This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree
Skip to end of metadata
Go to start of metadata

Apache Ranger 0.7.0 consists of improvments and bug-fixes listed as below:

Bug

  • [RANGER-381] - Not able to create group with dot character
  • [RANGER-655] - Review DB schema for max key length restrictions - MySQL
  • [RANGER-916] - Please delete old releases from mirroring system
  • [RANGER-1090] - Revoke command with grant option does not disable delegated admin permission for users/groups in the corresponding policy
  • [RANGER-1094] - One way SSL (when Kerberos is enabled) for Ranger and its plugins
  • [RANGER-1095] - Invert authorization logic in RangerSolrAuthorizer
  • [RANGER-1096] - Revert to jceks scheme for credential store related operations
  • [RANGER-1097] - Ranger KMS Plugin should not fails to download policy when UGI ticket expires
  • [RANGER-1099] - keyadmin user is not able to create service/repo using public apis
  • [RANGER-1100] - Hive authorizer does not block update when row-filter/column-mask is specified on the table for the user
  • [RANGER-1101] - jceks keystore is not created successfully after enabling ssl for atlas ranger plugin
  • [RANGER-1103] - Build fails due to missing "security/pam_appl.h"
  • [RANGER-1104] - Ranger PolicyRefresher failed to refresh policies causing AccessDeniedException in HBase
  • [RANGER-1105] - Ranger should provide configuration to do hdfs audit file roll over at absolute time
  • [RANGER-1106] - issue after upgrade on ranger hive policy page
  • [RANGER-1107] - Performance trace to measure policy download performance in plugins
  • [RANGER-1109] - Address IPMC feedback raised during Ranger 0.6.0 release
  • [RANGER-1111] - Enhancements to the db admin setup scripts.
  • [RANGER-1113] - Ranger Hive authorizer update to get query string from HiveConf.
  • [RANGER-1114] - Nimbus, Storm UI server stopped after disabling ranger plugins
  • [RANGER-1115] - URLEncode and URLDecode methods are mismatch on usersync and admin
  • [RANGER-1116] - Ranger HivePluginUnitTest fails due to Hive Metastore version check
  • [RANGER-1119] - Exclude test jars from ranger-admin plugin folder as dependency
  • [RANGER-1120] - Need a java patch to handle upgrade of hive servicedef
  • [RANGER-1121] - resources doesnt shows up on ranger UI
  • [RANGER-1123] - keyadmin user is not able to make getservice call using rest api service/public/v2/api/service/name
  • [RANGER-1124] - Good coding practices in Ranger recommended by static code analysis
  • [RANGER-1125] - Update Ranger tagsync should handle entity status field in Atlas notifications
  • [RANGER-1126] - Authorization checks for non existent file/directory should not be recursive in Ranger Hive authorizer
  • [RANGER-1128] - Data Masking label changes for ranger policies
  • [RANGER-1131] - Add trace message if audit event is failed to log.
  • [RANGER-1132] - Ranger Storm Plugin should include commons-codec jar as a dependency
  • [RANGER-1134] - Audit to Secure solr fails in case of Ranger Knox Plugin due to MDC context issue
  • [RANGER-1135] - secure api is not used to download the policies for knox
  • [RANGER-1136] - Ranger audit to HDFS fails with TGT errors in Ranger HiveServer2 plugin when UGI -TGT expires in audit thread
  • [RANGER-1139] - Ranger Kafka Plugin should include commons-codec jar as a dependency
  • [RANGER-1141] - Null pointer exception while retrieving the key during copy file
  • [RANGER-1143] - tagsync - needs additional cred lib support for running in HTTPS mode
  • [RANGER-1147] - Knox repository test connection is failing
  • [RANGER-1148] - Ranger needs to map Storm ACL- debug, setLogConfig , getLogConfig to getTopologyInfo
  • [RANGER-1149] - Label spelling correction
  • [RANGER-1150] - Optimize comments in install.properties
  • [RANGER-1153] - Ranger HivePluginUnitTest improvements to avoid build failure
  • [RANGER-1155] - Good coding practices in Ranger : Potential performance/correctness issues uncovered by static code analysis
  • [RANGER-1156] - Audit migration script from DB to Solr cloud failing
  • [RANGER-1160] - Ranger installation is failing for MSSQL db flavor
