[jira] [Updated] (RANGER-2139) UnixUserGroupBuilder fails to detect consecutive updates on UNIX passwd and group files
[
https://issues.apache.org/jira/browse/RANGER-2139?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2139:
Fix Version/s: (was: master)
> UnixUserGroupBuilder fails to detect consecutive updates on UNIX passwd and
> group files
> ---
>
> Key: RANGER-2139
> URL: https://issues.apache.org/jira/browse/RANGER-2139
> Project: Ranger
> Issue Type: Bug
> Components: usersync
>Affects Versions: 1.0.0, master, 0.7.1
>Reporter: Cetin Sahin
>Priority: Critical
> Attachments: 0001-RANGER-2139-Fix-UnixUserGroupBuilder.patch
>
>
> When Unix based user and group synchronization is enabled in Ranger,
> UnixUserGroupBuilder periodically checks whether one of the /etc/passwd or
> /etc/group files is modified or not to trigger a synchronization.
> However, while checking the modification of a file, the UnixUserGroupBuilder
> uses java.io.File.lastModified() to check whether the file is updated after
> the latest synchronization time.
> {code:java}
> long TempGroupFileModifiedAt = new File(unixGroupFile).lastModified();
> {code}
> java.io.File.lastModified() function, however, returns the latest modified
> timestamp in the time granularity of seconds. That means each timestamp ends
> with 000 independent of the millisecond precision.
> [https://bugs.openjdk.java.net/browse/JDK-8177809]
>
> [http://dev-answers.blogspot.com/2014/11/avoid-using-javaiofilelastmodified-for.html]
> This can cause UnixUserGroupBuilder to fail to detect the update on the file
> if the file modification check happens between the two consecutive updates
> within the same second. Assume the following scenario with the corresponding
> timestamps where UnixUserGroupBuilder checks the updates per minute.
> the latest modification of users and group files are at t0 (00:00:00.111),
> which have a corresponding timestamp of 1529539200111, denoted by T0
> Now, consider the following scenario.
> * At time t1 (01:*00:00.123*), T1 (1529542800123): /etc/group file is
> updated and a new group called group01 is added.
> * At time t2 (01:*00:00.345*), T2 (1529542800345): UnixUserGroupBuilder
> threads wakes up and detects the update on the group file and performed the
> synchronization. After the synchronization, the latest modification time for
> the group is updated from the File.lastModified() function. latest
> modification of group file = File.lastModified(t1) = *152954280*. Please
> note that the last 3 digits corresponding to the milliseconds is truncated to
> 000 with File.lastModified() function.
> * At time t3 (01:*00:00.567*), T3 (1529542800567): /etc/group file is
> updated and a user membership is added to one of the groups (e.g., user
> user01 becomes a member of group group01).
> * At time t4 (01:*01:00.345*), T4 (1529542860345): UnixUserGroupBuilder
> thread wakes up and couldn't detect any changes since the timestamp generated
> from the File.lastModified() function returns the same timestamp for t1 and
> t3. Recall that the latest modification time of the group file becomes
> 152954280 at t2 and File.lastModified(t3) returns *152954280* as
> well. Since both File.lastModified(t1) = File.lastModified(t3),
> UnixUserGroupBuilder could not detect the modification on the file at t4,
> assumes there is no update, and then, sleeps again without syncing the
> changes.
> At time t4, UnixUserGroupBuilder is supposed to sync the user group
> membership but if fails to detect the update. If there is no any further
> update on one of these files, the user01 will never be part of group01 in
> Ranger.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2206) Add Policy Validity Period and Override as search filters and add distinguishing icons in policy listing page
[ https://issues.apache.org/jira/browse/RANGER-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2206: Fix Version/s: (was: master) > Add Policy Validity Period and Override as search filters and add > distinguishing icons in policy listing page > - > > Key: RANGER-2206 > URL: https://issues.apache.org/jira/browse/RANGER-2206 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Attachments: > 0001-RANGER-2206-Add-Policy-Validity-Period-and-Override-.patch, > 0002-RANGER-2206.patch > > > – Add policy validity period as search filter in policy listing page. Both > start date and end date (along with timezone). Search should show policies > that have validity period specified and meet that condition. > – Add policy override as search filter in policy listing page. Search should > show only policies defined as override. > – Add indication in policy listing page to distinguish policies with validity > period and override policies. Add icons for visual clue. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2428) Populate Ranger ACL summary for roles
[ https://issues.apache.org/jira/browse/RANGER-2428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2428: Fix Version/s: (was: master) > Populate Ranger ACL summary for roles > - > > Key: RANGER-2428 > URL: https://issues.apache.org/jira/browse/RANGER-2428 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: master >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > > Ranger provides a concise summary of permissions represented by Ranger > policies for users and groups. With support for Roles in Ranger, computing > and providing similar information for roles is needed. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2492) In setup.sh, there is no uniform way to get python execution path through PYTHON_COMMAND_INVOKER
[ https://issues.apache.org/jira/browse/RANGER-2492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2492: Fix Version/s: (was: 1.2.1) > In setup.sh, there is no uniform way to get python execution path through > PYTHON_COMMAND_INVOKER > > > Key: RANGER-2492 > URL: https://issues.apache.org/jira/browse/RANGER-2492 > Project: Ranger > Issue Type: Bug > Components: kms >Affects Versions: 1.1.1, 1.2.1 >Reporter: sishu.yss >Priority: Major > > In setup.sh, there is no uniform way to get python execution path through > PYTHON_COMMAND_INVOKER; -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2865) Add ALL WITH GRANT access type to Kudu
[ https://issues.apache.org/jira/browse/RANGER-2865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2865: Fix Version/s: (was: 2.1.0) > Add ALL WITH GRANT access type to Kudu > -- > > Key: RANGER-2865 > URL: https://issues.apache.org/jira/browse/RANGER-2865 > Project: Ranger > Issue Type: Task > Components: plugins >Reporter: Attila Bukor >Priority: Major > Attachments: 0001-RANGER-2865-Add-ALL-WITH-GRANT-to-Kudu-service.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-1942) Disable xmlparser and configEdit API in Solr for Audit setup
[
https://issues.apache.org/jira/browse/RANGER-1942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-1942:
Fix Version/s: (was: 0.7.2)
> Disable xmlparser and configEdit API in Solr for Audit setup
>
>
> Key: RANGER-1942
> URL: https://issues.apache.org/jira/browse/RANGER-1942
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Reporter: Kevin Risden
>Priority: Major
>
> AMBARI-22273 addresses this for Ambari Infra Solr. Ranger should do its best
> to protect users from using a config that could be an issue. Solr 5.5.5,
> 6.6.2, and 7.1.0 all fix the below issues.
> A fix for Ranger would be to set the following in solrconfig.xml. Another
> could be to make sure that the documentation for Ranger -> Solr ensures that
> recommended versions are used.
> {code:xml}
>
> {code}
> From https://lucene.apache.org/solr/news.html
> * Fix for a 0-day exploit (CVE-2017-12629), details:
> https://s.apache.org/FJDl. RunExecutableListener has been disabled by default
> (can be enabled by -Dsolr.enableRunExecutableListener=true) and resolving
> external entities in the XML query parser (defType=xmlparser or {!xmlparser
> ... }) is disabled by default.
> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
> communication in Apache Solr, details: https://s.apache.org/APTY
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2868) RangerKMS ERROR: Hadoop KMS could not be started with Oracle19 runs
[
https://issues.apache.org/jira/browse/RANGER-2868?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2868:
Fix Version/s: (was: 2.1.0)
> RangerKMS ERROR: Hadoop KMS could not be started with Oracle19 runs
> ---
>
> Key: RANGER-2868
> URL: https://issues.apache.org/jira/browse/RANGER-2868
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
>Reporter: Dhaval B. SHAH
>Assignee: Dhaval B. SHAH
>Priority: Major
> Attachments: RANGER-2868.patch
>
>
> Facing below type casting error in catalina.out when Ranger KMs is configure
> to use Oracle 19.
