ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dhaval Shah <dhavalshah9...@gmail.com>
Subject Re: Review Request 73015: RANGER-3055 : Make Ranger source code FIPS complaint
Date Fri, 04 Dec 2020 20:49:59 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73015/
-----------------------------------------------------------

(Updated Dec. 4, 2020, 8:49 p.m.)


Review request for ranger, Ankita Sinha, Jayendra Parab, Madhan Neethiraj, Mehul Parikh, Sailaja
Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-3055
    https://issues.apache.org/jira/browse/RANGER-3055


Repository: ranger


Description
-------

We need to make algorithmic changes in order to make Ranger Source code FIPS compliant. As
per FIPS standard some alogrithms and storetypes are blacklisted. As required we have made
the approriate changes and also introduce the FIPS flag in Ranger to use the appropriate algorithms
under FIPS enviornment.


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerAdminConfig.java
5cd539aeb 
  agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfigConstants.java
1ad34efa7 
  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
2bb65891a 
  agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java
d7fedf053 
  credentialbuilder/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java 42497e357

  credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java cb391cc00 
  credentialbuilder/src/test/java/org/apache/ranger/credentialapi/TestCredentialReader.java
006986c6a 
  credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java 87634d777

  embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java
e6eb7af99 
  embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java f6d735c30

  kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 75aa939e0 
  kms/src/main/java/org/apache/hadoop/crypto/key/KeySecureToRangerDBMKUtil.java 538fde95e

  kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java 6e4f75ae1 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 7473871fb 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 2b4eb809c 
  ranger-util/src/scripts/saveVersion.py 0ad39ac90 
  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 2b3cdcbb5 
  security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java c58258ba0 
  security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java 1a3ade730

  security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java e7a08532d

  security-admin/src/main/java/org/apache/ranger/rest/UserREST.java cf764a0b4 
  security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
a8b8c588a 
  security-admin/src/main/java/org/apache/ranger/util/Pbkdf2PasswordEncoderCust.java PRE-CREATION

  tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java 95c348265 
  ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java 5ef78cf78

  ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
f911f22d4 
  unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
4d84a9648 


Diff: https://reviews.apache.org/r/73015/diff/3/


Testing (updated)
-------

1.CRUD for ADMIN_ROLE, USER_ROLE, KEADMIN_ROLE
2.Tested UNIX user are getting synced
3.Tested file based tag sync
4.Tested the user is able to change password and is able to login with new password.
5.Import/export
6.Tested admin audit.
7.Tested kms setup.


Thanks,

Dhaval Shah


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message