) in p1, p2, p3 & p4 > # delegate admin user peter should be able to add user erwin in all > policies, but other than p1 rest all fails. > Requirement: > # Delegate admin user should be able to add other users with permissions > less or equal to his/ her. > # Delegate admin user should not be able to add other users with permission > more than what he/ she possesses. Basically he/ she can give permissions, all > or sub-set of permissions he/ she possesses. > # Delegate admin user should not be able to add more permissions to his own. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (RANGER-3527) Create Apache Ranger next maintenance release branch 2.3
[ https://issues.apache.org/jira/browse/RANGER-3527?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3527: Fix Version/s: 2.3.0 > Create Apache Ranger next maintenance release branch 2.3 > > > Key: RANGER-3527 > URL: https://issues.apache.org/jira/browse/RANGER-3527 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.3.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 2.3.0 > > > Create Apache Ranger next maintenance release branch 2.3. This will track all > the commits that should go in the maintenance branch for the current stable > release 2.2 -- This message was sent by Atlassian Jira (v8.20.1#820001)
Re: Review Request 73736: A delegate admin user should be able to add another user with all or subset of permissions they haveA delegate admin user should be able to add another user with all or subse
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73736/#review223802 --- Ship it! Ship It! - Ramesh Mani On Dec. 3, 2021, 6:06 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73736/ > --- > > (Updated Dec. 3, 2021, 6:06 p.m.) > > > Review request for ranger, Kishor Gollapalliwar, Madhan Neethiraj, Ramesh > Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3535 > https://issues.apache.org/jira/browse/RANGER-3535 > > > Repository: ranger > > > Description > --- > > Steps to reproduce: > > Login to Ranger Admin as admin user > Create normal users (steve, peter, erwin, bob) in Ranger Admin > Create new policy p1 with resource /p1 & allowed users steve (read, > delegate-admin) & peter (read, delegate-admin) > Create new policy p2 with resource /p2 & allowed users steve (read, write, > delegate-admin) & peter (read, delegate-admin) > Create new policy p3 with resource /p3 & allowed users steve (write, > delegate-admin) & peter (read, delegate-admin) > Create new policy p4 with resource /p4 & allowed users bob (read, write) & > peter (read, delegate-admin) > Log out as admin user, and login again as peter > Try to add user erwin (read) in p1, p2, p3 & p4 > delegate admin user peter should be able to add user erwin in all policies, > but other than p1 rest all fails. > Requirement: > > Delegate admin user should be able to add other users with permissions less > or equal to his/ her. > Delegate admin user should not be able to add other users with permission > more than what he/ she possesses. Basically he/ she can give permissions, all > or sub-set of permissions he/ she possesses. > Delegate admin user should not be able to add more permissions to his own. > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java > c84d0bc9f > > security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java > 5311a54a2 > > > Diff: https://reviews.apache.org/r/73736/diff/4/ > > > Testing > --- > > > Thanks, > > Abhay Kulkarni > >
Review Request 73737: RANGER-3298:Add coarse URI check for Hive Agent
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73737/ --- Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-3298 https://issues.apache.org/jira/browse/RANGER-3298 Repository: ranger Description --- RANGER-3298:Add coarse URI check for Hive Agent Diffs - agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java 31e4c0f4e8 hive-agent/conf/ranger-hive-security.xml 3a5fc54cda hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java e145ea2996 Diff: https://reviews.apache.org/r/73737/diff/1/ Testing --- - Verified in a cluster CREATE EXTERNAL TABLE with location point to HDFS location with large number of folders and file - Without this patch and when HIVE URL policy is not enabled / present CREATE EXTERNAL TABLE create takes a lot of time as RangerHiveAuthorize authorizes all the folder, subfolder and files in it. - With this patch with no URL policy and having xasecure.hive.uri.permission.coarse.check=true, CREATE EXTERNAL TABLE is quicker as the recursive checks are avoided. Thanks, Ramesh Mani
Re: Review Request 73605: RANGER-3438: In Knox plugin group lookup sometimes takes long time
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73605/#review223787 --- Ship it! Ship It! - Ramesh Mani On Sept. 23, 2021, 9:15 p.m., Sailaja Polavarapu wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73605/ > --- > > (Updated Sept. 23, 2021, 9:15 p.m.) > > > Review request for ranger, Abhay Kulkarni, Mehul Parikh, Ramesh Mani, and > Velmurugan Periasamy. > > > Bugs: RANGER-3438 > https://issues.apache.org/jira/browse/RANGER-3438 > > > Repository: ranger > > > Description > --- > > Optimized code to extract GroupPrincipals from javax Subject and used similar > logic for retrieving primaryUser & impersonatedUser from Subject. > > > Diffs > - > > > knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java > 62363ab06 > > > Diff: https://reviews.apache.org/r/73605/diff/1/ > > > Testing > --- > > 1. Patched cluster and verified functionality by accessing UI services like > ranger, atlas, etc... through knox proxy. > 2. Also verified few regression tests both with group based policies and user > based policies for knox > > > Thanks, > > Sailaja Polavarapu > >
[jira] [Commented] (RANGER-3527) Create Apache Ranger next maintenance release branch 2.3
