You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2019/02/18 07:54:57 UTC
[ranger] branch master updated: RANGER-2333: Logs does not get
generated for Zone Description field available on Security Zone page.
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 3f82ca4 RANGER-2333: Logs does not get generated for Zone Description field available on Security Zone page.
3f82ca4 is described below
commit 3f82ca40e5e2830e06cae690984fb09fce311ffc
Author: Pradeep <pr...@apache.org>
AuthorDate: Thu Feb 7 20:51:59 2019 +0530
RANGER-2333: Logs does not get generated for Zone Description field available on Security Zone page.
---
.../ranger/plugin/model/RangerSecurityZone.java | 15 +-
.../validation/RangerSecurityZoneValidator.java | 48 ++--
.../RangerSecurityZoneValidatorTest.java | 1 +
.../optimized/current/ranger_core_db_mysql.sql | 1 +
.../patches/037-create-security-zone-schema.sql | 1 +
.../optimized/current/ranger_core_db_oracle.sql | 1 +
.../patches/037-create-security-zone-schema.sql | 25 +++
.../optimized/current/ranger_core_db_postgres.sql | 1 +
.../patches/037-create-security-zone-schema.sql | 27 +--
.../current/ranger_core_db_sqlanywhere.sql | 1 +
.../patches/037-create-security-zone-schema.sql | 1 +
.../optimized/current/ranger_core_db_sqlserver.sql | 7 +-
.../patches/037-create-security-zone-schema.sql | 13 +-
.../java/org/apache/ranger/biz/RangerBizUtil.java | 26 +++
.../main/java/org/apache/ranger/biz/XUserMgr.java | 36 +--
.../apache/ranger/entity/XXSecurityZoneBase.java | 7 +
...ssignSecurityZonePersmissionToAdmin_J10026.java | 246 ++++++++++++++-------
.../org/apache/ranger/rest/SecurityZoneREST.java | 50 ++++-
.../ranger/service/RangerSecurityZoneService.java | 1 +
.../service/RangerSecurityZoneServiceBase.java | 2 +
.../apache/ranger/rest/TestSecurityZoneREST.java | 6 +
21 files changed, 374 insertions(+), 142 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
index 9eaf102..547e2d2 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
@@ -44,18 +44,20 @@ public class RangerSecurityZone extends RangerBaseModelObject implements java.io
private List<String> adminUserGroups;
private List<String> auditUsers;
private List<String> auditUserGroups;
+ private String description;
public RangerSecurityZone() {
- this(null, null, null, null, null, null);
+ this(null, null, null, null, null, null, null);
}
- public RangerSecurityZone(String name, Map<String, RangerSecurityZoneService> services, List<String> adminUsers, List<String> adminUserGroups, List<String> auditUsers, List<String> auditUserGroups) {
+ public RangerSecurityZone(String name, Map<String, RangerSecurityZoneService> services, List<String> adminUsers, List<String> adminUserGroups, List<String> auditUsers, List<String> auditUserGroups, String description) {
setName(name);
setServices(services);
setAdminUsers(adminUsers);
setAdminUserGroups(adminUserGroups);
setAuditUsers(auditUsers);
setAuditUserGroups(auditUserGroups);
+ setDescription(description);
}
public String getName() { return name; }
@@ -63,6 +65,12 @@ public class RangerSecurityZone extends RangerBaseModelObject implements java.io
this.name = name;
}
+ public String getDescription() { return description; }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
public Map<String, RangerSecurityZoneService> getServices() { return services; }
public void setServices(Map<String, RangerSecurityZoneService> services) {
@@ -101,7 +109,8 @@ public class RangerSecurityZone extends RangerBaseModelObject implements java.io
+ ", adminUserGroups=" + adminUserGroups
+ ", auditUsers=" + auditUsers
+ ", auditUserGroups=" + auditUserGroups
- + "}";
+ + ", description="+ description
+ +"}";
}
@JsonAutoDetect(fieldVisibility=JsonAutoDetect.Visibility.ANY)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java
index 4013707..0e3b8f4 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java
@@ -29,6 +29,7 @@ import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerSecurityZone;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher;
import org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher;
@@ -160,24 +161,21 @@ public class RangerSecurityZoneValidator extends RangerValidator {
RangerSecurityZone existingZone;
final String zoneName = securityZone.getName();
+ if (StringUtils.isEmpty(StringUtils.trim(zoneName))) {
+ ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_FIELD;
+
+ failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name was null/missing").field("name").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage("name")).build());
+ ret = false;
+ }
if (action == Action.CREATE) {
securityZone.setId(-1L);
+ existingZone = getSecurityZone(zoneName);
+ if (existingZone != null) {
+ ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_ZONE_NAME_CONFLICT;
- if (StringUtils.isEmpty(zoneName)) {
- ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_FIELD;
-
- failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name was null/missing").field("name").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage("name")).build());
+ failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name exists").field("name").errorCode(error.getErrorCode()).becauseOf(error.getMessage(existingZone.getId())).build());
ret = false;
- } else {
- existingZone = getSecurityZone(zoneName);
-
- if (existingZone != null) {
- ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_ZONE_NAME_CONFLICT;
-
- failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone name exists").field("name").errorCode(error.getErrorCode()).becauseOf(error.getMessage(existingZone.getId())).build());
- ret = false;
- }
}
} else {
Long zoneId = securityZone.getId();
@@ -188,7 +186,7 @@ public class RangerSecurityZoneValidator extends RangerValidator {
failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone with id does not exist").field("id").errorCode(error.getErrorCode()).becauseOf(error.getMessage(zoneId)).build());
ret = false;
- } else if (StringUtils.isNotEmpty(zoneName) && !StringUtils.equals(zoneName, existingZone.getName())) {
+ } else if (StringUtils.isNotEmpty(StringUtils.trim(zoneName)) && !StringUtils.equals(zoneName, existingZone.getName())) {
existingZone = getSecurityZone(zoneName);
if (existingZone != null) {
@@ -248,6 +246,28 @@ public class RangerSecurityZoneValidator extends RangerValidator {
failures.add(new ValidationFailureDetailsBuilder().field("security zone audit users/user-groups").isMissing().becauseOf(error.getMessage()).errorCode(error.getErrorCode()).build());
ret = false;
}
+
+ if (securityZone.getServices() != null) {
+ for (Map.Entry<String, RangerSecurityZoneService> serviceResouceMapEntry : securityZone.getServices()
+ .entrySet()) {
+ if (serviceResouceMapEntry.getValue().getResources() != null) {
+ for (Map<String, List<String>> resource : serviceResouceMapEntry.getValue().getResources()) {
+ if (resource != null) {
+ for (Map.Entry<String, List<String>> entry : resource.entrySet()) {
+ if (CollectionUtils.isEmpty(entry.getValue())) {
+ ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_RESOURCES;
+ failures.add(new ValidationFailureDetailsBuilder().field("security zone resources")
+ .subField("resources").isMissing()
+ .becauseOf(error.getMessage(serviceResouceMapEntry.getKey()))
+ .errorCode(error.getErrorCode()).build());
+ ret = false;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== RangerPolicyValidator.validateWithinSecurityZone(%s, %s, %s) : %s", securityZone, action, failures, ret));
}
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
index b16ccd6..fa167a7 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
@@ -450,6 +450,7 @@ public class RangerSecurityZoneValidatorTest {
rangerSecurityZone.setAuditUserGroups(aduitGrpUsers);
rangerSecurityZone.setName("MyZone");
rangerSecurityZone.setServices(map);
+ rangerSecurityZone.setDescription("MyZone");
return rangerSecurityZone;
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 71cfa8f..b46a481 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -559,6 +559,7 @@ CREATE TABLE IF NOT EXISTS `x_security_zone`(
`version` bigint(20) NULL DEFAULT NULL,
`name` varchar(255) NOT NULL,
`jsonData` MEDIUMTEXT NULL DEFAULT NULL,
+`description` varchar(1024) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `x_security_zone_UK_name`(`name`(190)),
CONSTRAINT `x_security_zone_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`),
diff --git a/security-admin/db/mysql/patches/037-create-security-zone-schema.sql b/security-admin/db/mysql/patches/037-create-security-zone-schema.sql
index 0df5491..aff9786 100644
--- a/security-admin/db/mysql/patches/037-create-security-zone-schema.sql
+++ b/security-admin/db/mysql/patches/037-create-security-zone-schema.sql
@@ -70,6 +70,7 @@ CREATE TABLE IF NOT EXISTS `x_security_zone`(
`version` bigint(20) NULL DEFAULT NULL,
`name` varchar(255) NOT NULL,
`jsonData` MEDIUMTEXT NULL DEFAULT NULL,
+`description` varchar(1024) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `x_security_zone_UK_name`(`name`(190)),
CONSTRAINT `x_security_zone_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`),
diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 6b569f2..35c70c7 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -640,6 +640,7 @@ upd_by_id NUMBER(20) DEFAULT NULL NULL,
version NUMBER(20) DEFAULT NULL NULL,
name varchar(255) NOT NULL,
jsonData CLOB DEFAULT NULL NULL,
+description VARCHAR(1024) DEFAULT NULL NULL,
primary key (id),
CONSTRAINT x_security_zone_UK_name UNIQUE(name),
CONSTRAINT x_security_zone_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
diff --git a/security-admin/db/oracle/patches/037-create-security-zone-schema.sql b/security-admin/db/oracle/patches/037-create-security-zone-schema.sql
index e71f3db..aae31dc 100644
--- a/security-admin/db/oracle/patches/037-create-security-zone-schema.sql
+++ b/security-admin/db/oracle/patches/037-create-security-zone-schema.sql
