Versions Compared

Old Version 1

changes.mady.by.user Selvamohan Neethiraj

Saved on

compared with

New Version 2

changes.mady.by.user Bosco

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following Apache JIRAs have been resolved in the Apache Ranger 0.5.0 Release:

...

New Features

  • [RANGER-221178] - enhance usersync setup.sh to support new config properties introduced by RANGER-212Ranger to support authorization and auditing for Apache Solr
  • [RANGER-241179] - ServiceStore implementation to support persistence in RDBMSArgus/Ranger to support authorization and auditing for Apache Kafka
  • [RANGER-257202] - Create KMS module within Apache Ranger to run KMS using hadoop-common KMSRanger hbase authorization at namespace level
  • [RANGER-258246] - Create KeyProvider that works across multiple instances of KMS instancesAdd support for Authorization and Auditing of Apache Kafka
  • [RANGER-259247] - Create a utility to import JavaKeyStore Provider .jks file keys into RANGER keystorageProvide scalable/HA Hadoop KMS to support Hadoop TDE
  • [RANGER-262248] - Implement Kafka Provider for Ranger AuditAdd support for Authorization and Auditing of YARN resources
  • [RANGER-263] - Packaging for KafkaProvider in plugins250] - Create permission model to allow/disallow functionality within ranger-admin UI
  • [RANGER-267] - Implement Solr Ranger Audit Provider[RANGER-268] - Implement DAO to access Solr278] - REST, Store: validation of policy/service/service-def

Improvement

  • [RANGER-286] - service validations: make components either completely stateless or stateful by moving ctor arguments around189] - Fix mail aliases on website
  • [RANGER-291] - make NameNodeURL non mandatory while creating HDFS repository190] - Can you fix your 0.4.0 release?
  • [RANGER-292] - Allow updating a service's and policy's name and enforce name-uniqueness during their create/update212] - Ranger should support computing user group memberships by searching for users and groups
  • [RANGER-299213] - Service def validation: create/update/delete of service def should be validated.Implement init.d status
  • [RANGER-304] - All validations: review various string comparisons and change those that should be done in a case insensitive manner226] - Support JDBC based SQL invocation for setup process
  • [RANGER-237] - Ranger to work with HA enabled WebHDFS with automatic failover
  • [RANGER-305272] - Service: validate the recursiveSupported and excludesSupported valuesMake the timeout interval and size of executor used by TimedEventUtil configurable
  • [RANGER-308] - Provide Auditing of policy updates in new Service Model273] - Use HDFS authorization plugin interface to enforce ranger policies
  • [RANGER-354] - Policy validation: Prevent creation/update of policies for the same resource276] - Add support for aggregating audit logs at source
  • [RANGER-359281] - Policy validation: resource uniqueness: store resource signature of a policy in database for faster checkSupport Postgres database for storing ranger policy information
  • [RANGER-365282] - Policy validation: only users with admin role can create excludes policies[RANGER-376] - Develop a pluggable authorization API for KMSSupport MS-SQLServer database for storing ranger policy information
  • [RANGER-412293] - Packaging changes for Ranger KMSadd server side checks for HDFS Repo connection properties
  • [RANGER-417] - UI support for Ranger KMS307] - Policy evaluation optimization: reorder policies and short-circuit evaluation
  • [RANGER-419] - Policy validation: Assign generated name to a policy if one isn't specified before policy validation logic314] - Remove custom class loader used by ranger admin for resource lookup
  • [RANGER-437] - Policy validation: Creation of hive UDF policy fails[RANGER-444] - Service-def validation: Detect and flag illegal resource hierarchies327] - Modify pom.xml to ensure that no hard-coded versions for maven dependencies and library
  • [RANGER-459] - Service def: Resource or Config list that is empty or contains duplicates374] - ranger admin need to support AJP connector to work behind SSL enabled Apache Load Balancer
  • [RANGER-462] - Policy validation: policy resource conflict signature check should be intra-service

Bug

  • 382] - 0.5.0 release - Code Cleanup to add/modify license headers and unwanted comments
  • [RANGER-397] - Implement reliable streaming audits to configurable destinations
  • [RANGER-418] - Upgrade script from earlier version (0.4.*) to the current version (0.5.0)
  • [RANGER-431] - consolidate all configurations into ranger-<component>
  • [RANGER-82] - Add pom.xml exclusions
  • [RANGER-99] - enabling argus hive agent should set doAs=false in hive-site.xml
  • [RANGER-140441] - Clean up for FindBugs reported issue - Set 1Add ranger-util module to be part of Ranger on all platform
  • [RANGER-141] - Argus Wiki link returns "Not Found"483] - Store user credential in SHA256 hashed value instead of MD5
  • [RANGER-145] - Static analysis problems reported related to null pointer485] - Provide user friendly text for HTTP response code in Audit->Plugins
  • [RANGER-160] - Add junits for HDFS URLBasedAuthDB - audit log enabled check488] - Prior to 0.5.0 release - update ranger pom.xml with appropriate (dependent component) release versions.

