ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mehul Parikh <xsme...@gmail.com>
Subject Re: Review Request 73015: RANGER-3055 : Make Ranger source code FIPS complaint
Date Tue, 08 Dec 2020 14:39:11 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73015/#review222309
-----------------------------------------------------------


Ship it!




Ship It!

- Mehul Parikh


On Dec. 8, 2020, 6:27 a.m., Dhaval Shah wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73015/
> -----------------------------------------------------------
> 
> (Updated Dec. 8, 2020, 6:27 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Jayendra Parab, Madhan Neethiraj, Mehul Parikh,
Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3055
>     https://issues.apache.org/jira/browse/RANGER-3055
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> We need to make algorithmic changes in order to make Ranger Source code FIPS compliant.
As per FIPS standard some alogrithms and storetypes are blacklisted. As required we have made
the approriate changes and also introduce the FIPS flag in Ranger to use the appropriate algorithms
under FIPS enviornment.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerAdminConfig.java
5cd539aeb 
>   agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfigConstants.java
1ad34efa7 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
2bb65891a 
>   agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java
d7fedf053 
>   credentialbuilder/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
42497e357 
>   credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java cb391cc00

>   credentialbuilder/src/test/java/org/apache/ranger/credentialapi/TestCredentialReader.java
006986c6a 
>   credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java 87634d777

>   embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java
e6eb7af99 
>   embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
30d830572 
>   kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 75aa939e0 
>   kms/src/main/java/org/apache/hadoop/crypto/key/KeySecureToRangerDBMKUtil.java 538fde95e

>   kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java 6e4f75ae1 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 7473871fb

>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 2b4eb809c 
>   ranger-util/src/scripts/saveVersion.py 0ad39ac90 
>   security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 2b3cdcbb5 
>   security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java c58258ba0

>   security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
1a3ade730 
>   security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
e7a08532d 
>   security-admin/src/main/java/org/apache/ranger/rest/UserREST.java cf764a0b4 
>   security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
a8b8c588a 
>   security-admin/src/main/java/org/apache/ranger/util/Pbkdf2PasswordEncoderCust.java
PRE-CREATION 
>   tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java 95c348265

>   ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
5ef78cf78 
>   ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
f911f22d4 
>   unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
3f7886bc3 
> 
> 
> Diff: https://reviews.apache.org/r/73015/diff/4/
> 
> 
> Testing
> -------
> 
> 1.CRUD for ADMIN_ROLE, USER_ROLE, KEADMIN_ROLE
> 2.Tested UNIX user are getting synced
> 3.Tested file based tag sync
> 4.Tested the user is able to change password and is able to login with new password.
> 5.Import/export
> 6.Tested admin audit.
> 7.Tested kms setup.
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message