You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2017/01/17 17:22:46 UTC
[2/2] incubator-ranger git commit: RANGER-1214 : Export/Import of
policies in Ranger
RANGER-1214 : Export/Import of policies in Ranger
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/a99e377d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/a99e377d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/a99e377d
Branch: refs/heads/master
Commit: a99e377d39bce90b39b9fd7f2cc1068e1856fd1c
Parents: 8ba81a6
Author: Mehul Parikh <me...@freestoneinfotech.com>
Authored: Wed Jan 11 14:58:50 2017 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Tue Jan 17 12:22:37 2017 -0500
----------------------------------------------------------------------
.../apache/ranger/plugin/client/BaseClient.java | 9 -
.../ranger/plugin/util/PasswordUtils.java | 28 --
.../ranger/plugin/util/StringTokenReplacer.java | 38 +-
.../ranger/credentialapi/CredentialReader.java | 7 -
.../ranger/credentialapi/Testbuildks.java | 5 -
.../main/java/org/apache/util/sql/Jisql.java | 2 -
security-admin/pom.xml | 5 +
.../org/apache/ranger/biz/ServiceDBStore.java | 325 ++++++-------
.../org/apache/ranger/common/RESTErrorUtil.java | 28 +-
.../apache/ranger/common/RangerConstants.java | 1 -
.../ranger/credentialapi/CredentialReader.java | 7 -
.../apache/ranger/entity/XXAccessAuditBase.java | 1 -
.../org/apache/ranger/entity/XXAuthSession.java | 1 -
.../java/org/apache/ranger/entity/XXTrxLog.java | 2 -
.../org/apache/ranger/rest/ServiceREST.java | 459 ++++++++++++++++++-
.../context/RangerPreAuthSecurityHandler.java | 8 +
.../ranger/view/RangerExportPolicyList.java | 48 ++
.../collection_bases/VXTrxLogListBase.js | 3 +
.../scripts/modules/globalize/message/en.js | 9 +-
.../src/main/webapp/scripts/utils/XAUtils.js | 9 +-
.../scripts/views/DownloadServicePolicy.js | 138 ++++++
.../webapp/scripts/views/UploadServicePolicy.js | 266 +++++++++++
.../views/policymanager/ServiceLayout.js | 64 ++-
.../webapp/scripts/views/reports/AuditLayout.js | 56 ++-
.../scripts/views/reports/UserAccessLayout.js | 58 +--
security-admin/src/main/webapp/styles/xa.css | 40 +-
.../common/ServiceManagerLayout_tmpl.html | 20 +-
.../templates/common/ServiceMappingItem.html | 23 +
.../common/downloadservicepolicy_tmpl.html | 34 ++
.../common/uploadservicepolicy_tmpl.html | 58 +++
.../main/webapp/templates/helpers/XAHelpers.js | 10 -
.../reports/UserAccessLayout_tmpl.html | 6 +-
src/main/assembly/admin-web.xml | 1 +
.../process/LdapUserGroupBuilder.java | 1 -
.../process/PolicyMgrUserGroupBuilder.java | 8 -
.../unix/jaas/RemoteUnixLoginModule.java | 1 -
.../UnixAuthenticationService.java | 1 -
37 files changed, 1413 insertions(+), 367 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
index 4ba1f89..aa90a92 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
@@ -183,13 +183,4 @@ public abstract class BaseClient {
}
return StringUtils.join(errList, "");
}
-
- /*public static Map<String, String> getMaskedConfigMap(Map<String, String> configMap){
- Map<String, String> maskedMap=new HashMap<String, String>();
- maskedMap.putAll(configMap);
- if(maskedMap!=null && maskedMap.containsKey("password")){
- maskedMap.put("password", "*****");
- }
- return maskedMap;
- }*/
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java
index f47fd29..f32355a 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java
@@ -129,32 +129,4 @@ public class PasswordUtils {
}
return ret;
}
-
- public static void main(String[] args) {
- String[] testPasswords = { "a", "a123", "dsfdsgdg", "*7263^5#", "", null };
- for(String password : testPasswords) {
- try {
- String ePassword = PasswordUtils.encryptPassword(password);
- String dPassword = PasswordUtils.decryptPassword(ePassword);
- if (password == null ) {
- if (dPassword != null) {
- throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword + "]");
- }
- else {
- System.out.println("Password: [" + password + "] matched after decrypt. Encrypted: [" + ePassword + "]");
- }
- }
- else if (! password.equals(dPassword)) {
- throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword + "]");
- }
- else {
- System.out.println("Password: [" + password + "] matched after decrypt. Encrypted: [" + ePassword + "]");
- }
- }
- catch(IOException ioe) {
- ioe.printStackTrace();
- System.out.println("Password verification failed for password [" + password + "]:" + ioe);
- }
- }
- }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java
index f7047f3..4ec1595 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java
@@ -19,7 +19,6 @@
package org.apache.ranger.plugin.util;
-import java.util.HashMap;
import java.util.Map;
public class StringTokenReplacer {
@@ -89,38 +88,5 @@ public class StringTokenReplacer {
}
return ret.toString();
- }
-
- public static void main(String[] args) {
- char startChar = '%';
- char endChar = '%';
- char escapeChar = '\\';
- String tokenPrefix = "ranger:";
- Map<String, Object> tokens = new HashMap<String, Object>();
-
- tokens.put("USER", "testUser");
- tokens.put("COUNTRY", "USA");
- tokens.put("STATE", "CA");
- tokens.put("CITY", "Santa Clara");
-
- StringTokenReplacer tokenReplacer = new StringTokenReplacer(startChar, endChar, escapeChar, tokenPrefix);
-
- if(args.length == 0) {
- args = new String[] {
- "/home/%USER%/*",
- "/home/%ranger:USER%/*",
- "tmp_%USER%",
- "tmp_%ranger:USER%",
- "%USER%_db",
- "%ranger:USER%_db",
- "\\%USER_db",
- "\\%ranger:USER_db",
- "\\%USER%_db",
- "\\%ranger:USER%_db",
- };
- }
-
- for(String str : args) {
- System.out.println(str + " ==> " + tokenReplacer.replaceTokens(str, tokens));
- }
- }}
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
----------------------------------------------------------------------
diff --git a/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java b/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
index 94e6afd..42497e3 100644
--- a/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
+++ b/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
@@ -78,11 +78,4 @@ public class CredentialReader {
}
return credential;
}
-
- /*
- public static void main(String args[]) throws Exception{
- String keystoreFile =new String("/tmp/mykey3.jceks");
- String password=CredentialReader.getDecryptedString(keystoreFile, "mykey3");
- System.out.println(password);
- }*/
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java
----------------------------------------------------------------------
diff --git a/credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java b/credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java
index 5386838..ce93b65 100644
--- a/credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java
+++ b/credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java
@@ -73,9 +73,4 @@ public class Testbuildks {
assertEquals(-1, rc1);
assertTrue(rc1==-1);
}
- /*public static void main(String args[]) throws Exception{
- Testbuildks tTestbuildks=new Testbuildks();
- tTestbuildks.testBuildKSsuccess();
- }*/
-
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/jisql/src/main/java/org/apache/util/sql/Jisql.java
----------------------------------------------------------------------
diff --git a/jisql/src/main/java/org/apache/util/sql/Jisql.java b/jisql/src/main/java/org/apache/util/sql/Jisql.java
index b613e80..cf5f2c4 100644
--- a/jisql/src/main/java/org/apache/util/sql/Jisql.java
+++ b/jisql/src/main/java/org/apache/util/sql/Jisql.java
@@ -720,8 +720,6 @@ public class Jisql {
if ((password == null) && (passwordFileName == null)) {
password="";
- //java.io.Console console = System.console();
- //password = new String( console.readPassword("Password (hit enter for no password): ") );
}
else if (password == null) {
File passwordFile = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/pom.xml
----------------------------------------------------------------------
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
index 01d5fb8..0fcfc5a 100644
--- a/security-admin/pom.xml
+++ b/security-admin/pom.xml
@@ -243,6 +243,11 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>com.sun.jersey.contribs</groupId>
+ <artifactId>jersey-multipart</artifactId>
+ <version>${sun.jersey.core.version}</version>
+ </dependency>
<dependency>
<groupId>org.apache.solr</groupId>
<artifactId>solr-solrj</artifactId>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index dfe927f..59551a7 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -20,13 +20,13 @@
package org.apache.ranger.biz;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -37,30 +37,35 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.net.UnknownHostException;
import java.text.SimpleDateFormat;
-import java.util.TreeMap;
import javax.annotation.PostConstruct;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MultiHashMap;
+import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.hadoop.security.authentication.util.KerberosName;
+import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
