Uploaded image for project: 'Apache HAWQ'
  1. Apache HAWQ
  2. HAWQ-256

Integrate Security with Apache Ranger

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: In Progress
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: backlog
    • Component/s: Security
    • Labels:
      None

      Description

      Integrate security with Apache Ranger for a unified Hadoop security solution.

        Attachments

        Issue Links

        1.
        Implement HAWQ basic user ACL check through Ranger Sub-task Closed Hubert Zhang Actions
        2.
        Implement configuration GUC related to Ranger. Sub-task Resolved Hubert Zhang Actions
        3.
        Implement batched ACL check through Ranger. Sub-task Open Hubert Zhang Actions
        4.
        Implement calling Ranger REST Service using libcurl. Sub-task Resolved Wen Lin Actions
        5.
        HAWQ sync user information from LDAP Sub-task Open Lei Chang Actions
        6.
        Implement Ranger Plugin Service which holds HAWQ Ranger Plugin and provide REST Service Sub-task Resolved Alexander Denissov Actions
        7.
        Add one option in Ambari to enable user to specify whether they want enable Ranger for ACL check Sub-task Open Alexander Denissov Actions
        8.
        Change hawq start script once finding enable_ranger GUC is on. Sub-task Closed Lili Ma Actions
        9.
        Process catalog table ACL on Ranger. Sub-task Resolved Hubert Zhang Actions
        10.
        Gpadmin super user processing on ACL Sub-task Open Alexander Denissov Actions
        11.
        Support ranger plugin server HA in hawq side. Sub-task Open Hubert Zhang Actions
        12.
        Add generation of RequestID, ClientIP, queryContext(SQL Statement) in HAWQ , and encapsulate these contents to JSON request to RPS Sub-task Closed Xiang Sheng Actions
        13.
        Don't do ACL checks on segments Sub-task Closed Chunling Wang Actions
        14.
        Enhance libcurl connection to RPS(Ranger Plugin Service), keep it as a long-live connection in session level Sub-task Closed Xiang Sheng Actions
        15.
        If user doesn't have privileges on certain objects, need return user which specific table he doesn't have right. Sub-task Closed Hongxu Ma Actions
        16.
        Check build-in catalogs, tables and functions in native aclcheck. Sub-task Resolved Hubert Zhang Actions
        17.
        The error message is not friendly when ranger plugin service is unavailable. Sub-task Closed Xiang Sheng Actions
        18.
        Force to recompute namespace_path when enable_ranger Sub-task Closed Hongxu Ma Actions
        19.
        Add integration tests to Ranger Plugin Service project Sub-task Resolved Alexander Denissov Actions
        20.
        Reduce unnecessary calls of namespace check when run \d Sub-task Closed Hongxu Ma Actions
        21.
        Change GUC enable_ranger(bool) to a text GUC(hawq_acl_type), which can allow other kinds of ACL. Sub-task Closed Xiang Sheng Actions
        22.
        Remove ALL privilege for HAWQ service in Ranger Sub-task Closed Alexander Denissov Actions
        23.
        Package all configuration files for RPS and Tomcat into hawq-ranger-plugin.rpm Sub-task Resolved Alexander Denissov Actions
        24.
        Optimize the performance of hawq with ranger enabled. Sub-task Open Hubert Zhang Actions
        25.
        Forbid grant/revoke command in HAWQ side once Ranger is configured. Sub-task Resolved Wen Lin Actions
        26.
        Change RPM name for RPS to hawq-ranger-plugin Sub-task Resolved Alexander Denissov Actions
        27.
        Allow queries related to pg_temp if ranger is enable Sub-task Resolved Wen Lin Actions
        28.
        Add deny and exclude policy template for hawq service in ranger. Sub-task Resolved Hubert Zhang Actions
        29.
        pg_catalog view fallback failed Sub-task Closed Xiang Sheng Actions
        30.
        Add --enable-rps option to build ranger-plugin when build hawq. Sub-task Closed Xiang Sheng Actions
        31.
        Provide template for Ranger access audit to Solr from RPS Sub-task Resolved Alexander Denissov Actions
        32.
        Externalize JVM params from rps.sh into rps.properties Sub-task Resolved Alexander Denissov Actions
        33.
        Add policy test for HAWQ with Ranger enabled. Sub-task Closed Chunling Wang Actions
        34.
        Add RPS start/stop script in HAWQ start/stop script Sub-task Closed Xiang Sheng Actions
        35.
        Keep hawq_toolkit schema check in HAWQ native side Sub-task Closed Hongxu Ma Actions
        36.
        HAWQ Sends Wrong Request to RPS for PXF Hcatalog Sub-task Resolved Wen Lin Actions
        37.
        Add basic test case for hcatalog with ranger Sub-task Closed Hongxu Ma Actions
        38.
        Set JAVA_HOME / JRE_HOME for RPS in the scripts Sub-task Resolved Alexander Denissov Actions
        39.
        RPS test RangerHawqAuthorizerServiceNameTest fails sometimes Sub-task Resolved Alexander Denissov Actions
        40.
        Provide user-group membership in RPS when requesting access Sub-task Resolved Alexander Denissov Actions
        41.
        Implement RPS High availability on HAWQ Sub-task Closed Hongxu Ma Actions
        42.
        Implement SSL Access from RPS to Ranger Sub-task Open Radar Da Lei Actions
        43.
        Implement Ranger lookup for HAWQ with Kerberos enabled. Sub-task Open Hubert Zhang Actions
        44.
        HAWQ start/stop cluster should be able to start/stop RPS on standby node Sub-task Closed Xiang Sheng Actions
        45.
        HAWQ state should be able to report the status of both RPS and standby RPS Sub-task Closed Xiang Sheng Actions
        46.
        Remove hawq_rps_address_suffix and hawq_rps_address_host in hawq-site.xml to simplify configuration for RPS High Availability Sub-task Closed Xiang Sheng Actions
        47.
        Copy RPS configuration files to standby in specific scenarios Sub-task Closed Hongxu Ma Actions
        48.
        Don't expose RPS warning messages to command line Sub-task Resolved Wen Lin Actions
        49.
        Augment enable-ranger-plugin.sh to support kerberos. Sub-task Closed Xiang Sheng Actions
        50.
        Ranger-plugin connect to Ranger admin under kerberos security. Sub-task Closed Hongxu Ma Actions
        51.
        Use user/password instead of credentials cache in Ranger lookup for HAWQ with Kerberos enabled. Sub-task Closed Hongxu Ma Actions
        52.
        Integrate Ranger lookup JAAS configuration in ranger-admin plugin jar Sub-task Closed Hongxu Ma Actions

          Activity

            People

            • Assignee:
              lilima Lili Ma
              Reporter:
              michael.andre.pearce Michael Andre Pearce

              Dates

              • Created:
                Updated:

                Issue deployment