  • [RANGER-1161] - Policy engine optimization: use prefix filter to reduce number of policies evaluated
  • [RANGER-1162] - Tag lookup optimization: use prefix lookup to reduce number of evaluators attempted
  • [RANGER-1166] - Auto complete wait time needs to be increased on Ranger UI
  • [RANGER-1167] - Ranger admin UI loading issues in Internet Explorer
  • [RANGER-1169] - The global audit settings specified by Ranger configuration parameter values should always be honored by the plug-ins.
  • [RANGER-1170] - Improvement of Unit Test coverage in Ranger
  • [RANGER-1171] - Invert authorization logic in RangerKafkaAuthorizer
  • [RANGER-1173] - Improve Ranger database schema import logic and make it more robust
  • [RANGER-1175] - Create policy fails for updated servicedef
  • [RANGER-1181] - HDFS Plugin does not allow removal of a non-empty directory if the directory is allowed to be removed by HDFS, but the file inside the directory is allowed to be removed by Ranger
  • [RANGER-1183] - The code in the file YarnClient.java has variable naming errors
  • [RANGER-1184] - Ranger compiler failed under Windows
  • [RANGER-1185] - If cred.jceks is of zero length it should be rebuilt
  • [RANGER-1187] - In pamCredValidator.c, pam_end() is not called if authentication fails
  • [RANGER-1189] - Enhance and provide APIs to getAllpolicies with different filter options
  • [RANGER-1190] - User has access to a database via tag-based policy - but 'show databases' does not include the database
  • [RANGER-1191] - if ranger admin is down and users are not syncd then there is no retry for those users
  • [RANGER-1192] - Ranger PID file not being read if a custom location is provided
  • [RANGER-1196] - Wrong method name in the printed error message
  • [RANGER-1206] - Modifications to install scripts to skip checking of DB and java patches in each install
  • [RANGER-1207] - Good coding practices as recommended by static code analysis
  • [RANGER-1209] - Good coding practices as recommended by static code analysis
  • [RANGER-1210] - update RangerHivePlugin grant/revoke to treat insert/delete as update permission
  • [RANGER-1213] - No check for wrong ROLEs set on a user
  • [RANGER-1214] - Export/Import of policies in Ranger
  • [RANGER-1215] - Add joda-time library to list of libraries packaged with tagsync
  • [RANGER-1216] - Ranger Audit framework fails to audit to keberized + SSL enabled Solr
  • [RANGER-1218] - Allow numeric value in name fields of Ranger users
  • [RANGER-1222] - Unit test failure in TestDefaultPolicyResourceMatcher (Java 8)
  • [RANGER-1223] - Ranger doesn't have the correct error message when audit configuration file is not present
  • [RANGER-1224] - Changed PermissionList in order to accommodate user names containing commas. Specifically, DNs are the use case.
  • [RANGER-1225] - Unit tests for Ranger Hive Policies
  • [RANGER-1229] - RangerResourceMatcher for Hdfs and Yarn resources does not correctly handle policy containing only one resource whose value is "*"
  • [RANGER-1232] - Spelling error for StromTopologyName, should be StormTopologyName
  • [RANGER-1237] - Ranger permissions do not load when there are bulk users
  • [RANGER-1238] - Update library versions in tagsync to keep in-sync with Atlas
  • [RANGER-1239] - hbase policy created as a result of hbase grant request does not allow dropping the namespace for the grantee user
  • [RANGER-1240] - Remove tab characters from README.md
  • [RANGER-1241] - PID file generation improvement
  • [RANGER-1242] - Create storm service with error configurations, test connection should not be successful.
  • [RANGER-1243] - One failed embedded ServiceDef creating prevent any service from being created in Ranger.
  • [RANGER-1244] - Clarify in the process of accepting patches to ranger in README so github users are not confused.
  • [RANGER-1245] - Ranger UI group name limitation (32 characters in UI)
  • [RANGER-1246] - Update UI hints for wildcards in search filters
  • [RANGER-1248] - for Knox policy activation time is 0
  • [RANGER-1249] - Ranger admin service should run with UTC default timezone

