This is an automated email from the ASF dual-hosted git repository.
dhavalshah9131 pushed a change to reference refs/for/master
in repository https://gitbox.apache.org/repos/asf/ranger.git.
from 7e80592 RANGER-3339 : Make Ranger Solr audit collection storage
configurable
add 77862fe RANGER-3381: Upgrade to junit 4.13.1
add 15f5c38 RANGER-3387 : Ranger Admin Header Validation
add 6ee120f RANGER-3400:Include htrace-core.jar in tagsync, usersync and
kms module to avoid startup issue
add 0f0285c RANGER-3368:Ranger HiveAuthorizer improvements to handle
uncharted hive commands-exclude some hive commands from the check for input
output HiveObjects
add e5cd204 RANGER-3397: Update ACL computation to (optionally) expand
Ranger Roles to users and groups and include chained-plugins in ACL computation
- Part 3
add 208367b RANGER-3371: Addendum patch to fix json parsing issue related
to timestamp fields
add cbbed8b RANGER-3371: Addendum patch to add serviceType in policy json
add 885640e RANGER-3407:Handle authorization of Hive Drop database /
table if exists in RangerHiveAuthorizer when database / table doesn't exist
add e276af0 RANGER-3419:compressDeltas method returns two ranger policy
entries for policy create+update case when provided lastKnownVersion is
previous to create call
add 53c9811 RANGER-3404: user with no permissions can access and edit
deligate admin only policies
add 321435f RANGER-3388 : Session Inactivity Timeout: Ranger UI part.
add 18838b6 RANGER-3384: Metric Get API add input validation
add 3af1378 RANGER-3420: resource matcher updated to support quoted
resource names
add 58a104b RANGER-3243:Build fails on JDK 8 and 11
add f40dc24 RANGER-3444: fixed isAccessAllowed() return to reference the
same request object given by the caller
add 5877f32 RANGER-3445:Fix regression in HiveAuthorizer in handling
Handle authorization of Hive Drop database / table if exists
add 91aaff4 RANGER-3447: optimized reading of service-def from database
add 3041d1b RANGER-3446: docker config fix for Ranger admin startup
failure
add dd283ef Refer to Apache Altas version 2.2.0 in ranger repo
add 900eec0 Revert "RANGER-3211: Upgrade libthrift to 0.14.1"
add 7b55dfd RANGER-3245:Use OpenJDK in TravisCI config instead of
OracleJDK
add 30e1c9f RANGER-3285: Fix missing updates to sync source during
upgrades
add f599c91 RANGER-3441:PropertiesUtil (Admin) logging potentially
sensitive data
add 3c6b44e RANGER-3454:Hive command RELOAD FUNCTION failing in Ranger
HiveAuthorization
add 0ffc660 Merge branch 'master' of
https://gitbox.apache.org/repos/asf/ranger
add c33ff07 RANGER-3455 : [Logout-Ranger] Should either be disabled/
should redirect to knox logout page
add 1debdbc RANGER-3397: Update ACL computation to (optionally) expand
Ranger Roles to users and groups and include chained-plugins in ACL computation
- Part 2
add d7a3de1 RANGER-3457 : [Session Timeout-Ranger]With multiple tabs if
one tab encounters session idle timeout other active tab still continues with
old/invalid session cookie.
add db9b264 RANGER-3359: Upgrade json-smart and nimbus-jose-jwt libraries
add d90361d RANGER-3462: User with delegated admin permission on a
resource cannot fetch policy for the resource
add 4715c3e RANGER-3453: Avoid logging sensitive information in
UserMgr.java
add 3977c95 RANGER-3463 : Use apt logger to log messages
add eedbb82 RANGER-3467:Revert RANGER-3368 Ranger HiveAuthorizer
improvements to handle uncharted hive commands
add 871b0dc RANGER-3465 : Upgrade spring-security to 5.5.2
add 7dec301 RANGER-3474:RangerHivePlugin enhancement to handle new Hive
commands
add 4778fd5 RANGER-3421: Key getting logged in RangerMasterKey
add ec7e57e RANGER-3435: Add unique index on guid and service id column
of x_policy table
add b8f8a3e RANGER-3481: Incremental policy updates do not work correctly
for multiple security zones
add db9f9a4 RANGER-3439: REST api to get or delete ranger policy based on
guid and service name
add b8d1543 RANGER-3480: Policy version in access audit is not matching
with the policy version seen in policy view
add b559a1f RANGER-3418 : Rotated Ranger admin access logs aren't getting
removed
add 2ca4551 RANGER-3470 : Ranger - Upgrade commons-io to 2.11.0
add a4121b8 RANGER-3482: fix for Kafka plugin initialization failure -
NoClassDefFoundError htrace
add efe1bcd RANGER-3471 : Upgrade Jetty-client, commons-compress,
poi-ooxml jar
add 4ea9ef6 RANGER-3452: Audit otherAttributes and syncSource for updates
to users/groups.
add 27c32c4 RANGER-2846 RANGER-2847: Fix TestConnection and Resource
lookup for ozone plugin
add ed6ece2 RANGER-3478:Remove INFO level auditing logs in the Ranger
audit frame to reduce verbosity
add c491073 RANGER-3489:Add htrace-core.jar as dependency for various
Ranger Plugins
add 98c0364 RANGER-3332: script evaluator - added test cases for
user/group attribute conditions
add 1639896 RANGER-3433: Null Dereference in ServiceREST getPolicyByName
method
add 5acc0a3 RANGER-3488:Docker setup for Apache Ranger Knox plugin
add 5732060 RANGER-3023: Permission tab takes longer time to load with
large number of users and group_users data
add 1bdf70c RANGER-3416:Update Ranger website for 2.2.0 release
add e256682 RANGER-3509: updateRoles() REST API updated to permit
role-admins
add 5ca622f RANGER-3505: modified code to ignore case while validating a
user for update
add 57c6c24 RANGER-3503: Updated Ozone servicedef to make
hadoop.security.authorization config an optional property. Also added
corresponding upgrade patch
add 63aeb52 RANGER-3510 : Ranger upgrade spring framework version to
5.3.12
add 7d09472 RANGER-3499 : Upgrade tomcat to 8.5.72
add befc6d7 RANGER-3508: enhanced script condition expression for easier
access to user/group/tag/resource attributes
add a0363ea RANGER-3508: enhanced script condition expression for easier
access to user/group/tag/resource attributes
add efee667 Revert "RANGER-3508: enhanced script condition expression for
easier access to user/group/tag/resource attributes"
add dc6dc62 RANGER-3504 : Create framework to execute DB patch dependent
on Java patch
add 8068996 RANGER-3516 : J10045 patch is taking more time during upgrade
add 71888f2 RANGER-3519: Provide an option to optimize space needed by
Trie objects
add d8f674d RANGER-3507:Handle trailing slash in the ranger Hive URL
policy authorization
add 5fb097f RANGER-3514: Java patch to update sync source on upgrades
add b56aa63 RANGER-3515: Enhance Ranger Java client SSL config to be
configured using serviceType and AppId
add 3f82858 RANGER-3522: Improve Tagsync authentication error reporting
add de8f5e1 RANGER-3493: Add unique index on service and
resource_signature column of x_policy table
add 4fdb3af RANGER-3511: Create Java patch to update policy
resource-signature to unique value.
add 856571c RANGER-3490: Make policy resource signature is unique in a
service
add 5d12723 Revert "RANGER-3135: optimze log print for querying roles"
add a6583cf RANGER-3526: policy evaluation ordering to use name as
secondary sorting key
add 3045345 RANGER-3276 Remove duplicate code from buildks
add fe97016 RANGER-3526: policy evaluation ordering to use name as
secondary sorting key - #2
add a7b527b RANGER-3518: Limit the query size stored in Audit logs
add bb9b3cd RANGER-3528 : Ranger Group creation audit is not shown during
service creation
add 6678ef7 RANGER-3468: Fixed an issue where inactivity timeout request
is not handled properly when the requested sessionid is invalid
add 84cdf59 RANGER-3438: Optimized code to extract GroupPrincipals from
javax Subject and used similar logic for retrieving primaryUser &
impersonatedUser from Subject
add 8968eae RANGER-3435: Add unique index on guid, service and zone_id
column of x_policy table
add 185ca1c RANGER-3512 : Create Java patch to update policy guid to
unique value.
add 5852efd RANGER-3519: Provide an option to optimize space needed by
Trie objects - Part 2
add 000e635 RANGER-3439: Add rest api to get or delete ranger policy
based on guid
add 695bedd RANGER-3535: A delegate admin user should be able to add
another user with all or subset of permissions they have
add b61ed9f RANGER-3502: Make GET zone APIs accessible to authorized
users only
add d3af747 RANGER-3538: Reduce the granularity of locking when
building/retrieving a policy-engine within Ranger admin service
add 25def39 RANGER-2967: Add support for Amazon CloudWatch Logs as an
Audit Store
add fcea574 RANGER-3298. Add coarse option for Hive URI permission check
add 0258fcf RANGER-3484:Ranger usersync directory is being created as
root owner
add 00dd3fc RANGER-3298: Add coarse URI check for Hive Agent -PMD fix
add 6554332 RANGER-3490 : Make policy resource signature is unique in a
service part2
add a3d7982 RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT
DEFINED BY RFC 6797
add 3388a41 RANGER-3030: Replace Findbugs with Spotbugs maven plugin
add 07b2931 RANGER-3427: Null Dereference in PublicApis.java
add ce2e3d3 RANGER-3547:Upgrade to use log4j 2.15.0+ version to ensure
that we are using supported version of log4j
add 3b32ec7 RANGER-3548: Update performance engine test scripts
add 4f3806f RANGER-3546:Update Spotbugs plugin Executions cycle
add ec74c53 RANGER-3520: Upgrade Netty version
add ec463f0 RANGER-3547:Upgrade to use log4j 2.16.0+ version to ensure
that we are using supported version of log4j
add 7406d2d RANGER-3554: [Intermittent] API call to fetch the list of
policies for a particular service repo returns a deleted policy in the response
add cc62216 RANGER-3553: Unit test coverage for XUserMgr class
add 64cbfcd RANGER-3543: Remove spotbugs-annotations-3.1.9 from classpath
add dc01126 RANGER-3545: Remove Logger Checks for Info Enabled
add a06bc63 RANGER-3443 : "X-Permitted-Cross-Domain-Policies" header not
set by Ranger UI
add d6f0196 RANGER-3556: Ranger tagsync logs unnecessary messages
add 993cf0d RANGER-3554: [Intermittent] API call to fetch the list of
policies for a particular service repo returns a deleted policy in the response
- Part 2"
add 9f08bbd RANGER-3553: Unit Tests coverage for UserMgr class
add 0f9bfbe RANGER-3557: Upgrade to use log4j 2.17.0+ version to ensure
that we are using supported version of log4j
add e198d01 RANGER-3550: enhancement to support use of user/tag
attributes in row-filter/condition expressions
add 27b2840 RANGER-3533 : Provide sorting on columns throughout the
audits result set and policy listing page
add 71744d3 RANGER-3540: Add support to read audit logs from Amazon
CloudWatch
add bbbc23c RANGER-3290 ArrayIndexOutOfBoundsException if solr is down
add 50959d7 RANGER-3563: fixed plugin installation failure in docker due
to recent changes in RANGER-3540
add ca37ccd RANGER-3564: fixed failure in installation of Ranger plugin
for HDFS
add 8235a8e RANGER-3565: updated RangerRESTClient with option to retry
calls to Ranger admin
add 02b071a RANGER-3559 : RANGER KMS - Metric details for kms are not
getting collected
add df07b0d RANGER-3562: Redesign post commit tasks for updating
ref-tables when policy/role is updated
add 9a034ab RANGER-3571: Fixed a bug in GrantRevokeRoleRequest.toString()
add 26401a9 RANGER-3487 : Update underscorejs with latest version.
