This is an automated email from the ASF dual-hosted git repository.

dhavalshah9131 pushed a change to reference refs/for/master
in repository https://gitbox.apache.org/repos/asf/ranger.git.


    from 7e80592  RANGER-3339 : Make Ranger Solr audit collection storage 
configurable
     add 77862fe  RANGER-3381: Upgrade to junit 4.13.1
     add 15f5c38  RANGER-3387 : Ranger Admin Header Validation
     add 6ee120f  RANGER-3400:Include htrace-core.jar in tagsync, usersync and 
kms module to avoid startup issue
     add 0f0285c  RANGER-3368:Ranger HiveAuthorizer improvements to handle 
uncharted hive commands-exclude some hive commands from the check for input 
output HiveObjects
     add e5cd204  RANGER-3397: Update ACL computation to (optionally) expand 
Ranger Roles to users and groups and include chained-plugins in ACL computation 
- Part 3
     add 208367b  RANGER-3371: Addendum patch to fix json parsing issue related 
to timestamp fields
     add cbbed8b  RANGER-3371: Addendum patch to add serviceType in policy json
     add 885640e  RANGER-3407:Handle authorization of Hive Drop database / 
table if exists in RangerHiveAuthorizer when database / table doesn't exist
     add e276af0  RANGER-3419:compressDeltas method returns two ranger policy 
entries for policy create+update case when provided lastKnownVersion is 
previous to create call
     add 53c9811  RANGER-3404: user with no permissions can access and edit 
deligate admin only policies
     add 321435f  RANGER-3388 : Session Inactivity Timeout: Ranger UI part.
     add 18838b6  RANGER-3384: Metric Get API add input validation
     add 3af1378  RANGER-3420: resource matcher updated to support quoted 
resource names
     add 58a104b  RANGER-3243:Build fails on JDK 8 and 11
     add f40dc24  RANGER-3444: fixed isAccessAllowed() return to reference the 
same request object given by the caller
     add 5877f32  RANGER-3445:Fix regression in HiveAuthorizer in handling 
Handle authorization of Hive Drop database / table if exists
     add 91aaff4  RANGER-3447: optimized reading of service-def from database
     add 3041d1b  RANGER-3446: docker config fix for Ranger admin startup 
failure
     add dd283ef  Refer to Apache Altas version 2.2.0 in ranger repo
     add 900eec0  Revert "RANGER-3211: Upgrade libthrift to 0.14.1"
     add 7b55dfd  RANGER-3245:Use OpenJDK in TravisCI config instead of 
OracleJDK
     add 30e1c9f  RANGER-3285: Fix missing updates to sync source during 
upgrades
     add f599c91  RANGER-3441:PropertiesUtil (Admin) logging potentially 
sensitive data
     add 3c6b44e  RANGER-3454:Hive command RELOAD FUNCTION failing in Ranger 
HiveAuthorization
     add 0ffc660  Merge branch 'master' of 
https://gitbox.apache.org/repos/asf/ranger
     add c33ff07  RANGER-3455 : [Logout-Ranger] Should either be disabled/ 
should redirect to knox logout page
     add 1debdbc  RANGER-3397: Update ACL computation to (optionally) expand 
Ranger Roles to users and groups and include chained-plugins in ACL computation 
- Part 2
     add d7a3de1  RANGER-3457 : [Session Timeout-Ranger]With multiple tabs if 
one tab encounters session idle timeout other active tab still continues with 
old/invalid session cookie.
     add db9b264  RANGER-3359: Upgrade json-smart and nimbus-jose-jwt libraries
     add d90361d  RANGER-3462: User with delegated admin permission on a 
resource cannot fetch policy for the resource
     add 4715c3e  RANGER-3453: Avoid logging sensitive information in 
UserMgr.java
     add 3977c95  RANGER-3463 : Use apt logger to log messages
     add eedbb82  RANGER-3467:Revert RANGER-3368 Ranger HiveAuthorizer 
improvements to handle uncharted hive commands
     add 871b0dc  RANGER-3465 : Upgrade spring-security to 5.5.2
     add 7dec301  RANGER-3474:RangerHivePlugin enhancement to handle new Hive 
commands
     add 4778fd5  RANGER-3421: Key getting logged in RangerMasterKey
     add ec7e57e  RANGER-3435: Add unique index on guid and service id column 
of x_policy table
     add b8f8a3e  RANGER-3481: Incremental policy updates do not work correctly 
for multiple security zones
     add db9f9a4  RANGER-3439: REST api to get or delete ranger policy based on 
guid and service name
     add b8d1543  RANGER-3480: Policy version in access audit is not matching 
with the policy version seen in policy view
     add b559a1f  RANGER-3418 : Rotated Ranger admin access logs aren't getting 
removed
     add 2ca4551  RANGER-3470 : Ranger - Upgrade commons-io to 2.11.0
     add a4121b8  RANGER-3482: fix for Kafka plugin initialization failure - 
NoClassDefFoundError htrace
     add efe1bcd  RANGER-3471 : Upgrade Jetty-client, commons-compress, 
poi-ooxml jar
     add 4ea9ef6  RANGER-3452: Audit otherAttributes and syncSource for updates 
to users/groups.
     add 27c32c4  RANGER-2846 RANGER-2847: Fix TestConnection and Resource 
lookup for ozone plugin
     add ed6ece2  RANGER-3478:Remove INFO level auditing logs in the Ranger 
audit frame to reduce verbosity
     add c491073  RANGER-3489:Add htrace-core.jar as dependency for various 
Ranger Plugins
     add 98c0364  RANGER-3332: script evaluator - added test cases for 
user/group attribute conditions
     add 1639896  RANGER-3433: Null Dereference in ServiceREST getPolicyByName 
method
     add 5acc0a3  RANGER-3488:Docker setup for Apache Ranger Knox plugin
     add 5732060  RANGER-3023: Permission tab takes longer time to load with 
large number of users and group_users data
     add 1bdf70c  RANGER-3416:Update Ranger website for 2.2.0 release
     add e256682  RANGER-3509: updateRoles() REST API updated to permit 
role-admins
     add 5ca622f  RANGER-3505: modified code to ignore case while validating a 
user for update
     add 57c6c24  RANGER-3503: Updated Ozone servicedef to make 
hadoop.security.authorization config an optional property. Also added 
corresponding upgrade patch
     add 63aeb52  RANGER-3510 : Ranger upgrade spring framework version to 
5.3.12
     add 7d09472  RANGER-3499 : Upgrade tomcat to 8.5.72
     add befc6d7  RANGER-3508: enhanced script condition expression for easier 
access to user/group/tag/resource attributes
     add a0363ea  RANGER-3508: enhanced script condition expression for easier 
access to user/group/tag/resource attributes
     add efee667  Revert "RANGER-3508: enhanced script condition expression for 
easier access to user/group/tag/resource attributes"
     add dc6dc62  RANGER-3504 : Create framework to execute DB patch dependent 
on Java patch
     add 8068996  RANGER-3516 : J10045 patch is taking more time during upgrade
     add 71888f2  RANGER-3519: Provide an option to optimize space needed by 
Trie objects
     add d8f674d  RANGER-3507:Handle trailing slash in the ranger Hive URL 
policy authorization
     add 5fb097f  RANGER-3514: Java patch to update sync source on upgrades
     add b56aa63  RANGER-3515: Enhance Ranger Java client SSL config to be 
configured using serviceType and AppId
     add 3f82858  RANGER-3522: Improve Tagsync authentication error reporting
     add de8f5e1  RANGER-3493: Add unique index on service and 
resource_signature column of x_policy table
     add 4fdb3af  RANGER-3511: Create Java patch to update policy 
resource-signature to unique value.
     add 856571c  RANGER-3490: Make policy resource signature is unique in a 
service
     add 5d12723  Revert "RANGER-3135: optimze log print for querying roles"
     add a6583cf  RANGER-3526: policy evaluation ordering to use name as 
secondary sorting key
     add 3045345  RANGER-3276 Remove duplicate code from buildks
     add fe97016  RANGER-3526: policy evaluation ordering to use name as 
secondary sorting key - #2
     add a7b527b  RANGER-3518: Limit the query size stored in Audit logs
     add bb9b3cd  RANGER-3528 : Ranger Group creation audit is not shown during 
service creation
     add 6678ef7  RANGER-3468: Fixed an issue where inactivity timeout request 
is not handled properly when the requested sessionid is invalid
     add 84cdf59  RANGER-3438: Optimized code to extract GroupPrincipals from 
javax Subject and used similar logic for retrieving primaryUser & 
impersonatedUser from Subject
     add 8968eae  RANGER-3435: Add unique index on guid, service and zone_id 
column of x_policy table
     add 185ca1c  RANGER-3512 : Create Java patch to update policy guid to 
unique value.
     add 5852efd  RANGER-3519: Provide an option to optimize space needed by 
Trie objects - Part 2
     add 000e635  RANGER-3439: Add rest api to get or delete ranger policy 
based on guid
     add 695bedd  RANGER-3535: A delegate admin user should be able to add 
another user with all or subset of permissions they have
     add b61ed9f  RANGER-3502: Make GET zone APIs accessible to authorized 
users only
     add d3af747  RANGER-3538: Reduce the granularity of locking when 
building/retrieving a policy-engine within Ranger admin service
     add 25def39  RANGER-2967: Add support for Amazon CloudWatch Logs as an 
Audit Store
     add fcea574  RANGER-3298. Add coarse option for Hive URI permission check
     add 0258fcf  RANGER-3484:Ranger usersync directory is being created as 
root owner
     add 00dd3fc  RANGER-3298: Add coarse URI check for Hive Agent -PMD fix
     add 6554332  RANGER-3490 : Make policy resource signature is unique in a 
service part2
     add a3d7982  RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT 
DEFINED BY RFC 6797
     add 3388a41  RANGER-3030: Replace Findbugs with Spotbugs maven plugin
     add 07b2931  RANGER-3427: Null Dereference in PublicApis.java
     add ce2e3d3  RANGER-3547:Upgrade to use log4j 2.15.0+ version to ensure 
that we are using supported version of log4j
     add 3b32ec7  RANGER-3548: Update performance engine test scripts
     add 4f3806f  RANGER-3546:Update Spotbugs plugin Executions cycle
     add ec74c53  RANGER-3520: Upgrade Netty version
     add ec463f0   RANGER-3547:Upgrade to use log4j 2.16.0+ version to ensure 
that we are using supported version of log4j
     add 7406d2d  RANGER-3554: [Intermittent] API call to fetch the list of 
policies for a particular service repo returns a deleted policy in the response
     add cc62216  RANGER-3553: Unit test coverage for XUserMgr class
     add 64cbfcd  RANGER-3543: Remove spotbugs-annotations-3.1.9 from classpath
     add dc01126  RANGER-3545: Remove Logger Checks for Info Enabled
     add a06bc63  RANGER-3443 : "X-Permitted-Cross-Domain-Policies" header not 
set by Ranger UI
     add d6f0196  RANGER-3556: Ranger tagsync logs unnecessary messages
     add 993cf0d  RANGER-3554: [Intermittent] API call to fetch the list of 
policies for a particular service repo returns a deleted policy in the response 
- Part 2"
     add 9f08bbd  RANGER-3553: Unit Tests coverage for UserMgr class
     add 0f9bfbe  RANGER-3557: Upgrade to use log4j 2.17.0+ version to ensure 
that we are using supported version of log4j
     add e198d01  RANGER-3550: enhancement to support use of user/tag 
attributes in row-filter/condition expressions
     add 27b2840  RANGER-3533 : Provide sorting on columns throughout the 
audits result set and policy listing page
     add 71744d3  RANGER-3540: Add support to read audit logs from Amazon 
CloudWatch
     add bbbc23c  RANGER-3290 ArrayIndexOutOfBoundsException if solr is down
     add 50959d7  RANGER-3563: fixed plugin installation failure in docker due 
to recent changes in RANGER-3540
     add ca37ccd  RANGER-3564: fixed failure in installation of Ranger plugin 
for HDFS
     add 8235a8e  RANGER-3565: updated RangerRESTClient with option to retry 
calls to Ranger admin
     add 02b071a  RANGER-3559 : RANGER KMS - Metric details for kms are not 
getting collected
     add df07b0d  RANGER-3562: Redesign post commit tasks for updating 
ref-tables when policy/role is updated
     add 9a034ab  RANGER-3571: Fixed a bug in GrantRevokeRoleRequest.toString()
     add 26401a9  RANGER-3487 : Update underscorejs with latest version.