  • [RANGER-1250] - If non-existing access-permissions are added through curl then permission module shows loading icon.
  • [RANGER-1251] - when there is not tag based service associated with a reosurce based service then also it shows active and downloaded tag timestamp
  • [RANGER-1253] - UI error when a special character is entered for a username in the admin webapp
  • [RANGER-1254] - HiveAuthorizer should deny access to URI operations if there are any exceptions
  • [RANGER-1255] - Policy engine initialization must be resilient to invalid values in the downloaded policies JSON
  • [RANGER-1256] - Ranger Plugin Status does not display IP address of plugin if Ranger is in HA mode
  • [RANGER-1257] - Spelling error for "redireting" in the knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java. "redirecting" instead of "redireting".
  • [RANGER-1258] - Spelling error for "Storm" in the knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java. "Knox" instead of "Storm".
  • [RANGER-1259] - Improve ChangePassword utility and make it idempotent for default password change request
  • [RANGER-1261] - Fix path matching inconsistencies and wildcard treatment
  • [RANGER-1263] - Spelling error for "RangerHdfsPluing" in the ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java. "RangerHbasePlugin" instead of "RangerHdfsPluing".
  • [RANGER-1264] - Spelling error for "Pluing" in the agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfiguration.java. "Plugin" instead of "Pluing".
  • [RANGER-1265] - Spelling error for "RangerHdfsPluing" in the ranger-hdfs-plugin-shim/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java. "RangerHdfsPlugin" instead of "RangerHdfsPluing".
  • [RANGER-1266] - Spelling error for "RangerYarnPluing" in the ranger-yarn-plugin-shim/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java. "RangerYarnPlugin" instead of "RangerYarnPluing".
  • [RANGER-1267] - Spelling error for "RangerKafkaPluing" in the ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java. "RangerKafkaPlugin" instead of "RangerKafkaPluing".
  • [RANGER-1268] - Spelling error for "RangerAtlasPluing" in the ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java. "RangerAtlasPlugin" instead of "RangerAtlasPluing".
  • [RANGER-1269] - Make MiscUtil.getGroupsForRequestUser more robust
  • [RANGER-1270] - IndexOutOfBoundsException when test connection in Ranger-Solr-Plugin
  • [RANGER-1272] - The program doesn't check the RANGER_PID_DIR_PATH variables corresponding to the path in ranger-admin-services.sh file. The "echo $VALUE_OF_PID > ${pidf}" failed when the path doesn't exist.
  • [RANGER-1274] - Do some improvement for the error message in org.apache.ranger.biz.UserMgr.java file: add space between the sentences.
  • [RANGER-1275] - At the beginning of the security-admin/scripts/setup.sh file there are three logical errors.
  • [RANGER-1276] - User/Group search is failing due to encoding issues
  • [RANGER-1278] - Allow LDAP authentication without configuring group information
  • [RANGER-1279] - Make static variable RangerCSRFPreventionFilter.IS_CSRF_ENABLED private
  • [RANGER-1280] - Currently the ranger-admin will be aborted and couldn't find any error messages in log file when the exception occured. We should get the default value instead of aborted and record the error log.
  • [RANGER-1281] - Provide option to filter KMS audits in Access Tab
  • [RANGER-1282] - Good coding practice in Ranger recommended by static code analysis
  • [RANGER-1284] - Comment lines have not been filtered out when the populate_global_dict function parsed install.properties in security-admin/scripts/db_setup.py.
  • [RANGER-1285] - ranger admin support storm HA
  • [RANGER-1290] - There was a logical error in parsing the configuration file when executing the database script.
  • [RANGER-1291] - export the polcies is failing due to 401 ERROR
  • [RANGER-1292] - issue with downloading the policies for non admin user
  • [RANGER-1293] - There were logic errors in create_rangerdb_user and grant_xa_db_user function.
  • [RANGER-1295] - Add-ons to support WASB in Ranger Authorization Model
  • [RANGER-1296] - Rename usersync unit tests to be uniform with other unit tests naming
  • [RANGER-1297] - Provide correct Ranger HiveAccessControlException message for DESCRIBE <TABLE> when authorization fails due to lack of SELECT on all columns
  • [RANGER-1303] - Ranger Knox lookup for service fails with null result
  • [RANGER-1304] - Analytics Metric for Ranger usage
  • [RANGER-1305] - If servicedef has blank configs : UI doesn't allow to add any configs to services of that servicedef
  • [RANGER-1306] - Exception logs were not logged in authenticate function for RangerAuthenticationProvider.java
