This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree
Skip to end of metadata
Go to start of metadata

Release Notes - Ranger 0.6.0 (Release in progress)

Sub-task

  • [RANGER-270] - Solr configuration and setup files and documentation
  • [RANGER-271] - Script and process to migrate existing audit from RDBMS to Solr
  • [RANGER-551] - Policy Validation: If resource levels are not valid for any hierarchy then checks about missing mandatory levels should be skipped.
  • [RANGER-595] - Support for persisting tag info in the database
  • [RANGER-611] - Update policy listing page with a new column 'Policy Type'
  • [RANGER-612] - Update HDFS plugin to fallback to hadoop-acl only when there is no Ranger policy to determine the authorization
  • [RANGER-643] - Audit page: filter by Tags column does not work
  • [RANGER-644] - Update Solr audit source/destination to support 'Tags' field
  • [RANGER-645] - Tag DB Store should be available in all supported DB flavors
  • [RANGER-646] - Policy UI updates for the changes in policy model to support policyItems of type allow/deny/allow-exception/deny-exception
  • [RANGER-660] - Implement TagSync process to populate Ranger with tag details
  • [RANGER-670] - Policy UI to support input of a single value for resources
  • [RANGER-709] - Support conditions that handle only a single value
  • [RANGER-737] - Need to update the current implementation for recent changes in Kafka
  • [RANGER-843] - Add indexes to improve Postgres query performance
  • [RANGER-844] - Optimize policy retrieval for non-admin users
  • [RANGER-848] - Policy listing page: users column is empty for non-admin users
  • [RANGER-851] - Remove all occurrences from code that would violate PMD EmptyFinallyBlock rule
  • [RANGER-855] - Fix "BooleanInstantiation" issues
  • [RANGER-856] - Fix "DontImportJavaLang" issues
  • [RANGER-860] - Fix DuplicateImports/UnusedImports
  • [RANGER-866] - Service delete fails with error 'XXService was updated or deleted by another transaction'
  • [RANGER-871] - Fix migrating issues
  • [RANGER-874] - Deny & allow/deny exceptions in policies should be optional
  • [RANGER-876] - Policy UI updates to make deny & exception policy items optional
  • [RANGER-877] - Exceptions in policies: allow-exceptions should implicitly deny; deny-exceptions should implicitly allow
  • [RANGER-879] - Fix JUnit4TestShouldUseTestAnnotation issue
  • [RANGER-883] - Fix remaining "imports" issues
  • [RANGER-890] - Fix "unnecessary" issues
  • [RANGER-905] - Fix "UnusedModifier" issues
  • [RANGER-911] - Fix Unused Formal Parameters
  • [RANGER-937] - Fix unused local variables issue
  • [RANGER-953] - Tag Based policies menu is not appearing for 'ADMIN' role users after upgrade from 0.5

