+1 for Apache Ranger 2.3.0-rc3
- verified signature
- verified 2.3.0-rc3 builds successfully
- installed Ranger with Postgres database; verified startup of
admin/usersync/tagsync services
- added new users and groups; updated user-group association; verified that
usersync picked up these users and groups
- created services, policies, security zones
- sanity testing of HDFS/Hive/HBase/Kafka/YARN plugins
- verified tag-based policies and {OWNER} macro in Hive
- verified audit logs from plugins, audit-filters
Thank you, Ramesh for putting this release together.
Go Rangers!
Madhan
On 6/25/22, 12:00 AM, "Ramesh Mani" <rm...@apache.org> wrote:
Dear Rangers,
Apache Ranger 2.3.0 release candidate #3 is now available for a vote within
the dev community. Links to the release artifacts are given below. Please
review and vote.
The vote will be open for at least 72 hours or until necessary votes are
reached.
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
Thanks,
Ramesh
List of all issues / improvements addressed in this release:
https://issues.apache.org/jira/issues/?jql=project=RANGER AND
status=Resolved AND fixVersion=2.3.0 ORDER BY key DESC
Git tag for the release:
https://github.com/apache/ranger/tree/release-2.3.0-rc3
Sources for the release:
https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc3/apache-ranger-2.3.0.tar.gz
Source release verification:
PGP Signature:
https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc3/apache-ranger-2.3.0.tar.gz.asc
SHA256 Hash:
https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc3/apache-ranger-2.3.0.tar.gz.sha256
SHA512 Hash:
https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc3/apache-ranger-2.3.0.tar.gz.sha512
Keys to verify the signature of the release artifacts are available at:
https://dist.apache.org/repos/dist/release/ranger/KEYS
New features/enhancements:
RANGER-2846 Add support for resource[volume, bucket, key] look up in ozone
plugin
RANGER-2967 Add support for Amazon CloudWatch Logs as an Audit Store
RANGER-3023 Permission tab takes longer time to load with large number of
users and group_users data
RANGER-3030 Replace Findbugs with Spotbugs maven plugin
RANGER-3182 Prestosql is renamed to Trino
RANGER-3221 Improve logging in Presto plugin
RANGER-3276 Remove duplicate code from buildks.java
RANGER-3290 ArrayIndexOutOfBoundsException if solr is down
RANGER-3299 Upgrading the bouncycastle version for bcprov-jdk15on
RANGER-3298 Add coarse URI check for Hive Agent
RANGER-3389 Swagger UI Support for Ranger REST API
RANGER-3435 Add unique index on guid, service and zone_id column of
x_policy table
RANGER-3439 Add rest api to get or delete ranger policy based on guid
RANGER-3455 [Logout-Ranger] Should either be disabled/ should redirect to
knox logout page
RANGER-3459 Upgrade Ranger's Kafka dependency to 2.8
RANGER-3475 Promote TagRest endpoints to /public/v2
RANGER-3487 Update underscore js with latest version.
RANGER-3493 Add unique index on service and resource_signature column of
x_policy table
RANGER-3498 RANGER : Remove log4j1 dependencies.
RANGER-3504 Create framework to execute DB patch dependent on Java patch.
RANGER-3510 Ranger upgrade spring framework version to 5.3.12
RANGER-3511 Create Java patch to update policy resource-signature to unique
value.
RANGER-3512 Create Java patch to update policy guid to unique value.
RANGER-3515 Enhance Ranger Java client SSL config to be configured using
serviceType and AppId
RANGER-3518 Limit the query size stored in Audit logs
RANGER-3521 Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797
RANGER-3526 policy evaluation ordering to use name as secondary sorting key
RANGER-3533 Provide sorting on columns throughout the audits result set and
policy listing page.
