You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Bryan Bende (JIRA)" <ji...@apache.org> on 2016/05/04 17:07:12 UTC
[jira] [Updated] (RANGER-967) Allow additional characters in
username
[ https://issues.apache.org/jira/browse/RANGER-967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Bende updated RANGER-967:
-------------------------------
Fix Version/s: 0.6.0
> Allow additional characters in username
> ---------------------------------------
>
> Key: RANGER-967
> URL: https://issues.apache.org/jira/browse/RANGER-967
> Project: Ranger
> Issue Type: Improvement
> Reporter: Bryan Bende
> Assignee: Bryan Bende
> Priority: Minor
> Fix For: 0.6.0
>
>
> Currently the Username field on the Create User form in the UI performs validation that restricts the value to:
> [a-z0-9][a-z0-9,._\-'+/@]+
> I'd like to be able to add a DN as a username such as:
> CN=localhost, OU=My Org, O=Apache, L=Santa Monica, ST=CA, C=US
> I believe this would require adding "=" and spaces as valid characters.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Re: [jira] [Updated] (RANGER-967) Allow additional characters in username
Posted by Gautam Borad <gb...@gmail.com>.
Ok, let me see if something can be done on the UI side.
On Thu, May 5, 2016 at 10:58 AM, Don Bosco Durai <bo...@apache.org> wrote:
> Since user are from dropdown (not manually entered), can’t we escape them
> while creating the UI elements?
>
> I feel, transformation is not an ideal workaround. We have to see if we
> can support ",” in UI (at least when there is read only). Can we do some
> experiments?
>
>
> Thanks
>
> Bosco
>
>
> On 5/4/16, 10:10 PM, "Gautam Borad" <gb...@gmail.com> wrote:
>
> >Bryan is right in his analysis, even if we support adding such users, the
> >split on "," during policy creation will be an issue.
> >
> >I think the right solution would be to use the transformation feature
> >implemented by *@Sailaja* in
> >https://issues.apache.org/jira/browse/RANGER-684. Thanks.
> >
> >On Thu, May 5, 2016 at 2:59 AM, Sailaja Polavarapu <
> >spolavarapu@hortonworks.com> wrote:
> >
> >> We currently have a username/groupname transformation feature
> implemented
> >> for LDAP sync (https://issues.apache.org/jira/browse/RANGER-684). May
> be
> >> we can do similar changes for File source sync or move the name
> >> transformation logic to common location for all sync sources.
> >> Few things to consider when we implement name transformation logic to
> File
> >> source -
> >> 1. For non Json files, provide a delimiter that is not part of the
> >> transformation logic in order to distinguish between usernames &
> groupnames
> >> while reading from the input file.
> >> 2. Apply same transformation logic while sending any authorization
> >> requests to ranger with username and/or groupname
> >> 3. Apply same transformation logic if using other services like solr,
> >> kafka, etc…
> >>
> >> Thanks,
> >> Sailaja.
> >>
> >>
> >>
> >>
> >> On 5/4/16, 2:03 PM, "Bryan Bende" <bb...@gmail.com> wrote:
> >>
> >> >I don't think this one has a server side fix...
> >> >
> >> >We can fix the user sync to remove email validation (RANGER-968), and
> we
> >> >can change the UI to allow DNs on user creation(RANGER-967)...
> >> >
> >> >But in either case, we can't create a policy through the UI when the
> >> >username is a DN. The REST API may work, but there has to be something
> >> user
> >> >facing.
> >> >
> >> >Do you view this as another JIRA? or maybe I'm trying to force
> something
> >> >that wasn't intended to work?
> >> >
> >> >
> >> >On Wed, May 4, 2016 at 4:03 PM, Don Bosco Durai <bo...@apache.org>
> wrote:
> >> >
> >> >> Gautam might be the right person to answer UI related questions.
> >> >>
> >> >> If server side fix will unblock you, then I will suggest that you
> should
> >> >> fix it for the time being. We can ask Gautam to look into the UI
> side.
