Sub-task

  • [RANGER-1492] - UI updates to support tag-based masking policies
  • [RANGER-1493] - Policy engine updates to support tag-based masking policies
  • [RANGER-1494] - Tag service-def updates to support masking policies
  • [RANGER-1830] - Write unit test for RANGER-1810
  • [RANGER-1831] - Write install guide for RANGER-1810
  • [RANGER-1848] - Implement getLinkList/getJobList in SqoopClient for Ranger Sqoop2 plugin

Bug

  • [RANGER-813] - Script to install Solr for Ranger Audits doesn't work in Suse
  • [RANGER-1176] - Ranger admin does not allow to create / update a policy with only delegate admin permission
  • [RANGER-1289] - Error occured in Ranger KMS function
  • [RANGER-1321] - Provide a mechanism to create service-specific default policies
  • [RANGER-1326] - Fix remaining licensing issues
  • [RANGER-1348] - Atlas Autocompletion not working properly
  • [RANGER-1354] - Error on Atlas plugin install
  • [RANGER-1364] - MySQLPLRunner take wrong start index when traverse the resultSet metadata
  • [RANGER-1369] - There is invalid group error when install Solr for Ranger Audits
  • [RANGER-1372] - There are some errors when I used 'sudo ranger-usersync start' command to run the Ranger UserSync Process in ubuntu 16.04.
  • [RANGER-1374] - When exceptions occur during using ChangePasswordUtil tool to update admin password, the program doesn't record error messages.
  • [RANGER-1381] - Add hadoop-common.jar as dependency to ranger-hive-utils package to avoid build failure
  • [RANGER-1383] - Support for using resource-matcher for filtering policies within a service if service-resource is provided in the filter
  • [RANGER-1385] - UnixAuthenticationService may fails in Widows as the "/" is different from "\"
  • [RANGER-1386] - ranger hdfs-plugin function not revoked after execute disable-hdfs-plugin.sh which cause hadoop-hdfs authorization failed.
  • [RANGER-1387] - Remove unused SQL_CONNECTOR_JAR in install.properties of ranger plugin
  • [RANGER-1392] - Hive test connection is failing even if jdbc.url configured is correct in Ranger 0.7.0
  • [RANGER-1396] - There are error logs in SecureClientLogin class
  • [RANGER-1397] - Error method name in the printed logs
  • [RANGER-1400] - Enabling Ranger HDFS Plugins failed when hadoop program and Ranger HDFS Plugin are not in the same path.
  • [RANGER-1401] - Add consolidated db schema script for SQLServer DB flavor
  • [RANGER-1402] - NPE if there is a problem with the HiveClient driverClassName
  • [RANGER-1403] - There is a problem in buildks class when delete invalid keystore file.
  • [RANGER-1404] - Few HIVERangerAuthorizerTest UT fails with Permission denied intermittently
  • [RANGER-1405] - groups are not shown if exact user name is passed in search filter
  • [RANGER-1408] - When the error occurs, the system does not record the error message in RangerServiceService class
  • [RANGER-1411] - Permissions tab pages display are not reasonable
  • [RANGER-1412] - Start hadoop failed after enabling ranger HDFS plugins
  • [RANGER-1414] - Ranger Hive Authorizer API for row-filtering and column-masking need only return those tables that need masking/filtering
  • [RANGER-1415] - The ranger can be opened when the user enters http://localhost:6080/ in the browser address bar. But request policy from hadoop to ranger will failed after installing hdfs plugin if we set POLICY_MGR_URL equal to http://localhost:6080/.
  • [RANGER-1416] - SunX509 is the hardcoded Algorithm for SSL
  • [RANGER-1418] - In yarn plugin, there are some wrong logs.
  • [RANGER-1420] - Some error log information in ranger policy module
  • [RANGER-1424] - Log should be changed to info level
  • [RANGER-1425] - Remove some duplicate codes
  • [RANGER-1427] - Remove dead code from XResourceService
  • [RANGER-1430] - There are some duplicate keys in some js files
  • [RANGER-1431] - Do some code improvement in Java method AuthSessionService.mapEntityToViewBean
  • [RANGER-1432] - Do some code improvement in UserMgr.java
  • [RANGER-1434] - Enable Group Search First causes issues when "Enable Group Sync" is disabled
  • [RANGER-1435] - Allow different files to be specified for unix based usersync
  • [RANGER-1437] - Disable optimization for tag download to include only tags that have policies
  • [RANGER-1438] - Useless configuration in unixauthservice pom.xml lead to project compiler error in eclipse
  • [RANGER-1439] - Spelling error for "fileStats" in the hdfs-agent\src\main\java\org\apache\ranger\services\hdfs\client\HdfsClient.java. "fileStatus" instead of "fileStats".
  • [RANGER-1444] - Do some code improvement in security admin module
  • [RANGER-1445] - Incorrect error message for searching in Audit page
  • [RANGER-1446] - Ranger Solr Plugin does not work when the collection list in the request is empty
  • [RANGER-1447] - Enable ranger-hbase-plugin failed after execute enable-hbase-plugin.sh
  • [RANGER-1449] - There is logical inconsistency for RANGER_PID_DIR_PATH in security admin
  • [RANGER-1451] - Incorrect error message for hadoop security authentication
  • [RANGER-1452] - The install program used SOLR_RANGER_COLLECTION attribute value in Install and Configure Solr for Ranger Audits. But there is no corresponding setting in install.properties. So the user can only used fixed value during installing.