     add 56bac60  RANGER-3567: support request expressions in policy resources
     add dd7c773  RANGER-3562: Redesign post commit tasks for updating 
ref-tables when policy/role is updated - Part 2
     add 7fd191e  RANGER-3573: Add vim in docker base image
     add c644abf  RANGER-3560: Upgrade kylin version to 2.6.6
     add ba917a6  RANGER-3578: Simplify code for policy label creation
     add 0f6f4d0  Merge branch 'master' of 
https://gitbox.apache.org/repos/asf/ranger
     add 78cfc75  RANGER-3561: Upgrade Storm version to 1.2.4
     add 277f461  RANGER-3576: service creation is failing intermittently due 
to DB unique key constraint violation
     add 47617bb  RANGER-3584: ServiceTags are not computed correctly by 
applying incremental changes to existing ServiceTags
     add 20046b2  RANGER-3585: Docker setup to run usersync and tagsync
     add 1af1252  RANGER-3569 : Support Ranger KMS integration with Google 
cloud HSM
     add 1bef752  RANGER-3577 : RANGER : Upgrade POI version to 5.1.0
     add 7180910  RANGER-3498: removed log4j-1.x dependency, replaced 
references to org.apache.log4j and org.apache.commons.logging with org.slf4j
     add c96bc8b  RANGER-3586: updated script evaluator to support csv of 
group/tag attributes
     add 07e74c2  RANGER-3539: Add jacoco-maven-plugin for code coverage
     add 6579867  RANGER-3589 : Ranger java patches failing due to admin 
privilege checks
     add 2925289  Revert "RANGER-3589 : Ranger java patches failing due to 
admin privilege checks"
     add bfc9c54  RANGER-3589 : Ranger java patches failing due to admin 
privilege checks
     add 09ec4d9  RANGER-3590 : User with Auditor role in security zone can 
change a policy's name and description
     add 5d07d12  RANGER-3551: Analyze & optimize module permissions related 
API (Part-1)
     add c169d6d  RANGER-3568 : Services of one zone are seen in other zone 
from UI
     add d7d58ef  RANGER-3498: removed log4j-1.x dependency, replaced 
references to org.apache.log4j and org.apache.commons.logging with org.slf4j - 
#2
     add e5c7ee7  Revert "RANGER-3590 : User with Auditor role in security zone 
can change a policy's name and description"
     add ba999ed  RANGER-3498 : RANGER : Remove log4j1 dependencies.
     add 885d12d  RANGER-3579: Upgrade Log4j2 to 2.17.1
     add 0ed9d51  RANGER-3593: Hive authorizer fix for access to {OWNER} user
     add fedd731  RANGER-3552 : Improvement in Module Permission edit page.
     add f9b5f6e  RANGER-3592: Upgrade Spring framework to 5.3.15
     add 5543215  RANGER-3597 :User role should not be able to modify the Policy
     add f279656  RANGER-3403: Incorporated review comments and fixed one 
regression case where order of roles is not applied properly
     add 6a15ce5  RANGER-3594: Ranger setup fails for mariadb/mysql when binary 
logging is enabled
     add 3ab249a  RANGER-3591: Upgrade protobuf-java to 3.19.3
     add a2e1ec4  RANGER-3605: added support for macros in row-filter/condition 
expressions
     add 4d4bf46  RANGER-3606: removed static class members from plugin class 
loaders
     add 2607038  RANGER-3542: Fix invalid HTTPS check
     add a5eee48  RANGER-3607: Add network name for all ranger components
     add 07c6875  RANGER-3609: plugins to automatically add userStoreEnricher 
when any policy has references to user/group attributes
     add 9a2c732  RANGER-3617: incorrect deny for _any access due to tag policy
     add be23736  RANGER-3610 Refactor service creation and fix errors during 
container restart
     add 03f6d3f  RANGER-3522: Improve Tagsync authentication error reporting - 
Part 2
     add a5743e8  RANGER-3614:Make audit log for INSERT, UPDATE, DELETE, 
TRUNCATE statement of hive table recognizable
     add 5f8d001  RANGER-3625: fixed incorrect LOG.isDebugEnabled() condition 
in RangerHiveAuthorizer
     new 5221f83  add TencentKMS as MasterKeyProvider

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .travis.yml                                        |   44 +-
 agents-audit/pom.xml                               |   80 +-
 .../AmazonCloudWatchAuditDestination.java          |  198 ++
 .../ranger/audit/destination/AuditDestination.java |    6 +-
 .../destination/ElasticSearchAuditDestination.java |    8 +-
 .../audit/destination/FileAuditDestination.java    |    8 +-
 .../audit/destination/HDFSAuditDestination.java    |   19 +-
 .../audit/destination/Log4JAuditDestination.java   |   12 +-
 .../audit/destination/SolrAuditDestination.java    |   12 +-
 .../ranger/audit/provider/AsyncAuditProvider.java  |    6 +-
 .../audit/provider/AuditFileCacheProvider.java     |    6 +-
 .../audit/provider/AuditProviderFactory.java       |   18 +-
 .../ranger/audit/provider/AuditWriterFactory.java  |    6 +-
 .../ranger/audit/provider/BaseAuditHandler.java    |   66 +-
 .../ranger/audit/provider/Log4jAuditProvider.java  |    8 +-
 .../apache/ranger/audit/provider/Log4jTracer.java  |    6 +-
 .../org/apache/ranger/audit/provider/MiscUtil.java |   97 +-
 .../audit/provider/MultiDestAuditProvider.java     |    8 +-
 .../provider/StandAloneAuditProviderFactory.java   |    6 +-
 .../audit/provider/hdfs/HdfsAuditProvider.java     |    6 +-
 .../audit/provider/kafka/KafkaAuditProvider.java   |    8 +-
 .../audit/provider/solr/SolrAuditProvider.java     |   10 +-
 .../apache/ranger/audit/queue/AuditAsyncQueue.java |   10 +-
 .../apache/ranger/audit/queue/AuditBatchQueue.java |   10 +-
 .../audit/queue/AuditFileCacheProviderSpool.java   |   20 +-
 .../apache/ranger/audit/queue/AuditFileQueue.java  |    6 +-
 .../ranger/audit/queue/AuditFileQueueSpool.java    |   20 +-
 .../apache/ranger/audit/queue/AuditFileSpool.java  |   20 +-
 .../org/apache/ranger/audit/queue/AuditQueue.java  |    8 +-
 .../ranger/audit/queue/AuditSummaryQueue.java      |   12 +-
 .../org/apache/ranger/audit/test/TestEvents.java   |    9 +-
 .../audit/utils/AbstractRangerAuditWriter.java     |   15 +-
 .../apache/ranger/audit/utils/KerberosAction.java  |    6 +-
 .../org/apache/ranger/audit/utils/ORCFileUtil.java |    6 +-
 .../ranger/audit/utils/RangerJSONAuditWriter.java  |    9 +-
 .../ranger/audit/utils/RangerORCAuditWriter.java   |    6 +-
 agents-common/conf/log4j.properties                |   33 -
 agents-common/conf/logback.xml                     |   32 +
 agents-common/pom.xml                              |   40 +-
 .../apache/hadoop/security/SecureClientLogin.java  |    6 +-
 .../ranger/admin/client/RangerAdminRESTClient.java |   17 +-
 .../ranger/admin/client/datatype/RESTResponse.java |    5 +-
 .../hadoop/config/RangerAdminConfig.java           |    5 +-
 .../hadoop/config/RangerAuditConfig.java           |    5 +-
 .../hadoop/config/RangerChainedPluginConfig.java   |    6 +-
 .../hadoop/config/RangerConfiguration.java         |   10 +-
 .../hadoop/config/RangerLegacyConfigBuilder.java   |    5 +-
 .../hadoop/config/RangerPluginConfig.java          |    7 +-
 .../hadoop/constants/RangerHadoopConstants.java    |    2 +
 .../ranger/authorization/utils/JsonUtils.java      |    6 +-
 .../plugin/audit/RangerDefaultAuditHandler.java    |    6 +-
 .../audit/RangerMultiResourceAuditHandler.java     |    6 +-
 .../apache/ranger/plugin/client/BaseClient.java    |    6 +-
 .../ranger/plugin/client/HadoopConfigHolder.java   |    6 +-
 .../RangerAccessedFromClusterCondition.java        |    6 +-
 .../RangerAccessedFromClusterTypeCondition.java    |    7 +-
 .../RangerAccessedNotFromClusterCondition.java     |    6 +-
 .../RangerAccessedNotFromClusterTypeCondition.java |    6 +-
 ...AnyOfExpectedTagsPresentConditionEvaluator.java |   12 +-
 .../RangerContextAttributeValueInCondition.java    |    6 +-
 .../RangerContextAttributeValueNotInCondition.java |    6 +-
 ...ngerHiveResourcesAccessedTogetherCondition.java |    6 +-
 ...rHiveResourcesNotAccessedTogetherCondition.java |    6 +-
 .../plugin/conditionevaluator/RangerIpMatcher.java |    6 +-
 ...oneOfExpectedTagsPresentConditionEvaluator.java |   15 +-
 .../RangerScriptConditionEvaluator.java            |  135 +-
 .../RangerScriptExecutionContext.java              |  548 ----
 .../RangerScriptTemplateConditionEvaluator.java    |    6 +-
 .../RangerTagsAllPresentConditionEvaluator.java    |   12 +-
 .../conditionevaluator/RangerTimeOfDayMatcher.java |    6 +-
 .../RangerAbstractContextEnricher.java             |    6 +-
 .../RangerAbstractGeolocationProvider.java         |    6 +-
 .../contextenricher/RangerAdminTagRetriever.java   |    6 +-
 .../RangerAdminUserStoreRetriever.java             |    6 +-
 .../RangerFileBasedTagRetriever.java               |   15 +-
 .../plugin/contextenricher/RangerTagEnricher.java  |   20 +-
 .../plugin/contextenricher/RangerTagForEval.java   |    6 +-
 .../contextenricher/RangerUserStoreEnricher.java   |   31 +-
 .../contextenricher/RangerUserStoreRefresher.java  |   10 +-
 .../ranger/plugin/errors/ValidationErrorCode.java  |    6 +-
 .../ranger/plugin/geo/GeolocationMetadata.java     |    6 +-
 .../ranger/plugin/geo/RangerGeolocationData.java   |    6 +-
 .../plugin/geo/RangerGeolocationDatabase.java      |    6 +-
 .../org/apache/ranger/plugin/geo/ValuePrinter.java |    6 +-
 .../model/RangerPolicyResourceSignature.java       |   15 +-