add 56bac60 RANGER-3567: support request expressions in policy resources
add dd7c773 RANGER-3562: Redesign post commit tasks for updating
ref-tables when policy/role is updated - Part 2
add 7fd191e RANGER-3573: Add vim in docker base image
add c644abf RANGER-3560: Upgrade kylin version to 2.6.6
add ba917a6 RANGER-3578: Simplify code for policy label creation
add 0f6f4d0 Merge branch 'master' of
https://gitbox.apache.org/repos/asf/ranger
add 78cfc75 RANGER-3561: Upgrade Storm version to 1.2.4
add 277f461 RANGER-3576: service creation is failing intermittently due
to DB unique key constraint violation
add 47617bb RANGER-3584: ServiceTags are not computed correctly by
applying incremental changes to existing ServiceTags
add 20046b2 RANGER-3585: Docker setup to run usersync and tagsync
add 1af1252 RANGER-3569 : Support Ranger KMS integration with Google
cloud HSM
add 1bef752 RANGER-3577 : RANGER : Upgrade POI version to 5.1.0
add 7180910 RANGER-3498: removed log4j-1.x dependency, replaced
references to org.apache.log4j and org.apache.commons.logging with org.slf4j
add c96bc8b RANGER-3586: updated script evaluator to support csv of
group/tag attributes
add 07e74c2 RANGER-3539: Add jacoco-maven-plugin for code coverage
add 6579867 RANGER-3589 : Ranger java patches failing due to admin
privilege checks
add 2925289 Revert "RANGER-3589 : Ranger java patches failing due to
admin privilege checks"
add bfc9c54 RANGER-3589 : Ranger java patches failing due to admin
privilege checks
add 09ec4d9 RANGER-3590 : User with Auditor role in security zone can
change a policy's name and description
add 5d07d12 RANGER-3551: Analyze & optimize module permissions related
API (Part-1)
add c169d6d RANGER-3568 : Services of one zone are seen in other zone
from UI
add d7d58ef RANGER-3498: removed log4j-1.x dependency, replaced
references to org.apache.log4j and org.apache.commons.logging with org.slf4j -
#2
add e5c7ee7 Revert "RANGER-3590 : User with Auditor role in security zone
can change a policy's name and description"
add ba999ed RANGER-3498 : RANGER : Remove log4j1 dependencies.
add 885d12d RANGER-3579: Upgrade Log4j2 to 2.17.1
add 0ed9d51 RANGER-3593: Hive authorizer fix for access to {OWNER} user
add fedd731 RANGER-3552 : Improvement in Module Permission edit page.
add f9b5f6e RANGER-3592: Upgrade Spring framework to 5.3.15
add 5543215 RANGER-3597 :User role should not be able to modify the Policy
add f279656 RANGER-3403: Incorporated review comments and fixed one
regression case where order of roles is not applied properly
add 6a15ce5 RANGER-3594: Ranger setup fails for mariadb/mysql when binary
logging is enabled
add 3ab249a RANGER-3591: Upgrade protobuf-java to 3.19.3
add a2e1ec4 RANGER-3605: added support for macros in row-filter/condition
expressions
add 4d4bf46 RANGER-3606: removed static class members from plugin class
loaders
add 2607038 RANGER-3542: Fix invalid HTTPS check
add a5eee48 RANGER-3607: Add network name for all ranger components
add 07c6875 RANGER-3609: plugins to automatically add userStoreEnricher
when any policy has references to user/group attributes
add 9a2c732 RANGER-3617: incorrect deny for _any access due to tag policy
add be23736 RANGER-3610 Refactor service creation and fix errors during
container restart
add 03f6d3f RANGER-3522: Improve Tagsync authentication error reporting -
Part 2
add a5743e8 RANGER-3614:Make audit log for INSERT, UPDATE, DELETE,
TRUNCATE statement of hive table recognizable
add 5f8d001 RANGER-3625: fixed incorrect LOG.isDebugEnabled() condition
in RangerHiveAuthorizer
new 5221f83 add TencentKMS as MasterKeyProvider
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.travis.yml | 44 +-
agents-audit/pom.xml | 80 +-
.../AmazonCloudWatchAuditDestination.java | 198 ++
.../ranger/audit/destination/AuditDestination.java | 6 +-
.../destination/ElasticSearchAuditDestination.java | 8 +-
.../audit/destination/FileAuditDestination.java | 8 +-
.../audit/destination/HDFSAuditDestination.java | 19 +-
.../audit/destination/Log4JAuditDestination.java | 12 +-
.../audit/destination/SolrAuditDestination.java | 12 +-
.../ranger/audit/provider/AsyncAuditProvider.java | 6 +-
.../audit/provider/AuditFileCacheProvider.java | 6 +-
.../audit/provider/AuditProviderFactory.java | 18 +-
.../ranger/audit/provider/AuditWriterFactory.java | 6 +-
.../ranger/audit/provider/BaseAuditHandler.java | 66 +-
.../ranger/audit/provider/Log4jAuditProvider.java | 8 +-
.../apache/ranger/audit/provider/Log4jTracer.java | 6 +-
.../org/apache/ranger/audit/provider/MiscUtil.java | 97 +-
.../audit/provider/MultiDestAuditProvider.java | 8 +-
.../provider/StandAloneAuditProviderFactory.java | 6 +-
.../audit/provider/hdfs/HdfsAuditProvider.java | 6 +-
.../audit/provider/kafka/KafkaAuditProvider.java | 8 +-
.../audit/provider/solr/SolrAuditProvider.java | 10 +-
.../apache/ranger/audit/queue/AuditAsyncQueue.java | 10 +-
.../apache/ranger/audit/queue/AuditBatchQueue.java | 10 +-
.../audit/queue/AuditFileCacheProviderSpool.java | 20 +-
.../apache/ranger/audit/queue/AuditFileQueue.java | 6 +-
.../ranger/audit/queue/AuditFileQueueSpool.java | 20 +-
.../apache/ranger/audit/queue/AuditFileSpool.java | 20 +-
.../org/apache/ranger/audit/queue/AuditQueue.java | 8 +-
.../ranger/audit/queue/AuditSummaryQueue.java | 12 +-
.../org/apache/ranger/audit/test/TestEvents.java | 9 +-
.../audit/utils/AbstractRangerAuditWriter.java | 15 +-
.../apache/ranger/audit/utils/KerberosAction.java | 6 +-
.../org/apache/ranger/audit/utils/ORCFileUtil.java | 6 +-
.../ranger/audit/utils/RangerJSONAuditWriter.java | 9 +-
.../ranger/audit/utils/RangerORCAuditWriter.java | 6 +-
agents-common/conf/log4j.properties | 33 -
agents-common/conf/logback.xml | 32 +
agents-common/pom.xml | 40 +-
.../apache/hadoop/security/SecureClientLogin.java | 6 +-
.../ranger/admin/client/RangerAdminRESTClient.java | 17 +-
.../ranger/admin/client/datatype/RESTResponse.java | 5 +-
.../hadoop/config/RangerAdminConfig.java | 5 +-
.../hadoop/config/RangerAuditConfig.java | 5 +-
.../hadoop/config/RangerChainedPluginConfig.java | 6 +-
.../hadoop/config/RangerConfiguration.java | 10 +-
.../hadoop/config/RangerLegacyConfigBuilder.java | 5 +-
.../hadoop/config/RangerPluginConfig.java | 7 +-
.../hadoop/constants/RangerHadoopConstants.java | 2 +
.../ranger/authorization/utils/JsonUtils.java | 6 +-
.../plugin/audit/RangerDefaultAuditHandler.java | 6 +-
.../audit/RangerMultiResourceAuditHandler.java | 6 +-
.../apache/ranger/plugin/client/BaseClient.java | 6 +-
.../ranger/plugin/client/HadoopConfigHolder.java | 6 +-
.../RangerAccessedFromClusterCondition.java | 6 +-
.../RangerAccessedFromClusterTypeCondition.java | 7 +-
.../RangerAccessedNotFromClusterCondition.java | 6 +-
.../RangerAccessedNotFromClusterTypeCondition.java | 6 +-
...AnyOfExpectedTagsPresentConditionEvaluator.java | 12 +-
.../RangerContextAttributeValueInCondition.java | 6 +-
.../RangerContextAttributeValueNotInCondition.java | 6 +-
...ngerHiveResourcesAccessedTogetherCondition.java | 6 +-
...rHiveResourcesNotAccessedTogetherCondition.java | 6 +-
.../plugin/conditionevaluator/RangerIpMatcher.java | 6 +-
...oneOfExpectedTagsPresentConditionEvaluator.java | 15 +-
.../RangerScriptConditionEvaluator.java | 135 +-
.../RangerScriptExecutionContext.java | 548 ----
.../RangerScriptTemplateConditionEvaluator.java | 6 +-
.../RangerTagsAllPresentConditionEvaluator.java | 12 +-
.../conditionevaluator/RangerTimeOfDayMatcher.java | 6 +-
.../RangerAbstractContextEnricher.java | 6 +-
.../RangerAbstractGeolocationProvider.java | 6 +-
.../contextenricher/RangerAdminTagRetriever.java | 6 +-
.../RangerAdminUserStoreRetriever.java | 6 +-
.../RangerFileBasedTagRetriever.java | 15 +-
.../plugin/contextenricher/RangerTagEnricher.java | 20 +-
.../plugin/contextenricher/RangerTagForEval.java | 6 +-
.../contextenricher/RangerUserStoreEnricher.java | 31 +-
.../contextenricher/RangerUserStoreRefresher.java | 10 +-
.../ranger/plugin/errors/ValidationErrorCode.java | 6 +-
.../ranger/plugin/geo/GeolocationMetadata.java | 6 +-
.../ranger/plugin/geo/RangerGeolocationData.java | 6 +-