> >> >>
> >> >>
> >> >>
> >> >> Thanks
> >> >>
> >> >> Bosco
> >> >>
> >> >>
> >> >> On 5/4/16, 12:02 PM, "Bryan Bende" <bb...@gmail.com> wrote:
> >> >>
> >> >> >All,
> >> >> >
> >> >> >I started looking at this ticket because I initially thought it
> would
> >> be
> >> >> >straight forward...
> >> >> >
> >> >> >In UserForm.js I changed the regex validator from
> >> >> [a-z0-9][a-z0-9,._\-'+/@]
> >> >> > to [a-z0-9][a-z0-9,._\-'+/@= ] which allowed "=" and spaces. That
> >> allowed
> >> >> >me to enter a DN as a user name.
> >> >> >
> >> >> >The next issue is that when creating a policy for that user, the
> value
> >> of
> >> >> >the users field is split on commas, so a single DN with commas ends
> >> being
> >> >> >submitted as several users that don't exist, and prevent the policy
> >> from
> >> >> >being created.
> >> >> >
> >> >> >This happens in RangerPolicyForm.js with this code:
> >> >> >
> >> >> >if(!_.isUndefined(m.get('userName')) &&
> !_.isNull(m.get('userName'))){
> >> >> > policyItem.set("users",m.get("userName").split(','));
> >> >> >}
> >> >> >
> >> >> >I have a feeling this can't easily be changed because it is how
> >> multiple
> >> >> >selected users are being stored behind the scenes.
> >> >> >
> >> >> >Does anyone have any thoughts on what else would need to be changed
> to
> >> >> >allow a username with commas in it?
> >> >> >
> >> >> >Thanks,
> >> >> >
> >> >> >Bryan
> >> >> >
> >> >> >
> >> >> >On Wed, May 4, 2016 at 1:07 PM, Bryan Bende (JIRA) <jira@apache.org
> >
> >> >> wrote:
> >> >> >
> >> >> >>
> >> >> >> [
> >> >> >>
> >> >>
> >>
> https://issues.apache.org/jira/browse/RANGER-967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
> >> >> >> ]
> >> >> >>
> >> >> >> Bryan Bende updated RANGER-967:
> >> >> >> -------------------------------
> >> >> >> Fix Version/s: 0.6.0
> >> >> >>
> >> >> >> > Allow additional characters in username
> >> >> >> > ---------------------------------------
> >> >> >> >
> >> >> >> > Key: RANGER-967
> >> >> >> > URL:
> >> https://issues.apache.org/jira/browse/RANGER-967
> >> >> >> > Project: Ranger
> >> >> >> > Issue Type: Improvement
> >> >> >> > Reporter: Bryan Bende
> >> >> >> > Assignee: Bryan Bende
> >> >> >> > Priority: Minor
> >> >> >> > Fix For: 0.6.0
> >> >> >> >
> >> >> >> >
> >> >> >> > Currently the Username field on the Create User form in the UI
> >> >> performs
> >> >> >> validation that restricts the value to:
> >> >> >> > [a-z0-9][a-z0-9,._\-'+/@]+
> >> >> >> > I'd like to be able to add a DN as a username such as:
> >> >> >> > CN=localhost, OU=My Org, O=Apache, L=Santa Monica, ST=CA, C=US
> >> >> >> > I believe this would require adding "=" and spaces as valid
> >> >> characters.
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> --
> >> >> >> This message was sent by Atlassian JIRA
> >> >> >> (v6.3.4#6332)
> >> >> >>
> >> >>
> >> >>
> >>
> >
> >
> >
> >--
> >Regards,
> >Gautam.
>
>
--
Regards,
Gautam.
Re: [jira] [Updated] (RANGER-967) Allow additional characters in
username
Posted by Don Bosco Durai <bo...@apache.org>.