> {code:java}
> [EL Warning]: 2020-06-17
> 10:15:57.5--UnitOfWork(629597660)--java.lang.ClassCastException: class
> java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is
> in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed
> module of loader 'app')[EL Warning]: 2020-06-17
> 10:15:57.5--UnitOfWork(629597660)--java.lang.ClassCastException: class
> java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is
> in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed
> module of loader 'app')[EL Warning]: 2020-06-17
> 10:15:57.508--UnitOfWork(629597660)--java.lang.ClassCastException: class
> java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is
> in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed
> module of loader 'app')java.lang.ClassCastException: class java.lang.String
> cannot be cast to class oracle.sql.CLOB (java.lang.String is in module
> java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed module of
> loader 'app') at
> org.eclipse.persistence.platform.database.oracle.Oracle8Platform.writeLOB(Oracle8Platform.java:184)
> at
> org.eclipse.persistence.internal.helper.LOBValueWriter.fetchLocatorAndWriteValue(LOBValueWriter.java:92)
> at
> org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.processResultSet(DatabaseAccessor.java:740)
> at
> org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.basicExecuteCall(DatabaseAccessor.java:655)
> at
> org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeCall(DatabaseAccessor.java:558)
> at
> org.eclipse.persistence.internal.helper.LOBValueWriter.buildAndExecuteCall(LOBValueWriter.java:77)
> at
> org.eclipse.persistence.internal.helper.LOBValueWriter.buildAndExecuteSelectCalls(LOBValueWriter.java:188)
> at
> org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.flushSelectCalls(DatabaseAccessor.java:168)
> at
> org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.insertObject(DatasourceCallQueryMechanism.java:402)
> at
> org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:165)
> at
> org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:180)
> at
> org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.insertObjectForWrite(DatabaseQueryMechanism.java:489)
> at
> org.eclipse.persistence.queries.InsertObjectQuery.executeCommit(InsertObjectQuery.java:80)
> at
> org.eclipse.persistence.queries.InsertObjectQuery.executeCommitWithChangeSet(InsertObjectQuery.java:90)
> at
> org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.executeWriteWithChangeSet(DatabaseQueryMechanism.java:301)
> at
> org.eclipse.persistence.queries.WriteObjectQuery.executeDatabaseQuery(WriteObjectQuery.java:58)
> at
> org.eclipse.persistence.queries.DatabaseQuery.execute(DatabaseQuery.java:899)
> at
> org.eclipse.persistence.queries.DatabaseQuery.executeInUnitOfWork(DatabaseQuery.java:798)
> at
> org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWorkObjectLevelModifyQuery(ObjectLevelModifyQuery.java:108)
> at
> org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWork(ObjectLevelModifyQuery.java:85)
> at
> org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.internalExecuteQuery(UnitOfWorkImpl.java:2896)
> at
> org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1804)
> at
> org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1786)
> at
> org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1737)
> at
> org.eclipse.persistence.internal.sessions.CommitManager.commitNewObjectsForClassWithChangeSet(CommitManager.java:226)
> at
> org.eclipse.persistence.internal.sessions.CommitManager.commitAllObjectsWithChangeSet(CommitManager.java:125)
> at
>
[jira] [Updated] (RANGER-2329) [Hive Plugin] show databases denied although user has access to some databases
[
https://issues.apache.org/jira/browse/RANGER-2329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2329:
Fix Version/s: (was: 1.2.1)
(was: 1.1.1)
(was: 1.0.1)
> [Hive Plugin] show databases denied although user has access to some databases
> --
>
> Key: RANGER-2329
> URL: https://issues.apache.org/jira/browse/RANGER-2329
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 1.0.0, 1.2.0
>Reporter: peng bo
>Priority: Major
> Labels: patch
> Attachments: RANGER-2329.patch,
> show-databases-permission-denied-ranger1.1.0.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> a. assign select permission to user1 for database A with table * and hive
> Column *
> b. login user1 by beeline
> c. type 'show databases', error shows
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [hadoop] does not have [USE] privilege on [*]
> (state=42000,code=4)
> The cause:
> It seems to be a regression introduced by
> [RANGER-1766|https://issues.apache.org/jira/browse/RANGER-1766]:
> {code:java}
> public class RangerHiveResource extends RangerAccessResourceImpl {
> public RangerHiveResource(HiveObjectType objectType, String
> databaseorUrl, String tableOrUdf, String column) {
> case DATABASE:
> +if (databaseorUrl == null) {
> + databaseorUrl = "*";
> +}
> {code}
> This code applies on "show databases" as well which prevents the according
> RangerPolicyEvaluator from being returned.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-817) [Ranger-hive] Update operation & select operation while export on partitioned table is not logged in audit log
[ https://issues.apache.org/jira/browse/RANGER-817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-817: --- Fix Version/s: (was: 0.5.4) > [Ranger-hive] Update operation & select operation while export on partitioned > table is not logged in audit log > -- > > Key: RANGER-817 > URL: https://issues.apache.org/jira/browse/RANGER-817 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.5.0 >Reporter: Deepak Sharma >Assignee: Alok Lal >Priority: Critical > > Scenario: > 1. create a partition table. > create table exportPartitionTable (id int, name string) partitioned by > (country string); > 2. insert data into this partitioned table. > insert into table exportPartitionTable PARTITION(country='india') values ( 7, > 'ranger'); > 3. export this partitiontable to hdfs data store. > export table exportPartitionTable to '/user/user1/exportDataStore'; > Defect: > both insert and export (select is done in export) operation are successful > but Both are not logged in audit log. > same is working fine in case of non partition table. > Note: select operation is logged if we do through command like select * from > but it is not logged if it is done as part of export, -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2673) Build Python based Rest Api client for Ranger
[ https://issues.apache.org/jira/browse/RANGER-2673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2673: Fix Version/s: (was: master) > Build Python based Rest Api client for Ranger > - > > Key: RANGER-2673 > URL: https://issues.apache.org/jira/browse/RANGER-2673 > Project: Ranger > Issue Type: Task > Components: Ranger >Affects Versions: master >Reporter: Deepak Sharma >Assignee: Deepak Sharma >Priority: Major > > It is good to have Python based API client for Ranger. > Decision to be made before starting on this work: > 1) whether to support python2 or python3 or both. > 2) Scope: > CRUD operations on Policy/Service/Zones > User/group operation -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-1964) java.lang.NoClassDefFoundError: org/apache/kafka/common/network/LoginType
[ https://issues.apache.org/jira/browse/RANGER-1964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-1964: Fix Version/s: (was: 0.7.1) > java.lang.NoClassDefFoundError: org/apache/kafka/common/network/LoginType > - > > Key: RANGER-1964 > URL: https://issues.apache.org/jira/browse/RANGER-1964 > Project: Ranger > Issue Type: Wish > Components: Ranger >Reporter: Ronald van de Kuil >Priority: Trivial > > Hi, I have Kafka nicely working with Ranger and I noticed that there is an > warning during startup. It does not impact the functioning of Kafka as far as > I can see. I would like to keep the logs tidy, ... so, that, ... amaze, > amaze, nobody ever haves to worry unnecessarily. For this I raised > KAFKA-6338. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2782) Upgrade log4j dependency
[ https://issues.apache.org/jira/browse/RANGER-2782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2782: Fix Version/s: (was: 2.1.0) > Upgrade log4j dependency > > > Key: RANGER-2782 > URL: https://issues.apache.org/jira/browse/RANGER-2782 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Bolke de Bruin >Assignee: Bolke de Bruin >Priority: Blocker > Attachments: > 0001-RANGER-2782-Upgrade-log4j-to-a-supported-version.patch > > > The current log4j version in ranger is end of life and contains critical > security Vulnerabilities > CVE-2019-17571 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2640) Implement SHOW ROLE GRANT in Hive ranger plugin
[ https://issues.apache.org/jira/browse/RANGER-2640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2640: Fix Version/s: (was: 2.1.0) > Implement SHOW ROLE GRANT in Hive ranger plugin > --- > > Key: RANGER-2640 > URL: https://issues.apache.org/jira/browse/RANGER-2640 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master, 2.1.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Attachments: > 0001-RANGER-2640-Implement-SHOW-ROLE-GRANT-in-Hive-ranger.patch > > > Implement SHOW ROLE GRANT in Hive ranger plugin -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2457) Support download csv via REST as enhancement
[
https://issues.apache.org/jira/browse/RANGER-2457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2457:
Fix Version/s: (was: 0.6.0)
> Support download csv via REST as enhancement
>
>
> Key: RANGER-2457
> URL: https://issues.apache.org/jira/browse/RANGER-2457
> Project: Ranger
> Issue Type: Improvement
> Components: admin
>Affects Versions: 0.6.0
>Reporter: Venkateswara Reddy
>Assignee: Mehul Parikh
>Priority: Major
>
> +*LIst of changes / improvements*+
> # Along with download excel spreadsheet feature, add support for download
> file as CSV format using REST API.
> # REST API should have multiple options to download different file formats
> same as Ranger Reports page.
> Sample Excel Command:
> curl -X GET --header "application/xml" -H "Content-Type:
> application/ms-excel" -o Ranger_Policies.xls -u admin:\{password}
> "http://[ranger-server]:6080/service/plugins/policies/downloadExcel?;
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-263) Packaging for KafkaProvider in plugins
[ https://issues.apache.org/jira/browse/RANGER-263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-263: --- Fix Version/s: (was: 0.5.4) > Packaging for KafkaProvider in plugins > -- > > Key: RANGER-263 > URL: https://issues.apache.org/jira/browse/RANGER-263 > Project: Ranger > Issue Type: Sub-task >Reporter: Bosco >Assignee: Bosco >Priority: Major > > Need to support or provide guidelines to included Kafka libraries/jars in > components which need to send audit records to Kafka -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-601) Implement Kafka Audit Provider for Ranger Audit using new Destination design
[ https://issues.apache.org/jira/browse/RANGER-601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-601: --- Fix Version/s: (was: 0.5.4) > Implement Kafka Audit Provider for Ranger Audit using new Destination design > > > Key: RANGER-601 > URL: https://issues.apache.org/jira/browse/RANGER-601 > Project: Ranger > Issue Type: Sub-task >Reporter: Bosco >Priority: Major > > We need to reimplement Kafka Audit Destination class for the new Audit design > introduced in 0.5 release -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-600) Failed to execute goal org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5:assembly (default-cli) on project ranger
[ https://issues.apache.org/jira/browse/RANGER-600?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-600: --- Fix Version/s: (was: 0.5.4) > Failed to execute goal > org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5:assembly > (default-cli) on project ranger > - > > Key: RANGER-600 > URL: https://issues.apache.org/jira/browse/RANGER-600 > Project: Ranger > Issue Type: Bug >Affects Versions: 0.5.0 >Reporter: Mujadid khalid >Assignee: Alok Lal >Priority: Major > > when I compile latest code from master branch I got following error > Failed to execute goal > org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5:assembly > (default-cli) on project ranger: Failed to create assembly: Error creating > assembly archive src: Problem creating TAR: request to write '8192' bytes > exceeds size in header of '566424' bytes > To fix this issue change following in the pom file > > maven-assembly-plugin > 2.3 > > > src/main/assembly/hdfs-agent.xml > In this way issue was fixed -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-536) Test connection fails with SSL error when setting up knox repository
