THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Apache Ranger 0.5.0 has been released on June 10, 2015.
The following Apache JIRAs have been resolved in the Apache Ranger 0.5.0 Release:
New Features
- [RANGER-178] - Ranger to support authorization and auditing for Apache Solr
- [RANGER-179] - Argus/Ranger to support authorization and auditing for Apache Kafka
- [RANGER-202] - Ranger hbase authorization at namespace level
- [RANGER-246] - Add support for Authorization and Auditing of Apache Kafka
- [RANGER-247] - Provide scalable/HA Hadoop KMS to support Hadoop TDE
- [RANGER-248] - Add support for Authorization and Auditing of YARN resources
- [RANGER-250] - Create permission model to allow/disallow functionality within ranger-admin UI
- [RANGER-203] - Framework to extend Ranger security to new components in a pluggable way
- [RANGER-256] - Enable pluggable way to add context data to request
- [RANGER-278] - REST, Store: validation of policy/service/service-def
Improvement
- [RANGER-189] - Fix mail aliases on website
- [RANGER-190] - Can you fix your 0.4.0 release?
- [RANGER-212] - Ranger should support computing user group memberships by searching for users and groups
- [RANGER-213] - Implement init.d status
- [RANGER-226] - Support JDBC based SQL invocation for setup process
- [RANGER-237] - Ranger to work with HA enabled WebHDFS with automatic failover
- [RANGER-272] - Make the timeout interval and size of executor used by TimedEventUtil configurable
- [RANGER-273] - Use HDFS authorization plugin interface to enforce ranger policies
- [RANGER-276] - Add support for aggregating audit logs at source
- [RANGER-281] - Support Postgres database for storing ranger policy information
- [RANGER-282] - Support MS-SQLServer database for storing ranger policy information
- [RANGER-293] - add server side checks for HDFS Repo connection properties
- [RANGER-307] - Policy evaluation optimization: reorder policies and short-circuit evaluation
- [RANGER-314] - Remove custom class loader used by ranger admin for resource lookup
- [RANGER-327] - Modify pom.xml to ensure that no hard-coded versions for maven dependencies and library
- [RANGER-374] - ranger admin need to support AJP connector to work behind SSL enabled Apache Load Balancer
- [RANGER-382] - 0.5.0 release - Code Cleanup to add/modify license headers and unwanted comments
- [RANGER-397] - Implement reliable streaming audits to configurable destinations
- [RANGER-418] - Upgrade script from earlier version (0.4.*) to the current version (0.5.0)
- [RANGER-431] - consolidate all configurations into ranger-<component>-site.xml
- [RANGER-441] - Add ranger-util module to be part of Ranger on all platform
- [RANGER-483] - Store user credential in SHA256 hashed value instead of MD5
- [RANGER-485] - Provide user friendly text for HTTP response code in Audit->Plugins
- [RANGER-488] - Prior to 0.5.0 release - update ranger pom.xml with appropriate (dependent component) release versions.
Sub-task
- [RANGER-221] - enhance usersync setup.sh to support new config properties introduced by RANGER-212
- [RANGER-241] - ServiceStore implementation to support persistence in RDBMS
- [RANGER-257] - Create KMS module within Apache Ranger to run KMS using hadoop-common KMS
- [RANGER-258] - Create KeyProvider that works across multiple instances of KMS instances
- [RANGER-259] - Create a utility to import JavaKeyStore Provider .jks file keys into RANGER keystorage
- [RANGER-262] - Implement Kafka Provider for Ranger Audit
- [RANGER-263] - Packaging for KafkaProvider in plugins
- [RANGER-267] - Implement Solr Ranger Audit Provider
- [RANGER-268] - Implement DAO to access Solr
- [RANGER-286] - service validations: make components either completely stateless or stateful by moving ctor arguments around
- [RANGER-291] - make NameNodeURL non mandatory while creating HDFS repository
- [RANGER-292] - Allow updating a service's and policy's name and enforce name-uniqueness during their create/update
- [RANGER-299] - Service def validation: create/update/delete of service def should be validated.