Bug

  • [RANGER-149] - If the HDFS file system is empty then repository configurator gives confusing message
  • [RANGER-204] - Not able to delete user or group if user/group has any policy defined.
  • [RANGER-205] - Delete rest api of User not deleting user completely from system
  • [RANGER-218] - LDAP Groups incorrectly labelled internal
  • [RANGER-255] - Email Address discrepancy
  • [RANGER-341] - request_data and request_path columns are short
  • [RANGER-414] - Resource name is not easily readable in Ranger access logs
  • [RANGER-541] - Address 0.5 release packaging feedback
  • [RANGER-560] - Policy validation: Provide user friendly error messages about validation failures
  • [RANGER-575] - Allow KMS policies to be assigned to all users
  • [RANGER-584] - Service validation: Provide user friendly error messages about validation failures
  • [RANGER-588] - Take care of Ranger KMS installation even if 'java' is not in PATH
  • [RANGER-593] - Service def validation: Provide user friendly error messages about validation failures
  • [RANGER-594] - Policy Validation: Change the logic to generate friendly error messages to be similar to that for Service and Service def
  • [RANGER-596] - Add support for location based authorization
  • [RANGER-606] - Add support for deny policies
  • [RANGER-607] - Unable to create multiple policyItems for same user or group
  • [RANGER-608] - Denied access to list a directory does not generate audit
  • [RANGER-609] - Limit the width of 'Policy Conditions' column in policy-edit page
  • [RANGER-615] - Audit to db: Truncate all string values of audit record so that writing of audit does not fail
  • [RANGER-616] - Add UI validation for max length of service conf properties fields
  • [RANGER-617] - Handle Search by status on policy search filter
  • [RANGER-618] - KMS gets slower in key creation once Database grows
  • [RANGER-619] - Add a Hive condition to restrict access to mutually exclusive columns
  • [RANGER-622] - Hive plugin: Add jar via beeline throws NPE
  • [RANGER-623] - Enable plugin scripts should handle file permissions for certain umask value
  • [RANGER-627] - Processing done by Audit Shutdown hooks can confuse someone looking at logs to think that shutdown of a service is held up due to Ranger plugin
  • [RANGER-628] - Make filters for ranger-admin search binds configurable
  • [RANGER-631]- audit log is not present for deleting user
  • [RANGER-632] - Policy validation error messages produced by the server are not seen by the user
  • [RANGER-633] - Service validation error messages produced by the server are not seen by the user
  • [RANGER-634] - Service-def validation error messages produced by the server are not seen by the user
  • [RANGER-635] - delete an user and then add a new user with same id but with diffenent role creates user with old role
  • [RANGER-636] - Component Level Permission popup for tag based policy create page
  • [RANGER-637] - Make REFERRAL property in Ranger User sync configurable
  • [RANGER-638] - Ranger admin should redirect back to login page when session cookies expires
  • [RANGER-639] - Storm plugin - commons-lang is a required dependency and hence should be packaged as part of storm plugin
  • [RANGER-641] - Ranger kms start fails if java is not set and started using service keyword
  • [RANGER-654] - Component process goes in a tight loop if audit destination is down
  • [RANGER-656] - Ranger UI - KMS Need to handle 404 error when clicked on breadcrumb
  • [RANGER-658] - Package ranger_credential_helper.py with Ranger Usersync assembly
  • [RANGER-661] - Plugin receives empty policy list though the service has policies
  • [RANGER-662] - Policy create/update failures leave partial policy in the database
  • [RANGER-663] - Race condition during policy update causes policy to get in an bad state
  • [RANGER-664] - Ranger PolicyRefresh REST Client timeout parameter should be configurable
  • [RANGER-671] - Add support to retrieve permissions for the logged in user from UserSession rather going to database every time
  • [RANGER-672] - 0.4 plugins can't download policies from 0.5 server (via old api)
  • [RANGER-673] - Setup changes to allow Ranger service to installed using custom service user
  • [RANGER-674] - Ranger public rest api gives 200 response for wrong credential instead of 401