[ https://issues.apache.org/jira/browse/RANGER-536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-536: --- Fix Version/s: (was: 0.5.4) > Test connection fails with SSL error when setting up knox repository > > > Key: RANGER-536 > URL: https://issues.apache.org/jira/browse/RANGER-536 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 0.4.0 > Environment: Debian 6, HDP 2.2 >Reporter: phanikumar >Priority: Minor > > I have setup Knox with a self-signed cert. When creating a Knox repository > in the Ranger admin web UI the "Test Connection" button produces this error: > == > Connection Failed. > Exception on REST call to KnoxUrl : > https://myhost.mydomain.com:8443/gateway/admin/api/v1/topologies. You can > still save the repository and start creating policies, but you would not be > able to use autocomplete for resource names. Check xa_portal.log for more > info. > javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: > No name matching myhost.mydomain.com found. > java.security.cert.CertificateException: No name matching found. > No name matching myhost.mydomain.com found. > == > Ranger policies for Knox can still be created and they work > Additional error messages from xa_portal.log: > 2015-03-31 15:45:27,849 [http-bio-6080-exec-2] ERROR > com.xasecure.biz.AssetMgr (AssetMgr.java:1566) - Unable to get knox resources. > com.xasecure.hadoop.client.exceptions.HadoopException: Exception on REST call > to KnoxUrl : https://myhost.mydomain.com:8443/gateway/admin/api/v1/topologies. > at > com.xasecure.knox.client.KnoxClient.getServiceList(KnoxClient.java:223) > at com.xasecure.biz.AssetMgr$7.call(AssetMgr.java:1547) > at com.xasecure.biz.AssetMgr$7.call(AssetMgr.java:1544) > at com.xasecure.common.TimedEventUtil.timedTask(TimedEventUtil.java:51) > at com.xasecure.biz.AssetMgr.getKnoxResources(AssetMgr.java:1562) > at com.xasecure.biz.AssetMgr.getKnoxResources(AssetMgr.java:1524) > at com.xasecure.rest.AssetREST.pullKnoxResources(AssetREST.java:381) > at > com.xasecure.rest.AssetREST$$FastClassByCGLIB$$90363ab.invoke() > at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191) > at > org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:689) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) > at > org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) > at > org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:622) > at > com.xasecure.rest.AssetREST$$EnhancerByCGLIB$$6b3c72e7.pullKnoxResources() > at sun.reflect.GeneratedMethodAccessor87.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:168) > at > com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:70) > at > com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:279) > at > com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:136) > at > com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:86) > at > com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:136) > at > com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:74) > at > com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1357) > at > com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1289) > at > com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1239) > at > com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1229) > at > com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:420) > at > com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:497) > at >
[jira] [Updated] (RANGER-1939) Simplify Maven dependencies and assembly specification for hdfs plugin module
[ https://issues.apache.org/jira/browse/RANGER-1939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-1939: Fix Version/s: (was: master) > Simplify Maven dependencies and assembly specification for hdfs plugin module > - > > Key: RANGER-1939 > URL: https://issues.apache.org/jira/browse/RANGER-1939 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > > There are two issues with the Maven POM files for Ranger's hdfs plugin module. > 1. There are overlapping and sometimes conflicting versions of libraries on > which hdfs plugin code depends. Conflicts arise partly because some of the > libraries packaged with hdfs plugin module are already exist in hdfs > component and have different versions. > 2. assembly specification for hdfs plugin module uses DependencySets - a > construct which is confusing and hard to get right. They also clutter up > build output log with spurious messages. It is desirable to use FileSets > which are easier to understand and straightforward to specify in an assembly > spec. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2742) Database patch 046 does not apply correctly on SQL Server and SQL Anywhere
[ https://issues.apache.org/jira/browse/RANGER-2742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2742: Fix Version/s: (was: master) > Database patch 046 does not apply correctly on SQL Server and SQL Anywhere > -- > > Key: RANGER-2742 > URL: https://issues.apache.org/jira/browse/RANGER-2742 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Andrew Luo >Priority: Critical > Attachments: > 0001-RANGER-2742-Fix-database-patch-046-on-SQL-Server-and-SQL-Anywher.patch > > > On SQL Anywhere the constraint and column names are swapped in some > statements. In SQL Server, the same problem exists in addition to not > properly dropping the default constraint. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2346) Ranger admin UI needs to support CRUD of tag policies for a security zone
[ https://issues.apache.org/jira/browse/RANGER-2346?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2346: Fix Version/s: (was: master) > Ranger admin UI needs to support CRUD of tag policies for a security zone > - > > Key: RANGER-2346 > URL: https://issues.apache.org/jira/browse/RANGER-2346 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Abhay Kulkarni >Priority: Major > > Ranger security zone contains services and resources. If a service in a > security zone is associated with a tag-service, then policies in the > tag-service are also scoped to the security zone. UI needs to support > create/update/delete of tag policies with security zone scope. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2285) Error page is not available when API call returns HTTP status code 403(forbidden)
[ https://issues.apache.org/jira/browse/RANGER-2285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2285: Fix Version/s: (was: master) > Error page is not available when API call returns HTTP status code > 403(forbidden) > -- > > Key: RANGER-2285 > URL: https://issues.apache.org/jira/browse/RANGER-2285 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Minor > Attachments: > 0001-RANGER-2285-Error-page-is-not-available-when-API-cal.patch, > 0002-RANGER-2285.patch, 403ErrorPage.png, screenshort_1.png, screenshort_2.png > > > Error page not populated when getting response 403(Forbidden). > scenario-1 > Steps - > 1. Login with admin. > 2. Create users 'testuser3' and 'testuser2' with USER_ROLE. > 3. Create a group 'group1'. > 4. Add 'testuser3' and testuser2' to 'group1'. > 5. Give 'User/Group' page permission to 'testuser1' > 6. Login with 'testuser3' > 7. Go to group listing page > 8. Click on 'view user' button in group listing page. > 9. Click on 'testuser2' username (The page goes into loading state instant > off error page ). > (Refer image screenshort_1) > scenario-2 > Steps - > 1. Login with 'testuser3'. > 2. 'testuser3' user does not have permission to view Tag base policy. > 3. By changing the router to '/policymanager/tag' its show blank 'Service > Manager' page instant off error page. > (Refer image screenshort_2). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2914) Invalid obj name in DB script for MS-SQL
[ https://issues.apache.org/jira/browse/RANGER-2914?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2914: Fix Version/s: 2.1.0 > Invalid obj name in DB script for MS-SQL > > > Key: RANGER-2914 > URL: https://issues.apache.org/jira/browse/RANGER-2914 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Fix For: 2.1.0 > > Attachments: RANGER-2914.patch > > > Need to change obj name from _*getXportalUIdByLoginId*_ to > *_dbo.getXportalUIdByLoginId_* while inserting value in table > x_ranger_global_state -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-2909) Authorization support for atlas `entity-label` and `entity-business metadata`
[ https://issues.apache.org/jira/browse/RANGER-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reassigned RANGER-2909: --- Assignee: Pradeep Agrawal > Authorization support for atlas `entity-label` and `entity-business metadata` > - > > Key: RANGER-2909 > URL: https://issues.apache.org/jira/browse/RANGER-2909 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: ranger-2.0 >Reporter: Nityananda Gohain >Assignee: Pradeep Agrawal >Priority: Major > > We were using Ranger 2.0.0 with Atlas which was working perfectly fine, but > we wanted authorisation for `entity-labels` and `entity-business-metadata` > that comes with new version of Atlas i.e Atlas 2.0.0. > # We tried building ranger from the master branch, but authorisation for > roles which were attached to policies was not working (authorisation for > users and groups attached to policies was working) > # Since the above didn’t work we tried building ranger from the specific > commit where the patch to support authorisation for labels and > business-metadata was added > [https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb] > , the same problem appeared here i.e authorisation for roles attached to > policies was not working > # Finally, we added the patches to Ranger 2.0.0 > ## Applied the patches > [https://github.com/atlanhq/ranger/commit/a252ecf4b1006cc78e1c48cc3bacc518401b4825] > , > [https://github.com/atlanhq/ranger/commit/a7024c23bf6f54e39dfb3b31f6186ebd21977f93] > ## After building and running ranger I had to manually delete the entry from > `x_db_version_h` table i.e `J10034` and then restart ranger to apply the > patch by running `db_setup.py`. Even after applying the patch, the changes > are not reflected. i.e(No option for `entity-label` and > `entity-business-metadata` (have also checked `x_access_type_def` table and > entity-label and entity-business-metadata was not present) > What will be the best way to move forward to support authorisation for > `labels` and `business-metadata` where authorisation policies work with roles. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2897) Update jQuery version.
[ https://issues.apache.org/jira/browse/RANGER-2897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2897: Fix Version/s: 2.1.0 > Update jQuery version. > -- > > Key: RANGER-2897 > URL: https://issues.apache.org/jira/browse/RANGER-2897 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2897.patch > > > Update jQuery version 3.4.1 to 3.5.1 for Ranger. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2762) Logout issue when knox-trusted proxy is enabled
[ https://issues.apache.org/jira/browse/RANGER-2762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2762: Fix Version/s: 2.1.0 > Logout issue when knox-trusted proxy is enabled > --- > > Key: RANGER-2762 > URL: https://issues.apache.org/jira/browse/RANGER-2762 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Harshal Chavan >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2762-Handling-browser-requests-when-knox-trus.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2898) Upgrade httpclient from 4.5.3 to 4.5.4
[
https://issues.apache.org/jira/browse/RANGER-2898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2898:
Fix Version/s: 2.1.0
> Upgrade httpclient from 4.5.3 to 4.5.4
> --
>
> Key: RANGER-2898
> URL: https://issues.apache.org/jira/browse/RANGER-2898
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Nixon Rodrigues
>Priority: Major
> Fix For: 2.1.0
>
>
> Found below exception in atlas application.log where audits were not getting
> added in SOLR from Atlas plugin.
> {code:java}
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ Request to collection [ranger_audits] failed due to (0)
> java.lang.ClassCastException: [B cannot be cast to java.lang.String, retry=0
> commError=false errorCode=0 (CloudSolrClient:925) 2020-07-01 12:22:27,019
> INFO -
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ request was not communication error it seems (CloudSolrClient:953)
> 2020-07-01 12:22:27,020 WARN -
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ failed to log audit event:
> \{"repoType":15,"repo":"xxx-xx","reqUser":"oozie_execute","evtTime":"2020-06-18
>
> 08:27:18.918","access":"entity-create","resource":"hive_db/[]/x@xxx-xxx","resType":"entity","action":"entity-create","result":0,"agent":"atlas","policy":-1,"enforcer":"ranger-acl","cliIP":"172.1.1.1","agentHost":"xxx-xxx-xx-x.xxx","logType":"RangerAudit","id":"13729e1e-e901-4e4a-ac49-0cf21701c63b-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"xx-xxx"}
> (BaseAuditHandler:374)
> org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException:
> java.lang.ClassCastException: [B cannot be cast to java.lang.String
> {code}
> its due to HTTPCLIENT-1836
> To fix above issue:- Upgrade httpclient from 4.5.3 to 4.5.4.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2898) Upgrade httpclient from 4.5.3 to 4.5.4
[
https://issues.apache.org/jira/browse/RANGER-2898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2898:
Fix Version/s: (was: 2.1.0)
> Upgrade httpclient from 4.5.3 to 4.5.4
> --
>
> Key: RANGER-2898
> URL: https://issues.apache.org/jira/browse/RANGER-2898
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Nixon Rodrigues
>Priority: Major
>
> Found below exception in atlas application.log where audits were not getting
> added in SOLR from Atlas plugin.