Sub-task

  • [RANGER-167] - Add junits for HDFS URLBasedAuthDB - grant access check221] - enhance usersync setup.sh to support new config properties introduced by RANGER-212
  • [RANGER-177241] - usersync process should be modified to run as ranger just like policy admin toolServiceStore implementation to support persistence in RDBMS
  • [RANGER-181257] - Move Argus Project documentation to be under the Argus REPO[RANGER-185] - Optimize database transaction usage in admin web applicationCreate KMS module within Apache Ranger to run KMS using hadoop-common KMS
  • [RANGER-186] - Improve failure handling in usersync service258] - Create KeyProvider that works across multiple instances of KMS instances
  • [RANGER-187259] - Script parsing install.properties fails if there is space in the name value pair. It should be resilient to such user errors.Create a utility to import JavaKeyStore Provider .jks file keys into RANGER keystorage
  • [RANGER-188262] - Add LSB headers to Ranger init.d scriptsImplement Kafka Provider for Ranger Audit
  • [RANGER-192263] - User Detail Page hangs if user has many groupsPackaging for KafkaProvider in plugins
  • [RANGER-193267] - Allow user to be created without group associationImplement Solr Ranger Audit Provider
  • [RANGER-195268] - Need to update Wiki link in Ranger web pageImplement DAO to access Solr
  • [RANGER-196286] - Rename project name from ARGUS to RANGER in podlings.xml (http://incubator.apache.org/)service validations: make components either completely stateless or stateful by moving ctor arguments around
  • [RANGER-198291] - XaAccessControlListsTest.java missing Apache copyrightmake NameNodeURL non mandatory while creating HDFS repository
  • [RANGER-200] - Implement pagination on Analytics page[RANGER-203] - Framework to extend Ranger security to new components in a pluggable way292] - Allow updating a service's and policy's name and enforce name-uniqueness during their create/update
  • [RANGER-204299] - Not able to delete user or group if user/group has any policy definedService def validation: create/update/delete of service def should be validated.
  • [RANGER-206] - Rename argus with ranger in .project file304] - All validations: review various string comparisons and change those that should be done in a case insensitive manner
  • [RANGER-207305] - Few files are still containing the term Argus in exceptions for output messagesService: validate the recursiveSupported and excludesSupported values
  • [RANGER-210] - Ranger service should tell it's Software verison308] - Provide Auditing of policy updates in new Service Model
  • [RANGER-214] - Fix init.d restart354] - Policy validation: Prevent creation/update of policies for the same resource
  • [RANGER-215] - ranger virtual package dependency broken[RANGER-220] - Mismatched Comment in VXPolicy class359] - Policy validation: resource uniqueness: store resource signature of a policy in database for faster check
  • [RANGER-223365] - Ranger admin can not access to mysql?Policy validation: only users with admin role can create excludes policies
  • [RANGER-224] - Ranger admin can not access to mysql?376] - Develop a pluggable authorization API for KMS
  • [RANGER-225412] - Ranger-LookupResource and ValidateConfig implementation for all components in the new pluggable modelPackaging changes for Ranger KMS
  • [RANGER-230417] - Change hbase plugin to use the new frameworkUI support for Ranger KMS
  • [RANGER-231] - Wiki Documentation of Update policy419] - Policy validation: Assign generated name to a policy if one isn't specified before policy validation logic
  • [RANGER-232] - Change Knox plugin to use the new framework437] - Policy validation: Creation of hive UDF policy fails
  • [RANGER-234444] - WIndows Unit Tests are failing due to crypto filepath error- Service-def validation: Detect and flag illegal resource hierarchies
  • [RANGER-236] - Remove winpkg from apache code base459] - Service def: Resource or Config list that is empty or contains duplicates
  • [RANGER-238] - Range Hive plugin needs update for changes in HiveAuthorizer interface462] - Policy validation: policy resource conflict signature check should be intra-service

