[HAWQ-256] Integrate Security with Apache Ranger - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: In Progress
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: backlog
Component/s: Security
Labels:
None

Description

Integrate security with Apache Ranger for a unified Hadoop security solution.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HAWQRangerSupportDesign.pdf
28/Jul/16 06:49
186 kB
Lili Ma
HAWQRangerSupportDesign_v0.3.pdf
18/Nov/16 06:25
134 kB
Hubert Zhang
HAWQRangerSupportDesign_v0.2.pdf
30/Aug/16 01:43
132 kB
Hubert Zhang

Issue Links

is related to

RANGER-782 Add support for Apache Hawq

Open

relates to

HAWQ-1118 Support user impersonation for HAWQ internal tables

Open

HAWQ-1036 Support user impersonation in PXF for external tables

Resolved

Sub-Tasks

1.	Implement HAWQ basic user ACL check through Ranger	Closed	Hubert Zhang
2.	Implement configuration GUC related to Ranger.	Resolved	Hubert Zhang
3.	Implement batched ACL check through Ranger.	Open	Hubert Zhang
4.	Implement calling Ranger REST Service using libcurl.	Resolved	Wen Lin
5.	HAWQ sync user information from LDAP	Open	Lei Chang
6.	Implement Ranger Plugin Service which holds HAWQ Ranger Plugin and provide REST Service	Resolved	Alexander Denissov
7.	Add one option in Ambari to enable user to specify whether they want enable Ranger for ACL check	Open	Alexander Denissov
8.	Change hawq start script once finding enable_ranger GUC is on.	Closed	Lili Ma
9.	Process catalog table ACL on Ranger.	Resolved	Hubert Zhang
10.	Gpadmin super user processing on ACL	Open	Alexander Denissov
11.	Support ranger plugin server HA in hawq side.	Open	Hubert Zhang
12.	Add generation of RequestID, ClientIP, queryContext(SQL Statement) in HAWQ , and encapsulate these contents to JSON request to RPS	Closed	Xiang Sheng
13.	Don't do ACL checks on segments	Closed	Chunling Wang
14.	Enhance libcurl connection to RPS(Ranger Plugin Service), keep it as a long-live connection in session level	Closed	Xiang Sheng
15.	If user doesn't have privileges on certain objects, need return user which specific table he doesn't have right.	Closed	Hongxu Ma
16.	Check build-in catalogs, tables and functions in native aclcheck.	Resolved	Hubert Zhang
17.	The error message is not friendly when ranger plugin service is unavailable.	Closed	Xiang Sheng
18.	Force to recompute namespace_path when enable_ranger	Closed	Hongxu Ma
19.	Add integration tests to Ranger Plugin Service project	Resolved	Alexander Denissov
20.	Reduce unnecessary calls of namespace check when run \d	Closed	Hongxu Ma
21.	Change GUC enable_ranger(bool) to a text GUC(hawq_acl_type), which can allow other kinds of ACL.	Closed	Xiang Sheng
22.	Remove ALL privilege for HAWQ service in Ranger	Closed	Alexander Denissov
23.	Package all configuration files for RPS and Tomcat into hawq-ranger-plugin.rpm	Resolved	Alexander Denissov
24.	Optimize the performance of hawq with ranger enabled.	Open	Hubert Zhang
25.	Forbid grant/revoke command in HAWQ side once Ranger is configured.	Resolved	Wen Lin
26.	Change RPM name for RPS to hawq-ranger-plugin	Resolved	Alexander Denissov
27.	Allow queries related to pg_temp if ranger is enable	Resolved	Wen Lin
28.	Add deny and exclude policy template for hawq service in ranger.	Resolved	Hubert Zhang
29.	pg_catalog view fallback failed	Closed	Xiang Sheng
30.	Add --enable-rps option to build ranger-plugin when build hawq.	Closed	Xiang Sheng
31.	Provide template for Ranger access audit to Solr from RPS	Resolved	Alexander Denissov
32.	Externalize JVM params from rps.sh into rps.properties	Resolved	Alexander Denissov
33.	Add policy test for HAWQ with Ranger enabled.	Closed	Chunling Wang
34.	Add RPS start/stop script in HAWQ start/stop script	Closed	Xiang Sheng
35.	Keep hawq_toolkit schema check in HAWQ native side	Closed	Hongxu Ma
36.	HAWQ Sends Wrong Request to RPS for PXF Hcatalog	Resolved	Wen Lin
37.	Add basic test case for hcatalog with ranger	Closed	Hongxu Ma
38.	Set JAVA_HOME / JRE_HOME for RPS in the scripts	Resolved	Alexander Denissov
39.	RPS test RangerHawqAuthorizerServiceNameTest fails sometimes	Resolved	Alexander Denissov
40.	Provide user-group membership in RPS when requesting access	Resolved	Alexander Denissov
41.	Implement RPS High availability on HAWQ	Closed	Hongxu Ma
42.	Implement SSL Access from RPS to Ranger	Open	Radar Da Lei
43.	Implement Ranger lookup for HAWQ with Kerberos enabled.	Open	Hubert Zhang
44.	HAWQ start/stop cluster should be able to start/stop RPS on standby node	Closed	Xiang Sheng
45.	HAWQ state should be able to report the status of both RPS and standby RPS	Closed	Xiang Sheng
46.	Remove hawq_rps_address_suffix and hawq_rps_address_host in hawq-site.xml to simplify configuration for RPS High Availability	Closed	Xiang Sheng
47.	Copy RPS configuration files to standby in specific scenarios	Closed	Hongxu Ma
48.	Don't expose RPS warning messages to command line	Resolved	Wen Lin
49.	Augment enable-ranger-plugin.sh to support kerberos.	Closed	Xiang Sheng
50.	Ranger-plugin connect to Ranger admin under kerberos security.	Closed	Hongxu Ma
51.	Use user/password instead of credentials cache in Ranger lookup for HAWQ with Kerberos enabled.	Closed	Hongxu Ma
52.	Integrate Ranger lookup JAAS configuration in ranger-admin plugin jar	Closed	Hongxu Ma

Activity

People

Assignee:: Lili Ma

Reporter:: Michael Andre Pearce

Votes:: 1 Vote for this issue

Watchers:: 12 Start watching this issue

Dates

Created:: 15/Dec/15 19:24

Updated:: 15/Feb/17 06:36