@@ -87,6 +87,7 @@ upd_by_id NUMBER(20) DEFAULT NULL NULL,
version NUMBER(20) DEFAULT NULL NULL,
name varchar(255) NOT NULL,
jsonData CLOB DEFAULT NULL NULL,
+description VARCHAR(1024) DEFAULT NULL NULL,
primary key (id),
CONSTRAINT x_security_zone_UK_name UNIQUE(name),
CONSTRAINT x_security_zone_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
@@ -190,6 +191,30 @@ Select count(*) into v_column_exists from user_tab_cols where column_name = uppe
end if;
end;/
+CREATE OR REPLACE FUNCTION getModulesIdByName(inputval IN VARCHAR2)
+RETURN NUMBER is
+BEGIN
+Declare
+myid Number := 0;
+begin
+ SELECT id into myid FROM x_modules_master
+ WHERE MODULE = inputval;
+ RETURN myid;
+end;
+END;/
+
+CREATE OR REPLACE FUNCTION getXportalUIdByLoginId(input_val IN VARCHAR2)
+RETURN NUMBER iS
+BEGIN
+DECLARE
+myid Number := 0;
+begin
+ SELECT x_portal_user.id into myid FROM x_portal_user
+ WHERE x_portal_user.login_id=input_val;
+ RETURN myid;
+end;
+END;/
+/
INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,sys_extract_utc(systimestamp),sys_extract_utc(systimestamp),getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),'Security Zone','');
INSERT INTO x_user_module_perm (id,user_id,module_id,create_time,update_time,added_by_id,upd_by_id,is_allowed) VALUES (X_USER_MODULE_PERM_SEQ.nextval,getXportalUIdByLoginId('admin'),getModulesIdByName('Security Zone'),sys_extract_utc(systimestamp),sys_extract_utc(systimestamp),getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),1);
INSERT INTO x_user_module_perm (id,user_id,module_id,create_time,update_time,added_by_id,upd_by_id,is_allowed) VALUES (X_USER_MODULE_PERM_SEQ.nextval,getXportalUIdByLoginId('rangerusersync'),getModulesIdByName('Security Zone'),sys_extract_utc(systimestamp),sys_extract_utc(systimestamp),getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),1);
diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index a4e93ca..dfa8c82 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -548,6 +548,7 @@ upd_by_id BIGINT DEFAULT NULL NULL,
version BIGINT DEFAULT NULL NULL,
name varchar(255) NOT NULL,
jsonData text DEFAULT NULL NULL,
+description VARCHAR(1024) DEFAULT NULL NULL,
primary key (id),
CONSTRAINT x_security_zone_UK_name UNIQUE (name),
CONSTRAINT x_security_zone_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
diff --git a/security-admin/db/postgres/patches/037-create-security-zone-schema.sql b/security-admin/db/postgres/patches/037-create-security-zone-schema.sql
index e81da80..4a94d26 100644
--- a/security-admin/db/postgres/patches/037-create-security-zone-schema.sql
+++ b/security-admin/db/postgres/patches/037-create-security-zone-schema.sql
@@ -13,7 +13,19 @@
-- See the License for the specific language governing permissions and
-- limitations under the License.
--- function add_zone_x_policy_export_audit
+CREATE OR REPLACE FUNCTION getXportalUIdByLoginId(input_val varchar(100))
+RETURNS bigint LANGUAGE SQL AS $$ SELECT x_portal_user.id FROM x_portal_user
+WHERE x_portal_user.login_id = $1; $$;
+
+CREATE OR REPLACE FUNCTION getModulesIdByName(input_val varchar(100))
+RETURNS bigint LANGUAGE SQL AS $$ SELECT x_modules_master.id FROM x_modules_master
+WHERE x_modules_master.module = $1; $$;
+
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),'Security Zone','');
+INSERT INTO x_user_module_perm (user_id,module_id,create_time,update_time,added_by_id,upd_by_id,is_allowed) VALUES (getXportalUIdByLoginId('admin'),getModulesIdByName('Security Zone'),current_timestamp,current_timestamp,getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),1);
+INSERT INTO x_user_module_perm (user_id,module_id,create_time,update_time,added_by_id,upd_by_id,is_allowed) VALUES (getXportalUIdByLoginId('rangerusersync'),getModulesIdByName('Security Zone'),current_timestamp,current_timestamp,getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),1);
+INSERT INTO x_user_module_perm (user_id,module_id,create_time,update_time,added_by_id,upd_by_id,is_allowed) VALUES (getXportalUIdByLoginId('rangertagsync'),getModulesIdByName('Security Zone'),current_timestamp,current_timestamp,getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),1);
+commit;
select 'delimiter start';
CREATE OR REPLACE FUNCTION add_zone_x_policy_export_audit()
@@ -73,6 +85,7 @@ upd_by_id BIGINT DEFAULT NULL NULL,
version BIGINT DEFAULT NULL NULL,
name varchar(255) NOT NULL,
jsonData text DEFAULT NULL NULL,
+description VARCHAR(1024) DEFAULT NULL NULL,
primary key (id),
CONSTRAINT x_security_zone_UK_name UNIQUE (name),
CONSTRAINT x_security_zone_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
@@ -184,15 +197,3 @@ select 'delimiter end';
select add_x_policy_zone_id();
select 'delimiter end';
-CREATE OR REPLACE FUNCTION getXportalUIdByLoginId(input_val varchar(100))
-RETURNS bigint LANGUAGE SQL AS $$ SELECT x_portal_user.id FROM x_portal_user
-WHERE x_portal_user.login_id = input_val; $$;
-