Since user are from dropdown (not manually entered), can’t we escape them while creating the UI elements?
I feel, transformation is not an ideal workaround. We have to see if we can support ",” in UI (at least when there is read only). Can we do some experiments?
Thanks
Bosco
On 5/4/16, 10:10 PM, "Gautam Borad" <gb...@gmail.com> wrote:
>Bryan is right in his analysis, even if we support adding such users, the
>split on "," during policy creation will be an issue.
>
>I think the right solution would be to use the transformation feature
>implemented by *@Sailaja* in
>https://issues.apache.org/jira/browse/RANGER-684. Thanks.
>
>On Thu, May 5, 2016 at 2:59 AM, Sailaja Polavarapu <
>spolavarapu@hortonworks.com> wrote:
>
>> We currently have a username/groupname transformation feature implemented
>> for LDAP sync (https://issues.apache.org/jira/browse/RANGER-684). May be
>> we can do similar changes for File source sync or move the name
>> transformation logic to common location for all sync sources.
>> Few things to consider when we implement name transformation logic to File
>> source -
>> 1. For non Json files, provide a delimiter that is not part of the
>> transformation logic in order to distinguish between usernames & groupnames
>> while reading from the input file.
>> 2. Apply same transformation logic while sending any authorization
>> requests to ranger with username and/or groupname
>> 3. Apply same transformation logic if using other services like solr,
>> kafka, etc…
>>
>> Thanks,
>> Sailaja.
>>
>>
>>
>>
>> On 5/4/16, 2:03 PM, "Bryan Bende" <bb...@gmail.com> wrote:
>>
>> >I don't think this one has a server side fix...
>> >
>> >We can fix the user sync to remove email validation (RANGER-968), and we
>> >can change the UI to allow DNs on user creation(RANGER-967)...
>> >
>> >But in either case, we can't create a policy through the UI when the
>> >username is a DN. The REST API may work, but there has to be something
>> user
>> >facing.
>> >
>> >Do you view this as another JIRA? or maybe I'm trying to force something
>> >that wasn't intended to work?
>> >
>> >
>> >On Wed, May 4, 2016 at 4:03 PM, Don Bosco Durai <bo...@apache.org> wrote:
>> >
>> >> Gautam might be the right person to answer UI related questions.
>> >>
>> >> If server side fix will unblock you, then I will suggest that you should
>> >> fix it for the time being. We can ask Gautam to look into the UI side.
>> >>
>> >>
>> >>
>> >> Thanks
>> >>
>> >> Bosco
>> >>
>> >>
>> >> On 5/4/16, 12:02 PM, "Bryan Bende" <bb...@gmail.com> wrote:
>> >>
>> >> >All,
>> >> >
>> >> >I started looking at this ticket because I initially thought it would
>> be
>> >> >straight forward...
>> >> >
>> >> >In UserForm.js I changed the regex validator from
>> >> [a-z0-9][a-z0-9,._\-'+/@]
>> >> > to [a-z0-9][a-z0-9,._\-'+/@= ] which allowed "=" and spaces. That
>> allowed
>> >> >me to enter a DN as a user name.
>> >> >
>> >> >The next issue is that when creating a policy for that user, the value
>> of
>> >> >the users field is split on commas, so a single DN with commas ends
>> being
>> >> >submitted as several users that don't exist, and prevent the policy
>> from
>> >> >being created.
>> >> >
>> >> >This happens in RangerPolicyForm.js with this code:
>> >> >
>> >> >if(!_.isUndefined(m.get('userName')) && !_.isNull(m.get('userName'))){
>> >> > policyItem.set("users",m.get("userName").split(','));
>> >> >}
>> >> >
>> >> >I have a feeling this can't easily be changed because it is how
>> multiple
>> >> >selected users are being stored behind the scenes.
>> >> >
>> >> >Does anyone have any thoughts on what else would need to be changed to
>> >> >allow a username with commas in it?