import org.apache.ranger.plugin.util.PasswordUtils;
+import org.apache.ranger.common.JSONUtil;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.RangerFactory;
import org.apache.ranger.common.RangerServicePoliciesCache;
+import org.apache.ranger.common.RangerVersionInfo;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.db.RangerDaoManager;
@@ -154,10 +159,13 @@ import org.apache.ranger.service.RangerServiceDefWithAssignedIdService;
import org.apache.ranger.service.RangerServiceService;
import org.apache.ranger.service.RangerServiceWithAssignedIdService;
import org.apache.ranger.service.XUserService;
+import org.apache.ranger.view.RangerExportPolicyList;
import org.apache.ranger.view.RangerPolicyList;
import org.apache.ranger.view.RangerServiceDefList;
import org.apache.ranger.view.RangerServiceList;
import org.apache.ranger.view.VXString;
+import org.apache.ranger.view.VXTrxLog;
+import org.apache.ranger.view.VXTrxLogList;
import org.apache.ranger.view.VXUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
@@ -173,6 +181,9 @@ import org.apache.poi.ss.usermodel.Font;
import org.apache.poi.ss.usermodel.Row;
import org.apache.poi.ss.usermodel.Sheet;
import org.apache.poi.ss.usermodel.Workbook;
+import org.codehaus.jettison.json.JSONException;
+
+import com.google.gson.Gson;
@Component
public class ServiceDBStore extends AbstractServiceStore {
@@ -186,6 +197,25 @@ public class ServiceDBStore extends AbstractServiceStore {
private static final String AMBARI_SERVICE_CHECK_USER = "ambari.service.check.user";
private static final String KERBEROS_TYPE = "kerberos";
+
+ private static final String POLICY_ALLOW_EXCLUDE = "Policy Allow:Exclude";
+ private static final String POLICY_ALLOW_INCLUDE = "Policy Allow:Include";
+ private static final String POLICY_DENY_EXCLUDE = "Policy Deny:Exclude";
+ private static final String POLICY_DENY_INCLUDE = "Policy Deny:Include";
+
+ private static String LOCAL_HOSTNAME = "unknown";
+ private static final String HOSTNAME = "Host name";
+ private static final String USER_NAME = "Exported by";
+ private static final String RANGER_VERSION = "Ranger apache version";
+ private static final String TIMESTAMP = "Export time";
+
+ static {
+ try {
+ LOCAL_HOSTNAME = java.net.InetAddress.getLocalHost().getCanonicalHostName();
+ } catch (UnknownHostException e) {
+ LOCAL_HOSTNAME = "unknown";
+ }
+ }
@Autowired
RangerServiceDefService serviceDefService;
@@ -235,6 +265,9 @@ public class ServiceDBStore extends AbstractServiceStore {
@Autowired
RangerFactory factory;
+
+ @Autowired
+ JSONUtil jsonUtil;
private static volatile boolean legacyServiceDefsInitDone = false;
private Boolean populateExistingBaseFields = false;
@@ -1931,64 +1964,6 @@ public class ServiceDBStore extends AbstractServiceStore {
return ret;
}
- public List<RangerPolicy> getPoliciesForReports(SearchFilter filter) throws Exception {
- if (LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDBStore.getPoliciesForReports()");
- }
- List<RangerPolicy> ret = new ArrayList<RangerPolicy>();
- List<RangerPolicy> retTemp = new ArrayList<RangerPolicy>();
- Map<Long, RangerPolicy> orderedPolicies = new TreeMap<Long, RangerPolicy>();
- String serviceTypeNames = filter.getParam("serviceType");
- if (serviceTypeNames != null) {
- List<String> serviceTypeList = new ArrayList<String>(Arrays.asList(serviceTypeNames.split("_")));
- if (!CollectionUtils.isEmpty(serviceTypeList)) {
- for (String serviceType : serviceTypeList) {
- filter.setParam("serviceType", serviceType);
- RangerPolicyList policyList = searchRangerPolicies(filter);
- if (policyList!=null){
- retTemp = policyList.getPolicies();
- if(!CollectionUtils.isEmpty(retTemp)) {
- ret.addAll(retTemp);
- }
- }
- }
- if (!CollectionUtils.isEmpty(ret)){
- for (RangerPolicy policy : ret) {
- if(policy!=null){
- orderedPolicies.put(policy.getId(), policy);
- }
- }
- if (orderedPolicies.size()>0) {
- ret.clear();
- ret.addAll(orderedPolicies.values());
- }
- }
- }
- } else {
- RangerPolicyList policyList = searchRangerPolicies(filter);
- ret = policyList.getPolicies();
- if (!CollectionUtils.isEmpty(ret)) {
- for (RangerPolicy policy : ret) {
- if (policy != null) {
- orderedPolicies.put(policy.getId(), policy);
- }
- }
- if (orderedPolicies.size() > 0) {
- ret.clear();
- ret.addAll(orderedPolicies.values());
- }
- }
- if (policyList != null) {
- ret = policyList.getPolicies();
- }
- }
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDBStore.getPoliciesForReports()");
- }
-
- return ret;
- }
-
public void getPoliciesInExcel(List<RangerPolicy> policies, HttpServletResponse response) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.getPoliciesInExcel()");
@@ -2038,6 +2013,16 @@ public class ServiceDBStore extends AbstractServiceStore {
}
}
}
+
+ public void getPoliciesInJson(List<RangerPolicy> policies,
+ HttpServletResponse response) throws Exception {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDBStore.getPoliciesInJson()");
+ }
+ String timeStamp = new SimpleDateFormat("yyyyMMdd_HHmmss").format(new Date());
+ String jsonFileName = "Ranger_Policies_" + timeStamp + ".json";
+ writeJson(policies, jsonFileName, response);
+ }
public PList<RangerPolicy> getPaginatedPolicies(SearchFilter filter) throws Exception {
if (LOG.isDebugEnabled()) {
@@ -3200,26 +3185,54 @@ public class ServiceDBStore extends AbstractServiceStore {
List<RangerPolicyItem> policyItems = policy.getPolicyItems();
List<RangerRowFilterPolicyItem> rowFilterPolicyItems = policy.getRowFilterPolicyItems();
List<RangerDataMaskPolicyItem> dataMaskPolicyItems = policy.getDataMaskPolicyItems();
+ List<RangerPolicyItem> allowExceptions = policy.getAllowExceptions();
+ List<RangerPolicyItem> denyExceptions = policy.getDenyExceptions();
+ List<RangerPolicyItem> denyPolicyItems = policy.getDenyPolicyItems();
if (CollectionUtils.isNotEmpty(policyItems)) {
for (RangerPolicyItem policyItem : policyItems) {
Row row = sheet.createRow(++rowCount);
- writeBookForPolicyItems(policy, policyItem, null, null, row);
+ writeBookForPolicyItems(policy, policyItem, null, null, row, null);
}
} else if (CollectionUtils.isNotEmpty(dataMaskPolicyItems)) {
for (RangerDataMaskPolicyItem dataMaskPolicyItem : dataMaskPolicyItems) {
Row row = sheet.createRow(++rowCount);
- writeBookForPolicyItems(policy, null, dataMaskPolicyItem, null, row);
+ writeBookForPolicyItems(policy, null, dataMaskPolicyItem, null, row, null);
}
} else if (CollectionUtils.isNotEmpty(rowFilterPolicyItems)) {
for (RangerRowFilterPolicyItem rowFilterPolicyItem : rowFilterPolicyItems) {
Row row = sheet.createRow(++rowCount);
- writeBookForPolicyItems(policy, null, null, rowFilterPolicyItem, row);
+ writeBookForPolicyItems(policy, null, null, rowFilterPolicyItem, row, null);
}
} else if (serviceType == 100) {
+ if (CollectionUtils.isEmpty(policyItems)) {
+ Row row = sheet.createRow(++rowCount);
+ RangerPolicyItem policyItem = new RangerPolicyItem();
+ writeBookForPolicyItems(policy, policyItem, null, null, row, null);
+ }
+ } else if (CollectionUtils.isEmpty(policyItems)) {
Row row = sheet.createRow(++rowCount);
- writeBookForTag(policy, row);
+ RangerPolicyItem policyItem = new RangerPolicyItem();
+ writeBookForPolicyItems(policy, policyItem, null, null, row, null);
}
+ if (CollectionUtils.isNotEmpty(allowExceptions)) {
+ for (RangerPolicyItem policyItem : allowExceptions) {
+ Row row = sheet.createRow(++rowCount);
+ writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_ALLOW_EXCLUDE);
+ }
+ }
+ if (CollectionUtils.isNotEmpty(denyExceptions)) {
+ for (RangerPolicyItem policyItem : denyExceptions) {
+ Row row = sheet.createRow(++rowCount);
+ writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_DENY_EXCLUDE);
+ }
+ }
+ if (CollectionUtils.isNotEmpty(denyPolicyItems)) {
+ for (RangerPolicyItem policyItem : denyPolicyItems) {
+ Row row = sheet.createRow(++rowCount);
+ writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_DENY_INCLUDE);
+ }
+ }
}
}
ByteArrayOutputStream outByteStream = new ByteArrayOutputStream();
@@ -3229,6 +3242,7 @@ public class ServiceDBStore extends AbstractServiceStore {
response.setContentLength(outArray.length);
response.setHeader("Expires:", "0");
response.setHeader("Content-Disposition", "attachment; filename=" + excelFileName);
+ response.setStatus(HttpServletResponse.SC_OK);
outStream = response.getOutputStream();
outStream.write(outArray);
outStream.flush();
@@ -3295,6 +3309,15 @@ public class ServiceDBStore extends AbstractServiceStore {
case 0:
policyItems0 = policy.getPolicyItems();
policyItems.addAll(policyItems0);
+ if (CollectionUtils.isNotEmpty(policy.getAllowExceptions())){
+ policyItems.addAll(policy.getAllowExceptions());
+ }
+ if (CollectionUtils.isNotEmpty(policy.getDenyExceptions())){
+ policyItems.addAll(policy.getDenyExceptions());
+ }
+ if (CollectionUtils.isNotEmpty(policy.getDenyPolicyItems())){
+ policyItems.addAll(policy.getDenyPolicyItems());
+ }
break;
case 1:
policyItems1 = policy.getDataMaskPolicyItems();