  • [RANGER-1455] - Incorrect conf dir in scripts for Hadoop
  • [RANGER-1456] - Fix the spelling error in HDFS plugin
  • [RANGER-1458] - Starting Yarn failed after installing Ranger Yarn Plugin
  • [RANGER-1460] - Hdfs authorizer uses hadoop-acls to allow access with one allowing tag policy and no resource policy
  • [RANGER-1461] - The printing error of callback in ConsolePromptCallbackHandler
  • [RANGER-1462] - Fix the spelling error in Solr Authorization
  • [RANGER-1463] - Good coding practices per static code analysis
  • [RANGER-1465] - Parse properties file error for kms
  • [RANGER-1467] - The password is not set after the user is created by install program during installing Ranger Policy Admin. We should set password like db user.
  • [RANGER-1469] - The user group would be duplicate created if the user group existed during installing Ranger Policy Admin.
  • [RANGER-1470] - The logic of the solr_for_audit_setup installer parsing the properites file is inconsistent with the other installers. It treated these attributes as environment variable. There are security risks in the solr_for_audit_setup installer.
  • [RANGER-1472] - tag downloads fail with error "XXServiceResourceElement.findTaggedResourcesInServiceId"
  • [RANGER-1473] - There is invalid clause in the installer for Install and Configure Solr for Ranger Audits
  • [RANGER-1474] - On SP12, hive policy page opens up with UDF as default under resources, rather than table.
  • [RANGER-1475] - some users missed to be sync if they are syncd from openldap If deltasync is enabled
  • [RANGER-1476] - External users not editable through Ranger UI
  • [RANGER-1477] - 'show databases' fails with access-denied when user doesn't have access to some of the databases
  • [RANGER-1479] - Plugins couldnt load settings xml files from the classpath, if they are inside a jar
  • [RANGER-1481] - Capture cluster name in ranger audit info
  • [RANGER-1482] - 'Ranger KMS' repo is not getting created in manual installation
  • [RANGER-1484] - RangerUI: Escape of policy condition text entered in the policy form.
  • [RANGER-1489] - Solr plugin fails to get client address
  • [RANGER-1490] - Increase size of sort_order column of x_policy_resource_map
  • [RANGER-1495] - Good coding practices recommendation by static code analysis
  • [RANGER-1499] - Upgrade Tomcat version
  • [RANGER-1500] - Add support to exclude/disable SSL protocols.
  • [RANGER-1501] - Audit Flush to HDFS does not actually cause the audit logs to be flushed to HDFS
  • [RANGER-1502] - Solr shutdown does not cause the audit log file to be flushed and closed.
  • [RANGER-1506] - Some directorys were created repeatedly in code segment that all ownership is given to $SOLR_USER.
  • [RANGER-1509] - Add version number to ldapconfigcheck.jar
  • [RANGER-1511] - Different global variable saved the same configuration file path in unixauthservice. The code logic is inconsistent.
  • [RANGER-1512] - Ranger installer fails if hostname contains upper case letter
  • [RANGER-1513] - Add Support for S3 authorization in Ranger Hive Plugin
  • [RANGER-1515] - Run updatepolicymgrpassword.sh and updatepolicymgrpassword.py to update policy mgr password failed.
  • [RANGER-1517] - In RangerBasePlugin.java LOG.debug spelling error
  • [RANGER-1519] - Error occurred after execute enable-hive-plugin.sh
  • [RANGER-1520] - Some codes do not follow the python language development rules in usersync. They are messy.
  • [RANGER-1522] - Update consolidated db schema script for SQLServer DB flavor to reduce execution time
  • [RANGER-1530] - NPE in HadoopConfigHolder
  • [RANGER-1531] - Good coding practice while parsing XML documents in Ranger
  • [RANGER-1535] - Add tag attributes to audit log record
  • [RANGER-1536] - Error information in the printed logs
  • [RANGER-1538] - Duplicated code,in AtlasClient class for client = Client.create();
  • [RANGER-1541] - The assignment logic is inconsistent for the value of the RANGER_ADMIN_HOME variable in Ranger Admin. It will cause a serious failure.
  • [RANGER-1542] - Exceptions occured when I test connection during create a new service for atlas-plugin
  • [RANGER-1544] - Misaligned input boxes and cleanup on Reports Search
  • [RANGER-1545] - The associated AUDIT database configuration has been removed in enable_hive_plugin.sh. But the corresponding code has not been deleted. We should remove redundant code to keep consistency.
  • [RANGER-1547] - The XmlConfigChanger does not have any error messages when some exceptions occur.
  • [RANGER-1550] - HDFS test connection and resource lookup failing
  • [RANGER-1553] - Audit log record for 'show databases' hive command contains all tags
  • [RANGER-1554] - Ranger AD search filter is not get honored when logging into admin UI
  • [RANGER-1555] - Ranger UI : Audit Menu-> Admin tab diff view pop-up does not come up.
  • [RANGER-1556] - Provide keyadmin user with privileges to read ranger kms audits
  • [RANGER-1557] - Add Nifi as default in supported component list
  • [RANGER-1558] - UI Hints Popover Hides after mouse moves away from small Info I icon
  • [RANGER-1560] - Code Improvement To Follow Best Practices
  • [RANGER-1561] - Good coding practice in Ranger recommended by static code analysis
  • [RANGER-1562] - HDFS test connection is failing due to null pointer exception
  • [RANGER-1564] - The SQL_CONNECTOR_JAR properity had been deleted in RANGER-1387. The invalid code should also be deleted to keep the code consistent.
  • [RANGER-1571] - Code Improvement To Follow Best Practices
  • [RANGER-1574] - The XAAUDIT.DB.PASSWORD property had been deleted in RANGER-900. The related redundant code should be deleted for plugin installer.
  • [RANGER-1576] - Show attribute values to tags column in audit log
  • [RANGER-1577] - Update Ranger-WASB servicedefinition to remove Execute permission and disallow policies with a trailing slash
  • [RANGER-1578] - Ranger plugins should use default service-def when it fails to obtain from Ranger Admin or cache
  • [RANGER-1579] - WASB policy edit page is not opening
  • [RANGER-1581] - Ranger plugins need to support additional date formats for tag attribute values
  • [RANGER-1582] - Support KNOX SSO Token based authentication on Ranger REST API calls
  • [RANGER-1583] - Test connections are failing for plugins after upgrade
  • [RANGER-1584] - Allow tagsync to support log directory from Ambari configuration
  • [RANGER-1586] - There is "cannot resolve symbol 'serviceName'" error in ServiceSolrClient class.
  • [RANGER-1589] - Ranger build fails when python3 is the default
  • [RANGER-1591] - The log is inconsistent with the code in ServiceDBStore class,update it to ensure their consistency.
  • [RANGER-1592] - Do code improvement for static fields and Log in the AtlasClient.java
  • [RANGER-1596] - The log name is incorrect in Log4JAuditDestination.java.
  • [RANGER-1599] - Different developers use different log directories in the Ranger Admin installation script. Its processing logic is chaotic. We should optimize this logic.
  • [RANGER-1600] - In install.properties, I configured the testusr user and the testgroup groups that not exist in system. The error “chown: invalid user: testusr:testgroup” occured during installed the hbase plugin.
  • [RANGER-1601] - The log name is incorrect in ValuePrinter.java
  • [RANGER-1602] - Include / Exclude toggle not working for same level resources
  • [RANGER-1603] - Code improvement as recommended by good coding practices
  • [RANGER-1604] - DB based auditing had been removed in RANGER-900. But some configurations and codes are not removed accordingly in Ranger Admin. It often makes the user feel confused such as RANGER-1286.
  • [RANGER-1605] - These invalid codes that were copied have not been deleted in db_setup.py for the Ranger admin
  • [RANGER-1607] - Ranger service check failed on SLES11.3 cluster with sslv3 alert handshake failure
  • [RANGER-1608] - SOLR resource lookup fails with basic auth
  • [RANGER-1611] - The init_logfiles function had been removed in RANGER-1599. The segment code that calls the init_logfiles function should also be removed in setup.sh for Ranger Admin.
  • [RANGER-1612] - When servicedef is accessed, one of the properties "enableDenyAndExceptionsInPolicies" is returned as "false" if there is no value set for it.
  • [RANGER-1613] - There is one defect in start script for ranger-usersync process
  • [RANGER-1617] - The Ranger build failure in windows environment
  • [RANGER-1618] - PasswordUtil is not thread-safe
  • [RANGER-1619] - Ranger Hive Plugin fails to check the URI when the location doesn't exist
  • [RANGER-1620] - Fix kafka-ranger-env.sh script to not throw error when it is sourced from bash
  • [RANGER-1621] - Fix knox pom to pick up base knox version
  • [RANGER-1622] - Error installing Knox plugin using KNOX_HOME
  • [RANGER-1625] - Upgrade SOLR dependency to 5.5.4
  • [RANGER-1628] - Good coding practice suggested by static code analysis
  • [RANGER-1630] - StormClient doesn't decrypt password
  • [RANGER-1631] - create temp function failing with permission issues
  • [RANGER-1632] - Users are not sync'd when sAMAccountName is different than CN associated with groups
  • [RANGER-1636] - Remove the pmd check error
  • [RANGER-1638] - Improve the password validation from Ranger API
  • [RANGER-1639] - Ranger KMS should validate key name before importing into DB
  • [RANGER-1640] - HBase Test Connection does not work when creating a service
  • [RANGER-1641] - Like security admin and usersync, the kms installer should chech whether the user group exists before creating the user group.
  • [RANGER-1642] - Policies listed on 2nd page and onwards of Policy Landing page don't reflect any edits on them
  • [RANGER-1646] - Error messages in RangerRESTClient aren't helpful
  • [RANGER-1648] - Ranger Kafka Plugin now should use the Short name from Kafka Session Object
  • [RANGER-1649] - Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal mechanism
  • [RANGER-1651] - Improve Ranger and Ranger KMS REST Api documentation
  • [RANGER-1652] - Clean invalid code for kms installer to improve code clarity and execution efficiency.
  • [RANGER-1653] - Proxying Ranger UI does not work with Ranger-KnoxSSO
  • [RANGER-1657] - Like ranger admin and usersync, the password should be set after the user is created by installer during installing kms.
  • [RANGER-1658] - Solr gives NPE while printing the AuthorizationContext in INFO and DEBUG log
  • [RANGER-1659] - Similar to RANGER-1599, Different developers use different log directories in the kms installation script. Its processing logic is chaotic. We should optimize this logic.