Bug

  • [RANGER-23982] - Support JDBC based SQL invocation for setup processAdd pom.xml exclusions
  • [RANGER-240] - Change Storm plugin to use the new framework99] - enabling argus hive agent should set doAs=false in hive-site.xml
  • [RANGER-243] - AsyncAuditProvider thread should exit without delay on shutdown140] - Clean up for FindBugs reported issue - Set 1
  • [RANGER-244] - Provide support to Show/Hide Users141] - Argus Wiki link returns "Not Found"
  • [RANGER-256145] - Enable pluggable way to add context data to requestStatic analysis problems reported related to null pointer
  • [RANGER-260] - Remove all eclipse settings files from repo160] - Add junits for HDFS URLBasedAuthDB - audit log enabled check
  • [RANGER-264] - Ranger Admin login page requests fail with 404167] - Add junits for HDFS URLBasedAuthDB - grant access check
  • [RANGER-265] - If Hive repository's connection is setup incorrectly then it can make policy manager unresponsive.177] - usersync process should be modified to run as ranger just like policy admin tool
  • [RANGER-275] - UI Enhancements for 0.5 release181] - Move Argus Project documentation to be under the Argus REPO
  • [RANGER-277] - Ranger Public API changes to use Service Model185] - Optimize database transaction usage in admin web application
  • [RANGER-279186] - Update stack model to support UI input validationImprove failure handling in usersync service
  • [RANGER-280] - Add color scheme for "Http Response Code" under Audit --> Agents187] - Script parsing install.properties fails if there is space in the name value pair. It should be resilient to such user errors.
  • [RANGER-283188] - Dirty form confirmation popup should have option to "Proceed Anyway"Add LSB headers to Ranger init.d scripts
  • [RANGER-284] - Replace "Agents" with "Plugins" in Ranger Admin UI192] - User Detail Page hangs if user has many groups
  • [RANGER-287] - Plugin policy download audit log shows empty "Agent Id" field193] - Allow user to be created without group association
  • [RANGER-288195] - Replace references to "Agent" with "Plugin" in UINeed to update Wiki link in Ranger web page
  • [RANGER-289] - Remove unused class ServiceStoreFactory196] - Rename project name from ARGUS to RANGER in podlings.xml (http://incubator.apache.org/)
  • [RANGER-294198] - XaAccessControlListsTest.java missing Apache copyright
  • [RANGER-200] - Implement pagination on Analytics page] - Update CredentialShell usage to support non-interactive mode
  • [RANGER-295203] - Update Ranger HDFS plugin for recent changes in FSPermissionCheckerFramework to extend Ranger security to new components in a pluggable way
  • [RANGER-296] - Plugin installation fails with NoClassDefFoundError: org/apache/commons/io/Charsets204] - Not able to delete user or group if user/group has any policy defined.
  • [RANGER-297206] - Assemble ranger-admin to have Service model ranger plugins jar for lookup and validate functionalityRename argus with ranger in .project file
  • [RANGER-207] - Few files are still containing the term Argus in exceptions for output messages
  • [RANGER-300] - Provide migration patch to migrate old db data to new Pluggable Service Model210] - Ranger service should tell it's Software verison
  • [RANGER-302214] - DBA Privilege separation in Ranger InstallationFix init.d restart
  • [RANGER-306215] - Grant/revoke does not generate audit logranger virtual package dependency broken
  • [RANGER-309] - HBase repository config missing "Common Name for Certificate"220] - Mismatched Comment in VXPolicy class
  • [RANGER-312] - Validation: Enhancements, improvements, deferred items223] - Ranger admin can not access to mysql?
  • [RANGER-313224] - Ranger Admin to load plugin classes in a child class-loader to avoid potential library conflictsadmin can not access to mysql?
  • [RANGER-315225] - Need to provide backward compatibility of ranger-admin start/stop to previous versionRanger-LookupResource and ValidateConfig implementation for all components in the new pluggable model
  • [RANGER-316230] - Find alternative for pNotify pluginChange hbase plugin to use the new framework
  • [RANGER-318231] - Not able to add user with only numbersWiki Documentation of Update policy
  • [RANGER-319] - Replace setVersion.sh bash script with platform independent python script232] - Change Knox plugin to use the new framework
  • [RANGER-320] - Usersync NPE when object does not have userNameAttribute234] - WIndows Unit Tests are failing due to crypto filepath error
  • [RANGER-322236] - RangerResource class rename, utility methods additionRemove winpkg from apache code base
  • [RANGER-323] - Policy evaluation optimization: cache results of resource-match in policy238] - Range Hive plugin needs update for changes in HiveAuthorizer interface
  • [RANGER-326] - Display a RO view of policy from the Audit page239] - Support JDBC based SQL invocation for setup process
  • [RANGER-328240] - Ranger HDFS plugin fails with NPEChange Storm plugin to use the new framework
  • [RANGER-329] - Agent Plugin is not copying db driver jar files243] - AsyncAuditProvider thread should exit without delay on shutdown
  • [RANGER-330] - Show audit of policy updates for new Service Model244] - Provide support to Show/Hide Users
  • [RANGER-331256] - Fix static code analyzer issuesEnable pluggable way to add context data to request
  • [RANGER-333260] - Update plugins to load config from earlier version, when new version configs are not availableRemove all eclipse settings files from repo
  • [RANGER-334264] - KMS configuration files are stored with incorrect permissionRanger Admin login page requests fail with 404
  • [RANGER-335] - High Impact defects uncovered by static analysis of code by Coverity265] - If Hive repository's connection is setup incorrectly then it can make policy manager unresponsive.
  • [RANGER-336] - Audit log timestamp needs update to take tz offset into account275] - UI Enhancements for 0.5 release
  • [RANGER-337] - Allow using of hyphen or space in first/last name field277] - Ranger Public API changes to use Service Model
  • [RANGER-338279] - Potential NPE problems in adminUpdate stack model to support UI input validation
  • [RANGER-339280] - Several dead-code, potential NPE and incorrect use of iterator issuesAdd color scheme for "Http Response Code" under Audit --> Agents
  • [RANGER-340] - Remove zookeeper library added by ranger283] - Dirty form confirmation popup should have option to "Proceed Anyway"
  • [RANGER-342] - Bust JS cache during version change to fetch new files from server284] - Replace "Agents" with "Plugins" in Ranger Admin UI