> {code:java}
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ Request to collection [ranger_audits] failed due to (0)
> java.lang.ClassCastException: [B cannot be cast to java.lang.String, retry=0
> commError=false errorCode=0 (CloudSolrClient:925) 2020-07-01 12:22:27,019
> INFO -
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ request was not communication error it seems (CloudSolrClient:953)
> 2020-07-01 12:22:27,020 WARN -
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ failed to log audit event:
> \{"repoType":15,"repo":"xxx-xx","reqUser":"oozie_execute","evtTime":"2020-06-18
>
> 08:27:18.918","access":"entity-create","resource":"hive_db/[]/x@xxx-xxx","resType":"entity","action":"entity-create","result":0,"agent":"atlas","policy":-1,"enforcer":"ranger-acl","cliIP":"172.1.1.1","agentHost":"xxx-xxx-xx-x.xxx","logType":"RangerAudit","id":"13729e1e-e901-4e4a-ac49-0cf21701c63b-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"xx-xxx"}
> (BaseAuditHandler:374)
> org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException:
> java.lang.ClassCastException: [B cannot be cast to java.lang.String
> {code}
> its due to HTTPCLIENT-1836
> To fix above issue:- Upgrade httpclient from 4.5.3 to 4.5.4.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2629) Service disabled should not use the last known version of policies
[ https://issues.apache.org/jira/browse/RANGER-2629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2629: Fix Version/s: (was: 2.1.0) > Service disabled should not use the last known version of policies > -- > > Key: RANGER-2629 > URL: https://issues.apache.org/jira/browse/RANGER-2629 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.0.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Attachments: > 0001-RANGER-2629-Service-disabled-should-not-use-the-last.patch > > > When service is disabled, the plugins should use an empty policy instead of > the last known version of policies. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2901) Remove libfb303 thrift library from Ranger dependency
[ https://issues.apache.org/jira/browse/RANGER-2901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159689#comment-17159689 ] Pradeep Agrawal commented on RANGER-2901: - [~rmani] : Please close the RR : [https://reviews.apache.org/r/72657/] > Remove libfb303 thrift library from Ranger dependency > - > > Key: RANGER-2901 > URL: https://issues.apache.org/jira/browse/RANGER-2901 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Minor > Fix For: 2.1.0 > > > Remove libfb303 thrift library from Ranger dependency. This library is used > in ranger hive plugin as a lookup feature dependency. This is not needed > anymore. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2909) Authorization support for atlas `entity-label` and `entity-business metadata`
[ https://issues.apache.org/jira/browse/RANGER-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159681#comment-17159681 ] Pradeep Agrawal commented on RANGER-2909: - [~nityananda] : Try both the patches which Nixon has suggested above. Let me know if issue is still there. > Authorization support for atlas `entity-label` and `entity-business metadata` > - > > Key: RANGER-2909 > URL: https://issues.apache.org/jira/browse/RANGER-2909 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: ranger-2.0 >Reporter: Nityananda Gohain >Assignee: Pradeep Agrawal >Priority: Major > > We were using Ranger 2.0.0 with Atlas which was working perfectly fine, but > we wanted authorisation for `entity-labels` and `entity-business-metadata` > that comes with new version of Atlas i.e Atlas 2.0.0. > # We tried building ranger from the master branch, but authorisation for > roles which were attached to policies was not working (authorisation for > users and groups attached to policies was working) > # Since the above didn’t work we tried building ranger from the specific > commit where the patch to support authorisation for labels and > business-metadata was added > [https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb] > , the same problem appeared here i.e authorisation for roles attached to > policies was not working > # Finally, we added the patches to Ranger 2.0.0 > ## Applied the patches > [https://github.com/atlanhq/ranger/commit/a252ecf4b1006cc78e1c48cc3bacc518401b4825] > , > [https://github.com/atlanhq/ranger/commit/a7024c23bf6f54e39dfb3b31f6186ebd21977f93] > ## After building and running ranger I had to manually delete the entry from > `x_db_version_h` table i.e `J10034` and then restart ranger to apply the > patch by running `db_setup.py`. Even after applying the patch, the changes > are not reflected. i.e(No option for `entity-label` and > `entity-business-metadata` (have also checked `x_access_type_def` table and > entity-label and entity-business-metadata was not present) > What will be the best way to move forward to support authorisation for > `labels` and `business-metadata` where authorisation policies work with roles. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2912) ranger and plugins will throw GSSAPI error when write audit log to ElasticSearch when cluster running on none security mode
[ https://issues.apache.org/jira/browse/RANGER-2912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2912. - Fix Version/s: 2.1.0 Resolution: Fixed Patch committed : [https://github.com/apache/ranger/commit/0fa3ef5497bc563e0ff80e9696fdb1bc309d7fe1] > ranger and plugins will throw GSSAPI error when write audit log to > ElasticSearch when cluster running on none security mode > --- > > Key: RANGER-2912 > URL: https://issues.apache.org/jira/browse/RANGER-2912 > Project: Ranger > Issue Type: Bug > Components: audit, plugins, Ranger >Reporter: rujia >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-issue-fix-for-es-audit.patch > > > user and password default set to 'NONE' when connect to ES, but ranger-audit > and plugins doesn't handle String 'NONE', and will try to get subject from > ENV for both sec and none sec mode. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2917) Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is enabled for ranger_audits index
[ https://issues.apache.org/jira/browse/RANGER-2917?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2917: Attachment: 0001-RANGER-2917-Avoid-recursive-audit-log-in-ES-Plugin-b.patch > Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is > enabled for ranger_audits index > --- > > Key: RANGER-2917 > URL: https://issues.apache.org/jira/browse/RANGER-2917 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Attachments: > 0001-RANGER-2917-Avoid-recursive-audit-log-in-ES-Plugin-b.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2917) Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is enabled for ranger_audits index
[ https://issues.apache.org/jira/browse/RANGER-2917?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2917: Description: Avoid recursive audit log in Elasticsearch Plugin by user "elasticsearch" when plugin is enabled for ranger_audit index. When Elasticsearch Plugin in enabled in the index "ranger_audits" ( ranger's audit log index), there will be recursive audit log getting generated for audits logs that are getting in this collection. This JIRA will address 1) recursive audit log done by service user "elasticsearch" in the ranger_audit index. 2) provide a configuration parameter to add service users to exclude from audit log for "ranger_audit" index. This is in case if customer users are used as service user in Elasticsearch process. > Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is > enabled for ranger_audits index > --- > > Key: RANGER-2917 > URL: https://issues.apache.org/jira/browse/RANGER-2917 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2917-Avoid-recursive-audit-log-in-ES-Plugin-b.patch > > > Avoid recursive audit log in Elasticsearch Plugin by user "elasticsearch" > when plugin is enabled for ranger_audit index. > When Elasticsearch Plugin in enabled in the index "ranger_audits" ( ranger's > audit log index), there will be recursive audit log getting generated for > audits logs that are getting in this collection. > This JIRA will address > 1) recursive audit log done by service user "elasticsearch" in the > ranger_audit index. > 2) provide a configuration parameter to add service users to exclude from > audit log for "ranger_audit" index. This is in case if customer users are > used as service user in Elasticsearch process. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2919) Source policies gets deleted after importing policy with deleteifexists parameter
[ https://issues.apache.org/jira/browse/RANGER-2919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2919: Attachment: 0001-RANGER-2919.patch > Source policies gets deleted after importing policy with deleteifexists > parameter > - > > Key: RANGER-2919 > URL: https://issues.apache.org/jira/browse/RANGER-2919 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Attachments: 0001-RANGER-2919.patch > > > Steps to Reproduce: > 1. Create 2 Hbase service i.e. hbase1 and hbase2, > 2. Create some policies in service - hbase1 > 3. perform policy import from source service - hbase1 to target service - > hbase2 > 4. Policies from service - hbase1 gets successfully imported to service - > hbase2 as per deleteifexist parameter feature > 5. After import, Policies from source service - hbase1 also gets deleted -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2925) Ranger UI - third party library version upgrades part 1
[ https://issues.apache.org/jira/browse/RANGER-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2925: Fix Version/s: 2.1.0 > Ranger UI - third party library version upgrades part 1 > --- > > Key: RANGER-2925 > URL: https://issues.apache.org/jira/browse/RANGER-2925 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2925.patch, 0002-RANGER-2925.patch > > > In this we update backbone.js ,underscore.js, require.js. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2939) Search functionality with Cluster name is not working on Audit>>Access and Plugins tab
[ https://issues.apache.org/jira/browse/RANGER-2939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2939: Fix Version/s: 2.1.0 > Search functionality with Cluster name is not working on Audit>>Access and > Plugins tab > -- > > Key: RANGER-2939 > URL: https://issues.apache.org/jira/browse/RANGER-2939 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2939.patch > > > Expected Result: Search functionality with cluster name should work on > Audit>>Access and Plugins tab > Actual Result: Search Functionality with cluster name is not working on > Audit>>Access and Plugins tab > Steps to Reproduce: > # Go to Audit>>Access Tab > # Search with Cluster Name : Cluster 1 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2922) Query info not included for solr query audits in Ranger
[ https://issues.apache.org/jira/browse/RANGER-2922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2922: Fix Version/s: 2.1.0 > Query info not included for solr query audits in Ranger > --- > > Key: RANGER-2922 > URL: https://issues.apache.org/jira/browse/RANGER-2922 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Sailaja Polavarapu >Assignee: Sailaja Polavarapu >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2922-Added-code-to-audit-events-for-document-.patch, > 0001-RANGER-2922-Minor-change-of-moving-solr-plugin-initi.patch, solraudit.png > > > For solr document level authorization, audit events don't include query > information. > !solraudit.png! -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2950) Upgrade Spring framework and Spring Security libraries.
Pradeep Agrawal created RANGER-2950: --- Summary: Upgrade Spring framework and Spring Security libraries. Key: RANGER-2950 URL: https://issues.apache.org/jira/browse/RANGER-2950 Project: Ranger Issue Type: Improvement Components: Ranger Affects Versions: 2.1.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 2.1.0 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2950) Upgrade Spring framework and Spring Security libraries.
[ https://issues.apache.org/jira/browse/RANGER-2950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2950: Affects Version/s: (was: 2.1.0) > Upgrade Spring framework and Spring Security libraries. > --- > > Key: RANGER-2950 > URL: https://issues.apache.org/jira/browse/RANGER-2950 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Minor > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2950) Upgrade Spring framework and Spring Security libraries.