- [RANGER-304] - All validations: review various string comparisons and change those that should be done in a case insensitive manner
- [RANGER-305] - Service: validate the recursiveSupported and excludesSupported values
- [RANGER-308] - Provide Auditing of policy updates in new Service Model
- [RANGER-354] - Policy validation: Prevent creation/update of policies for the same resource
- [RANGER-359] - Policy validation: resource uniqueness: store resource signature of a policy in database for faster check
- [RANGER-365] - Policy validation: only users with admin role can create excludes policies
- [RANGER-376] - Develop a pluggable authorization API for KMS
- [RANGER-412] - Packaging changes for Ranger KMS
- [RANGER-417] - UI support for Ranger KMS
- [RANGER-419] - Policy validation: Assign generated name to a policy if one isn't specified before policy validation logic
- [RANGER-437] - Policy validation: Creation of hive UDF policy fails
- [RANGER-444] - Service-def validation: Detect and flag illegal resource hierarchies
- [RANGER-459] - Service def: Resource or Config list that is empty or contains duplicates
- [RANGER-462] - Policy validation: policy resource conflict signature check should be intra-service
Bug
- [RANGER-82] - Add pom.xml exclusions
- [RANGER-99] - enabling argus hive agent should set doAs=false in hive-site.xml
- [RANGER-140] - Clean up for FindBugs reported issue - Set 1
- [RANGER-141] - Argus Wiki link returns "Not Found"
- [RANGER-145] - Static analysis problems reported related to null pointer
- [RANGER-160] - Add junits for HDFS URLBasedAuthDB - audit log enabled check
- [RANGER-167] - Add junits for HDFS URLBasedAuthDB - grant access check
- [RANGER-177] - usersync process should be modified to run as ranger just like policy admin tool
- [RANGER-181] - Move Argus Project documentation to be under the Argus REPO
- [RANGER-185] - Optimize database transaction usage in admin web application
- [RANGER-186] - Improve failure handling in usersync service
- [RANGER-187] - Script parsing install.properties fails if there is space in the name value pair. It should be resilient to such user errors.
- [RANGER-188] - Add LSB headers to Ranger init.d scripts
- [RANGER-192] - User Detail Page hangs if user has many groups
- [RANGER-193] - Allow user to be created without group association
- [RANGER-195] - Need to update Wiki link in Ranger web page
- [RANGER-196] - Rename project name from ARGUS to RANGER in podlings.xml (http://incubator.apache.org/)
- [RANGER-198] - XaAccessControlListsTest.java missing Apache copyright
- [RANGER-200] - Implement pagination on Analytics page
- [RANGER-204] - Not able to delete user or group if user/group has any policy defined.
- [RANGER-206] - Rename argus with ranger in .project file
- [RANGER-207] - Few files are still containing the term Argus in exceptions for output messages
- [RANGER-210] - Ranger service should tell it's Software verison
- [RANGER-214] - Fix init.d restart
- [RANGER-215] - ranger virtual package dependency broken
- [RANGER-220] - Mismatched Comment in VXPolicy class
- [RANGER-223] - Ranger admin can not access to mysql?
- [RANGER-224] - Ranger admin can not access to mysql?
- [RANGER-225] - Ranger-LookupResource and ValidateConfig implementation for all components in the new pluggable model
- [RANGER-230] - Change hbase plugin to use the new framework
- [RANGER-231] - Wiki Documentation of Update policy
- [RANGER-232] - Change Knox plugin to use the new framework
- [RANGER-234] - WIndows Unit Tests are failing due to crypto filepath error
- [RANGER-236] - Remove winpkg from apache code base
- [RANGER-238] - Range Hive plugin needs update for changes in HiveAuthorizer interface
- [RANGER-239] - Support JDBC based SQL invocation for setup process
- [RANGER-240] - Change Storm plugin to use the new framework
- [RANGER-243] - AsyncAuditProvider thread should exit without delay on shutdown
- [RANGER-244] - Provide support to Show/Hide Users
- [RANGER-260] - Remove all eclipse settings files from repo
- [RANGER-264] - Ranger Admin login page requests fail with 404
- [RANGER-265] - If Hive repository's connection is setup incorrectly then it can make policy manager unresponsive.