@@ -3461,11 +3484,89 @@ public class ServiceDBStore extends AbstractServiceStore {
}
}
response.setHeader("Content-Disposition", "attachment; filename=" + cSVFileName);
+ response.setStatus(HttpServletResponse.SC_OK);
return csvBuffer;
}
+
+ public void putMetaDataInfo(RangerExportPolicyList rangerExportPolicyList){
+ Map<String, Object> metaDataInfo = new LinkedHashMap<String, Object>();
+ UserSessionBase usb = ContextUtil.getCurrentUserSession();
+ String userId = usb.getLoginId();
+
+ metaDataInfo.put(HOSTNAME, LOCAL_HOSTNAME);
+ metaDataInfo.put(USER_NAME, userId);
+ metaDataInfo.put(TIMESTAMP, MiscUtil.getUTCDateForLocalDate(new Date()));
+ metaDataInfo.put(RANGER_VERSION, RangerVersionInfo.getVersion());
+
+ rangerExportPolicyList.setMetaDataInfo(metaDataInfo);
+ }
+
+ private void writeJson(List<RangerPolicy> policies, String jsonFileName,
+ HttpServletResponse response) throws JSONException, IOException {
+ response.setContentType("text/json");
+ response.setHeader("Content-Disposition", "attachment; filename="+ jsonFileName);
+ StringBuffer sb = new StringBuffer();
+ InputStream in = null;
+ ServletOutputStream out = null;
+ RangerExportPolicyList rangerExportPolicyList = new RangerExportPolicyList();
+ putMetaDataInfo(rangerExportPolicyList);
+ rangerExportPolicyList.setPolicies(policies);
+
+ Gson gson = new Gson();
+ String json = gson.toJson(rangerExportPolicyList, RangerExportPolicyList.class);
+
+ try {
+ out = response.getOutputStream();
+ sb = sb.append(json);
+ in = new ByteArrayInputStream(sb.toString().getBytes());
+ byte[] outputByte = new byte[sb.length()];
+ response.setStatus(HttpServletResponse.SC_OK);
+ while (in.read(outputByte, 0, sb.length()) != -1) {
+ out.write(outputByte, 0, sb.length());
+ }
+ } catch (Exception e) {
+ LOG.error(e);
+ } finally {
+ try {
+ if (in != null) {
+ in.close();
+ in = null;
+ }
+ } catch (Exception ex) {
+ }
+ try {
+ if (out != null) {
+ out.flush();
+ out.close();
+ }
+ } catch (Exception ex) {
+ }
+ }
+ }
+
+ public Map<String, String> getServiceMap(InputStream serviceMapStream)
+ throws IOException {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDBStore.getServiceMap()");
+ }
+ Map<String, String> serviceMap = new LinkedHashMap<String, String>();
+ String serviceMapString = IOUtils.toString(serviceMapStream);
+ if (StringUtils.isNotEmpty(serviceMapString)) {
+ serviceMap = jsonUtil.jsonToMap(serviceMapString);
+ }
+ if(!CollectionUtils.sizeIsEmpty(serviceMap)){
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDBStore.getServiceMap()");
+ }
+ return serviceMap;
+ }else{
+ LOG.error("Provided service map is empty!!");
+ throw restErrorUtil.createRESTException("Provided service map is empty!!");
+ }
+ }
private void writeBookForPolicyItems(RangerPolicy policy, RangerPolicyItem policyItem,
- RangerDataMaskPolicyItem dataMaskPolicyItem, RangerRowFilterPolicyItem rowFilterPolicyItem, Row row) {
+ RangerDataMaskPolicyItem dataMaskPolicyItem, RangerRowFilterPolicyItem rowFilterPolicyItem, Row row, String policyConditonType) {
List<String> groups = new ArrayList<String>();
List<String> users = new ArrayList<String>();
String groupNames = "";
@@ -3550,100 +3651,6 @@ public class ServiceDBStore extends AbstractServiceStore {
cell.setCellValue(policyStatus);
}
- private void writeBookForTag(RangerPolicy policy, Row row) {
- String policyStatus = "";
- Cell cell = row.createCell(0);
- cell.setCellValue(policy.getId());
- cell = row.createCell(1);
- cell.setCellValue(policy.getName());
- cell = row.createCell(2);
- String resValue = "";
- String resourceKeyVal = "";
- String resKey = "";
- String groupNames = "";
- String userNames = "";
- String accessType = "";
- Map<String, RangerPolicyResource> resources = policy.getResources();
- if (resources!=null) {
- for (Entry<String, RangerPolicyResource> resource : resources.entrySet()) {
- resKey = resource.getKey();
- RangerPolicyResource policyResource = resource.getValue();
- List<String> resvalueList = policyResource.getValues();
- resValue = resvalueList.toString();
- resourceKeyVal = resourceKeyVal + " " + resKey + "=" + resValue;
- }
- }
- cell.setCellValue(resourceKeyVal);
- cell = row.createCell(3);
- int policyType=policy.getPolicyType();
- List<RangerPolicyItem> policyItems=new ArrayList<RangerPolicyItem>();
- List<RangerPolicyItem> policyItems0=new ArrayList<RangerPolicyItem>();
- List<RangerDataMaskPolicyItem> policyItems1=new ArrayList<RangerDataMaskPolicyItem>();
- List<RangerRowFilterPolicyItem> policyItems2=new ArrayList<RangerRowFilterPolicyItem>();
- switch (policyType) {
- case 0:
- policyItems0 = policy.getPolicyItems();
- policyItems.addAll(policyItems0);
- break;
- case 1:
- policyItems1 = policy.getDataMaskPolicyItems();
- policyItems.addAll(policyItems1);
- break;
- case 2:
- policyItems2 = policy.getRowFilterPolicyItems();
- policyItems.addAll(policyItems2);
- break;
- }
-
- List<String> groups = new ArrayList<String>();
- List<String> users = new ArrayList<String>();
-
- if (!CollectionUtils.isEmpty(policyItems)) {
- for (RangerPolicyItem policyItem : policyItems) {
- groupNames = "";
- userNames = "";
- accessType = "";
- groups = policyItem.getGroups();
- List<RangerPolicyItemAccess> accesses = policyItem.getAccesses();
- for (RangerPolicyItemAccess access : accesses) {
- accessType = accessType + access.getType() + " ,";
- }
- accessType = accessType.substring(0,accessType.lastIndexOf(","));
- if (!groups.isEmpty()) {
- groupNames = groupNames + groups.toString();
- }
- users = policyItem.getUsers();
- if (!users.isEmpty()) {
- userNames = userNames + users.toString();
- }
- }
- }
- cell.setCellValue(groupNames);
- cell = row.createCell(4);
- cell.setCellValue(userNames);
- cell = row.createCell(5);
- cell.setCellValue(accessType.trim());
- cell = row.createCell(6);
- XXService xxservice = daoMgr.getXXService().findByName(policy.getService());
- String ServiceType = "";
- if (xxservice != null) {
- Long ServiceId = xxservice.getType();
- XXServiceDef xxservDef = daoMgr.getXXServiceDef().getById(ServiceId);
- if (xxservDef != null) {
- ServiceType = xxservDef.getName();
- }
- }
- cell.setCellValue(ServiceType);
- cell = row.createCell(7);
- if (policy.getIsEnabled()) {
- policyStatus = "Enabled";
- } else {
- policyStatus = "Disabled";
- }
- cell.setCellValue(policyStatus);
- }
-
-
private void createHeaderRow(Sheet sheet) {
CellStyle cellStyle = sheet.getWorkbook().createCellStyle();
Font font = sheet.getWorkbook().createFont();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java
index 5c01e59..c98487f 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java
@@ -55,14 +55,12 @@ public class RESTErrorUtil {
errorResponse);
restException.fillInStackTrace();
UserSessionBase userSession = ContextUtil.getCurrentUserSession();
- Long sessionId = null;
String loginId = null;
if (userSession != null) {
loginId = userSession.getLoginId();
- sessionId = userSession.getSessionId();
}
- logger.info("Request failed. SessionId=" + sessionId + ", loginId="
+ logger.info("Request failed. loginId="
+ loginId + ", logMessage=" + gjResponse.getMsgDesc(),
restException);
@@ -78,14 +76,12 @@ public class RESTErrorUtil {
errorResponse);
restException.fillInStackTrace();
UserSessionBase userSession = ContextUtil.getCurrentUserSession();
- Long sessionId = null;
String loginId = null;
if (userSession != null) {
loginId = userSession.getLoginId();
- sessionId = userSession.getSessionId();
}
- logger.info("Request failed. SessionId=" + sessionId + ", loginId="
+ logger.info("Request failed. loginId="
+ loginId + ", logMessage=" + gjResponse.getMsgDesc(),
restException);
@@ -108,13 +104,9 @@ public class RESTErrorUtil {
// block list if this is deliberate
// Get user information
UserSessionBase userSession = ContextUtil.getCurrentUserSession();
- Long sessionId = null;
String loginId = null;
- String sessionInfo = "";
if (userSession != null) {
loginId = userSession.getLoginId();
- sessionInfo = userSession.toString();
- sessionId = userSession.getSessionId();
}
String requestInfo = "";
@@ -130,9 +122,9 @@ public class RESTErrorUtil {
logger.error("Error getting request info", contextEx);
}
- logger.error("Access restricted. SessionId=" + sessionId + ", loginId="
+ logger.error("Access restricted. loginId="
+ loginId + ", logMessage=" + logMessage + ", requestInfo="
- + requestInfo + ", sessionInfo=" + sessionInfo, restException);
+ + requestInfo, restException);
return restException;
}
@@ -149,14 +141,12 @@ public class RESTErrorUtil {
errorResponse);
restException.fillInStackTrace();
UserSessionBase userSession = ContextUtil.getCurrentUserSession();
- Long sessionId = null;
String loginId = null;
if (userSession != null) {
loginId = userSession.getLoginId();
- sessionId = userSession.getSessionId();
}
- logger.info("Request failed. SessionId=" + sessionId + ", loginId="
+ logger.info("Request failed. loginId="
+ loginId + ", logMessage=" + logMessage,