[ https://issues.apache.org/jira/browse/RANGER-2950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2950: Fix Version/s: (was: 2.1.0) > Upgrade Spring framework and Spring Security libraries. > --- > > Key: RANGER-2950 > URL: https://issues.apache.org/jira/browse/RANGER-2950 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Minor > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2949) Upgrade Tomcat to 7.0.105
[ https://issues.apache.org/jira/browse/RANGER-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2949: Fix Version/s: (was: 2.1.0) 3.0.0 > Upgrade Tomcat to 7.0.105 > - > > Key: RANGER-2949 > URL: https://issues.apache.org/jira/browse/RANGER-2949 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Mahesh Hanumant Bandal >Assignee: Mahesh Hanumant Bandal >Priority: Minor > Fix For: 3.0.0 > > > Upgrade Tomcat version to follow best practices -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2949) Upgrade Tomcat to 7.0.105
[ https://issues.apache.org/jira/browse/RANGER-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2949: Fix Version/s: (was: 3.0.0) 2.1.0 > Upgrade Tomcat to 7.0.105 > - > > Key: RANGER-2949 > URL: https://issues.apache.org/jira/browse/RANGER-2949 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Mahesh Hanumant Bandal >Assignee: Mahesh Hanumant Bandal >Priority: Minor > Fix For: 2.1.0 > > > Upgrade Tomcat version to follow best practices -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2947) [Ranger][Policy Import] Usage of serviceType config while importing ranger policy for any service
[ https://issues.apache.org/jira/browse/RANGER-2947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2947. - Fix Version/s: 2.1.0 Resolution: Fixed Commit links: [https://github.com/apache/ranger/commit/d2eaba6739895fff34b6d6e492b66d27756a39b7] [https://github.com/apache/ranger/commit/876d0bcb853cb46975b8c1b6953c748c2404ea8b] > [Ranger][Policy Import] Usage of serviceType config while importing ranger > policy for any service > - > > Key: RANGER-2947 > URL: https://issues.apache.org/jira/browse/RANGER-2947 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 2.1.0 > > > Observed that serviceType config is currently not used while importing a > ranger policy, so we can give any random value or a different service name > [from the service name to which import should happen] > *Solution* > Added validation to check for serviceType provided in import policy to > it's service. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2888) Upgrade Spring framework to version 4.3.27.RELEASE
Pradeep Agrawal created RANGER-2888: --- Summary: Upgrade Spring framework to version 4.3.27.RELEASE Key: RANGER-2888 URL: https://issues.apache.org/jira/browse/RANGER-2888 Project: Ranger Issue Type: Improvement Components: Ranger Affects Versions: 2.1.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 2.1.0 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2855) import policy for ranger is not working properly if updateifexist parameter is passed
[ https://issues.apache.org/jira/browse/RANGER-2855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17148567#comment-17148567 ] Pradeep Agrawal commented on RANGER-2855: - Patch committed : [https://github.com/apache/ranger/commit/a14b6d6aa57d6bc0026713e73750df716c65aa8f] > import policy for ranger is not working properly if updateifexist parameter > is passed > - > > Key: RANGER-2855 > URL: https://issues.apache.org/jira/browse/RANGER-2855 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 2.1.0 > > > *Problem Statement:* > Currently, Import Policy API provide option to updateIfExist all policies of > given service but it update the non matching policy. > *Current Imlementation* > 'updateIfExists' flag : API shall update existing policies with new policy > json based on either of the following conditions. > a) existing and new policy guid is matching > b) existing and new policy name, service and zone are matching > c) existing and new policy name and service are matching. > If there is a policy which matches the resource, the policy should be updated > with the data provided. > If there is no policy which matches the resource, a new policy should be > created with the data provided. > *Proposed Solution :* > Patch shall compare resource signature of existing policy with new policy > provide if it matches then update otherwise create new policy. > *Behaviour of the Import API shall be:* > 1) 'Override' flag : API shall delete all the policies of given target > service and shall create the new policies from the received json. > 2) 'deleteIfExists' flag : API shall delete those existing policies which are > exactly matching after comparing with new policy based on their resources. > After deleting the existing policy, API shall create the new policy from the > given json file. > 3) 'updateIfExists' flag with polResource input : API shall delete all the > existing policies from target service of which resources are exactly matching > with given policies resources. > 4) 'updateIfExists' flag without resource input : API shall update existing > policies with new policy json based on following conditions. > a) existing and new policy should match by resource signature > 5) 'mergeIfExists' flag : API shall merge the existing policy's policy-items > with the new policy of which resources will match exactly with available > policies. > 6) 'deleteIfExists' flag and 'updateIfExists' : delete the policies of which > resources are exactly matching. update the policies which are matching else > will create the policy. > If none of the cases are matching then API shall try to create the policy. > Policy creation validation will be done before creating the policy. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2864) Group creation is failing during import policy
[ https://issues.apache.org/jira/browse/RANGER-2864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2864: Fix Version/s: 2.1.0 > Group creation is failing during import policy > -- > > Key: RANGER-2864 > URL: https://issues.apache.org/jira/browse/RANGER-2864 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 2.1.0 > > > while creating a group during import policy, description field is null that > is leading to fail group creation. > As "descr" column in the table is not null for x_group in mysql. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2810) Kafka with Ranger plugin will fail
[ https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2810. - Resolution: Information Provided > Kafka with Ranger plugin will fail > -- > > Key: RANGER-2810 > URL: https://issues.apache.org/jira/browse/RANGER-2810 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master, 2.0.0, 2.1.0 > Environment: CentOS Linux release 7.6.1810 (Core) > Ranger 2.0.0 >Reporter: bright.zhou >Assignee: Pradeep Agrawal >Priority: Blocker > Attachments: 0001-kafka-authorizer-ticket-expired-fix.patch, > image-2020-06-15-14-46-53-528.png > > > We use Ranger plugin to admin acls of Kafka cluster. At first , everything is > ok, but after 10h+ of kafka start, there is something wrong occured, we can > see error log in kafka-root.log, the error log is `Authentication failed > during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ > name protocol error: x `。To solve this we had to restart Kafka, It's so > strange that if i change `authorizer.class.name` to > `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger > is related with acls and not related with SASL authentication,so i want to > ask for help. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2863) Ranger UI Improvement.
[ https://issues.apache.org/jira/browse/RANGER-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2863: Fix Version/s: 2.1.0 > Ranger UI Improvement. > -- > > Key: RANGER-2863 > URL: https://issues.apache.org/jira/browse/RANGER-2863 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2863.patch, 0002-RANGER-2863.patch, > 0003-RANGER-2863.patch, display1.png, display2.png > > > UI Improvement > 1 . Added sidebar for all page. This will make navigation between various > repositories a lot easier -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2545) Migrate Ranger Logging to slf4j framework
[ https://issues.apache.org/jira/browse/RANGER-2545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2545: Fix Version/s: (was: 2.1.0) > Migrate Ranger Logging to slf4j framework > - > > Key: RANGER-2545 > URL: https://issues.apache.org/jira/browse/RANGER-2545 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Minor > Attachments: > 0001-RANGER-2545-Migrate-Ranger-Logging-to-slf4j-framewor.patch > > > Ranger has direct references to Log4j1. > As a result, systems which have moved over to using log4j2, logback etc via > slf4j as a facade end up requiring multiple logging configuration files. One > log4j1 config file for ranger, and another for the rest of the component. > Would be useful to move to slf4j or some other logging facade. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2855) import policy for ranger is not working properly if updateifexist parameter is passed
[ https://issues.apache.org/jira/browse/RANGER-2855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2855: Fix Version/s: 2.1.0 > import policy for ranger is not working properly if updateifexist parameter > is passed > - > > Key: RANGER-2855 > URL: https://issues.apache.org/jira/browse/RANGER-2855 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 2.1.0 > > > *Problem Statement:* > Currently, Import Policy API provide option to updateIfExist all policies of > given service but it update the non matching policy. > *Current Imlementation* > 'updateIfExists' flag : API shall update existing policies with new policy > json based on either of the following conditions. > a) existing and new policy guid is matching > b) existing and new policy name, service and zone are matching > c) existing and new policy name and service are matching. > If there is a policy which matches the resource, the policy should be updated > with the data provided. > If there is no policy which matches the resource, a new policy should be > created with the data provided. > *Proposed Solution :* > Patch shall compare resource signature of existing policy with new policy > provide if it matches then update otherwise create new policy. > *Behaviour of the Import API shall be:* > 1) 'Override' flag : API shall delete all the policies of given target > service and shall create the new policies from the received json. > 2) 'deleteIfExists' flag : API shall delete those existing policies which are > exactly matching after comparing with new policy based on their resources. > After deleting the existing policy, API shall create the new policy from the > given json file. > 3) 'updateIfExists' flag with polResource input : API shall delete all the > existing policies from target service of which resources are exactly matching > with given policies resources. > 4) 'updateIfExists' flag without resource input : API shall update existing > policies with new policy json based on following conditions. > a) existing and new policy should match by resource signature > 5) 'mergeIfExists' flag : API shall merge the existing policy's policy-items > with the new policy of which resources will match exactly with available > policies. > 6) 'deleteIfExists' flag and 'updateIfExists' : delete the policies of which > resources are exactly matching. update the policies which are matching else > will create the policy. > If none of the cases are matching then API shall try to create the policy. > Policy creation validation will be done before creating the policy. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2888) Upgrade Spring framework to version 4.3.27.RELEASE
[ https://issues.apache.org/jira/browse/RANGER-2888?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2888: Attachment: 0001-RANGER-2888-Upgrade-Spring-framework-to-version-4.3..patch > Upgrade Spring framework to version 4.3.27.RELEASE > -- > > Key: RANGER-2888 > URL: https://issues.apache.org/jira/browse/RANGER-2888 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Minor > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2888-Upgrade-Spring-framework-to-version-4.3..patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2856) A policy should be deleted if it has no policyItems
[
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17149442#comment-17149442
]
Pradeep Agrawal commented on RANGER-2856:
-
[~RickyMa] : Upload this patch [https://github.com/apache/ranger/pull/66/files]
at RR [https://reviews.apache.org/r/72588/]
> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets
> one user and no groups.
> Action: Delete the user in the policyItem using API:
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no
> policyItems is completely meaningless and it should be deleted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-2856) A policy should be deleted if it has no policyItems
[
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150431#comment-17150431
]
Pradeep Agrawal commented on RANGER-2856:
-
[~RickyMa] : I see your patch diff like this :
[https://reviews.apache.org/r/72588/diff/1#index_header]
!image-2020-07-02-21-58-59-495.png!
> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets
> one user and no groups.
> Action: Delete the user in the policyItem using API:
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no
> policyItems is completely meaningless and it should be deleted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2856) A policy should be deleted if it has no policyItems
[
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2856:
Attachment: image-2020-07-02-21-58-59-495.png
> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets
> one user and no groups.
> Action: Delete the user in the policyItem using API:
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no
> policyItems is completely meaningless and it should be deleted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2856) A policy should be deleted if it has no policyItems
[
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2856:
Attachment: image-2020-07-02-22-03-36-267.png
> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png,
> image-2020-07-02-22-03-36-267.png
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets
> one user and no groups.
> Action: Delete the user in the policyItem using API:
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no
> policyItems is completely meaningless and it should be deleted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-2856) A policy should be deleted if it has no policyItems
[
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150436#comment-17150436
]
Pradeep Agrawal commented on RANGER-2856:
-
[~RickyMa] : if [^RANGER-2856.patch] is your proposed patch then download that
file and go to your RR and select: update -> update Diff -> select the file and
upload it. After upload publish the RR again.
