ranger.audit.elasticsearch.password

.asf.yaml

@@ -0,0 +1,39 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# https://cwiki.apache.org/confluence/display/INFRA/git+-+.asf.yaml+features
+
+github:
+  description: "Apache Ranger - To enable, monitor and manage comprehensive data security across the Hadoop platform and beyond"
+  homepage: https://ranger.apache.org
+  labels:
+    - apache
+    - ranger
+    - authz
+    - java
+    - python
+    - docker
+  enabled_merge_buttons:
+    squash:  true
+    merge:   false
+    rebase:  false
+  notifications:
+    commits: commits@ranger.apache.org
+    issues: dev@ranger.apache.org
+    pullrequests: dev@ranger.apache.org
+    pullrequests_comment: dev@ranger.apache.org
+    jira_options: worklog link label
+  protected_branches:
+    master: {}

.github/pull_request_template.md

@@ -0,0 +1,11 @@
+## What changes were proposed in this pull request?
+
+(Please fill in changes proposed in this fix. Create an issue in ASF JIRA before opening a pull request and
+set the title of the pull request which starts with
+the corresponding JIRA issue number. (e.g. RANGER-XXXX: Fix a typo in YYY))
+
+
+## How was this patch tested?
+
+(Please explain how this patch was tested. Ex: unit tests, manual tests)
+(If this patch involves UI changes, please attach a screen-shot; otherwise, remove this)

.github/workflows/maven.yml

@@ -0,0 +1,160 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: CI
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+  build-8:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 8
+        uses: actions/setup-java@v4
+        with:
+          java-version: '8'
+          distribution: 'temurin'
+          cache: maven
+      - name: build (8)
+        run: mvn -T 8 clean install --no-transfer-progress -B -V
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: target-8
+          path: target/*
+
+  build-11:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 11
+        uses: actions/setup-java@v4
+        with:
+          java-version: '11'
+          distribution: 'temurin'
+          cache: maven
+      - name: build (11)
+        run: mvn -T 8 clean install -pl '!knox-agent' --no-transfer-progress -B -V
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: target-11
+          path: target/*
+
+  docker-build:
+    needs:
+      - build-8
+      - build-11
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Download build-8 artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: target-8
+
+      - name: Copy artifacts for docker build
+        run: |
+          cp ranger-*.tar.gz dev-support/ranger-docker/dist
+          cp version dev-support/ranger-docker/dist
+
+      - name: Cache downloaded archives
+        uses: actions/cache@v3
+        with:
+          path: dev-support/ranger-docker/downloads
+          key: ${{ runner.os }}-ranger-downloads-${{ hashFiles('dev-support/ranger-docker/.env') }}
+          restore-keys: |
+            ${{ runner.os }}-ranger-downloads-
+
+      - name: Run download-archives.sh
+        run: |
+          cd dev-support/ranger-docker
+          ./download-archives.sh hadoop hive hbase kafka knox ozone
+
+      - name: Clean up Docker space
+        run: docker system prune --all --force --volumes
+
+      - name: Build all ranger-service images
+        run: |
+          cd dev-support/ranger-docker
+          docker compose -f docker-compose.ranger-base.yml build
+          export DOCKER_BUILDKIT=1
+          export COMPOSE_DOCKER_CLI_BUILD=1
+          export RANGER_DB_TYPE=postgres
+          docker compose \
+          -f docker-compose.ranger-${RANGER_DB_TYPE}.yml \
+          -f docker-compose.ranger.yml \
+          -f docker-compose.ranger-usersync.yml \
+          -f docker-compose.ranger-tagsync.yml \
+          -f docker-compose.ranger-kms.yml \
+          -f docker-compose.ranger-hadoop.yml \
+          -f docker-compose.ranger-hbase.yml \
+          -f docker-compose.ranger-kafka.yml \
+          -f docker-compose.ranger-hive.yml \
+          -f docker-compose.ranger-knox.yml \
+          -f docker-compose.ranger-ozone.yml build
+
+      - name: Bring up containers
+        run: |
+          cd dev-support/ranger-docker
+          ./scripts/ozone-plugin-docker-setup.sh
+          export RANGER_DB_TYPE=postgres
+          docker compose \
+          -f docker-compose.ranger-${RANGER_DB_TYPE}.yml \
+          -f docker-compose.ranger.yml \
+          -f docker-compose.ranger-usersync.yml \
+          -f docker-compose.ranger-tagsync.yml \
+          -f docker-compose.ranger-kms.yml \
+          -f docker-compose.ranger-hadoop.yml \
+          -f docker-compose.ranger-hbase.yml \
+          -f docker-compose.ranger-kafka.yml \
+          -f docker-compose.ranger-hive.yml \
+          -f docker-compose.ranger-knox.yml \
+          -f docker-compose.ranger-ozone.yml up -d
+      - name: Check status of containers and remove them
+        run: | 
+          sleep 60
+          containers=(ranger ranger-zk ranger-solr ranger-postgres ranger-usersync ranger-tagsync ranger-kms ranger-hadoop ranger-hbase ranger-kafka ranger-hive ranger-knox ozone-om ozone-scm ozone-datanode);
+          flag=true;
+          for container in "${containers[@]}"; do
+              if [[ $(docker inspect -f '{{.State.Running}}' $container 2>/dev/null) == "true" ]]; then
+                  echo "Container $container is running!";
+              else
+                  flag=false;
+                  echo "Container $container is NOT running!";
+              fi
+          done
+
+          if [[ $flag == true ]]; then
+              echo "All required containers are up and running";
+              docker stop $(docker ps -q) && docker rm $(docker ps -aq);
+          else
+              docker stop $(docker ps -q) && docker rm $(docker ps -aq);
+              exit 1;
+          fi