-CREATE OR REPLACE FUNCTION getModulesIdByName(input_val varchar(100))
-RETURNS bigint LANGUAGE SQL AS $$ SELECT x_modules_master.id FROM x_modules_master
-WHERE x_modules_master.module = input_val; $$;
-
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),'Security Zone','');
-INSERT INTO x_user_module_perm (user_id,module_id,create_time,update_time,added_by_id,upd_by_id,is_allowed) VALUES (getXportalUIdByLoginId('admin'),getModulesIdByName('Security Zone'),current_timestamp,current_timestamp,getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),1);
-INSERT INTO x_user_module_perm (user_id,module_id,create_time,update_time,added_by_id,upd_by_id,is_allowed) VALUES (getXportalUIdByLoginId('rangerusersync'),getModulesIdByName('Security Zone'),current_timestamp,current_timestamp,getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),1);
-INSERT INTO x_user_module_perm (user_id,module_id,create_time,update_time,added_by_id,upd_by_id,is_allowed) VALUES (getXportalUIdByLoginId('rangertagsync'),getModulesIdByName('Security Zone'),current_timestamp,current_timestamp,getXportalUIdByLoginId('admin'),getXportalUIdByLoginId('admin'),1);
diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 71f0ba4..81c6172 100644
--- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -507,6 +507,7 @@ CREATE TABLE dbo.x_security_zone(
version bigint DEFAULT NULL NULL,
name varchar(255) NOT NULL,
jsonData text DEFAULT NULL NULL,
+ description varchar(1024) DEFAULT NULL NULL,
CONSTRAINT x_security_zone_PK_id PRIMARY KEY CLUSTERED(id),
CONSTRAINT x_security_zone_UK_name UNIQUE NONCLUSTERED(name)
)
diff --git a/security-admin/db/sqlanywhere/patches/037-create-security-zone-schema.sql b/security-admin/db/sqlanywhere/patches/037-create-security-zone-schema.sql
index b96b6e5..5b7dade 100644
--- a/security-admin/db/sqlanywhere/patches/037-create-security-zone-schema.sql
+++ b/security-admin/db/sqlanywhere/patches/037-create-security-zone-schema.sql
@@ -61,6 +61,7 @@ CREATE TABLE dbo.x_security_zone(
version bigint DEFAULT NULL NULL,
name varchar(255) NOT NULL,
jsonData text DEFAULT NULL NULL,
+ description varchar(1024) DEFAULT NULL NULL,
CONSTRAINT x_security_zone_PK_id PRIMARY KEY CLUSTERED(id),
CONSTRAINT x_security_zone_UK_name UNIQUE NONCLUSTERED(name)
)
diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index d69c2dd..845e089 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -1343,6 +1343,7 @@ CREATE TABLE [dbo].[x_security_zone](
[version] [bigint] DEFAULT NULL NULL,
[name] [varchar](255) NOT NULL,
[jsonData] [nvarchar](max) DEFAULT NULL NULL,
+ [description] [varchar](1024) DEFAULT NULL NULL,
PRIMARY KEY CLUSTERED
(
[id] ASC
@@ -2686,9 +2687,9 @@ REFERENCES [dbo].[x_portal_user] ([id])
ALTER TABLE [dbo].[x_policy_ref_access_type] WITH CHECK ADD CONSTRAINT [x_policy_ref_access_type_FK_policy_id] FOREIGN KEY ([policy_id])
REFERENCES [dbo].[x_policy] ([id])
ALTER TABLE [dbo].[x_policy_ref_access_type] CHECK CONSTRAINT [x_policy_ref_access_type_FK_policy_id]
-ALTER TABLE [dbo].[x_policy_ref_access_type] WITH CHECK ADD CONSTRAINT [x_policy_ref_access_type_FK_res_def_id] FOREIGN KEY ([access_def_id])
-REFERENCES [dbo].[x_resource_def] ([id])
-ALTER TABLE [dbo].[x_policy_ref_access_type] CHECK CONSTRAINT [x_policy_ref_access_type_FK_res_def_id]
+ALTER TABLE [dbo].[x_policy_ref_access_type] WITH CHECK ADD CONSTRAINT [x_policy_ref_access_type_FK_access_def_id] FOREIGN KEY ([access_def_id])
+REFERENCES [dbo].[x_access_type_def] ([id])
+ALTER TABLE [dbo].[x_policy_ref_access_type] CHECK CONSTRAINT [x_policy_ref_access_type_FK_access_def_id]
ALTER TABLE [dbo].[x_policy_ref_access_type] WITH CHECK ADD CONSTRAINT [x_policy_ref_access_type_FK_added_by] FOREIGN KEY ([added_by_id])
REFERENCES [dbo].[x_portal_user] ([id])
ALTER TABLE [dbo].[x_policy_ref_access_type] CHECK CONSTRAINT [x_policy_ref_access_type_FK_added_by]
diff --git a/security-admin/db/sqlserver/patches/037-create-security-zone-schema.sql b/security-admin/db/sqlserver/patches/037-create-security-zone-schema.sql
index 1c68722..e621b43 100644
--- a/security-admin/db/sqlserver/patches/037-create-security-zone-schema.sql
+++ b/security-admin/db/sqlserver/patches/037-create-security-zone-schema.sql
@@ -19,7 +19,10 @@ BEGIN
ALTER TABLE [dbo].[x_policy_export_audit] ADD [zone_name] [varchar](255) DEFAULT NULL NULL;
END
GO
-
+IF (OBJECT_ID('x_policy_FK_zone_id') IS NOT NULL)
+BEGIN
+ ALTER TABLE [dbo].[x_policy] DROP CONSTRAINT x_policy_FK_zone_id
+END
GO
IF (OBJECT_ID('x_sz_ref_group_FK_added_by_id') IS NOT NULL)
BEGIN
@@ -168,6 +171,7 @@ CREATE TABLE [dbo].[x_security_zone](
[version] [bigint] DEFAULT NULL NULL,
[name] [varchar](255) NOT NULL,
[jsonData] [nvarchar](max) DEFAULT NULL NULL,
+ [description] [varchar](1024) DEFAULT NULL NULL,
PRIMARY KEY CLUSTERED
(
[id] ASC
@@ -314,7 +318,12 @@ ALTER TABLE [dbo].[x_ranger_global_state] WITH CHECK ADD CONSTRAINT [x_ranger_gl
GO
