You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2021/05/10 12:01:34 UTC
[ranger] branch master updated (e44d547 -> 0c2a2a9)
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git.
from e44d547 RANGER-3270: updated RangerBasePlugin with configurations to optionally disable dynamic refreshing of policies/tags/roles
new fb00ef4 RANGER-3260, RANGER-3258, RANGER-3257 : Update default audit filters for hbase hdfs and kafka to filter out unwanted audits
new ac9d348 RANGER-3272 : Zone tag policies are getting deleted when zone is updated
new 0c2a2a9 RANGER-3215: Ranger Metric Util consumes more heap-size and does not exit
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../resources/service-defs/ranger-servicedef-hbase.json | 2 +-
.../resources/service-defs/ranger-servicedef-hdfs.json | 2 +-
.../resources/service-defs/ranger-servicedef-kafka.json | 2 +-
.../main/java/org/apache/ranger/biz/ServiceDBStore.java | 14 ++++++++------
.../java/org/apache/ranger/patch/cliutil/MetricUtil.java | 14 ++++++++------
.../ranger/service/RangerSecurityZoneServiceService.java | 2 +-
6 files changed, 20 insertions(+), 16 deletions(-)
[ranger] 03/03: RANGER-3215: Ranger Metric Util consumes more
heap-size and does not exit
Posted by me...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 0c2a2a9577fcf4133a9a15338a15bd4169d4f07b
Author: Mahesh Bandal <ma...@gmail.com>
AuthorDate: Mon Apr 12 12:56:44 2021 +0530
RANGER-3215: Ranger Metric Util consumes more heap-size and does not exit
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../main/java/org/apache/ranger/biz/ServiceDBStore.java | 14 ++++++++------
.../java/org/apache/ranger/patch/cliutil/MetricUtil.java | 14 ++++++++------
2 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 52e0c6f..e3c5b54 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -5175,14 +5175,14 @@ public class ServiceDBStore extends AbstractServiceStore {
vXMetricPolicyWithServiceNameCount.setTotalCount(paginatedSvcsList.getTotalCount());
Map<String, VXMetricServiceNameCount> servicesWithPolicy = new HashMap<String, VXMetricServiceNameCount>();
for (int k = 2; k >= 0; k--) {
- String serviceType = String.valueOf(k);
- VXMetricServiceNameCount vXMetricServiceNameCount = getVXMetricServiceCount(serviceType);
+ String policyType = String.valueOf(k);
+ VXMetricServiceNameCount vXMetricServiceNameCount = getVXMetricServiceCount(policyType);
if (k == 2) {
servicesWithPolicy.put("rowFilteringPolicies", vXMetricServiceNameCount);
} else if (k == 1) {
servicesWithPolicy.put("maskingPolicies", vXMetricServiceNameCount);
} else if (k == 0) {
- servicesWithPolicy.put("resourcePolicy", vXMetricServiceNameCount);
+ servicesWithPolicy.put("resourceAccessPolicies", vXMetricServiceNameCount);
}
}
Map<String, Map<String,Long>> tagMap = new HashMap<String, Map<String,Long>>();
@@ -5206,7 +5206,7 @@ public class ServiceDBStore extends AbstractServiceStore {
VXMetricServiceNameCount vXMetricServiceNameCount = new VXMetricServiceNameCount();
vXMetricServiceNameCount.setServiceBasedCountList(tagMap);
vXMetricServiceNameCount.setTotalCount(tagCount);
- servicesWithPolicy.put("tagBasedPolicies", vXMetricServiceNameCount);
+ servicesWithPolicy.put("tagAccessPolicies", vXMetricServiceNameCount);
tagFlag = true;
}
vXMetricPolicyWithServiceNameCount.setPolicyCountList(servicesWithPolicy);
@@ -5339,14 +5339,14 @@ public class ServiceDBStore extends AbstractServiceStore {
return ret;
}
- private VXMetricServiceNameCount getVXMetricServiceCount(String serviceType) throws Exception {
+ private VXMetricServiceNameCount getVXMetricServiceCount(String policyType) throws Exception {
SearchFilter policyFilter1 = new SearchFilter();
policyFilter1.setMaxRows(200);
policyFilter1.setStartIndex(0);
policyFilter1.setGetCount(true);
policyFilter1.setSortBy("serviceId");
policyFilter1.setSortType("asc");
- policyFilter1.setParam("policyType", serviceType);
+ policyFilter1.setParam("policyType", policyType);
PList<RangerPolicy> policies = getPaginatedPolicies(policyFilter1);
PList<RangerService> paginatedSvcsSevice = getPaginatedServices(policyFilter1);
List<RangerService> rangerServiceList = paginatedSvcsSevice.getList();
@@ -5404,6 +5404,8 @@ public class ServiceDBStore extends AbstractServiceStore {