  • [RANGER-675] - User with access to one of columns via tag is able to access other columns as well
  • [RANGER-677] - Ranger Admin fails to render policies referring to groups that contain "." in name
  • [RANGER-679] - Support Secure Solr from Ranger Admin
  • [RANGER-680] - Remove public group (by default) in default policy for KMS repo
  • [RANGER-681] - Update default sync intervals for LDAP and UNIX
  • [RANGER-682] - Ranger to support Azure Blob Datastore as an audit destination via HDFS audit handler
  • [RANGER-683] - User with authorization to a tag is allowed access even though access is denied by a policy for the resource
  • [RANGER-688] - Handle scenario where ids of XUser and XPortalUser are not in sync
  • [RANGER-690] - Ranger Admin doesn't show error if Audit Solr is down
  • [RANGER-697] - KeyAdmin role user should see only KMS related audit access logs in Audit tab
  • [RANGER-700] - Provide a wrapper shell script to run the FileSourceUserGroupBuilder process
  • [RANGER-701] - Update setup scripts to allow special characters in passwords
  • [RANGER-702] - Optimize policy download performance
  • [RANGER-703] - Policy UI validation blocks policy with audit-disabled and no groups
  • [RANGER-704] - Service enable/disable should refresh the policies in the plugins
  • [RANGER-710] - Add a permission for 'Tag Based Policies'
  • [RANGER-711] - Fix code defects uncovered by static analysis of code-base
  • [RANGER-714] - Enhancements to the db admin setup scripts.
  • [RANGER-719] - Audit in RangerAdmin doesn't show latest audits in UI if server is on different timezone
  • [RANGER-720] - Ldap discovery tool doesn't seem to be working as expected
  • [RANGER-724] - AuditBatchQueue: prevQueueSize not recomputed after initial assignment - static code analyzer flagged issue
  • [RANGER-725] - Add the right .gitignore file to the newly added projects so that directory listing is clean after a build
  • [RANGER-726] - Ranger Build Compilation faliure due to atlas changes
  • [RANGER-727] - Knox Plugin failed to AuditToSpool file when Audit Destination is down
  • [RANGER-728] - Update Solr script to resolve issues with ZK and creating collection
  • [RANGER-731] - Ranger plugin for YARN doesn't seem to be able to write audit to Kerberized HDFS
  • [RANGER-733] - Implement best coding practices to resolve issues found during code scan
  • [RANGER-734] - Add unit tests for Ranger Usersync module
  • [RANGER-736] - Apache license headers missing in files from recent commit
  • [RANGER-739] - Ranger HBase Plugin returning null for RegionObserver.preCompact calls causing hbase:acl issue
  • [RANGER-741] - Fix installation script to skip Audit DB password check if audit source is SOLR
  • [RANGER-742] - Ranger usersync fails after syncing 500 users from AD or ldap server when paged results is enabled.
  • [RANGER-743] - External users with Admin Role should be allowed to create/update users
  • [RANGER-745] - Upgrade Apache commons-collections
  • [RANGER-748] - Users in policy got changed after upgrade
  • [RANGER-751] - Ranger admin setup fails with TypeError
  • [RANGER-752] - Name node not starting due StackOverFlowError exception
  • [RANGER-753] - Optimize tag download performance
  • [RANGER-754] - Ranger YARN Plugin lookup and test connection should support SPENGO enabled HTTP Authentication
  • [RANGER-755] - ldap run.sh script fails since auth directory does not exist
  • [RANGER-756] - LdapTool fails with -r option to retrieve only users/group/all
  • [RANGER-757] - [LDAP tool] authentication fails if use -d option to search only users
  • [RANGER-758] - Handle special characters in passwords starting from -r
  • [RANGER-759] - Fix Ranger Knox SSO logout/session expired issues
  • [RANGER-760] - Ranger UI code cleanup
  • [RANGER-761] - Transaction logs not getting generated under audit menu admin tab if policy name is changed
  • [RANGER-763] - Optimize policy evaluation by reordering match-checks
  • [RANGER-764] - Kafka plugin: new operation types supported by kafaka plugin should be added to service definition.
  • [RANGER-765] - Handle logout scenario for knox sso disabled case
  • [RANGER-767] - Refactor UserGroupSink implementation and consolidate performance improvements
  • [RANGER-769] - Can't connect to Solr server because of Httpcore issue in HBase
