You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Selvamohan Neethiraj <sn...@apache.org> on 2023/03/23 22:44:33 UTC
[VOTE] Apache Ranger 2.4.0 Release - rc1
Rangers:
As a critical HBase Plugin issue was identified in the earlier release candidate, I am posting another release candidate (rc1) details below for VOTE.
Apache Ranger 2.4.0 release candidate #1 is now available for a vote within the dev community. Links to the release artifacts are given below. Please review and vote.
The vote will be open for at least 72 hours or until necessary votes are reached.
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
Thanks,
Selva-
Ranger PMC
List of issues / improvements addressed in this release: click-here <https://issues.apache.org/jira/issues/?jql=project%3DRANGER%20and%20fixVersion%20%20%3D%202.4.0%20and%20status%20%3D%20Resolved%20ORDER%20BY%20key%20desc>
Git tag for the release: https://github.com/apache/ranger/tree/release-2.4.0-rc1
Sources for the release: https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz
Source release verification:
PGP Signature: https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.asc
SHA256 Hash: https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.sha256
SHA512 Hash: https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.sha512
Keys to verify the signature: https://dist.apache.org/repos/dist/release/ranger/KEYS
New features/enhancements:
Issue Type
Issue key
Summary
Improvement
RANGER-4117
service-def option to include expression condition implictly
Improvement
RANGER-4114
Consistent use of plugin property prefix in context enrichers
Improvement
RANGER-4107
Upgrade EclipseLink
Improvement
RANGER-4101
Java client update to add missing security-zone APIs
Improvement
RANGER-4100
Efficient computation of the smallest set of evaluators returned by search of multiple Trie trees
Improvement
RANGER-4083
Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception
Improvement
RANGER-4080
Python client update to add missing security-zone APIs
Improvement
RANGER-4071
Support for LDAP/AD usernames and group names with special chars
New Feature
RANGER-4028
Ranger - Upgrade bootbox.js.
Improvement
RANGER-4024
Adding requestId as part of Ranger logs via RangerMDCFilter when the request header contains request-Id
Improvement
RANGER-4012
getPolicyByName searches policy by serviceName, policyName simply by traverse all policies in RangerServicePoliciesCache instead of DB
Improvement
RANGER-4011
option to disable creation of default policies per hierarchy
Improvement
RANGER-4004
During the service deletion also, we can clear the in-memory cache for that service which got deleted on the ranger side
Improvement
RANGER-3997
option to use default value when user/group/tag does not have the attribute
Improvement
RANGER-3986
Upgrade trino guice dependency to 5.1.0
Improvement
RANGER-3983
Support getColumnMasks and getRowFilters in Trino SPI 376+
Improvement
RANGER-3982
Python client for Ranger KMS REST APIs
Improvement
RANGER-3978
Docker setup to run Ranger KMS
New Feature
RANGER-3971
Upgrade HBASE version to 2.4.6
Improvement
RANGER-3955
optimization to reduce duplicate strings
Improvement
RANGER-3951
optimize memory used for tags in plugins and server
Improvement
RANGER-3948
update serialization to skip empty values
Improvement
RANGER-3940
Add javascript includes(), intersects() polyfills for array prototype to RangerCommonConstants
Improvement
RANGER-3934
improve tag cache handling to reduce resource usage
Improvement
RANGER-3910
API Documentation is broken for knox sso
Improvement
RANGER-3903
Improvement in RangerPolicyDeltaUtil--> applyDeltas method
Improvement
RANGER-3902
dbLoadTime is not added correctly in RangerServicePoliciesCache
Improvement
RANGER-3900
Roles deletion Takes time in Apache Ranger when there are more users,groups,roles
Improvement
RANGER-3865
support for using user attributes in masking expressions
Improvement
RANGER-3856
Ranger admin client option to work with non-kerberized server
New Feature
RANGER-3855
RangerExternalUserStoreRetriever class
New Feature
RANGER-3852
Performance and scalability analyzer tool for Ranger
Improvement
RANGER-3837
Allow Ranger non-admins to get, create, edit and delete roles
New Feature
RANGER-3828
Fine-grained Access Control over nested structures
Improvement
RANGER-3822
RangerService outputs password information in plaintext
Improvement
RANGER-3818
Upgrade Solr to 8.11.2
Improvement
RANGER-3796
Enhancement to support multiple resource sets in a policy
Improvement
RANGER-3794
Improve performance of delete users/groups utility
Improvement
RANGER-3787
Non-daemon threads started by ElasticSearchAuditDestination cause Spark application hanging
Improvement
RANGER-3767
Add text message in HDFS and YARN policy pages to highlight the fallback ACL option
Improvement
RANGER-3763
The max limit of the requested entities is not configurable in tagsync
Improvement
RANGER-3633
Remove eclipse .project file from git
Improvement
RANGER-3623
Add ability to enable anonymous download of policy/role/tag
Improvement
RANGER-3534
Review of RangerHiveAuditHandler
Improvement
RANGER-3165
Upgrade Elasticsearch version in Ranger to Elasticsearch 7.10.2
Improvement
RANGER-2928
[Ranger Zone REST API] Resources data is missing in XML format
Re: [VOTE] Apache Ranger 2.4.0 Release - rc1
Posted by Selvamohan Neethiraj <sn...@apache.org>.