>> >> >
>> >> >Thanks,
>> >> >
>> >> >Bryan
>> >> >
>> >> >
>> >> >On Wed, May 4, 2016 at 1:07 PM, Bryan Bende (JIRA) <ji...@apache.org>
>> >> wrote:
>> >> >
>> >> >>
>> >> >> [
>> >> >>
>> >>
>> https://issues.apache.org/jira/browse/RANGER-967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
>> >> >> ]
>> >> >>
>> >> >> Bryan Bende updated RANGER-967:
>> >> >> -------------------------------
>> >> >> Fix Version/s: 0.6.0
>> >> >>
>> >> >> > Allow additional characters in username
>> >> >> > ---------------------------------------
>> >> >> >
>> >> >> > Key: RANGER-967
>> >> >> > URL:
>> https://issues.apache.org/jira/browse/RANGER-967
>> >> >> > Project: Ranger
>> >> >> > Issue Type: Improvement
>> >> >> > Reporter: Bryan Bende
>> >> >> > Assignee: Bryan Bende
>> >> >> > Priority: Minor
>> >> >> > Fix For: 0.6.0
>> >> >> >
>> >> >> >
>> >> >> > Currently the Username field on the Create User form in the UI
>> >> performs
>> >> >> validation that restricts the value to:
>> >> >> > [a-z0-9][a-z0-9,._\-'+/@]+
>> >> >> > I'd like to be able to add a DN as a username such as:
>> >> >> > CN=localhost, OU=My Org, O=Apache, L=Santa Monica, ST=CA, C=US
>> >> >> > I believe this would require adding "=" and spaces as valid
>> >> characters.
>> >> >>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> This message was sent by Atlassian JIRA
>> >> >> (v6.3.4#6332)
>> >> >>
>> >>
>> >>
>>
>
>
>
>--
>Regards,
>Gautam.
Re: [jira] [Updated] (RANGER-967) Allow additional characters in username
Posted by Gautam Borad <gb...@gmail.com>.
Bryan is right in his analysis, even if we support adding such users, the
split on "," during policy creation will be an issue.
I think the right solution would be to use the transformation feature
implemented by *@Sailaja* in
https://issues.apache.org/jira/browse/RANGER-684. Thanks.
On Thu, May 5, 2016 at 2:59 AM, Sailaja Polavarapu <
spolavarapu@hortonworks.com> wrote:
> We currently have a username/groupname transformation feature implemented
> for LDAP sync (https://issues.apache.org/jira/browse/RANGER-684). May be
> we can do similar changes for File source sync or move the name
> transformation logic to common location for all sync sources.
> Few things to consider when we implement name transformation logic to File
> source -
> 1. For non Json files, provide a delimiter that is not part of the
> transformation logic in order to distinguish between usernames & groupnames
> while reading from the input file.
> 2. Apply same transformation logic while sending any authorization
> requests to ranger with username and/or groupname
> 3. Apply same transformation logic if using other services like solr,
> kafka, etc…
>
> Thanks,
> Sailaja.
>
>
>
>
> On 5/4/16, 2:03 PM, "Bryan Bende" <bb...@gmail.com> wrote:
>
> >I don't think this one has a server side fix...
> >
> >We can fix the user sync to remove email validation (RANGER-968), and we
> >can change the UI to allow DNs on user creation(RANGER-967)...
> >
> >But in either case, we can't create a policy through the UI when the
> >username is a DN. The REST API may work, but there has to be something
> user
> >facing.
> >
> >Do you view this as another JIRA? or maybe I'm trying to force something
> >that wasn't intended to work?
> >
> >
> >On Wed, May 4, 2016 at 4:03 PM, Don Bosco Durai <bo...@apache.org> wrote:
> >
> >> Gautam might be the right person to answer UI related questions.
> >>
> >> If server side fix will unblock you, then I will suggest that you should
> >> fix it for the time being. We can ask Gautam to look into the UI side.