- [RANGER-275] - UI Enhancements for 0.5 release
- [RANGER-277] - Ranger Public API changes to use Service Model
- [RANGER-279] - Update stack model to support UI input validation
- [RANGER-280] - Add color scheme for "Http Response Code" under Audit --> Agents
- [RANGER-283] - Dirty form confirmation popup should have option to "Proceed Anyway"
- [RANGER-284] - Replace "Agents" with "Plugins" in Ranger Admin UI
- [RANGER-287] - Plugin policy download audit log shows empty "Agent Id" field
- [RANGER-288] - Replace references to "Agent" with "Plugin" in UI
- [RANGER-289] - Remove unused class ServiceStoreFactory
- [RANGER-294] - Update CredentialShell usage to support non-interactive mode
- [RANGER-295] - Update Ranger HDFS plugin for recent changes in FSPermissionChecker
- [RANGER-296] - Plugin installation fails with NoClassDefFoundError: org/apache/commons/io/Charsets
- [RANGER-297] - Assemble ranger-admin to have Service model ranger plugins jar for lookup and validate functionality
- [RANGER-300] - Provide migration patch to migrate old db data to new Pluggable Service Model
- [RANGER-302] - DBA Privilege separation in Ranger Installation
- [RANGER-306] - Grant/revoke does not generate audit log
- [RANGER-309] - HBase repository config missing "Common Name for Certificate"
- [RANGER-312] - Validation: Enhancements, improvements, deferred items
- [RANGER-313] - Ranger Admin to load plugin classes in a child class-loader to avoid potential library conflicts
- [RANGER-315] - Need to provide backward compatibility of ranger-admin start/stop to previous version
- [RANGER-316] - Find alternative for pNotify plugin
- [RANGER-318] - Not able to add user with only numbers
- [RANGER-319] - Replace setVersion.sh bash script with platform independent python script
- [RANGER-320] - Usersync NPE when object does not have userNameAttribute
- [RANGER-322] - RangerResource class rename, utility methods addition
- [RANGER-323] - Policy evaluation optimization: cache results of resource-match in policy
- [RANGER-326] - Display a RO view of policy from the Audit page
- [RANGER-328] - Ranger HDFS plugin fails with NPE
- [RANGER-329] - Agent Plugin is not copying db driver jar files
- [RANGER-330] - Show audit of policy updates for new Service Model
- [RANGER-331] - Fix static code analyzer issues
- [RANGER-333] - Update plugins to load config from earlier version, when new version configs are not available
- [RANGER-334] - KMS configuration files are stored with incorrect permission
- [RANGER-335] - High Impact defects uncovered by static analysis of code by Coverity
- [RANGER-336] - Audit log timestamp needs update to take tz offset into account
- [RANGER-337] - Allow using of hyphen or space in first/last name field
- [RANGER-338] - Potential NPE problems in admin
- [RANGER-339] - Several dead-code, potential NPE and incorrect use of iterator issues
- [RANGER-340] - Remove zookeeper library added by ranger
- [RANGER-342] - Bust JS cache during version change to fetch new files from server
- [RANGER-343] - parameterized storm version
- [RANGER-344] - Cleanup/fixes to comply with best practices
- [RANGER-345] - enable-agent.sh isn't a file
- [RANGER-346] - Service-def files update to use map for *Options fields, instead of a string with custom format
- [RANGER-347] - YARN Resource Lookup in Ranger Admin UI get stuck with spinner and doesn't bring result
- [RANGER-348] - Allow ranger admin install with JDK 1.8
- [RANGER-353] - Ranger installation should support multiple platforms
- [RANGER-355] - Test connection fails with SSL error when setting up knox repository
- [RANGER-357] - Update Ranger HDFS plugin to use HDFS Authorization API
- [RANGER-358] - Show previous/next version of policy in Policy View popup
- [RANGER-360] - Add delegated admin logic to new Service Model
- [RANGER-361] - Enabling SSL in ranger admin service should rely on SSLEnabled flag instead of SSL port number
- [RANGER-362] - hbase agent bundles httpclient and httpcore jar
- [RANGER-363] - hdfs agent bundles httpclient and httpcore jar
- [RANGER-364] - hive agent bundles httpclient and httpcore jar
- [RANGER-366] - Grant/revoke should authorize based on grantor's user-groups