  • [RANGER-343287] - parameterized storm versionPlugin policy download audit log shows empty "Agent Id" field
  • [RANGER-344288] - Cleanup/fixes to comply with best practicesReplace references to "Agent" with "Plugin" in UI
  • [RANGER-345289] - enable-agent.sh isn't a fileRemove unused class ServiceStoreFactory
  • [RANGER-346294] - Service-def files update to use map for *Options fields, instead of a string with custom formatUpdate CredentialShell usage to support non-interactive mode
  • [RANGER-347295] - YARN Resource Lookup in Ranger Admin UI get stuck with spinner and doesn't bring resultUpdate Ranger HDFS plugin for recent changes in FSPermissionChecker
  • [RANGER-348296] - Allow ranger admin install with JDK 1.8Plugin installation fails with NoClassDefFoundError: org/apache/commons/io/Charsets
  • [RANGER-353] - Ranger installation should support multiple platforms297] - Assemble ranger-admin to have Service model ranger plugins jar for lookup and validate functionality
  • [RANGER-355] - Test connection fails with SSL error when setting up knox repository300] - Provide migration patch to migrate old db data to new Pluggable Service Model
  • [RANGER-357302] - Update Ranger HDFS plugin to use HDFS Authorization APIDBA Privilege separation in Ranger Installation
  • [RANGER-358306] - Show previous/next version of policy in Policy View popupGrant/revoke does not generate audit log
  • [RANGER-360] - Add delegated admin logic to new Service Model309] - HBase repository config missing "Common Name for Certificate"
  • [RANGER-361] - Enabling SSL in ranger admin service should rely on SSLEnabled flag instead of SSL port number312] - Validation: Enhancements, improvements, deferred items
  • [RANGER-362] - hbase agent bundles httpclient and httpcore jar[RANGER-363] - hdfs agent bundles httpclient and httpcore jar313] - Ranger Admin to load plugin classes in a child class-loader to avoid potential library conflicts
  • [RANGER-315] - Need to provide backward compatibility of ranger-admin start/stop to previous version
  • [RANGER-364316] - hive agent bundles httpclient and httpcore jarFind alternative for pNotify plugin
  • [RANGER-366318] - Grant/revoke should authorize based on grantor's user-groupsNot able to add user with only numbers
  • [RANGER-367] - hadoop-common now relies on the apache-htrace during runtime, the deployment fails with class not found319] - Replace setVersion.sh bash script with platform independent python script
  • [RANGER-369] - ranger agent connection to ssl enabled ranger admin fails320] - Usersync NPE when object does not have userNameAttribute
  • [RANGER-370] - Default policy created for a new HDFS service should have isRecursive=true322] - RangerResource class rename, utility methods addition
  • [RANGER-371323] - Policy search does not filter based on resource valuesevaluation optimization: cache results of resource-match in policy
  • [RANGER-372326] - Provide Display a set of REST APIs to access, modify and create Ranger Service Definitions, Services and PoliciesRO view of policy from the Audit page
  • [RANGER-373328] - Hive grant/revoke fails to generate audit logRanger HDFS plugin fails with NPE
  • [RANGER-375] - Show better error messages during failed logins329] - Agent Plugin is not copying db driver jar files
  • [RANGER-377] - Build breaks when JAVA LIBRARY_PATH has spaces in the directory330] - Show audit of policy updates for new Service Model
  • [RANGER-378331] - Update Policy call failing to updateFix static code analyzer issues
  • [RANGER-379333] - Ranger 0.5.0 Build fails due to changes in HIVE API parameters - HIVE-10223Update plugins to load config from earlier version, when new version configs are not available
  • [RANGER-380334] - PublicAPI should support search for service and policy with non case sensitive serviceTypeKMS configuration files are stored with incorrect permission
  • [RANGER-383] - Add new column to track resource signature in policy table335] - High Impact defects uncovered by static analysis of code by Coverity
  • [RANGER-384336] - Ranger hive lookup and test connection issue due to hive-jdbc.jar wrong version in ranger adminAudit log timestamp needs update to take tz offset into account
  • [RANGER-385] - Fixes and enhancements to Permissions Model337] - Allow using of hyphen or space in first/last name field
  • [RANGER-386338] - Update HBase plugin for recent changes in HBase (build fix)Potential NPE problems in admin
  • [RANGER-387339] - gettter/setter inconsistent names - RangerServiceDef - setType()/getName()Several dead-code, potential NPE and incorrect use of iterator issues
  • [RANGER-388340] - Add Postgres 8 support to Ranger AdminRemove zookeeper library added by ranger
  • [RANGER-389342] - Redirect to login page on session timeoutBust JS cache during version change to fetch new files from server
  • [RANGER-390343] - Merge RangerPolicyDb implementation with RangerPolicyEngineparameterized storm version
  • [RANGER-391344] - ServiceDBStore to preserve the order of resources/users/groupsCleanup/fixes to comply with best practices
  • [RANGER-392] - Provide Update/Delete for ServiceDef Object345] - enable-agent.sh isn't a file
  • [RANGER-393] - Getting Blank page after adding a new group346] - Service-def files update to use map for *Options fields, instead of a string with custom format
  • [RANGER-394347] - Resource Lookup classes are not being available as part of CLASSPATHYARN Resource Lookup in Ranger Admin UI get stuck with spinner and doesn't bring result
  • [RANGER-395348] - Allow ranger -usersync - unable to start ranger authentication process due to incorrect unix permissionadmin install with JDK 1.8
  • [RANGER-353] - Ranger installation should support multiple platforms
  • [RANGER-396355] - Policy create/update/delete fail to update service.policyVersion field[RANGER-399] - Testing connection at a Kerberized clusterTest connection fails with SSL error when setting up knox repository
  • [RANGER-400] - isRecursive match does not work correctly357] - Update Ranger HDFS plugin to use HDFS Authorization API
  • [RANGER-402] - Ranger Admin install fails if 'java' not in PATH358] - Show previous/next version of policy in Policy View popup
  • [RANGER-403] - Repo version not getting set in some of the objects360] - Add delegated admin logic to new Service Model
  • [RANGER-404361] - HDFS plugin does not generate audit for failure in mkdirEnabling SSL in ranger admin service should rely on SSLEnabled flag instead of SSL port number
  • [RANGER-405] - Hbase: access by super users are is not audited362] - hbase agent bundles httpclient and httpcore jar