searchCriteriaWithType.getParamList().put("accessResult", accessResult);
searchCriteriaWithType.addParam("startDate", startDate);
searchCriteriaWithType.addParam("endDate", endDate);
+ searchCriteriaWithType.setMaxRows(0);
+ searchCriteriaWithType.setGetCount(true);
VXAccessAuditList vXAccessAuditListwithType = assetMgr.getAccessLogs(searchCriteriaWithType);
long toltalCountOfRepo = vXAccessAuditListwithType.getTotalCount();
if (toltalCountOfRepo != 0) {
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java
index 3bc581e..9c0af02 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java
@@ -283,14 +283,14 @@ public class MetricUtil extends BaseLoader {
vXMetricPolicyCount.setTotalCount(paginatedSvcsList.getTotalCount());
Map<String, VXMetricServiceCount> servicesWithPolicy = new HashMap<String, VXMetricServiceCount>();
for (int k = 2; k >= 0; k--) {
- String serviceType = String.valueOf(k);
- VXMetricServiceCount vXMetricServiceCount = getVXMetricServiceCount(serviceType);
+ String policyType = String.valueOf(k);
+ VXMetricServiceCount vXMetricServiceCount = getVXMetricServiceCount(policyType);
if (k == 2) {
servicesWithPolicy.put("rowFilteringPolicies", vXMetricServiceCount); }
else if (k == 1) {
servicesWithPolicy.put("maskingPolicies", vXMetricServiceCount); }
else if (k == 0) {
- servicesWithPolicy.put("resourcePolicy", vXMetricServiceCount);}
+ servicesWithPolicy.put("resourceAccessPolicies", vXMetricServiceCount);}
}
boolean tagFlag = false;
if (tagFlag == false) {
@@ -302,7 +302,7 @@ public class MetricUtil extends BaseLoader {
VXMetricServiceCount vXMetricServiceCount = new VXMetricServiceCount();
vXMetricServiceCount.setServiceBasedCountList(tagMap);
vXMetricServiceCount.setTotalCount(tagCount);
- servicesWithPolicy.put("tagBasedPolicies", vXMetricServiceCount);
+ servicesWithPolicy.put("tagAccessPolicies", vXMetricServiceCount);
tagFlag = true;
}
vXMetricPolicyCount.setPolicyCountList(servicesWithPolicy);
@@ -433,7 +433,7 @@ public class MetricUtil extends BaseLoader {
}
}
- private VXMetricServiceCount getVXMetricServiceCount(String serviceType)
+ private VXMetricServiceCount getVXMetricServiceCount(String policyType)
throws Exception {
SearchFilter policyFilter1 = new SearchFilter();
policyFilter1.setMaxRows(200);
@@ -441,7 +441,7 @@ public class MetricUtil extends BaseLoader {
policyFilter1.setGetCount(true);
policyFilter1.setSortBy("serviceId");
policyFilter1.setSortType("asc");
- policyFilter1.setParam("policyType", serviceType);
+ policyFilter1.setParam("policyType", policyType);
PList<RangerPolicy> policies = svcStore.getPaginatedPolicies(policyFilter1);
PList<RangerService> paginatedSvcsSevice = svcStore.getPaginatedServices(policyFilter1);
@@ -490,6 +490,8 @@ public class MetricUtil extends BaseLoader {
searchCriteriaWithType.getParamList().put("accessResult", accessResult);
searchCriteriaWithType.addParam("startDate", startDate);
searchCriteriaWithType.addParam("endDate", endDate);
+ searchCriteriaWithType.setMaxRows(0);
+ searchCriteriaWithType.setGetCount(true);
VXAccessAuditList vXAccessAuditListwithType = assetMgr.getAccessLogs(searchCriteriaWithType);
long toltalCountOfRepo = vXAccessAuditListwithType.getTotalCount();
if (toltalCountOfRepo != 0) {
[ranger] 02/03: RANGER-3272 : Zone tag policies are getting deleted
when zone is updated
Posted by me...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit ac9d348b0f6ff2e948e4b4b0eaf66be164c7a0b6
Author: mateenmansoori <ma...@gmail.com>
AuthorDate: Mon May 3 14:44:29 2021 +0530
RANGER-3272 : Zone tag policies are getting deleted when zone is updated
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../org/apache/ranger/service/RangerSecurityZoneServiceService.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
index b62e0a5..27c3dc8 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
@@ -156,7 +156,7 @@ public class RangerSecurityZoneServiceService extends RangerSecurityZoneServiceB
Set<String> updatedServiceNames = ret.getServices().keySet();
Set<String> oldTagServiceNames = new HashSet(tagServiceNamesInZones.remove(xObj.getId()));
- Set<String> updatedTagServiceNames = ret.getServices().keySet();
+ Set<String> updatedTagServiceNames = new HashSet<String>(ret.getTagServices());