Due to the issues posted here, I am cancelling VOTE for the Ranger 2.4.0
Release candidate #1.
Thanks,
Selva-
On 3/24/23 1:16 PM, Madhan Neethiraj wrote:
> Selva,
>
> Thank you for Apache Ranger 2.4.0 rc1.
>
> - verified signature
> - verified 2.4.0-rc1 builds successfully
> - installed Ranger with Postgres database; verified startup of admin/usersync/tagsync services
> - created services, policies, security zones
> - sanity testing of HDFS/Hive/HBase/Kafka/YARN plugins
> - verified tag-based policies and {OWNER} macro in Hive
> - verified audit logs from plugins, audit-filters
>
> Found following issues:
> - usersync and tagsync services don't generate log files, due to missing logback libraries in deployment
> - users sent by usersync module are ignored by Ranger admin, due to a regression introduced in RANGER-4055
>
> I filed RANGER-4154 to track above issues; fix is in review. This fix needs to be included in 2.4.0 release.
>
> Thanks,
> Madhan
>
>
>
>
> On 3/23/23, 3:44 PM, "Selvamohan Neethiraj" <sneethir@apache.org <ma...@apache.org>> wrote:
>
>
> Rangers:
> As a critical HBase Plugin issue was identified in the earlier release candidate, I am posting another release candidate (rc1) details below for VOTE.
>
>
> Apache Ranger 2.4.0 release candidate #1 is now available for a vote within the dev community. Links to the release artifacts are given below. Please review and vote.
>
>
> The vote will be open for at least 72 hours or until necessary votes are reached.
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
>
>
> Thanks,
> Selva-
> Ranger PMC
> List of issues / improvements addressed in this release: click-here<https://issues.apache.org/jira/issues/?jql=project%3DRANGER%20and%20fixVersion%20%20%3D%202.4.0%20and%20status%20%3D%20Resolved%20ORDER%20BY%20key%20desc> <https://issues.apache.org/jira/issues/?jql=project%3DRANGER%20and%20fixVersion%20%20%3D%202.4.0%20and%20status%20%3D%20Resolved%20ORDER%20BY%20key%20desc>>
> Git tag for the release:https://github.com/apache/ranger/tree/release-2.4.0-rc1 <https://github.com/apache/ranger/tree/release-2.4.0-rc1>
> Sources for the release:https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz <https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz>
> Source release verification:
>
>
> PGP Signature:https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.asc <https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.asc>
>
>
> SHA256 Hash:https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.sha256 <https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.sha256>
>
>
> SHA512 Hash:https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.sha512 <https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.sha512>
>
>
> Keys to verify the signature:https://dist.apache.org/repos/dist/release/ranger/KEYS <https://dist.apache.org/repos/dist/release/ranger/KEYS>
>
>
> New features/enhancements:
>
>
> Issue Type
> Issue key
> Summary
> Improvement
> RANGER-4117
> service-def option to include expression condition implictly
> Improvement
> RANGER-4114
> Consistent use of plugin property prefix in context enrichers
> Improvement
> RANGER-4107
> Upgrade EclipseLink
> Improvement
> RANGER-4101
> Java client update to add missing security-zone APIs
> Improvement
> RANGER-4100
> Efficient computation of the smallest set of evaluators returned by search of multiple Trie trees
> Improvement
> RANGER-4083
> Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception
> Improvement
> RANGER-4080
> Python client update to add missing security-zone APIs
> Improvement
> RANGER-4071
> Support for LDAP/AD usernames and group names with special chars
> New Feature
> RANGER-4028
> Ranger - Upgrade bootbox.js.
