Apache Ranger 0.5.0 has been released on June 10, 2015.
The following Apache JIRAs have been resolved in the Apache Ranger 0.5.0 Release:
New Features
- [RANGER-178] - Ranger to support authorization and auditing for Apache Solr
- [RANGER-179] - Argus/Ranger to support authorization and auditing for Apache Kafka
- [RANGER-202] - Ranger hbase authorization at namespace level
- [RANGER-203] - Framework to extend Ranger security to new components in a pluggable way
- [RANGER-246] - Add support for Authorization and Auditing of Apache Kafka
- [RANGER-247] - Provide scalable/HA Hadoop KMS to support Hadoop TDE
- [RANGER-248] - Add support for Authorization and Auditing of YARN resources
- [RANGER-250] - Create permission model to allow/disallow functionality within ranger-admin UI
- [RANGER-256] - Enable pluggable way to add context data to request
- [RANGER-278] - REST, Store: validation of policy/service/service-def
Improvement
- [RANGER-189] - Fix mail aliases on website
- [RANGER-190] - Can you fix your 0.4.0 release?
- [RANGER-212] - Ranger should support computing user group memberships by searching for users and groups
- [RANGER-213] - Implement init.d status
- [RANGER-226] - Support JDBC based SQL invocation for setup process
- [RANGER-237] - Ranger to work with HA enabled WebHDFS with automatic failover
- [RANGER-272] - Make the timeout interval and size of executor used by TimedEventUtil configurable
- [RANGER-273] - Use HDFS authorization plugin interface to enforce ranger policies
- [RANGER-276] - Add support for aggregating audit logs at source
- [RANGER-281] - Support Postgres database for storing ranger policy information
- [RANGER-282] - Support MS-SQLServer database for storing ranger policy information
- [RANGER-293] - add server side checks for HDFS Repo connection properties
- [RANGER-307] - Policy evaluation optimization: reorder policies and short-circuit evaluation
- [RANGER-314] - Remove custom class loader used by ranger admin for resource lookup
- [RANGER-327] - Modify pom.xml to ensure that no hard-coded versions for maven dependencies and library
- [RANGER-374] - ranger admin need to support AJP connector to work behind SSL enabled Apache Load Balancer
- [RANGER-382] - 0.5.0 release - Code Cleanup to add/modify license headers and unwanted comments
- [RANGER-397] - Implement reliable streaming audits to configurable destinations
- [RANGER-418] - Upgrade script from earlier version (0.4.*) to the current version (0.5.0)
- [RANGER-431] - consolidate all configurations into ranger-<component>-site.xml
- [RANGER-441] - Add ranger-util module to be part of Ranger on all platform
- [RANGER-483] - Store user credential in SHA256 hashed value instead of MD5
- [RANGER-485] - Provide user friendly text for HTTP response code in Audit->Plugins
- [RANGER-488] - Prior to 0.5.0 release - update ranger pom.xml with appropriate (dependent component) release versions.
Sub-task
- [RANGER-221] - enhance usersync setup.sh to support new config properties introduced by RANGER-212
- [RANGER-241] - ServiceStore implementation to support persistence in RDBMS
- [RANGER-257] - Create KMS module within Apache Ranger to run KMS using hadoop-common KMS
- [RANGER-258] - Create KeyProvider that works across multiple instances of KMS instances
- [RANGER-259] - Create a utility to import JavaKeyStore Provider .jks file keys into RANGER keystorage
- [RANGER-262] - Implement Kafka Provider for Ranger Audit
- [RANGER-263] - Packaging for KafkaProvider in plugins
- [RANGER-267] - Implement Solr Ranger Audit Provider
- [RANGER-268] - Implement DAO to access Solr
- [RANGER-286] - service validations: make components either completely stateless or stateful by moving ctor arguments around
- [RANGER-291] - make NameNodeURL non mandatory while creating HDFS repository
- [RANGER-292] - Allow updating a service's and policy's name and enforce name-uniqueness during their create/update
- [RANGER-299] - Service def validation: create/update/delete of service def should be validated.