  • [RANGER-407363] - Policy Creation should set both Delegate Admin and Admin permission for Hbase when Admin Permission is true during policy creationhdfs agent bundles httpclient and httpcore jar
  • [RANGER-408364] - Website needs Incubator logo and disclaimerhive agent bundles httpclient and httpcore jar
  • [RANGER-410] - Default audit handler set in BasePlugIn is lost after policy refresh366] - Grant/revoke should authorize based on grantor's user-groups
  • [RANGER-421367] - Streamline usersync process- hadoop-common now relies on the apache-htrace during runtime, the deployment fails with class not found
  • [RANGER-424369] - YARN plugin packaging to be reviewed for list of included librariesranger agent connection to ssl enabled ranger admin fails
  • [RANGER-425] - Junit failures: Two UserMgr tests are broken370] - Default policy created for a new HDFS service should have isRecursive=true
  • [RANGER-426371] - Ranger KMS policy not matching the right resource namePolicy search does not filter based on resource values
  • [RANGER-427] - UserSync Process didn't sync the group when groups are added to the user at later time[RANGER-429] - Add new role (KEY_ADMIN) for KMS permissions in Ranger Admin372] - Provide a set of REST APIs to access, modify and create Ranger Service Definitions, Services and Policies
  • [RANGER-430373] - Need additional database columns to support log aggregation at sourceHive grant/revoke fails to generate audit log
  • [RANGER-432375] - Rename RangerAuditHandler to RangerAccessResultProcessorShow better error messages during failed logins
  • [RANGER-433] - Hbase plugin: Update coprocessor classes in anticipation of changes to hbase MasterObserver interface377] - Build breaks when JAVA LIBRARY_PATH has spaces in the directory
  • [RANGER-434] - HBase revoke does not remove 'delegateAdmin' flag378] - Update Policy call failing to update
  • [RANGER-435] - Policy validation messes up the order of resources379] - Ranger 0.5.0 Build fails due to changes in HIVE API parameters - HIVE-10223
  • [RANGER-436380] - Policy validation: policy item with empty accesses list is valid if delegated admin is truePublicAPI should support search for service and policy with non case sensitive serviceType
  • [RANGER-438] - Fix Ranger KMS installation after ranger-site changes383] - Add new column to track resource signature in policy table
  • [RANGER-439384] - Ranger usersync installation script is failing with latest python scripthive lookup and test connection issue due to hive-jdbc.jar wrong version in ranger admin
  • [RANGER-440385] - Add credential updater file for updating credentialsFixes and enhancements to Permissions Model
  • [RANGER-442] - KMS installation script not copying connector jar properly386] - Update HBase plugin for recent changes in HBase (build fix)
  • [RANGER-445] - java.lang.IncompatibleClassChangeError during ranger kms startup387] - gettter/setter inconsistent names - RangerServiceDef - setType()/getName()
  • [RANGER-446388] - Update earlier version public API to skip new service-types and their policiesAdd Postgres 8 support to Ranger Admin
  • [RANGER-447] - Ranger UserSync Process - startup is not sending the credential for keystore on subsequent setup ...389] - Redirect to login page on session timeout
  • [RANGER-448] - HBase fix for scan tables issue, HBASE-13482, should be applied in Ranger HBase plugin390] - Merge RangerPolicyDb implementation with RangerPolicyEngine
  • [RANGER-449] - Policy update via previous version public API fails for HBase/Hive/Knox/Storm391] - ServiceDBStore to preserve the order of resources/users/groups
  • [RANGER-450392] - ranger_install.py needs to be updated for latest ranger-admin-site.xml changesProvide Update/Delete for ServiceDef Object
  • [RANGER-451393] - Multiple user module bug fixesGetting Blank page after adding a new group
  • [RANGER-452] - Ranger KMS config folder changes394] - Resource Lookup classes are not being available as part of CLASSPATH
  • [RANGER-453395] - Change db flavor input parameter value from SQLSERVER to MSSQL[RANGER-454] - Default policy created for a new KMS service should grant access to public groupranger-usersync - unable to start ranger authentication process due to incorrect unix permission
  • [RANGER-455396] - Resource match should be case-sensitive for HDFS/HBase/Knox/Storm/YARNPolicy create/update/delete fail to update service.policyVersion field
  • [RANGER-457399] - Active Directory Authentication should authenticate on sAMAccountName attributeTesting connection at a Kerberized cluster
  • [RANGER-460] - Users / Groups Get and Set Visibility rest api should be allowed only for users with admin role.400] - isRecursive match does not work correctly
  • [RANGER-461] - Fix source files without having Apache License headers402] - Ranger Admin install fails if 'java' not in PATH
  • [RANGER-464] - Make hbase.rpc.protection value to be lower case403] - Repo version not getting set in some of the objects
  • [RANGER-465] - Fix Ranger config migration script404] - HDFS plugin does not generate audit for failure in mkdir
  • [RANGER-466405] - PolicyRefresher should timeout when Ranger Admin is non responsive and should use local cache for policy enforcement if present.Hbase: access by super users are is not audited
  • [RANGER-468407] - Audit logs should use "ranger-acl" as enforcer instead of "xasecure-acl"Policy Creation should set both Delegate Admin and Admin permission for Hbase when Admin Permission is true during policy creation
  • [RANGER-469408] - HiveServer2 configuration directory needs to be updatedWebsite needs Incubator logo and disclaimer
  • [RANGER-470410] - Default audit handler set in BasePlugIn is lost after policy refresh
  • [RANGER-421] - Streamline usersync process] - Rename attribute "id" of *Def objects to "itemId" - to avoid confusion with DB object id
  • [RANGER-471424] - Credential helper script should be bundled with pluginsYARN plugin packaging to be reviewed for list of included libraries
  • [RANGER-472425] - KMS enhancementsJunit failures: Two UserMgr tests are broken
  • [RANGER-473] - usersync setup process - JAVA_HOME/bin should be part of PATH426] - Ranger KMS policy not matching the right resource name
  • [RANGER-474] - Ranger usersync should instantiate the right class based on SYNC_SOURCE427] - UserSync Process didn't sync the group when groups are added to the user at later time
  • [RANGER-429] - Add new role (KEY_ADMIN) for KMS permissions in Ranger Admin
