You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Sailaja Polavarapu <sp...@hortonworks.com> on 2018/02/21 21:33:56 UTC
Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-1985
https://issues.apache.org/jira/browse/RANGER-1985
Repository: ranger
Description
-------
Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cecb3f8
security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26
security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java db20a14
security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fd
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 786b4bf
security-admin/src/main/resources/META-INF/persistence.xml 20f5bba
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b32
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c868
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d
ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc2
Diff: https://reviews.apache.org/r/65739/diff/1/
Testing
-------
1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
2. Also tested with incremental sync enabled for AD sync source.
3. Tested the Rest API for showing audits in Ranger UI.
Thanks,
Sailaja Polavarapu
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
> On Feb. 23, 2018, 9:51 p.m., Zsombor Gegesy wrote:
> > ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
> > Lines 184 (patched)
> > <https://reviews.apache.org/r/65739/diff/1/?file=1963256#file1963256line184>
> >
> > On error, why don't you set 'isUpdateSinkSucc = false' ?
If the actual update or sync fails then we are marking as false already. But if just the audit request fails, I don't want to force the sync even if there are no changes to the sync files and hence didn't set the flag to false.
- Sailaja
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/#review198210
-----------------------------------------------------------
On Feb. 26, 2018, 11:56 p.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65739/
> -----------------------------------------------------------
>
> (Updated Feb. 26, 2018, 11:56 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1985
> https://issues.apache.org/jira/browse/RANGER-1985
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
>
>
> Diffs
> -----
>
> security-admin/db/mysql/patches/030-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cecb3f8b
> security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26b
> security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java db20a14a
> security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fda
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 786b4bfd
> security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b320
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef1
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d9
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c8688
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884d
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d1
> ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc21
>
>
> Diff: https://reviews.apache.org/r/65739/diff/2/
>
>
> Testing
> -------
>
> 1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
> 2. Also tested with incremental sync enabled for AD sync source.
> 3. Tested the Rest API for showing audits in Ranger UI.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Zsombor Gegesy <gz...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/#review198210
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
Lines 130 (patched)
<https://reviews.apache.org/r/65739/#comment278320>
Logger is not used.
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
Lines 55-58 (patched)
<https://reviews.apache.org/r/65739/#comment278321>
distinctCountQueryStr and distinctQueryStr can be final static constant value.
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
Lines 184 (patched)
<https://reviews.apache.org/r/65739/#comment278322>
On error, why don't you set 'isUpdateSinkSucc = false' ?
- Zsombor Gegesy
On Feb. 21, 2018, 9:33 p.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65739/
> -----------------------------------------------------------
>
> (Updated Feb. 21, 2018, 9:33 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1985
> https://issues.apache.org/jira/browse/RANGER-1985
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cecb3f8
> security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26
> security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java db20a14
> security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fd
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 786b4bf
> security-admin/src/main/resources/META-INF/persistence.xml 20f5bba
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b32
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c868
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d
> ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc2
>
>
> Diff: https://reviews.apache.org/r/65739/diff/1/
>
>
> Testing
> -------
>
> 1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
> 2. Also tested with incremental sync enabled for AD sync source.
> 3. Tested the Rest API for showing audits in Ranger UI.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/#review198311
-----------------------------------------------------------
security-admin/db/mysql/patches/030-create-schema-for-usersync-audit-info.sql
Lines 1 (patched)
<https://reviews.apache.org/r/65739/#comment278440>
1] https://reviews.apache.org/r/65567/ is using the same DB patch # (030). Use the next available #.
2] Make this DB change available for other DB flavors
3] Update consolidated DB schema script with the DB changes
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
Lines 1124 (patched)
<https://reviews.apache.org/r/65739/#comment278441>
Fix PMD violations such as below..
```
[INFO] --- maven-pmd-plugin:3.7:check (default) @ security-admin-web ---
[INFO] PMD Failure: org.apache.ranger.biz.AssetMgr:1124 Rule:UnusedLocalVariable Priority:3 Avoid unused local variables such as 'vxUgsyncAuditInfo'..