- [RANGER-304] - All validations: review various string comparisons and change those that should be done in a case insensitive manner
- [RANGER-305] - Service: validate the recursiveSupported and excludesSupported values
- [RANGER-308] - Provide Auditing of policy updates in new Service Model
- [RANGER-354] - Policy validation: Prevent creation/update of policies for the same resource
- [RANGER-359] - Policy validation: resource uniqueness: store resource signature of a policy in database for faster check
- [RANGER-365] - Policy validation: only users with admin role can create excludes policies
- [RANGER-376] - Develop a pluggable authorization API for KMS
- [RANGER-412] - Packaging changes for Ranger KMS
- [RANGER-417] - UI support for Ranger KMS
- [RANGER-419] - Policy validation: Assign generated name to a policy if one isn't specified before policy validation logic
- [RANGER-437] - Policy validation: Creation of hive UDF policy fails
- [RANGER-444] - Service-def validation: Detect and flag illegal resource hierarchies
- [RANGER-459] - Service def: Resource or Config list that is empty or contains duplicates
- [RANGER-462] - Policy validation: policy resource conflict signature check should be intra-service
Bug
- [RANGER-82] - Add pom.xml exclusions
- [RANGER-99] - enabling argus hive agent should set doAs=false in hive-site.xml
- [RANGER-140] - Clean up for FindBugs reported issue - Set 1
- [RANGER-141] - Argus Wiki link returns "Not Found"
- [RANGER-145] - Static analysis problems reported related to null pointer
- [RANGER-160] - Add junits for HDFS URLBasedAuthDB - audit log enabled check
- [RANGER-167] - Add junits for HDFS URLBasedAuthDB - grant access check
- [RANGER-177] - usersync process should be modified to run as ranger just like policy admin tool
- [RANGER-181] - Move Argus Project documentation to be under the Argus REPO
- [RANGER-185] - Optimize database transaction usage in admin web application
- [RANGER-186] - Improve failure handling in usersync service
- [RANGER-187] - Script parsing install.properties fails if there is space in the name value pair. It should be resilient to such user errors.
- [RANGER-188] - Add LSB headers to Ranger init.d scripts
- [RANGER-192] - User Detail Page hangs if user has many groups
- [RANGER-193] - Allow user to be created without group association
- [RANGER-195] - Need to update Wiki link in Ranger web page
- [RANGER-196] - Rename project name from ARGUS to RANGER in podlings.xml (http://incubator.apache.org/)
- [RANGER-198] - XaAccessControlListsTest.java missing Apache copyright
- [RANGER-200] - Implement pagination on Analytics page
- [RANGER-204] - Not able to delete user or group if user/group has any policy defined.
- [RANGER-206] - Rename argus with ranger in .project file
- [RANGER-207] - Few files are still containing the term Argus in exceptions for output messages
- [RANGER-210] - Ranger service should tell it's Software verison
- [RANGER-214] - Fix init.d restart
- [RANGER-215] - ranger virtual package dependency broken
- [RANGER-220] - Mismatched Comment in VXPolicy class
- [RANGER-223] - Ranger admin can not access to mysql?
- [RANGER-224] - Ranger admin can not access to mysql?
- [RANGER-225] - Ranger-LookupResource and ValidateConfig implementation for all components in the new pluggable model
- [RANGER-230] - Change hbase plugin to use the new framework
- [RANGER-231] - Wiki Documentation of Update policy
- [RANGER-232] - Change Knox plugin to use the new framework
- [RANGER-234] - WIndows Unit Tests are failing due to crypto filepath error
- [RANGER-236] - Remove winpkg from apache code base
- [RANGER-238] - Range Hive plugin needs update for changes in HiveAuthorizer interface
- [RANGER-239] - Support JDBC based SQL invocation for setup process
- [RANGER-240] - Change Storm plugin to use the new framework
- [RANGER-243] - AsyncAuditProvider thread should exit without delay on shutdown
- [RANGER-244] - Provide support to Show/Hide Users
- [RANGER-260] - Remove all eclipse settings files from repo
- [RANGER-264] - Ranger Admin login page requests fail with 404
- [RANGER-265] - If Hive repository's connection is setup incorrectly then it can make policy manager unresponsive.