  • [RANGER-1661] - Default policy for KMS audits is pointing to incorrect location
  • [RANGER-1665] - Ranger needs to provide a way to get list of policies associated with given resource
  • [RANGER-1666] - Ranger UI should consider "recursiveSupported" attribute value at each resource level to Store the Policy
  • [RANGER-1671] - The admin service can't audit to Solr using Basic Authentication
  • [RANGER-1676] - Policy Details popup from Access audit page not displaying details of masking policy
  • [RANGER-1678] - In different places to achieve the same function using repeat codes, new issue is perhaps generated when these functions are modified.
  • [RANGER-1679] - Export Policy not working when Knox proxy is Enabled
  • [RANGER-1682] - Clicking on export service after session timeout gets stuck indefinitely
  • [RANGER-1683] - Fix the failing Kerberos tests on Jenkins
  • [RANGER-1686] - Log file name format of usersync and security admin should be consistent.
  • [RANGER-1688] - The version file did not exist in ranger-1.0.0-SNAPSHOT-kms.tar.gz. The result was that the VERSION variable can only get a fixed 0.5.0 value when installed ranger kms.
  • [RANGER-1689] - Add support for defining recursive policies for WASB service def
  • [RANGER-1690] - Ranger usersync created error users. Ranger usersync got System Virtual User Group Name instead of real group name when built the unix user list.
  • [RANGER-1693] - The pidf's assignment logic in ranger-kms-initd should be consistent with the pidf's assignment logic in ranger-kms
  • [RANGER-1695] - Optimize Ranger code for authorization of HDFS 'getContentSummary' and 'delete' commands
  • [RANGER-1696] - Request to get all policies for hive or hbase service-type does not include policies that apply to specific child resource(such as table in hive/column family in hbase)
  • [RANGER-1698] - Write audit log to solr failure.
  • [RANGER-1705] - Good coding practice in Ranger recommended by static code analysis
  • [RANGER-1707] - Update RangerHdfsAuthorizer for changes in traverse checks since Hadoop 2.8
  • [RANGER-1708] - Remove tag services from service type and service name filters under Access Audit.
  • [RANGER-1709] - kms test case write logs to log file
  • [RANGER-1713] - Hive testConnection failed after used ldap authentication in Hive.
  • [RANGER-1714] - Disable dynamic sorting of policies when trie pre-filter is enabled
  • [RANGER-1723] - The Ranger doesn't support solr6. In the HttpSolrClient class of solr6, the setMaxRetries function has been removed, which causes ranger to fail to compile.
  • [RANGER-1724] - On Report listing page for masking/row filter policies show only mask/row filter conditions
  • [RANGER-1725] - It is incorrect to judge whether you need to create a RangerServiceDef object for a given service
  • [RANGER-1726] - Users are not getting deleted when Knox proxy is Enabled.
  • [RANGER-1727] - Ranger allows user to change an external user's password with 'null' old password
  • [RANGER-1730] - Utility script that will list the users with a given role
  • [RANGER-1731] - Guava dependency cause build problems
  • [RANGER-1732] - Collection added to itself
  • [RANGER-1733] - Duplicate RangerDaoManager fields in the services
  • [RANGER-1734] - Close the connection in the HIVERangerAuthorizerTest
  • [RANGER-1736] - Good coding practice in Ranger recommended by static code analysis
  • [RANGER-1739] - build_ranger_using_docker script cannot download jdk8
  • [RANGER-1740] - There is a exception when the ranger_credential_helper.py was executed.
  • [RANGER-1741] - The initd ran repeatedly when ranger-usersync-services.sh was running
  • [RANGER-1742] - Like setup.sh, the set_globals.sh should check whether the user group exists before created user group in security admin.
  • [RANGER-1743] - Comment lines have not been filtered out when the populate_global_dict function parsed install.properties in security-admin/scripts/restrict_permissions.py. Like RANGER-1284, we should modify it.
  • [RANGER-1744] - Similar to RANGER-1541, the assignment logic is inconsistent for the value of the RANGER_ADMIN_HOME variable in changeusernameutil.py and changepasswordutil.py. It will cause a serious failure.
  • [RANGER-1746] - The prompt message is incorrect when test hdfs connection and check 'dfs.ha.namenodes.[nameservice ID]' to be mandatory.
  • [RANGER-1747] - Usersync: LDAP Paged results seems to be ignored in Ranger
  • [RANGER-1748] - User is unable to update existing policy while importing policy from file
  • [RANGER-1750] - In Nifi default policy is getting created with policyitem without any user/group but permission set for the same.
  • [RANGER-1751] - The importJCEKSKeys.sh and DBMK2HSM.sh will throw an exception when the JAVA_HOME is equal to null.
  • [RANGER-1752] - When "dfs.nameservices" configures multiple nameservice id and then test hdfs connection, verifying "dfs.client.failover.proxy.provider.[dfs.nameservices]" is incorrect
  • [RANGER-1753] - Fix error message spelling mistake in XKeyREST.java
  • [RANGER-1754] - group deletion message is wrong , it give User deleted successfully instead of group
  • [RANGER-1755] - hbase system tablename is old version in ranger-hbase-plugin
  • [RANGER-1756] - Handle role related restrictions for users having User role
  • [RANGER-1763] - The logic of the expansion button in the Edit Policy page is error. The user must click twice to collapse Conditions.