IF NOT EXISTS(select * from INFORMATION_SCHEMA.columns where table_name = 'x_policy' and column_name in('zone_id'))
BEGIN
- ALTER TABLE [dbo].[x_policy] ADD [zone_id] [bigint] DEFAULT NULL NULL,CONSTRAINT [x_policy_FK_zone_id] FOREIGN KEY([zone_id]) REFERENCES [dbo].[x_security_zone] ([id]);
+ ALTER TABLE [dbo].[x_policy] ADD [zone_id] [bigint] DEFAULT NULL NULL;
+END
+GO
+IF (OBJECT_ID('x_policy_FK_zone_id') IS NULL)
+BEGIN
+ ALTER TABLE [dbo].[x_policy] ADD CONSTRAINT [x_policy_FK_zone_id] FOREIGN KEY([zone_id]) REFERENCES [dbo].[x_security_zone] ([id]);
END
GO
SET ANSI_NULLS ON
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index d350fd1..0effa67 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -25,11 +25,13 @@ import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.IOCase;
import org.apache.commons.lang.StringUtils;
@@ -1426,4 +1428,28 @@ public class RangerBizUtil {
}
return true;
}
+
+ public void removeEmptyStrings(List<String> list) {
+ if(!CollectionUtils.isEmpty(list)) {
+ Iterator<String> i = list.iterator();
+ while (i.hasNext()){
+ String item = i.next();
+ if (item == null || StringUtils.isEmpty(StringUtils.trim(item))){
+ i.remove();
+ }
+ }
+ trimAll(list);
+ }
+ }
+
+ public void trimAll(List<String> list) {
+ if(!CollectionUtils.isEmpty(list)) {
+ for (int i = 0; i < list.size(); i++) {
+ String item=list.get(i);
+ if(item.startsWith(" ") || item.endsWith(" ")) {
+ list.set(i, StringUtils.trim(item));
+ }
+ }
+ }
+ }
}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 933e99f..db3d3d6 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -257,32 +257,36 @@ public class XUserMgr extends XUserMgrBase {
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_SECURITY_ZONE), isCreate);
} else if (role.equals(RangerConstants.ROLE_SYS_ADMIN)) {
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate);
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_USER_GROUPS), isCreate);
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_TAG_BASED_POLICIES), isCreate);
- createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_SECURITY_ZONE), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_SECURITY_ZONE), isCreate);
} else if (role.equals(RangerConstants.ROLE_KEY_ADMIN)) {
- createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_USER_GROUPS),isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_USER_GROUPS),isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_SECURITY_ZONE), isCreate);
+ } else if (role.equals(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_USER_GROUPS), isCreate);
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER), isCreate);
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
- } else if (role.equals(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
- createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_USER_GROUPS),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_REPORTS),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES),isCreate);
- } else if (role.equals(RangerConstants.ROLE_ADMIN_AUDITOR)) {
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_REPORTS),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_AUDIT),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_USER_GROUPS),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_TAG_BASED_POLICIES),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerAPIMapping.TAB_PERMISSIONS),isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_SECURITY_ZONE), isCreate);
+ } else if (role.equals(RangerConstants.ROLE_ADMIN_AUDITOR)) {
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_USER_GROUPS), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_TAG_BASED_POLICIES), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerAPIMapping.TAB_PERMISSIONS), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_SECURITY_ZONE), isCreate);
}
}
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXSecurityZoneBase.java b/security-admin/src/main/java/org/apache/ranger/entity/XXSecurityZoneBase.java
index 9c78710..8f22599 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXSecurityZoneBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXSecurityZoneBase.java
@@ -38,9 +38,13 @@ public abstract class XXSecurityZoneBase extends XXDBBase {
@Column(name = "jsonData")
protected String jsonData;
+ @Column(name = "description")
+ protected String description;
+
public Long getVersion() { return version; }
public String getName() { return name; }
public String getJsonData() { return jsonData; }
+ public String getDescription() { return description; }
public void setName(String name) {
this.name = name;
@@ -48,6 +52,9 @@ public abstract class XXSecurityZoneBase extends XXDBBase {
public void setJsonData(String jsonData) {
this.jsonData = jsonData;
}
+ public void setDescription(String description) {
+ this.description = description;
+ }
@Override
public boolean equals(Object obj) {