- [RANGER-275] - UI Enhancements for 0.5 release
- [RANGER-277] - Ranger Public API changes to use Service Model
- [RANGER-279] - Update stack model to support UI input validation
- [RANGER-280] - Add color scheme for "Http Response Code" under Audit --> Agents
- [RANGER-283] - Dirty form confirmation popup should have option to "Proceed Anyway"
- [RANGER-284] - Replace "Agents" with "Plugins" in Ranger Admin UI
- [RANGER-287] - Plugin policy download audit log shows empty "Agent Id" field
- [RANGER-288] - Replace references to "Agent" with "Plugin" in UI
- [RANGER-289] - Remove unused class ServiceStoreFactory
- [RANGER-294] - Update CredentialShell usage to support non-interactive mode
- [RANGER-295] - Update Ranger HDFS plugin for recent changes in FSPermissionChecker
- [RANGER-296] - Plugin installation fails with NoClassDefFoundError: org/apache/commons/io/Charsets
- [RANGER-297] - Assemble ranger-admin to have Service model ranger plugins jar for lookup and validate functionality
- [RANGER-300] - Provide migration patch to migrate old db data to new Pluggable Service Model
- [RANGER-302] - DBA Privilege separation in Ranger Installation
- [RANGER-306] - Grant/revoke does not generate audit log
- [RANGER-309] - HBase repository config missing "Common Name for Certificate"
- [RANGER-312] - Validation: Enhancements, improvements, deferred items
- [RANGER-313] - Ranger Admin to load plugin classes in a child class-loader to avoid potential library conflicts
- [RANGER-315] - Need to provide backward compatibility of ranger-admin start/stop to previous version
- [RANGER-316] - Find alternative for pNotify plugin
- [RANGER-318] - Not able to add user with only numbers
- [RANGER-319] - Replace setVersion.sh bash script with platform independent python script
- [RANGER-320] - Usersync NPE when object does not have userNameAttribute
- [RANGER-322] - RangerResource class rename, utility methods addition
- [RANGER-323] - Policy evaluation optimization: cache results of resource-match in policy
- [RANGER-326] - Display a RO view of policy from the Audit page
- [RANGER-328] - Ranger HDFS plugin fails with NPE
- [RANGER-329] - Agent Plugin is not copying db driver jar files
- [RANGER-330] - Show audit of policy updates for new Service Model
- [RANGER-331] - Fix static code analyzer issues
- [RANGER-333] - Update plugins to load config from earlier version, when new version configs are not available
- [RANGER-334] - KMS configuration files are stored with incorrect permission
- [RANGER-335] - High Impact defects uncovered by static analysis of code by Coverity
- [RANGER-336] - Audit log timestamp needs update to take tz offset into account
- [RANGER-337] - Allow using of hyphen or space in first/last name field
- [RANGER-338] - Potential NPE problems in admin
- [RANGER-339] - Several dead-code, potential NPE and incorrect use of iterator issues
- [RANGER-340] - Remove zookeeper library added by ranger
- [RANGER-342] - Bust JS cache during version change to fetch new files from server
- [RANGER-343] - parameterized storm version
- [RANGER-344] - Cleanup/fixes to comply with best practices
- [RANGER-345] - enable-agent.sh isn't a file
- [RANGER-346] - Service-def files update to use map for *Options fields, instead of a string with custom format
- [RANGER-347] - YARN Resource Lookup in Ranger Admin UI get stuck with spinner and doesn't bring result
- [RANGER-348] - Allow ranger admin install with JDK 1.8
- [RANGER-353] - Ranger installation should support multiple platforms
- [RANGER-355] - Test connection fails with SSL error when setting up knox repository
- [RANGER-357] - Update Ranger HDFS plugin to use HDFS Authorization API
- [RANGER-358] - Show previous/next version of policy in Policy View popup
- [RANGER-360] - Add delegated admin logic to new Service Model
- [RANGER-361] - Enabling SSL in ranger admin service should rely on SSLEnabled flag instead of SSL port number
- [RANGER-362] - hbase agent bundles httpclient and httpcore jar
- [RANGER-363] - hdfs agent bundles httpclient and httpcore jar
- [RANGER-364] - hive agent bundles httpclient and httpcore jar
- [RANGER-366] - Grant/revoke should authorize based on grantor's user-groups