Collection<String> newServiceNames = CollectionUtils.subtract(updatedServiceNames, oldServiceNames);
Collection<String> deletedServiceNames = CollectionUtils.subtract(oldServiceNames, updatedServiceNames);
[ranger] 01/03: RANGER-3260, RANGER-3258,
RANGER-3257 : Update default audit filters for hbase hdfs and kafka
to filter out unwanted audits
Posted by me...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit fb00ef4a2d794c0d837702a3817cc14aa69b1920
Author: mateenmansoori <ma...@gmail.com>
AuthorDate: Fri Apr 30 20:33:27 2021 +0530
RANGER-3260, RANGER-3258, RANGER-3257 : Update default audit filters for hbase hdfs and kafka to filter out unwanted audits
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../src/main/resources/service-defs/ranger-servicedef-hbase.json | 2 +-
.../src/main/resources/service-defs/ranger-servicedef-hdfs.json | 2 +-
.../src/main/resources/service-defs/ranger-servicedef-kafka.json | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
index 791b5bc..f94e73a 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
@@ -220,7 +220,7 @@
"validationMessage": "",
"uiHint":"",
"label": "Ranger Default Audit Filters",
- "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'table':{'values':['*-ROOT-*','*.META.*', '*_acl_*', 'hbase:meta', 'hbase:acl']}}, 'users':['hbase'], 'isAudited': false }, {'resources':{'table':{'values':['atlas_janus','ATLAS_ENTITY_AUDIT_EVENTS']},'column-family':{'values':['*']},'column':{'values':['*']}},'users':['atlas'],'isAudited':false},{'users':['hbase'], 'actions':['balance'],'isAudited':false}]"
+ "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'table':{'values':['*-ROOT-*','*.META.*', '*_acl_*', 'hbase:meta', 'hbase:acl', 'default', 'hbase']}}, 'users':['hbase'], 'isAudited': false }, {'resources':{'table':{'values':['atlas_janus','ATLAS_ENTITY_AUDIT_EVENTS']},'column-family':{'values':['*']},'column':{'values':['*']}},'users':['atlas', 'hbase'],'isAudited':false},{'users':['hbase'], 'actions':['balance'],'isAudited':false}]"
}
],
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
index b04b906..bc021a0 100755
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
@@ -192,7 +192,7 @@
"validationMessage": "",
"uiHint":"",
"label": "Ranger Default Audit Filters",
- "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true}, {'actions':['delete','rename'],'isAudited':true}, {'users':['hdfs'], 'actions': ['listStatus', 'getfileinfo', 'listCachePools','listCacheDirectives'], 'isAudited': false}, {'actions': ['getfileinfo'], 'isAudited':false} ]"
+ "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true}, {'actions':['delete','rename'],'isAudited':true}, {'users':['hdfs'], 'actions': ['listStatus', 'getfileinfo', 'listCachePools', 'listCacheDirectives', 'listCorruptFileBlocks', 'monitorHealth', 'rollEditLog', 'open'], 'isAudited': false}, {'users': ['oozie'],'resources': {'path': {'values': ['/user/oozie/share/lib'],'isRecursive': true}},'isAudited': false},{'users': ['spark'],'resources': {'path': {'values': ['/user/spar [...]
}
],
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
index 1deb969..2f511ef 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
@@ -223,7 +223,7 @@
"validationMessage": "",
"uiHint":"",
"label": "Ranger Default Audit Filters",
- "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'topic':{'values':['ATLAS_ENTITIES']}},'users':['atlas'],'actions':['publish'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_HOOK']}},'users':['atlas'],'actions':['consume'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_HOOK']}},'users':['hive','hbase','impala','nifi'],'actions':['publish'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_ENTITIES']}},'users':['rangertagsy [...]
+ "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'topic':{'values':['ATLAS_ENTITIES','ATLAS_HOOK','ATLAS_SPARK_HOOK']}},'users':['atlas'],'actions':['describe','publish','consume'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_HOOK']}},'users':['hive','hbase','impala','nifi'],'actions':['publish','describe'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_ENTITIES']}},'users':['rangertagsync'],'actions':['consume','describe'],'isAud [...]
}
],
"enums":[