.gitignore

@@ -6,6 +6,16 @@
 .classpath
 .project
 /target/
+/venv/
 winpkg/target
 .DS_Store
 .idea
+
+#Python
+*.pyc
+**/build
+**/dist
+**/apache_ranger.egg-info
+.python-version
+/security-admin/src/main/webapp/react-webapp/node_modules
+**/target

.travis.yml

@@ -15,31 +15,47 @@
 
 
 sudo: false
-language: java
+dist: bionic
+language: generic
+
 cache:
   directories:
-  - $HOME/.m2
-jdk:
-  - oraclejdk8
-  - oraclejdk11
-  - openjdk10
-  - openjdk11
+    - $HOME/.m2
 
 env:
-  - KEY=default VALUE=default
+  global:
+    - KEY=default VALUE=default
+
 # Environment to testing with different versions, disabled because ranger is not compatible
 #  - KEY=hadoop.version VALUE=2.8.0
 
+jobs:
+  include:
+    - name: Linux AMD64 OpenJDK8
+      env: JDK_VERSION=8
+    - name: Linux AMD64 OpenJDK11
+      env: JDK_VERSION=11
+    - name: Linux ARM64 OpenJDK11
+      arch: arm64-graviton2
+      dist: focal
+      virt: lxd
+      group: edge
+      env:
+        - JDK_VERSION=11
+        - MAVEN_ARGS="-DskipJSTests=true -P!all"
+
 before_install:
   - export MAVEN_OPTS="-Xmx1200M -XX:MaxPermSize=768m -Xms512m"
+  - sudo apt update -y
+  - sudo apt install openjdk-${JDK_VERSION}-jdk maven
 
 install:
-  - mvn package -D$KEY=$VALUE -DskipTests -Dmaven.javadoc.skip=true -B -V
+  - mvn install $MAVEN_ARGS -D$KEY=$VALUE -DskipTests -Dmaven.javadoc.skip=true --no-transfer-progress -B -V
 
 # KafkaRangerAuthorizerGSSTest is a failing test, TestLdapUserGroup needs too much memory for travis
 script:
-  - mvn test -D$KEY=$VALUE -Dmaven.javadoc.skip=true -B -V -pl !plugin-kafka,!ugsync,!hive-agent
-  - mvn test -D$KEY=$VALUE -Dmaven.javadoc.skip=true -B -V -pl plugin-kafka -Dtest="*,!KafkaRangerAuthorizerGSSTest"
-  - mvn test -D$KEY=$VALUE -Dmaven.javadoc.skip=true -B -V -pl ugsync -Dtest="*,!TestLdapUserGroup"
-  - if [[ "$TRAVIS_JDK_VERSION" != "oraclejdk8" ]]; then mvn test -D$KEY=$VALUE -Dmaven.javadoc.skip=true -B -V -pl hive-agent -Dtest="*,!HIVERangerAuthorizerTest" -DfailIfNoTests=false ; fi
-  - if [[ "$TRAVIS_JDK_VERSION" == "oraclejdk8" ]]; then mvn test -D$KEY=$VALUE -Dmaven.javadoc.skip=true -B -V -pl hive-agent ; fi
+  - mvn test $MAVEN_ARGS -D$KEY=$VALUE -Dmaven.javadoc.skip=true -B -V -pl !plugin-kafka,!ugsync,!hive-agent
+  - mvn test $MAVEN_ARGS -D$KEY=$VALUE -Dmaven.javadoc.skip=true -B -V -pl plugin-kafka -Dtest="*,!KafkaRangerAuthorizerGSSTest"
+  - mvn test $MAVEN_ARGS -D$KEY=$VALUE -Dmaven.javadoc.skip=true -B -V -pl ugsync -Dtest="*,!TestLdapUserGroup"
+  - if [[ "$JDK_VERSION" != "8" ]]; then mvn test $MAVEN_ARGS -D$KEY=$VALUE -Dmaven.javadoc.skip=true -B -V -pl hive-agent -Dtest="*,!HIVERangerAuthorizerTest" -DfailIfNoTests=false ; fi
+  - if [[ "$JDK_VERSION" == "8" ]]; then mvn test $MAVEN_ARGS -D$KEY=$VALUE -Dmaven.javadoc.skip=true -B -V -pl hive-agent ; fi