- [RANGER-367] - hadoop-common now relies on the apache-htrace during runtime, the deployment fails with class not found
- [RANGER-369] - ranger agent connection to ssl enabled ranger admin fails
- [RANGER-370] - Default policy created for a new HDFS service should have isRecursive=true
- [RANGER-371] - Policy search does not filter based on resource values
- [RANGER-372] - Provide a set of REST APIs to access, modify and create Ranger Service Definitions, Services and Policies
- [RANGER-373] - Hive grant/revoke fails to generate audit log
- [RANGER-375] - Show better error messages during failed logins
- [RANGER-377] - Build breaks when JAVA LIBRARY_PATH has spaces in the directory
- [RANGER-378] - Update Policy call failing to update
- [RANGER-379] - Ranger 0.5.0 Build fails due to changes in HIVE API parameters - HIVE-10223
- [RANGER-380] - PublicAPI should support search for service and policy with non case sensitive serviceType
- [RANGER-383] - Add new column to track resource signature in policy table
- [RANGER-384] - Ranger hive lookup and test connection issue due to hive-jdbc.jar wrong version in ranger admin
- [RANGER-385] - Fixes and enhancements to Permissions Model
- [RANGER-386] - Update HBase plugin for recent changes in HBase (build fix)
- [RANGER-387] - gettter/setter inconsistent names - RangerServiceDef - setType()/getName()
- [RANGER-388] - Add Postgres 8 support to Ranger Admin
- [RANGER-389] - Redirect to login page on session timeout
- [RANGER-390] - Merge RangerPolicyDb implementation with RangerPolicyEngine
- [RANGER-391] - ServiceDBStore to preserve the order of resources/users/groups
- [RANGER-392] - Provide Update/Delete for ServiceDef Object
- [RANGER-393] - Getting Blank page after adding a new group
- [RANGER-394] - Resource Lookup classes are not being available as part of CLASSPATH
- [RANGER-395] - ranger-usersync - unable to start ranger authentication process due to incorrect unix permission
- [RANGER-396] - Policy create/update/delete fail to update service.policyVersion field
- [RANGER-399] - Testing connection at a Kerberized cluster
- [RANGER-400] - isRecursive match does not work correctly
- [RANGER-402] - Ranger Admin install fails if 'java' not in PATH
- [RANGER-403] - Repo version not getting set in some of the objects
- [RANGER-404] - HDFS plugin does not generate audit for failure in mkdir
- [RANGER-405] - Hbase: access by super users are is not audited
- [RANGER-407] - Policy Creation should set both Delegate Admin and Admin permission for Hbase when Admin Permission is true during policy creation
- [RANGER-408] - Website needs Incubator logo and disclaimer
- [RANGER-410] - Default audit handler set in BasePlugIn is lost after policy refresh
- [RANGER-421] - Streamline usersync process
- [RANGER-424] - YARN plugin packaging to be reviewed for list of included libraries
- [RANGER-425] - Junit failures: Two UserMgr tests are broken
- [RANGER-426] - Ranger KMS policy not matching the right resource name
- [RANGER-427] - UserSync Process didn't sync the group when groups are added to the user at later time
- [RANGER-429] - Add new role (KEY_ADMIN) for KMS permissions in Ranger Admin
- [RANGER-430] - Need additional database columns to support log aggregation at source
- [RANGER-432] - Rename RangerAuditHandler to RangerAccessResultProcessor
- [RANGER-433] - Hbase plugin: Update coprocessor classes in anticipation of changes to hbase MasterObserver interface
- [RANGER-434] - HBase revoke does not remove 'delegateAdmin' flag
- [RANGER-435] - Policy validation messes up the order of resources
- [RANGER-436] - Policy validation: policy item with empty accesses list is valid if delegated admin is true
- [RANGER-438] - Fix Ranger KMS installation after ranger-site changes
- [RANGER-439] - Ranger usersync installation script is failing with latest python script
- [RANGER-440] - Add credential updater file for updating credentials
- [RANGER-442] - KMS installation script not copying connector jar properly
- [RANGER-445] - java.lang.IncompatibleClassChangeError during ranger kms startup
- [RANGER-446] - Update earlier version public API to skip new service-types and their policies
- [RANGER-447] - Ranger UserSync Process - startup is not sending the credential for keystore on subsequent setup ...