 .../plugin/model/RangerSecurityZoneHeaderInfo.java |   55 +
 .../plugin/model/RangerServiceHeaderInfo.java      |   67 +
 .../model/validation/RangerPolicyValidator.java    |   41 +-
 .../model/validation/RangerRoleValidator.java      |    6 +-
 .../validation/RangerSecurityZoneValidator.java    |    6 +-
 .../model/validation/RangerServiceDefHelper.java   |    6 +-
 .../validation/RangerServiceDefValidator.java      |    6 +-
 .../model/validation/RangerServiceValidator.java   |    6 +-
 .../plugin/model/validation/RangerValidator.java   |   27 +-
 .../RangerValidityScheduleValidator.java           |    6 +-
 .../validation/RangerZoneResourceMatcher.java      |    6 +-
 .../model/validation/ValidationFailureDetails.java |    6 +-
 .../ranger/plugin/policyengine/CacheMap.java       |    6 +-
 .../ranger/plugin/policyengine/PolicyEngine.java   |   30 +-
 .../policyengine/RangerAccessRequestImpl.java      |   24 +-
 .../plugin/policyengine/RangerPluginContext.java   |    6 +-
 .../policyengine/RangerPolicyEngineImpl.java       |   20 +-
 .../policyengine/RangerPolicyEngineOptions.java    |   32 +-
 .../policyengine/RangerPolicyRepository.java       |   36 +-
 .../policyengine/RangerRequestScriptEvaluator.java | 1058 +++++++
 .../plugin/policyengine/RangerResourceACLs.java    |    6 +-
 .../plugin/policyengine/RangerResourceTrie.java    |   75 +-
 .../RangerAbstractPolicyEvaluator.java             |    6 +-
 .../RangerAuditPolicyEvaluator.java                |    6 +-
 .../RangerCustomConditionEvaluator.java            |   12 +-
 .../RangerDefaultPolicyEvaluator.java              |   40 +-
 .../RangerDefaultPolicyItemEvaluator.java          |   12 +-
 .../RangerDefaultRowFilterPolicyItemEvaluator.java |   30 +-
 .../RangerOptimizedPolicyEvaluator.java            |    6 +-
 .../policyevaluator/RangerPolicyEvaluator.java     |   20 +-
 .../RangerValidityScheduleEvaluator.java           |    8 +-
 .../RangerDefaultPolicyResourceMatcher.java        |   10 +-
 .../RangerAbstractResourceMatcher.java             |  169 +-
 .../RangerDefaultResourceMatcher.java              |    6 +-
 .../resourcematcher/RangerPathResourceMatcher.java |   42 +-
 .../resourcematcher/RangerURLResourceMatcher.java  |   42 +-
 .../plugin/resourcematcher/ResourceMatcher.java    |   55 +-
 .../ranger/plugin/service/RangerBasePlugin.java    |   89 +-
 .../ranger/plugin/service/RangerBaseService.java   |    6 +-
 .../ranger/plugin/service/RangerChainedPlugin.java |    6 +-
 .../service/RangerDefaultRequestProcessor.java     |   12 +
 .../plugin/service/RangerDefaultService.java       |    6 +-
 .../ranger/plugin/store/AbstractServiceStore.java  |    6 +-
 .../plugin/store/EmbeddedServiceDefsUtil.java      |   10 +-
 .../plugin/store/file/GeolocationFileStore.java    |    6 +-
 .../apache/ranger/plugin/util/DownloaderTask.java  |    6 +-
 .../ranger/plugin/util/GrantRevokeRoleRequest.java |    2 +-
 .../apache/ranger/plugin/util/MacroProcessor.java  |   86 +
 .../ranger/plugin/util/PerfDataRecorder.java       |    8 +-
 .../apache/ranger/plugin/util/PolicyRefresher.java |   10 +-
 .../plugin/util/RangerAccessRequestUtil.java       |   36 +-
 .../ranger/plugin/util/RangerCommonConstants.java  |   49 +-
 .../ranger/plugin/util/RangerMetricsUtil.java      |    5 +-
 .../plugin/util/RangerPerfCollectorTracer.java     |    4 +-
 .../ranger/plugin/util/RangerPerfTracer.java       |   20 +-
 .../plugin/util/RangerPerfTracerFactory.java       |    4 +-
 .../ranger/plugin/util/RangerPluginCapability.java |    3 +-
 .../ranger/plugin/util/RangerPolicyDeltaUtil.java  |   12 +-
 .../ranger/plugin/util/RangerRESTClient.java       |  158 +-
 .../apache/ranger/plugin/util/RangerRESTUtils.java |    9 +-
 .../plugin/util/RangerRequestExprResolver.java     |  189 ++
 .../ranger/plugin/util/RangerRolesProvider.java    |   10 +-
 .../plugin/util/RangerServiceTagsDeltaUtil.java    |   69 +-
 .../apache/ranger/plugin/util/RangerSslHelper.java |    6 +-
 .../ranger/plugin/util/ScriptEngineUtil.java       |   82 +
 .../apache/ranger/plugin/util/ServiceDefUtil.java  |  249 +-
 .../apache/ranger/plugin/util/ServicePolicies.java |    6 +-
 .../org/apache/ranger/plugin/util/ServiceTags.java |   48 +
 .../ranger/plugin/util/StringTokenReplacer.java    |    7 +-
 .../org/apache/ranger/plugin/util/XMLUtils.java    |    5 +-
 .../ranger/services/tag/RangerServiceTag.java      |    6 +-
 .../service-defs/ranger-servicedef-ozone.json      |    2 +-
 .../RangerCustomConditionMatcherTest.java          |   77 +-
 .../RangerRequestScriptEvaluatorTest.java          |  192 ++
 .../conditionevaluator/RangerSimpleMatcher.java    |    6 +-
 .../model/TestRangerPolicyResourceSignature.java   |   18 +
 .../validation/TestRangerPolicyValidator.java      |   24 +-
 .../model/validation/TestRangerValidator.java      |    4 +-
 .../ranger/plugin/policyengine/TestCacheMap.java   |    6 +-
 .../plugin/policyengine/TestPolicyEngine.java      |   27 +
 .../plugin/policyengine/TestProjectProvider.java   |    6 +-
 .../TestDefaultPolicyResourceMatcher.java          |    7 +
 .../ranger/plugin/util/MacroProcessorTest.java     |   56 +
 .../plugin/util/RangerRequestExprResolverTest.java |  170 ++
 .../ranger/plugin/util/ServiceDefUtilTest.java     |  355 +++
 agents-common/src/test/resources/log4j.xml         |  102 -
 agents-common/src/test/resources/logback.xml       |   43 +
 .../plugin/test_plugin_capability.json             |    4 +-
 .../policyengine/test_aclprovider_mask_filter.json |   22 +-
 .../test_policyengine_descendant_tags.json         |    4 +-
 .../test_policyengine_descendant_tags_deny.json    |  107 +
 .../policyengine/test_policyengine_hive.json       |   20 +-
 ...policyengine_resource_with_req_expressions.json |  113 +
 .../test_policyengine_tag_hive_filebased.json      |    2 +-
 ...t_policyengine_tag_hive_for_show_databases.json |    4 +-
 .../test_defaultpolicyresourcematcher_quoted.json  | 1035 +++++++
 agents-cred/pom.xml                                |   45 +-
 .../hadoop/utils/RangerCredentialProvider.java     |    6 +-
 agents-cred/src/test/resources/logback.xml         |   32 +
 agents-installer/pom.xml                           |   10 +
 credentialbuilder/pom.xml                          |   55 +-
 .../ranger/credentialapi/CredentialReader.java     |    2 +-
 .../org/apache/ranger/credentialapi/buildks.java   |    7 -
 dev-support/findbugsIncludeFile.xml                |   25 -
 dev-support/ranger-docker/.dockerignore            |    3 +
 dev-support/ranger-docker/.env                     |    3 +-
 dev-support/ranger-docker/Dockerfile.ranger        |    6 +-
 dev-support/ranger-docker/Dockerfile.ranger-base   |    4 +-
 dev-support/ranger-docker/Dockerfile.ranger-knox   |   49 +
 .../ranger-docker/Dockerfile.ranger-tagsync        |   39 +
 .../ranger-docker/Dockerfile.ranger-usersync       |   36 +
 dev-support/ranger-docker/README.md                |   10 +-
 .../ranger-docker/docker-compose.ranger-base.yml   |    2 +
 .../ranger-docker/docker-compose.ranger-build.yml  |    1 +
 .../ranger-docker/docker-compose.ranger-hadoop.yml |    1 +
 .../ranger-docker/docker-compose.ranger-hbase.yml  |    1 +
 .../ranger-docker/docker-compose.ranger-hive.yml   |    1 +
 .../ranger-docker/docker-compose.ranger-kafka.yml  |    3 +
 ...er-kafka.yml => docker-compose.ranger-knox.yml} |   17 +-
 ...kafka.yml => docker-compose.ranger-tagsync.yml} |   15 +-
 ...afka.yml => docker-compose.ranger-usersync.yml} |   15 +-
 .../ranger-docker/docker-compose.ranger.yml        |    1 +
 dev-support/ranger-docker/download-archives.sh     |    1 +
 .../scripts/create-ranger-services.py              |   65 +
 .../scripts/ranger-admin-install.properties        |    1 +
 .../ranger-docker/scripts/ranger-hadoop-mkdir.sh   |    2 +
 .../ranger-docker/scripts/ranger-hadoop-setup.sh   |    4 +
 .../scripts/ranger-hbase-plugin-install.properties |    6 +
 .../scripts/ranger-hbase-service-dev_hbase.py      |    8 -
 .../scripts/ranger-hdfs-plugin-install.properties  |    6 +
 .../scripts/ranger-hdfs-service-dev_hdfs.py        |    8 -
 .../scripts/ranger-hive-plugin-install.properties  |    6 +
 .../scripts/ranger-hive-service-dev_hive.py        |    8 -
 .../scripts/ranger-kafka-plugin-install.properties |    6 +
 .../scripts/ranger-kafka-service-dev_kafka.py      |    8 -
 .../ranger-docker/scripts/ranger-knox-expect.sh    |   24 +-
 ...rties => ranger-knox-plugin-install.properties} |   22 +-
 .../ranger-docker/scripts/ranger-knox-sandbox.xml  |  175 ++
 .../ranger-docker/scripts/ranger-knox-setup.sh     |   27 +-
 .../ranger-docker/scripts/ranger-knox.sh           |   35 +-
 .../scripts/ranger-tagsync-install.properties      |  130 +
 .../ranger-docker/scripts/ranger-tagsync-tags.json |   50 +
 .../ranger-docker/scripts/ranger-tagsync.sh        |   35 +-
 .../scripts/ranger-usersync-install.properties     |  237 ++
 .../ranger-docker/scripts/ranger-usersync.sh       |   33 +-
 .../scripts/ranger-yarn-plugin-install.properties  |    6 +
 .../scripts/ranger-yarn-service-dev_yarn.py        |    8 -
 dev-support/ranger-docker/scripts/ranger.sh        |    7 +-
 dev-support/spotbugsIncludeFile.xml                |   63 +