[ https://issues.apache.org/jira/browse/RANGER-3527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17449965#comment-17449965 ] Ramesh Mani commented on RANGER-3527: - Git branch created [https://github.com/apache/ranger/tree/ranger-2.3] > Create Apache Ranger next maintenance release branch 2.3 > > > Key: RANGER-3527 > URL: https://issues.apache.org/jira/browse/RANGER-3527 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.3 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > > Create Apache Ranger next maintenance release branch 2.3. This will track all > the commits that should go in the maintenance branch for the current stable > release 2.2 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Resolved] (RANGER-3527) Create Apache Ranger next maintenance release branch 2.3
[ https://issues.apache.org/jira/browse/RANGER-3527?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani resolved RANGER-3527. - Resolution: Fixed > Create Apache Ranger next maintenance release branch 2.3 > > > Key: RANGER-3527 > URL: https://issues.apache.org/jira/browse/RANGER-3527 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.3 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > > Create Apache Ranger next maintenance release branch 2.3. This will track all > the commits that should go in the maintenance branch for the current stable > release 2.2 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (RANGER-3527) Create Apache Ranger next maintenance release branch 2.3
Ramesh Mani created RANGER-3527: --- Summary: Create Apache Ranger next maintenance release branch 2.3 Key: RANGER-3527 URL: https://issues.apache.org/jira/browse/RANGER-3527 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.3 Reporter: Ramesh Mani Assignee: Ramesh Mani Create Apache Ranger next maintenance release branch 2.3. This will track all the commits that should go in the maintenance branch for the current stable release 2.2 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[ANNOUNCE] Apache Ranger 2.2.0 released
All, Apache Ranger team is happy to announce the release of Apache Ranger 2.2.0. Apache Ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform and beyond. Apache Ranger 2.2.0 contains a number of new features, improvements and bug fixes. Details can be found in the release notes at https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+2.2.0+-+Release+Notes The release artifacts are available at: https://ranger.apache.org/download.html The binary artifacts are available from Maven central and its mirrors. In the initial 48 hours, the release may not be available on all mirrors. When downloading from a mirror site, please remember to verify the downloads using signatures found at: https://www.apache.org/dist/ranger/KEYS More details on Apache Ranger can be found at: https://ranger.apache.org We thank everyone who made this release possible. Thanks, Apache Ranger team
Re: Review Request 73717: RANGER-3518: Limit the query size stored in Audit logs
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73717/#review223768 --- Ship it! Ship It! - Ramesh Mani On Nov. 19, 2021, 1:53 p.m., Mahesh Bandal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73717/ > --- > > (Updated Nov. 19, 2021, 1:53 p.m.) > > > Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, > Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3518 > https://issues.apache.org/jira/browse/RANGER-3518 > > > Repository: ranger > > > Description > --- > > Ranger audit stores complete query as it is in audit logs. If the single > query size is too large (i.e reqData > 10MB) it consumes large heap size on > hive plugin size. When similar 200-300 queries are executed simultaneously, > ranger audit takes up more than half of the heap. > > With this patch we can configure size of the request data stored in audit > logs. > We can set value for config "xasecure.audit.solr.limit.query.req.size" in > ranger-hive-audit.xml > Recommended value is 1024; however default value is set to Integer.MAX_VALUE > > > Diffs > - > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java > a3d575c86 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > 2be442460 > > > Diff: https://reviews.apache.org/r/73717/diff/1/ > > > Testing > --- > > BUILD SUCCESS: mvn clean compile verify test install > Ranger installation and setup successful. > Generated large hive queries and validated that audits in spool file stores > query size equal to the value mentioned in config > "xasecure.audit.solr.limit.query.req.size" > > > Thanks, > > Mahesh Bandal > >
Re: Review Request 73724: RANGER-3522: Improve Tagsync authentication error reporting
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73724/#review223762 --- Ship it! Ship It! - Ramesh Mani On Nov. 22, 2021, 7:51 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73724/ > --- > > (Updated Nov. 22, 2021, 7:51 p.m.) > > > Review request for ranger, Ramesh Mani, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-3522 > https://issues.apache.org/jira/browse/RANGER-3522 > > > Repository: ranger > > > Description > --- > > TagSync is expected to cause system exit if any kerberos authentication error > is encountered. There might be situations where it starts without reporting > any errors and hence no messages are processed. This needs to be investigated > and fixed. > > The errors in validating the kerberos principal and keytab path were being > ignored. This patch corrects that. > > > Diffs > - > > > tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java > c723b0f57 > > > Diff: https://reviews.apache.org/r/73724/diff/1/ > > > Testing > --- > > Ran all unit tests successfully. > > > Thanks, > > Abhay Kulkarni > >
Re: Review Request 73695: RANGER-3507:Handle trailing slash in the ranger Hive URL policy authorization