!image-2020-07-02-22-03-36-267.png!
> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png,
> image-2020-07-02-22-03-36-267.png
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets
> one user and no groups.
> Action: Delete the user in the policyItem using API:
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no
> policyItems is completely meaningless and it should be deleted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (RANGER-2903) Remove elasticsearch audit's is_enabled property from config
Pradeep Agrawal created RANGER-2903: --- Summary: Remove elasticsearch audit's is_enabled property from config Key: RANGER-2903 URL: https://issues.apache.org/jira/browse/RANGER-2903 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.1.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 2.1.0 Remove elasticsearch audit's is_enabled property from config as it may cause plugin setup/start failure. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2903) Remove elasticsearch audit's is_enabled property from config
[ https://issues.apache.org/jira/browse/RANGER-2903?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2903: Attachment: 0001-RANGER-2903-Remove-elasticsearch-audit-s-is_enabled-.patch > Remove elasticsearch audit's is_enabled property from config > > > Key: RANGER-2903 > URL: https://issues.apache.org/jira/browse/RANGER-2903 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Blocker > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2903-Remove-elasticsearch-audit-s-is_enabled-.patch > > > Remove elasticsearch audit's is_enabled property from config as it may cause > plugin setup/start failure. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2905) Failed to log Audit event in Elasticsearch
[
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17154706#comment-17154706
]
Pradeep Agrawal commented on RANGER-2905:
-
[~iammehrabalam] : Can you take the latest pull and attached patch and see if
changes are working for you or not.
> Failed to log Audit event in Elasticsearch
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments:
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e
> empty string) type.
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>
> {code:java}
> 2020-07-08 22:55:24,740 ERROR
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
> 1: type is missing;
> at
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version:
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2905) Failed to log Audit event in Elasticsearch
[
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2905:
Attachment: (was:
0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch)
> Failed to log Audit event in Elasticsearch
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments:
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e
> empty string) type.
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>
> {code:java}
> 2020-07-08 22:55:24,740 ERROR
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
> 1: type is missing;
> at
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version:
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2905) Failed to log Audit event in Elasticsearch
[
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2905:
Attachment: 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
> Failed to log Audit event in Elasticsearch
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments:
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e
> empty string) type.
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>
> {code:java}
> 2020-07-08 22:55:24,740 ERROR
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
> 1: type is missing;
> at
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version:
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Assigned] (RANGER-2905) Failed to log Audit event in Elasticsearch
[
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal reassigned RANGER-2905:
---
Assignee: Pradeep Agrawal
> Failed to log Audit event in Elasticsearch
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
>
>
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e
> empty string) type.
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>
> {code:java}
> 2020-07-08 22:55:24,740 ERROR
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
> 1: type is missing;
> at
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version:
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2905) Failed to log Audit event in Elasticsearch
[
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2905:
Attachment: 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
> Failed to log Audit event in Elasticsearch
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments:
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e
> empty string) type.
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>
> {code:java}
> 2020-07-08 22:55:24,740 ERROR
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
> 1: type is missing;
> at
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version:
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Reopened] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin
[ https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reopened RANGER-2891: - > Add checkCanShowColumnsMetadata for presto plugin > - > > Key: RANGER-2891 > URL: https://issues.apache.org/jira/browse/RANGER-2891 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Minor > Attachments: > 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, > 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot > 2020-07-05 at 9.02.55 PM.png > > > plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think > it should be implemented. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2877) ElasticSearch-Plugin throws NullPointException when the type of request is 'PutMappingRequest'
[
https://issues.apache.org/jira/browse/RANGER-2877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal resolved RANGER-2877.
-
Fix Version/s: 2.1.0
Resolution: Fixed
[https://github.com/apache/ranger/commit/4160ebfc7cb1db642e8ba7fdbaa72142978e764b]
> ElasticSearch-Plugin throws NullPointException when the type of request is
> 'PutMappingRequest'
> --
>
> Key: RANGER-2877
> URL: https://issues.apache.org/jira/browse/RANGER-2877
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-ElasticSearch-plugin-NullPointException-fix.patch,
> ES Processing logic.png, NullPointException.png
>
>
> *request*: curl -XPUT --tlsv1.2 --negotiate -k -u :
> '[https://x:xxx/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true'|https://10.244.224.123:24100/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true%27]
> -H 'Content-Type:application/json' -d
> '\{"mapping":{"properties":{"age":"text"}}}'
> then ES will print NullPointException in it's log file, and the request will
> fail
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin
[ https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2891. - Resolution: Fixed Patch committed : [https://github.com/apache/ranger/commit/0fa35a1d00de7899effa5a589713baf947cabd2b] > Add checkCanShowColumnsMetadata for presto plugin > - > > Key: RANGER-2891 > URL: https://issues.apache.org/jira/browse/RANGER-2891 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Minor > Attachments: > 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, > 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot > 2020-07-05 at 9.02.55 PM.png > > > plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think > it should be implemented. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2887) Upgrade Tomcat to 7.0.104
[ https://issues.apache.org/jira/browse/RANGER-2887?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2887. - Resolution: Fixed Patch committed : [https://github.com/apache/ranger/commit/23b49c581dedea32bf8a03b503f9337530427521] > Upgrade Tomcat to 7.0.104 > - > > Key: RANGER-2887 > URL: https://issues.apache.org/jira/browse/RANGER-2887 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Mahesh Hanumant Bandal >Assignee: Mahesh Hanumant Bandal >Priority: Minor > Fix For: 2.1.0 > > > Upgrade Tomcat version to follow best practices -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2856) A policy should be deleted if it has no policyItems
[
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152565#comment-17152565
]
Pradeep Agrawal commented on RANGER-2856:
-
[~RickyMa] : Please close the RR.
Next time please create the patch using "git format-patch" command.
> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: 2.1.0
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png,
> image-2020-07-02-22-03-36-267.png
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets
> one user and no groups.
> Action: Delete the user in the policyItem using API:
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no
> policyItems is completely meaningless and it should be deleted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (RANGER-2856) A policy should be deleted if it has no policyItems
[
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal resolved RANGER-2856.
-
Fix Version/s: (was: master)
2.1.0
Resolution: Fixed
> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: 2.1.0
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png,
> image-2020-07-02-22-03-36-267.png
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets
> one user and no groups.
> Action: Delete the user in the policyItem using API:
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no
> policyItems is completely meaningless and it should be deleted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-2856) A policy should be deleted if it has no policyItems
[
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152564#comment-17152564
]
Pradeep Agrawal commented on RANGER-2856:
-
Patch committed :
[https://github.com/apache/ranger/commit/400beaa7604e4c83d051dc6e83b8bc109e5d8c53]
> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png,
> image-2020-07-02-22-03-36-267.png
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets
> one user and no groups.
> Action: Delete the user in the policyItem using API:
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no
> policyItems is completely meaningless and it should be deleted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (RANGER-2902) Add policy id to the list of filters in Access Audit Tab
[ https://issues.apache.org/jira/browse/RANGER-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2902. - Fix Version/s: 2.1.0 Resolution: Fixed [https://github.com/apache/ranger/commit/c66c8384757be11335d62f72e63b8da5a5f58234] > Add policy id to the list of filters in Access Audit Tab > > > Key: RANGER-2902 > URL: https://issues.apache.org/jira/browse/RANGER-2902 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2902.patch > > > Add policy Id filter to Access Audit Tab. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2900) Include policy priority in policy details popup on access auidts page
[ https://issues.apache.org/jira/browse/RANGER-2900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2900. - Resolution: Fixed Patch committed : [https://github.com/apache/ranger/commit/87cc02b103c15297e8b8ddb12a8997517a27fc1c] > Include policy priority in policy details popup on access auidts page > - > > Key: RANGER-2900 > URL: https://issues.apache.org/jira/browse/RANGER-2900 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: suja s >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2900.patch, policypriorityscreen1.png, > policypriorityscreen2.png > > > Access Audits page on UI - On clicking on policyid, a popup is displayed with > details of the policy that is getting enforced. Suggestion is to include > policy priority also as part of details. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2907) Ranger Plugin is not using default TrustManager if a trustmanager is not specified in ranger-policymgr-ssl.xml
[ https://issues.apache.org/jira/browse/RANGER-2907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2907: Attachment: 0001-RANGER-2907-Ranger-Plugin-is-not-using-default-Trust.patch > Ranger Plugin is not using default TrustManager if a trustmanager is not > specified in ranger-policymgr-ssl.xml > -- > > Key: RANGER-2907 > URL: https://issues.apache.org/jira/browse/RANGER-2907 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0 >Reporter: Selvamohan Neethiraj >Assignee: Selvamohan Neethiraj >Priority: Critical > Attachments: > 0001-RANGER-2907-Ranger-Plugin-is-not-using-default-Trust.patch > > > When a CA certified certificate is used by Ranger Admin, the RangerPlugin > should be able to use the default cacerts (from JVM) without having to > configure it manually. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2907) Ranger Plugin is not using default TrustManager if a trustmanager is not specified in ranger-policymgr-ssl.xml
[ https://issues.apache.org/jira/browse/RANGER-2907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17156700#comment-17156700 ] Pradeep Agrawal commented on RANGER-2907: - [~sneethiraj] : Shall attached patch resolve the issue. I have not tested this patch as I don't have an env to test the patch. > Ranger Plugin is not using default TrustManager if a trustmanager is not > specified in ranger-policymgr-ssl.xml > -- > > Key: RANGER-2907 > URL: https://issues.apache.org/jira/browse/RANGER-2907 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0 >Reporter: Selvamohan Neethiraj >Assignee: Selvamohan Neethiraj >Priority: Critical > Attachments: > 0001-RANGER-2907-Ranger-Plugin-is-not-using-default-Trust.patch > > > When a CA certified certificate is used by Ranger Admin, the RangerPlugin > should be able to use the default cacerts (from JVM) without having to > configure it manually. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2908) Upgrade jackson version to 2.10.3
[ https://issues.apache.org/jira/browse/RANGER-2908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2908. - Fix Version/s: 2.1.0 Resolution: Fixed [https://github.com/apache/ranger/commit/850e31e31087fad03ba519d1246d2f0bd70cb669] > Upgrade jackson version to 2.10.3 > - > > Key: RANGER-2908 > URL: https://issues.apache.org/jira/browse/RANGER-2908 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 2.1.0 > > > Upgrade jackson version to 2.10.3 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2888) Upgrade Spring framework to version 4.3.27.RELEASE
[ https://issues.apache.org/jira/browse/RANGER-2888?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2888: Attachment: 0001-RANGER-2888-Upgrade-Spring-framework-libraries.patch > Upgrade Spring framework to version 4.3.27.RELEASE > -- > > Key: RANGER-2888 > URL: https://issues.apache.org/jira/browse/RANGER-2888 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Minor > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2888-Upgrade-Spring-framework-libraries.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2888) Upgrade Spring framework to version 4.3.27.RELEASE
[ https://issues.apache.org/jira/browse/RANGER-2888?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2888: Attachment: (was: 0001-RANGER-2888-Upgrade-Spring-framework-to-version-4.3..patch) > Upgrade Spring framework to version 4.3.27.RELEASE > -- > > Key: RANGER-2888 > URL: https://issues.apache.org/jira/browse/RANGER-2888 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Minor > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2888-Upgrade-Spring-framework-libraries.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2858) 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies
[ https://issues.apache.org/jira/browse/RANGER-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17155145#comment-17155145 ] Pradeep Agrawal commented on RANGER-2858: - Patch 2([https://reviews.apache.org/r/72659/]) committed to master : [https://github.com/apache/ranger/commit/708085410ff2bbbde5f9343c31cd0a1b45f5efa8] > 'show databases' gives permission denied error, even though the user has > permissions on a few of the databases in security zone policies > > > Key: RANGER-2858 > URL: https://issues.apache.org/jira/browse/RANGER-2858 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 2.1.0 > > > When user has permissions on a few of the databases in security zone > policies, "show databases" command is expected to list databases on which the > user has some permission in any security zone(s). However, the command fails > with the following message. > > FAILED: HiveAccessControlException Permission denied: user [behemoth] does > not have [USE] privilege on [Unknown resource!!] > > org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException: > Permission denied: user [behemoth] does not have [USE] privilege on [Unknown > resource!!] > at > org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:487) > > Furthermore, command "use " where is name of the > database where user has some access in any security zone, succeeds. > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2905) Failed to log Audit event in Elasticsearch
[
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17155074#comment-17155074
]
Pradeep Agrawal commented on RANGER-2905:
-
[~iammehrabalam]: Thanks
> Failed to log Audit event in Elasticsearch
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments:
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e
> empty string) type.