restException);
@@ -346,15 +336,13 @@ public class RESTErrorUtil {
errorResponse);
restException.fillInStackTrace();
UserSessionBase userSession = ContextUtil.getCurrentUserSession();
- Long sessionId = null;
String loginId = null;
if (userSession != null) {
loginId = userSession.getLoginId();
- sessionId = userSession.getSessionId();
}
if (logError) {
- logger.info("Request failed. SessionId=" + sessionId + ", loginId="
+ logger.info("Request failed. loginId="
+ loginId + ", logMessage=" + logMessage,
restException);
}
@@ -415,13 +403,11 @@ public class RESTErrorUtil {
WebApplicationException restException = new WebApplicationException(errorResponse);
restException.fillInStackTrace();
UserSessionBase userSession = ContextUtil.getCurrentUserSession();
- Long sessionId = null;
String loginId = null;
if (userSession != null) {
loginId = userSession.getLoginId();
- sessionId = userSession.getSessionId();
}
- logger.info("Request failed. SessionId=" + sessionId + ", loginId="
+ logger.info("Request failed. loginId="
+ loginId + ", logMessage=" + vResponse.getMsgDesc(),
restException);
return restException;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
index 4decbcb..e31e9d7 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
@@ -148,7 +148,6 @@ public class RangerConstants extends RangerCommonEnums {
// public static final String EMAIL_APPROVAL_NEEDED_MSG =
// "New objects pending approval";
// public static final String EMAIL_PWD_RESET_CODE_MSG =
- // "iSchoolCircle - Password Reset";
public final static String PWD_RESET_FAILED_MSG = "Invalid password reset request";
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java b/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
index f782396..1a3ade7 100644
--- a/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
+++ b/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
@@ -78,11 +78,4 @@ public class CredentialReader {
}
return credential;
}
-
- /*
- public static void main(String args[]) throws Exception{
- String keystoreFile =new String("/tmp/mykey3.jceks");
- String password=CredentialReader.getDecryptedString(keystoreFile, "mykey3");
- System.out.println(password);
- }*/
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditBase.java b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditBase.java
index 8f83f10..8efcfc3 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditBase.java
@@ -579,7 +579,6 @@ public class XXAccessAuditBase extends XXDBBase implements java.io.Serializable
str += "repoName={" + repoName + "} ";
str += "repoType={" + repoType + "} ";
str += "resultReason={" + resultReason + "} ";
- str += "sessionId={" + sessionId + "} ";
str += "eventTime={" + eventTime + "} ";
str += "requestUser={" + requestUser + "} ";
str += "action={" + action + "} ";
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/java/org/apache/ranger/entity/XXAuthSession.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXAuthSession.java b/security-admin/src/main/java/org/apache/ranger/entity/XXAuthSession.java
index a4f93f2..deedc87 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXAuthSession.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXAuthSession.java
@@ -414,7 +414,6 @@ public class XXAuthSession extends XXDBBase implements java.io.Serializable {
str += super.toString();
str += "loginId={" + loginId + "} ";
str += "userId={" + userId + "} ";
- str += "extSessionId={" + extSessionId + "} ";
str += "authTime={" + authTime + "} ";
str += "authStatus={" + authStatus + "} ";
str += "authType={" + authType + "} ";
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/java/org/apache/ranger/entity/XXTrxLog.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXTrxLog.java b/security-admin/src/main/java/org/apache/ranger/entity/XXTrxLog.java
index 5995201..ceea47b 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXTrxLog.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXTrxLog.java
@@ -460,9 +460,7 @@ public class XXTrxLog extends XXDBBase implements java.io.Serializable {
str += "newValue={" + newValue + "} ";
str += "transactionId={" + transactionId + "} ";
str += "action={" + action + "} ";
- str += "sessionId={" + sessionId + "} ";
str += "requestId={" + requestId + "} ";
- str += "sessionType={" + sessionType + "} ";
str += "}";
return str;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 307eb80..0a367e6 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -20,15 +20,21 @@
package org.apache.ranger.rest;
import java.io.IOException;
+import java.io.InputStream;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
+import java.util.Map.Entry;
import java.util.Set;
+import java.util.TreeMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
@@ -44,6 +50,7 @@ import javax.ws.rs.core.MediaType;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
+import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -57,6 +64,7 @@ import org.apache.ranger.biz.TagDBStore;
import org.apache.ranger.biz.XUserMgr;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.GUIDUtil;
+import org.apache.ranger.common.JSONUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RESTErrorUtil;
@@ -68,6 +76,7 @@ import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXPolicyExportAudit;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.plugin.model.RangerPluginInfo;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
@@ -100,12 +109,14 @@ import org.apache.ranger.service.RangerPluginInfoService;
import org.apache.ranger.service.RangerPolicyService;
import org.apache.ranger.service.RangerServiceDefService;
import org.apache.ranger.service.RangerServiceService;
+import org.apache.ranger.view.RangerExportPolicyList;
import org.apache.ranger.view.RangerPluginInfoList;
import org.apache.ranger.view.RangerPolicyList;
import org.apache.ranger.view.RangerServiceDefList;
import org.apache.ranger.view.RangerServiceList;
import org.apache.ranger.view.VXResponse;
import org.apache.ranger.view.VXString;
+import org.codehaus.jackson.map.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.access.prepost.PreAuthorize;
@@ -113,6 +124,9 @@ import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
+import com.sun.jersey.core.header.FormDataContentDisposition;
+import com.sun.jersey.multipart.FormDataParam;
+
@Path("plugins")
@Component
@Scope("request")
@@ -179,6 +193,9 @@ public class ServiceREST {
@Autowired
TagDBStore tagStore;
+
+ @Autowired
+ JSONUtil jsonUtil;
public ServiceREST() {
}
@@ -1558,31 +1575,40 @@ public class ServiceREST {
LOG.debug("==> ServiceREST.getPoliciesInExcel()");
}
RangerPerfTracer perf = null;
-
SearchFilter filter = searchUtil.getSearchFilter(request, policyService.sortFields);
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPoliciesInExcel()");
}
- List<RangerPolicy> policies=new ArrayList<RangerPolicy>();
- if (filter != null) {
- filter.setStartIndex(0);
- filter.setMaxRows(Integer.MAX_VALUE);
- policies = svcStore.getPoliciesForReports(filter);
+ List<RangerPolicy> policyLists = new ArrayList<RangerPolicy>();
+
+ policyLists = getAllFilteredPolicyList(filter, request, policyLists);
+ if (CollectionUtils.isNotEmpty(policyLists)){
+ svcStore.getPoliciesInExcel(policyLists, response);
+ }else{
+ LOG.error("No policies found to download!");
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NO_CONTENT, "No policies found to download!", true);
}
- svcStore.getPoliciesInExcel(policies, response);
-
+
+ RangerExportPolicyList rangerExportPolicyList = new RangerExportPolicyList();
+ svcStore.putMetaDataInfo(rangerExportPolicyList);
+ String metaDataInfo = new ObjectMapper().writeValueAsString(rangerExportPolicyList.getMetaDataInfo());
+
+ List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>();
+ XXTrxLog xxTrxLog = new XXTrxLog();
+ xxTrxLog.setAction("EXPORT EXCEL");
+ xxTrxLog.setPreviousValue(metaDataInfo);
+ trxLogList.add(xxTrxLog);
+ bizUtil.createTrxLog(trxLogList);
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("Error while downloading policy report", excp);
-
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
-
}
@GET
@@ -1594,32 +1620,429 @@ public class ServiceREST {
LOG.debug("==> ServiceREST.getPoliciesInCsv()");
}
RangerPerfTracer perf = null;
-
+
SearchFilter filter = searchUtil.getSearchFilter(request, policyService.sortFields);
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPoliciesInCsv()");
}
- List<RangerPolicy> policies = new ArrayList<RangerPolicy>();
- if (filter != null) {
- filter.setStartIndex(0);
- filter.setMaxRows(Integer.MAX_VALUE);
- policies = svcStore.getPoliciesForReports(filter);
+ List<RangerPolicy> policyLists = new ArrayList<RangerPolicy>();
+
+ policyLists = getAllFilteredPolicyList(filter, request, policyLists);
+ if (CollectionUtils.isNotEmpty(policyLists)){
+ svcStore.getPoliciesInCSV(policyLists, response);
+ }else{
+ LOG.error("No policies found to download!");
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NO_CONTENT, "No policies found to download!", true);