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73695/ --- (Updated Nov. 15, 2021, 7:46 p.m.) Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- Updated patch after review Bugs: RANGER-3507 https://issues.apache.org/jira/browse/RANGER-3507 Repository: ranger Description --- RANGER-3507:Handle trailing slash in the ranger Hive URL policy authorization Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcher.java 880e4851f agents-common/src/test/resources/policyengine/test_policyengine_hive.json 70d7e648b hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java a3d575c86 hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java ddc0982a6 Diff: https://reviews.apache.org/r/73695/diff/2/ Changes: https://reviews.apache.org/r/73695/diff/1-2/ Testing --- - Verified in local vm HIVE commmand with URL in them. - Verified in Unit test. Thanks, Ramesh Mani
Re: Review Request 73678: RANGER-3503: Make "hadoop.security.authorization" config as an optional config in cm_ozone service definition
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73678/#review223722 --- Ship it! Ship It! - Ramesh Mani On Nov. 2, 2021, 2:05 a.m., Sailaja Polavarapu wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73678/ > --- > > (Updated Nov. 2, 2021, 2:05 a.m.) > > > Review request for ranger, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, > Ramesh Mani, and Velmurugan Periasamy. > > > Bugs: RANGER-3503 > https://issues.apache.org/jira/browse/RANGER-3503 > > > Repository: ranger > > > Description > --- > > Updated Ozone servicedef to make hadoop.security.authorization config an > optional property. Also added corresponding upgrade patch. > > > Diffs > - > > agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json > 7bbfeeb7b > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > c9cb79b73 > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > 581ffe381 > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > 960681a22 > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > 079574985 > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 5048ea901 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForOzoneServiceDefConfigUpdate_J10051.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/73678/diff/1/ > > > Testing > --- > > 1. Verified manually updating the service def with the changes. > 2. Also patched cluster with upgrade patch and verified the patch is applied > successfuly during initial ranger setup. > > > Thanks, > > Sailaja Polavarapu > >
Review Request 73695: RANGER-3507:Handle trailing slash in the ranger Hive URL policy authorization
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73695/ --- Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-3507 https://issues.apache.org/jira/browse/RANGER-3507 Repository: ranger Description --- RANGER-3507:Handle trailing slash in the ranger Hive URL policy authorization Diffs - agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcher.java 880e4851f agents-common/src/test/resources/policyengine/test_policyengine_hive.json 70d7e648b hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java a3d575c86 hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java ddc0982a6 Diff: https://reviews.apache.org/r/73695/diff/1/ Testing --- - Verified in local vm HIVE commmand with URL in them. - Verified in Unit test. Thanks, Ramesh Mani
[jira] [Assigned] (RANGER-3507) Handle trailing slash in the ranger Hive URL policy authorization
[ https://issues.apache.org/jira/browse/RANGER-3507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani reassigned RANGER-3507: --- Assignee: Ramesh Mani > Handle trailing slash in the ranger Hive URL policy authorization > - > > Key: RANGER-3507 > URL: https://issues.apache.org/jira/browse/RANGER-3507 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.0.0, 3.0.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 3.0.0 > > > Currently when there is a trailing slash in the ranger URL policy in Hive, it > doesn't authorizer the URL request. The trailing slash has to be remove to > have the authorization done correctly. > e.g. > 1) URL policy is maintained for "hdfs://node1.site/test/data/" with or > without recursive on. > 2) Authorization request from Hive always comes without the trailing slash ( > hdfs://node1.site/test/data) and this result in authorization failure. > Url policy with or without trailing slash has to behave the same way. As per > POSIX perspective "hdfs://node1.site/test/data/" and > "hdfs://node1.site/test/data" are same and the policy has to authorize the > request correctly. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (RANGER-3507) Handle trailing slash in the ranger Hive URL policy authorization
Ramesh Mani created RANGER-3507: --- Summary: Handle trailing slash in the ranger Hive URL policy authorization Key: RANGER-3507 URL: https://issues.apache.org/jira/browse/RANGER-3507 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.0.0, 3.0.0 Reporter: Ramesh Mani Fix For: 3.0.0 Currently when there is a trailing slash in the ranger URL policy in Hive, it doesn't authorizer the URL request. The trailing slash has to be remove to have the authorization done correctly. e.g. 1) URL policy is maintained for "hdfs://node1.site/test/data/" with or without recursive on. 2) Authorization request from Hive always comes without the trailing slash ( hdfs://node1.site/test/data) and this result in authorization failure. Url policy with or without trailing slash has to behave the same way. As per POSIX perspective "hdfs://node1.site/test/data/" and "hdfs://node1.site/test/data" are same and the policy has to authorize the request correctly. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-3416) Update Ranger website for 2.2.0 release