> >>
> >>
> >>
> >> Thanks
> >>
> >> Bosco
> >>
> >>
> >> On 5/4/16, 12:02 PM, "Bryan Bende" <bb...@gmail.com> wrote:
> >>
> >> >All,
> >> >
> >> >I started looking at this ticket because I initially thought it would
> be
> >> >straight forward...
> >> >
> >> >In UserForm.js I changed the regex validator from
> >> [a-z0-9][a-z0-9,._\-'+/@]
> >> > to [a-z0-9][a-z0-9,._\-'+/@= ] which allowed "=" and spaces. That
> allowed
> >> >me to enter a DN as a user name.
> >> >
> >> >The next issue is that when creating a policy for that user, the value
> of
> >> >the users field is split on commas, so a single DN with commas ends
> being
> >> >submitted as several users that don't exist, and prevent the policy
> from
> >> >being created.
> >> >
> >> >This happens in RangerPolicyForm.js with this code:
> >> >
> >> >if(!_.isUndefined(m.get('userName')) && !_.isNull(m.get('userName'))){
> >> > policyItem.set("users",m.get("userName").split(','));
> >> >}
> >> >
> >> >I have a feeling this can't easily be changed because it is how
> multiple
> >> >selected users are being stored behind the scenes.
> >> >
> >> >Does anyone have any thoughts on what else would need to be changed to
> >> >allow a username with commas in it?
> >> >
> >> >Thanks,
> >> >
> >> >Bryan
> >> >
> >> >
> >> >On Wed, May 4, 2016 at 1:07 PM, Bryan Bende (JIRA) <ji...@apache.org>
> >> wrote:
> >> >
> >> >>
> >> >> [
> >> >>
> >>
> https://issues.apache.org/jira/browse/RANGER-967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
> >> >> ]
> >> >>
> >> >> Bryan Bende updated RANGER-967:
> >> >> -------------------------------
> >> >> Fix Version/s: 0.6.0
> >> >>
> >> >> > Allow additional characters in username
> >> >> > ---------------------------------------
> >> >> >
> >> >> > Key: RANGER-967
> >> >> > URL:
> https://issues.apache.org/jira/browse/RANGER-967
> >> >> > Project: Ranger
> >> >> > Issue Type: Improvement
> >> >> > Reporter: Bryan Bende
> >> >> > Assignee: Bryan Bende
> >> >> > Priority: Minor
> >> >> > Fix For: 0.6.0
> >> >> >
> >> >> >
> >> >> > Currently the Username field on the Create User form in the UI
> >> performs
> >> >> validation that restricts the value to:
> >> >> > [a-z0-9][a-z0-9,._\-'+/@]+
> >> >> > I'd like to be able to add a DN as a username such as:
> >> >> > CN=localhost, OU=My Org, O=Apache, L=Santa Monica, ST=CA, C=US
> >> >> > I believe this would require adding "=" and spaces as valid
> >> characters.
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> This message was sent by Atlassian JIRA
> >> >> (v6.3.4#6332)
> >> >>
> >>
> >>
>
--
Regards,
Gautam.
Re: [jira] [Updated] (RANGER-967) Allow additional characters in
username
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
We currently have a username/groupname transformation feature implemented for LDAP sync (https://issues.apache.org/jira/browse/RANGER-684). May be we can do similar changes for File source sync or move the name transformation logic to common location for all sync sources.
Few things to consider when we implement name transformation logic to File source -
1. For non Json files, provide a delimiter that is not part of the transformation logic in order to distinguish between usernames & groupnames while reading from the input file.
2. Apply same transformation logic while sending any authorization requests to ranger with username and/or groupname
3. Apply same transformation logic if using other services like solr, kafka, etc…
Thanks,
Sailaja.
On 5/4/16, 2:03 PM, "Bryan Bende" <bb...@gmail.com> wrote:
>I don't think this one has a server side fix...