  • [RANGER-1765] - Add unique key constraint in x_group and x_group_users table
  • [RANGER-1767] - Hive tests fail if Hive is already running on the machine
  • [RANGER-1769] - The update_property.py should exit the loop to improve execution efficiency once the attribute value is set.
  • [RANGER-1771] - Improve performance of merging lists of policyEvaluators returned by Trie
  • [RANGER-1772] - EmbeddedServiceDefsUtil.java should print exception info in try-catch{}
  • [RANGER-1775] - Clicking on export service after session timeout gets stuck indefinitely.
  • [RANGER-1776] - ranger-plugin-audit always show error.
  • [RANGER-1777] - The Ranger can not refresh screen and hide child menu when user clicks menu
  • [RANGER-1779] - last resource gets duplicated during update policy if policy is created through public api rest call
  • [RANGER-1781] - RangerUI :Policy create/edit form should display only relevant accesses based on the user-selected resource.
  • [RANGER-1782] - When the drop-down box is switched, more than one symbol is displayed each time in ranger-web-hivedev
  • [RANGER-1783] - Update XUserREST for listing users
  • [RANGER-1786] - Need warning on external user role change.
  • [RANGER-1787] - User has to fill up all the allow and deny conditions items to create a knox policy.
  • [RANGER-1788] - Install Ranger admin failure.
  • [RANGER-1790] - From the ease of use point of view, Select / Deselect All and other checkbox should be associated in add/edit permissions pop window.
  • [RANGER-1791] - The JAVA_HOME property is invalid in install.properties for Solr for Ranger Audits. The solr started fail after installed and configured Solr for Ranger Audits
  • [RANGER-1794] - The warning information is incorrect in getRangerServiceByService of ServiceMgr class
  • [RANGER-1795] - Service should not be renamed if tagged service resources exist for it
  • [RANGER-1797] - Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.
  • [RANGER-1798] - Here is a error in getTableList() when get table-list info for HiveClient class
  • [RANGER-1800] - Usersync fails to update users and groups during incremental sync with nested groups and group first search enabled
  • [RANGER-1801] - group user mapping updates to ranger admin fail when the mapping is already existed in ranger DB.
  • [RANGER-1802] - Here is a error in getStatusResponse() when post data exception for AtlasClient class
  • [RANGER-1803] - Json may be analysis a null value at tests[] for test_resourcematcher_default.json
  • [RANGER-1804] - The exception information is error when judge password for RangerKeyStoreProvider class
  • [RANGER-1806] - Good coding practice in Ranger recommended by static code analysis
  • [RANGER-1812] - Object HTableDescriptor can be used directly at getTableList() method for HBaseClient class
  • [RANGER-1813] - The drop-down box name "database" is not showing full when edit hive policy
  • [RANGER-1814] - Static code analyser suggest to ensure closing Reader
  • [RANGER-1815] - Fix invalid code and error logic for the BaseDao class
  • [RANGER-1816] - When the error occurs, the system does not record the error message
  • [RANGER-1817] - Audit to Solr fails to log when the number of columns are in large number
  • [RANGER-1818] - Good coding practice in Ranger recommended by static code analysis
  • [RANGER-1819] - Not able to delete group that is having special character(ampersand) from ranger admin
  • [RANGER-1820] - Duplicate entries should be deleted before creation of unique index on x_group and x_group_users table
  • [RANGER-1825] - Ranger Tagsync is giving NoClassDefFoundError
  • [RANGER-1826] - Import of bulk policies is causing OOM and Apparent Deadlock
  • [RANGER-1828] - Good coding practice-add additional headers in ranger
  • [RANGER-1832] - Export REST API should return exact matching results if polResource param is provided
  • [RANGER-1833] - Update Ranger to use 0.8.1 Atlas version
  • [RANGER-1835] - The installer of the security admin should not repeatedly add a user to the same group.
  • [RANGER-1836] - LOG class is imported error for RangerServiceService class
  • [RANGER-1838] - Refactor Jisql dependencies
  • [RANGER-1846] - This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.
  • [RANGER-1853] - Masking functions based on custom masking of string types fails to unescape quotes properly.
  • [RANGER-1856] - Installation and access logic are inconsistent for the pid of kms program. Like security admin, they should be consistent.
  • [RANGER-1857] - The value of RANGER_KMS_HOME logic is not correct in dba_script.py and db_setup.py, Like db_setup.py in admin, we should optimize them.
  • [RANGER-1858] - ranger-admin start fail when policymgr_http_enabled equal to false.
  • [RANGER-1859] - Fix new findBugs in HdfsClient.java
  • [RANGER-1860] - Provide a new service interface prompt function framework to resolved the defect of the current service interface, increase the flexibility of the function, improve user ease of use
  • [RANGER-1861] - There are errors when the "ranger-kms start" command was executed.
  • [RANGER-1862] - generalName.get(1) cause IndexOutOfBoundsException in NiFiClient
  • [RANGER-1863] - Optimize the code and keep the code style consistent, remove the invalid code in the RemoteUnixLoginModule class
  • [RANGER-1864] - Resources are not rendering correctly in policy create/edit page.
  • [RANGER-1868] - Good coding practice in Ranger recommended by static code analysis
  • [RANGER-1870] - Modify the logic for buildUnixUserList and parseMembers method in UnixUserGroupBuilder class
  • [RANGER-1873] - Fix property handling in RangerKMSDB
  • [RANGER-1875] - The installer of the kms should not repeatedly add a user to the same group.
