You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by ab...@apache.org on 2018/09/27 00:23:52 UTC

[1/2] ranger git commit: RANGER-2008: Policy evaluation is failing for multiline policy conditions.

Repository: ranger
Updated Branches:
  refs/heads/ranger-0.7 508d347bc -> 92bdc78f3


RANGER-2008: Policy evaluation is failing for multiline policy conditions.

Signed-off-by: pradeep <pr...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/3d430201
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/3d430201
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/3d430201

Branch: refs/heads/ranger-0.7
Commit: 3d430201d2e90708da3bae8ee0034f32e1c925f7
Parents: 508d347
Author: ni3galave <ni...@gmail.com>
Authored: Tue Mar 6 15:10:49 2018 +0530
Committer: Abhay Kulkarni <ak...@hortonworks.com>
Committed: Wed Sep 26 16:58:44 2018 -0700

----------------------------------------------------------------------
 .../webapp/scripts/views/policies/PermissionList.js  | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/3d430201/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
index c4aad36..9184675 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
@@ -530,7 +530,7 @@ define(function(require) {
 					emptytext : 'Add Conditions',
 					value : this.conditions,
 					display: function(value) {
-						var continue_ = false, i = 0;
+						var continue_ = false, i = 0, cond = [];
 						if(!value) {
 							$(this).empty();
 							return; 
@@ -545,19 +545,18 @@ define(function(require) {
 									return ''; 
 								}
 								//Add label for policy condition
-								var pcond = _.findWhere(that.multiLinecond, { 'name': name})
+								var pcond = _.findWhere(that.multiLinecond, { 'name': name});
 								if(!_.isUndefined(pcond) && !_.isUndefined(pcond['evaluatorOptions']) 
 										&& ! _.isUndefined(pcond['evaluatorOptions']["ui.isMultiline"]) 
 										&& ! _.isUndefined(pcond['evaluatorOptions']['engineName'])){
-									val = 	pcond['evaluatorOptions']['engineName'] + ' Condition'
+									cond.push({ 'type' : name, 'values' : !_.isArray(val) ? [val] : val });
+									val = 	pcond['evaluatorOptions']['engineName'] + ' Condition';
+								} else {
+									cond.push({ 'type' : name, 'values' : !_.isArray(val) ?  val.split(',') : val });
 								}
 								i++;
-                                                                return '<span class="'+label+' white-space-normal" >'+name+' : '+ _.escape(val) + '</span>';
+                                return '<span class="'+label+' white-space-normal" >'+name+' : '+ _.escape(val) + '</span>';
 							});
-							var cond = _.map(value, function(val, name) {
-                                                                return {'type' : name, 'values' : !_.isArray(val) ?  val.split(',') : val};
-							});
-							
 							that.model.set('conditions', cond);
 							$(this).html(html);
 							that.ui.addConditionsSpan.find('i').attr('class', 'icon-pencil');

[2/2] ranger git commit: RANGER-2007: ranger-tagsync's Kerberos ticket fails to renew

Posted by ab...@apache.org.

RANGER-2007: ranger-tagsync's Kerberos ticket fails to renew


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/92bdc78f
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/92bdc78f
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/92bdc78f

Branch: refs/heads/ranger-0.7
Commit: 92bdc78f3c05d92316f9d1bb1c304f374a790b89
Parents: 3d43020
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Mon Mar 5 17:02:57 2018 -0800
Committer: Abhay Kulkarni <ak...@hortonworks.com>
Committed: Wed Sep 26 16:59:41 2018 -0700

----------------------------------------------------------------------
 .../ranger/tagsync/process/TagSynchronizer.java | 33 +++++++-------------
 1 file changed, 12 insertions(+), 21 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/92bdc78f/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java
----------------------------------------------------------------------
diff --git a/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java b/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java
index b07cd34..612dd64 100644
--- a/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java
+++ b/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java
@@ -28,7 +28,6 @@ import org.apache.log4j.Logger;
 import org.apache.ranger.tagsync.model.TagSink;
 import org.apache.ranger.tagsync.model.TagSource;
 
-import javax.security.auth.Subject;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
@@ -380,31 +379,23 @@ public class TagSynchronizer {
 			if (LOG.isDebugEnabled()) {
 				LOG.debug("Trying to get kerberos identitiy");
 			}
-			Subject subject = null;
-			try {
-				subject = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
-			} catch(IOException exception) {
-				LOG.error("Could not get Subject from principal:[" + principal + "], keytab:[" + keytab + "], nameRules:[" + nameRules + "]", exception);
-			}
 
 			UserGroupInformation kerberosIdentity;
 
-			if (subject != null) {
-				try {
-					UserGroupInformation.loginUserFromSubject(subject);
-					kerberosIdentity = UserGroupInformation.getLoginUser();
-					if (kerberosIdentity != null) {
-						props.put(TagSyncConfig.TAGSYNC_KERBEROS_IDENTITY, kerberosIdentity.getUserName());
-						if (LOG.isDebugEnabled()) {
-							LOG.debug("Got UGI, user:[" + kerberosIdentity.getUserName() + "]");
-						}
-						ret = true;
-					} else {
-						LOG.error("KerberosIdentity is null!");
+			try {
+				UserGroupInformation.loginUserFromKeytab(principal, keytab);
+				kerberosIdentity = UserGroupInformation.getLoginUser();
+				if (kerberosIdentity != null) {
+					props.put(TagSyncConfig.TAGSYNC_KERBEROS_IDENTITY, kerberosIdentity.getUserName());
+					if (LOG.isDebugEnabled()) {
+						LOG.debug("Got UGI, user:[" + kerberosIdentity.getUserName() + "]");
 					}
-				} catch (IOException exception) {
-					LOG.error("Failed to get UGI from Subject:[" + subject + "]", exception);
+					ret = true;
+				} else {
+					LOG.error("KerberosIdentity is null!");
 				}
+			} catch (IOException exception) {
+				LOG.error("Failed to get UGI from principal:[" + principal + "], and keytab:[" + keytab + "]", exception);
 			}
 		} else {
 			if (LOG.isDebugEnabled()) {