  • [RANGER-770] - Fix NullPointerException Unit test cases on master branch
  • [RANGER-771] - 4+ Log entries upon login in in X_AUTH_SESS
  • [RANGER-772] - Hive plugin: Update Ranger authorizer to mimic changes made by Hive standard authorizer for the case when IMPORT can end up creating a table
  • [RANGER-773] - Fix newly found Coverity scan issues for Ranger KMS
  • [RANGER-775] - Annotate classes used in REST API with ignoreUnknown=true for version compatibility
  • [RANGER-777] - Kafka plugin should build/work with the kafka v0.9 jar with authorization support that have been pushed to public repos
  • [RANGER-778] - Fix user update issue
  • [RANGER-779] - Remove unused attributes in RangerPolicyItem
  • [RANGER-780] - Atlas-Interface: Update Atlas Notification processing to accommodate format changes to qualifiedName attribute
  • [RANGER-781] - Ranger Kafka Plugin failed to log audit into secure hdfs cluster
  • [RANGER-784] - Annotate REST API classes to use get/set methods instead of directly accessing fields
  • [RANGER-787] - Clean up ranger-tagsync configuration; remove unneeded parameters
  • [RANGER-788] - Ranger Admin should set delegateAdmin=false for tag-based policies
  • [RANGER-789] - Incorrect policy list paging for non-admin users
  • [RANGER-791] - Update ranger to work with HiveAuthorizer interface changes
  • [RANGER-792] - Updates for Atlas API changes in ATLAS-394
  • [RANGER-793] - Atlas notification dependencies should be included in ranger-tagsync package
  • [RANGER-794] - Ranger policy engine performance measurement
  • [RANGER-795] - Ranger admin does not start when SSL is enabled.
  • [RANGER-796] - Good coding practice: fix issues in updates from RANGER-794
  • [RANGER-797] - Good coding practice: fix issues in updates from RANGER-789
  • [RANGER-798] - Handle different timezone issue while saving audit logs to Solr
  • [RANGER-799] - Ranger UI fixes - partial search not working on Policy listing page
  • [RANGER-800] - Move Context enricher implementation RangerFileBasedGeolocationProvider out of test into prod
  • [RANGER-801] - Enable tagsync to run in secure mode.
  • [RANGER-802] - HBase plugin: Implement the new methods added to MasterObservers Interface and mimic their implementation in Hbase AccessController
  • [RANGER-804] - Delete groups associated with User causes Exception in UserSync
  • [RANGER-805] - Update Ranger website FAQs
  • [RANGER-807] - TagSync should support periodic full sync with Apache Atlas
  • [RANGER-809] - Audit framework need to cache the getHostName() values to reuse for successive calls
  • [RANGER-814] - In Ranger Audit using Solr, auto create fields should be single valued
  • [RANGER-824] - Fix code standards to remove exceptions in pmd ruleset
  • [RANGER-829] - Root pom specifies incorrect minimum Maven version
  • [RANGER-831] - Single policy update increases policy history version by 2 - gives error to view history
  • [RANGER-835] - Authentication bypass in Ranger API
  • [RANGER-836] - Optimize policy download to plugins - by not including unused fields
  • [RANGER-838] - Tag-sync should be resilient to Ranger Admin availability
  • [RANGER-840] - ranger-admin and ranger-usersync does not honour the SSL truststore property
  • [RANGER-846] - Ranger deviates from Hadoop usernames
  • [RANGER-847] - Fix code scan issues
  • [RANGER-849] - Good coding practice: fix potentil Null Pointer dereference
  • [RANGER-850] - Test test30getPolicyFromEventTime does not fail but it throws an NPE
  • [RANGER-852] - ArrayOutOfBoundsException can be triggered due to faulty check in UnixUserGroupBuilder
  • [RANGER-853] - Remove the unused project lookup-client as its contents were moved into individual plugin project since ranger-0.5 release
  • [RANGER-859] - Allow user to define custom log directory during Ranger installation
  • [RANGER-863] - Make parameters like maxHttpHeaderSize configurable for EmbeddedServer
  • [RANGER-864] - RangerPolicy.set(List<?>) methods append to existing value, instead of overwriting
  • [RANGER-865] - Service delete should delete associated service-resources and tag-resource-maps
  • [RANGER-870] - PMD build error
  • [RANGER-872] - Patch validation executed upon submission of a patch - seems failing due to common usage of /tmp folder
  • [RANGER-875] - Restrict Grantor privileges of Ranger db user for Oracle DB Flavour