.../plugin/geo/RangerGeolocationDatabase.java | 6 +-
.../org/apache/ranger/plugin/geo/ValuePrinter.java | 6 +-
.../model/RangerPolicyResourceSignature.java | 15 +-
.../plugin/model/RangerSecurityZoneHeaderInfo.java | 55 +
.../plugin/model/RangerServiceHeaderInfo.java | 67 +
.../model/validation/RangerPolicyValidator.java | 41 +-
.../model/validation/RangerRoleValidator.java | 6 +-
.../validation/RangerSecurityZoneValidator.java | 6 +-
.../model/validation/RangerServiceDefHelper.java | 6 +-
.../validation/RangerServiceDefValidator.java | 6 +-
.../model/validation/RangerServiceValidator.java | 6 +-
.../plugin/model/validation/RangerValidator.java | 27 +-
.../RangerValidityScheduleValidator.java | 6 +-
.../validation/RangerZoneResourceMatcher.java | 6 +-
.../model/validation/ValidationFailureDetails.java | 6 +-
.../ranger/plugin/policyengine/CacheMap.java | 6 +-
.../ranger/plugin/policyengine/PolicyEngine.java | 30 +-
.../policyengine/RangerAccessRequestImpl.java | 24 +-
.../plugin/policyengine/RangerPluginContext.java | 6 +-
.../policyengine/RangerPolicyEngineImpl.java | 20 +-
.../policyengine/RangerPolicyEngineOptions.java | 32 +-
.../policyengine/RangerPolicyRepository.java | 36 +-
.../policyengine/RangerRequestScriptEvaluator.java | 1058 +++++++
.../plugin/policyengine/RangerResourceACLs.java | 6 +-
.../plugin/policyengine/RangerResourceTrie.java | 75 +-
.../RangerAbstractPolicyEvaluator.java | 6 +-
.../RangerAuditPolicyEvaluator.java | 6 +-
.../RangerCustomConditionEvaluator.java | 12 +-
.../RangerDefaultPolicyEvaluator.java | 40 +-
.../RangerDefaultPolicyItemEvaluator.java | 12 +-
.../RangerDefaultRowFilterPolicyItemEvaluator.java | 30 +-
.../RangerOptimizedPolicyEvaluator.java | 6 +-
.../policyevaluator/RangerPolicyEvaluator.java | 20 +-
.../RangerValidityScheduleEvaluator.java | 8 +-
.../RangerDefaultPolicyResourceMatcher.java | 10 +-
.../RangerAbstractResourceMatcher.java | 169 +-
.../RangerDefaultResourceMatcher.java | 6 +-
.../resourcematcher/RangerPathResourceMatcher.java | 42 +-
.../resourcematcher/RangerURLResourceMatcher.java | 42 +-
.../plugin/resourcematcher/ResourceMatcher.java | 55 +-
.../ranger/plugin/service/RangerBasePlugin.java | 89 +-
.../ranger/plugin/service/RangerBaseService.java | 6 +-
.../ranger/plugin/service/RangerChainedPlugin.java | 6 +-
.../service/RangerDefaultRequestProcessor.java | 12 +
.../plugin/service/RangerDefaultService.java | 6 +-
.../ranger/plugin/store/AbstractServiceStore.java | 6 +-
.../plugin/store/EmbeddedServiceDefsUtil.java | 10 +-
.../plugin/store/file/GeolocationFileStore.java | 6 +-
.../apache/ranger/plugin/util/DownloaderTask.java | 6 +-
.../ranger/plugin/util/GrantRevokeRoleRequest.java | 2 +-
.../apache/ranger/plugin/util/MacroProcessor.java | 86 +
.../ranger/plugin/util/PerfDataRecorder.java | 8 +-
.../apache/ranger/plugin/util/PolicyRefresher.java | 10 +-
.../plugin/util/RangerAccessRequestUtil.java | 36 +-
.../ranger/plugin/util/RangerCommonConstants.java | 49 +-
.../ranger/plugin/util/RangerMetricsUtil.java | 5 +-
.../plugin/util/RangerPerfCollectorTracer.java | 4 +-
.../ranger/plugin/util/RangerPerfTracer.java | 20 +-
.../plugin/util/RangerPerfTracerFactory.java | 4 +-
.../ranger/plugin/util/RangerPluginCapability.java | 3 +-
.../ranger/plugin/util/RangerPolicyDeltaUtil.java | 12 +-
.../ranger/plugin/util/RangerRESTClient.java | 158 +-
.../apache/ranger/plugin/util/RangerRESTUtils.java | 9 +-
.../plugin/util/RangerRequestExprResolver.java | 189 ++
.../ranger/plugin/util/RangerRolesProvider.java | 10 +-
.../plugin/util/RangerServiceTagsDeltaUtil.java | 69 +-
.../apache/ranger/plugin/util/RangerSslHelper.java | 6 +-
.../ranger/plugin/util/ScriptEngineUtil.java | 82 +
.../apache/ranger/plugin/util/ServiceDefUtil.java | 249 +-
.../apache/ranger/plugin/util/ServicePolicies.java | 6 +-
.../org/apache/ranger/plugin/util/ServiceTags.java | 48 +
.../ranger/plugin/util/StringTokenReplacer.java | 7 +-
.../org/apache/ranger/plugin/util/XMLUtils.java | 5 +-
.../ranger/services/tag/RangerServiceTag.java | 6 +-
.../service-defs/ranger-servicedef-ozone.json | 2 +-
.../RangerCustomConditionMatcherTest.java | 77 +-
.../RangerRequestScriptEvaluatorTest.java | 192 ++
.../conditionevaluator/RangerSimpleMatcher.java | 6 +-
.../model/TestRangerPolicyResourceSignature.java | 18 +
.../validation/TestRangerPolicyValidator.java | 24 +-
.../model/validation/TestRangerValidator.java | 4 +-
.../ranger/plugin/policyengine/TestCacheMap.java | 6 +-
.../plugin/policyengine/TestPolicyEngine.java | 27 +
.../plugin/policyengine/TestProjectProvider.java | 6 +-
.../TestDefaultPolicyResourceMatcher.java | 7 +
.../ranger/plugin/util/MacroProcessorTest.java | 56 +
.../plugin/util/RangerRequestExprResolverTest.java | 170 ++
.../ranger/plugin/util/ServiceDefUtilTest.java | 355 +++
agents-common/src/test/resources/log4j.xml | 102 -
agents-common/src/test/resources/logback.xml | 43 +
.../plugin/test_plugin_capability.json | 4 +-
.../policyengine/test_aclprovider_mask_filter.json | 22 +-
.../test_policyengine_descendant_tags.json | 4 +-
.../test_policyengine_descendant_tags_deny.json | 107 +
.../policyengine/test_policyengine_hive.json | 20 +-
...policyengine_resource_with_req_expressions.json | 113 +
.../test_policyengine_tag_hive_filebased.json | 2 +-
...t_policyengine_tag_hive_for_show_databases.json | 4 +-
.../test_defaultpolicyresourcematcher_quoted.json | 1035 +++++++
agents-cred/pom.xml | 45 +-
.../hadoop/utils/RangerCredentialProvider.java | 6 +-
agents-cred/src/test/resources/logback.xml | 32 +
agents-installer/pom.xml | 10 +
credentialbuilder/pom.xml | 55 +-
.../ranger/credentialapi/CredentialReader.java | 2 +-
.../org/apache/ranger/credentialapi/buildks.java | 7 -
dev-support/findbugsIncludeFile.xml | 25 -
dev-support/ranger-docker/.dockerignore | 3 +
dev-support/ranger-docker/.env | 3 +-
dev-support/ranger-docker/Dockerfile.ranger | 6 +-
dev-support/ranger-docker/Dockerfile.ranger-base | 4 +-
dev-support/ranger-docker/Dockerfile.ranger-knox | 49 +
.../ranger-docker/Dockerfile.ranger-tagsync | 39 +
.../ranger-docker/Dockerfile.ranger-usersync | 36 +
dev-support/ranger-docker/README.md | 10 +-
.../ranger-docker/docker-compose.ranger-base.yml | 2 +
.../ranger-docker/docker-compose.ranger-build.yml | 1 +
.../ranger-docker/docker-compose.ranger-hadoop.yml | 1 +
.../ranger-docker/docker-compose.ranger-hbase.yml | 1 +
.../ranger-docker/docker-compose.ranger-hive.yml | 1 +
.../ranger-docker/docker-compose.ranger-kafka.yml | 3 +
...er-kafka.yml => docker-compose.ranger-knox.yml} | 17 +-
...kafka.yml => docker-compose.ranger-tagsync.yml} | 15 +-
...afka.yml => docker-compose.ranger-usersync.yml} | 15 +-
.../ranger-docker/docker-compose.ranger.yml | 1 +
dev-support/ranger-docker/download-archives.sh | 1 +
.../scripts/create-ranger-services.py | 65 +
.../scripts/ranger-admin-install.properties | 1 +
.../ranger-docker/scripts/ranger-hadoop-mkdir.sh | 2 +
.../ranger-docker/scripts/ranger-hadoop-setup.sh | 4 +
.../scripts/ranger-hbase-plugin-install.properties | 6 +
.../scripts/ranger-hbase-service-dev_hbase.py | 8 -
.../scripts/ranger-hdfs-plugin-install.properties | 6 +
.../scripts/ranger-hdfs-service-dev_hdfs.py | 8 -
.../scripts/ranger-hive-plugin-install.properties | 6 +
.../scripts/ranger-hive-service-dev_hive.py | 8 -
.../scripts/ranger-kafka-plugin-install.properties | 6 +
.../scripts/ranger-kafka-service-dev_kafka.py | 8 -
.../ranger-docker/scripts/ranger-knox-expect.sh | 24 +-
...rties => ranger-knox-plugin-install.properties} | 22 +-
.../ranger-docker/scripts/ranger-knox-sandbox.xml | 175 ++
.../ranger-docker/scripts/ranger-knox-setup.sh | 27 +-
.../ranger-docker/scripts/ranger-knox.sh | 35 +-
.../scripts/ranger-tagsync-install.properties | 130 +
.../ranger-docker/scripts/ranger-tagsync-tags.json | 50 +
.../ranger-docker/scripts/ranger-tagsync.sh | 35 +-
.../scripts/ranger-usersync-install.properties | 237 ++
.../ranger-docker/scripts/ranger-usersync.sh | 33 +-
.../scripts/ranger-yarn-plugin-install.properties | 6 +
.../scripts/ranger-yarn-service-dev_yarn.py | 8 -
dev-support/ranger-docker/scripts/ranger.sh | 7 +-