> Improvement
> RANGER-4024
> Adding requestId as part of Ranger logs via RangerMDCFilter when the request header contains request-Id
> Improvement
> RANGER-4012
> getPolicyByName searches policy by serviceName, policyName simply by traverse all policies in RangerServicePoliciesCache instead of DB
> Improvement
> RANGER-4011
> option to disable creation of default policies per hierarchy
> Improvement
> RANGER-4004
> During the service deletion also, we can clear the in-memory cache for that service which got deleted on the ranger side
> Improvement
> RANGER-3997
> option to use default value when user/group/tag does not have the attribute
> Improvement
> RANGER-3986
> Upgrade trino guice dependency to 5.1.0
> Improvement
> RANGER-3983
> Support getColumnMasks and getRowFilters in Trino SPI 376+
> Improvement
> RANGER-3982
> Python client for Ranger KMS REST APIs
> Improvement
> RANGER-3978
> Docker setup to run Ranger KMS
> New Feature
> RANGER-3971
> Upgrade HBASE version to 2.4.6
> Improvement
> RANGER-3955
> optimization to reduce duplicate strings
> Improvement
> RANGER-3951
> optimize memory used for tags in plugins and server
> Improvement
> RANGER-3948
> update serialization to skip empty values
> Improvement
> RANGER-3940
> Add javascript includes(), intersects() polyfills for array prototype to RangerCommonConstants
> Improvement
> RANGER-3934
> improve tag cache handling to reduce resource usage
> Improvement
> RANGER-3910
> API Documentation is broken for knox sso
> Improvement
> RANGER-3903
> Improvement in RangerPolicyDeltaUtil--> applyDeltas method
> Improvement
> RANGER-3902
> dbLoadTime is not added correctly in RangerServicePoliciesCache
> Improvement
> RANGER-3900
> Roles deletion Takes time in Apache Ranger when there are more users,groups,roles
> Improvement
> RANGER-3865
> support for using user attributes in masking expressions
> Improvement
> RANGER-3856
> Ranger admin client option to work with non-kerberized server
> New Feature
> RANGER-3855
> RangerExternalUserStoreRetriever class
> New Feature
> RANGER-3852
> Performance and scalability analyzer tool for Ranger
> Improvement
> RANGER-3837
> Allow Ranger non-admins to get, create, edit and delete roles
> New Feature
> RANGER-3828
> Fine-grained Access Control over nested structures
> Improvement
> RANGER-3822
> RangerService outputs password information in plaintext
> Improvement
> RANGER-3818
> Upgrade Solr to 8.11.2
> Improvement
> RANGER-3796
> Enhancement to support multiple resource sets in a policy
> Improvement
> RANGER-3794
> Improve performance of delete users/groups utility
> Improvement
> RANGER-3787
> Non-daemon threads started by ElasticSearchAuditDestination cause Spark application hanging
> Improvement
> RANGER-3767
> Add text message in HDFS and YARN policy pages to highlight the fallback ACL option
> Improvement
> RANGER-3763
> The max limit of the requested entities is not configurable in tagsync
> Improvement
> RANGER-3633
> Remove eclipse .project file from git
> Improvement
> RANGER-3623
> Add ability to enable anonymous download of policy/role/tag
> Improvement
> RANGER-3534
> Review of RangerHiveAuditHandler
> Improvement
> RANGER-3165
> Upgrade Elasticsearch version in Ranger to Elasticsearch 7.10.2
> Improvement
> RANGER-2928
> [Ranger Zone REST API] Resources data is missing in XML format
>
>
Re: [VOTE] Apache Ranger 2.4.0 Release - rc1
Posted by Madhan Neethiraj <ma...@apache.org>.
Selva,
Thank you for Apache Ranger 2.4.0 rc1.
- verified signature
- verified 2.4.0-rc1 builds successfully
- installed Ranger with Postgres database; verified startup of admin/usersync/tagsync services
- created services, policies, security zones
- sanity testing of HDFS/Hive/HBase/Kafka/YARN plugins
- verified tag-based policies and {OWNER} macro in Hive
- verified audit logs from plugins, audit-filters
Found following issues:
- usersync and tagsync services don't generate log files, due to missing logback libraries in deployment
- users sent by usersync module are ignored by Ranger admin, due to a regression introduced in RANGER-4055
I filed RANGER-4154 to track above issues; fix is in review. This fix needs to be included in 2.4.0 release.
Thanks,
Madhan
On 3/23/23, 3:44 PM, "Selvamohan Neethiraj" <sneethir@apache.org <ma...@apache.org>> wrote:
Rangers:
As a critical HBase Plugin issue was identified in the earlier release candidate, I am posting another release candidate (rc1) details below for VOTE.
Apache Ranger 2.4.0 release candidate #1 is now available for a vote within the dev community. Links to the release artifacts are given below. Please review and vote.
The vote will be open for at least 72 hours or until necessary votes are reached.