[ https://issues.apache.org/jira/browse/RANGER-3416?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17439597#comment-17439597 ] Ramesh Mani commented on RANGER-3416: - 1) Updated release folder cwiki [https://cwiki.apache.org/confluence/display/RANGER/Release+Folders] 2) Updated Ranger API Docs in [https://ranger.apache.org/apidocs/index.html] 3) This patch to update the Release information in Apache Ranger Home page [https://ranger.apache.org/] > Update Ranger website for 2.2.0 release > --- > > Key: RANGER-3416 > URL: https://issues.apache.org/jira/browse/RANGER-3416 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 3.0.0 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
Review Request 73686: RANGER-3416:Update Ranger website for 2.2.0 release
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73686/ --- Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-3416 https://issues.apache.org/jira/browse/RANGER-3416 Repository: ranger Description --- RANGER-3416:Update Ranger website for 2.2.0 release Diffs - docs/src/site/site.xml 5e3b3f4d8 docs/src/site/xdoc/download.xml cf595ef08 Diff: https://reviews.apache.org/r/73686/diff/1/ Testing --- - This is to update the Apache Ranger Website with release 2.2.0 release information. Activities done : 1) Updated release folder cwiki https://cwiki.apache.org/confluence/display/RANGER/Release+Folders 2) Updated Ranger API Docs in https://ranger.apache.org/apidocs/index.html 3) This patch to update the Release information in Apache Ranger Home page https://ranger.apache.org/ Thanks, Ramesh Mani
[jira] [Updated] (RANGER-3416) Update Ranger website for 2.2.0 release
[ https://issues.apache.org/jira/browse/RANGER-3416?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3416: Fix Version/s: 3.0.0 > Update Ranger website for 2.2.0 release > --- > > Key: RANGER-3416 > URL: https://issues.apache.org/jira/browse/RANGER-3416 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 3.0.0 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-3052) Can not search by object name in page /reports/audit/admin
[ https://issues.apache.org/jira/browse/RANGER-3052?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani resolved RANGER-3052. - Resolution: Fixed > Can not search by object name in page /reports/audit/admin > -- > > Key: RANGER-3052 > URL: https://issues.apache.org/jira/browse/RANGER-3052 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.2.0 >Reporter: fengxianjing >Assignee: fengxianjing >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: > 0001-RANGER-3052-support-search-by-object-name-in-admin-a.patch > > > We have thousands operation per day, and we usually search by policy name for > find out who modified a specified policy. At present, we can only query the > database -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3052) Can not search by object name in page /reports/audit/admin
[ https://issues.apache.org/jira/browse/RANGER-3052?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3052: Fix Version/s: 2.2.0 3.0.0 > Can not search by object name in page /reports/audit/admin > -- > > Key: RANGER-3052 > URL: https://issues.apache.org/jira/browse/RANGER-3052 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.2.0 >Reporter: fengxianjing >Assignee: fengxianjing >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: > 0001-RANGER-3052-support-search-by-object-name-in-admin-a.patch > > > We have thousands operation per day, and we usually search by policy name for > find out who modified a specified policy. At present, we can only query the > database -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3052) Can not search by object name in page /reports/audit/admin
[ https://issues.apache.org/jira/browse/RANGER-3052?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3052: Fix Version/s: 2.2.0 3.0.0 > Can not search by object name in page /reports/audit/admin > -- > > Key: RANGER-3052 > URL: https://issues.apache.org/jira/browse/RANGER-3052 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.2.0 >Reporter: fengxianjing >Assignee: fengxianjing >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: > 0001-RANGER-3052-support-search-by-object-name-in-admin-a.patch > > > We have thousands operation per day, and we usually search by policy name for > find out who modified a specified policy. At present, we can only query the > database -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3052) Can not search by object name in page /reports/audit/admin
[ https://issues.apache.org/jira/browse/RANGER-3052?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3052: Fix Version/s: (was: 2.2.0) (was: 3.0.0) > Can not search by object name in page /reports/audit/admin > -- > > Key: RANGER-3052 > URL: https://issues.apache.org/jira/browse/RANGER-3052 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.2.0 >Reporter: fengxianjing >Assignee: fengxianjing >Priority: Major > Attachments: > 0001-RANGER-3052-support-search-by-object-name-in-admin-a.patch > > > We have thousands operation per day, and we usually search by policy name for > find out who modified a specified policy. At present, we can only query the > database -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3027) Improve response time for GET API service/xusers/users
[
https://issues.apache.org/jira/browse/RANGER-3027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramesh Mani updated RANGER-3027:
Fix Version/s: 2.2.0
3.0.0
> Improve response time for GET API service/xusers/users
> --
>
> Key: RANGER-3027
> URL: https://issues.apache.org/jira/browse/RANGER-3027
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
>Affects Versions: 2.2.0
>Reporter: Mahesh Hanumant Bandal
>Priority: Minor
> Fix For: 3.0.0, 2.2.0
>
> Attachments:
> 0001-RANGER-3027-Improve-response-time-for-GET-API-servic.patch,
> snapshot1.png, snapshot2.png
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> When there are large number of users and group_users data in database; GET
> API service/xusers/users takes longer time to respond if we set request
> parameter pageSize=1000 or more.