- [RANGER-367] - hadoop-common now relies on the apache-htrace during runtime, the deployment fails with class not found
- [RANGER-369] - ranger agent connection to ssl enabled ranger admin fails
- [RANGER-370] - Default policy created for a new HDFS service should have isRecursive=true
- [RANGER-371] - Policy search does not filter based on resource values
- [RANGER-372] - Provide a set of REST APIs to access, modify and create Ranger Service Definitions, Services and Policies
- [RANGER-373] - Hive grant/revoke fails to generate audit log
- [RANGER-375] - Show better error messages during failed logins
- [RANGER-377] - Build breaks when JAVA LIBRARY_PATH has spaces in the directory
- [RANGER-378] - Update Policy call failing to update
- [RANGER-379] - Ranger 0.5.0 Build fails due to changes in HIVE API parameters - HIVE-10223
- [RANGER-380] - PublicAPI should support search for service and policy with non case sensitive serviceType
- [RANGER-383] - Add new column to track resource signature in policy table
- [RANGER-384] - Ranger hive lookup and test connection issue due to hive-jdbc.jar wrong version in ranger admin
- [RANGER-385] - Fixes and enhancements to Permissions Model
- [RANGER-386] - Update HBase plugin for recent changes in HBase (build fix)
- [RANGER-387] - gettter/setter inconsistent names - RangerServiceDef - setType()/getName()
- [RANGER-388] - Add Postgres 8 support to Ranger Admin
- [RANGER-389] - Redirect to login page on session timeout
- [RANGER-390] - Merge RangerPolicyDb implementation with RangerPolicyEngine
- [RANGER-391] - ServiceDBStore to preserve the order of resources/users/groups
- [RANGER-392] - Provide Update/Delete for ServiceDef Object
- [RANGER-393] - Getting Blank page after adding a new group
- [RANGER-394] - Resource Lookup classes are not being available as part of CLASSPATH
- [RANGER-395] - ranger-usersync - unable to start ranger authentication process due to incorrect unix permission
- [RANGER-396] - Policy create/update/delete fail to update service.policyVersion field
- [RANGER-399] - Testing connection at a Kerberized cluster
- [RANGER-400] - isRecursive match does not work correctly
- [RANGER-402] - Ranger Admin install fails if 'java' not in PATH
- [RANGER-403] - Repo version not getting set in some of the objects
- [RANGER-404] - HDFS plugin does not generate audit for failure in mkdir
- [RANGER-405] - Hbase: access by super users are is not audited
- [RANGER-407] - Policy Creation should set both Delegate Admin and Admin permission for Hbase when Admin Permission is true during policy creation
- [RANGER-408] - Website needs Incubator logo and disclaimer
- [RANGER-410] - Default audit handler set in BasePlugIn is lost after policy refresh
- [RANGER-421] - Streamline usersync process
- [RANGER-424] - YARN plugin packaging to be reviewed for list of included libraries
- [RANGER-425] - Junit failures: Two UserMgr tests are broken
- [RANGER-426] - Ranger KMS policy not matching the right resource name
- [RANGER-427] - UserSync Process didn't sync the group when groups are added to the user at later time
- [RANGER-429] - Add new role (KEY_ADMIN) for KMS permissions in Ranger Admin
- [RANGER-430] - Need additional database columns to support log aggregation at source
- [RANGER-432] - Rename RangerAuditHandler to RangerAccessResultProcessor
- [RANGER-433] - Hbase plugin: Update coprocessor classes in anticipation of changes to hbase MasterObserver interface
- [RANGER-434] - HBase revoke does not remove 'delegateAdmin' flag
- [RANGER-435] - Policy validation messes up the order of resources
- [RANGER-436] - Policy validation: policy item with empty accesses list is valid if delegated admin is true
- [RANGER-438] - Fix Ranger KMS installation after ranger-site changes
- [RANGER-439] - Ranger usersync installation script is failing with latest python script
- [RANGER-440] - Add credential updater file for updating credentials
- [RANGER-442] - KMS installation script not copying connector jar properly
- [RANGER-445] - java.lang.IncompatibleClassChangeError during ranger kms startup
- [RANGER-446] - Update earlier version public API to skip new service-types and their policies
- [RANGER-447] - Ranger UserSync Process - startup is not sending the credential for keystore on subsequent setup ...