}
- svcStore.getPoliciesInCSV(policies, response);
-
+
+ RangerExportPolicyList rangerExportPolicyList = new RangerExportPolicyList();
+ svcStore.putMetaDataInfo(rangerExportPolicyList);
+ String metaDataInfo = new ObjectMapper().writeValueAsString(rangerExportPolicyList.getMetaDataInfo());
+
+ List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>();
+ XXTrxLog xxTrxLog = new XXTrxLog();
+ xxTrxLog.setAction("EXPORT CSV");
+ xxTrxLog.setPreviousValue(metaDataInfo);
+ trxLogList.add(xxTrxLog);
+ bizUtil.createTrxLog(trxLogList);
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("Error while downloading policy report", excp);
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+ }
+ @GET
+ @Path("/policies/exportJson")
+ @Produces("text/json")
+ public void getPoliciesInJson(@Context HttpServletRequest request,
+ @Context HttpServletResponse response) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getPoliciesInJson()");
+ }
+ RangerPerfTracer perf = null;
+ SearchFilter filter = searchUtil.getSearchFilter(request,policyService.sortFields);
+
+ try {
+ if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
+ perf = RangerPerfTracer.getPerfTracer(PERF_LOG,"ServiceREST.getPoliciesInJson()");
+ }
+
+ List<RangerPolicy> policyLists = new ArrayList<RangerPolicy>();
+
+ policyLists = getAllFilteredPolicyList(filter, request, policyLists);
+ if (CollectionUtils.isNotEmpty(policyLists)) {
+ svcStore.getPoliciesInJson(policyLists, response);
+ } else {
+ LOG.error("There is no Policy to Export!!");
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NO_CONTENT, "There is no Policy to Export!!", true);
+ }
+
+ RangerExportPolicyList rangerExportPolicyList = new RangerExportPolicyList();
+ svcStore.putMetaDataInfo(rangerExportPolicyList);
+ String metaDataInfo = new ObjectMapper().writeValueAsString(rangerExportPolicyList.getMetaDataInfo());
+
+ List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>();
+ XXTrxLog xxTrxLog = new XXTrxLog();
+ xxTrxLog.setAction("EXPORT JSON");
+ xxTrxLog.setPreviousValue(metaDataInfo);
+ trxLogList.add(xxTrxLog);
+ bizUtil.createTrxLog(trxLogList);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("Error while exporting policy file!!", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
}
+
+ @POST
+ @Path("/policies/importPoliciesFromFile")
+ @Consumes({MediaType.MULTIPART_FORM_DATA, MediaType.APPLICATION_JSON})
+ @Produces({ "application/json", "application/xml" })
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAdminOrKeyAdminRole()")
+ public void importPoliciesFromFile(
+ @Context HttpServletRequest request,
+ @FormDataParam("servicesMapJson") InputStream serviceMapStream,
+ @FormDataParam("file") InputStream uploadedInputStream,
+ @FormDataParam("file") FormDataContentDisposition fileDetail,
+ @QueryParam("isOverride") Boolean isOverride) {
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.importPoliciesFromFile()");
+ }
+ RangerPerfTracer perf = null;
+ String metaDataInfo = null;
+ List<XXTrxLog> trxLogListError = new ArrayList<XXTrxLog>();
+ XXTrxLog xxTrxLogError = new XXTrxLog();
+
+ try {
+ if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
+ perf = RangerPerfTracer.getPerfTracer(PERF_LOG,"ServiceREST.importPoliciesFromFile()");
+ }
+
+ List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>();
+ XXTrxLog xxTrxLog = new XXTrxLog();
+ xxTrxLog.setAction("IMPORT START");
+ trxLogList.add(xxTrxLog);
+ bizUtil.createTrxLog(trxLogList);
+
+ if (isOverride == null){
+ isOverride = false;
+ }
+ List<String> serviceNameList = new ArrayList<String>();
+ String serviceType = null;
+ List<String> serviceTypeList = null;
+ SearchFilter filter = searchUtil.getSearchFilter(request,policyService.sortFields);
+ if (StringUtils.isNotEmpty(request.getParameter("serviceType"))){
+ serviceType = request.getParameter("serviceType");
+ }
+ if(StringUtils.isNotEmpty(serviceType)){
+ serviceTypeList = new ArrayList<String>(Arrays.asList(serviceType.split(",")));
+ }
+ List<RangerService> rangerServiceList = null;
+ List<RangerService> rangerServiceLists = new ArrayList<RangerService>();
+ if (CollectionUtils.isNotEmpty(serviceTypeList)){
+ for (String s : serviceTypeList) {
+ filter.removeParam("serviceType");
+ filter.setParam("serviceType", s.trim());
+ rangerServiceList = getServices(filter);
+ rangerServiceLists.addAll(rangerServiceList);
+ }
+ }
+ if(!CollectionUtils.sizeIsEmpty(rangerServiceLists)){
+ for(RangerService rService : rangerServiceLists){
+ if (StringUtils.isNotEmpty(rService.getName())){
+ serviceNameList.add(rService.getName());
+ }
+ }
+ }
+ Map<String, String> servicesMappingMap = new LinkedHashMap<String, String>();
+ List<String> sourceServices = new ArrayList<String>();
+ List<String> destinationServices = new ArrayList<String>();
+ if (serviceMapStream != null){
+ servicesMappingMap = svcStore.getServiceMap(serviceMapStream);
+ }
+ if(!CollectionUtils.sizeIsEmpty(servicesMappingMap)){
+ for (Entry<String, String> map : servicesMappingMap.entrySet()) {
+ String sourceServiceName = map.getKey().trim();
+ String destinationServiceName = map.getValue().trim();
+ if (StringUtils.isNotEmpty(sourceServiceName)
+ && StringUtils.isNotEmpty(destinationServiceName)) {
+ sourceServices.add(sourceServiceName);
+ destinationServices.add(destinationServiceName);
+ }
+ }
+ }
+
+ String fileName = fileDetail.getFileName();
+ int totalPolicyCreate = 0;
+ Map<String, RangerPolicy> policiesMap = new LinkedHashMap<String, RangerPolicy>();
+ List<String> dataFileSourceServices = new ArrayList<String>();
+ if (fileName.endsWith("json")) {
+ try {
+ RangerExportPolicyList rangerExportPolicyList = null;
+ String policiesString = IOUtils.toString(uploadedInputStream);
+ if (StringUtils.isNotEmpty(policiesString)){
+ rangerExportPolicyList = new ObjectMapper().readValue(policiesString, RangerExportPolicyList.class);
+ }
+ metaDataInfo = new ObjectMapper().writeValueAsString(rangerExportPolicyList.getMetaDataInfo());
+ List<RangerPolicy> policies = rangerExportPolicyList.getPolicies();
+ if (CollectionUtils.sizeIsEmpty(servicesMappingMap) && isOverride){
+ if(!CollectionUtils.sizeIsEmpty(policies)){
+ for (RangerPolicy policyInJson: policies){
+ if (policyInJson != null) {
+ if (CollectionUtils.isNotEmpty(serviceNameList) && serviceNameList.contains(policyInJson.getService())) {
+ sourceServices.add(policyInJson.getService());
+ destinationServices.add(policyInJson.getService());
+ }else if (CollectionUtils.isEmpty(serviceNameList)){
+ sourceServices.add(policyInJson.getService());
+ destinationServices.add(policyInJson.getService());
+ }
+ }
+ }
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Deleting Policy from provided services in Json file...");
+ }
+ deletePoliciesProvidedInServiceMap(sourceServices,
+ destinationServices, null);
+ }else if (!CollectionUtils.sizeIsEmpty(servicesMappingMap) && isOverride) {
+ if (!CollectionUtils.sizeIsEmpty(policies)){
+ for (RangerPolicy policyInJson: policies){
+ if (policyInJson != null){
+ dataFileSourceServices.add(policyInJson.getService());
+ }
+ }
+ if(!dataFileSourceServices.containsAll(sourceServices)){
+ LOG.error("Json File does not contain sepcified source service name.");
+ throw restErrorUtil.createRESTException("Json File does not contain sepcified source service name.");
+ }
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Deleting Policy from provided services in servicesMapJson file...");
+ }
+ deletePoliciesProvidedInServiceMap(sourceServices,
+ destinationServices, null);
+ }
+ if (!CollectionUtils.sizeIsEmpty(policies)){
+ for (RangerPolicy policyInJson: policies){
+ policiesMap = updatePolicyMap(servicesMappingMap, sourceServices, destinationServices, policyInJson, policiesMap);
+ }
+ }
+ if (!CollectionUtils.sizeIsEmpty(policiesMap.entrySet())) {
+ for (Entry<String, RangerPolicy> entry : policiesMap.entrySet()) {
+ RangerPolicy policy = entry.getValue();
+ if (policy != null){
+ if (!CollectionUtils.isEmpty(serviceNameList)) {
+ for (String service : serviceNameList) {
+ if (policy.getService().equalsIgnoreCase(StringUtils.trim(service))) {
+ createPolicy(policy, null);
+ totalPolicyCreate = totalPolicyCreate + 1;
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Policy " + policy.getName() + " created successfully.");
+ }
+ }
+ }
+ }else{
+ createPolicy(policy, null);
+ totalPolicyCreate = totalPolicyCreate + 1;
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Policy " + policy.getName() + " created successfully.");
+ }
+ }
+ }
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Total Policy Created From Json file : " + totalPolicyCreate);
+ }
+ }
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }else{
+ LOG.error("Provided file format is not supported!!");
+ throw restErrorUtil.createRESTException("Provided file format is not supported!!");
+ }
+ } catch (WebApplicationException excp) {
+ LOG.error("Error while importing policy from file!!", excp);