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>
> {code:java}
> 2020-07-08 22:55:24,740 ERROR
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
> 1: type is missing;
> at
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version:
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-2117) RangerKafkaAuthorizer to support new resources and operations which are in Apache Kafka 1.0.0
[ https://issues.apache.org/jira/browse/RANGER-2117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17143570#comment-17143570 ] Pradeep Agrawal commented on RANGER-2117: - [~RickyMa] : One straight forward way will be that replace all these files in your online Ranger environment and execute the java patch security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10015.java. to do so you might have to do below steps: a) make sure install.properties files have correct values. b) remove "JAVA_PATCHES" entry from x_db_version_h table if its there. c) After above steps run : python db_setup.py -javapatch if the above process is not possible or does not work then try the below option. 1) install same version of ranger in stage environment without this patch, take the backup of ranger db. 2) apply this patch on the same version of ranger code and build the ranger. 3) install the new ranger with old config you used in step-1. 4) compare the db changes in step-1 and step-3, changes will be mostly in x_service_def and its child tables. create the sql statements for the diff. 5) alternate way of finding diff from step 4 : in steps take the backup in sql format and after step 3 also take the backup in sql format. compare both sql files and figure out the changes. If any of the above steps is not clear then please ask again, and if possible attach more details. > RangerKafkaAuthorizer to support new resources and operations which are in > Apache Kafka 1.0.0 > - > > Key: RANGER-2117 > URL: https://issues.apache.org/jira/browse/RANGER-2117 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master, 1.1.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 1.0.0, master, 1.1.0 > > Attachments: > 0001-RANGER-2117-RangerKafkaAuthorizer-to-support-new-res.patch > > > Apache Kafka has new resource - TransactionID to support transaction feature > in Kafka1.0.0. > Also there are new operation - Idempotent Write, DescribeConfigs and > AlterConfigs at Topic and Cluster level. > https://cwiki.apache.org/confluence/display/KAFKA/Kafka+Authorizations -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2871) Add Support of HBASE-20653 features in Ranger Hbase plugin
Pradeep Agrawal created RANGER-2871: --- Summary: Add Support of HBASE-20653 features in Ranger Hbase plugin Key: RANGER-2871 URL: https://issues.apache.org/jira/browse/RANGER-2871 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Currently the following region server group operations don't have corresponding implementation in RangerAuthorizationCoprocessor : AddRSGroup, RemoveRSGroup, BalanceRSGroup, RemoveServers, moveServers, listRSGroups, moveServersAndTables, moveTables, getRSGroupInfo, getRSGroupInfoOfTable, getRSGroupOfServer Note: Since current hbase version in ranger master does not have the implementation in Hbase MasterObserver class, the implementation of above method will be blocked untill Ranger usage the hbase version which has this feature support. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2869) Ranger audit module to provide an option to generate a GUID for each audit log
[ https://issues.apache.org/jira/browse/RANGER-2869?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2869: Fix Version/s: 2.1.0 > Ranger audit module to provide an option to generate a GUID for each audit log > -- > > Key: RANGER-2869 > URL: https://issues.apache.org/jira/browse/RANGER-2869 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2869-Ranger-audit-module-to-provide-an-option_apache.patch > > > * Ranger audit module to provide an option to generate a GUID for each audit > log. > Currently, it's not a strick UUID and this Jira will provide an option to > generate either a strict UUID or it uses what is currently supported. > To enable strict UUID generation set param > "xasecure.audit.auditid.strict.uuid=true" in ranger--audit.xml. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2872) The Ranger authentication group permission of the ES does not take effect.
Pradeep Agrawal created RANGER-2872: --- Summary: The Ranger authentication group permission of the ES does not take effect. Key: RANGER-2872 URL: https://issues.apache.org/jira/browse/RANGER-2872 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.0.0, 2.1.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 2.1.0 In Elastic search plugin group ACL is not working. When a user is in a group and user is not added in the ranger elasticsearch policy but group is added in the policy then user request to elasticsearch API fails. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2872) The Ranger authentication group permission of the ES does not take effect.
[ https://issues.apache.org/jira/browse/RANGER-2872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2872: Attachment: 0001-RANGER-2872-The-Ranger-authentication-group-permissi.patch > The Ranger authentication group permission of the ES does not take effect. > -- > > Key: RANGER-2872 > URL: https://issues.apache.org/jira/browse/RANGER-2872 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.0.0, 2.1.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2872-The-Ranger-authentication-group-permissi.patch > > > In Elastic search plugin group ACL is not working. When a user is in a group > and user is not added in the ranger elasticsearch policy but group is added > in the policy then user request to elasticsearch API fails. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2849) Allow Ranger to be configurable to not disclose server version
[ https://issues.apache.org/jira/browse/RANGER-2849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2849. - Resolution: Fixed > Allow Ranger to be configurable to not disclose server version > -- > > Key: RANGER-2849 > URL: https://issues.apache.org/jira/browse/RANGER-2849 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Mehul Parikh >Assignee: Mahesh Hanumant Bandal >Priority: Major > Fix For: 2.1.0 > > Attachments: RANGER-2849-V1.patch > > > Allow Ranger to be configurable to not disclose server version -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2849) Allow Ranger to be configurable to not disclose server version
[ https://issues.apache.org/jira/browse/RANGER-2849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17130622#comment-17130622 ] Pradeep Agrawal commented on RANGER-2849: - Patch committed : [https://github.com/apache/ranger/commit/734485dd2149db628b3353279a9f16b45de91956] [~maheshbandal] : Please close the RR. > Allow Ranger to be configurable to not disclose server version > -- > > Key: RANGER-2849 > URL: https://issues.apache.org/jira/browse/RANGER-2849 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Mehul Parikh >Assignee: Mahesh Hanumant Bandal >Priority: Major > Fix For: 2.1.0 > > Attachments: RANGER-2849-V1.patch > > > Allow Ranger to be configurable to not disclose server version -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2852) Add .gitattributes file to prevent CRLF and LF mismatches for source and text files
[ https://issues.apache.org/jira/browse/RANGER-2852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2852: Attachment: 0001-RANGER-2852-Add-.gitattributes-file-to-prevent-CRLF-.patch > Add .gitattributes file to prevent CRLF and LF mismatches for source and text > files > --- > > Key: RANGER-2852 > URL: https://issues.apache.org/jira/browse/RANGER-2852 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Attachments: > 0001-RANGER-2852-Add-.gitattributes-file-to-prevent-CRLF-.patch > > > Source code in Ranger repo has a bunch of files that have CRLF endings. > I would like to avoid that by creating .gitattributes file which prevents > sources from having CRLF entries in text files. > I am adding a couple of links here to give more primer on what exactly is the > issue and how we are trying to fix it. > # [http://git-scm.com/docs/gitattributes#_checking_out_and_checking_in] > # > [http://stackoverflow.com/questions/170961/whats-the-best-crlf-handling-strategy-with-git] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2853) "Unauthenticated : Please check the permission in the policy for the user": An NPE in ranger admin when enable kms.
[
https://issues.apache.org/jira/browse/RANGER-2853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2853:
Fix Version/s: 2.1.0
> "Unauthenticated : Please check the permission in the policy for the user":
> An NPE in ranger admin when enable kms.
> ---
>
> Key: RANGER-2853
> URL: https://issues.apache.org/jira/browse/RANGER-2853
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Affects Versions: 1.2.0
>Reporter: gaozhan ding
>Priority: Major
> Fix For: 2.1.0
>
> Attachments:
> 0001-RANGER-2853-fix-NPE-error-in-ranger-admin-when-enabl.patch, image.png
>
>
> We use ranger with kerberos. When enable ranger-kms for hdfs encryption, we
> got an error from ranger admin web ui. On the premise that all configurations
> have been completed, I can not list keys in ranger admin, errors are as
> follows: Unauthenticated : Please check the permission in the policy for the
> user.
> {panel:title=logs in ranger admin:}
> -XX-XX 13:09:39,164 [http-bio-6182-exec-10] INFO
> org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:63) - Request
> failed. loginId=keyadmin, logMessage=Unauthenticated : Please check the
> permission in the policy for the user
> javax.ws.rs.WebApplicationException
> at
> org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:56)
> at
> org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:325)
> at org.apache.ranger.rest.XKeyREST.handleError(XKeyREST.java:215)
> at org.apache.ranger.rest.XKeyREST.searchKeys(XKeyREST.java:87)
> at
> org.apache.ranger.rest.XKeyREST$$FastClassBySpringCGLIB$$c5260d52.invoke()
> ..