 distro/src/main/assembly/admin-web.xml             |   29 +-
 distro/src/main/assembly/hbase-agent.xml           |    2 +
 distro/src/main/assembly/hdfs-agent.xml            |    3 +
 distro/src/main/assembly/hive-agent.xml            |    1 +
 distro/src/main/assembly/kms.xml                   |   52 +-
 distro/src/main/assembly/knox-agent.xml            |    5 +
 distro/src/main/assembly/plugin-atlas.xml          |    2 +
 distro/src/main/assembly/plugin-kafka.xml          |    3 +-
 distro/src/main/assembly/plugin-kylin.xml          |    1 +
 distro/src/main/assembly/plugin-ozone.xml          |   17 +-
 distro/src/main/assembly/plugin-presto.xml         |    2 +
 distro/src/main/assembly/plugin-solr.xml           |    1 +
 distro/src/main/assembly/plugin-sqoop.xml          |    1 +
 distro/src/main/assembly/ranger-tools.xml          |   24 +
 distro/src/main/assembly/sample-client.xml         |    2 +-
 distro/src/main/assembly/tagsync.xml               |    7 +-
 distro/src/main/assembly/usersync.xml              |    7 +-
 docs/src/site/site.xml                             |    2 +
 docs/src/site/xdoc/download.xml                    |   22 +-
 embeddedwebserver/pom.xml                          |   42 +-
 embeddedwebserver/scripts/ranger-admin-services.sh |    4 +-
 .../ranger/server/tomcat/EmbeddedServer.java       |   13 +-
 .../server/tomcat/SolrCollectionBootstrapper.java  |    6 +-
 hbase-agent/conf/ranger-hbase-audit-changes.cfg    |    6 +
 hbase-agent/pom.xml                                |  106 +
 hbase-agent/scripts/install.properties             |   13 +
 .../authorization/hbase/AuthorizationSession.java  |    6 +-
 .../ranger/authorization/hbase/ColumnIterator.java |    6 +-
 .../authorization/hbase/HbaseAuditHandlerImpl.java |    6 +-
 .../authorization/hbase/HbaseAuthUtilsImpl.java    |    6 +-
 .../authorization/hbase/HbaseUserUtilsImpl.java    |    6 +-
 .../hbase/RangerAuthorizationCoprocessor.java      |   10 +-
 .../hbase/RangerAuthorizationFilter.java           |    6 +-
 .../ranger/services/hbase/RangerServiceHBase.java  |    6 +-
 .../ranger/services/hbase/client/HBaseClient.java  |    6 +-
 .../services/hbase/client/HBaseConnectionMgr.java  |    5 +-
 .../services/hbase/client/HBaseResourceMgr.java    |    6 +-
 .../hbase/HBaseRangerAuthorizationTest.java        |    6 +-
 hbase-agent/src/test/resources/log4j.properties    |   35 -
 hbase-agent/src/test/resources/logback.xml         |   32 +
 hdfs-agent/conf/ranger-hdfs-audit-changes.cfg      |    6 +
 hdfs-agent/pom.xml                                 |   66 +-
 hdfs-agent/scripts/install.properties              |   13 +
 .../authorization/hadoop/RangerHdfsAuthorizer.java |   12 +-
 .../ranger/services/hdfs/RangerServiceHdfs.java    |    6 +-
 .../ranger/services/hdfs/client/HdfsClient.java    |    6 +-
 .../services/hdfs/client/HdfsConnectionMgr.java    |    5 +-
 .../services/hdfs/client/HdfsResourceMgr.java      |    5 +-
 hdfs-agent/src/test/resources/log4j.properties     |   34 -
 hdfs-agent/src/test/resources/logback.xml          |   32 +
 hive-agent/conf/ranger-hive-audit-changes.cfg      |    6 +
 hive-agent/conf/ranger-hive-security.xml           |    8 +
 hive-agent/pom.xml                                 |   88 +
 hive-agent/scripts/install.properties              |   13 +
 .../hive/authorizer/RangerHiveAuditHandler.java    |   88 +-
 .../hive/authorizer/RangerHiveAuthorizer.java      |  321 +-
 .../hive/authorizer/RangerHiveAuthorizerBase.java  |    6 +-
 .../hive/authorizer/RangerHivePolicyProvider.java  |   10 +-
 .../hive/authorizer/RangerHiveResource.java        |   16 +-
 .../ranger/services/hive/RangerServiceHive.java    |    6 +-
 .../ranger/services/hive/client/HiveClient.java    |    6 +-
 .../services/hive/client/HiveConnectionMgr.java    |    5 +-
 .../services/hive/client/HiveResourceMgr.java      |    5 +-
 hive-agent/src/test/resources/log4j.properties     |   34 -
 hive-agent/src/test/resources/logback.xml          |   32 +
 intg/pom.xml                                       |   10 +
 .../main/java/org/apache/ranger/RangerClient.java  |   16 +-
 intg/src/main/resources/logback.xml                |   32 +
 kms/config/kms-webapp/dbks-site.xml                |   70 +-
 kms/config/kms-webapp/kms-log4j.properties         |   40 -
 kms/config/kms-webapp/kms-logback.xml              |   67 +
 kms/pom.xml                                        |  180 +-
 kms/scripts/MigrateMKeyStorageDbToGCP.sh           |   46 +
 kms/scripts/install.properties                     |   28 +-
 kms/scripts/ranger-kms                             |   10 +-
 kms/scripts/setup.sh                               |  136 +-
 .../key/AzureKeyVaultClientAuthenticator.java      |   38 +-
 .../hadoop/crypto/key/DBToAzureKeyVault.java       |    2 +-
 .../apache/hadoop/crypto/key/JKS2RangerUtil.java   |    4 +-
 .../hadoop/crypto/key/MigrateDBMKeyToGCP.java      |  118 +
 ...r.java => RangerAzureKeyVaultKeyGenerator.java} |   89 +-
 .../crypto/key/RangerGoogleCloudHSMProvider.java   |  216 ++
 .../org/apache/hadoop/crypto/key/RangerHSM.java    |    5 +-
 .../org/apache/hadoop/crypto/key/RangerKMSDB.java  |    5 +-
 .../org/apache/hadoop/crypto/key/RangerKMSMKI.java |    8 +
 .../apache/hadoop/crypto/key/RangerKeyStore.java   |   53 +-
 .../hadoop/crypto/key/RangerKeyStoreProvider.java  |  183 +-
 .../apache/hadoop/crypto/key/RangerMasterKey.java  |  144 +-
 .../hadoop/crypto/key/RangerSafenetKeySecure.java  |   21 +-
 .../crypto/key/RangerTencentKMSProvider.java       |  135 +
 .../hadoop/crypto/key/kms/server/KMSMDCFilter.java |    8 +-
 .../crypto/key/kms/server/KMSMetricUtil.java       |   34 +-
 .../hadoop/crypto/key/kms/server/KMSWebApp.java    |   34 +-
 .../java/org/apache/ranger/kms/dao/BaseDao.java    |    5 +-
 .../org/apache/ranger/kms/dao/DaoManagerBase.java  |    5 +-
 kms/src/main/resources/META-INF/context.xml        |   20 +
 kms/src/main/resources/log4j.properties            |   31 -
 kms/src/main/resources/logback.xml                 |   35 +
 .../hadoop/crypto/key/kms/server/TestKMSAudit.java |   12 +-
 kms/src/test/resources/logback.xml                 |   29 +
 knox-agent/conf/ranger-knox-audit-changes.cfg      |    6 +
 knox-agent/pom.xml                                 |   79 +
 knox-agent/scripts/install.properties              |   13 +
 .../admin/client/RangerAdminJersey2RESTClient.java |  152 +-
 .../authorization/knox/RangerPDPKnoxFilter.java    |   33 +-
 .../ranger/services/knox/RangerServiceKnox.java    |    6 +-
 .../ranger/services/knox/client/KnoxClient.java    |    6 +-
 .../services/knox/client/KnoxConnectionMgr.java    |    5 +-
 .../services/knox/client/KnoxResourceMgr.java      |    5 +-
 knox-agent/src/test/resources/log4j.properties     |   31 -
 knox-agent/src/test/resources/logback.xml          |   32 +
 plugin-atlas/conf/ranger-atlas-audit-changes.cfg   |    7 +
 plugin-atlas/pom.xml                               |   10 +
 plugin-atlas/scripts/install.properties            |   13 +
 .../atlas/authorizer/RangerAtlasAuthorizer.java    |    8 +-
 .../ranger/services/atlas/RangerServiceAtlas.java  |    6 +-
 plugin-atlas/src/test/resource/log4j.properties    |   34 -
 plugin-atlas/src/test/resource/logback.xml         |   32 +
 .../conf/ranger-elasticsearch-audit-changes.cfg    |    6 +
 plugin-elasticsearch/pom.xml                       |   11 +
 plugin-elasticsearch/scripts/install.properties    |   13 +
 .../elasticsearch/client/ElasticsearchClient.java  |    5 +-
 .../client/ElasticsearchResourceMgr.java           |    5 +-
 plugin-kafka/conf/ranger-kafka-audit-changes.cfg   |    6 +
 plugin-kafka/pom.xml                               |   40 +-
 plugin-kafka/scripts/install.properties            |   13 +
 .../kafka/authorizer/RangerKafkaAuditHandler.java  |    6 +-
 .../kafka/authorizer/RangerKafkaAuthorizer.java    |   14 +-
 .../ranger/services/kafka/RangerServiceKafka.java  |    6 +-
 .../services/kafka/client/ServiceKafkaClient.java  |    5 +-
 plugin-kafka/src/test/resources/logback.xml        |   32 +
 plugin-kms/conf/ranger-kms-audit-changes.cfg       |    6 +
 .../kms/authorizer/RangerKmsAuthorizer.java        |    3 +-
 .../ranger/services/kms/RangerServiceKMS.java      |    6 +-
 .../ranger/services/kms/client/KMSClient.java      |    5 +-
 .../services/kms/client/KMSConnectionMgr.java      |    5 +-
 .../ranger/services/kms/client/KMSResourceMgr.java |    5 +-
 .../kms/authorizer/RangerKmsAuthorizerTest.java    |   29 +-
 .../src/test/resources/kms/kms-log4j.properties    |   40 -
 plugin-kms/src/test/resources/kms/logback.xml      |   56 +
 plugin-kylin/conf/ranger-kylin-audit-changes.cfg   |    6 +
 plugin-kylin/pom.xml                               |   47 +
 plugin-kylin/scripts/install.properties            |   13 +
 .../kylin/authorizer/RangerKylinAuthorizer.java    |    6 +-
 .../ranger/services/kylin/RangerServiceKylin.java  |    6 +-
 .../ranger/services/kylin/client/KylinClient.java  |    5 +-
 .../services/kylin/client/KylinResourceMgr.java    |    5 +-
 plugin-kylin/src/test/resources/log4j.properties   |   34 -
 plugin-kylin/src/test/resources/logback.xml        |   32 +
 .../nifi/registry/RangerServiceNiFiRegistry.java   |    6 +-