+ xxTrxLogError.setAction("IMPORT ERROR");
+ if(StringUtils.isNotEmpty(metaDataInfo)){
+ xxTrxLogError.setPreviousValue(metaDataInfo);
+ }
+ trxLogListError.add(xxTrxLogError);
+ bizUtil.createTrxLog(trxLogListError);
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("Error while importing policy from file!!", excp);
+ xxTrxLogError.setAction("IMPORT ERROR");
+ if(StringUtils.isNotEmpty(metaDataInfo)){
+ xxTrxLogError.setPreviousValue(metaDataInfo);
+ }
+ trxLogListError.add(xxTrxLogError);
+ bizUtil.createTrxLog(trxLogListError);
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ List<XXTrxLog> trxLogListEnd = new ArrayList<XXTrxLog>();
+ XXTrxLog xxTrxLogEnd = new XXTrxLog();
+ xxTrxLogEnd.setAction("IMPORT END");
+ if(StringUtils.isNotEmpty(metaDataInfo)){
+ xxTrxLogEnd.setPreviousValue(metaDataInfo);
+ }
+ trxLogListEnd.add(xxTrxLogEnd);
+ bizUtil.createTrxLog(trxLogListEnd);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.importPoliciesFromFile()");
+ }
+ }
+ }
+
+ private List<RangerPolicy> getAllFilteredPolicyList(SearchFilter filter,
+ HttpServletRequest request, List<RangerPolicy> policyLists) {
+ String serviceNames = null;
+ String serviceType = null;
+ List<String> serviceNameList = null;
+ List<String> serviceTypeList = null;
+ List<String> serviceNameInServiceTypeList = new ArrayList<String>();
+ boolean isServiceExists = false;
+
+ if (request.getParameter("serviceName") != null){
+ serviceNames = request.getParameter("serviceName");
+ }
+ if (StringUtils.isNotEmpty(serviceNames)) {
+ serviceNameList = new ArrayList<String>(Arrays.asList(serviceNames.split(",")));
+ }
+
+ if (request.getParameter("serviceType") != null){
+ serviceType = request.getParameter("serviceType");
+ }
+ if(StringUtils.isNotEmpty(serviceType)){
+ serviceTypeList = new ArrayList<String>(Arrays.asList(serviceType.split(",")));
+ }
+
+ List<RangerPolicy> policyList = new ArrayList<RangerPolicy>();
+ List<RangerPolicy> policyListByServiceName = new ArrayList<RangerPolicy>();
+
+ if (filter != null) {
+ filter.setStartIndex(0);
+ filter.setMaxRows(Integer.MAX_VALUE);
+
+ if (!CollectionUtils.isEmpty(serviceTypeList)) {
+ for (String s : serviceTypeList) {
+ filter.removeParam("serviceType");
+ if (request.getParameter("serviceName") != null){
+ filter.removeParam("serviceName");
+ }
+ filter.setParam("serviceType", s.trim());
+ policyList = getPolicies(filter);
+ policyLists.addAll(policyList);
+ }
+ if(!CollectionUtils.sizeIsEmpty(policyLists)){
+ for (RangerPolicy rangerPolicy:policyLists){
+ if (StringUtils.isNotEmpty(rangerPolicy.getService())){
+ serviceNameInServiceTypeList.add(rangerPolicy.getService());
+ }
+ }
+ }
+ }
+ if (!CollectionUtils.isEmpty(serviceNameList) && !CollectionUtils.isEmpty(serviceTypeList)){
+ isServiceExists = serviceNameInServiceTypeList.containsAll(serviceNameList);
+ if(isServiceExists){
+ for (String s : serviceNameList) {
+ filter.removeParam("serviceName");
+ filter.removeParam("serviceType");
+ filter.setParam("serviceName", s.trim());
+ policyList = getPolicies(filter);
+ policyListByServiceName.addAll(policyList);
+ }
+ policyLists = policyListByServiceName;
+ }else{
+ policyLists = new ArrayList<RangerPolicy>();
+ }
+ }else if (CollectionUtils.isEmpty(serviceNameList) && CollectionUtils.isEmpty(serviceTypeList)){
+ policyLists = getPolicies(filter);
+ }
+ if (!CollectionUtils.isEmpty(serviceNameList) && CollectionUtils.isEmpty(serviceTypeList)) {
+ for (String s : serviceNameList) {
+ filter.removeParam("serviceName");
+ filter.setParam("serviceName", s.trim());
+ policyList = getPolicies(filter);
+ policyLists.addAll(policyList);
+ }
+ }
+ }
+ Map<Long, RangerPolicy> orderedPolicies = new TreeMap<Long, RangerPolicy>();
+
+ if (!CollectionUtils.isEmpty(policyLists)) {
+ for (RangerPolicy policy : policyLists) {
+ if (policy != null) {
+ orderedPolicies.put(policy.getId(), policy);
+ }
+ }
+ if (orderedPolicies.size() > 0) {
+ policyLists.clear();
+ policyLists.addAll(orderedPolicies.values());
+ }
+ }
+ return policyLists;
+ }
+
+ private void deletePoliciesProvidedInServiceMap(
+ List<String> sourceServices, List<String> destinationServices,
+ HttpServletRequest request) {
+ int totalDeletedPilicies = 0;
+ if (CollectionUtils.isNotEmpty(sourceServices)
+ && CollectionUtils.isNotEmpty(destinationServices)) {
+ for (int i = 0; i < sourceServices.size(); i++) {
+ if (!destinationServices.get(i).isEmpty()) {
+ RangerPolicyList servicePolicies = null;
+ servicePolicies = getServicePoliciesByName(destinationServices.get(i), request);
+ if (servicePolicies != null) {
+ List<RangerPolicy> rangerPolicyList = servicePolicies.getPolicies();
+ if (CollectionUtils.isNotEmpty(rangerPolicyList)) {
+ for (RangerPolicy rangerPolicy : rangerPolicyList) {
+ if (rangerPolicy != null) {
+ deletePolicy(rangerPolicy.getId());
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Policy " + rangerPolicy.getName() + " deleted successfully." );
+ }
+ totalDeletedPilicies = totalDeletedPilicies + 1;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Total Deleted Policy : " + totalDeletedPilicies);
+ }
+ }
+
+ private Map<String, RangerPolicy> updatePolicyMap(
+ Map<String, String> servicesMappingMap,
+ List<String> sourceServices, List<String> destinationServices,
+ RangerPolicy policy, Map<String, RangerPolicy> policiesMap) {
+ if (!CollectionUtils.sizeIsEmpty(servicesMappingMap)) {
+ if (sourceServices.contains(policy.getService())) {
+ int index = sourceServices.indexOf(policy.getService());
+ policy.setService(destinationServices.get(index));
+ policiesMap.put(policy.getName() + " " + policy.getService(), policy);
+ }
+ } else if (CollectionUtils.sizeIsEmpty(servicesMappingMap)) {
+ policiesMap.put(policy.getName() + " " + policy.getService(), policy);
+ }
+ return policiesMap;
+ }
public List<RangerPolicy> getPolicies(SearchFilter filter) {
if(LOG.isDebugEnabled()) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java b/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
index 97f573a..6951cbd 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
@@ -102,4 +102,12 @@ public class RangerPreAuthSecurityHandler {
}
throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not allowed to access the API", true);
}
+
+ public boolean isAdminOrKeyAdminRole(){
+ UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+ if (userSession != null && (userSession.isKeyAdmin() || userSession.isUserAdmin())) {
+ return true;
+ }
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_UNAUTHORIZED, "User is not allowed to access the API", true);
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/java/org/apache/ranger/view/RangerExportPolicyList.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/RangerExportPolicyList.java b/security-admin/src/main/java/org/apache/ranger/view/RangerExportPolicyList.java
new file mode 100644
index 0000000..7b40c36
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/RangerExportPolicyList.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.view;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class RangerExportPolicyList extends RangerPolicyList implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ Map<String, Object> metaDataInfo = new LinkedHashMap<String, Object>();
+
+ public Map<String, Object> getMetaDataInfo() {
+ return metaDataInfo;
+ }
+
+ public void setMetaDataInfo(Map<String, Object> metaDataInfo) {
+ this.metaDataInfo = metaDataInfo;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/webapp/scripts/collection_bases/VXTrxLogListBase.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/collection_bases/VXTrxLogListBase.js b/security-admin/src/main/webapp/scripts/collection_bases/VXTrxLogListBase.js
index 4c0bd21..8e24b71 100644
--- a/security-admin/src/main/webapp/scripts/collection_bases/VXTrxLogListBase.js
+++ b/security-admin/src/main/webapp/scripts/collection_bases/VXTrxLogListBase.js
@@ -52,6 +52,9 @@ define(function(require){
}, options);
return this.constructor.nonCrudOperation.call(this, url, 'GET', options);
+ },
+ comparator : function(model) {
+ return -model.get("id");
}
},{
// static class members
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index 37821fe..3d2612b 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -384,9 +384,12 @@ define(function(require) {
addSelectedUserGroup : 'Please add selected user/group to permissions else user/group will not be added.',
maskingPolicyInfoMsg : 'Please ensure that users/groups listed in this policy have access to the column via an <b>Access Policy</b>. This policy does not implicitly grant access to the column.',
rowFilterPolicyInfoMsg : 'Please ensure that users/groups listed in this policy have access to the table via an <b>Access Policy</b>. This policy does not implicitly grant access to the table.',
- udfPolicyViolation : '<b> Warning !!</b> : UDF create is a privileged operation. Please make sure you grant them to only trusted users.'