> However, with default value pageSize=25 response received instantaneously.
> {code:java}
> select count(*) from x_user;
> 50052
> select count(*) from x_group_users;
> 500056
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Assigned] (RANGER-3387) Ranger Admin Header Validation.
[ https://issues.apache.org/jira/browse/RANGER-3387?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani reassigned RANGER-3387: --- Assignee: Mateen Mansoori > Ranger Admin Header Validation. > --- > > Key: RANGER-3387 > URL: https://issues.apache.org/jira/browse/RANGER-3387 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.2.0 >Reporter: Mateen N Mansoori >Assignee: Mateen Mansoori >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: 0001-RANGER-3387-Ranger-Admin-Header-Validation.patch > > > Ranger Admin Header Validation. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3368) Ranger HiveAuthorizer improvements to handle uncharted hive commands
[ https://issues.apache.org/jira/browse/RANGER-3368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3368: Fix Version/s: (was: 2.2.0) > Ranger HiveAuthorizer improvements to handle uncharted hive commands > > > Key: RANGER-3368 > URL: https://issues.apache.org/jira/browse/RANGER-3368 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 3.0.0 > > > This JIRA is to handle the commands that are unknown to RangerHiveAuthorizer > which may come for authorization as a result of enhancements in Hive. > These commands should be rejected in Ranger with denied permissions. > Currently the commands are getting executed successfully without any notice > and this is not a right way especially if the commands are vulnerable to > security issues. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Reopened] (RANGER-3368) Ranger HiveAuthorizer improvements to handle uncharted hive commands
[ https://issues.apache.org/jira/browse/RANGER-3368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani reopened RANGER-3368: - > Ranger HiveAuthorizer improvements to handle uncharted hive commands > > > Key: RANGER-3368 > URL: https://issues.apache.org/jira/browse/RANGER-3368 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 3.0.0 > > > This JIRA is to handle the commands that are unknown to RangerHiveAuthorizer > which may come for authorization as a result of enhancements in Hive. > These commands should be rejected in Ranger with denied permissions. > Currently the commands are getting executed successfully without any notice > and this is not a right way especially if the commands are vulnerable to > security issues. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-3264) [Solr Ranger Plugin] Add support/Fix Test connection with Solr service.
[ https://issues.apache.org/jira/browse/RANGER-3264?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani reassigned RANGER-3264: --- Assignee: Mateen Mansoori > [Solr Ranger Plugin] Add support/Fix Test connection with Solr service. > --- > > Key: RANGER-3264 > URL: https://issues.apache.org/jira/browse/RANGER-3264 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Mateen N Mansoori >Assignee: Mateen Mansoori >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > Add support/Fix Test connection with Solr service in kerberos env. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (RANGER-3417) Publish Apache Ranger release 2.2.0 artifacts
[ https://issues.apache.org/jira/browse/RANGER-3417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17439523#comment-17439523 ] Ramesh Mani edited comment on RANGER-3417 at 11/5/21, 10:03 PM: Artifacts are present in * h2. [2.2.0 release artifacts|https://dist.apache.org/repos/dist/release/ranger/2.2.0/] * h2. Release Tag: [release-ranger-2.2.0|https://github.com/apache/ranger/tree/release-ranger-2.2.0] was (Author: rmani): Artifacts are present in https://dist.apache.org/repos/dist/release/ranger/2.2.0/ > Publish Apache Ranger release 2.2.0 artifacts > - > > Key: RANGER-3417 > URL: https://issues.apache.org/jira/browse/RANGER-3417 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > > Publish Apache Ranger release 2.2.0 artifacts -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-3417) Publish Apache Ranger release 2.2.0 artifacts
[ https://issues.apache.org/jira/browse/RANGER-3417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani resolved RANGER-3417. - Resolution: Fixed Artifacts are present in https://dist.apache.org/repos/dist/release/ranger/2.2.0/ > Publish Apache Ranger release 2.2.0 artifacts > - > > Key: RANGER-3417 > URL: https://issues.apache.org/jira/browse/RANGER-3417 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > > Publish Apache Ranger release 2.2.0 artifacts -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-3414) Release Apache Ranger 2.2.0
[ https://issues.apache.org/jira/browse/RANGER-3414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani resolved RANGER-3414. - Resolution: Fixed > Release Apache Ranger 2.2.0 > --- > > Key: RANGER-3414 > URL: https://issues.apache.org/jira/browse/RANGER-3414 > Project: Ranger > Issue Type: Task > Components: Ranger >Affects Versions: 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > > Release Apache Ranger 2.2.0 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3488) Docker setup for Apache Ranger Knox plugin