[INFO] PMD Failure: org/apache/ranger/db/XXUgsyncAuditInfoDao.java:23 Rule:UnusedImports Priority:4 Avoid unused imports such as 'org.apache.ranger.entity.XXPluginInfo'.
[INFO] PMD Failure: org/apache/ranger/service/XUgsyncAuditInfoService.java:22 Rule:UnusedImports Priority:4 Avoid unused imports such as 'org.apache.commons.lang.StringUtils'.
[INFO] PMD Failure: org/apache/ranger/service/XUgsyncAuditInfoService.java:23 Rule:UnusedImports Priority:4 Avoid unused imports such as 'org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants'.
[INFO] PMD Failure: org/apache/ranger/service/XUgsyncAuditInfoService.java:28 Rule:UnusedImports Priority:4 Avoid unused imports such as 'org.apache.ranger.entity.XXAccessAudit'.
[INFO] PMD Failure: org/apache/ranger/service/XUgsyncAuditInfoService.java:29 Rule:UnusedImports Priority:4 Avoid unused imports such as 'org.apache.ranger.entity.XXService'.
[INFO] PMD Failure: org/apache/ranger/service/XUgsyncAuditInfoService.java:30 Rule:UnusedImports Priority:4 Avoid unused imports such as 'org.apache.ranger.entity.XXServiceDef'.
[INFO] PMD Failure: org/apache/ranger/service/XUgsyncAuditInfoService.java:32 Rule:UnusedImports Priority:4 Avoid unused imports such as 'org.apache.ranger.view.VXAccessAudit'.
[INFO] PMD Failure: org/apache/ranger/service/XUgsyncAuditInfoService.java:33 Rule:UnusedImports Priority:4 Avoid unused imports such as 'org.apache.ranger.view.VXAccessAuditList'.
[INFO] PMD Failure: org/apache/ranger/service/XUgsyncAuditInfoService.java:41 Rule:UnusedImports Priority:4 Avoid unused imports such as 'java.util.Date'.
[INFO] PMD Failure: org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java:27 Rule:UnusedImports Priority:4 Avoid unused imports such as 'org.apache.ranger.entity.XXAccessAudit'.
[INFO] PMD Failure: org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java:29 Rule:UnusedImports Priority:4 Avoid unused imports such as 'org.apache.ranger.view.VXAccessAudit'.
[INFO] PMD Failure: org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java:30 Rule:UnusedImports Priority:4 Avoid unused imports such as 'org.apache.ranger.view.VXAccessAuditList'.
[INFO] PMD Failure: org/apache/ranger/view/VXLdapSyncSourceInfo.java:33 Rule:UnusedImports Priority:4 Avoid unused imports such as 'java.util.List'.
[INFO] PMD Failure: org/apache/ranger/view/VXUgsyncAuditInfo.java:36 Rule:UnusedImports Priority:4 Avoid unused imports such as 'java.util.List'.
```
- Velmurugan Periasamy
On Feb. 26, 2018, 11:56 p.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65739/
> -----------------------------------------------------------
>
> (Updated Feb. 26, 2018, 11:56 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1985
> https://issues.apache.org/jira/browse/RANGER-1985
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
>
>
> Diffs
> -----
>
> security-admin/db/mysql/patches/030-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cecb3f8b
> security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26b
> security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java db20a14a
> security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fda
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 786b4bfd
> security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b320
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef1
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d9
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c8688
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884d
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d1
> ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc21
>
>
> Diff: https://reviews.apache.org/r/65739/diff/2/
>
>
> Testing
> -------
>
> 1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
> 2. Also tested with incremental sync enabled for AD sync source.
> 3. Tested the Rest API for showing audits in Ranger UI.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Qiang Zhang <zh...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/#review200010
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
Lines 1092 (patched)
<https://reviews.apache.org/r/65739/#comment280605>
You can return directly xUgsyncAuditInfoService.searchXUgsyncAuditInfoList(new SearchCriteria()).
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
Lines 1127 (patched)
<https://reviews.apache.org/r/65739/#comment280606>
Please provide a valid syncSource.