-
-
+ udfPolicyViolation : '<b> Warning !!</b> : UDF create is a privileged operation. Please make sure you grant them to only trusted users.',
+ noServiceToExport :'No service found to export policies.',
+ noServiceToImport :'No service found to import policies.',
+ noPolicytoExport :'No policies found to export!',
+ importingFiles :'Importing policies from file is started...'
+
},
plcHldr : {
search :'Search',
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/webapp/scripts/utils/XAUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 11849ad..ee401ee 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -390,7 +390,13 @@ define(function(require) {
bootbox.alert(params.msg, params.callback);
}
};
-
+
+ //Alert box with time set
+ XAUtils.alertBoxWithTimeSet = function(msg) {
+ var alert = bootbox.alert(msg);
+ return(setTimeout(function(){alert.modal('hide'); }, 4000));
+ }
+
/**
* Bootbox wrapper for confirm
*
@@ -398,6 +404,7 @@ define(function(require) {
* params - The params
*/
XAUtils.confirmPopup = function(params) {
+ bootbox.hideAll();
bootbox.confirm(params.msg, function(result) {
if (result) {
params.callback();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/webapp/scripts/views/DownloadServicePolicy.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/DownloadServicePolicy.js b/security-admin/src/main/webapp/scripts/views/DownloadServicePolicy.js
new file mode 100644
index 0000000..4532612
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/views/DownloadServicePolicy.js
@@ -0,0 +1,138 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var Backbone = require('backbone');
+ var App = require('App');
+ var XAUtil = require('utils/XAUtils');
+ var XAEnums = require('utils/XAEnums');
+ var XALinks = require('modules/XALinks');
+ var DownloadservicepolicyTmpl = require('hbs!tmpl/common/downloadservicepolicy_tmpl');
+ var RangerPolicyList = require('collections/RangerPolicyList');
+ var localization = require('utils/XALangSupport');
+
+ var DownloadServicePolicy = Backbone.Marionette.ItemView.extend({
+ template : DownloadservicepolicyTmpl,
+
+ initialize: function(options) {
+ console.log("initialized a DownloadServicePolicy Layout");
+ _.extend(this, _.pick(options, 'collection','serviceNames','serviceDefList','serviceType','services'));
+ var componentServices = this.services.where({'type' : this.serviceType });
+ this.serviceNames = componentServices.map(function(m){ return { 'name' : m.get('name') } })
+ this.bind("ok", this.okClicked);
+ },
+ ui:{
+ 'downloadReport' : '[data-id="downloadReport"]',
+ 'selectService' : '[data-id="selectService"]',
+ 'servicesName' : '[data-id="servicesName"]',
+ 'componentTypeSelected' : '[data-id="componentTypeSelected"]'
+ },
+ events: function() {
+ },
+
+ okClicked: function (modal) {
+ var that = this, el = $(modal.currentTarget),
+ urls ='/service/plugins/policies/exportJson'
+ serviceName = this.ui.servicesName.val()
+ if (_.isEmpty(this.ui.componentTypeSelected.val())){
+ this.$el.find('.serviceValidationFile').show();
+ }
+ if(_.isEmpty(serviceName)){
+ this.$el.find('.validateFile').show();
+ if(!_.isEmpty(this.ui.componentTypeSelected.val())){
+ this.$el.find('.serviceValidationFile').hide();
+ }
+ return modal.preventClose();
+ }
+ var urlString = XAUtil.getBaseUrl();
+ if(urlString.slice(-1) == "/") {
+ urlString = urlString.slice(0,-1);
+ };
+ XAUtil.blockUI();
+ $.ajax({
+ type: "GET",
+ url:urlString +urls+ '?serviceName='+serviceName ,
+ success:function(data,status,response){
+ XAUtil.blockUI('unblock');
+ if(response.status == 200 || response.statusText == "ok"){
+ that.ui.downloadReport.attr("href", urlString + urls+ '?serviceName='+serviceName )[0].click();
+ }else{
+ XAUtil.alertBoxWithTimeSet(localization.tt('msg.noPolicytoExport'))
+ }
+
+ },
+ });
+ },
+ onRender: function() {
+ this.serviceSelect();
+ if(_.isUndefined(this.serviceType)){
+ this.$el.find('.seviceFiled').show();
+ this.renderComponentSelect()
+ }else{
+ this.$el.find('.seviceFiled').hide();
+ }
+ },
+ renderComponentSelect: function(){
+ var that = this;
+ var options = this.serviceDefList.map(function(m){ return { 'id' : m.get('name'), 'text' : m.get('name')}; });
+ var componentTyp = options.map(function(m){return m.text})
+ this.ui.componentTypeSelected.val(componentTyp);
+ this.ui.componentTypeSelected.select2({
+ multiple: true,
+ closeOnSelect: true,
+ placeholder: 'Select Component',
+ //maximumSelectionSize : 1,
+ width: '530px',
+ allowClear: true,
+ data: options
+ }).on('change', function(e){
+ console.log(e);
+ var selectedComp = e.currentTarget.value, componentServices = [];
+ _.each(selectedComp.split(","), function(type){
+ that.serviceNam = that.services.where({'type' : type });
+ componentServices = componentServices.concat(that.serviceNam);
+ });
+ var names = componentServices.map(function(m){ return { 'name' : m.get('name') } });
+ that.serviceNames = names;
+ that.collection.trigger('reset')
+ that.serviceSelect(that.serviceNam)
+ }).trigger('change');
+
+ },
+ serviceSelect :function(e){
+ var options =this.serviceNames.map(function(m){ return { 'id' : m.name, 'text' : m.name}; });
+ var serviceTyp = options.map(function(m){return m.text})
+ this.ui.servicesName.val(serviceTyp);
+ this.ui.servicesName.select2({
+ multiple: true,
+ closeOnSelect: true,
+ placeholder: 'Select Service Name',
+ //maximumSelectionSize : 1,
+ width: '530px',
+ allowClear: true,
+ data: options
+ })
+ }
+
+ });
+ return DownloadServicePolicy;
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a99e377d/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js b/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js
new file mode 100644
index 0000000..dcf038e
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js
@@ -0,0 +1,266 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+define(function(require){
+ 'use strict';
+
+ var Backbone = require('backbone');
+ var App = require('App');
+ var XAUtil = require('utils/XAUtils');
+ var XAEnums = require('utils/XAEnums');
+ var XALinks = require('modules/XALinks');
+ var UploadservicepolicyTmpl = require('hbs!tmpl/common/uploadservicepolicy_tmpl');
+
+ var ServiceMappingItem = Backbone.Marionette.ItemView.extend({
+ _msvName : 'ServiceMappingItem',
+ template : require('hbs!tmpl/common/ServiceMappingItem'),
+ ui : {
+ sourceInput : 'input[data-id="source"]',
+ destinationSelect : '[data-id="destination"]',
+ deleteMap : 'a[data-id="delete"]',
+ 'overrridCheck' : 'input[data-name="override"]:checked',
+ },
+ events : function(){
+ var events = {};
+ events['change ' + this.ui.sourceInput] = 'onSourceChange';
+ events['change ' + this.ui.destinationSelect] = 'onDestinationSelect';
+ events['click ' + this.ui.deleteMap] = 'onDeleteMapClick';
+ return events;
+ },
+
+ initialize : function(options) {
+ _.extend(this, _.pick(options, 'collection','serviceNames'));
+
+ },
+ onSourceChange : function(e){