>
>We can fix the user sync to remove email validation (RANGER-968), and we
>can change the UI to allow DNs on user creation(RANGER-967)...
>
>But in either case, we can't create a policy through the UI when the
>username is a DN. The REST API may work, but there has to be something user
>facing.
>
>Do you view this as another JIRA? or maybe I'm trying to force something
>that wasn't intended to work?
>
>
>On Wed, May 4, 2016 at 4:03 PM, Don Bosco Durai <bo...@apache.org> wrote:
>
>> Gautam might be the right person to answer UI related questions.
>>
>> If server side fix will unblock you, then I will suggest that you should
>> fix it for the time being. We can ask Gautam to look into the UI side.
>>
>>
>>
>> Thanks
>>
>> Bosco
>>
>>
>> On 5/4/16, 12:02 PM, "Bryan Bende" <bb...@gmail.com> wrote:
>>
>> >All,
>> >
>> >I started looking at this ticket because I initially thought it would be
>> >straight forward...
>> >
>> >In UserForm.js I changed the regex validator from
>> [a-z0-9][a-z0-9,._\-'+/@]
>> > to [a-z0-9][a-z0-9,._\-'+/@= ] which allowed "=" and spaces. That allowed
>> >me to enter a DN as a user name.
>> >
>> >The next issue is that when creating a policy for that user, the value of
>> >the users field is split on commas, so a single DN with commas ends being
>> >submitted as several users that don't exist, and prevent the policy from
>> >being created.
>> >
>> >This happens in RangerPolicyForm.js with this code:
>> >
>> >if(!_.isUndefined(m.get('userName')) && !_.isNull(m.get('userName'))){
>> > policyItem.set("users",m.get("userName").split(','));
>> >}
>> >
>> >I have a feeling this can't easily be changed because it is how multiple
>> >selected users are being stored behind the scenes.
>> >
>> >Does anyone have any thoughts on what else would need to be changed to
>> >allow a username with commas in it?
>> >
>> >Thanks,
>> >
>> >Bryan
>> >
>> >
>> >On Wed, May 4, 2016 at 1:07 PM, Bryan Bende (JIRA) <ji...@apache.org>
>> wrote:
>> >
>> >>
>> >> [
>> >>
>> https://issues.apache.org/jira/browse/RANGER-967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
>> >> ]
>> >>
>> >> Bryan Bende updated RANGER-967:
>> >> -------------------------------
>> >> Fix Version/s: 0.6.0
>> >>
>> >> > Allow additional characters in username
>> >> > ---------------------------------------
>> >> >
>> >> > Key: RANGER-967
>> >> > URL: https://issues.apache.org/jira/browse/RANGER-967
>> >> > Project: Ranger
>> >> > Issue Type: Improvement
>> >> > Reporter: Bryan Bende
>> >> > Assignee: Bryan Bende
>> >> > Priority: Minor
>> >> > Fix For: 0.6.0
>> >> >
>> >> >
>> >> > Currently the Username field on the Create User form in the UI
>> performs
>> >> validation that restricts the value to:
>> >> > [a-z0-9][a-z0-9,._\-'+/@]+
>> >> > I'd like to be able to add a DN as a username such as:
>> >> > CN=localhost, OU=My Org, O=Apache, L=Santa Monica, ST=CA, C=US
>> >> > I believe this would require adding "=" and spaces as valid
>> characters.
>> >>
>> >>
>> >>
>> >> --
>> >> This message was sent by Atlassian JIRA
>> >> (v6.3.4#6332)
>> >>
>>
>>
Re: [jira] [Updated] (RANGER-967) Allow additional characters in username
Posted by Bryan Bende <bb...@gmail.com>.
I don't think this one has a server side fix...
We can fix the user sync to remove email validation (RANGER-968), and we
can change the UI to allow DNs on user creation(RANGER-967)...
But in either case, we can't create a policy through the UI when the
username is a DN. The REST API may work, but there has to be something user
facing.