  • [RANGER-878] - Improve error logging and Ranger UI error message when test connection and lookup is done
  • [RANGER-880] - Good coding practice: inner class to be made static; wait() should be in a loop
  • [RANGER-882] - Policy engine initialization should handle incorrect values in policies
  • [RANGER-884] - PMD build error
  • [RANGER-885] - ClassCastException in SolrClient
  • [RANGER-886] - RangerSSOAuthenticationFilter needs to accommodate a missing expiration time
  • [RANGER-887] - Changes needed to convert log4j.xml to log4j.properties
  • [RANGER-888] - Provide support to delete Users and Groups from Ranger Admin UI
  • [RANGER-891] - Audit shutdown hook to be registered with Hadoop ShutdownHookManager, instead of directly with Java Runtime
  • [RANGER-892] - Ranger SOLR plugins should not add dependent libraries to component's CLASSPATH
  • [RANGER-893] - Ranger ugsync with LDAP is not able to fetch group information
  • [RANGER-894] - Ranger ldap tool is ignoring OU's from user search base
  • [RANGER-896] - Add Maria DB support for Ranger and Ranger KMS
  • [RANGER-899] - Problem Changing/Updating emailAddress of logged in user using API: "{userId}/emailchange" of class org.apache.ranger.rest.UserREST.java
  • [RANGER-901] - x_service table columns that track policy/tag updates to be moved to a new table
  • [RANGER-902] - tags that are private to a service-resource should be deleted when service-resource is deleted
  • [RANGER-903] - optimize updates to resource-tag info
  • [RANGER-904] - Update create-policy REST API to support override values via query parameters
  • [RANGER-906] - Knox Ranger Plugin needs addition dependency jar for webhdfs calls to work
  • [RANGER-907] - Copy + paste error in RangerYarnAuthorizer
  • [RANGER-910] - Improve db and java patches execution logic to make that more robust
  • [RANGER-912] - Ranger Admin UI to support datamask & row-filter policies
  • [RANGER-914] - Where is the download page on the website?
  • [RANGER-915] - The website needs a more prominent link to the issue tracker
  • [RANGER-917] - Ranger Hive authorizer to be updated for changes in Hive
  • [RANGER-918] - Publish Range libraries for plugin development to maven central
  • [RANGER-920] - Update HBase plugin for changes in the HBase Authorizer interface
  • [RANGER-921] - Improve implementation of internal SQL calls and make it more generic
  • [RANGER-926] - Ranger UI validation changes to allow . [dot] in firstname and lastname fields
  • [RANGER-931] - Fix Ranger Projects pom for name change for artifacts from “org.apache.calcite:calcite-avatica:${calcite.version}” to “org.apache.calcite.avatica:avatica:${avatica.version}”
  • [RANGER-932] - Fix assemblies after patch for RANGER-839
  • [RANGER-933] - Services landing page restricts the listing to first 25 services only
  • [RANGER-934] - Ranger should use released version of EclipseLink
  • [RANGER-935] - Persistence.xml file should have mapping of all Entity classes
  • [RANGER-939] - Update to use Storm version 1.0.0
  • [RANGER-940] - Add null check for ranger.ks.hsm.enabled property
  • [RANGER-941] - Getting Access denied page while creating kms service on Ranger UI
  • [RANGER-942] - TagSync deployment in environments without Atlas
  • [RANGER-945] - SaveVersion python script in ranger-util not working
  • [RANGER-951] - Modify ranger-admin to put stackdef for specified components
  • [RANGER-952] - Tagadmin user name should be configurable in tagsync module
  • [RANGER-954] - Compilation fix due to HIVE change (HIVE-13424)
  • [RANGER-955] - TagSync should be updated to process ENTITY_DELETE notification
  • [RANGER-957] - Modify ranger kms to use service identity (from service keytab) to download policies from ranger admin
  • [RANGER-960] - Service-def update does not preserve the order in which permissions are listed
  • [RANGER-962] - Ranger plugin should have an option to use X-Forwarded-For address
  • [RANGER-963] - Ranger UI : Search tagService filter(API) is not working on service create/update page
  • [RANGER-964] - Fix NOTICE and LICENSE file contents
  • [RANGER-965] - Validate Audit DB to Solr Migration script from any previous version to 0.6 upgrade
  • [RANGER-968] - Remove email validation to allow syncing users from a file