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
Thanks,
Selva-
Ranger PMC
List of issues / improvements addressed in this release: click-here <https://issues.apache.org/jira/issues/?jql=project%3DRANGER%20and%20fixVersion%20%20%3D%202.4.0%20and%20status%20%3D%20Resolved%20ORDER%20BY%20key%20desc> <https://issues.apache.org/jira/issues/?jql=project%3DRANGER%20and%20fixVersion%20%20%3D%202.4.0%20and%20status%20%3D%20Resolved%20ORDER%20BY%20key%20desc>>
Git tag for the release: https://github.com/apache/ranger/tree/release-2.4.0-rc1 <https://github.com/apache/ranger/tree/release-2.4.0-rc1>
Sources for the release: https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz <https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz>
Source release verification:
PGP Signature: https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.asc <https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.asc>
SHA256 Hash: https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.sha256 <https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.sha256>
SHA512 Hash: https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.sha512 <https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc1/apache-ranger-2.4.0.tar.gz.sha512>
Keys to verify the signature: https://dist.apache.org/repos/dist/release/ranger/KEYS <https://dist.apache.org/repos/dist/release/ranger/KEYS>
New features/enhancements:
Issue Type
Issue key
Summary
Improvement
RANGER-4117
service-def option to include expression condition implictly
Improvement
RANGER-4114
Consistent use of plugin property prefix in context enrichers
Improvement
RANGER-4107
Upgrade EclipseLink
Improvement
RANGER-4101
Java client update to add missing security-zone APIs
Improvement
RANGER-4100
Efficient computation of the smallest set of evaluators returned by search of multiple Trie trees
Improvement
RANGER-4083
Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception
Improvement
RANGER-4080
Python client update to add missing security-zone APIs
Improvement
RANGER-4071
Support for LDAP/AD usernames and group names with special chars
New Feature
RANGER-4028
Ranger - Upgrade bootbox.js.
Improvement
RANGER-4024
Adding requestId as part of Ranger logs via RangerMDCFilter when the request header contains request-Id
Improvement
RANGER-4012
getPolicyByName searches policy by serviceName, policyName simply by traverse all policies in RangerServicePoliciesCache instead of DB
Improvement
RANGER-4011
option to disable creation of default policies per hierarchy
Improvement
RANGER-4004
During the service deletion also, we can clear the in-memory cache for that service which got deleted on the ranger side
Improvement
RANGER-3997
option to use default value when user/group/tag does not have the attribute
Improvement
RANGER-3986
Upgrade trino guice dependency to 5.1.0
Improvement
RANGER-3983
Support getColumnMasks and getRowFilters in Trino SPI 376+
Improvement
RANGER-3982
Python client for Ranger KMS REST APIs
Improvement
RANGER-3978
Docker setup to run Ranger KMS
New Feature
RANGER-3971
Upgrade HBASE version to 2.4.6
Improvement
RANGER-3955
optimization to reduce duplicate strings
Improvement
RANGER-3951
optimize memory used for tags in plugins and server
Improvement
RANGER-3948
update serialization to skip empty values
Improvement
RANGER-3940
Add javascript includes(), intersects() polyfills for array prototype to RangerCommonConstants
Improvement
RANGER-3934
improve tag cache handling to reduce resource usage
Improvement
RANGER-3910
API Documentation is broken for knox sso
Improvement
RANGER-3903
Improvement in RangerPolicyDeltaUtil--> applyDeltas method
Improvement
RANGER-3902
dbLoadTime is not added correctly in RangerServicePoliciesCache
Improvement
RANGER-3900
Roles deletion Takes time in Apache Ranger when there are more users,groups,roles
Improvement
RANGER-3865
support for using user attributes in masking expressions
Improvement
RANGER-3856
Ranger admin client option to work with non-kerberized server
New Feature
RANGER-3855
RangerExternalUserStoreRetriever class
New Feature
RANGER-3852
Performance and scalability analyzer tool for Ranger
Improvement
RANGER-3837
Allow Ranger non-admins to get, create, edit and delete roles
New Feature
RANGER-3828
Fine-grained Access Control over nested structures
Improvement
RANGER-3822
RangerService outputs password information in plaintext
Improvement
RANGER-3818
Upgrade Solr to 8.11.2
Improvement
RANGER-3796
Enhancement to support multiple resource sets in a policy
Improvement
RANGER-3794
Improve performance of delete users/groups utility
Improvement
RANGER-3787
Non-daemon threads started by ElasticSearchAuditDestination cause Spark application hanging
Improvement
RANGER-3767
Add text message in HDFS and YARN policy pages to highlight the fallback ACL option
Improvement
RANGER-3763
The max limit of the requested entities is not configurable in tagsync
Improvement
RANGER-3633
Remove eclipse .project file from git
Improvement
RANGER-3623
Add ability to enable anonymous download of policy/role/tag
Improvement
RANGER-3534
Review of RangerHiveAuditHandler
Improvement
RANGER-3165
Upgrade Elasticsearch version in Ranger to Elasticsearch 7.10.2
Improvement
RANGER-2928
[Ranger Zone REST API] Resources data is missing in XML format