- [RANGER-448] - HBase fix for scan tables issue, HBASE-13482, should be applied in Ranger HBase plugin
- [RANGER-449] - Policy update via previous version public API fails for HBase/Hive/Knox/Storm
- [RANGER-450] - ranger_install.py needs to be updated for latest ranger-admin-site.xml changes
- [RANGER-451] - Multiple user module bug fixes
- [RANGER-452] - Ranger KMS config folder changes
- [RANGER-453] - Change db flavor input parameter value from SQLSERVER to MSSQL
- [RANGER-454] - Default policy created for a new KMS service should grant access to public group
- [RANGER-455] - Resource match should be case-sensitive for HDFS/HBase/Knox/Storm/YARN
- [RANGER-457] - Active Directory Authentication should authenticate on sAMAccountName attribute
- [RANGER-460] - Users / Groups Get and Set Visibility rest api should be allowed only for users with admin role.
- [RANGER-461] - Fix source files without having Apache License headers
- [RANGER-464] - Make hbase.rpc.protection value to be lower case
- [RANGER-465] - Fix Ranger config migration script
- [RANGER-466] - PolicyRefresher should timeout when Ranger Admin is non responsive and should use local cache for policy enforcement if present.
- [RANGER-468] - Audit logs should use "ranger-acl" as enforcer instead of "xasecure-acl"
- [RANGER-469] - HiveServer2 configuration directory needs to be updated
- [RANGER-470] - Rename attribute "id" of *Def objects to "itemId" - to avoid confusion with DB object id
- [RANGER-471] - Credential helper script should be bundled with plugins
- [RANGER-472] - KMS enhancements
- [RANGER-473] - usersync setup process - JAVA_HOME/bin should be part of PATH
- [RANGER-474] - Ranger usersync should instantiate the right class based on SYNC_SOURCE
- [RANGER-475] - HBase Agent : Potential Concurrent Data Access, Null Pointer Exception, API usage errors, and other miscellaneous defects found by static analysis of codebase
- [RANGER-476] - ServiceName should be used in Lookup Connection cache in Connection Manager instead of ServiceType as we can have multiple Services for same service type
- [RANGER-477] - HiveAgent: Potential Concurrent Data Access, Null Pointer Exception, API usage errors, and other miscellaneous defects found by static analysis of codebase
- [RANGER-478] - Audit logs for grant/revoke do not have IP address
- [RANGER-479] - PolicyEngine interface to be trimmed for better abstraction; cleanup ServiceStore hierarchy to remove move predicate util methods
- [RANGER-481] - Credential helper script should use java from defined JAVA_HOME
- [RANGER-482] - HDFS plugin denies access even when policy exists to allow the access
- [RANGER-484] - Provide ability to have LDAP attribute "referral" in config
- [RANGER-486] - Add index for the new column `resource_signature` in table `x_policy`.