  • [RANGER-475] - HBase Agent : Potential Concurrent Data Access, Null Pointer Exception, API usage errors, and other miscellaneous defects found by static analysis of codebase430] - Need additional database columns to support log aggregation at source
  • [RANGER-476] - ServiceName should be used in Lookup Connection cache in Connection Manager instead of ServiceType as we can have multiple Services for same service type432] - Rename RangerAuditHandler to RangerAccessResultProcessor
  • [RANGER-477433] - HiveAgent: Potential Concurrent Data Access, Null Pointer Exception, API usage errors, and other miscellaneous defects found by static analysis of codebaseHbase plugin: Update coprocessor classes in anticipation of changes to hbase MasterObserver interface
  • [RANGER-478434] - Audit logs for grant/revoke do not have IP addressHBase revoke does not remove 'delegateAdmin' flag
  • [RANGER-479] - PolicyEngine interface to be trimmed for better abstraction; cleanup ServiceStore hierarchy to remove move predicate util methods435] - Policy validation messes up the order of resources
  • [RANGER-481] - Credential helper script should use java from defined JAVA_HOME436] - Policy validation: policy item with empty accesses list is valid if delegated admin is true
  • [RANGER-482] - HDFS plugin denies access even when policy exists to allow the access438] - Fix Ranger KMS installation after ranger-site changes
  • [RANGER-484] - Provide ability to have LDAP attribute "referral" in config439] - Ranger usersync installation script is failing with latest python script
  • [RANGER-486440] - Add index for the new column `resource_signature` in table `x_policy`.credential updater file for updating credentials
  • [RANGER-487442] - Fix pagination issues in analytics pageKMS installation script not copying connector jar properly
  • [RANGER-489445] - Revise Ranger Menu UIjava.lang.IncompatibleClassChangeError during ranger kms startup
  • [RANGER-490] - Revise Ranger Menu UI446] - Update earlier version public API to skip new service-types and their policies
  • [RANGER-491447] - Revise Ranger Menu UIRanger UserSync Process - startup is not sending the credential for keystore on subsequent setup ...
  • [RANGER-492] - New LDAP/AD properties should be available during install in windows448] - HBase fix for scan tables issue, HBASE-13482, should be applied in Ranger HBase plugin
  • [RANGER-493] - Fix KMS dba script to work from non-install dir449] - Policy update via previous version public API fails for HBase/Hive/Knox/Storm
  • [RANGER-450] - ranger_install.py needs to be updated for latest ranger-admin-site.xml changes[RANGER-494] - Coverity scan issue about toString returning null
  • [RANGER-495] - Coverity Scan for Apache Ranger : - Null pointer issue on KnoxClient lookup manager451] - Multiple user module bug fixes
  • [RANGER-496452] - Fix build failure due to Kafka API changeRanger KMS config folder changes
  • [RANGER-497] - Caught `Null Pointer Exception` while reading service-def without logged in.453] - Change db flavor input parameter value from SQLSERVER to MSSQL
  • [RANGER-498454] - Ranger KMS needs credential_help.py during setup process - which is missingDefault policy created for a new KMS service should grant access to public group
  • [RANGER-499455] - Ranger-KMS policy creation fail's with User 'keyadmin' does not have delegated-admin privilege on given resources when installed manuallyResource match should be case-sensitive for HDFS/HBase/Knox/Storm/YARN
  • [RANGER-501457] - Need solr audit connectivity properties on the rangeradminActive Directory Authentication should authenticate on sAMAccountName attribute
  • [RANGER-502460] - To support easier extension/enhancement, provide abstract implementation for interfaces ConditionEvaluator/ContextEnricher/ResourceMatcher; also should support parameterless initUsers / Groups Get and Set Visibility rest api should be allowed only for users with admin role.
  • [RANGER-503] - Ranger admin start failed on Suse 11461] - Fix source files without having Apache License headers
  • [RANGER-504464] - KMS repo URL needs to handle multiple KMS instancesMake hbase.rpc.protection value to be lower case
  • [RANGER-505465] - Fix column length for Service def config fieldRanger config migration script
  • [RANGER-506466] - Update password script should update the right config file
  • [RANGER-507] - Resource-match logic to be moved out of policy-evaluator for reuse
  • [RANGER-508] - Knox server can't come up after Ranger plugin is installed due to jar conflicts
  • [RANGER-509] - KMS keys listing throws authentication required error in secure cluster
  • [RANGER-510] - Client IP not getting populated for KMS in audit
  • [RANGER-511] - Client IP not getting populated for KMS in audit
  • [RANGER-512] - Policy creation should fail if any user/group specified does not exist in Ranger
  • [RANGER-514] - Solr audit not working in KMS plugin
  • [RANGER-515] - Policy Listing/Permission Listing page doesn't show groups for users/groups when the user belongs to large number of groups
  • [RANGER-516] - Implement Scope and Restriction of users having KEY_ADMIN Role
  • [RANGER-517] - When login into Policy Admin Tool using Unix User Credential, it is not working
  • [RANGER-518] - [rolling downgrade] - disable SHA256 hashing of password to provide a way to test rolling downgrade of ranger admin downgrade
  • [RANGER-519] - Access Audit filtering does not work for servicename
  • [RANGER-520] - When getting Keys from a clustered kms servers, stale key list is returned
  • [RANGER-522] - Update YARN service-def to remove ip-custom-condition
  • [RANGER-523] - Update embedded service-def creation sequence and other misc fixes
  • [RANGER-525] - Use JDK class for Key Protection instead of having own classes
  • [RANGER-526] - Provide REST API to change user role
  • [RANGER-527] - System should preserve Service-def ID if it's given at the time of creating
  • [RANGER-528] - System should preserve Service-def ID if it's given at the time of creating
  • [RANGER-530] - Access-type "all" should imply rest of the permissions in Hive
  • [RANGER-531] - Legacy plugins unable to download policies
  • [RANGER-534] - Upgrade does not migrate some policies
  • [RANGER-536] - Test connection fails with SSL error when setting up knox repository
  • [RANGER-537] - service-def create fails when ID is not specified
  • [RANGER-538] - Error messages shown in Ranger Admin lack details
  • [RANGER-540] - Disable JPA cache to support ranger-admin in HA deployment
  • [RANGER-543] - RangerTimeOfDataMatcher condition to support time ranges that span across midnight
  • [RANGER-546] - Custom condition evaluation issues