  • [RANGER-969] - Property ranger.usersync.filesource.text.delimiter mis-spelled
  • [RANGER-971] - RangerPolicyEvaluator Cache key needs to include resource-def-name
  • [RANGER-972] - Default value for tagsync to retry tag upload to ranger is too small
  • [RANGER-973] - Kerberos : Ranger Admin to perform Key operations using Principal / keytab of RangerAdmin from UI
  • [RANGER-974] - Allow users to move policy items in create / edit Policy screen
  • [RANGER-975] - Rename ranger log file from xa_portal.log to ranger_admin.log
  • [RANGER-976] - Update tagsync packaging to include Kafka libraries
  • [RANGER-977] - Ranger KMS default policies should include hdfs & hive
  • [RANGER-981] - Change session cookie name from JSESSIONID to RANGERADMINSESSIONID
  • [RANGER-982] - Review/update name of default policies in a new service instance
  • [RANGER-984] - Ranger Admin Install fails with "022-split-service-table.sql Import failed!"
  • [RANGER-989] - java.lang.NoClassDefFoundError: org/apache/commons/httpclient/URIException during user sync
  • [RANGER-990] - Automate setting Proxy User in Ranger KMS
  • [RANGER-991] - Ranger should support authorization for Apache Atlas
  • [RANGER-992] - create_dbversion_catalog.sql DB schema import failed
  • [RANGER-993] - [Row Filter & colum masking] issues with auditing of colum masking and row filter
  • [RANGER-994] - Ranger Support for Audit to Secure Solr
  • [RANGER-995] - Implement good coding practices
  • [RANGER-996] - The PolicyRefresher doesn't cache policies if the directory doesn't already exist
  • [RANGER-997] - Improve Policy Listing performance on Reports page having more than 1000 policies
  • [RANGER-998] - Trim policy name in create/update policy request
  • [RANGER-999] - Delete Module REST API is failing as it is not removing assigned users and groups
  • [RANGER-1000] - Tag service deletion failure due to MySQLIntegrityConstraintViolationException
  • [RANGER-1003] - Handle Ranger upgrade scenario in Kerberized Cluster
  • [RANGER-1004] - Remove need to set access type for column masking, row filtering in Ranger UI
  • [RANGER-1008] - if one of OU is invalid out of multiple ou configured then no user syncd from any of the OU
  • [RANGER-1009] - Ranger returns stale service/policies if service-name is reused
  • [RANGER-1010] - Make 2 sso properties non-configurable in Ranger
  • [RANGER-1011] - User's Group name attribute in Ranger Usersync LDAP configuration must be optional
  • [RANGER-1012] - Ranger ldap tool stores the admin bind password in config file in clear text
  • [RANGER-1013] - Move some properties from ranger-admin-site.xml to ranger-admin-default-site.xml
  • [RANGER-1014] - Ranger UI : Show allow/deny policy items info on Report page
  • [RANGER-1015] - Ranger KMS changes to cater to hadoop kms commits
  • [RANGER-1016] - Display resourceType field under the Audit -> Access tab
  • [RANGER-1017] - Audit to Secure Solr needs Solrj Jars from apache to be included in package
  • [RANGER-1018] - Ranger User creation failing with SQLAnywhere and MS SQL Server DB Flavor
  • [RANGER-1019] - Audit to secure solr needs httpclient dependency library 4.5.2 version
  • [RANGER-1020] - Remove (old) Calcite dependency
  • [RANGER-1021] - Ranger plugins for components should only download policies which are in 'Enabled' state
  • [RANGER-1022] - Audit summary statistics (such as event_count, event_dur_ms) are not persisted when audit destination is RDBMS
  • [RANGER-1023] - Handle requests from non-kerberized browser when Ranger is kerberized
  • [RANGER-1024] - Improve implementation of java patch PatchPersmissionModel_J10003 to handle large amount of users
  • [RANGER-1025] - Policy search REST API implemented in public api V1 is not returning results as expected
  • [RANGER-1026] - Ranger service to generate PID
  • [RANGER-1027] - Packaging changes for Ranger Atlas Plugin
  • [RANGER-1028] - Audit log not created for change of Tag based service name
  • [RANGER-1029] - Update Ranger to support Kafka version 0.10.0.0
  • [RANGER-1030] - Update Ranger to support Kafka version 0.10.0.0
  • [RANGER-1032] - Update TagSync installation to handle configurations for kerberos mode
  • [RANGER-1033] - admin audit logging is not happening correctly while deletion of the configuration from the service repo