  • [RANGER-1876] - Incorrect conf dir location for Yarn install script
  • [RANGER-1878] - The exception infomation print error for RangerPolicyServiceBase.java
  • [RANGER-1879] - Yarn disable plugin script doesn't work
  • [RANGER-1880] - TagSync update to process TRAIT_UPDATE notification from Atlas
  • [RANGER-1883] - TagSync should reuse kerberos ticket in REST calls to Ranger Admin
  • [RANGER-1884] - Default Policy is not created for Ranger KMS and Tag service
  • [RANGER-1887] - serviceDef.getResources().get(0).getName(); case IndexOutOfBoundsException in RangerServiceTag.class And print error in RangerServiceStorm
  • [RANGER-1896] - Remove deprecated extractedCommonCriterias call from the SearchUtil
  • [RANGER-1897] - TagSync should replace use of V1 Atlas APIs with V2 APIs for efficient tag-download from Atlas
  • [RANGER-1898] - Simplify Knox plugin dependency management
  • [RANGER-1901] - Similar to RANGER-1846, the JAVA_VERSION_REQUIRED configuration item is invalid in kms installer, we should enable it to control the necessary java version.
  • [RANGER-1903] - Simplify the maven dependency management of the Hdfs plugin for Ranger.
  • [RANGER-1905] - NoClassDefFoundError from the built zip/tar.gz, created by the maven-assembly-plugin
  • [RANGER-1912] - Ranger setup fails with mariadb/mysql when binary logging is enabled
  • [RANGER-1914] - Modify crypt_algo_array.length to avoid java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class
  • [RANGER-1921] - Fix coverity warnings in RangerHdfsAuthorizer
  • [RANGER-1930] - Add consolidated db schema script for all supported DB flavor
  • [RANGER-1931] - Remove use of maven-shade-plugin from Ranger build scripts
  • [RANGER-1932] - After create the service of yarndev,the policy named 'all-queue' created for the default user should have all the permissions.However, this policy does't take effect.
  • [RANGER-1934] - Optimize the init method in BaseAuditHandler class to avoid ArrayIndexOutOfBoundsException
  • [RANGER-1943] - Ranger Solr authorization is skipped when collection is empty or null
  • [RANGER-1944] - Action filter for Admin Audit is not working
  • [RANGER-1952] - Allow user's email Address to be blank on emailchange API as per RANGER-978
  • [RANGER-1956] - Update CredentialBuilder module
  • [RANGER-1957] - Ranger Usersync is not syncing users or groups periodically when incremental sync is enabled.
  • [RANGER-1960] - HBase auth does not take table namespace into consideration for deleting snapshot
  • [RANGER-1961] - Fixed spelling error "condtion"
  • [RANGER-1962] - Simplify Ranger API for reporting results of access authorization
  • [RANGER-1965] - Prevent NPE on decrypting a null password
  • [RANGER-1966] - Policy engine initialization does not create context enrichers in some cases
  • [RANGER-1970] - Build fails - rat issues with storm-agent
  • [RANGER-1975] - Address Ranger Website checks flagged by Whimsy
  • [RANGER-1980] - Build failure for Ranger 0.7 branch
  • [RANGER-1981] - Error in constructing base path for UI API when accessing Ranger via knox proxy without "/" at the end
  • [RANGER-1982] - Error Improvement for Analytics Metric of Ranger Admin and Ranger Kms
  • [RANGER-1983] - Remove LZ4.*jar from ranger admin dependency
  • [RANGER-1984] - Hbase audit log records may not show all tags associated with accessed column
  • [RANGER-1988] - Fix insecure randomness
  • [RANGER-1991] - Fix problems detected by static code analysis
  • [RANGER-1993] - Improvement on permission module for listing modules
  • [RANGER-1998] - Add ability to specify passwords for admin accounts during ranger install only.
  • [RANGER-2003] - On Report page 'User, Group and Access' details are not shown for policyItem exceeding more than 25 policies
  • [RANGER-2006] - Fix problems detected by static code analysis in ranger usersync for ldap sync source
  • [RANGER-2007] - ranger-tagsync's Kerberos ticket fails to renew
  • [RANGER-2008] - Policy evaluation is failing for multiline policy conditions.
  • [RANGER-2011] - Level 20 resource value is not set on UI in Ranger Edit Policy.
  • [RANGER-2014] - Unable to see policy detail in view policy mode after updating recursive flag

New Feature

  • [RANGER-1203] - Ranger YARN Plugin supports Fair Scheduler
  • [RANGER-1508] - The browser returns garbled when we login ranger security admin in non-English environment. We need support the internationalization function to solve this problem.
  • [RANGER-1523] - Add AtlasResourceMapper implementation for Apache Storm
  • [RANGER-1525] - Some users hope that the execute programs and install configuration file of the Ranger Admin can be deployed separately when they integrate Ranger into the big data platform or business systems to uniform install Ranger.
  • [RANGER-1540] - Log is very important for big data platform. The main purpose of log analysis is that we need to know who is running the service, in which machine running service, which service out of the problem. The ranger security admin should support the feature.
  • [RANGER-1568] - Similar to RANGER-1540, the Ranger UserSync should also support the same new feature.