> {panel}
> I studied the problem and found that this problem have nothing to do with
> authentication, it is an exception caused by NPE. I try print that exception:
> {panel:title=NPE}
> -XX-XX 07:16:42,615 [http-bio-6182-exec-2] ERROR
> org.apache.ranger.biz.KmsKeyMgr (KmsKeyMgr.java:176) - test_for_ranger:
> java.lang.NullPointerException
> at
> org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:395)
> at org.apache.hadoop.security.User.(User.java:48)
> at
> org.apache.hadoop.security.SecureClientLogin.loginUserFromKeytab(SecureClientLogin.java:66)
> at org.apache.ranger.biz.KmsKeyMgr.getSubjectForKerberos(KmsKeyMgr.java:574)
> at org.apache.ranger.biz.KmsKeyMgr.searchKeys(KmsKeyMgr.java:152)
> at org.apache.ranger.rest.XKeyREST.searchKeys(XKeyREST.java:85)
> at
> org.apache.ranger.rest.XKeyREST$$FastClassBySpringCGLIB$$c5260d52.invoke()
> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:736)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
> at
> org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:69)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
> at
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
> at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671)
> at
> org.apache.ranger.rest.XKeyREST$$EnhancerBySpringCGLIB$$5010f39f.searchKeys()
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
> at
> com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
> at
> com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
> at
> com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
> at
>
[jira] [Updated] (RANGER-2850) Add javax.annotation to Presto plugin to ensure java 11 support
[ https://issues.apache.org/jira/browse/RANGER-2850?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2850: Affects Version/s: 2.1.0 > Add javax.annotation to Presto plugin to ensure java 11 support > --- > > Key: RANGER-2850 > URL: https://issues.apache.org/jira/browse/RANGER-2850 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.1.0 >Reporter: Bolke de Bruin >Assignee: Bolke de Bruin >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2850-Ensure-inclusion-of-javax.annotations-in.patch > > > Presto's assembly is missing the annotation jar which makes it not work with > Java 11. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2850) Add javax.annotation to Presto plugin to ensure java 11 support
[ https://issues.apache.org/jira/browse/RANGER-2850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17127864#comment-17127864 ] Pradeep Agrawal commented on RANGER-2850: - [~bolke] : Patch is committed : [https://github.com/apache/ranger/commit/05f465ea950530a30e8c8491276d83324a7aa652] Please close the RR. > Add javax.annotation to Presto plugin to ensure java 11 support > --- > > Key: RANGER-2850 > URL: https://issues.apache.org/jira/browse/RANGER-2850 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Bolke de Bruin >Assignee: Bolke de Bruin >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2850-Ensure-inclusion-of-javax.annotations-in.patch > > > Presto's assembly is missing the annotation jar which makes it not work with > Java 11. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2850) Add javax.annotation to Presto plugin to ensure java 11 support
[ https://issues.apache.org/jira/browse/RANGER-2850?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2850. - Resolution: Fixed > Add javax.annotation to Presto plugin to ensure java 11 support > --- > > Key: RANGER-2850 > URL: https://issues.apache.org/jira/browse/RANGER-2850 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.1.0 >Reporter: Bolke de Bruin >Assignee: Bolke de Bruin >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2850-Ensure-inclusion-of-javax.annotations-in.patch > > > Presto's assembly is missing the annotation jar which makes it not work with > Java 11. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2483) Presto plugin uses /presto/plugins instead of /presto/plugin
[ https://issues.apache.org/jira/browse/RANGER-2483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2483: Fix Version/s: 2.1.0 > Presto plugin uses /presto/plugins instead of /presto/plugin > > > Key: RANGER-2483 > URL: https://issues.apache.org/jira/browse/RANGER-2483 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0 >Reporter: David Berger >Priority: Major > Fix For: 2.1.0 > > > Presto plugin uses /presto/plugins instead of /presto/plugin > The workaround is to create a symlink before enabling the plugin. > ln -s /presto/plugin presto/plugins > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2819) Create Ranger audit schema in given elasticsearch index
[ https://issues.apache.org/jira/browse/RANGER-2819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2819: Fix Version/s: 2.1.0 > Create Ranger audit schema in given elasticsearch index > --- > > Key: RANGER-2819 > URL: https://issues.apache.org/jira/browse/RANGER-2819 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2819-Create-Ranger-audit-schema-in-given-elas.patch > > > Create Ranger audit schema in given elasticsearch index. if index does not > exist then create the index as well. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2747) Ranger integration with presto works on "Release 317" but fails on versions later
[ https://issues.apache.org/jira/browse/RANGER-2747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2747: Fix Version/s: 2.1.0 > Ranger integration with presto works on "Release 317" but fails on versions > later > - > > Key: RANGER-2747 > URL: https://issues.apache.org/jira/browse/RANGER-2747 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: harsha >Priority: Blocker > Fix For: 2.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Hi, > I am trying to integrate ranger with presto and its working on "Release 317" > I followed the following documentation : > [https://cwiki.apache.org/confluence/display/RANGER/Presto+Plugin] > But, when when I go with versions after that, It throws the following errors. > *query*: _SHOW CATALOGS_ > *error* : _[65536] Query failed (#20200303_063413_2_h5s89): Internal > error java.lang.RuntimeException: java.lang.IllegalStateException_ > *query*:_select * from hive.db_name.table_name limit 10_ > *error*:_[4] Query failed (#20200303_063836_0_x47vg): Access Denied: > Cannot access catalog hive java.lang.RuntimeException: > io.prestosql.spi.security.AccessDeniedException: Access Denied: Cannot access > catalog hive_ > I've tried versions 318,319,323,329 and i am facing similar errors. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-2844) presto-server-333 can not show schemas/tables after integrated with Ranger master branch
[
https://issues.apache.org/jira/browse/RANGER-2844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal reassigned RANGER-2844:
---
Assignee: Bolke de Bruin (was: Pradeep Agrawal)
> presto-server-333 can not show schemas/tables after integrated with Ranger
> master branch
>
>
> Key: RANGER-2844
> URL: https://issues.apache.org/jira/browse/RANGER-2844
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 2.1.0
> Environment: Amazon Linux
>Reporter: Jie Zhang
>Assignee: Bolke de Bruin
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: got access denied for show command.png, no show
> command.png
>
>
> Integrated presto-server-333 with Ranger master branch, able to run
> use/select queries, but got access denied when running *{color:#00875a}show
> schemas/tables{color}*.
> I saw there is no {color:#00875a}*show*{color} command on ranger-ui
> (screenshot attached), is that why presto can not show schemas/tables? Any
> workaround? Thanks a lot.
>
> Error:
> {code:java}
> presto:default> use default;
> USE
> presto:default> show schemas;
> Query 20200604_192311_00023_sa7kt failed: Access Denied: Cannot show schemas:
> hivepresto:default> show tables;
> Query 20200604_192319_00024_sa7kt failed: Access Denied: Cannot show tables
> of schema hive.default
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-2844) presto-server-333 can not show schemas/tables after integrated with Ranger master branch
[
https://issues.apache.org/jira/browse/RANGER-2844?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17127863#comment-17127863
]
Pradeep Agrawal commented on RANGER-2844:
-
[~bolke] : Java
patch([PatchForPrestoToSupportPresto333_J10038.java|https://github.com/apache/ranger/commit/813b67197ae6e58c21a9e72c7f034779c3efed79#diff-0524643ee973bd41bcf07fad1fac19d0])
is not updating the service def due to a service def validation error. You
can check the ranger_db_patch.log file for details.
> presto-server-333 can not show schemas/tables after integrated with Ranger
> master branch
>
>
> Key: RANGER-2844
> URL: https://issues.apache.org/jira/browse/RANGER-2844
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 2.1.0
> Environment: Amazon Linux
>Reporter: Jie Zhang
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: got access denied for show command.png, no show
> command.png
>
>
> Integrated presto-server-333 with Ranger master branch, able to run
> use/select queries, but got access denied when running *{color:#00875a}show
> schemas/tables{color}*.
> I saw there is no {color:#00875a}*show*{color} command on ranger-ui
> (screenshot attached), is that why presto can not show schemas/tables? Any
> workaround? Thanks a lot.
>
> Error:
> {code:java}
> presto:default> use default;
> USE
> presto:default> show schemas;
> Query 20200604_192311_00023_sa7kt failed: Access Denied: Cannot show schemas:
> hivepresto:default> show tables;
> Query 20200604_192319_00024_sa7kt failed: Access Denied: Cannot show tables
> of schema hive.default
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2850) Add javax.annotation to Presto plugin to ensure java 11 support
[ https://issues.apache.org/jira/browse/RANGER-2850?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2850: Fix Version/s: 2.1.0 > Add javax.annotation to Presto plugin to ensure java 11 support > --- > > Key: RANGER-2850 > URL: https://issues.apache.org/jira/browse/RANGER-2850 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Bolke de Bruin >Assignee: Bolke de Bruin >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2850-Ensure-inclusion-of-javax.annotations-in.patch > > > Presto's assembly is missing the annotation jar which makes it not work with > Java 11. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2832) KafkaAuditProvider - support for the "new" kafka producer and ssl configuration
[ https://issues.apache.org/jira/browse/RANGER-2832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17127868#comment-17127868 ] Pradeep Agrawal commented on RANGER-2832: - CC : [~bosco] > KafkaAuditProvider - support for the "new" kafka producer and ssl > configuration > --- > > Key: RANGER-2832 > URL: https://issues.apache.org/jira/browse/RANGER-2832 > Project: Ranger > Issue Type: Improvement > Components: audit, plugins >Reporter: Krzysztof Zmij >Priority: Major > > [KafkaAuditProvider|https://github.com/apache/ranger/blob/master/agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java] > uses the old kafka producer config - below version > [0.8.2|https://kafka.apache.org/082/documentation.html#producerconfigs] > (_broker.list_, _serializer.class_ ). It is very, very old so can we > change it to the new one - above > [0.8.2|https://kafka.apache.org/documentation/#producerconfigs] > (_bootstrap.servers_, _key.serializer_ ) and add for security the > [ssl|https://kafka.apache.org/documentation/#security_configclients] config. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2821) Update ranger authorizer for Atlas to add admin-purge
[ https://issues.apache.org/jira/browse/RANGER-2821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17127877#comment-17127877 ] Pradeep Agrawal commented on RANGER-2821: - [~sidharthkmishra] : Please refer RANGER-2734 > Update ranger authorizer for Atlas to add admin-purge > - > > Key: RANGER-2821 > URL: https://issues.apache.org/jira/browse/RANGER-2821 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Sidharth Kumar Mishra >Priority: Major > -- This message was sent by Atlassian Jira (v8.3.4#803005)