dev-support/spotbugsIncludeFile.xml | 63 +
distro/src/main/assembly/admin-web.xml | 29 +-
distro/src/main/assembly/hbase-agent.xml | 2 +
distro/src/main/assembly/hdfs-agent.xml | 3 +
distro/src/main/assembly/hive-agent.xml | 1 +
distro/src/main/assembly/kms.xml | 52 +-
distro/src/main/assembly/knox-agent.xml | 5 +
distro/src/main/assembly/plugin-atlas.xml | 2 +
distro/src/main/assembly/plugin-kafka.xml | 3 +-
distro/src/main/assembly/plugin-kylin.xml | 1 +
distro/src/main/assembly/plugin-ozone.xml | 17 +-
distro/src/main/assembly/plugin-presto.xml | 2 +
distro/src/main/assembly/plugin-solr.xml | 1 +
distro/src/main/assembly/plugin-sqoop.xml | 1 +
distro/src/main/assembly/ranger-tools.xml | 24 +
distro/src/main/assembly/sample-client.xml | 2 +-
distro/src/main/assembly/tagsync.xml | 7 +-
distro/src/main/assembly/usersync.xml | 7 +-
docs/src/site/site.xml | 2 +
docs/src/site/xdoc/download.xml | 22 +-
embeddedwebserver/pom.xml | 42 +-
embeddedwebserver/scripts/ranger-admin-services.sh | 4 +-
.../ranger/server/tomcat/EmbeddedServer.java | 13 +-
.../server/tomcat/SolrCollectionBootstrapper.java | 6 +-
hbase-agent/conf/ranger-hbase-audit-changes.cfg | 6 +
hbase-agent/pom.xml | 106 +
hbase-agent/scripts/install.properties | 13 +
.../authorization/hbase/AuthorizationSession.java | 6 +-
.../ranger/authorization/hbase/ColumnIterator.java | 6 +-
.../authorization/hbase/HbaseAuditHandlerImpl.java | 6 +-
.../authorization/hbase/HbaseAuthUtilsImpl.java | 6 +-
.../authorization/hbase/HbaseUserUtilsImpl.java | 6 +-
.../hbase/RangerAuthorizationCoprocessor.java | 10 +-
.../hbase/RangerAuthorizationFilter.java | 6 +-
.../ranger/services/hbase/RangerServiceHBase.java | 6 +-
.../ranger/services/hbase/client/HBaseClient.java | 6 +-
.../services/hbase/client/HBaseConnectionMgr.java | 5 +-
.../services/hbase/client/HBaseResourceMgr.java | 6 +-
.../hbase/HBaseRangerAuthorizationTest.java | 6 +-
hbase-agent/src/test/resources/log4j.properties | 35 -
hbase-agent/src/test/resources/logback.xml | 32 +
hdfs-agent/conf/ranger-hdfs-audit-changes.cfg | 6 +
hdfs-agent/pom.xml | 66 +-
hdfs-agent/scripts/install.properties | 13 +
.../authorization/hadoop/RangerHdfsAuthorizer.java | 12 +-
.../ranger/services/hdfs/RangerServiceHdfs.java | 6 +-
.../ranger/services/hdfs/client/HdfsClient.java | 6 +-
.../services/hdfs/client/HdfsConnectionMgr.java | 5 +-
.../services/hdfs/client/HdfsResourceMgr.java | 5 +-
hdfs-agent/src/test/resources/log4j.properties | 34 -
hdfs-agent/src/test/resources/logback.xml | 32 +
hive-agent/conf/ranger-hive-audit-changes.cfg | 6 +
hive-agent/conf/ranger-hive-security.xml | 8 +
hive-agent/pom.xml | 88 +
hive-agent/scripts/install.properties | 13 +
.../hive/authorizer/RangerHiveAuditHandler.java | 88 +-
.../hive/authorizer/RangerHiveAuthorizer.java | 321 +-
.../hive/authorizer/RangerHiveAuthorizerBase.java | 6 +-
.../hive/authorizer/RangerHivePolicyProvider.java | 10 +-
.../hive/authorizer/RangerHiveResource.java | 16 +-
.../ranger/services/hive/RangerServiceHive.java | 6 +-
.../ranger/services/hive/client/HiveClient.java | 6 +-
.../services/hive/client/HiveConnectionMgr.java | 5 +-
.../services/hive/client/HiveResourceMgr.java | 5 +-
hive-agent/src/test/resources/log4j.properties | 34 -
hive-agent/src/test/resources/logback.xml | 32 +
intg/pom.xml | 10 +
.../main/java/org/apache/ranger/RangerClient.java | 16 +-
intg/src/main/resources/logback.xml | 32 +
kms/config/kms-webapp/dbks-site.xml | 70 +-
kms/config/kms-webapp/kms-log4j.properties | 40 -
kms/config/kms-webapp/kms-logback.xml | 67 +
kms/pom.xml | 180 +-
kms/scripts/MigrateMKeyStorageDbToGCP.sh | 46 +
kms/scripts/install.properties | 28 +-
kms/scripts/ranger-kms | 10 +-
kms/scripts/setup.sh | 136 +-
.../key/AzureKeyVaultClientAuthenticator.java | 38 +-
.../hadoop/crypto/key/DBToAzureKeyVault.java | 2 +-
.../apache/hadoop/crypto/key/JKS2RangerUtil.java | 4 +-
.../hadoop/crypto/key/MigrateDBMKeyToGCP.java | 118 +
...r.java => RangerAzureKeyVaultKeyGenerator.java} | 89 +-
.../crypto/key/RangerGoogleCloudHSMProvider.java | 216 ++
.../org/apache/hadoop/crypto/key/RangerHSM.java | 5 +-
.../org/apache/hadoop/crypto/key/RangerKMSDB.java | 5 +-
.../org/apache/hadoop/crypto/key/RangerKMSMKI.java | 8 +
.../apache/hadoop/crypto/key/RangerKeyStore.java | 53 +-
.../hadoop/crypto/key/RangerKeyStoreProvider.java | 183 +-
.../apache/hadoop/crypto/key/RangerMasterKey.java | 144 +-
.../hadoop/crypto/key/RangerSafenetKeySecure.java | 21 +-
.../crypto/key/RangerTencentKMSProvider.java | 135 +
.../hadoop/crypto/key/kms/server/KMSMDCFilter.java | 8 +-
.../crypto/key/kms/server/KMSMetricUtil.java | 34 +-
.../hadoop/crypto/key/kms/server/KMSWebApp.java | 34 +-
.../java/org/apache/ranger/kms/dao/BaseDao.java | 5 +-
.../org/apache/ranger/kms/dao/DaoManagerBase.java | 5 +-
kms/src/main/resources/META-INF/context.xml | 20 +
kms/src/main/resources/log4j.properties | 31 -
kms/src/main/resources/logback.xml | 35 +
.../hadoop/crypto/key/kms/server/TestKMSAudit.java | 12 +-
kms/src/test/resources/logback.xml | 29 +
knox-agent/conf/ranger-knox-audit-changes.cfg | 6 +
knox-agent/pom.xml | 79 +
knox-agent/scripts/install.properties | 13 +
.../admin/client/RangerAdminJersey2RESTClient.java | 152 +-
.../authorization/knox/RangerPDPKnoxFilter.java | 33 +-
.../ranger/services/knox/RangerServiceKnox.java | 6 +-
.../ranger/services/knox/client/KnoxClient.java | 6 +-
.../services/knox/client/KnoxConnectionMgr.java | 5 +-
.../services/knox/client/KnoxResourceMgr.java | 5 +-
knox-agent/src/test/resources/log4j.properties | 31 -
knox-agent/src/test/resources/logback.xml | 32 +
plugin-atlas/conf/ranger-atlas-audit-changes.cfg | 7 +
plugin-atlas/pom.xml | 10 +
plugin-atlas/scripts/install.properties | 13 +
.../atlas/authorizer/RangerAtlasAuthorizer.java | 8 +-
.../ranger/services/atlas/RangerServiceAtlas.java | 6 +-
plugin-atlas/src/test/resource/log4j.properties | 34 -
plugin-atlas/src/test/resource/logback.xml | 32 +
.../conf/ranger-elasticsearch-audit-changes.cfg | 6 +
plugin-elasticsearch/pom.xml | 11 +
plugin-elasticsearch/scripts/install.properties | 13 +
.../elasticsearch/client/ElasticsearchClient.java | 5 +-
.../client/ElasticsearchResourceMgr.java | 5 +-
plugin-kafka/conf/ranger-kafka-audit-changes.cfg | 6 +
plugin-kafka/pom.xml | 40 +-
plugin-kafka/scripts/install.properties | 13 +
.../kafka/authorizer/RangerKafkaAuditHandler.java | 6 +-
.../kafka/authorizer/RangerKafkaAuthorizer.java | 14 +-
.../ranger/services/kafka/RangerServiceKafka.java | 6 +-
.../services/kafka/client/ServiceKafkaClient.java | 5 +-
plugin-kafka/src/test/resources/logback.xml | 32 +
plugin-kms/conf/ranger-kms-audit-changes.cfg | 6 +
.../kms/authorizer/RangerKmsAuthorizer.java | 3 +-
.../ranger/services/kms/RangerServiceKMS.java | 6 +-
.../ranger/services/kms/client/KMSClient.java | 5 +-
.../services/kms/client/KMSConnectionMgr.java | 5 +-
.../ranger/services/kms/client/KMSResourceMgr.java | 5 +-
.../kms/authorizer/RangerKmsAuthorizerTest.java | 29 +-
.../src/test/resources/kms/kms-log4j.properties | 40 -
plugin-kms/src/test/resources/kms/logback.xml | 56 +
plugin-kylin/conf/ranger-kylin-audit-changes.cfg | 6 +
plugin-kylin/pom.xml | 47 +
plugin-kylin/scripts/install.properties | 13 +
.../kylin/authorizer/RangerKylinAuthorizer.java | 6 +-
.../ranger/services/kylin/RangerServiceKylin.java | 6 +-
.../ranger/services/kylin/client/KylinClient.java | 5 +-
.../services/kylin/client/KylinResourceMgr.java | 5 +-
plugin-kylin/src/test/resources/log4j.properties | 34 -
plugin-kylin/src/test/resources/logback.xml | 32 +
.../nifi/registry/RangerServiceNiFiRegistry.java | 6 +-
.../nifi/registry/client/NiFiRegistryClient.java | 6 +-
.../registry/client/NiFiRegistryConnectionMgr.java | 6 +-
.../src/test/resources/logback.xml | 32 +
.../ranger/services/nifi/RangerServiceNiFi.java | 6 +-
.../ranger/services/nifi/client/NiFiClient.java | 6 +-
.../services/nifi/client/NiFiConnectionMgr.java | 6 +-
plugin-nifi/src/test/resources/logback.xml | 32 +
plugin-ozone/conf/ranger-ozone-audit-changes.cfg | 6 +
plugin-ozone/pom.xml | 41 +
plugin-ozone/scripts/install.properties | 13 +