  • [RANGER-1307] - Enable Deny and Exclusions conditions in Ranger Policies for WASB service-def
  • [RANGER-1308] - Remove DEFAULT CHARSET 'latin1' from ranger db schema script to enable support of unicode or any other charset
  • [RANGER-1311] - Ranger UI changes to support non-US characters in username related fields
  • [RANGER-1312] - The SYNC_SOURCE atribute only supports unix and ldap for ranger usersync at present, it's default value should be unix. Current the installation process directly exited because of using default configuration
  • [RANGER-1313] - Fix issue found during coverity scan in one of the ranger usersync unit tests.
  • [RANGER-1315] - [export/import] if input file content is not valid for import then it does not give proper error, it gives null pointer exception in logs
  • [RANGER-1316] - Ranger-Admin enable security mode should not depend on configuration logdir
  • [RANGER-1317] - There are two defects in install scripts for ranger usersync process
  • [RANGER-1319] - inconsistency in adding user to the DB table
  • [RANGER-1320] - Ranger Hive Plugin Exception message correction
  • [RANGER-1324] - Analytics Metric for Ranger KMS usage
  • [RANGER-1325] - Usernames starting with _ not allowed
  • [RANGER-1328] - Test connection on tag service always returns 'connection failed'
  • [RANGER-1329] - Update Ranger plugin handling of service-not-found error
  • [RANGER-1330] - When report exported in CSV format we get one random data in ID field
  • [RANGER-1332] - Ranger TLP : Source Code / Script changes
  • [RANGER-1333] - Enable Incremental Sync by default when sync source is ldap for fresh install of ranger usersync
  • [RANGER-1334] - Good coding practices in Ranger Usersync
  • [RANGER-1335] - Solr for Audit Setup breaks Solr versions 5.5 and above
  • [RANGER-1336] - audit based policy that has no policy item are not exported in CSV file
  • [RANGER-1338] - Ranger Plugin failed to download policy when JaasConfig alone is used to set the UGI instead of Principal/Keytab
  • [RANGER-1341] - Use credential provider files to store passwords rather storing them in config file in clear text format
  • [RANGER-1342] - Hive test connection is not working
  • [RANGER-1343] - in Action type filter EXPORT/IMPORT related actions are not available eg. EXPORT_JSON,IMPORT_JSON
  • [RANGER-1344] - The default sync interval is not enforced correctly for ranger usersync when sync source is AD/LDAP
  • [RANGER-1345] - User group memberships are not updated properly in Ranger with Incremental LDAP/AD sync
  • [RANGER-1349] - Code block was iterated four times, in fact it should only be executed once during initializing InitD for ranger usersync process
  • [RANGER-1352] - few cases where even if JSON is invalid then also message appears IMPORTED SUCCSSFULLY
  • [RANGER-1353] - NameRules should be set to the default value in Kerberized Environment
  • [RANGER-1355] - Ranger HiveAuthorizer should check for ALTER permission for MSCK command while authorizing.
  • [RANGER-1356] - The installer does not filter out comments lines for the configuration file when installing the Ranger UserSync Process and tagsync
  • [RANGER-1357] - tag objects are not removed when attempting a full sync with Atlas tags
  • [RANGER-1359] - Remove unnecessary spring dependency
  • [RANGER-1361] - RangerHDFSPlugin audits for Ancestor, Sub level and parent access doesn't have the correct accessType
  • [RANGER-1362] - The installer of the usersync and unixauthservice can be executed when JAVA_HOME environment variable was set empty. The result is that there are many errors when installing UserSync and unixauthservice. We should handle the exception as well as tagsync.
  • [RANGER-1363] - BadCredentialsException when login
  • [RANGER-1365] - Modify Ranger Hbase Plugin ColumnIterator to use Cell instead of KeyValue (to avoid ClassCastException in certain cases)
  • [RANGER-1366] - Plugin-status page shows incorrect last-update time
  • [RANGER-1367] - No log was logged when some errors occurred in classes for the Unix Authentication Service.
  • [RANGER-1375] - HIVERangerAuthorizerTest UT fails intermittently
  • [RANGER-1379] - Good coding practice for concurrent modification
  • [RANGER-1380] - not able to delete group that is having special character from ranger admin
  • [RANGER-1381] - Add hadoop-common.jar as dependency to ranger-hive-utils package to avoid build failure
  • [RANGER-1382] - Good coding practice in Ranger recommended by static code analysis
  • [RANGER-1389] - ranger tagsync doesn't start when you create a truststore for it
  • [RANGER-1391] - Error occurred when use EndDate as Search Filter in Audit Access WebPage