  • [RANGER-1575] - Some users hope that the pid file of the Ranger Admin can be unified management when they integrate Ranger into the big data platform or business systems to uniform install and run Ranger.
  • [RANGER-1614] - Similar to RANGER-1575, the Ranger UserSync should also support the same new feature.
  • [RANGER-1627] - Tagsync should also be able to support pid file name customization like admin and usersync
  • [RANGER-1647] - Allow Ranger policy conditions to use tag attributes and values in Ranger
  • [RANGER-1660] - Similar to RANGER-1575, the kms should also support the same new feature.
  • [RANGER-1669] - We need to support the original functionality of hive:show grant user username
  • [RANGER-1692] - Similar to RANGER-1540, the Ranger kms should also support the same new feature.
  • [RANGER-1735] - Support representing nested group memberships in Ranger Admin
  • [RANGER-1766] - Execute "grant all" command failure in beeline mode when user used Ranger hive plugin
  • [RANGER-1810] - Ranger supports plugin to enable, monitor and manage apache Sqoop2
  • [RANGER-1844] - Ranger admin support hdfs HA configuration when creating hdfs service.
  • [RANGER-1929] - The ranger should support the View policy.
  • [RANGER-1963] - Show actual hive query on ranger audit UI.
  • [RANGER-1967] - The Ranger support the Kafka 1.0.0
  • [RANGER-1972] - Ability to label policies, filter/search and show policies by labels

Improvement

  • [RANGER-689] - For Solr plugin, use resources folders for adding Ranger properties
  • [RANGER-1318] - Consolidate XML configuration parsing
  • [RANGER-1370] - createdByUserId is stored in public static field
  • [RANGER-1371] - No need to write field initializers for default values, and types where the diamond operator could suffice
  • [RANGER-1376] - Several different jersey/jackson library is used
  • [RANGER-1377] - Improve codestyle, java api usage
  • [RANGER-1384] - Replace old asm version
  • [RANGER-1388] - Improve error messages in AtlasKafkaResourceMapper
  • [RANGER-1393] - RangerAuditFields generic type is incorrectly specified
  • [RANGER-1399] - Do some code improvement in Java method SolrUtil.searchResources
  • [RANGER-1419] - Do some code improvement in Java method XTrxLogService.searchXTrxLogs
  • [RANGER-1426] - Change return type of RangerBaseService.validateConfig
  • [RANGER-1433] - Enabled secure processing feature
  • [RANGER-1436] - Turn Ranger deny policy & except condition blocks ON by default
  • [RANGER-1441] - Remove MapUtils.EMPTY_MAP
  • [RANGER-1450] - Avoid path traversal attacks when reading XML files
  • [RANGER-1457] - Move COMPONENT_INSTALL_DIR_NAME to install.properties for Yarn plugin
  • [RANGER-1468] - To make the search tips of Plugin-Status consistent with others
  • [RANGER-1471] - Remember filters on all tabs of Ranger Audits page
  • [RANGER-1478] - Refactor RangerPolicyEngineOptions, RangerConfiguration is looked up too many times
  • [RANGER-1497] - Improvement of unit test coverage for ranger
  • [RANGER-1503] - Add tips to make jdbc.url parameter easy for users to use when create hive-plugin service
  • [RANGER-1504] - There are errors information in solr_for_audit_setup installer.
  • [RANGER-1505] - Remove KeyProtector code in KMS
  • [RANGER-1507] - Do some code improvement in UserSync
  • [RANGER-1514] - Remove EasyMock dependency
  • [RANGER-1516] - Remove remaining *-plugin-install.properties
  • [RANGER-1518] - Do some code improvement for the error message in PolicyMgrUserGroupBuilder.java
  • [RANGER-1526] - Error class names in the printed logs
  • [RANGER-1527] - Make curator dependencies consistent
  • [RANGER-1528] - Update Maven jar plugin
  • [RANGER-1529] - Remove tez dependency from Hive/HDFS plugins
  • [RANGER-1532] - Friendly groups page delete function display, and other pages of the same function in sync
  • [RANGER-1533] - Fix the spelling in HiveConnectionMgr
  • [RANGER-1534] - Fix the spelling in HiveConnectionMgr
  • [RANGER-1539] - Improve, modify print log display method name
  • [RANGER-1543] - Fix the spelling in RangerBaseUdf
  • [RANGER-1546] - Code Improvement To Follow Best Practices
  • [RANGER-1549] - Add COMPONENT_INSTALL_DIR_NAME to the Storm install.properties
  • [RANGER-1570] - Finish cleaning up Mockito stubs
  • [RANGER-1585] - Do some code improvement for the error logs in RangerBasePlugin.java
  • [RANGER-1587] - Cleanup Ranger KMS service dependencies
  • [RANGER-1590] - Modify code for the error logs in ranger\knox-agent\src\main\java\org\apache\ranger\services\knox\client\KnoxClient.java
  • [RANGER-1593] - Avoid Classloading default AtlasResourceMappers
  • [RANGER-1597] - The log is inconsistent with the code in RangerServiceDefHelper class,update it to ensure their consistency.
  • [RANGER-1598] - make the tips of group and user consistent with others in en.js
  • [RANGER-1616] - Upgrade to Mockito 2
  • [RANGER-1634] - Extra debug logging for user sync
  • [RANGER-1662] - The user is easy to configure the wrong format's data for 'YARN REST URL' property when adding a new yarn service. It will cause testconnection fail.