Improvement

  • [RANGER-189] - Fix mail aliases on website
  • [RANGER-190] - Can you fix your 0.4.0 release?
  • [RANGER-212] - Ranger should support computing user group memberships by searching for users and groups
  • [RANGER-213] - Implement init.d status
  • [RANGER-226] - Support JDBC based SQL invocation for setup process
  • [RANGER-237] - Ranger to work with HA enabled WebHDFS with automatic failover
  • [RANGER-272] - Make the timeout interval and size of executor used by TimedEventUtil configurable
  • [RANGER-273] - Use HDFS authorization plugin interface to enforce ranger policies
  • [RANGER-276] - Add support for aggregating audit logs at source
  • [RANGER-281] - Support Postgres database for storing ranger policy information
  • [RANGER-282] - Support MS-SQLServer database for storing ranger policy information
  • [RANGER-293] - add server side checks for HDFS Repo connection properties
  • [RANGER-307] - Policy evaluation optimization: reorder policies and short-circuit evaluation
  • [RANGER-314] - Remove custom class loader used by ranger admin for resource lookup
  • [RANGER-327] - Modify pom.xml to ensure that no hard-coded versions for maven dependencies and library
  • [RANGER-374] - ranger admin need to support AJP connector to work behind SSL enabled Apache Load Balancer
  • [RANGER-382] - 0.5.0 release - Code Cleanup to add/modify license headers and unwanted comments
  • [RANGER-397] - Implement reliable streaming audits to configurable destinations
  • [RANGER-418] - Upgrade script from earlier version (0.4.*) to the current version (0.5.0)
  • [RANGER-431] - consolidate all configurations into ranger-<component>-site.xml
  • [RANGER-441] - Add ranger-util module to be part of Ranger on all platform
  • [RANGER-483] - Store user credential in SHA256 hashed value instead of MD5
  • [RANGER-485] - Provide user friendly text for HTTP response code in Audit->Plugins
  • [RANGER-488] - Prior to 0.5.0 release - update ranger pom.xml with appropriate (dependent component) release versions.