Improvement

  • [RANGER-696] - Option to use custom "admin" username
  • [RANGER-698] - Ranger policy should support variables like $user
  • [RANGER-1044] - Keystore/Truststore SSL password configuration options do not work
  • [RANGER-1112] - Remove "Empty" PMD restrictions
  • [RANGER-1118] - Consolidate on a single Hadoop version
  • [RANGER-1122] - Remove ranger_solrj module
  • [RANGER-1129] - Ability to specify 'audit all accesses' via Ranger admin configuration
  • [RANGER-1145] - Policy engine optimization: convert wildcard matches into prefix and suffix match
  • [RANGER-1146] - Policy engine optimization: dynamic reordering of policy evaluation order
  • [RANGER-1163] - Remove some of the "basic" PMD restrictions
  • [RANGER-1164] - Remove PMD "unused" restrictions
  • [RANGER-1172] - Update Storm to 1.0.2 + re-enable the tests
  • [RANGER-1177] - Ranger tagsync to support Atlas notification for HDFS path
  • [RANGER-1182] - remove code duplication from PrivilegedAction handling
  • [RANGER-1195] - Ranger should allow for "Show Columns" and "describe" on tables where user access is limited to a subset of columns.
  • [RANGER-1197] - Provide API to get policyVersion in use by Ranger plugins
  • [RANGER-1199] - Optimize tag-download to include only tags that have policies
  • [RANGER-1201] - support yarn HA V2
  • [RANGER-1208] - Optimize tag enricher for requests containing empty resource
  • [RANGER-1211] - Improve Ranger Usersync to sync AD/LDAP users and/or groups incrementally.
  • [RANGER-1227] - UI hints for Audit search for Ranger Audit Logs & Policy Search on Policy Listing Page
  • [RANGER-1230] - Policy versions in use for each Ranger plugin
  • [RANGER-1233] - TagSync to support Atlas notifications for HBase, Kafka entities
  • [RANGER-1262] - Setting up database on MacOS is not working
  • [RANGER-1287] - Remove code duplication from Java method EmbeddedServer.start()
  • [RANGER-1288] - Add SSL enabled MySQL support in Ranger Admin
  • [RANGER-1302] - Support FILENAME and BASE_FILENAME tokens for HDFS plugin
  • [RANGER-1309] - Check for header first in RangerCSRFPreventionFilter
  • [RANGER-1310] - Ranger Audit framework enhancement to provide an option to  allow audit records to be spooled to local disk first before sending it to destinations
  • [RANGER-1314] - Ranger enhancement to support authorization of namespace operations
  • [RANGER-1327] - Print details of any exception thrown when instantiating a custom Ranger condition evaluator
  • [RANGER-1347] - The AtlasClient should fall back to the plain password if the password decryption fails
  • [RANGER-1350] - Generic types are not used correctly
  • [RANGER-1351] - loggers should be "private final static" fields

New Feature

  • [RANGER-1200] - Ranger policies should support notion of OWNER user
  • [RANGER-1271] - RANGER-ATLAS testConnection feature

Task

  • [RANGER-1110] - Update doc pom.xml with team updates ...
  • [RANGER-1159] - fix Apache v2 license in the NOTICE file - based on suggestions from Justin McLean during IPMC review of 0.6.1 release ...
  • [RANGER-1228] - Remove unused TagFileStore, ServiceFileStore and ServiceRESTStore classes and unused Store APIs from Ranger codebase
  • [RANGER-1394] - Ranger Release of 0.7.0

Test

 









  • No labels