 .../nifi/registry/client/NiFiRegistryClient.java   |    6 +-
 .../registry/client/NiFiRegistryConnectionMgr.java |    6 +-
 .../src/test/resources/logback.xml                 |   32 +
 .../ranger/services/nifi/RangerServiceNiFi.java    |    6 +-
 .../ranger/services/nifi/client/NiFiClient.java    |    6 +-
 .../services/nifi/client/NiFiConnectionMgr.java    |    6 +-
 plugin-nifi/src/test/resources/logback.xml         |   32 +
 plugin-ozone/conf/ranger-ozone-audit-changes.cfg   |    6 +
 plugin-ozone/pom.xml                               |   41 +
 plugin-ozone/scripts/install.properties            |   13 +
 .../ozone/authorizer/RangerOzoneAuthorizer.java    |   12 +-
 .../ranger/services/ozone/RangerServiceOzone.java  |    6 +-
 .../ranger/services/ozone/client/OzoneClient.java  |  110 +-
 .../services/ozone/client/OzoneConnectionMgr.java  |   22 +-
 .../services/ozone/client/OzoneResourceMgr.java    |    5 +-
 plugin-presto/conf/ranger-presto-audit-changes.cfg |    6 +
 plugin-presto/pom.xml                              |   25 +
 plugin-presto/scripts/install.properties           |   13 +
 .../services/presto/RangerServicePresto.java       |    6 +-
 .../services/presto/client/PrestoClient.java       |    6 +-
 .../presto/client/PrestoConnectionManager.java     |    5 +-
 .../presto/client/PrestoResourceManager.java       |    6 +-
 plugin-presto/src/test/resources/logback.xml       |   32 +
 plugin-schema-registry/pom.xml                     |   42 +-
 .../registry/RangerServiceSchemaRegistry.java      |    6 +-
 .../registry/client/AutocompletionAgent.java       |    6 +-
 .../registry/client/SchemaRegistryResourceMgr.java |    6 +-
 .../connection/DefaultSchemaRegistryClient.java    |    6 +-
 .../client/connection/util/SecurityUtils.java      |    6 +-
 .../src/test/resources/logback.xml                 |   32 +
 plugin-solr/conf/ranger-solr-audit-changes.cfg     |    6 +
 plugin-solr/pom.xml                                |   40 +
 plugin-solr/scripts/install.properties             |   13 +
 .../solr/authorizer/RangerSolrAuthorizer.java      |   12 +-
 .../ranger/services/solr/RangerServiceSolr.java    |    6 +-
 .../services/solr/client/ServiceSolrClient.java    |    5 +-
 plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg   |    6 +
 plugin-sqoop/pom.xml                               |   26 +
 plugin-sqoop/scripts/install.properties            |   13 +
 .../sqoop/authorizer/RangerSqoopAuthorizer.java    |    6 +-
 .../ranger/services/sqoop/RangerServiceSqoop.java  |    6 +-
 .../ranger/services/sqoop/client/SqoopClient.java  |    5 +-
 .../services/sqoop/client/SqoopResourceMgr.java    |    5 +-
 plugin-sqoop/src/test/resources/log4j.properties   |   34 -
 plugin-sqoop/src/test/resources/logback.xml        |   32 +
 plugin-yarn/conf/ranger-yarn-audit-changes.cfg     |    6 +
 plugin-yarn/pom.xml                                |   18 +-
 plugin-yarn/scripts/install.properties             |   13 +
 .../yarn/authorizer/RangerYarnAuthorizer.java      |   10 +-
 .../ranger/services/yarn/RangerServiceYarn.java    |    6 +-
 .../ranger/services/yarn/client/YarnClient.java    |    5 +-
 .../services/yarn/client/YarnResourceMgr.java      |    5 +-
 pom.xml                                            |  109 +-
 ranger-atlas-plugin-shim/pom.xml                   |   17 +-
 .../atlas/authorizer/RangerAtlasAuthorizer.java    |    4 +-
 ranger-elasticsearch-plugin-shim/pom.xml           |   12 +-
 .../authorizer/RangerElasticsearchAuthorizer.java  |    5 +-
 .../RangerPolicyConditionSampleSimpleMatcher.java  |    6 +-
 .../RangerSampleSimpleMatcher.java                 |    6 +-
 .../RangerSampleCountryProvider.java               |    6 +-
 .../RangerSampleProjectProvider.java               |    6 +-
 .../src/test/resources/logback.xml                 |   32 +
 .../distro/src/main/assembly/plugin-sampleapp.xml  |    1 -
 .../distro/src/main/assembly/sample-client.xml     |    3 +-
 ranger-examples/plugin-sampleapp/pom.xml           |   24 +
 ranger-examples/sample-client/pom.xml              |    9 +-
 .../sample-client/scripts/run-sample-client.sh     |    4 +-
 .../sample-client/src/main/resources/logback.xml   |   32 +
 ranger-examples/sampleapp/pom.xml                  |   12 +-
 .../ranger/examples/sampleapp/SampleApp.java       |    6 +-
 ranger-hbase-plugin-shim/pom.xml                   |   22 +
 .../hbase/RangerAuthorizationCoprocessor.java      |   11 +-
 ranger-hdfs-plugin-shim/pom.xml                    |   47 +-
 .../authorization/hadoop/RangerHdfsAuthorizer.java |   10 +-
 ranger-hive-plugin-shim/pom.xml                    |   79 +-
 .../authorizer/RangerHiveAuthorizerFactory.java    |    6 +-
 ranger-kafka-plugin-shim/pom.xml                   |   10 +
 .../kafka/authorizer/RangerKafkaAuthorizer.java    |    9 +-
 .../kms/authorizer/RangerKmsAuthorizer.java        |   15 +-
 ranger-knox-plugin-shim/pom.xml                    |   10 +
 .../authorization/knox/RangerPDPKnoxFilter.java    |   10 +-
 ranger-kylin-plugin-shim/pom.xml                   |    9 +
 .../kylin/authorizer/RangerKylinAuthorizer.java    |   10 +-
 ranger-ozone-plugin-shim/pom.xml                   |   38 +-
 .../ozone/authorizer/RangerOzoneAuthorizer.java    |   11 +-
 ranger-plugin-classloader/pom.xml                  |    9 +-
 .../classloader/RangerPluginClassLoader.java       |  211 +-
 .../classloader/RangerPluginClassLoaderUtil.java   |    3 -
 ranger-presto-plugin-shim/pom.xml                  |   39 +
 ranger-solr-plugin-shim/pom.xml                    |   40 +
 .../solr/authorizer/RangerSolrAuthorizer.java      |   14 +-
 ranger-sqoop-plugin-shim/pom.xml                   |   16 +
 .../sqoop/authorizer/RangerSqoopAuthorizer.java    |   10 +-
 ranger-storm-plugin-shim/pom.xml                   |   62 +
 .../storm/authorizer/RangerStormAuthorizer.java    |    4 +-
 ranger-tools/conf/log4j.properties                 |   42 -
 ranger-tools/conf/logback.xml                      |   34 +
 ranger-tools/pom.xml                               |    5 -
 ranger-tools/scripts/create_requests.py            |   42 +
 .../scripts/create_tags_file.sh                    |   40 +-
 ranger-tools/scripts/gen_service_policies.sh       |  475 +++
 ranger-tools/scripts/gen_service_tags.sh           |   64 +-
 .../ranger/policyengine/CommandLineParser.java     |    6 +-
 .../apache/ranger/policyengine/PerfTestClient.java |    6 +-
 .../ranger/policyengine/PerfTestConfiguration.java |   25 +-
 .../apache/ranger/policyengine/PerfTestEngine.java |   13 +-
 .../ranger/policyengine/PerfTestOptions.java       |   11 +
 .../policyengine/RangerPolicyenginePerfTester.java |   34 +-
 ranger-tools/src/test/resources/log4j.properties   |   52 -
 ranger-tools/src/test/resources/logback.xml        |   34 +
 .../src/test/resources/testdata/ranger-config.xml  |   13 +
 .../resources/testdata/test_requests_hive.json     |    4 +-
 ranger-tools/testdata/ranger-config.xml            |   15 +-
 ranger-yarn-plugin-shim/pom.xml                    |   16 +
 .../yarn/authorizer/RangerYarnAuthorizer.java      |   10 +-
 .../optimized/current/ranger_core_db_mysql.sql     |  162 +-
 .../db/mysql/patches/013-permissionmodel.sql       |   23 +-
 .../patches/037-create-security-zone-schema.sql    |   49 +-
 ...6-insert-statename-in-x-ranger-global-state.sql |   19 +-
 ...raint-on-x_policy-table-guid-service-column.sql |   32 +
 ...-x_policy-table-service-resourcesign-column.sql |   32 +
 .../optimized/current/ranger_core_db_oracle.sql    |    8 +
 ...raint-on-x_policy-table-guid-service-column.sql |   31 +
 ...-x_policy-table-service-resourcesign-column.sql |   32 +
 .../optimized/current/ranger_core_db_postgres.sql  |    8 +
 ...raint-on-x_policy-table-guid-service-column.sql |   38 +
 ...-x_policy-table-service-resourcesign-column.sql |   33 +
 .../current/ranger_core_db_sqlanywhere.sql         |   20 +-
 ...raint-on-x_policy-table-guid-service-column.sql |   22 +
 ...-x_policy-table-service-resourcesign-column.sql |   32 +
 .../optimized/current/ranger_core_db_sqlserver.sql |   14 +
 ...raint-on-x_policy-table-guid-service-column.sql |   30 +
 ...-x_policy-table-service-resourcesign-column.sql |   28 +
 security-admin/pom.xml                             |  167 +-
 security-admin/scripts/changepasswordutil.py       |    2 +-
 security-admin/scripts/changeusernameutil.py       |    2 +-
 security-admin/scripts/db_setup.py                 |   77 +-
 security-admin/scripts/install.properties          |    7 +-
 .../scripts/ranger-admin-site-template.xml         |   12 +
 security-admin/scripts/rolebasedusersearchutil.py  |    4 +-
 security-admin/scripts/setup.sh                    |   31 +-
 .../scripts/updateUserAndGroupNamesInJson.py       |    2 +-
 security-admin/scripts/upgrade_admin.py            |    3 +
 .../org/apache/ranger/AccessAuditsService.java     |   13 +
 .../cloudwatch/CloudWatchAccessAuditsService.java  |  289 ++
 .../ranger/amazon/cloudwatch/CloudWatchMgr.java    |   78 +
 .../ranger/amazon/cloudwatch/CloudWatchUtil.java   |  259 ++
 .../main/java/org/apache/ranger/biz/AssetMgr.java  |   29 +-
 .../main/java/org/apache/ranger/biz/BaseMgr.java   |    5 +-