[ https://issues.apache.org/jira/browse/RANGER-3488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3488: Fix Version/s: 3.0.0 > Docker setup for Apache Ranger Knox plugin > -- > > Key: RANGER-3488 > URL: https://issues.apache.org/jira/browse/RANGER-3488 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Minor > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-3488-Docker-setup-for-Apache-Ranger-Knox-plug.patch > > > This is to extended the current docker setup to Apache Ranger Knox plugin so > we could utilize it to verify the Apache Knox plugin more easily by using > docker. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-3449) Updated copyright years in the NOTICE file and plugin details in README.txt
[ https://issues.apache.org/jira/browse/RANGER-3449?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani resolved RANGER-3449. - Resolution: Fixed > Updated copyright years in the NOTICE file and plugin details in README.txt > --- > > Key: RANGER-3449 > URL: https://issues.apache.org/jira/browse/RANGER-3449 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0, 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Minor > Fix For: 3.0.0, 2.2.0 > > > Updated copyright years in the NOTICE file and plugin details in README.txt -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-3415) Change pom version from 2.2.0-SNAPSHOT to 2.2.0
[ https://issues.apache.org/jira/browse/RANGER-3415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani resolved RANGER-3415. - Resolution: Fixed > Change pom version from 2.2.0-SNAPSHOT to 2.2.0 > --- > > Key: RANGER-3415 > URL: https://issues.apache.org/jira/browse/RANGER-3415 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Attachments: > 0001-RANGER-3415-Change-pom-version-from-2.2.0-SNAPSHOT-t.patch > > > Change pom version from 2.2.0-SNAPSHOT to 2.2.0 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[RESULT] [VOTE] Release Apache Ranger version 2.2.0 - rc2
Dear Rangers, Thanks for taking time to verify, giving the feedback and voting on Apache Ranger 2.2.0 release candidate #2. More than 72 hours have passed since the email to vote for the release; the vote is now closed. The vote passes with 6 +1s and no 0s and -1s. Here are the vote details: Four +1 votes from the following PMC members: - Madhan Neethiraj - Abhay Kulkarni - Shailaja Polavarapu - Ramesh Mani Two +1 votes from the following committers/contributors: - Vishal Suvagia - Mehul Parikh Voting thread: https://lists.apache.org/api/atom.lua?mid=re25501903ff42c0f459730c58d85b69a2949a72335e20f838b84f520@%3Cdev.ranger.apache.org%3E I will begin the process of creating the release artifacts for Apache Ranger 2.2.0 Thanks, Ramesh On Sat, Oct 23, 2021 at 12:33 AM Ramesh Mani wrote: > Dear Rangers, > > Apache Ranger 2.2.0 release candidate #2 is now available for a vote > within the dev community. Links to the release artifacts are given below. > Please review and vote. > > The vote will be open for at least 72 hours or until necessary votes are > reached. > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove (and reason why) > > Thanks, > Ramesh > > List of all the issues addressed in this release: > https://issues.apache.org/jira/issues/?jql=project=RANGER AND > status=Resolved AND fixVersion=2.2.0 ORDER BY key DESC > > Git tag for the release: > https://github.com/apache/ranger/tree/release-2.2.0-rc2 > > Sources for the release: > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz > > Source release verification: > PGP Signature: > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.asc > SHA256 Hash: > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA256 > SHA512 Hash: > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA512 > > Keys to verify the signature of the release artifacts are available at: > https://dist.apache.org/repos/dist/release/ranger/KEYS > > New features/enhancements: > > >- > >Schema changes to improve performance of chained plugin features. >RANGER-3067 > > >- > >Support delegation-admin for specific permissions.RANGER-3122 >- > >Kafka Client improvement to use Kafka AdminClient API instead of >Zookeeper. RANGER-3001 >- > >GET API service/xusers/users response time improvement. RANGER-3027/ >RANGER-3024 >- > >Improvement in Ranger Latest UI's Edit Policy Page. RANGER-3130 >- > >Ranger UI Search by object name in page /reports/audit/admin. >RANGER-3052 >- > >Enhancement to trace additional information on resources. RANGER-3065 >- > >Improve audit log for Role operations in Ranger Hive authorizer. >RANGER-3170 >- > >Audit-filter feature implementation to help reduce volume of audit >logs generated.RANGER-3000 >- > >Need feature to make the access log file name configurable for >user.RANGER-3242/RANGER-3241 >- > >Upgrade solr version in Ranger to Solr 8.6.3 for better >performance.RANGER-3091 >- > >Enhance Ranger admin REST Client to use cookie for policy, tag and >role download.RANGER-3283 >- > >Audit Filter default policies for reducing verbosity in auditing. >RANGER-3260/RANGER-3283 >- > >Auditing for HDFS chmod and chown operations.RANGER-3148 >- > >Ranger HiveAuthorizer improvements to handle uncharted hive >commands.RANGER-3368 >- > >Ranger Access audit page improvement. RANGER-3109 >- > >Dockerfile to support building from local repository.RANGER-3012 >- > >Performance improvement for Ranger usersync. RANGER-2986 > > >