New Feature

  • PolicyRefresher should timeout when Ranger Admin is non responsive and should use local cache for policy enforcement if present.
  • [RANGER-468] - Audit logs should use "ranger-acl" as enforcer instead of "xasecure-acl"
  • [RANGER-469] - HiveServer2 configuration directory needs to be updated
  • [RANGER-470] - Rename attribute "id" of *Def objects to "itemId" - to avoid confusion with DB object id
  • [RANGER-471] - Credential helper script should be bundled with plugins
  • [RANGER-472] - KMS enhancements
  • [RANGER-473] - usersync setup process - JAVA_HOME/bin should be part of PATH
  • [RANGER-474] - Ranger usersync should instantiate the right class based on SYNC_SOURCE
  • [RANGER-475] - HBase Agent : Potential Concurrent Data Access, Null Pointer Exception, API usage errors, and other miscellaneous defects found by static analysis of codebase
  • [RANGER-476] - ServiceName should be used in Lookup Connection cache in Connection Manager instead of ServiceType as we can have multiple Services for same service type
  • [RANGER-477] - HiveAgent: Potential Concurrent Data Access, Null Pointer Exception, API usage errors, and other miscellaneous defects found by static analysis of codebase
  • [RANGER-478] - Audit logs for grant/revoke do not have IP address
  • [RANGER-479] - PolicyEngine interface to be trimmed for better abstraction; cleanup ServiceStore hierarchy to remove move predicate util methods
  • [RANGER-481] - Credential helper script should use java from defined JAVA_HOME
  • [RANGER-482] - HDFS plugin denies access even when policy exists to allow the access
  • [RANGER-484] - Provide ability to have LDAP attribute "referral" in config
  • [RANGER-486] - Add index for the new column `resource_signature` in table `x_policy`.
  • [RANGER-487] - Fix pagination issues in analytics page
  • [RANGER-489] - Revise Ranger Menu UI
  • [RANGER-490] - Revise Ranger Menu UI
  • [RANGER-491] - Revise Ranger Menu UI
  • [RANGER-492] - New LDAP/AD properties should be available during install in windows
  • [RANGER-493] - Fix KMS dba script to work from non-install dir
  • [RANGER-494] - Coverity scan issue about toString returning null
  • [RANGER-495] - Coverity Scan for Apache Ranger : - Null pointer issue on KnoxClient lookup manager
  • [RANGER-496] - Fix build failure due to Kafka API change
  • [RANGER-497] - Caught `Null Pointer Exception` while reading service-def without logged in.
  • [RANGER-498] - Ranger KMS needs credential_help.py during setup process - which is missing
  • [RANGER-499] - Ranger-KMS policy creation fail's with User 'keyadmin' does not have delegated-admin privilege on given resources when installed manually
  • [RANGER-501] - Need solr audit connectivity properties on the rangeradmin
  • [RANGER-502] - To support easier extension/enhancement, provide abstract implementation for interfaces ConditionEvaluator/ContextEnricher/ResourceMatcher; also should support parameterless init
  • [RANGER-503] - Ranger admin start failed on Suse 11
  • [RANGER-504] - KMS repo URL needs to handle multiple KMS instances
  • [RANGER-505] - Fix column length for Service def config field
  • [RANGER-506] - Update password script should update the right config file
  • [RANGER-507] - Resource-match logic to be moved out of policy-evaluator for reuse
  • [RANGER-508] - Knox server can't come up after Ranger plugin is installed due to jar conflicts
  • [RANGER-509] - KMS keys listing throws authentication required error in secure cluster
  • [RANGER-510] - Client IP not getting populated for KMS in audit
  • [RANGER-511] - Client IP not getting populated for KMS in audit
  • [RANGER-512] - Policy creation should fail if any user/group specified does not exist in Ranger
  • [RANGER-514] - Solr audit not working in KMS plugin
  • [RANGER-515] - Policy Listing/Permission Listing page doesn't show groups for users/groups when the user belongs to large number of groups
  • [RANGER-516] - Implement Scope and Restriction of users having KEY_ADMIN Role
  • [RANGER-517] - When login into Policy Admin Tool using Unix User Credential, it is not working
  • [RANGER-518] - [rolling downgrade] - disable SHA256 hashing of password to provide a way to test rolling downgrade of ranger admin downgrade
  • [RANGER-519] - Access Audit filtering does not work for servicename
  • [RANGER-520] - When getting Keys from a clustered kms servers, stale key list is returned
  • [RANGER-522] - Update YARN service-def to remove ip-custom-condition
  • [RANGER-523] - Update embedded service-def creation sequence and other misc fixes
  • [RANGER-525] - Use JDK class for Key Protection instead of having own classes
  • [RANGER-526] - Provide REST API to change user role
  • [RANGER-527] - System should preserve Service-def ID if it's given at the time of creating
  • [RANGER-528] - System should preserve Service-def ID if it's given at the time of creating
  • [RANGER-530] - Access-type "all" should imply rest of the permissions in Hive
  • [RANGER-531] - Legacy plugins unable to download policies
  • [RANGER-534] - Upgrade does not migrate some policies
  • [RANGER-536] - Test connection fails with SSL error when setting up knox repository
  • [RANGER-537] - service-def create fails when ID is not specified
  • [RANGER-538] - Error messages shown in Ranger Admin lack details
  • [RANGER-540] - Disable JPA cache to support ranger-admin in HA deployment
  • [RANGER-543] - RangerTimeOfDataMatcher condition to support time ranges that span across midnight
  • [RANGER-546] - Custom condition evaluation issues
  • [RANGER-178] - Ranger to support authorization and auditing for Apache Solr
  • [RANGER-179] - Argus/Ranger to support authorization and auditing for Apache Kafka
  • [RANGER-194] - Rename packages from xasecure to apache ranger
  • [RANGER-202] - Ranger hbase authorization at namespace level
  • [RANGER-246] - Add support for Authorization and Auditing of Apache Kafka
  • [RANGER-247] - Provide scalable/HA Hadoop KMS to support Hadoop TDE
  • [RANGER-248] - Add support for Authorization and Auditing of YARN resources
  • [RANGER-250] - Create permission model to allow/disallow functionality within ranger-admin UI
  • [RANGER-278] - REST, Store: validation of policy/service/service-def

Task

  • [RANGER-233] - Update the version number on the pom.xml to be 0.5.0
  • [RANGER-242] - Ranger config migration script
  • [RANGER-317] - ranger-usersync setup fails with NoClassDefFoundError
  • [RANGER-351] - Update HBase plugin to use HBase version 1.1 (from 0.99.2)
  • [RANGER-352] - To facilitate update of service-def, add ID attribute to contained objects
  • [RANGER-480] - Need access control on REST API based on permission model
  • [RANGER-194] - Rename packages from xasecure to apache ranger

Test

  • [RANGER-245] - Strom plugin test connection failed

...