 .../main/java/org/apache/ranger/biz/KmsKeyMgr.java |    5 +-
 .../org/apache/ranger/biz/PolicyRefUpdater.java    |  468 ++-
 .../java/org/apache/ranger/biz/RangerBizUtil.java  |    6 +-
 .../org/apache/ranger/biz/RangerPolicyAdmin.java   |    7 +-
 .../apache/ranger/biz/RangerPolicyAdminCache.java  |  130 +-
 .../RangerPolicyAdminCacheForEngineOptions.java    |   15 +-
 .../apache/ranger/biz/RangerPolicyAdminImpl.java   |  263 +-
 .../apache/ranger/biz/RangerPolicyRetriever.java   |    8 +-
 .../apache/ranger/biz/RangerTagDBRetriever.java    |    8 +-
 .../java/org/apache/ranger/biz/RoleDBStore.java    |    6 +-
 .../java/org/apache/ranger/biz/RoleRefUpdater.java |  389 ++-
 .../org/apache/ranger/biz/SecurityZoneDBStore.java |   20 +-
 .../java/org/apache/ranger/biz/ServiceDBStore.java |  805 ++---
 .../java/org/apache/ranger/biz/ServiceMgr.java     |    6 +-
 .../java/org/apache/ranger/biz/SessionMgr.java     |    5 +-
 .../java/org/apache/ranger/biz/TagDBStore.java     |   15 +-
 .../main/java/org/apache/ranger/biz/UserMgr.java   |  168 +-
 .../main/java/org/apache/ranger/biz/XAuditMgr.java |    8 +
 .../main/java/org/apache/ranger/biz/XUserMgr.java  |  328 ++-
 .../java/org/apache/ranger/biz/XUserMgrBase.java   |    4 +
 .../org/apache/ranger/common/PropertiesUtil.java   |   13 +-
 .../org/apache/ranger/common/RESTErrorUtil.java    |    5 +-
 .../ranger/common/RangerAdminTagEnricher.java      |    6 +-
 .../org/apache/ranger/common/RangerConfigUtil.java |    5 +-
 .../org/apache/ranger/common/RangerRoleCache.java  |    6 +-
 .../org/apache/ranger/common/RangerSearchUtil.java |    5 +-
 .../ranger/common/RangerServicePoliciesCache.java  |    6 +-
 .../ranger/common/RangerServiceTagsCache.java      |    6 +-
 .../apache/ranger/common/RangerUserStoreCache.java |    6 +-
 .../org/apache/ranger/common/SearchCriteria.java   |   18 +-
 .../java/org/apache/ranger/common/SearchUtil.java  |    5 +-
 .../java/org/apache/ranger/common/SearchValue.java |    5 +-
 .../java/org/apache/ranger/common/ServiceUtil.java |    5 +-
 .../java/org/apache/ranger/common/StringUtil.java  |    5 +-
 .../org/apache/ranger/common/TimedExecutor.java    |    5 +-
 .../java/org/apache/ranger/common/db/BaseDao.java  |    5 +-
 .../apache/ranger/common/db/JPABeanCallbacks.java  |    9 +-
 .../RangerTransactionSynchronizationAdapter.java   |   17 +-
 .../org/apache/ranger/db/RangerDaoManager.java     |    5 +-
 .../org/apache/ranger/db/XXAccessAuditDao.java     |    5 +-
 .../apache/ranger/db/XXAccessTypeDefGrantsDao.java |   32 +
 .../main/java/org/apache/ranger/db/XXAssetDao.java |    5 +-
 .../java/org/apache/ranger/db/XXAuditMapDao.java   |    5 +-
 .../org/apache/ranger/db/XXGlobalStateDao.java     |    5 +-
 .../main/java/org/apache/ranger/db/XXGroupDao.java |   15 +
 .../org/apache/ranger/db/XXGroupPermissionDao.java |   24 +-
 .../java/org/apache/ranger/db/XXGroupUserDao.java  |    5 +-
 .../java/org/apache/ranger/db/XXPermMapDao.java    |    5 +-
 .../org/apache/ranger/db/XXPolicyChangeLogDao.java |   14 +-
 .../java/org/apache/ranger/db/XXPolicyDao.java     |   72 +
 .../java/org/apache/ranger/db/XXPortalUserDao.java |   14 +
 .../java/org/apache/ranger/db/XXResourceDao.java   |    5 +-
 .../org/apache/ranger/db/XXSecurityZoneDao.java    |   15 +
 .../ranger/db/XXSecurityZoneRefServiceDao.java     |   21 +
 .../ranger/db/XXSecurityZoneRefTagServiceDao.java  |   21 +
 .../apache/ranger/db/XXServiceVersionInfoDao.java  |    6 +-
 .../org/apache/ranger/db/XXTagChangeLogDao.java    |    6 +-
 .../java/org/apache/ranger/db/XXTrxLogDao.java     |    5 +-
 .../org/apache/ranger/db/XXUgsyncAuditInfoDao.java |    5 +-
 .../main/java/org/apache/ranger/db/XXUserDao.java  |   18 +-
 .../org/apache/ranger/db/XXUserPermissionDao.java  |   22 +-
 .../ElasticSearchAccessAuditsService.java          |   22 +-
 .../ranger/elasticsearch/ElasticSearchMgr.java     |    7 +-
 .../ranger/elasticsearch/ElasticSearchUtil.java    |   59 +-
 .../java/org/apache/ranger/patch/BaseLoader.java   |    5 +-
 ...ssignSecurityZonePersmissionToAdmin_J10026.java |    5 +-
 ...PatchAtlasForClassificationResource_J10047.java |    5 +-
 ...viceDefUpdateForDefaultAuditFilters_J10049.java |    5 +-
 ...efUpdateForResourceSpecificAccesses_J10012.java |    5 +-
 .../patch/PatchForAtlasAdminAudits_J10043.java     |    5 +-
 ...ForAtlasResourceAndAccessTypeUpdate_J10016.java |    5 +-
 .../PatchForAtlasServiceDefUpdate_J10013.java      |    5 +-
 ...ToAddEntityLabelAndBusinessMetadata_J10034.java |    5 +-
 .../patch/PatchForAtlasToAddTypeRead_J10040.java   |    5 +-
 .../patch/PatchForDefaultAuidtFilters_J10050.java  |    5 +-
 .../PatchForHBaseDefaultPolicyUpdate_J10045.java   |    8 +-
 .../PatchForHBaseServiceDefUpdate_J10035.java      |    5 +-
 .../patch/PatchForHiveServiceDefUpdate_J10006.java |    5 +-
 .../patch/PatchForHiveServiceDefUpdate_J10007.java |    5 +-
 .../patch/PatchForHiveServiceDefUpdate_J10009.java |    5 +-
 .../patch/PatchForHiveServiceDefUpdate_J10010.java |    5 +-
 .../patch/PatchForHiveServiceDefUpdate_J10017.java |    5 +-
 .../patch/PatchForHiveServiceDefUpdate_J10027.java |    5 +-
 .../patch/PatchForHiveServiceDefUpdate_J10030.java |    5 +-
 .../PatchForKafkaServiceDefUpdate_J10015.java      |    5 +-
 .../PatchForKafkaServiceDefUpdate_J10025.java      |    5 +-
 .../PatchForKafkaServiceDefUpdate_J10033.java      |    5 +-
 ...atchForMigratingOldRegimePolicyJson_J10046.java |    5 +-
 ...chForMigratingRangerServiceResource_J10037.java |    5 +-
 .../PatchForNifiResourceUpdateExclude_J10011.java  |    5 +-
 .../PatchForOzoneDefaultPoliciesUpdate_J10044.java |    5 +-
 ...atchForOzoneServiceDefConfigUpdate_J10051.java} |   87 +-
 .../PatchForOzoneServiceDefUpdate_J10041.java      |    5 +-
 .../PatchForPrestoToSupportPresto333_J10038.java   |    5 +-
 .../patch/PatchForServiceVersionInfo_J10004.java   |    5 +-
 .../patch/PatchForSyncSourceUpdate_J10054.java     |  139 +
 .../patch/PatchForTagServiceDefUpdate_J10008.java  |    5 +-
 .../patch/PatchForTagServiceDefUpdate_J10028.java  |    5 +-
 .../patch/PatchForUpdatingPolicyJson_J10019.java   |   11 +-
 .../patch/PatchForUpdatingTagsJson_J10020.java     |    9 +-
 .../ranger/patch/PatchForXGlobalState_J10036.java  |    5 +-
 ...chGrantAuditPermissionToKeyRoleUser_J10014.java |    5 +-
 .../apache/ranger/patch/PatchMigration_J10002.java |    5 +-
 .../patch/PatchPasswordEncryption_J10001.java      |    5 +-
 .../ranger/patch/PatchPermissionModel_J10003.java  |    5 +-
 ...tchPreSql_057_ForUpdateToUniqueGUID_J10052.java |  160 +
 ...ForUpdateToUniqueResoureceSignature_J10053.java |  131 +
 .../patch/PatchTagModulePermission_J10005.java     |    7 +-
 .../ranger/patch/cliutil/ChangePasswordUtil.java   |    5 +-
 .../ranger/patch/cliutil/ChangeUserNameUtil.java   |    5 +-
 .../patch/cliutil/DbToSolrMigrationUtil.java       |   11 +-
 .../apache/ranger/patch/cliutil/MetricUtil.java    |    8 +-
 .../patch/cliutil/RoleBasedUserSearchUtil.java     |    5 +-
 .../cliutil/UpdateUserAndGroupNamesInJson.java     |   11 +-
 .../ranger/patch/cliutil/XXTrxLogUpdateUtil.java   |    5 +-
 .../java/org/apache/ranger/rest/AssetREST.java     |    5 +-
 .../java/org/apache/ranger/rest/MetricsREST.java   |    5 +-
 .../java/org/apache/ranger/rest/PublicAPIs.java    |   17 +-
 .../java/org/apache/ranger/rest/PublicAPIsv2.java  |   98 +-
 .../main/java/org/apache/ranger/rest/RoleREST.java |   37 +-
 .../org/apache/ranger/rest/SecurityZoneREST.java   |   60 +-
 .../java/org/apache/ranger/rest/ServiceREST.java   |  258 +-
 .../org/apache/ranger/rest/ServiceRESTUtil.java    |    6 +-
 .../apache/ranger/rest/ServiceTagsProcessor.java   |    8 +-
 .../main/java/org/apache/ranger/rest/TagREST.java  |    6 +-
 .../main/java/org/apache/ranger/rest/UserREST.java |    5 +-
 .../main/java/org/apache/ranger/rest/XKeyREST.java |    5 +-
 .../java/org/apache/ranger/rest/XUserREST.java     |  109 +-
 .../context/RangerPreAuthSecurityHandler.java      |    5 +-
 .../handler/RangerAuthenticationProvider.java      |    5 +-
 .../handler/RangerDomainObjectSecurityHandler.java |    5 +-
 .../security/listener/SpringEventListener.java     |    5 +-
 .../authentication/RangerAuthFailureHandler.java   |    5 +-
 .../authentication/RangerAuthSuccessHandler.java   |    5 +-
 .../RangerAuthenticationEntryPoint.java            |    5 +-
 .../security/web/filter/MyRememberMeFilter.java    |    5 +-
 .../web/filter/RangerCSRFPreventionFilter.java     |   29 +-
 .../web/filter/RangerKRBAuthenticationFilter.java  |   63 +-
 .../RangerSecurityContextFormationFilter.java      |    1 +
 ...RangerUsernamePasswordAuthenticationFilter.java |    5 +-
 .../service/AbstractBaseResourceService.java       |   18 +-
 .../ranger/service/RangerBaseModelService.java     |   10 +-
 .../ranger/service/RangerPluginActivityLogger.java |   21 +-
 .../ranger/service/RangerPluginInfoService.java    |    6 +-
 .../ranger/service/RangerPolicyLabelHelper.java    |   68 -
 .../apache/ranger/service/RangerPolicyService.java |    6 +-
 .../ranger/service/RangerPolicyServiceBase.java    |    5 +
 .../apache/ranger/service/RangerRoleService.java   |    6 +-
 .../service/RangerSecurityZoneServiceService.java  |    6 +-