.../ozone/authorizer/RangerOzoneAuthorizer.java | 12 +-
.../ranger/services/ozone/RangerServiceOzone.java | 6 +-
.../ranger/services/ozone/client/OzoneClient.java | 110 +-
.../services/ozone/client/OzoneConnectionMgr.java | 22 +-
.../services/ozone/client/OzoneResourceMgr.java | 5 +-
plugin-presto/conf/ranger-presto-audit-changes.cfg | 6 +
plugin-presto/pom.xml | 25 +
plugin-presto/scripts/install.properties | 13 +
.../services/presto/RangerServicePresto.java | 6 +-
.../services/presto/client/PrestoClient.java | 6 +-
.../presto/client/PrestoConnectionManager.java | 5 +-
.../presto/client/PrestoResourceManager.java | 6 +-
plugin-presto/src/test/resources/logback.xml | 32 +
plugin-schema-registry/pom.xml | 42 +-
.../registry/RangerServiceSchemaRegistry.java | 6 +-
.../registry/client/AutocompletionAgent.java | 6 +-
.../registry/client/SchemaRegistryResourceMgr.java | 6 +-
.../connection/DefaultSchemaRegistryClient.java | 6 +-
.../client/connection/util/SecurityUtils.java | 6 +-
.../src/test/resources/logback.xml | 32 +
plugin-solr/conf/ranger-solr-audit-changes.cfg | 6 +
plugin-solr/pom.xml | 40 +
plugin-solr/scripts/install.properties | 13 +
.../solr/authorizer/RangerSolrAuthorizer.java | 12 +-
.../ranger/services/solr/RangerServiceSolr.java | 6 +-
.../services/solr/client/ServiceSolrClient.java | 5 +-
plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg | 6 +
plugin-sqoop/pom.xml | 26 +
plugin-sqoop/scripts/install.properties | 13 +
.../sqoop/authorizer/RangerSqoopAuthorizer.java | 6 +-
.../ranger/services/sqoop/RangerServiceSqoop.java | 6 +-
.../ranger/services/sqoop/client/SqoopClient.java | 5 +-
.../services/sqoop/client/SqoopResourceMgr.java | 5 +-
plugin-sqoop/src/test/resources/log4j.properties | 34 -
plugin-sqoop/src/test/resources/logback.xml | 32 +
plugin-yarn/conf/ranger-yarn-audit-changes.cfg | 6 +
plugin-yarn/pom.xml | 18 +-
plugin-yarn/scripts/install.properties | 13 +
.../yarn/authorizer/RangerYarnAuthorizer.java | 10 +-
.../ranger/services/yarn/RangerServiceYarn.java | 6 +-
.../ranger/services/yarn/client/YarnClient.java | 5 +-
.../services/yarn/client/YarnResourceMgr.java | 5 +-
pom.xml | 109 +-
ranger-atlas-plugin-shim/pom.xml | 17 +-
.../atlas/authorizer/RangerAtlasAuthorizer.java | 4 +-
ranger-elasticsearch-plugin-shim/pom.xml | 12 +-
.../authorizer/RangerElasticsearchAuthorizer.java | 5 +-
.../RangerPolicyConditionSampleSimpleMatcher.java | 6 +-
.../RangerSampleSimpleMatcher.java | 6 +-
.../RangerSampleCountryProvider.java | 6 +-
.../RangerSampleProjectProvider.java | 6 +-
.../src/test/resources/logback.xml | 32 +
.../distro/src/main/assembly/plugin-sampleapp.xml | 1 -
.../distro/src/main/assembly/sample-client.xml | 3 +-
ranger-examples/plugin-sampleapp/pom.xml | 24 +
ranger-examples/sample-client/pom.xml | 9 +-
.../sample-client/scripts/run-sample-client.sh | 4 +-
.../sample-client/src/main/resources/logback.xml | 32 +
ranger-examples/sampleapp/pom.xml | 12 +-
.../ranger/examples/sampleapp/SampleApp.java | 6 +-
ranger-hbase-plugin-shim/pom.xml | 22 +
.../hbase/RangerAuthorizationCoprocessor.java | 11 +-
ranger-hdfs-plugin-shim/pom.xml | 47 +-
.../authorization/hadoop/RangerHdfsAuthorizer.java | 10 +-
ranger-hive-plugin-shim/pom.xml | 79 +-
.../authorizer/RangerHiveAuthorizerFactory.java | 6 +-
ranger-kafka-plugin-shim/pom.xml | 10 +
.../kafka/authorizer/RangerKafkaAuthorizer.java | 9 +-
.../kms/authorizer/RangerKmsAuthorizer.java | 15 +-
ranger-knox-plugin-shim/pom.xml | 10 +
.../authorization/knox/RangerPDPKnoxFilter.java | 10 +-
ranger-kylin-plugin-shim/pom.xml | 9 +
.../kylin/authorizer/RangerKylinAuthorizer.java | 10 +-
ranger-ozone-plugin-shim/pom.xml | 38 +-
.../ozone/authorizer/RangerOzoneAuthorizer.java | 11 +-
ranger-plugin-classloader/pom.xml | 9 +-
.../classloader/RangerPluginClassLoader.java | 211 +-
.../classloader/RangerPluginClassLoaderUtil.java | 3 -
ranger-presto-plugin-shim/pom.xml | 39 +
ranger-solr-plugin-shim/pom.xml | 40 +
.../solr/authorizer/RangerSolrAuthorizer.java | 14 +-
ranger-sqoop-plugin-shim/pom.xml | 16 +
.../sqoop/authorizer/RangerSqoopAuthorizer.java | 10 +-
ranger-storm-plugin-shim/pom.xml | 62 +
.../storm/authorizer/RangerStormAuthorizer.java | 4 +-
ranger-tools/conf/log4j.properties | 42 -
ranger-tools/conf/logback.xml | 34 +
ranger-tools/pom.xml | 5 -
ranger-tools/scripts/create_requests.py | 42 +
.../scripts/create_tags_file.sh | 40 +-
ranger-tools/scripts/gen_service_policies.sh | 475 +++
ranger-tools/scripts/gen_service_tags.sh | 64 +-
.../ranger/policyengine/CommandLineParser.java | 6 +-
.../apache/ranger/policyengine/PerfTestClient.java | 6 +-
.../ranger/policyengine/PerfTestConfiguration.java | 25 +-
.../apache/ranger/policyengine/PerfTestEngine.java | 13 +-
.../ranger/policyengine/PerfTestOptions.java | 11 +
.../policyengine/RangerPolicyenginePerfTester.java | 34 +-
ranger-tools/src/test/resources/log4j.properties | 52 -
ranger-tools/src/test/resources/logback.xml | 34 +
.../src/test/resources/testdata/ranger-config.xml | 13 +
.../resources/testdata/test_requests_hive.json | 4 +-
ranger-tools/testdata/ranger-config.xml | 15 +-
ranger-yarn-plugin-shim/pom.xml | 16 +
.../yarn/authorizer/RangerYarnAuthorizer.java | 10 +-
.../optimized/current/ranger_core_db_mysql.sql | 162 +-
.../db/mysql/patches/013-permissionmodel.sql | 23 +-
.../patches/037-create-security-zone-schema.sql | 49 +-
...6-insert-statename-in-x-ranger-global-state.sql | 19 +-
...raint-on-x_policy-table-guid-service-column.sql | 32 +
...-x_policy-table-service-resourcesign-column.sql | 32 +
.../optimized/current/ranger_core_db_oracle.sql | 8 +
...raint-on-x_policy-table-guid-service-column.sql | 31 +
...-x_policy-table-service-resourcesign-column.sql | 32 +
.../optimized/current/ranger_core_db_postgres.sql | 8 +
...raint-on-x_policy-table-guid-service-column.sql | 38 +
...-x_policy-table-service-resourcesign-column.sql | 33 +
.../current/ranger_core_db_sqlanywhere.sql | 20 +-
...raint-on-x_policy-table-guid-service-column.sql | 22 +
...-x_policy-table-service-resourcesign-column.sql | 32 +
.../optimized/current/ranger_core_db_sqlserver.sql | 14 +
...raint-on-x_policy-table-guid-service-column.sql | 30 +
...-x_policy-table-service-resourcesign-column.sql | 28 +
security-admin/pom.xml | 167 +-
security-admin/scripts/changepasswordutil.py | 2 +-
security-admin/scripts/changeusernameutil.py | 2 +-
security-admin/scripts/db_setup.py | 77 +-
security-admin/scripts/install.properties | 7 +-
.../scripts/ranger-admin-site-template.xml | 12 +
security-admin/scripts/rolebasedusersearchutil.py | 4 +-
security-admin/scripts/setup.sh | 31 +-
.../scripts/updateUserAndGroupNamesInJson.py | 2 +-
security-admin/scripts/upgrade_admin.py | 3 +
.../org/apache/ranger/AccessAuditsService.java | 13 +
.../cloudwatch/CloudWatchAccessAuditsService.java | 289 ++
.../ranger/amazon/cloudwatch/CloudWatchMgr.java | 78 +
.../ranger/amazon/cloudwatch/CloudWatchUtil.java | 259 ++
.../main/java/org/apache/ranger/biz/AssetMgr.java | 29 +-
.../main/java/org/apache/ranger/biz/BaseMgr.java | 5 +-
.../main/java/org/apache/ranger/biz/KmsKeyMgr.java | 5 +-
.../org/apache/ranger/biz/PolicyRefUpdater.java | 468 ++-
.../java/org/apache/ranger/biz/RangerBizUtil.java | 6 +-
.../org/apache/ranger/biz/RangerPolicyAdmin.java | 7 +-
.../apache/ranger/biz/RangerPolicyAdminCache.java | 130 +-
.../RangerPolicyAdminCacheForEngineOptions.java | 15 +-
.../apache/ranger/biz/RangerPolicyAdminImpl.java | 263 +-
.../apache/ranger/biz/RangerPolicyRetriever.java | 8 +-
.../apache/ranger/biz/RangerTagDBRetriever.java | 8 +-
.../java/org/apache/ranger/biz/RoleDBStore.java | 6 +-
.../java/org/apache/ranger/biz/RoleRefUpdater.java | 389 ++-
.../org/apache/ranger/biz/SecurityZoneDBStore.java | 20 +-
.../java/org/apache/ranger/biz/ServiceDBStore.java | 805 ++---
.../java/org/apache/ranger/biz/ServiceMgr.java | 6 +-
.../java/org/apache/ranger/biz/SessionMgr.java | 5 +-
.../java/org/apache/ranger/biz/TagDBStore.java | 15 +-
.../main/java/org/apache/ranger/biz/UserMgr.java | 168 +-
.../main/java/org/apache/ranger/biz/XAuditMgr.java | 8 +
.../main/java/org/apache/ranger/biz/XUserMgr.java | 328 ++-