- [RANGER-448] - HBase fix for scan tables issue, HBASE-13482, should be applied in Ranger HBase plugin
- [RANGER-449] - Policy update via previous version public API fails for HBase/Hive/Knox/Storm
- [RANGER-450] - ranger_install.py needs to be updated for latest ranger-admin-site.xml changes
- [RANGER-451] - Multiple user module bug fixes
- [RANGER-452] - Ranger KMS config folder changes
- [RANGER-453] - Change db flavor input parameter value from SQLSERVER to MSSQL
- [RANGER-454] - Default policy created for a new KMS service should grant access to public group
- [RANGER-455] - Resource match should be case-sensitive for HDFS/HBase/Knox/Storm/YARN
- [RANGER-457] - Active Directory Authentication should authenticate on sAMAccountName attribute
- [RANGER-460] - Users / Groups Get and Set Visibility rest api should be allowed only for users with admin role.
- [RANGER-461] - Fix source files without having Apache License headers
- [RANGER-464] - Make hbase.rpc.protection value to be lower case
- [RANGER-465] - Fix Ranger config migration script
- [RANGER-466] - PolicyRefresher should timeout when Ranger Admin is non responsive and should use local cache for policy enforcement if present.
- [RANGER-468] - Audit logs should use "ranger-acl" as enforcer instead of "xasecure-acl"
- [RANGER-469] - HiveServer2 configuration directory needs to be updated
- [RANGER-470] - Rename attribute "id" of *Def objects to "itemId" - to avoid confusion with DB object id
- [RANGER-471] - Credential helper script should be bundled with plugins
- [RANGER-472] - KMS enhancements
- [RANGER-473] - usersync setup process - JAVA_HOME/bin should be part of PATH
- [RANGER-474] - Ranger usersync should instantiate the right class based on SYNC_SOURCE
- [RANGER-475] - HBase Agent : Potential Concurrent Data Access, Null Pointer Exception, API usage errors, and other miscellaneous defects found by static analysis of codebase
- [RANGER-476] - ServiceName should be used in Lookup Connection cache in Connection Manager instead of ServiceType as we can have multiple Services for same service type
- [RANGER-477] - HiveAgent: Potential Concurrent Data Access, Null Pointer Exception, API usage errors, and other miscellaneous defects found by static analysis of codebase
- [RANGER-478] - Audit logs for grant/revoke do not have IP address
- [RANGER-479] - PolicyEngine interface to be trimmed for better abstraction; cleanup ServiceStore hierarchy to remove move predicate util methods
- [RANGER-481] - Credential helper script should use java from defined JAVA_HOME
- [RANGER-482] - HDFS plugin denies access even when policy exists to allow the access
- [RANGER-484] - Provide ability to have LDAP attribute "referral" in config
- [RANGER-486] - Add index for the new column `resource_signature` in table `x_policy`.