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchAssignSecurityZonePersmissionToAdmin_J10026.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchAssignSecurityZonePersmissionToAdmin_J10026.java
index 64e39e3..eea929d 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/PatchAssignSecurityZonePersmissionToAdmin_J10026.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchAssignSecurityZonePersmissionToAdmin_J10026.java
@@ -17,9 +17,17 @@
package org.apache.ranger.patch;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
+import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.biz.XUserMgr;
import org.apache.ranger.common.RangerConstants;
@@ -35,86 +43,160 @@ import org.springframework.util.CollectionUtils;
@Component
public class PatchAssignSecurityZonePersmissionToAdmin_J10026 extends BaseLoader {
- private static final Logger logger = Logger
- .getLogger(PatchAssignSecurityZonePersmissionToAdmin_J10026.class);
-
- @Autowired
- RangerDaoManager daoManager;
-
- @Autowired
- XUserMgr xUserMgr;
-
- @Autowired
- XPortalUserService xPortalUserService;
-
- public static void main(String[] args) {
- logger.info("main()");
- try {
-
- PatchAssignSecurityZonePersmissionToAdmin_J10026 loader = (PatchAssignSecurityZonePersmissionToAdmin_J10026) CLIUtil
- .getBean(PatchAssignSecurityZonePersmissionToAdmin_J10026.class);
-
- loader.init();
- while (loader.isMoreToProcess()) {
- loader.load();
- }
- logger.info("Load complete. Exiting!!!");
- System.exit(0);
- } catch (Exception e) {
- logger.error("Error loading", e);
- System.exit(1);
- }
- }
-
- @Override
- public void init() throws Exception {
- // Do Nothing
- }
-
- @Override
- public void printStats() {
- // Do Nothing
-
- }
-
- @Override
- public void execLoad() {
- logger.info("==> PatchAssignSecurityZonePersmissionToAdmin_J10026.execLoad() started");
- assignSecurityZonePermissionToExistingAdminUsers();
- logger.info("<== PatchAssignSecurityZonePersmissionToAdmin_J10026.execLoad() completed");
-
- }
-
- private void assignSecurityZonePermissionToExistingAdminUsers(){
- int countUserPermissionUpdated = 0;
- List<XXPortalUser> xXPortalUsers =daoManager.getXXPortalUser().findByRole(RangerConstants.ROLE_SYS_ADMIN);
- if(xXPortalUsers != null && !CollectionUtils.isEmpty(xXPortalUsers)){
- countUserPermissionUpdated=assignPermissions(xXPortalUsers);
- logger.info("Security Zone Permission assigned to users having role:"+RangerConstants.ROLE_SYS_ADMIN+". Processed:"+countUserPermissionUpdated + " of total "+xXPortalUsers.size());
- }
- }
-
- private int assignPermissions(List<XXPortalUser> xXPortalUsers){
- HashMap<String, Long> moduleNameId = xUserMgr.getAllModuleNameAndIdMap();
- int countUserPermissionUpdated = 0;
- if(!CollectionUtils.isEmpty(xXPortalUsers)){
- for (XXPortalUser xPortalUser : xXPortalUsers) {
- try{
- if(xPortalUser!=null){
- VXPortalUser vPortalUser = xPortalUserService.populateViewBean(xPortalUser);
- if(vPortalUser!=null){
- vPortalUser.setUserRoleList(daoManager.getXXPortalUserRole().findXPortalUserRolebyXPortalUserId(vPortalUser.getId()));
- xUserMgr.createOrUpdateUserPermisson(vPortalUser, moduleNameId.get(RangerConstants.MODULE_SECURITY_ZONE), false);
- countUserPermissionUpdated += 1;
- logger.info("Security Zone Permission assigned/updated to Admin Role, UserId [" + xPortalUser.getId() + "]");
- }
- }
- }catch(Exception ex){
- logger.error("Error while assigning security zone permission for admin users", ex);
- System.exit(1);
- }
- }
- }
- return countUserPermissionUpdated;
- }
+ private static final Logger logger = Logger.getLogger(PatchAssignSecurityZonePersmissionToAdmin_J10026.class);
+
+ @Autowired
+ RangerDaoManager daoManager;
+
+ @Autowired
+ XUserMgr xUserMgr;
+
+ @Autowired
+ XPortalUserService xPortalUserService;
+
+ private static boolean grantAllUsers=false;
+ private static String usersListFileName=null;
+ private final static Charset ENCODING = StandardCharsets.UTF_8;
+ public static void main(String[] args) {
+ logger.info("main()");
+ try {
+ if(args!=null && args.length>0){
+ if(StringUtils.equalsIgnoreCase("ALL", args[0])){
+ grantAllUsers=true;
+ }else if(!StringUtils.isEmpty(args[0])){
+ usersListFileName=args[0];
+ }
+ }
+ PatchAssignSecurityZonePersmissionToAdmin_J10026 loader = (PatchAssignSecurityZonePersmissionToAdmin_J10026) CLIUtil
+ .getBean(PatchAssignSecurityZonePersmissionToAdmin_J10026.class);
+
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting!!!");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ @Override
+ public void printStats() {
+ // Do Nothing
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==> PatchAssignSecurityZonePersmissionToAdmin_J10026.execLoad() started");
+ assignSecurityZonePermissionToExistingAdminUsers();
+ logger.info("<== PatchAssignSecurityZonePersmissionToAdmin_J10026.execLoad() completed");
+
+ }
+
+ private void assignSecurityZonePermissionToExistingAdminUsers() {
+ int countUserPermissionUpdated = 0;
+ Long userCount=daoManager.getXXPortalUser().getAllCount();