.../java/org/apache/ranger/biz/XUserMgrBase.java | 4 +
.../org/apache/ranger/common/PropertiesUtil.java | 13 +-
.../org/apache/ranger/common/RESTErrorUtil.java | 5 +-
.../ranger/common/RangerAdminTagEnricher.java | 6 +-
.../org/apache/ranger/common/RangerConfigUtil.java | 5 +-
.../org/apache/ranger/common/RangerRoleCache.java | 6 +-
.../org/apache/ranger/common/RangerSearchUtil.java | 5 +-
.../ranger/common/RangerServicePoliciesCache.java | 6 +-
.../ranger/common/RangerServiceTagsCache.java | 6 +-
.../apache/ranger/common/RangerUserStoreCache.java | 6 +-
.../org/apache/ranger/common/SearchCriteria.java | 18 +-
.../java/org/apache/ranger/common/SearchUtil.java | 5 +-
.../java/org/apache/ranger/common/SearchValue.java | 5 +-
.../java/org/apache/ranger/common/ServiceUtil.java | 5 +-
.../java/org/apache/ranger/common/StringUtil.java | 5 +-
.../org/apache/ranger/common/TimedExecutor.java | 5 +-
.../java/org/apache/ranger/common/db/BaseDao.java | 5 +-
.../apache/ranger/common/db/JPABeanCallbacks.java | 9 +-
.../RangerTransactionSynchronizationAdapter.java | 17 +-
.../org/apache/ranger/db/RangerDaoManager.java | 5 +-
.../org/apache/ranger/db/XXAccessAuditDao.java | 5 +-
.../apache/ranger/db/XXAccessTypeDefGrantsDao.java | 32 +
.../main/java/org/apache/ranger/db/XXAssetDao.java | 5 +-
.../java/org/apache/ranger/db/XXAuditMapDao.java | 5 +-
.../org/apache/ranger/db/XXGlobalStateDao.java | 5 +-
.../main/java/org/apache/ranger/db/XXGroupDao.java | 15 +
.../org/apache/ranger/db/XXGroupPermissionDao.java | 24 +-
.../java/org/apache/ranger/db/XXGroupUserDao.java | 5 +-
.../java/org/apache/ranger/db/XXPermMapDao.java | 5 +-
.../org/apache/ranger/db/XXPolicyChangeLogDao.java | 14 +-
.../java/org/apache/ranger/db/XXPolicyDao.java | 72 +
.../java/org/apache/ranger/db/XXPortalUserDao.java | 14 +
.../java/org/apache/ranger/db/XXResourceDao.java | 5 +-
.../org/apache/ranger/db/XXSecurityZoneDao.java | 15 +
.../ranger/db/XXSecurityZoneRefServiceDao.java | 21 +
.../ranger/db/XXSecurityZoneRefTagServiceDao.java | 21 +
.../apache/ranger/db/XXServiceVersionInfoDao.java | 6 +-
.../org/apache/ranger/db/XXTagChangeLogDao.java | 6 +-
.../java/org/apache/ranger/db/XXTrxLogDao.java | 5 +-
.../org/apache/ranger/db/XXUgsyncAuditInfoDao.java | 5 +-
.../main/java/org/apache/ranger/db/XXUserDao.java | 18 +-
.../org/apache/ranger/db/XXUserPermissionDao.java | 22 +-
.../ElasticSearchAccessAuditsService.java | 22 +-
.../ranger/elasticsearch/ElasticSearchMgr.java | 7 +-
.../ranger/elasticsearch/ElasticSearchUtil.java | 59 +-
.../java/org/apache/ranger/patch/BaseLoader.java | 5 +-
...ssignSecurityZonePersmissionToAdmin_J10026.java | 5 +-
...PatchAtlasForClassificationResource_J10047.java | 5 +-
...viceDefUpdateForDefaultAuditFilters_J10049.java | 5 +-
...efUpdateForResourceSpecificAccesses_J10012.java | 5 +-
.../patch/PatchForAtlasAdminAudits_J10043.java | 5 +-
...ForAtlasResourceAndAccessTypeUpdate_J10016.java | 5 +-
.../PatchForAtlasServiceDefUpdate_J10013.java | 5 +-
...ToAddEntityLabelAndBusinessMetadata_J10034.java | 5 +-
.../patch/PatchForAtlasToAddTypeRead_J10040.java | 5 +-
.../patch/PatchForDefaultAuidtFilters_J10050.java | 5 +-
.../PatchForHBaseDefaultPolicyUpdate_J10045.java | 8 +-
.../PatchForHBaseServiceDefUpdate_J10035.java | 5 +-
.../patch/PatchForHiveServiceDefUpdate_J10006.java | 5 +-
.../patch/PatchForHiveServiceDefUpdate_J10007.java | 5 +-
.../patch/PatchForHiveServiceDefUpdate_J10009.java | 5 +-
.../patch/PatchForHiveServiceDefUpdate_J10010.java | 5 +-
.../patch/PatchForHiveServiceDefUpdate_J10017.java | 5 +-
.../patch/PatchForHiveServiceDefUpdate_J10027.java | 5 +-
.../patch/PatchForHiveServiceDefUpdate_J10030.java | 5 +-
.../PatchForKafkaServiceDefUpdate_J10015.java | 5 +-
.../PatchForKafkaServiceDefUpdate_J10025.java | 5 +-
.../PatchForKafkaServiceDefUpdate_J10033.java | 5 +-
...atchForMigratingOldRegimePolicyJson_J10046.java | 5 +-
...chForMigratingRangerServiceResource_J10037.java | 5 +-
.../PatchForNifiResourceUpdateExclude_J10011.java | 5 +-
.../PatchForOzoneDefaultPoliciesUpdate_J10044.java | 5 +-
...atchForOzoneServiceDefConfigUpdate_J10051.java} | 87 +-
.../PatchForOzoneServiceDefUpdate_J10041.java | 5 +-
.../PatchForPrestoToSupportPresto333_J10038.java | 5 +-
.../patch/PatchForServiceVersionInfo_J10004.java | 5 +-
.../patch/PatchForSyncSourceUpdate_J10054.java | 139 +
.../patch/PatchForTagServiceDefUpdate_J10008.java | 5 +-
.../patch/PatchForTagServiceDefUpdate_J10028.java | 5 +-
.../patch/PatchForUpdatingPolicyJson_J10019.java | 11 +-
.../patch/PatchForUpdatingTagsJson_J10020.java | 9 +-
.../ranger/patch/PatchForXGlobalState_J10036.java | 5 +-
...chGrantAuditPermissionToKeyRoleUser_J10014.java | 5 +-
.../apache/ranger/patch/PatchMigration_J10002.java | 5 +-
.../patch/PatchPasswordEncryption_J10001.java | 5 +-
.../ranger/patch/PatchPermissionModel_J10003.java | 5 +-
...tchPreSql_057_ForUpdateToUniqueGUID_J10052.java | 160 +
...ForUpdateToUniqueResoureceSignature_J10053.java | 131 +
.../patch/PatchTagModulePermission_J10005.java | 7 +-
.../ranger/patch/cliutil/ChangePasswordUtil.java | 5 +-
.../ranger/patch/cliutil/ChangeUserNameUtil.java | 5 +-
.../patch/cliutil/DbToSolrMigrationUtil.java | 11 +-
.../apache/ranger/patch/cliutil/MetricUtil.java | 8 +-
.../patch/cliutil/RoleBasedUserSearchUtil.java | 5 +-
.../cliutil/UpdateUserAndGroupNamesInJson.java | 11 +-
.../ranger/patch/cliutil/XXTrxLogUpdateUtil.java | 5 +-
.../java/org/apache/ranger/rest/AssetREST.java | 5 +-
.../java/org/apache/ranger/rest/MetricsREST.java | 5 +-
.../java/org/apache/ranger/rest/PublicAPIs.java | 17 +-
.../java/org/apache/ranger/rest/PublicAPIsv2.java | 98 +-
.../main/java/org/apache/ranger/rest/RoleREST.java | 37 +-
.../org/apache/ranger/rest/SecurityZoneREST.java | 60 +-
.../java/org/apache/ranger/rest/ServiceREST.java | 258 +-
.../org/apache/ranger/rest/ServiceRESTUtil.java | 6 +-
.../apache/ranger/rest/ServiceTagsProcessor.java | 8 +-
.../main/java/org/apache/ranger/rest/TagREST.java | 6 +-
.../main/java/org/apache/ranger/rest/UserREST.java | 5 +-
.../main/java/org/apache/ranger/rest/XKeyREST.java | 5 +-
.../java/org/apache/ranger/rest/XUserREST.java | 109 +-
.../context/RangerPreAuthSecurityHandler.java | 5 +-
.../handler/RangerAuthenticationProvider.java | 5 +-
.../handler/RangerDomainObjectSecurityHandler.java | 5 +-
.../security/listener/SpringEventListener.java | 5 +-
.../authentication/RangerAuthFailureHandler.java | 5 +-
.../authentication/RangerAuthSuccessHandler.java | 5 +-
.../RangerAuthenticationEntryPoint.java | 5 +-
.../security/web/filter/MyRememberMeFilter.java | 5 +-
.../web/filter/RangerCSRFPreventionFilter.java | 29 +-
.../web/filter/RangerKRBAuthenticationFilter.java | 63 +-
.../RangerSecurityContextFormationFilter.java | 1 +
...RangerUsernamePasswordAuthenticationFilter.java | 5 +-
.../service/AbstractBaseResourceService.java | 18 +-
.../ranger/service/RangerBaseModelService.java | 10 +-
.../ranger/service/RangerPluginActivityLogger.java | 21 +-
.../ranger/service/RangerPluginInfoService.java | 6 +-
.../ranger/service/RangerPolicyLabelHelper.java | 68 -
.../apache/ranger/service/RangerPolicyService.java | 6 +-
.../ranger/service/RangerPolicyServiceBase.java | 5 +
.../apache/ranger/service/RangerRoleService.java | 6 +-
.../service/RangerSecurityZoneServiceService.java | 6 +-
.../service/RangerServiceDefServiceBase.java | 27 +-
.../service/RangerServiceResourceService.java | 6 +-
.../ranger/service/RangerServiceService.java | 6 +-
.../ranger/service/RangerTransactionService.java | 6 +-
.../org/apache/ranger/service/UserService.java | 5 +-
.../apache/ranger/service/XAccessAuditService.java | 11 +-
.../ranger/service/XGroupPermissionService.java | 52 +-
.../org/apache/ranger/service/XGroupService.java | 14 +-
.../apache/ranger/service/XModuleDefService.java | 90 +-
.../org/apache/ranger/service/XPolicyService.java | 5 +-
.../ranger/service/XUserPermissionService.java | 57 +-
.../org/apache/ranger/service/XUserService.java | 44 +-
.../ranger/service/filter/RangerRESTAPIFilter.java | 5 +-
.../ranger/solr/SolrAccessAuditsService.java | 22 +-