Re: Review Request 73665: RANGER-3488:Docker setup for Apache Ranger Knox plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73665/ --- (Updated Oct. 25, 2021, 4:27 a.m.) Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- Fixed review comments Bugs: RANGER-3488 https://issues.apache.org/jira/browse/RANGER-3488 Repository: ranger Description --- RANGER-3488:Docker setup for Apache Ranger Knox plugin Diffs (updated) - agents-installer/pom.xml a970115be dev-support/ranger-docker/.dockerignore e42d86501 dev-support/ranger-docker/.env 787780db0 dev-support/ranger-docker/Dockerfile.ranger 894001492 dev-support/ranger-docker/Dockerfile.ranger-base 3fa657b80 dev-support/ranger-docker/Dockerfile.ranger-knox PRE-CREATION dev-support/ranger-docker/README.md 6fb96591f dev-support/ranger-docker/docker-compose.ranger-knox.yml PRE-CREATION dev-support/ranger-docker/download-archives.sh e107be09b dev-support/ranger-docker/scripts/ranger-hadoop-mkdir.sh de16245ca dev-support/ranger-docker/scripts/ranger-hadoop-setup.sh fa22613ed dev-support/ranger-docker/scripts/ranger-knox-expect.sh PRE-CREATION dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties PRE-CREATION dev-support/ranger-docker/scripts/ranger-knox-sandbox.xml PRE-CREATION dev-support/ranger-docker/scripts/ranger-knox-service-dev_knox.py PRE-CREATION dev-support/ranger-docker/scripts/ranger-knox-setup.sh PRE-CREATION dev-support/ranger-docker/scripts/ranger-knox.sh PRE-CREATION dev-support/ranger-docker/scripts/ranger.sh 04ac7cb4b distro/src/main/assembly/knox-agent.xml ceeb78c04 knox-agent/pom.xml 49623c3db Diff: https://reviews.apache.org/r/73665/diff/2/ Changes: https://reviews.apache.org/r/73665/diff/1-2/ Testing --- - Verified by bringing up docker image with knox in a container. Thanks, Ramesh Mani
[VOTE] Release Apache Ranger version 2.2.0 - rc2
Dear Rangers, Apache Ranger 2.2.0 release candidate #2 is now available for a vote within the dev community. Links to the release artifacts are given below. Please review and vote. The vote will be open for at least 72 hours or until necessary votes are reached. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Thanks, Ramesh List of all the issues addressed in this release: https://issues.apache.org/jira/issues/?jql=project=RANGER AND status=Resolved AND fixVersion=2.2.0 ORDER BY key DESC Git tag for the release: https://github.com/apache/ranger/tree/release-2.2.0-rc2 Sources for the release: https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz Source release verification: PGP Signature: https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.asc SHA256 Hash: https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA256 SHA512 Hash: https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA512 Keys to verify the signature of the release artifacts are available at: https://dist.apache.org/repos/dist/release/ranger/KEYS New features/enhancements: - Schema changes to improve performance of chained plugin features. RANGER-3067 - Support delegation-admin for specific permissions.RANGER-3122 - Kafka Client improvement to use Kafka AdminClient API instead of Zookeeper. RANGER-3001 - GET API service/xusers/users response time improvement. RANGER-3027/ RANGER-3024 - Improvement in Ranger Latest UI's Edit Policy Page. RANGER-3130 - Ranger UI Search by object name in page /reports/audit/admin. RANGER-3052 - Enhancement to trace additional information on resources. RANGER-3065 - Improve audit log for Role operations in Ranger Hive authorizer. RANGER-3170 - Audit-filter feature implementation to help reduce volume of audit logs generated.RANGER-3000 - Need feature to make the access log file name configurable for user.RANGER-3242/RANGER-3241 - Upgrade solr version in Ranger to Solr 8.6.3 for better performance.RANGER-3091 - Enhance Ranger admin REST Client to use cookie for policy, tag and role download.RANGER-3283 - Audit Filter default policies for reducing verbosity in auditing. RANGER-3260/RANGER-3283 - Auditing for HDFS chmod and chown operations.RANGER-3148 - Ranger HiveAuthorizer improvements to handle uncharted hive commands.RANGER-3368 - Ranger Access audit page improvement. RANGER-3109 - Dockerfile to support building from local repository.RANGER-3012 - Performance improvement for Ranger usersync. RANGER-2986
[jira] [Updated] (RANGER-3480) Policy version in access audit is not matching with the policy version seen in policy view
[ https://issues.apache.org/jira/browse/RANGER-3480?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3480: Fix Version/s: 2.2.0 > Policy version in access audit is not matching with the policy version seen > in policy view > -- > > Key: RANGER-3480 > URL: https://issues.apache.org/jira/browse/RANGER-3480 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.2.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: > 0001-RANGER-3480-Policy-version-in-access-audit-is-not-ma.patch > > > Steps to reproduce the case : > 1. Create a dir '/h1' with hdfs user > 2. Create a policy for '/h1' having 'unix1' user in allowed condition > 3. Edit the policy by adding some description > 4. Check the policy version from view policy it should be 2 > 5. Try to create a dir '/h1/t1' he will be allowed > 6. Check the policy version in access audit it showing 1 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3481) Incremental policy updates do not work correctly for multiple security zones