- [RANGER-487] - Fix pagination issues in analytics page
- [RANGER-489] - Revise Ranger Menu UI
- [RANGER-490] - Revise Ranger Menu UI
- [RANGER-491] - Revise Ranger Menu UI
- [RANGER-492] - New LDAP/AD properties should be available during install in windows
- [RANGER-493] - Fix KMS dba script to work from non-install dir
- [RANGER-494] - Coverity scan issue about toString returning null
- [RANGER-495] - Coverity Scan for Apache Ranger : - Null pointer issue on KnoxClient lookup manager
- [RANGER-496] - Fix build failure due to Kafka API change
- [RANGER-497] - Caught `Null Pointer Exception` while reading service-def without logged in.
- [RANGER-498] - Ranger KMS needs credential_help.py during setup process - which is missing
- [RANGER-499] - Ranger-KMS policy creation fail's with User 'keyadmin' does not have delegated-admin privilege on given resources when installed manually
- [RANGER-501] - Need solr audit connectivity properties on the rangeradmin
- [RANGER-502] - To support easier extension/enhancement, provide abstract implementation for interfaces ConditionEvaluator/ContextEnricher/ResourceMatcher; also should support parameterless init
- [RANGER-503] - Ranger admin start failed on Suse 11
- [RANGER-504] - KMS repo URL needs to handle multiple KMS instances
- [RANGER-505] - Fix column length for Service def config field
- [RANGER-506] - Update password script should update the right config file
- [RANGER-507] - Resource-match logic to be moved out of policy-evaluator for reuse
- [RANGER-508] - Knox server can't come up after Ranger plugin is installed due to jar conflicts
- [RANGER-509] - KMS keys listing throws authentication required error in secure cluster
- [RANGER-510] - Client IP not getting populated for KMS in audit
- [RANGER-511] - Client IP not getting populated for KMS in audit
- [RANGER-512] - Policy creation should fail if any user/group specified does not exist in Ranger
- [RANGER-514] - Solr audit not working in KMS plugin
- [RANGER-515] - Policy Listing/Permission Listing page doesn't show groups for users/groups when the user belongs to large number of groups
- [RANGER-516] - Implement Scope and Restriction of users having KEY_ADMIN Role
- [RANGER-517] - When login into Policy Admin Tool using Unix User Credential, it is not working
- [RANGER-518] - [rolling downgrade] - disable SHA256 hashing of password to provide a way to test rolling downgrade of ranger admin downgrade
- [RANGER-519] - Access Audit filtering does not work for servicename
- [RANGER-520] - When getting Keys from a clustered kms servers, stale key list is returned
- [RANGER-522] - Update YARN service-def to remove ip-custom-condition
- [RANGER-523] - Update embedded service-def creation sequence and other misc fixes
- [RANGER-525] - Use JDK class for Key Protection instead of having own classes
- [RANGER-526] - Provide REST API to change user role
- [RANGER-527] - System should preserve Service-def ID if it's given at the time of creating
- [RANGER-528] - System should preserve Service-def ID if it's given at the time of creating
- [RANGER-530] - Access-type "all" should imply rest of the permissions in Hive
- [RANGER-531] - Legacy plugins unable to download policies
- [RANGER-534] - Upgrade does not migrate some policies
- [RANGER-536] - Test connection fails with SSL error when setting up knox repository
- [RANGER-537] - service-def create fails when ID is not specified
- [RANGER-538] - Error messages shown in Ranger Admin lack details
- [RANGER-540] - Disable JPA cache to support ranger-admin in HA deployment
- [RANGER-543] - RangerTimeOfDataMatcher condition to support time ranges that span across midnight
- [RANGER-546] - Custom condition evaluation issues
Task
- [RANGER-233] - Update the version number on the pom.xml to be 0.5.0
- [RANGER-242] - Ranger config migration script
- [RANGER-317] - ranger-usersync setup fails with NoClassDefFoundError
- [RANGER-351] - Update HBase plugin to use HBase version 1.1 (from 0.99.2)
- [RANGER-352] - To facilitate update of service-def, add ID attribute to contained objects
- [RANGER-480] - Need access control on REST API based on permission model
- [RANGER-194] - Rename packages from xasecure to apache ranger
Test
- [RANGER-245] - Strom plugin test connection failed