.../main/java/org/apache/ranger/solr/SolrMgr.java | 11 +-
.../main/java/org/apache/ranger/solr/SolrUtil.java | 57 +-
.../org/apache/ranger/solr/krb/KerberosAction.java | 2 +-
.../main/java/org/apache/ranger/util/CLIUtil.java | 29 +-
.../org/apache/ranger/util/RangerEnumUtil.java | 5 +-
.../org/apache/ranger/util/RangerMetricsUtil.java | 5 +-
.../org/apache/ranger/util/RangerRestUtil.java | 5 +-
.../org/apache/ranger/view/VXModulePermission.java | 73 +
.../apache/ranger/view/VXModulePermissionList.java | 72 +
.../org/apache/ranger/view/VXPasswordChange.java | 6 +-
.../main/resources/META-INF/jpa_named_queries.xml | 84 +-
.../conf.dist/ranger-admin-default-site.xml | 4 +
.../main/resources/conf.dist/ranger-admin-site.xml | 12 +
.../conf.dist/security-applicationContext.xml | 3 +-
.../src/main/webapp/WEB-INF/db_patch.log4j.xml | 115 +-
.../src/main/webapp/WEB-INF/log4j.properties | 90 -
security-admin/src/main/webapp/WEB-INF/logback.xml | 108 +
.../libs/bower/underscore/js/underscore-min.js | 5 -
.../webapp/libs/bower/underscore/js/underscore.js | 3068 +++++++++++---------
.../collection_bases/VXModuleDefListBase.js | 6 +-
.../main/webapp/scripts/controllers/Controller.js | 21 +-
.../main/webapp/scripts/controllers/NController.js | 13 +-
.../src/main/webapp/scripts/modules/RestCsrf.js | 12 +-
.../webapp/scripts/modules/globalize/message/en.js | 7 +-
.../src/main/webapp/scripts/utils/XAUtils.js | 110 +-
.../webapp/scripts/views/UploadServicePolicy.js | 85 +-
.../main/webapp/scripts/views/common/ProfileBar.js | 11 +-
.../views/permissions/ModulePermissionForm.js | 74 +-
.../views/permissions/ModulePermsTableLayout.js | 6 +-
.../views/policies/NRangerPolicyTableLayout.js | 22 +-
.../views/policies/RangerPolicyTableLayout.js | 30 +-
.../scripts/views/policymanager/ServiceLayout.js | 68 +-
.../views/policymanager/ServiceLayoutSidebar.js | 93 +-
.../webapp/scripts/views/reports/AuditLayout.js | 49 +-
.../scripts/views/reports/UserAccessLayout.js | 9 +-
.../permissions/ModulePermissionForm_tmpl.html | 18 +-
.../org/apache/ranger/audit/TestAuditQueue.java | 6 +-
.../java/org/apache/ranger/audit/TestConsumer.java | 6 +-
.../AmazonCloudWatchAuditDestinationTest.java | 79 +
.../org/apache/ranger/biz/TestServiceDBStore.java | 149 +-
.../java/org/apache/ranger/biz/TestUserMgr.java | 357 +++
.../java/org/apache/ranger/biz/TestXUserMgr.java | 1259 +++++++-
.../apache/ranger/common/TestTimedExecutor.java | 6 +-
.../ElasticSearchAccessAuditsServiceTest.java | 5 +-
.../org/apache/ranger/rest/TestPublicAPIsv2.java | 68 +-
.../apache/ranger/rest/TestSecurityZoneREST.java | 35 +-
.../org/apache/ranger/rest/TestServiceREST.java | 5 +-
.../web/filter/TestRangerCSRFPreventionFilter.java | 38 +-
.../service/PasswordComparisonAuthenticator.java | 8 +-
.../service/TestRangerPluginActivityLogger.java | 3 +-
.../service/TestRangerPolicyServiceBase.java | 4 +
.../service/TestRangerServiceDefService.java | 10 +
.../service/TestRangerServiceDefServiceBase.java | 15 +-
.../service/TestXGroupPermissionService.java | 5 +-
.../stability-tests/ranger-policy/app.conf | 6 +-
.../stability-tests/ranger-policy/start.sh | 2 +-
storm-agent/conf/ranger-storm-audit-changes.cfg | 6 +
storm-agent/pom.xml | 71 +-
storm-agent/scripts/install.properties | 13 +
.../authorization/storm/StormRangerPlugin.java | 6 +-
.../storm/authorizer/RangerStormAuthorizer.java | 3 +-
.../ranger/services/storm/RangerServiceStorm.java | 6 +-
.../ranger/services/storm/client/StormClient.java | 5 +-
.../services/storm/client/StormConnectionMgr.java | 5 +-
.../services/storm/client/StormResourceMgr.java | 5 +-
tagsync/conf.dist/log4j.properties | 33 -
tagsync/conf.dist/logback.xml | 35 +
tagsync/pom.xml | 80 +-
tagsync/scripts/ranger-tagsync-services.sh | 2 +-
tagsync/scripts/ranger-tagsync-upload.sh | 2 +-
tagsync/scripts/setup.py | 2 +-
.../ranger/tagsync/model/AbstractTagSource.java | 6 +-
.../ranger/tagsync/process/TagSyncConfig.java | 5 +-
.../tagsync/process/TagSyncMetricsProducer.java | 5 +-
.../ranger/tagsync/process/TagSynchronizer.java | 62 +-
.../tagsync/sink/tagadmin/TagAdminRESTSink.java | 6 +-
.../source/atlas/AtlasNotificationMapper.java | 6 +-
.../source/atlas/AtlasOzoneResourceMapper.java | 6 +-
.../tagsync/source/atlas/AtlasResourceMapper.java | 6 +-
.../source/atlas/AtlasResourceMapperUtil.java | 6 +-
.../tagsync/source/atlas/AtlasTagSource.java | 14 +-
.../source/atlas/EntityNotificationWrapper.java | 6 +-
.../source/atlasrest/AtlasRESTTagSource.java | 16 +-
.../ranger/tagsync/source/file/FileTagSource.java | 6 +-
tagsync/src/test/resources/log4j.properties | 35 -
tagsync/src/test/resources/logback.xml | 32 +
ugsync-util/pom.xml | 31 +-
.../ranger/ugsyncutil/model/GroupUserInfo.java | 2 +-
.../model/UsersGroupRoleAssignments.java | 30 +
ugsync/ldapconfigchecktool/ldapconfigcheck/pom.xml | 11 +-
ugsync/pom.xml | 31 +-
.../process/CustomSSLSocketFactory.java | 5 +-
.../ldapusersync/process/LdapUserGroupBuilder.java | 55 +-
.../unixusersync/config/UserGroupSyncConfig.java | 48 +-
.../process/FileSourceUserGroupBuilder.java | 5 +-
.../process/PolicyMgrUserGroupBuilder.java | 276 +-
.../process/RangerUgSyncRESTClient.java | 89 +-
.../unixusersync/process/UnixUserGroupBuilder.java | 5 +-
.../ranger/usergroupsync/AbstractMapper.java | 5 +-
.../usergroupsync/AbstractUserGroupSource.java | 5 +-
.../apache/ranger/usergroupsync/UserGroupSync.java | 5 +-
.../usergroupsync/UserSyncMetricsProducer.java | 5 +-
.../process/TestUnixUserGroupBuilder.java | 4 +-
ugsync/src/test/resources/logback.xml | 32 +
unixauthclient/pom.xml | 26 +-
unixauthpam/pom.xml | 1 +
unixauthservice/conf.dist/log4j.properties | 33 -
unixauthservice/conf.dist/logback.xml | 35 +
unixauthservice/pom.xml | 29 +-
.../scripts/ranger-usersync-services.sh | 2 +-
unixauthservice/scripts/setup.py | 5 +-
.../ranger/authentication/PasswordValidator.java | 5 +-
.../authentication/UnixAuthenticationService.java | 18 +-
.../src/main/resources/log4j.properties | 33 -
unixauthservice/src/main/resources/logback.xml | 35 +
811 files changed, 22339 insertions(+), 8151 deletions(-)
create mode 100644
agents-audit/src/main/java/org/apache/ranger/audit/destination/AmazonCloudWatchAuditDestination.java
delete mode 100644 agents-common/conf/log4j.properties
create mode 100644 agents-common/conf/logback.xml
delete mode 100644
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
create mode 100644
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java
create mode 100644
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java
create mode 100644
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java
create mode 100644
agents-common/src/main/java/org/apache/ranger/plugin/util/MacroProcessor.java
create mode 100644
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java
create mode 100644
agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineUtil.java
create mode 100644
agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java
create mode 100644
agents-common/src/test/java/org/apache/ranger/plugin/util/MacroProcessorTest.java
create mode 100644
agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java
create mode 100644
agents-common/src/test/java/org/apache/ranger/plugin/util/ServiceDefUtilTest.java
delete mode 100644 agents-common/src/test/resources/log4j.xml
create mode 100644 agents-common/src/test/resources/logback.xml
create mode 100644
agents-common/src/test/resources/policyengine/test_policyengine_descendant_tags_deny.json
create mode 100644
agents-common/src/test/resources/policyengine/test_policyengine_resource_with_req_expressions.json
create mode 100644
agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_quoted.json
create mode 100644 agents-cred/src/test/resources/logback.xml
delete mode 100644 dev-support/findbugsIncludeFile.xml
create mode 100644 dev-support/ranger-docker/Dockerfile.ranger-knox
create mode 100644 dev-support/ranger-docker/Dockerfile.ranger-tagsync
create mode 100644 dev-support/ranger-docker/Dockerfile.ranger-usersync
copy dev-support/ranger-docker/{docker-compose.ranger-kafka.yml =>
docker-compose.ranger-knox.yml} (57%)