[ https://issues.apache.org/jira/browse/RANGER-3481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3481: Affects Version/s: 2.2.0 3.0.0 > Incremental policy updates do not work correctly for multiple security zones > > > Key: RANGER-3481 > URL: https://issues.apache.org/jira/browse/RANGER-3481 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.2.0 >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0 > > > If Ranger has multiple security zones configured and policies from a single > security zone are modified, then the incremental policy update is not > processed correctly which results in incorrect enforcement of policies in > remaining security zones. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3480) Policy version in access audit is not matching with the policy version seen in policy view
[ https://issues.apache.org/jira/browse/RANGER-3480?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3480: Affects Version/s: 3.0.0 > Policy version in access audit is not matching with the policy version seen > in policy view > -- > > Key: RANGER-3480 > URL: https://issues.apache.org/jira/browse/RANGER-3480 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.2.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: > 0001-RANGER-3480-Policy-version-in-access-audit-is-not-ma.patch > > > Steps to reproduce the case : > 1. Create a dir '/h1' with hdfs user > 2. Create a policy for '/h1' having 'unix1' user in allowed condition > 3. Edit the policy by adding some description > 4. Check the policy version from view policy it should be 2 > 5. Try to create a dir '/h1/t1' he will be allowed > 6. Check the policy version in access audit it showing 1 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3481) Incremental policy updates do not work correctly for multiple security zones
[ https://issues.apache.org/jira/browse/RANGER-3481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3481: Fix Version/s: 2.2.0 > Incremental policy updates do not work correctly for multiple security zones > > > Key: RANGER-3481 > URL: https://issues.apache.org/jira/browse/RANGER-3481 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.2.0 >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > If Ranger has multiple security zones configured and policies from a single > security zone are modified, then the incremental policy update is not > processed correctly which results in incorrect enforcement of policies in > remaining security zones. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3489) Add htrace-core.jar as dependency for various Ranger Plugins
[ https://issues.apache.org/jira/browse/RANGER-3489?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-3489: Fix Version/s: 2.2.0 3.0.0 > Add htrace-core.jar as dependency for various Ranger Plugins > - > > Key: RANGER-3489 > URL: https://issues.apache.org/jira/browse/RANGER-3489 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.2.0 > Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > We need to add back htrace-core.jar as dependency for various Ranger Plugins > which include SOLR/KNOX/ATLAS/OZONE/PRESTO/SCOOP/KYLIN > htrace-core.jar was removed as part of RANGER-3340 due to the jar's EOL, but > the hadoop version we use needs this. Without this jar Ranger plugins are > failing -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Review Request 73660: RANGER-3489:Add htrace-core.jar as dependency for various Ranger Plugins
> On Oct. 21, 2021, 1:38 p.m., bhavik patel wrote: > > I think this also applicable for Elasticsearch plugin Elasticsearch plugin doesn't have htrace-core.jar as dependency so it is fine. - Ramesh --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73660/#review223648 --- On Oct. 21, 2021, 2:28 a.m., Ramesh Mani wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73660/ > --- > > (Updated Oct. 21, 2021, 2:28 a.m.) > > > Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, > Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-3489 > https://issues.apache.org/jira/browse/RANGER-3489 > > > Repository: ranger > > > Description > --- > > RANGER-3489:Add htrace-core.jar as dependency for various Ranger Plugins > > > Diffs > - > > distro/src/main/assembly/knox-agent.xml c1f16d62f > distro/src/main/assembly/plugin-atlas.xml 365d62b70 > distro/src/main/assembly/plugin-kylin.xml 4924134fb > distro/src/main/assembly/plugin-ozone.xml 1fed6c407 > distro/src/main/assembly/plugin-presto.xml 804b40869 > distro/src/main/assembly/plugin-solr.xml 3dbaa9cff > distro/src/main/assembly/plugin-sqoop.xml c8fcab5c2 > > > Diff: https://reviews.apache.org/r/73660/diff/1/ > > > Testing > --- > > - Verified in local build the plugins tar file has the htrace jar added as > dependency. > > > Thanks, > > Ramesh Mani > >