Do you view this as another JIRA? or maybe I'm trying to force something
that wasn't intended to work?
On Wed, May 4, 2016 at 4:03 PM, Don Bosco Durai <bo...@apache.org> wrote:
> Gautam might be the right person to answer UI related questions.
>
> If server side fix will unblock you, then I will suggest that you should
> fix it for the time being. We can ask Gautam to look into the UI side.
>
>
>
> Thanks
>
> Bosco
>
>
> On 5/4/16, 12:02 PM, "Bryan Bende" <bb...@gmail.com> wrote:
>
> >All,
> >
> >I started looking at this ticket because I initially thought it would be
> >straight forward...
> >
> >In UserForm.js I changed the regex validator from
> [a-z0-9][a-z0-9,._\-'+/@]
> > to [a-z0-9][a-z0-9,._\-'+/@= ] which allowed "=" and spaces. That allowed
> >me to enter a DN as a user name.
> >
> >The next issue is that when creating a policy for that user, the value of
> >the users field is split on commas, so a single DN with commas ends being
> >submitted as several users that don't exist, and prevent the policy from
> >being created.
> >
> >This happens in RangerPolicyForm.js with this code:
> >
> >if(!_.isUndefined(m.get('userName')) && !_.isNull(m.get('userName'))){
> > policyItem.set("users",m.get("userName").split(','));
> >}
> >
> >I have a feeling this can't easily be changed because it is how multiple
> >selected users are being stored behind the scenes.
> >
> >Does anyone have any thoughts on what else would need to be changed to
> >allow a username with commas in it?
> >
> >Thanks,
> >
> >Bryan
> >
> >
> >On Wed, May 4, 2016 at 1:07 PM, Bryan Bende (JIRA) <ji...@apache.org>
> wrote:
> >
> >>
> >> [
> >>
> https://issues.apache.org/jira/browse/RANGER-967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
> >> ]
> >>
> >> Bryan Bende updated RANGER-967:
> >> -------------------------------
> >> Fix Version/s: 0.6.0
> >>
> >> > Allow additional characters in username
> >> > ---------------------------------------
> >> >
> >> > Key: RANGER-967
> >> > URL: https://issues.apache.org/jira/browse/RANGER-967
> >> > Project: Ranger
> >> > Issue Type: Improvement
> >> > Reporter: Bryan Bende
> >> > Assignee: Bryan Bende
> >> > Priority: Minor
> >> > Fix For: 0.6.0
> >> >
> >> >
> >> > Currently the Username field on the Create User form in the UI
> performs
> >> validation that restricts the value to:
> >> > [a-z0-9][a-z0-9,._\-'+/@]+
> >> > I'd like to be able to add a DN as a username such as:
> >> > CN=localhost, OU=My Org, O=Apache, L=Santa Monica, ST=CA, C=US
> >> > I believe this would require adding "=" and spaces as valid
> characters.
> >>
> >>
> >>
> >> --
> >> This message was sent by Atlassian JIRA
> >> (v6.3.4#6332)
> >>
>
>
Re: [jira] [Updated] (RANGER-967) Allow additional characters in
username
Posted by Don Bosco Durai <bo...@apache.org>.
Gautam might be the right person to answer UI related questions.
If server side fix will unblock you, then I will suggest that you should fix it for the time being. We can ask Gautam to look into the UI side.
Thanks
Bosco
On 5/4/16, 12:02 PM, "Bryan Bende" <bb...@gmail.com> wrote:
>All,
>
>I started looking at this ticket because I initially thought it would be
>straight forward...
>
>In UserForm.js I changed the regex validator from [a-z0-9][a-z0-9,._\-'+/@]
> to [a-z0-9][a-z0-9,._\-'+/@= ] which allowed "=" and spaces. That allowed
>me to enter a DN as a user name.
>
>The next issue is that when creating a policy for that user, the value of
>the users field is split on commas, so a single DN with commas ends being
>submitted as several users that don't exist, and prevent the policy from
>being created.
