You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2014/09/05 23:47:36 UTC
[1/2] git commit: ARGUS-9: added patch to make delegated user to
view/edit storm policies
Repository: incubator-argus
Updated Branches:
refs/heads/master da2ed83a0 -> 8233fc256
ARGUS-9: added patch to make delegated user to view/edit storm policies
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/2f4ff7e0
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/2f4ff7e0
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/2f4ff7e0
Branch: refs/heads/master
Commit: 2f4ff7e036af4175b1e91983f30d43c0ddbaa538
Parents: 0c8da1a
Author: sneethiraj <sn...@apache.org>
Authored: Fri Sep 5 17:40:29 2014 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Fri Sep 5 17:40:29 2014 -0400
----------------------------------------------------------------------
.../main/java/com/xasecure/biz/AssetMgr.java | 5 +-
.../main/java/com/xasecure/biz/XABizUtil.java | 124 ++++++++++++++++---
2 files changed, 113 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/2f4ff7e0/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
index 2f8bb05..04eaccf 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
@@ -1231,10 +1231,13 @@ public class AssetMgr extends AssetMgrBase {
vXResource.setColumns("*");
vXResource.setName("/*/*/*");
vXResource.setResourceType(AppConstants.RESOURCE_COLUMN);
- } else if (assetType == AppConstants.ASSET_KNOX || assetType == AppConstants.ASSET_STORM) {
+ } else if (assetType == AppConstants.ASSET_KNOX) {
vXResource.setTopologies("*");
vXResource.setServices("*");
vXResource.setName("/*/*");
+ } else if (assetType == AppConstants.ASSET_STORM) {
+ vXResource.setTopologies("*");
+ vXResource.setName("/*");
}
vXResource = xResourceService.createResource(vXResource);
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/2f4ff7e0/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
index a9849da..3c6ef1f 100644
--- a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
+++ b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
@@ -444,20 +444,6 @@ public class XABizUtil {
}
vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
return vXResponse;
- } else if (assetType == AppConstants.ASSET_KNOX) {
- String[] requestResNameList = resourceNames.split(",");
- for (String resourceName : requestResNameList) {
- boolean matchFound = matchKnoxPolicy(resourceName,
- xResourceList, vXResponse, xUserId, permission);
- if (!matchFound) {
- vXResponse.setMsgDesc("You're not permitted to perform "
- + "the action for resource path : " + resourceName);
- vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
- return vXResponse;
- }
- }
- vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
- return vXResponse;
} else if (assetType == AppConstants.ASSET_HDFS) {
String[] requestResNameList = resourceNames.split(",");
for (String resourceName : requestResNameList) {
@@ -472,7 +458,35 @@ public class XABizUtil {
}
vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
return vXResponse;
- }
+ } else if (assetType == AppConstants.ASSET_KNOX) {
+ String[] requestResNameList = resourceNames.split(",");
+ for (String resourceName : requestResNameList) {
+ boolean matchFound = matchKnoxPolicy(resourceName,
+ xResourceList, vXResponse, xUserId, permission);
+ if (!matchFound) {
+ vXResponse.setMsgDesc("You're not permitted to perform "
+ + "the action for resource path : " + resourceName);
+ vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
+ return vXResponse;
+ }
+ }
+ vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
+ return vXResponse;
+ } else if (assetType == AppConstants.ASSET_STORM) {
+ String[] requestResNameList = resourceNames.split(",");
+ for (String resourceName : requestResNameList) {
+ boolean matchFound = matchStormPolicy(resourceName,
+ xResourceList, vXResponse, xUserId, permission);
+ if (!matchFound) {
+ vXResponse.setMsgDesc("You're not permitted to perform "
+ + "the action for resource path : " + resourceName);
+ vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
+ return vXResponse;
+ }
+ }
+ vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
+ return vXResponse;
+ }
return vXResponse;
}
@@ -1179,6 +1193,86 @@ public class XABizUtil {
return policyMatched;
}
+ /**
+ * returns true if user is having required permission on given STORM
+ * resource
+ *
+ * @param resourceName
+ * @param xResourceList
+ * @param vXResponse
+ * @param xUserId
+ * @param permission
+ * @return
+ */
+ private boolean matchStormPolicy(String resourceName,
+ List<XXResource> xResourceList, VXResponse vXResponse, Long xUserId,
+ int permission) {
+
+ String[] splittedResources = stringUtil.split(resourceName,
+ File.separator);
+ int numberOfResources = splittedResources.length;
+ if (numberOfResources < 1 || numberOfResources > 3) {
+ logger.debug("Invalid policy name : " + resourceName);
+ return false;
+ }
+
+ boolean policyMatched = false;
+ // check all resources whether Knox policy is enabled in any resource
+ // of provided resource list
+ for (XXResource xResource : xResourceList) {
+ if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) {
+ continue;
+ }
+ Long resourceId = xResource.getId();
+ boolean hasPermission = checkUsrPermForPolicy(xUserId, permission,
+ resourceId);
+ // if permission is enabled then load Topologies,services list from resource
+ if (hasPermission) {
+ String[] xTopologies = (xResource.getTopologies() == null || xResource
+ .getTopologies().equalsIgnoreCase("")) ? null : stringUtil
+ .split(xResource.getTopologies(), ",");
+ /*String[] xServices = (xResource.getServices() == null || xResource
+ .getServices().equalsIgnoreCase("")) ? null
+ : stringUtil.split(xResource.getServices(), ",");*/
+
+ boolean matchFound = false;
+
+ for (int index = 0; index < numberOfResources; index++) {
+ matchFound = false;
+ // check whether given table resource matches with any
+ // existing topology resource
+ if (index == 0) {
+ if(xTopologies!=null){
+ for (String xTopology : xTopologies) {
+ if (matchPath(splittedResources[index], xTopology)) {
+ matchFound = true;
+ continue;
+ }
+ }
+ }
+ } // check whether given service resource matches with
+ // any existing service resource
+ /*else if (index == 1) {
+ if(xServices!=null){
+ for (String xService : xServices) {
+ if (matchPath(splittedResources[index],
+ xService)) {
+ matchFound = true;
+ continue;
+ }
+ }
+ }
+ }*/
+ }
+ if (matchFound) {
+ policyMatched = true;
+ break;
+ }
+ }
+ }
+ return policyMatched;
+ }
+
/**
* returns path without meta characters
*
[2/2] git commit: Merge branch 'master' of
https://git-wip-us.apache.org/repos/asf/incubator-argus
Posted by sn...@apache.org.
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/incubator-argus
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/8233fc25
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/8233fc25
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/8233fc25
Branch: refs/heads/master
Commit: 8233fc256016b1e63a91392a3b695b1837b197b4
Parents: 2f4ff7e da2ed83
Author: sneethiraj <sn...@apache.org>
Authored: Fri Sep 5 17:47:10 2014 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Fri Sep 5 17:47:10 2014 -0400
----------------------------------------------------------------------
.../com/xasecure/knox/client/KnoxClient.java | 88 ++------------------
.../xasecure/knox/client/KnoxClientTest.java | 36 ++++----
2 files changed, 30 insertions(+), 94 deletions(-)
----------------------------------------------------------------------