 .../service/RangerServiceDefServiceBase.java       |   27 +-
 .../service/RangerServiceResourceService.java      |    6 +-
 .../ranger/service/RangerServiceService.java       |    6 +-
 .../ranger/service/RangerTransactionService.java   |    6 +-
 .../org/apache/ranger/service/UserService.java     |    5 +-
 .../apache/ranger/service/XAccessAuditService.java |   11 +-
 .../ranger/service/XGroupPermissionService.java    |   52 +-
 .../org/apache/ranger/service/XGroupService.java   |   14 +-
 .../apache/ranger/service/XModuleDefService.java   |   90 +-
 .../org/apache/ranger/service/XPolicyService.java  |    5 +-
 .../ranger/service/XUserPermissionService.java     |   57 +-
 .../org/apache/ranger/service/XUserService.java    |   44 +-
 .../ranger/service/filter/RangerRESTAPIFilter.java |    5 +-
 .../ranger/solr/SolrAccessAuditsService.java       |   22 +-
 .../main/java/org/apache/ranger/solr/SolrMgr.java  |   11 +-
 .../main/java/org/apache/ranger/solr/SolrUtil.java |   57 +-
 .../org/apache/ranger/solr/krb/KerberosAction.java |    2 +-
 .../main/java/org/apache/ranger/util/CLIUtil.java  |   29 +-
 .../org/apache/ranger/util/RangerEnumUtil.java     |    5 +-
 .../org/apache/ranger/util/RangerMetricsUtil.java  |    5 +-
 .../org/apache/ranger/util/RangerRestUtil.java     |    5 +-
 .../org/apache/ranger/view/VXModulePermission.java |   73 +
 .../apache/ranger/view/VXModulePermissionList.java |   72 +
 .../org/apache/ranger/view/VXPasswordChange.java   |    6 +-
 .../main/resources/META-INF/jpa_named_queries.xml  |   84 +-
 .../conf.dist/ranger-admin-default-site.xml        |    4 +
 .../main/resources/conf.dist/ranger-admin-site.xml |   12 +
 .../conf.dist/security-applicationContext.xml      |    3 +-
 .../src/main/webapp/WEB-INF/db_patch.log4j.xml     |  115 +-
 .../src/main/webapp/WEB-INF/log4j.properties       |   90 -
 security-admin/src/main/webapp/WEB-INF/logback.xml |  108 +
 .../libs/bower/underscore/js/underscore-min.js     |    5 -
 .../webapp/libs/bower/underscore/js/underscore.js  | 3068 +++++++++++---------
 .../collection_bases/VXModuleDefListBase.js        |    6 +-
 .../main/webapp/scripts/controllers/Controller.js  |   21 +-
 .../main/webapp/scripts/controllers/NController.js |   13 +-
 .../src/main/webapp/scripts/modules/RestCsrf.js    |   12 +-
 .../webapp/scripts/modules/globalize/message/en.js |    7 +-
 .../src/main/webapp/scripts/utils/XAUtils.js       |  110 +-
 .../webapp/scripts/views/UploadServicePolicy.js    |   85 +-
 .../main/webapp/scripts/views/common/ProfileBar.js |   11 +-
 .../views/permissions/ModulePermissionForm.js      |   74 +-
 .../views/permissions/ModulePermsTableLayout.js    |    6 +-
 .../views/policies/NRangerPolicyTableLayout.js     |   22 +-
 .../views/policies/RangerPolicyTableLayout.js      |   30 +-
 .../scripts/views/policymanager/ServiceLayout.js   |   68 +-
 .../views/policymanager/ServiceLayoutSidebar.js    |   93 +-
 .../webapp/scripts/views/reports/AuditLayout.js    |   49 +-
 .../scripts/views/reports/UserAccessLayout.js      |    9 +-
 .../permissions/ModulePermissionForm_tmpl.html     |   18 +-
 .../org/apache/ranger/audit/TestAuditQueue.java    |    6 +-
 .../java/org/apache/ranger/audit/TestConsumer.java |    6 +-
 .../AmazonCloudWatchAuditDestinationTest.java      |   79 +
 .../org/apache/ranger/biz/TestServiceDBStore.java  |  149 +-
 .../java/org/apache/ranger/biz/TestUserMgr.java    |  357 +++
 .../java/org/apache/ranger/biz/TestXUserMgr.java   | 1259 +++++++-
 .../apache/ranger/common/TestTimedExecutor.java    |    6 +-
 .../ElasticSearchAccessAuditsServiceTest.java      |    5 +-
 .../org/apache/ranger/rest/TestPublicAPIsv2.java   |   68 +-
 .../apache/ranger/rest/TestSecurityZoneREST.java   |   35 +-
 .../org/apache/ranger/rest/TestServiceREST.java    |    5 +-
 .../web/filter/TestRangerCSRFPreventionFilter.java |   38 +-
 .../service/PasswordComparisonAuthenticator.java   |    8 +-
 .../service/TestRangerPluginActivityLogger.java    |    3 +-
 .../service/TestRangerPolicyServiceBase.java       |    4 +
 .../service/TestRangerServiceDefService.java       |   10 +
 .../service/TestRangerServiceDefServiceBase.java   |   15 +-
 .../service/TestXGroupPermissionService.java       |    5 +-
 .../stability-tests/ranger-policy/app.conf         |    6 +-
 .../stability-tests/ranger-policy/start.sh         |    2 +-
 storm-agent/conf/ranger-storm-audit-changes.cfg    |    6 +
 storm-agent/pom.xml                                |   71 +-
 storm-agent/scripts/install.properties             |   13 +
 .../authorization/storm/StormRangerPlugin.java     |    6 +-
 .../storm/authorizer/RangerStormAuthorizer.java    |    3 +-
 .../ranger/services/storm/RangerServiceStorm.java  |    6 +-
 .../ranger/services/storm/client/StormClient.java  |    5 +-
 .../services/storm/client/StormConnectionMgr.java  |    5 +-
 .../services/storm/client/StormResourceMgr.java    |    5 +-
 tagsync/conf.dist/log4j.properties                 |   33 -
 tagsync/conf.dist/logback.xml                      |   35 +
 tagsync/pom.xml                                    |   80 +-
 tagsync/scripts/ranger-tagsync-services.sh         |    2 +-
 tagsync/scripts/ranger-tagsync-upload.sh           |    2 +-
 tagsync/scripts/setup.py                           |    2 +-
 .../ranger/tagsync/model/AbstractTagSource.java    |    6 +-
 .../ranger/tagsync/process/TagSyncConfig.java      |    5 +-
 .../tagsync/process/TagSyncMetricsProducer.java    |    5 +-
 .../ranger/tagsync/process/TagSynchronizer.java    |   62 +-
 .../tagsync/sink/tagadmin/TagAdminRESTSink.java    |    6 +-
 .../source/atlas/AtlasNotificationMapper.java      |    6 +-
 .../source/atlas/AtlasOzoneResourceMapper.java     |    6 +-
 .../tagsync/source/atlas/AtlasResourceMapper.java  |    6 +-
 .../source/atlas/AtlasResourceMapperUtil.java      |    6 +-
 .../tagsync/source/atlas/AtlasTagSource.java       |   14 +-
 .../source/atlas/EntityNotificationWrapper.java    |    6 +-
 .../source/atlasrest/AtlasRESTTagSource.java       |   16 +-
 .../ranger/tagsync/source/file/FileTagSource.java  |    6 +-
 tagsync/src/test/resources/log4j.properties        |   35 -
 tagsync/src/test/resources/logback.xml             |   32 +
 ugsync-util/pom.xml                                |   31 +-
 .../ranger/ugsyncutil/model/GroupUserInfo.java     |    2 +-
 .../model/UsersGroupRoleAssignments.java           |   30 +
 ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml |   11 +-
 ugsync/pom.xml                                     |   31 +-
 .../process/CustomSSLSocketFactory.java            |    5 +-
 .../ldapusersync/process/LdapUserGroupBuilder.java |   55 +-
 .../unixusersync/config/UserGroupSyncConfig.java   |   48 +-
 .../process/FileSourceUserGroupBuilder.java        |    5 +-
 .../process/PolicyMgrUserGroupBuilder.java         |  276 +-
 .../process/RangerUgSyncRESTClient.java            |   89 +-
 .../unixusersync/process/UnixUserGroupBuilder.java |    5 +-
 .../ranger/usergroupsync/AbstractMapper.java       |    5 +-
 .../usergroupsync/AbstractUserGroupSource.java     |    5 +-
 .../apache/ranger/usergroupsync/UserGroupSync.java |    5 +-
 .../usergroupsync/UserSyncMetricsProducer.java     |    5 +-
 .../process/TestUnixUserGroupBuilder.java          |    4 +-
 ugsync/src/test/resources/logback.xml              |   32 +
 unixauthclient/pom.xml                             |   26 +-
 unixauthpam/pom.xml                                |    1 +
 unixauthservice/conf.dist/log4j.properties         |   33 -
 unixauthservice/conf.dist/logback.xml              |   35 +
 unixauthservice/pom.xml                            |   29 +-
 .../scripts/ranger-usersync-services.sh            |    2 +-
 unixauthservice/scripts/setup.py                   |    5 +-
 .../ranger/authentication/PasswordValidator.java   |    5 +-
 .../authentication/UnixAuthenticationService.java  |   18 +-
 .../src/main/resources/log4j.properties            |   33 -
 unixauthservice/src/main/resources/logback.xml     |   35 +
 811 files changed, 22339 insertions(+), 8151 deletions(-)
 create mode 100644 
agents-audit/src/main/java/org/apache/ranger/audit/destination/AmazonCloudWatchAuditDestination.java
 delete mode 100644 agents-common/conf/log4j.properties
 create mode 100644 agents-common/conf/logback.xml
 delete mode 100644 
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
 create mode 100644 
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java
 create mode 100644 
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java
 create mode 100644 
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java
 create mode 100644 
agents-common/src/main/java/org/apache/ranger/plugin/util/MacroProcessor.java
 create mode 100644 
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java
 create mode 100644 
agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineUtil.java
 create mode 100644 
agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java
 create mode 100644 
agents-common/src/test/java/org/apache/ranger/plugin/util/MacroProcessorTest.java
 create mode 100644 
agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java
 create mode 100644 