>
>This happens in RangerPolicyForm.js with this code:
>
>if(!_.isUndefined(m.get('userName')) && !_.isNull(m.get('userName'))){
> policyItem.set("users",m.get("userName").split(','));
>}
>
>I have a feeling this can't easily be changed because it is how multiple
>selected users are being stored behind the scenes.
>
>Does anyone have any thoughts on what else would need to be changed to
>allow a username with commas in it?
>
>Thanks,
>
>Bryan
>
>
>On Wed, May 4, 2016 at 1:07 PM, Bryan Bende (JIRA) <ji...@apache.org> wrote:
>
>>
>> [
>> https://issues.apache.org/jira/browse/RANGER-967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
>> ]
>>
>> Bryan Bende updated RANGER-967:
>> -------------------------------
>> Fix Version/s: 0.6.0
>>
>> > Allow additional characters in username
>> > ---------------------------------------
>> >
>> > Key: RANGER-967
>> > URL: https://issues.apache.org/jira/browse/RANGER-967
>> > Project: Ranger
>> > Issue Type: Improvement
>> > Reporter: Bryan Bende
>> > Assignee: Bryan Bende
>> > Priority: Minor
>> > Fix For: 0.6.0
>> >
>> >
>> > Currently the Username field on the Create User form in the UI performs
>> validation that restricts the value to:
>> > [a-z0-9][a-z0-9,._\-'+/@]+
>> > I'd like to be able to add a DN as a username such as:
>> > CN=localhost, OU=My Org, O=Apache, L=Santa Monica, ST=CA, C=US
>> > I believe this would require adding "=" and spaces as valid characters.
>>
>>
>>
>> --
>> This message was sent by Atlassian JIRA
>> (v6.3.4#6332)
>>
Re: [jira] [Updated] (RANGER-967) Allow additional characters in username
Posted by Bryan Bende <bb...@gmail.com>.
All,
I started looking at this ticket because I initially thought it would be
straight forward...
In UserForm.js I changed the regex validator from [a-z0-9][a-z0-9,._\-'+/@]
to [a-z0-9][a-z0-9,._\-'+/@= ] which allowed "=" and spaces. That allowed
me to enter a DN as a user name.
The next issue is that when creating a policy for that user, the value of
the users field is split on commas, so a single DN with commas ends being
submitted as several users that don't exist, and prevent the policy from
being created.
This happens in RangerPolicyForm.js with this code:
if(!_.isUndefined(m.get('userName')) && !_.isNull(m.get('userName'))){
policyItem.set("users",m.get("userName").split(','));
}
I have a feeling this can't easily be changed because it is how multiple
selected users are being stored behind the scenes.
Does anyone have any thoughts on what else would need to be changed to
allow a username with commas in it?
Thanks,
Bryan
On Wed, May 4, 2016 at 1:07 PM, Bryan Bende (JIRA) <ji...@apache.org> wrote:
>
> [
> https://issues.apache.org/jira/browse/RANGER-967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
> ]
>
> Bryan Bende updated RANGER-967:
> -------------------------------
> Fix Version/s: 0.6.0
>
> > Allow additional characters in username
> > ---------------------------------------
> >
> > Key: RANGER-967
> > URL: https://issues.apache.org/jira/browse/RANGER-967
> > Project: Ranger
> > Issue Type: Improvement
> > Reporter: Bryan Bende
> > Assignee: Bryan Bende
> > Priority: Minor
> > Fix For: 0.6.0
> >
> >
> > Currently the Username field on the Create User form in the UI performs
> validation that restricts the value to:
> > [a-z0-9][a-z0-9,._\-'+/@]+
> > I'd like to be able to add a DN as a username such as:
> > CN=localhost, OU=My Org, O=Apache, L=Santa Monica, ST=CA, C=US
> > I believe this would require adding "=" and spaces as valid characters.
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v6.3.4#6332)
>