  • [RANGER-1034] - Ranger KMS plugin should not add dependent libraries in Ranger KMS classpath
  • [RANGER-1035] - Improve implementation of Client classes to adhere to good coding practices
  • [RANGER-1036] - Solr Jaas config for ranger audit framework should not override the component Jaas config.
  • [RANGER-1037] - REST API for tag download returns incorrect return code
  • [RANGER-1038] - Usersync process is not syncing users from AD at intervals based on sleeptimeinmillisbetweensynccycle
  • [RANGER-1039] - User and groups having special characters are not populating in edit policy page
  • [RANGER-1040] - Add unique key constraint on user_name column of x_user table
  • [RANGER-1041] - Failure to sync one user to admin causes other users/groups also not to be synced from usersync to admin
  • [RANGER-1042] - Reduce clutter in tagsync debug log
  • [RANGER-1043] - Update tagsync for changes in ATLAS-542 - table.name -> table.qualifiedName
  • [RANGER-1045] - Ranger should provide support to force use inmemory jaas config when auditing to secure solr
  • [RANGER-1046] - ranger kms repo creation is failing after ranger kms is installed
  • [RANGER-1047] - Getting 204 error when trying to access Ranger with KnoxSSO if user does not exist in Ranger DB
  • [RANGER-1048] - Ranger Hbase lookup should use the config provided in the Ranger hbase service
  • [RANGER-1052] - Remove or Fix all skipped unit tests in RANGER
  • [RANGER-1053] - policy download fails with HTTP code 401 for long running components in kerberized cluster
  • [RANGER-1057] - Ambari configuration for ranger-tagsync needs to support ranger.tagsync.source.atlasrest.keystore.filename property
  • [RANGER-1058] - Ambari configuration for ranger-tagsync needs to support property for atlas keystore filename
  • [RANGER-1059] - updatetagadminpassword.py script should use user names from ranger-tagsync-site
  • [RANGER-1060] - Ranger Hbase and Hive Plugin Grant Revoke REST call should send the right http response when authorization fails in kerberized cluster
  • [RANGER-1061] - Add admin user to default policy of Atlas
  • [RANGER-1062] - Remove conflicting jars from Ranger Atlas plugin
  • [RANGER-1063] - Increase size of sort_order column of x_policy_item_user_perm and x_policy_item_group_perm table
  • [RANGER-1064] - Incorrect value specified for atlas.kafka.security.protocol property for manual kerberized tagsync installation
  • [RANGER-1067] - admin audit logging is not correct when add and delete the configuration from the service repo.
  • [RANGER-1068] - Issue with ranger admin restart and pid generation
  • [RANGER-1069] - if a user permissions are removed from a policy through revoke operation then also users is shown
  • [RANGER-1070] - Export table should be allowed only when masking or row-filtering are not specified
  • [RANGER-1071] - Ranger Storm Plugin should package codehaus.jackson libs as part of dependent jar
  • [RANGER-1072] - Add slf4j libraries and its dependencies for Ranger Atlas plugin
  • [RANGER-1073] - permission denied for rangeradmin.jceks.crc file
  • [RANGER-1074] - grant and revoke are working even if user is not added to auth properties in repo
  • [RANGER-1077] - Audit logs for Hive access show empty IP address
  • [RANGER-1078] - grant and revoke are not working as expected
  • [RANGER-1079] - tagsync should attempt re-initializing failed tag sources periodically
  • [RANGER-1080] - even if service creation is failed then also 200 Respons is returned
  • [RANGER-1082] - Ranger should support newer Storm Topology methods in the Ranger Storm Plugin for Authorization
  • [RANGER-1083] - Ranger PolicyRefresh and RangerTagEnricher threads should be of daemon type
  • [RANGER-1084] - Ranger not working with Knox Proxy
  • [RANGER-1085] - Ranger UI : policy creation validation error
  • [RANGER-1086] - Under Audit>Admin tab pop up for service create and update does not work
  • [RANGER-1087] - Block insert/update/delete/truncate when row-filter/column-mask is enabled for the user
  • [RANGER-1088] - denied auditing is not done if resource lookup fail
  • [RANGER-1089] - KMS] kms.log file gets bigger
  • [RANGER-1092] - Ranger YARN Plugin should not fails to download policy when UGI ticket expires
  • [RANGER-1098] - for hive and hbase two properties are present policy.grantrevoke.auth.users & policy.grant.revoke.auth.users </ul>