- Qiang Zhang
On March 5, 2018, 7:14 p.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65739/
> -----------------------------------------------------------
>
> (Updated March 5, 2018, 7:14 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1985
> https://issues.apache.org/jira/browse/RANGER-1985
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
>
>
> Diffs
> -----
>
> security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9e8fcadf
> security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 55d44a11
> security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql ef9ece7c
> security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql c98d3627
> security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 61e81a0a
> security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 71298a41
> security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26b
> security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java d61cbc7b
> security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fda
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 35ba30d9
> security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b320
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef1
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d9
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c8688
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884d
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d1
> ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc21
>
>
> Diff: https://reviews.apache.org/r/65739/diff/7/
>
>
> Testing
> -------
>
> 1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
> 2. Also tested with incremental sync enabled for AD sync source.
> 3. Tested the Rest API for showing audits in Ranger UI.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/#review198659
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On March 5, 2018, 7:14 p.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65739/
> -----------------------------------------------------------
>
> (Updated March 5, 2018, 7:14 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1985
> https://issues.apache.org/jira/browse/RANGER-1985
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
>
>
> Diffs
> -----
>
> security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9e8fcadf
> security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 55d44a11
> security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql ef9ece7c
> security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql c98d3627
> security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 61e81a0a
> security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 71298a41
> security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26b
> security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java d61cbc7b
> security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fda
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 35ba30d9
> security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b320
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef1
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d9
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c8688
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884d
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d1
> ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc21
>
>
> Diff: https://reviews.apache.org/r/65739/diff/7/
>
>
> Testing
> -------
>
> 1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
> 2. Also tested with incremental sync enabled for AD sync source.
> 3. Tested the Rest API for showing audits in Ranger UI.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/
-----------------------------------------------------------
(Updated March 5, 2018, 7:14 p.m.)
Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Fixed minor PMD violations
Bugs: RANGER-1985
https://issues.apache.org/jira/browse/RANGER-1985
Repository: ranger
Description
-------
Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
Diffs (updated)
-----
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9e8fcadf
security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 55d44a11
security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql ef9ece7c
security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql c98d3627
security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 61e81a0a
security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 71298a41
security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26b
security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java d61cbc7b
security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fda
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 35ba30d9
security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b320
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef1
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d9
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c8688
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884d
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d1
ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc21
Diff: https://reviews.apache.org/r/65739/diff/7/
Changes: https://reviews.apache.org/r/65739/diff/6-7/
Testing
-------
1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
2. Also tested with incremental sync enabled for AD sync source.
3. Tested the Rest API for showing audits in Ranger UI.
Thanks,
Sailaja Polavarapu
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/
-----------------------------------------------------------
(Updated March 2, 2018, 10:02 p.m.)
Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Modified the index names to be less than 30 characters as pointed out by Pradeep
Bugs: RANGER-1985
https://issues.apache.org/jira/browse/RANGER-1985
Repository: ranger
Description
-------
Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
Diffs (updated)
-----
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql d516d64e
security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql abc7d593
security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 88629463
security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql bf3d954b
security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 56e2e99a
security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 71298a41
security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26b
security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java d61cbc7b
security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fda
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 35ba30d9
security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b320
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef1
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d9
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c8688
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884d
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d1
ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc21
Diff: https://reviews.apache.org/r/65739/diff/6/
Changes: https://reviews.apache.org/r/65739/diff/5-6/
Testing
-------
1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
2. Also tested with incremental sync enabled for AD sync source.
3. Tested the Rest API for showing audits in Ranger UI.
Thanks,
Sailaja Polavarapu
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/
-----------------------------------------------------------
(Updated March 2, 2018, 12:17 a.m.)
Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Fixed a minor issue with postgres db script as well as added indexes for event_time, sync_source, and user_name for all db flavors
Bugs: RANGER-1985
https://issues.apache.org/jira/browse/RANGER-1985
Repository: ranger
Description
-------
Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
Diffs (updated)
-----
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql d516d64e
security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql abc7d593
security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 88629463
security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql bf3d954b
security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 56e2e99a
security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 71298a41
security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26b
security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java d61cbc7b
security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fda
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 35ba30d9
security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b320
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef1
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d9
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c8688
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884d
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d1
ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc21
Diff: https://reviews.apache.org/r/65739/diff/5/
Changes: https://reviews.apache.org/r/65739/diff/4-5/
Testing
-------
1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
2. Also tested with incremental sync enabled for AD sync source.
3. Tested the Rest API for showing audits in Ranger UI.
Thanks,
Sailaja Polavarapu
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/
-----------------------------------------------------------
(Updated March 1, 2018, 1:03 a.m.)
Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Incorporated review comments as well as updated patch file with latest sources from master
Bugs: RANGER-1985
https://issues.apache.org/jira/browse/RANGER-1985
Repository: ranger
Description
-------
Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
Diffs (updated)
-----
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql d516d64e
security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql abc7d593
security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 88629463
security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql bf3d954b
security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 56e2e99a
security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 71298a41
security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26b
security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java d61cbc7b
security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fda
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 35ba30d9
security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b320
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef1
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d9
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c8688
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884d
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d1
ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc21
Diff: https://reviews.apache.org/r/65739/diff/4/
Changes: https://reviews.apache.org/r/65739/diff/3-4/
Testing
-------
1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
2. Also tested with incremental sync enabled for AD sync source.
3. Tested the Rest API for showing audits in Ranger UI.
Thanks,
Sailaja Polavarapu
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
> On Feb. 28, 2018, 8:14 a.m., Ramesh Mani wrote:
> > security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java
> > Lines 70 (patched)
> > <https://reviews.apache.org/r/65739/diff/3/?file=1967105#file1967105line70>
> >
> > Can the resultList be null?
removed unused method
> On Feb. 28, 2018, 8:14 a.m., Ramesh Mani wrote:
> > ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
> > Lines 507 (patched)
> > <https://reviews.apache.org/r/65739/diff/3/?file=1967114#file1967114line512>
> >
> > this doesnt throw exception? Please review this part restructure?
There is some cleanup/restructuring need to be done. So will track in a separate review request.
> On Feb. 28, 2018, 8:14 a.m., Ramesh Mani wrote:
> > ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
> > Lines 1220 (patched)
> > <https://reviews.apache.org/r/65739/diff/3/?file=1967121#file1967121line1232>
> >
> > return ret?
> > Assign ret with necessary value and also if possible return once at the end of the method, which is less error prone and readble.
There is some cleanup/restructuring need to be done. So will track in a separate review request.
- Sailaja
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/#review198379
-----------------------------------------------------------
On March 1, 2018, 1:03 a.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65739/
> -----------------------------------------------------------
>
> (Updated March 1, 2018, 1:03 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1985
> https://issues.apache.org/jira/browse/RANGER-1985
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
>
>
> Diffs
> -----
>
> security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql d516d64e
> security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql abc7d593
> security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 88629463
> security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql bf3d954b
> security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 56e2e99a
> security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 71298a41
> security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26b
> security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java d61cbc7b
> security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fda
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 35ba30d9
> security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b320
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef1
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d9
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c8688
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884d
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d1
> ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc21
>
>
> Diff: https://reviews.apache.org/r/65739/diff/4/
>
>
> Testing
> -------
>
> 1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
> 2. Also tested with incremental sync enabled for AD sync source.
> 3. Tested the Rest API for showing audits in Ranger UI.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/#review198379
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java
Lines 70 (patched)
<https://reviews.apache.org/r/65739/#comment278518>
Can the resultList be null?
security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java
Lines 75 (patched)
<https://reviews.apache.org/r/65739/#comment278519>
Use StringBuilder.append()
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
Lines 507 (patched)
<https://reviews.apache.org/r/65739/#comment278517>
this doesnt throw exception? Please review this part restructure?
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java
Lines 80 (patched)
<https://reviews.apache.org/r/65739/#comment278514>
Please use StringBuilder instead of + for concat, change all occurance of such usage
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
Lines 1220 (patched)
<https://reviews.apache.org/r/65739/#comment278515>
return ret?
Assign ret with necessary value and also if possible return once at the end of the method, which is less error prone and readble.
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
Lines 163 (patched)
<https://reviews.apache.org/r/65739/#comment278516>
remove commented out part?