agents-common/src/test/java/org/apache/ranger/plugin/util/ServiceDefUtilTest.java
 delete mode 100644 agents-common/src/test/resources/log4j.xml
 create mode 100644 agents-common/src/test/resources/logback.xml
 create mode 100644 
agents-common/src/test/resources/policyengine/test_policyengine_descendant_tags_deny.json
 create mode 100644 
agents-common/src/test/resources/policyengine/test_policyengine_resource_with_req_expressions.json
 create mode 100644 
agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_quoted.json
 create mode 100644 agents-cred/src/test/resources/logback.xml
 delete mode 100644 dev-support/findbugsIncludeFile.xml
 create mode 100644 dev-support/ranger-docker/Dockerfile.ranger-knox
 create mode 100644 dev-support/ranger-docker/Dockerfile.ranger-tagsync
 create mode 100644 dev-support/ranger-docker/Dockerfile.ranger-usersync
 copy dev-support/ranger-docker/{docker-compose.ranger-kafka.yml => 
docker-compose.ranger-knox.yml} (57%)
 copy dev-support/ranger-docker/{docker-compose.ranger-kafka.yml => 
docker-compose.ranger-tagsync.yml} (52%)
 copy dev-support/ranger-docker/{docker-compose.ranger-kafka.yml => 
docker-compose.ranger-usersync.yml} (52%)
 create mode 100644 dev-support/ranger-docker/scripts/create-ranger-services.py
 delete mode 100644 
dev-support/ranger-docker/scripts/ranger-hbase-service-dev_hbase.py
 delete mode 100644 
dev-support/ranger-docker/scripts/ranger-hdfs-service-dev_hdfs.py
 delete mode 100644 
dev-support/ranger-docker/scripts/ranger-hive-service-dev_hive.py
 delete mode 100644 
dev-support/ranger-docker/scripts/ranger-kafka-service-dev_kafka.py
 rename intg/src/main/resources/log4j.properties => 
dev-support/ranger-docker/scripts/ranger-knox-expect.sh (66%)
 copy dev-support/ranger-docker/scripts/{ranger-hdfs-plugin-install.properties 
=> ranger-knox-plugin-install.properties} (83%)
 create mode 100644 dev-support/ranger-docker/scripts/ranger-knox-sandbox.xml
 rename ranger-examples/sample-client/src/main/resources/log4j.properties => 
dev-support/ranger-docker/scripts/ranger-knox-setup.sh (66%)
 mode change 100644 => 100755
 copy plugin-presto/src/test/resources/log4j.properties => 
dev-support/ranger-docker/scripts/ranger-knox.sh (52%)
 mode change 100644 => 100755
 create mode 100644 
dev-support/ranger-docker/scripts/ranger-tagsync-install.properties
 create mode 100644 dev-support/ranger-docker/scripts/ranger-tagsync-tags.json
 rename plugin-kafka/src/test/resources/log4j.properties => 
dev-support/ranger-docker/scripts/ranger-tagsync.sh (56%)
 mode change 100644 => 100755
 create mode 100644 
dev-support/ranger-docker/scripts/ranger-usersync-install.properties
 rename plugin-presto/src/test/resources/log4j.properties => 
dev-support/ranger-docker/scripts/ranger-usersync.sh (57%)
 mode change 100644 => 100755
 delete mode 100644 
dev-support/ranger-docker/scripts/ranger-yarn-service-dev_yarn.py
 create mode 100644 dev-support/spotbugsIncludeFile.xml
 delete mode 100644 hbase-agent/src/test/resources/log4j.properties
 create mode 100644 hbase-agent/src/test/resources/logback.xml
 delete mode 100644 hdfs-agent/src/test/resources/log4j.properties
 create mode 100644 hdfs-agent/src/test/resources/logback.xml
 delete mode 100644 hive-agent/src/test/resources/log4j.properties
 create mode 100644 hive-agent/src/test/resources/logback.xml
 create mode 100644 intg/src/main/resources/logback.xml
 delete mode 100644 kms/config/kms-webapp/kms-log4j.properties
 create mode 100644 kms/config/kms-webapp/kms-logback.xml
 create mode 100644 kms/scripts/MigrateMKeyStorageDbToGCP.sh
 create mode 100644 
kms/src/main/java/org/apache/hadoop/crypto/key/MigrateDBMKeyToGCP.java
 rename 
kms/src/main/java/org/apache/hadoop/crypto/key/{RangerKeyVaultKeyGenerator.java 
=> RangerAzureKeyVaultKeyGenerator.java} (61%)
 create mode 100644 
kms/src/main/java/org/apache/hadoop/crypto/key/RangerGoogleCloudHSMProvider.java
 create mode 100644 
kms/src/main/java/org/apache/hadoop/crypto/key/RangerTencentKMSProvider.java
 create mode 100644 kms/src/main/resources/META-INF/context.xml
 delete mode 100644 kms/src/main/resources/log4j.properties
 create mode 100644 kms/src/main/resources/logback.xml
 create mode 100644 kms/src/test/resources/logback.xml
 delete mode 100644 knox-agent/src/test/resources/log4j.properties
 create mode 100644 knox-agent/src/test/resources/logback.xml
 delete mode 100644 plugin-atlas/src/test/resource/log4j.properties
 create mode 100644 plugin-atlas/src/test/resource/logback.xml
 create mode 100644 plugin-kafka/src/test/resources/logback.xml
 delete mode 100755 plugin-kms/src/test/resources/kms/kms-log4j.properties
 create mode 100644 plugin-kms/src/test/resources/kms/logback.xml
 delete mode 100644 plugin-kylin/src/test/resources/log4j.properties
 create mode 100644 plugin-kylin/src/test/resources/logback.xml
 create mode 100644 plugin-nifi-registry/src/test/resources/logback.xml
 create mode 100644 plugin-nifi/src/test/resources/logback.xml
 create mode 100644 plugin-presto/src/test/resources/logback.xml
 create mode 100644 plugin-schema-registry/src/test/resources/logback.xml
 delete mode 100644 plugin-sqoop/src/test/resources/log4j.properties
 create mode 100644 plugin-sqoop/src/test/resources/logback.xml
 create mode 100644 
ranger-examples/conditions-enrichers/src/test/resources/logback.xml
 create mode 100644 ranger-examples/sample-client/src/main/resources/logback.xml
 delete mode 100644 ranger-tools/conf/log4j.properties
 create mode 100644 ranger-tools/conf/logback.xml
 create mode 100755 ranger-tools/scripts/create_requests.py
 rename agents-cred/src/test/resources/log4j.properties => 
ranger-tools/scripts/create_tags_file.sh (57%)
 mode change 100644 => 100755
 create mode 100755 ranger-tools/scripts/gen_service_policies.sh
 copy ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractMapper.java 
=> 
ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestConfiguration.java
 (66%)
 delete mode 100644 ranger-tools/src/test/resources/log4j.properties
 create mode 100644 ranger-tools/src/test/resources/logback.xml
 create mode 100644 
security-admin/db/mysql/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
 create mode 100644 
security-admin/db/mysql/patches/058-add-unique-constraint-on-x_policy-table-service-resourcesign-column.sql
 create mode 100644 
security-admin/db/oracle/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
 create mode 100644 
security-admin/db/oracle/patches/058-add-unique-constraint-on-x_policy-table-service-resourcesign-column.sql
 create mode 100644 
security-admin/db/postgres/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
 create mode 100644 
security-admin/db/postgres/patches/058-add-unique-constraint-on-x_policy-table-service-resourcesign-column.sql
 create mode 100644 
security-admin/db/sqlanywhere/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
 create mode 100644 
security-admin/db/sqlanywhere/patches/058-add-unique-constraint-on-x_policy-table-service-resourcesign-column.sql
 create mode 100644 
security-admin/db/sqlserver/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
 create mode 100644 
security-admin/db/sqlserver/patches/058-add-unique-constraint-on-x_policy-table-service-resourcesign-column.sql
 create mode 100644 
security-admin/src/main/java/org/apache/ranger/amazon/cloudwatch/CloudWatchAccessAuditsService.java
 create mode 100644 
security-admin/src/main/java/org/apache/ranger/amazon/cloudwatch/CloudWatchMgr.java
 create mode 100644 
security-admin/src/main/java/org/apache/ranger/amazon/cloudwatch/CloudWatchUtil.java
 copy 
security-admin/src/main/java/org/apache/ranger/patch/{PatchForHiveServiceDefUpdate_J10027.java
 => PatchForOzoneServiceDefConfigUpdate_J10051.java} (66%)
 create mode 100644 
security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java
 create mode 100644 
security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java
 create mode 100644 
security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053.java
 delete mode 100644 
security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelHelper.java
 create mode 100644 
security-admin/src/main/java/org/apache/ranger/view/VXModulePermission.java
 create mode 100644 
security-admin/src/main/java/org/apache/ranger/view/VXModulePermissionList.java
 delete mode 100644 security-admin/src/main/webapp/WEB-INF/log4j.properties
 create mode 100644 security-admin/src/main/webapp/WEB-INF/logback.xml
 delete mode 100644 
security-admin/src/main/webapp/libs/bower/underscore/js/underscore-min.js
 create mode 100644 
security-admin/src/test/java/org/apache/ranger/audit/destination/AmazonCloudWatchAuditDestinationTest.java
 delete mode 100644 tagsync/conf.dist/log4j.properties
 create mode 100644 tagsync/conf.dist/logback.xml
 delete mode 100644 tagsync/src/test/resources/log4j.properties
 create mode 100644 tagsync/src/test/resources/logback.xml
 create mode 100644 ugsync/src/test/resources/logback.xml
 delete mode 100644 unixauthservice/conf.dist/log4j.properties
 create mode 100644 unixauthservice/conf.dist/logback.xml
 delete mode 100644 unixauthservice/src/main/resources/log4j.properties
 create mode 100644 unixauthservice/src/main/resources/logback.xml

Reply via email to