- [RANGER-487] - Fix pagination issues in analytics page
- [RANGER-489] - Revise Ranger Menu UI
- [RANGER-490] - Revise Ranger Menu UI
- [RANGER-491] - Revise Ranger Menu UI
- [RANGER-492] - New LDAP/AD properties should be available during install in windows
- [RANGER-493] - Fix KMS dba script to work from non-install dir
- [RANGER-494] - Coverity scan issue about toString returning null
- [RANGER-495] - Coverity Scan for Apache Ranger : - Null pointer issue on KnoxClient lookup manager
- [RANGER-496] - Fix build failure due to Kafka API change
- [RANGER-497] - Caught `Null Pointer Exception` while reading service-def without logged in.
- [RANGER-498] - Ranger KMS needs credential_help.py during setup process - which is missing
- [RANGER-499] - Ranger-KMS policy creation fail's with User 'keyadmin' does not have delegated-admin privilege on given resources when installed manually
- [RANGER-501] - Need solr audit connectivity properties on the rangeradmin
- [RANGER-502] - To support easier extension/enhancement, provide abstract implementation for interfaces ConditionEvaluator/ContextEnricher/ResourceMatcher; also should support parameterless init
- [RANGER-503] - Ranger admin start failed on Suse 11
- [RANGER-504] - KMS repo URL needs to handle multiple KMS instances
- [RANGER-505] - Fix column length for Service def config field
- [RANGER-506] - Update password script should update the right config file
- [RANGER-507] - Resource-match logic to be moved out of policy-evaluator for reuse
- [RANGER-508] - Knox server can't come up after Ranger plugin is installed due to jar conflicts
- [RANGER-509] - KMS keys listing throws authentication required error in secure cluster
- [RANGER-510] - Client IP not getting populated for KMS in audit
- [RANGER-511] - Client IP not getting populated for KMS in audit
- [RANGER-512] - Policy creation should fail if any user/group specified does not exist in Ranger
- [RANGER-514] - Solr audit not working in KMS plugin
- [RANGER-515] - Policy Listing/Permission Listing page doesn't show groups for users/groups when the user belongs to large number of groups
- [RANGER-516] - Implement Scope and Restriction of users having KEY_ADMIN Role
- [RANGER-517] - When login into Policy Admin Tool using Unix User Credential, it is not working
- [RANGER-518] - [rolling downgrade] - disable SHA256 hashing of password to provide a way to test rolling downgrade of ranger admin downgrade
- [RANGER-519] - Access Audit filtering does not work for servicename
- [RANGER-520] - When getting Keys from a clustered kms servers, stale key list is returned
- [RANGER-522] - Update YARN service-def to remove ip-custom-condition
- [RANGER-523] - Update embedded service-def creation sequence and other misc fixes
- [RANGER-525] - Use JDK class for Key Protection instead of having own classes
- [RANGER-526] - Provide REST API to change user role
- [RANGER-527] - System should preserve Service-def ID if it's given at the time of creating
- [RANGER-528] - System should preserve Service-def ID if it's given at the time of creating
- [RANGER-530] - Access-type "all" should imply rest of the permissions in Hive
- [RANGER-531] - Legacy plugins unable to download policies
- [RANGER-534] - Upgrade does not migrate some policies
- [RANGER-536] - Test connection fails with SSL error when setting up knox repository
- [RANGER-537] - service-def create fails when ID is not specified
- [RANGER-538] - Error messages shown in Ranger Admin lack details
- [RANGER-540] - Disable JPA cache to support ranger-admin in HA deployment
- [RANGER-543] - RangerTimeOfDataMatcher condition to support time ranges that span across midnight
- [RANGER-546] - Custom condition evaluation issues
Task
- [RANGER-233] - Update the version number on the pom.xml to be 0.5.0
- [RANGER-242] - Ranger config migration script
- [RANGER-317] - ranger-usersync setup fails with NoClassDefFoundError
- [RANGER-351] - Update HBase plugin to use HBase version 1.1 (from 0.99.2)
- [RANGER-352] - To facilitate update of service-def, add ID attribute to contained objects
- [RANGER-480] - Need access control on REST API based on permission model
- [RANGER-194] - Rename packages from xasecure to apache ranger
Test
- [RANGER-245] - Strom plugin test connection failed