- Ramesh Mani
On Feb. 28, 2018, 6:34 a.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65739/
> -----------------------------------------------------------
>
> (Updated Feb. 28, 2018, 6:34 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1985
> https://issues.apache.org/jira/browse/RANGER-1985
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
>
>
> Diffs
> -----
>
> security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 69f3768e
> security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 5abbcd0c
> security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 6dfc8412
> security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql d5555016
> security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql a2be2d4c
> security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cecb3f8b
> security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26b
> security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java db20a14a
> security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fda
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 786b4bfd
> security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b320
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef1
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d9
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c8688
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884d
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d1
> ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc21
>
>
> Diff: https://reviews.apache.org/r/65739/diff/3/
>
>
> Testing
> -------
>
> 1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
> 2. Also tested with incremental sync enabled for AD sync source.
> 3. Tested the Rest API for showing audits in Ranger UI.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/
-----------------------------------------------------------
(Updated Feb. 28, 2018, 6:34 a.m.)
Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Fixed PMD violations as well as added db scripts for all the db flavors
Bugs: RANGER-1985
https://issues.apache.org/jira/browse/RANGER-1985
Repository: ranger
Description
-------
Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
Diffs (updated)
-----
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 69f3768e
security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 5abbcd0c
security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 6dfc8412
security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql d5555016
security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql a2be2d4c
security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cecb3f8b
security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26b
security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java db20a14a
security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fda
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 786b4bfd
security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b320
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef1
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d9
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c8688
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884d
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d1
ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc21
Diff: https://reviews.apache.org/r/65739/diff/3/
Changes: https://reviews.apache.org/r/65739/diff/2-3/
Testing
-------
1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
2. Also tested with incremental sync enabled for AD sync source.
3. Tested the Rest API for showing audits in Ranger UI.
Thanks,
Sailaja Polavarapu
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/
-----------------------------------------------------------
(Updated Feb. 26, 2018, 11:56 p.m.)
Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Incorporated review comments and fixed minor bugs found during testing. Also added one missing sql file for db changes
Bugs: RANGER-1985
https://issues.apache.org/jira/browse/RANGER-1985
Repository: ranger
Description
-------
Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
Diffs (updated)
-----
security-admin/db/mysql/patches/030-create-schema-for-usersync-audit-info.sql PRE-CREATION
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cecb3f8b
security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26b
security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java db20a14a
security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fda
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 786b4bfd
security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b320
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef1
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d9
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c8688
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884d
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d1
ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc21
Diff: https://reviews.apache.org/r/65739/diff/2/
Changes: https://reviews.apache.org/r/65739/diff/1-2/
Testing
-------
1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
2. Also tested with incremental sync enabled for AD sync source.
3. Tested the Rest API for showing audits in Ranger UI.
Thanks,
Sailaja Polavarapu
Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync
operations
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/
-----------------------------------------------------------
(Updated Feb. 26, 2018, 11:52 p.m.)
Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Incorporated review comments and fixed minor bugs found during testing. Also added one missing sql file for db changes
Bugs: RANGER-1985
https://issues.apache.org/jira/browse/RANGER-1985
Repository: ranger
Description
-------
Added code to support auditing for Ranger Usersync operations. This includes auditing for all the sync sources (unix, file, and LDAP/AD) for every sync interval. Also includes Rest API for showing these audits in Ranger UI.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cecb3f8
security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 4a02e26
security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java db20a14
security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 460c7fd
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java PRE-CREATION
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 786b4bf
security-admin/src/main/resources/META-INF/persistence.xml 20f5bba
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 2852b32
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 18366ef
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java 6b2648d
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java 713c868
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 864d884
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java 60ce08d
ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 494efc2
Diff: https://reviews.apache.org/r/65739/diff/1/
Testing
-------
1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
2. Also tested with incremental sync enabled for AD sync source.
3. Tested the Rest API for showing audits in Ranger UI.
File Attachments (updated)
----------------
0001-RANGER-1985-Incorporated-review-comments-and-fixed-m.patch
https://reviews.apache.org/media/uploaded/files/2018/02/26/a4e53893-358a-436d-8837-cc3273527363__0001-RANGER-1985-Incorporated-review-comments-and-fixed-m.patch
Thanks,
Sailaja Polavarapu