RANGER-3538 Reduce the granularity of locking when building/retrieving a
policy-engine within Ranger admin service
RANGER-3539 Add jacoco-maven-plugin for code coverage
RANGER-3540 Add support to read audit logs from Amazon CloudWatch
RANGER-3545 Remove Logger Checks for Info Enabled
RANGER-3548 Update performance engine test scripts
RANGER-3550 support for using user/tag attributes in row-filter expressions
and conditions
RANGER-3551 Analyze & optimize module permissions related API
RANGER-3553 Unit test coverage for XUserMgr and UserMgr class
RANGER-3556 Ranger tagsync logs unnecessary messages
RANGER-3561 Upgrade Storm version to 1.2.4
RANGER-3562 Redesign post commit tasks for updating ref-tables when
policy/role is updated
RANGER-3565 RangerRESTClient to support retry
RANGER-3567 support for use of user attributes in policy resources
RANGER-3569 Support Ranger KMS integration with Google cloud HSM
RANGER-3573 Add vim in docker base image
RANGER-3577 RANGER : Upgrade POI version to 5.1.0
RANGER-3578 Simplify code for policy label creation
RANGER-3580 Support Ranger KMS integration with TencentKMS
RANGER-3585 Docker setup to run Ranger usersync and tagsync
RANGER-3586 Script condition expression to support csv of group/tag
attributes
RANGER-3595 Tar of KMS contains rubbish files
RANGER-3597 User role should not be able to modify the Policy
RANGER-3600 Ranger service tags import request failure
RANGER-3603 HDFS audit files rollover improvement to trigger rollover in
monitoring thread
RANGER-3605 Support macros in row-filter/condition expressions
RANGER-3606 remove unnecessary static members from plugin class loaders
RANGER-3609 option to add user group enricher automatically based on
references in policies
RANGER-3620 Ranger - Upgrade tomcat to 8.5.75
RANGER-3621 Optimise Tag/Policy iterator
RANGER-3624 Update Ranger services Password Policy
RANGER-3628 Support fine grain authorization for different solr objects
RANGER-3629 RANGER - Handle solr permissions during upgrade
RANGER-3630 Support wildcards, group short names, and list of memberof
attribute DNs for computing user search filter
RANGER-3632 Improve ranger logs, RENAME_ON_ROTATE and others
RANGER-3634 Remove duplicate entries from usersync distribution file
RANGER-3646 LOG.debug print content error
RANGER-3647 Connection to DB fails for MySQL version above 8.0
RANGER-3649 Represent the Solr admin object types on the Ranger UI
RANGER-3651 Remove jersey 1.x version dependency for knox plugin
RANGER-3653 Replace aws java sdk bom dependencies with bundled dependencies
RANGER-3658 Docker: Ranger containers to run as user=ranger
RANGER-3659 Ranger Admin goes to OOM when usersync is trying to delete
existing group mappings from ranger DB
RANGER-3660 [Ranger Admin UI] Improvements in tooltip hints for better user
experience
RANGER-3662 There should be a pause button for error popup
RANGER-3665 "No Data Found !!" messages in Ranger admin UI alarm users
RANGER-3666 Ranger UI improvement - Add warning popup if auto-complete for
resource lookup is failing in Edit policy page
RANGER-3667 Improve feedback in policy creation UI when resource does not
exist
RANGER-3669 Connection to DB fails for MySQL version above 8.0
RANGER-3672 Show better error messages during failed logins
RANGER-3673 Need to enable cipher configuration for Usersync
RANGER-3675 Upgrade tomcat due to intermittent READ TIMEOUT
RANGER-3686 Docker setup to run Ranger with MySQL database
RANGER-3687 Password Policy Best Practices for Strong Security
RANGER-3689 Ranger : ranger-2.3 Port missing commits.
RANGER-3693 Ranger - Upgrade tomcat to 8.5.78
RANGER-3698 Ranger - Upgrade kylin to 3.1.3
RANGER-3699 Ranger - Upgrade poi to 5.2.1+
RANGER-3704 remove semicolon from c3P0 preferredTestQuery
RANGER-3725 Update atlas default audit filter to filter Atlas entity-read
events by Nifi user.
RANGER-3736 Update RangerChainedPlugin to support masking and row-filtering
RANGER-3738 Restructure ranger Dockerfile to use multi-stage builds
RANGER-3743 Add isDenyAllElse mapping to addCustomRangerDefaultPolicies
method
RANGER-3744 Produces annotation ordering should be consistent: json, xml
RANGER-3764:conditions to support macros IS_IN_GROUP, IS_IN_ROLE, HAS_TAG
RANGER-3768 RangerBasePlugin configuration to optionally disable userstore
refresher
RANGER-3779:Conditions enhancement to support macros IS_IN_ANY_GROUP,
IS_IN_ANY_ROLE, HAS_TAGS