+ this.model.set('source', _.isEmpty(e.currentTarget.value) ? undefined : e.currentTarget.value);
+ },
+ onDestinationSelect : function(e) {
+ this.model.set('destination', _.isEmpty(e.currentTarget.value) ? undefined : e.currentTarget.value);
+
+ },
+ onDeleteMapClick : function(){
+ this.collection.remove(this.model)
+ },
+
+ onRender : function() {
+ var options = _.map(this.serviceNames, function(m, key){ return { 'id' : m.name, 'text' : m.name}; });
+ this.ui.destinationSelect.select2({
+ closeOnSelect: true,
+ placeholder: 'Select service name',
+ width: '220px',
+ allowClear: true,
+ data:options,
+ });
+ }
+ });
+
+ var UploadServicePolicy = Backbone.Marionette.CompositeView.extend({
+
+ template : UploadservicepolicyTmpl,
+ templateHelpers : function(){
+ return { 'serviceType' : this.serviceType };
+ },
+ getItemView : function(item){
+ if(!item){
+ return;
+ }
+ return ServiceMappingItem;
+ },
+ itemViewContainer : ".js-serviceMappingItems",
+ itemViewOptions : function() {
+ return {
+ 'collection' : this.collection,
+ 'serviceNames' : this.serviceNames,
+ };
+ },
+ initialize: function(options) {
+ this.bind("ok", this.okClicked);
+ _.extend(this, _.pick(options, 'collection','serviceNames','serviceDefList','serviceType','services'));
+ this.componentServices = this.services.where({'type' : this.serviceType })
+ this.serviceNames =this.componentServices.map(function(m){ return { 'name' : m.get('name') } });
+ },
+ ui:{
+ 'importFilePolicy' : '[data-id="uploadPolicyFile"]',
+ 'addServiceMaping' : '[data-id="addServiceMaping"]',
+ 'componentType' : '[data-id="componentType"]',
+ 'fileNameClosebtn' : '[data-id="fileNameClosebtn"]'
+ },
+ events: function() {
+ var events = {};
+ events['change ' + this.ui.importFilePolicy] = 'importPolicy';
+ events['click ' + this.ui.addServiceMaping] = 'onAddClick';
+ events['click ' + this.ui.fileNameClosebtn] = 'fileNameClosebtn';
+ return events;
+ },
+ okClicked: function (modal) {
+ if( _.isUndefined(this.targetFileObj) || (_.isEmpty(this.ui.componentType.val()) && this.ui.componentType.is(":visible"))){
+ if(_.isUndefined(this.targetFileObj)){
+ this.$el.find('.selectFileValidationMsg').show();
+ }else{
+ this.$el.find('.selectFileValidationMsg').hide();
+ }
+ if (_.isEmpty(this.ui.componentType.val())){
+ this.$el.find('.seviceFiledValidationFile').show();
+ }else{
+ this.$el.find('.seviceFiledValidationFile').hide();
+ }
+ return modal.preventClose();
+ }
+ var that = this, serviceMapping = {}, fileObj = this.targetFileObj, preventModal = false , url ="";
+ if(this.$el.find('input[data-name="override"]').is(':checked')){
+ url = "service/plugins/policies/importPoliciesFromFile?isOverride=true";
+ }else{
+ url = "service/plugins/policies/importPoliciesFromFile?isOverride=false";
+ }
+ this.collection.each(function(m){
+ if( m.get('source') !== undefined && m.get('destination') == undefined
+ || m.get('source') == undefined && m.get('destination') !== undefined ){
+ that.$el.find('.serviceMapErrorMsg').show();
+ that.$el.find('.serviceMapTextError').hide();
+ preventModal = true;
+ }
+ if(!_.isUndefined(m.get('source'))){
+ serviceMapping[m.get('source')] = m.get('destination')
+ }
+ });
+ if(preventModal){
+ modal.preventClose();
+ return;
+ }
+ if(this.collection.length>1){
+ that.collection.models.some(function(m){
+ if (!_.isEmpty(m.attributes)) {
+ if (m.has('source') && m.get('source') != '') {
+ var model = that.collection.where({
+ 'source': m.get('source')
+ });
+ if (model.length > 1) {
+ that.$el.find('.serviceMapTextError').show();
+ that.$el.find('.serviceMapErrorMsg').hide();
+ preventModal = true;
+ return true;
+ }
+ }
+ }
+ })
+ }
+ if(preventModal){
+ modal.preventClose();
+ return;
+ }
+ this.formData = new FormData();
+ this.formData.append('file', fileObj);
+ if(!_.isEmpty(serviceMapping)){
+ this.formData.append('servicesMapJson', new Blob([JSON.stringify(serviceMapping)],{type:'application/json'}));
+ }
+ var compString = ''
+ if(!_.isUndefined(that.serviceType)){
+ compString=that.serviceType
+ }else{
+ compString = this.ui.componentType.val()
+ }
+ XAUtil.blockUI();
+ $.ajax({
+ type: 'POST',
+ url: url+"&serviceType="+compString,
+ enctype: 'multipart/form-data',
+ data: this.formData,
+ cache: false,
+ dataType:'Json',
+ contentType: false,
+ processData: false,
+ success: function () {
+ XAUtil.blockUI('unblock');
+ var msg = 'File import successfully.' ;
+ XAUtil.notifySuccess('Success', msg);
+
+ },
+ error : function(response,model){
+ XAUtil.blockUI('unblock');
+ if ( response && response.responseJSON && response.responseJSON.msgDesc){
+ XAUtil.notifyError('Error', response.responseJSON.msgDesc);
+ } else {
+ XAUtil.notifyError('Error', 'File import failed.');
+ }
+ }
+ });
+ },
+ onAddClick : function(){
+ this.collection.add(new Backbone.Model());
+ },
+ onRender: function() {
+ this.$el.find('.fileValidation').hide();
+ this.$el.find('.selectFileValidationMsg').hide();
+ if(this.serviceType==undefined){
+ this.$el.find('.seviceFiled').show();
+ this.renderComponentSelect();
+ }else{
+ this.$el.find('.seviceFiled').hide();
+ }
+ },
+ /* add 'component' and 'policy type' select */
+ renderComponentSelect: function(){
+ var that = this;
+ var options = this.serviceDefList.map(function(m){ return { 'id' : m.get('name'), 'text' : m.get('name')}; });
+ var optionVal = options.map(function(m){return m.text})
+ this.ui.componentType.val(optionVal);
+ this.ui.componentType.select2({
+ multiple: true,
+ closeOnSelect: true,
+ placeholder: 'Select Component',
+ width: '530px',
+ allowClear: true,
+ data: options
+ }).on('change', function(e){
+ var selectedComp = e.currentTarget.value, componentServices = [];
+ _.each(selectedComp.split(","), function(type){
+ var services = that.services.where({'type' : type });
+ componentServices = componentServices.concat(services);
+ });
+ var names = componentServices.map(function(m){ return { 'name' : m.get('name') } });
+ that.serviceNames = names;
+ that.collection.trigger('reset')
+ }).trigger('change');
+ },
+ importPolicy : function(e){
+ var that =this;
+ console.log("uploading....");
+ this.$el.find('.selectFile').hide();
+ this.$el.find('.selectFileValidationMsg').hide();
+ this.$el.find('.fileValidation').hide();
+ this.targetFileObj = e.target.files[0];
+ if(!_.isUndefined(this.targetFileObj)){
+ this.$el.find('.selectFile').html('<i>'+this.targetFileObj.name+'</i><label class="icon icon-remove icon-1x icon-remove-btn" data-id="fileNameClosebtn"></label>').show()
+ }else{
+ this.$el.find('.selectFile').html("No file chosen").show();
+ }
+ },
+ fileNameClosebtn : function(){
+ this.$el.find('.selectFile').hide()
+ this.$el.find('.selectFile').html("No file chosen").show()
+ this.$el.find('.fileValidation').hide();
+ this.$el.find('.selectFileValidationMsg').hide();
+ this.targetFileObj = undefined;
+ this.ui.importFilePolicy.val('');
+ }
+
+ });
+ return UploadServicePolicy;
+});