     

    Improvement

    • [RANGER-274] - Add support for TAG based policies
    • [RANGER-647] - Add PAM Support
    • [RANGER-648] - Provide a way to clean-up old policy-engine and related resources.
    • [RANGER-669] - Ranger doc several typos in FAQ
    • [RANGER-684] - Ranger Usersync - Add Ability to transform user/group names
    • [RANGER-691] - Ranger Admin shouldn't expect users to be sync'ed for authentication
    • [RANGER-699] - higher level policy API to hide complexity of policy update/create/delete
    • [RANGER-722] - StartTLS support for Ranger
    • [RANGER-746] - Ranger Admin: Add wildcard, multiple CN & SAN support when validating plugins' SSL certs
    • [RANGER-749] - Ranger KMS to support multiple KMS instances with keys across multiple clusters
    • [RANGER-776] - Write sql patch to create Ranger user 'rangertagsync' for all DB
    • [RANGER-815] - In Solr managed-schema, we should set default for event_count and seq_num
    • [RANGER-818] - Fix XML indentation in pom files
    • [RANGER-819] - Allow pasting into password fields in Ranger web UI
    • [RANGER-822] - Add PMD maven plugin to keep source code analyzer run as part of verify process
    • [RANGER-827] - Use system supplied mechanism to get users and groups on unix
    • [RANGER-828] - Bump up Apache parent plugin version + fix scm tag value
    • [RANGER-832] - Bump plugin versions
    • [RANGER-833] - In Ranger UI add support for usernames containing a plus "+" symbol
    • [RANGER-839] - Update httpcomponent dependencies
    • [RANGER-842] - Allow PAM for authentication
    • [RANGER-845] - Replace StringBuffer with StringBuilder
    • [RANGER-857] - Unify (and update) Tomcat versions
    • [RANGER-889] - Policy engine API to find list of users/groups having access to a resource
    • [RANGER-897] - Change Apache DS tests to run on a random port
    • [RANGER-898] - Change Ranger's default value for LDAP User / Group Sync Case Conversion properties to "none"
    • [RANGER-913] - Improvements on Reports page in Ranger Admin
    • [RANGER-922] - Adding debug statement to identify build issue in build.apache.org
    • [RANGER-936] - Some junit related improvements
    • [RANGER-938] - Add NiFi service definition and NiFiClient
    • [RANGER-946] - Ranger UI : Add policy type filter to report page
    • [RANGER-948] - Cleanup test dependencies
    • [RANGER-949] - Some agents improvements
    • [RANGER-967] - Allow additional characters in username
    • [RANGER-970] - Ranger Usersync - Add Ability to transform user/group names to file source
    • [RANGER-978] - Usersync: Remove creation of default email address
    • [RANGER-985] - Support download csv in Reports page as enhancement
    • [RANGER-1005] - Add command line utility to change Ranger user password
    • [RANGER-1051] - Fall back to getting groups from user UGI in HBase plugin
    • [RANGER-1054] - Enhance column masking feature to support custom value/expression
    • [RANGER-1055] - Enhance column masking feature to support custom value/expression
    • [RANGER-1056] - Update to Hive 2.1.0
    • [RANGER-1065] - Need to change default audit retentions in Solr 3 months and do some performance tuning
    • [RANGER-1081] - Remove "Get Cluster Info / Get Nimbus Conf" from Admin UI permission list for Storm

    New Feature

    • [RANGER-526] - Provide REST API to change user role
    • [RANGER-652] - LDAP configuration tool
    • [RANGER-666] - Ranger to support Azure SQL Database
    • [RANGER-685] - Ranger Admin - Add Ability to Authenticate with Knox SSO provider
    • [RANGER-686] - Allow specifying keytabs in Ranger repositories
    • [RANGER-712] - Create a new project which can serve as a template to write ranger extensions
    • [RANGER-803] - Support multiple OU in LDAP search for Ranger usersync
    • [RANGER-867] - Add Kerberos support for ranger admin and clients
    • [RANGER-868] - Ranger-KMS - Luna HSM Integration
    • [RANGER-869] - Group Based search support for ranger usersync
    • [RANGER-873] - Ranger Policy model to support data masking
    • [RANGER-900] - Remove support for DB based auditing
    • [RANGER-908] - Ranger policy model to support row-filtering
    • [RANGER-909] - Ranger Hive plugin to support row-filtering

    Task

    • [RANGER-582] - How to create Service/Repo in RangerAdmin
    • [RANGER-597] - Troubleshooting UserSync in Ranger
    • [RANGER-806] - Ranger cli utility to delete users from Ranger DB
    • [RANGER-823] - Update the version number to 0.6.0 on the maven pom.xml files
    • [RANGER-881] - How to add Ranger authorization for an application? Sample
    • [RANGER-895] - Ranger Hive plugin to support column-masking
    • [RANGER-923] - Modify the current version to 0.6.0-SNAPSHOT instead of 0.6.0 (since it is not released yet)
    • [RANGER-959] - Update doc site with contributor list - based on JIRA system
    • [RANGER-966] - Add Apache licenses for .py files
    • [RANGER-1093] - Release Ranger 0.6.0

    Test

    • [RANGER-762] - Unit test for hive tag-policy fails
    • [RANGER-816] - Add unit tests for file-based tag enricher
    • [RANGER-830] - Unit test for verifying behaviour of "Exclude" setting in the Ranger Policy
    • [RANGER-841] - Remove deprecated junit.framework dependencies
    • [RANGER-1006] - Add tests for the HDFS plugin
    • [RANGER-1031] - Add tests for the HIVE plugin

    Wish

    • [RANGER-626] - Hdfs use in not showing in ranger console

 

 






  • No labels