+ List<XXPortalUser> xXPortalUsers=null;
+ Long patchModeMaxLimit=Long.valueOf(500L);
+ try{
+ if (userCount!=null && userCount>0){
+ List<String> loginIdList=readUserNamesFromFile(usersListFileName);
+ if(!CollectionUtils.isEmpty(loginIdList)){
+ xXPortalUsers=new ArrayList<XXPortalUser>();
+ XXPortalUser xXPortalUser=null;
+ for(String loginId:loginIdList){
+ try{
+ xXPortalUser=daoManager.getXXPortalUser().findByLoginId(loginId);
+ if(xXPortalUser!=null){
+ xXPortalUsers.add(xXPortalUser);
+ }else{
+ logger.info("User "+loginId+" doesn't exist!");
+ }
+ }catch(Exception ex){
+ }
+ }
+ countUserPermissionUpdated=assignPermissions(xXPortalUsers);
+ logger.info("Security Zone Permissions assigned to "+countUserPermissionUpdated + " of total "+loginIdList.size());
+ } else {
+ xXPortalUsers=daoManager.getXXPortalUser().findByRole(RangerConstants.ROLE_SYS_ADMIN);
+ if(!CollectionUtils.isEmpty(xXPortalUsers)){
+ countUserPermissionUpdated=assignPermissions(xXPortalUsers);
+ logger.info("Security Zone Permissions assigned to users having role:"+RangerConstants.ROLE_SYS_ADMIN+". Processed:"+countUserPermissionUpdated + " of total "+xXPortalUsers.size());
+ }
+ xXPortalUsers=daoManager.getXXPortalUser().findByRole(RangerConstants.ROLE_ADMIN_AUDITOR);
+ if(!CollectionUtils.isEmpty(xXPortalUsers)){
+ countUserPermissionUpdated=assignPermissions(xXPortalUsers);
+ logger.info("Security Zone Permissions assigned to users having role:"+RangerConstants.ROLE_ADMIN_AUDITOR+". Processed:"+countUserPermissionUpdated + " of total "+xXPortalUsers.size());
+ }
+ //if total no. of users are more than 500 then process ADMIN and KEY_ADMIN users only to avoid timeout
+ if(userCount.compareTo(Long.valueOf(patchModeMaxLimit))<0 || grantAllUsers){
+ xXPortalUsers=daoManager.getXXPortalUser().findByRole(RangerConstants.ROLE_USER);
+ if(!CollectionUtils.isEmpty(xXPortalUsers)){
+ countUserPermissionUpdated=assignPermissions(xXPortalUsers);
+ logger.info("Security Zone Permissions assigned to "+countUserPermissionUpdated + " of total "+xXPortalUsers.size());
+ }
+ logger.info("Please execute this patch separately with argument 'ALL' to assign permission to remaining users ");
+ System.out.println("Please execute this patch separately with argument 'ALL' to assign module permissions to remaining users!!");
+ }
+ }
+ }
+ }catch(Exception ex){
+ }
+ }
+
+ private int assignPermissions(List<XXPortalUser> xXPortalUsers) {
+ HashMap<String, Long> moduleNameId = xUserMgr.getAllModuleNameAndIdMap();
+ int countUserPermissionUpdated = 0;
+ if (!CollectionUtils.isEmpty(xXPortalUsers)) {
+ for (XXPortalUser xPortalUser : xXPortalUsers) {
+ try {
+ if (xPortalUser != null) {
+ VXPortalUser vPortalUser = xPortalUserService.populateViewBean(xPortalUser);
+ if (vPortalUser != null) {
+ vPortalUser.setUserRoleList(daoManager.getXXPortalUserRole()
+ .findXPortalUserRolebyXPortalUserId(vPortalUser.getId()));
+ xUserMgr.createOrUpdateUserPermisson(vPortalUser,
+ moduleNameId.get(RangerConstants.MODULE_SECURITY_ZONE), false);
+ countUserPermissionUpdated += 1;
+ logger.info("Security Zone Permission assigned/updated to Admin Role, UserId ["
+ + xPortalUser.getId() + "]");
+ }
+ }
+ } catch (Exception ex) {
+ logger.error("Error while assigning security zone permission for admin users", ex);
+ System.exit(1);
+ }
+ }
+ }
+ return countUserPermissionUpdated;
+ }
+
+ private List<String> readUserNamesFromFile(String aFileName) throws IOException {
+ List<String> userNames=new ArrayList<String>();
+ if(!StringUtils.isEmpty(aFileName)){
+ Path path = Paths.get(aFileName);
+ if (Files.exists(path) && Files.isRegularFile(path)) {
+ List<String> fileContents=Files.readAllLines(path, ENCODING);
+ if(fileContents!=null && !fileContents.isEmpty()){
+ for(String line:fileContents){
+ if(!StringUtils.isEmpty(line) && !userNames.contains(line)){
+ try{
+ userNames.add(line.trim());
+ }catch(Exception ex){
+ }
+ }
+ }
+ }
+ }
+ }
+ return userNames;
+ }
}
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
index 1145122..baded45 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
@@ -19,6 +19,7 @@
package org.apache.ranger.rest;
+import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
@@ -32,10 +33,10 @@ import org.apache.commons.logging.LogFactory;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.SecurityZoneDBStore;
import org.apache.ranger.biz.ServiceDBStore;
-import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerValidatorFactory;
import org.apache.ranger.plugin.model.RangerSecurityZone;
+import org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService;
import org.apache.ranger.plugin.model.validation.RangerSecurityZoneValidator;
import org.apache.ranger.plugin.model.validation.RangerValidator;
import org.springframework.beans.factory.annotation.Autowired;
@@ -44,7 +45,11 @@ import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
+import java.util.HashMap;
+import java.util.Iterator;
import java.util.List;