copy dev-support/ranger-docker/{docker-compose.ranger-kafka.yml =>
docker-compose.ranger-tagsync.yml} (52%)
copy dev-support/ranger-docker/{docker-compose.ranger-kafka.yml =>
docker-compose.ranger-usersync.yml} (52%)
create mode 100644 dev-support/ranger-docker/scripts/create-ranger-services.py
delete mode 100644
dev-support/ranger-docker/scripts/ranger-hbase-service-dev_hbase.py
delete mode 100644
dev-support/ranger-docker/scripts/ranger-hdfs-service-dev_hdfs.py
delete mode 100644
dev-support/ranger-docker/scripts/ranger-hive-service-dev_hive.py
delete mode 100644
dev-support/ranger-docker/scripts/ranger-kafka-service-dev_kafka.py
rename intg/src/main/resources/log4j.properties =>
dev-support/ranger-docker/scripts/ranger-knox-expect.sh (66%)
copy dev-support/ranger-docker/scripts/{ranger-hdfs-plugin-install.properties
=> ranger-knox-plugin-install.properties} (83%)
create mode 100644 dev-support/ranger-docker/scripts/ranger-knox-sandbox.xml
rename ranger-examples/sample-client/src/main/resources/log4j.properties =>
dev-support/ranger-docker/scripts/ranger-knox-setup.sh (66%)
mode change 100644 => 100755
copy plugin-presto/src/test/resources/log4j.properties =>
dev-support/ranger-docker/scripts/ranger-knox.sh (52%)
mode change 100644 => 100755
create mode 100644
dev-support/ranger-docker/scripts/ranger-tagsync-install.properties
create mode 100644 dev-support/ranger-docker/scripts/ranger-tagsync-tags.json
rename plugin-kafka/src/test/resources/log4j.properties =>
dev-support/ranger-docker/scripts/ranger-tagsync.sh (56%)
mode change 100644 => 100755
create mode 100644
dev-support/ranger-docker/scripts/ranger-usersync-install.properties
rename plugin-presto/src/test/resources/log4j.properties =>
dev-support/ranger-docker/scripts/ranger-usersync.sh (57%)
mode change 100644 => 100755
delete mode 100644
dev-support/ranger-docker/scripts/ranger-yarn-service-dev_yarn.py
create mode 100644 dev-support/spotbugsIncludeFile.xml
delete mode 100644 hbase-agent/src/test/resources/log4j.properties
create mode 100644 hbase-agent/src/test/resources/logback.xml
delete mode 100644 hdfs-agent/src/test/resources/log4j.properties
create mode 100644 hdfs-agent/src/test/resources/logback.xml
delete mode 100644 hive-agent/src/test/resources/log4j.properties
create mode 100644 hive-agent/src/test/resources/logback.xml
create mode 100644 intg/src/main/resources/logback.xml
delete mode 100644 kms/config/kms-webapp/kms-log4j.properties
create mode 100644 kms/config/kms-webapp/kms-logback.xml
create mode 100644 kms/scripts/MigrateMKeyStorageDbToGCP.sh
create mode 100644
kms/src/main/java/org/apache/hadoop/crypto/key/MigrateDBMKeyToGCP.java
rename
kms/src/main/java/org/apache/hadoop/crypto/key/{RangerKeyVaultKeyGenerator.java
=> RangerAzureKeyVaultKeyGenerator.java} (61%)
create mode 100644
kms/src/main/java/org/apache/hadoop/crypto/key/RangerGoogleCloudHSMProvider.java
create mode 100644
kms/src/main/java/org/apache/hadoop/crypto/key/RangerTencentKMSProvider.java
create mode 100644 kms/src/main/resources/META-INF/context.xml
delete mode 100644 kms/src/main/resources/log4j.properties
create mode 100644 kms/src/main/resources/logback.xml
create mode 100644 kms/src/test/resources/logback.xml
delete mode 100644 knox-agent/src/test/resources/log4j.properties
create mode 100644 knox-agent/src/test/resources/logback.xml
delete mode 100644 plugin-atlas/src/test/resource/log4j.properties
create mode 100644 plugin-atlas/src/test/resource/logback.xml
create mode 100644 plugin-kafka/src/test/resources/logback.xml
delete mode 100755 plugin-kms/src/test/resources/kms/kms-log4j.properties
create mode 100644 plugin-kms/src/test/resources/kms/logback.xml
delete mode 100644 plugin-kylin/src/test/resources/log4j.properties
create mode 100644 plugin-kylin/src/test/resources/logback.xml
create mode 100644 plugin-nifi-registry/src/test/resources/logback.xml
create mode 100644 plugin-nifi/src/test/resources/logback.xml
create mode 100644 plugin-presto/src/test/resources/logback.xml
create mode 100644 plugin-schema-registry/src/test/resources/logback.xml
delete mode 100644 plugin-sqoop/src/test/resources/log4j.properties
create mode 100644 plugin-sqoop/src/test/resources/logback.xml
create mode 100644
ranger-examples/conditions-enrichers/src/test/resources/logback.xml
create mode 100644 ranger-examples/sample-client/src/main/resources/logback.xml
delete mode 100644 ranger-tools/conf/log4j.properties
create mode 100644 ranger-tools/conf/logback.xml
create mode 100755 ranger-tools/scripts/create_requests.py
rename agents-cred/src/test/resources/log4j.properties =>
ranger-tools/scripts/create_tags_file.sh (57%)
mode change 100644 => 100755
create mode 100755 ranger-tools/scripts/gen_service_policies.sh
copy ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractMapper.java
=>
ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestConfiguration.java
(66%)
delete mode 100644 ranger-tools/src/test/resources/log4j.properties
create mode 100644 ranger-tools/src/test/resources/logback.xml
create mode 100644
security-admin/db/mysql/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
create mode 100644
security-admin/db/mysql/patches/058-add-unique-constraint-on-x_policy-table-service-resourcesign-column.sql
create mode 100644
security-admin/db/oracle/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
create mode 100644
security-admin/db/oracle/patches/058-add-unique-constraint-on-x_policy-table-service-resourcesign-column.sql
create mode 100644
security-admin/db/postgres/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
create mode 100644
security-admin/db/postgres/patches/058-add-unique-constraint-on-x_policy-table-service-resourcesign-column.sql
create mode 100644
security-admin/db/sqlanywhere/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
create mode 100644
security-admin/db/sqlanywhere/patches/058-add-unique-constraint-on-x_policy-table-service-resourcesign-column.sql
create mode 100644
security-admin/db/sqlserver/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
create mode 100644
security-admin/db/sqlserver/patches/058-add-unique-constraint-on-x_policy-table-service-resourcesign-column.sql
create mode 100644
security-admin/src/main/java/org/apache/ranger/amazon/cloudwatch/CloudWatchAccessAuditsService.java
create mode 100644
security-admin/src/main/java/org/apache/ranger/amazon/cloudwatch/CloudWatchMgr.java
create mode 100644
security-admin/src/main/java/org/apache/ranger/amazon/cloudwatch/CloudWatchUtil.java
copy
security-admin/src/main/java/org/apache/ranger/patch/{PatchForHiveServiceDefUpdate_J10027.java
=> PatchForOzoneServiceDefConfigUpdate_J10051.java} (66%)
create mode 100644
security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java
create mode 100644
security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java
create mode 100644
security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053.java
delete mode 100644
security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelHelper.java
create mode 100644
security-admin/src/main/java/org/apache/ranger/view/VXModulePermission.java
create mode 100644
security-admin/src/main/java/org/apache/ranger/view/VXModulePermissionList.java
delete mode 100644 security-admin/src/main/webapp/WEB-INF/log4j.properties
create mode 100644 security-admin/src/main/webapp/WEB-INF/logback.xml
delete mode 100644
security-admin/src/main/webapp/libs/bower/underscore/js/underscore-min.js
create mode 100644
security-admin/src/test/java/org/apache/ranger/audit/destination/AmazonCloudWatchAuditDestinationTest.java
delete mode 100644 tagsync/conf.dist/log4j.properties
create mode 100644 tagsync/conf.dist/logback.xml
delete mode 100644 tagsync/src/test/resources/log4j.properties
create mode 100644 tagsync/src/test/resources/logback.xml
create mode 100644 ugsync/src/test/resources/logback.xml
delete mode 100644 unixauthservice/conf.dist/log4j.properties
create mode 100644 unixauthservice/conf.dist/logback.xml
delete mode 100644 unixauthservice/src/main/resources/log4j.properties
create mode 100644 unixauthservice/src/main/resources/logback.xml