  • [RANGER-1668] - Do some code improvement in setup.sh of security-admin
  • [RANGER-1673] - The default plugin configuration file is not readable
  • [RANGER-1697] - Update NiFi service def
  • [RANGER-1706] - Running CI on Travis
  • [RANGER-1721] - HBase plugins use deprecated code
  • [RANGER-1722] - Duplicate code for exception wrapping in BaseClient
  • [RANGER-1728] - Upgrade PMD plugin and fix related issues
  • [RANGER-1760] - test_resourcematcher_default.json is invalid
  • [RANGER-1785] - Remove ranger-hive-utils module
  • [RANGER-1799] - Knox Ranger test coverity fixes
  • [RANGER-1805] - Code improvement to follow best practices in js
  • [RANGER-1807] - Static object can be used directly at start() method for RangerHdfsAuthorizer class
  • [RANGER-1822] - Remove ssoEnabled accessors in RangerSSOAuthenticationFilter
  • [RANGER-1839] - Add the ability to specify SSO token audiences
  • [RANGER-1845] - Add support to configure JWT signature algorithms
  • [RANGER-1849] - Remove PasswordGenerator and FileStoreUtil
  • [RANGER-1867] - Update nimbus-jose-jwt to 4.41.2
  • [RANGER-1874] - ranger README.txt should be add tar and sqoop-plugin desc
  • [RANGER-1877] - The ranger policies json file should be formatted when exported at ranger service manager.
  • [RANGER-1881] - Code duplication in console handling in KMS
  • [RANGER-1882] - Compilation error in kms module with Hadoop 2.8.x
  • [RANGER-1889] - List Users belonging to Group in Group tab
  • [RANGER-1893] - Update HBase dependency to 1.2.6
  • [RANGER-1895] - Simplify Storm dependencies
  • [RANGER-1906] - Simplify Atlas plugin dependency management
  • [RANGER-1907] - The solr-solrj jar is not need for hive-agent. So it should be removed from the pom.xml file of the hive-agent
  • [RANGER-1910] - Simplify the maven dependency management of the Yarn plugin for Ranger .solr-solrj can be removed from the pom.xml file of the plugin-yarn
  • [RANGER-1915] - Optimize the code and keep the code style consistent in the RangerAdminRESTClient class
  • [RANGER-1916] - Remove duplicate code and optimize code in AtlasClient.class
  • [RANGER-1917] - Remove solr dependency from Kafka + Sqoop modules
  • [RANGER-1920] - Remove SOLR dependencies from the KMS service + plugins
  • [RANGER-1922] - Simplify HBase dependencies
  • [RANGER-1923] - Simplify Hive dependencies
  • [RANGER-1924] - Simplify ranger-hdfs plugin remove gson.jar in ranger/src/main/assembly/hdfs-agent.xml
  • [RANGER-1925] - Remove invalid code from plugin script.
  • [RANGER-1926] - Upgrade Storm dependency to 1.1.1
  • [RANGER-1927] - Upgrade Hive to 2.3.2
  • [RANGER-1933] - Improvement on Ranger-usersync log configuration
  • [RANGER-1936] - Upgrade Ranger to use Java 1.8
  • [RANGER-1938] - Solr for Audit setup doesn't use DocValues effectively
  • [RANGER-1940] - Upgrade to Knox 1.0.0
  • [RANGER-1941] - Use already defined methods and optimized log printing in RangerScriptExecutionContext class
  • [RANGER-1953] - improvement on user-group page listing
  • [RANGER-1954] - Specify a version for the native-maven-plugin
  • [RANGER-1969] - Fix failing Kafka tests with latest maven/JVM
  • [RANGER-1971] - Switch to use for-each loops
  • [RANGER-1976] - Upgrade Apache POI to 3.15
  • [RANGER-1977] - Upgrade Apache commons-beanutils to 1.9.3
  • [RANGER-1979] - Upgrade Spring-LDAP to 2.3.2
  • [RANGER-1987] - Upgrade to Storm 1.2.0
  • [RANGER-1990] - Add One-way SSL MySQL support in Ranger Admin

Test

  • [RANGER-1421] - Add tag based authorization tests for the supported components
  • [RANGER-1498] - Remove unnecessary mockito stubs
  • [RANGER-1524] - Add tag based authorization tests for Apache Storm
  • [RANGER-1580] - Update Kafka tests to work with 0.10.1.1
  • [RANGER-1588] - Simplify Storm Test config
  • [RANGER-1594] - Fix HBase tests to work with HBase 1.2.x
  • [RANGER-1635] - Stop writing keystore files to the home directory
  • [RANGER-1637] - Address coverity errors in the admin tests
  • [RANGER-1656] - Add kerberos tests for the Kafka plugin
  • [RANGER-1663] - Make Kafka GSS test more robust
  • [RANGER-1770] - Add tests for the Knox plugin
  • [RANGER-1827] - micro benchmark for policy evaluation
  • [RANGER-1842] - Don't catch Throwables in the test code
  • [RANGER-1894] - Fix HDFS tests to work with Hadoop 3.0.0

Wish

  • [RANGER-1491] - Automatically map group of external users to Administrator Role

Task

  • [RANGER-1157] - Handle the review suggestions from Josh Elser - during IPMC vote for ranger-0.6.1 (incubating) release
  • [RANGER-1995] - Ranger Release of 1.0.0
  • No labels