+import java.util.Map;
+import java.util.Set;
@Path("zones")
@Component
@@ -77,6 +82,7 @@ public class SecurityZoneREST {
RangerSecurityZone ret;
try {
ensureAdminAccess();
+ removeEmptyEntries(securityZone);
RangerSecurityZoneValidator validator = validatorFactory.getSecurityZoneValidator(svcStore, securityZoneStore);
validator.validate(securityZone, RangerValidator.Action.CREATE);
ret = securityZoneStore.createSecurityZone(securityZone);
@@ -102,6 +108,7 @@ public class SecurityZoneREST {
}
ensureAdminAccess();
+ removeEmptyEntries(securityZone);
if (securityZone.getId() != null && !zoneId.equals(securityZone.getId())) {
throw restErrorUtil.createRESTException("zoneId mismatch!!");
} else {
@@ -237,12 +244,37 @@ public class SecurityZoneREST {
return ret;
}
- private void ensureAdminAccess(){
- if(!bizUtil.isAdmin()){
- String userName = bizUtil.getCurrentUserLoginId();
- throw restErrorUtil.createRESTException(
- "Ranger Securtiy Zone is not accessible for user '" + userName + "'.",
- MessageEnums.OPER_NO_PERMISSION);
- }
- }
+ private void ensureAdminAccess(){
+ if(!bizUtil.isAdmin()){
+ String userName = bizUtil.getCurrentUserLoginId();
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Ranger Securtiy Zone is not accessible for user '" + userName + "'.", true);
+ }
+ }
+
+ private void removeEmptyEntries(RangerSecurityZone securityZone) {
+ bizUtil.removeEmptyStrings(securityZone.getAdminUsers());
+ bizUtil.removeEmptyStrings(securityZone.getAdminUserGroups());
+ bizUtil.removeEmptyStrings(securityZone.getAuditUsers());
+ bizUtil.removeEmptyStrings(securityZone.getAuditUserGroups());
+ Map<String, RangerSecurityZoneService> serviceResouceMap=securityZone.getServices();
+ if(serviceResouceMap!=null) {
+ Set<Map.Entry<String, RangerSecurityZoneService>> serviceResouceMapEntries = serviceResouceMap.entrySet();
+ Iterator<Map.Entry<String, RangerSecurityZoneService>> iterator=serviceResouceMapEntries.iterator();
+ while (iterator.hasNext()){
+ Map.Entry<String, RangerSecurityZoneService> serviceResouceMapEntry = iterator.next();
+ RangerSecurityZoneService rangerSecurityZoneService=serviceResouceMapEntry.getValue();
+ List<HashMap<String, List<String>>> resources=rangerSecurityZoneService.getResources();
+ if(resources!=null) {
+ for (Map<String, List<String>> resource : resources) {
+ if (resource!=null) {
+ for (Map.Entry<String, List<String>> entry : resource.entrySet()) {
+ List<String> resourceValues = entry.getValue();
+ bizUtil.removeEmptyStrings(resourceValues);
+ }
+ }
+ }
+ }
+ }
+ }
+ }
}
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneService.java
index cc796d5..ab89319 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneService.java
@@ -72,6 +72,7 @@ public class RangerSecurityZoneService extends RangerSecurityZoneServiceBase<XXS
trxLogAttrs.put("adminUserGroups", new VTrxLogAttr("adminUserGroups", "Zone Admin User Groups", false));
trxLogAttrs.put("auditUsers", new VTrxLogAttr("auditUsers", "Zone Audit Users", false));
trxLogAttrs.put("auditUserGroups", new VTrxLogAttr("auditUserGroups", "Zone Audit User Groups", false));
+ trxLogAttrs.put("description", new VTrxLogAttr("description", "Zone Description", false));
}
public RangerSecurityZoneService() {
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceBase.java
index 0620441..87e5c61 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceBase.java
@@ -39,12 +39,14 @@ public abstract class RangerSecurityZoneServiceBase<T extends XXSecurityZone, V
@Override
protected T mapViewToEntityBean(V vObj, T xObj, int OPERATION_CONTEXT) {
xObj.setName(vObj.getName());
+ xObj.setDescription(vObj.getDescription());
return xObj;
}
@Override
protected V mapEntityToViewBean(V vObj, T xObj) {
vObj.setName(xObj.getName());
+ vObj.setDescription(xObj.getDescription());
return vObj;
}
}
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java
index 456b858..e4b5a1b 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java
@@ -71,9 +71,14 @@ public class TestSecurityZoneREST {
private RangerSecurityZone createRangerSecurityZone() {
String testZone1 = "testzone1";
List<String> testZone1ResoursesList = new ArrayList(Arrays.asList("/path/to/resource1", "/path/to/resource2"));
+ List<String> userGroupList = new ArrayList(Arrays.asList("testuser", "testgroup"));
RangerSecurityZone zone = new RangerSecurityZone();
zone.setName(testZone1);
+ zone.setAdminUserGroups(userGroupList);
+ zone.setAdminUsers(userGroupList);
+ zone.setAuditUserGroups(userGroupList);
+ zone.setAuditUsers(userGroupList);
Map<String, RangerSecurityZoneService> services = new HashMap<>();
List<HashMap<String, List<String>>> resources = new ArrayList<>();
@@ -81,6 +86,7 @@ public class TestSecurityZoneREST {
testZone1ResoursesList));
RangerSecurityZoneService zoneService = new RangerSecurityZoneService();
+
zoneService.setResources(resources);
services.put("test_service_1", zoneService);
zone.setServices(services);