Uploaded image for project: 'Apache HAWQ (Retired)'
  1. Apache HAWQ (Retired)
  2. HAWQ-256

Integrate Security with Apache Ranger

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: In Progress
    • Major
    • Resolution: Unresolved
    • None
    • backlog
    • Security
    • None

    Description

      Integrate security with Apache Ranger for a unified Hadoop security solution.

      Attachments

        1. HAWQRangerSupportDesign.pdf
          186 kB
          Lili Ma
        2. HAWQRangerSupportDesign_v0.2.pdf
          132 kB
          Hubert Zhang
        3. HAWQRangerSupportDesign_v0.3.pdf
          134 kB
          Hubert Zhang

        Issue Links

          1.
          Implement HAWQ basic user ACL check through Ranger Sub-task Closed Hubert Zhang
          2.
          Implement configuration GUC related to Ranger. Sub-task Resolved Hubert Zhang
          3.
          Implement batched ACL check through Ranger. Sub-task Open Hubert Zhang
          4.
          Implement calling Ranger REST Service using libcurl. Sub-task Resolved Wen Lin
          5.
          HAWQ sync user information from LDAP Sub-task Open Lei Chang
          6.
          Implement Ranger Plugin Service which holds HAWQ Ranger Plugin and provide REST Service Sub-task Resolved Alexander Denissov
          7.
          Add one option in Ambari to enable user to specify whether they want enable Ranger for ACL check Sub-task Open Alexander Denissov
          8.
          Change hawq start script once finding enable_ranger GUC is on. Sub-task Closed Lili Ma
          9.
          Process catalog table ACL on Ranger. Sub-task Resolved Hubert Zhang
          10.
          Gpadmin super user processing on ACL Sub-task Open Alexander Denissov
          11.
          Support ranger plugin server HA in hawq side. Sub-task Open Hubert Zhang
          12.
          Add generation of RequestID, ClientIP, queryContext(SQL Statement) in HAWQ , and encapsulate these contents to JSON request to RPS Sub-task Closed Xiang Sheng
          13.
          Don't do ACL checks on segments Sub-task Closed Chunling Wang
          14.
          Enhance libcurl connection to RPS(Ranger Plugin Service), keep it as a long-live connection in session level Sub-task Closed Xiang Sheng
          15.
          If user doesn't have privileges on certain objects, need return user which specific table he doesn't have right. Sub-task Closed Hongxu Ma
          16.
          Check build-in catalogs, tables and functions in native aclcheck. Sub-task Resolved Hubert Zhang
          17.
          The error message is not friendly when ranger plugin service is unavailable. Sub-task Closed Xiang Sheng
          18.
          Force to recompute namespace_path when enable_ranger Sub-task Closed Hongxu Ma
          19.
          Add integration tests to Ranger Plugin Service project Sub-task Resolved Alexander Denissov
          20.
          Reduce unnecessary calls of namespace check when run \d Sub-task Closed Hongxu Ma
          21.
          Change GUC enable_ranger(bool) to a text GUC(hawq_acl_type), which can allow other kinds of ACL. Sub-task Closed Xiang Sheng
          22.
          Remove ALL privilege for HAWQ service in Ranger Sub-task Closed Alexander Denissov
          23.
          Package all configuration files for RPS and Tomcat into hawq-ranger-plugin.rpm Sub-task Resolved Alexander Denissov
          24.
          Optimize the performance of hawq with ranger enabled. Sub-task Open Hubert Zhang
          25.
          Forbid grant/revoke command in HAWQ side once Ranger is configured. Sub-task Resolved Wen Lin
          26.
          Change RPM name for RPS to hawq-ranger-plugin Sub-task Resolved Alexander Denissov
          27.
          Allow queries related to pg_temp if ranger is enable Sub-task Resolved Wen Lin
          28.
          Add deny and exclude policy template for hawq service in ranger. Sub-task Resolved Hubert Zhang
          29.
          pg_catalog view fallback failed Sub-task Closed Xiang Sheng
          30.
          Add --enable-rps option to build ranger-plugin when build hawq. Sub-task Closed Xiang Sheng
          31.
          Provide template for Ranger access audit to Solr from RPS Sub-task Resolved Alexander Denissov
          32.
          Externalize JVM params from rps.sh into rps.properties Sub-task Resolved Alexander Denissov
          33.
          Add policy test for HAWQ with Ranger enabled. Sub-task Closed Chunling Wang
          34.
          Add RPS start/stop script in HAWQ start/stop script Sub-task Closed Xiang Sheng
          35.
          Keep hawq_toolkit schema check in HAWQ native side Sub-task Closed Hongxu Ma
          36.
          HAWQ Sends Wrong Request to RPS for PXF Hcatalog Sub-task Resolved Wen Lin
          37.
          Add basic test case for hcatalog with ranger Sub-task Closed Hongxu Ma
          38.
          Set JAVA_HOME / JRE_HOME for RPS in the scripts Sub-task Resolved Alexander Denissov
          39.
          RPS test RangerHawqAuthorizerServiceNameTest fails sometimes Sub-task Resolved Alexander Denissov
          40.
          Provide user-group membership in RPS when requesting access Sub-task Resolved Alexander Denissov
          41.
          Implement RPS High availability on HAWQ Sub-task Closed Hongxu Ma
          42.
          Implement SSL Access from RPS to Ranger Sub-task Open Radar Da Lei
          43.
          Implement Ranger lookup for HAWQ with Kerberos enabled. Sub-task Open Hubert Zhang
          44.
          HAWQ start/stop cluster should be able to start/stop RPS on standby node Sub-task Closed Xiang Sheng
          45.
          HAWQ state should be able to report the status of both RPS and standby RPS Sub-task Closed Xiang Sheng
          46.
          Remove hawq_rps_address_suffix and hawq_rps_address_host in hawq-site.xml to simplify configuration for RPS High Availability Sub-task Closed Xiang Sheng
          47.
          Copy RPS configuration files to standby in specific scenarios Sub-task Closed Hongxu Ma
          48.
          Don't expose RPS warning messages to command line Sub-task Resolved Wen Lin
          49.
          Augment enable-ranger-plugin.sh to support kerberos. Sub-task Closed Xiang Sheng
          50.
          Ranger-plugin connect to Ranger admin under kerberos security. Sub-task Closed Hongxu Ma
          51.
          Use user/password instead of credentials cache in Ranger lookup for HAWQ with Kerberos enabled. Sub-task Closed Hongxu Ma
          52.
          Integrate Ranger lookup JAAS configuration in ranger-admin plugin jar Sub-task Closed Hongxu Ma

          Activity

            People

              lilima Lili Ma
              michael.andre.pearce Michael Andre Pearce
              Votes:
              1 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated: