You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by sn...@apache.org on 2014/09/05 23:47:36 UTC

[1/2] git commit: ARGUS-9: added patch to make delegated user to view/edit storm policies

Repository: incubator-argus
Updated Branches:
  refs/heads/master da2ed83a0 -> 8233fc256


ARGUS-9: added patch to make delegated user to view/edit storm policies


Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/2f4ff7e0
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/2f4ff7e0
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/2f4ff7e0

Branch: refs/heads/master
Commit: 2f4ff7e036af4175b1e91983f30d43c0ddbaa538
Parents: 0c8da1a
Author: sneethiraj <sn...@apache.org>
Authored: Fri Sep 5 17:40:29 2014 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Fri Sep 5 17:40:29 2014 -0400

----------------------------------------------------------------------
 .../main/java/com/xasecure/biz/AssetMgr.java    |   5 +-
 .../main/java/com/xasecure/biz/XABizUtil.java   | 124 ++++++++++++++++---
 2 files changed, 113 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/2f4ff7e0/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
index 2f8bb05..04eaccf 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
@@ -1231,10 +1231,13 @@ public class AssetMgr extends AssetMgrBase {
 			vXResource.setColumns("*");
 			vXResource.setName("/*/*/*");
 			vXResource.setResourceType(AppConstants.RESOURCE_COLUMN);
-		} else if (assetType == AppConstants.ASSET_KNOX || assetType == AppConstants.ASSET_STORM) {
+		} else if (assetType == AppConstants.ASSET_KNOX) {
 			vXResource.setTopologies("*");
 			vXResource.setServices("*");
 			vXResource.setName("/*/*");
+		} else if (assetType == AppConstants.ASSET_STORM) {
+			vXResource.setTopologies("*");
+			vXResource.setName("/*");
 		}
 
 		vXResource = xResourceService.createResource(vXResource);

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/2f4ff7e0/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
index a9849da..3c6ef1f 100644
--- a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
+++ b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
@@ -444,20 +444,6 @@ public class XABizUtil {
 			}
 			vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
 			return vXResponse;
-		} else if (assetType == AppConstants.ASSET_KNOX) {
-				String[] requestResNameList = resourceNames.split(",");
-				for (String resourceName : requestResNameList) {
-					boolean matchFound = matchKnoxPolicy(resourceName,
-							xResourceList, vXResponse, xUserId, permission);
-					if (!matchFound) {
-						vXResponse.setMsgDesc("You're not permitted to perform "
-								+ "the action for resource path : " + resourceName);
-						vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
-						return vXResponse;
-					}
-				}
-				vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
-				return vXResponse;	
 		} else if (assetType == AppConstants.ASSET_HDFS) {
 			String[] requestResNameList = resourceNames.split(",");
 			for (String resourceName : requestResNameList) {
@@ -472,7 +458,35 @@ public class XABizUtil {
 			}
 			vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
 			return vXResponse;
-		}
+		} else if (assetType == AppConstants.ASSET_KNOX) {
+				String[] requestResNameList = resourceNames.split(",");
+				for (String resourceName : requestResNameList) {
+					boolean matchFound = matchKnoxPolicy(resourceName,
+							xResourceList, vXResponse, xUserId, permission);
+					if (!matchFound) {
+						vXResponse.setMsgDesc("You're not permitted to perform "
+								+ "the action for resource path : " + resourceName);
+						vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
+						return vXResponse;
+					}
+				}
+				vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
+				return vXResponse;	
+        } else if (assetType == AppConstants.ASSET_STORM) {
+            String[] requestResNameList = resourceNames.split(",");
+            for (String resourceName : requestResNameList) {
+                boolean matchFound = matchStormPolicy(resourceName,
+                        xResourceList, vXResponse, xUserId, permission);
+                if (!matchFound) {
+                    vXResponse.setMsgDesc("You're not permitted to perform "
+                            + "the action for resource path : " + resourceName);
+                    vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
+                    return vXResponse;
+                }
+            }
+            vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
+            return vXResponse;
+        }
 		return vXResponse;
 	}
 
@@ -1179,6 +1193,86 @@ public class XABizUtil {
 		return policyMatched;
 	}
 
+ 	/**
+ 	 * returns true if user is having required permission on given STORM
+ 	 * resource
+ 	 * 
+ 	 * @param resourceName
+ 	 * @param xResourceList
+ 	 * @param vXResponse
+ 	 * @param xUserId
+ 	 * @param permission
+ 	 * @return
+ 	 */
+ 	private boolean matchStormPolicy(String resourceName,
+ 			List<XXResource> xResourceList, VXResponse vXResponse, Long xUserId,
+ 			int permission) {
+ 
+ 		String[] splittedResources = stringUtil.split(resourceName,
+ 				File.separator);
+ 		int numberOfResources = splittedResources.length;
+ 		if (numberOfResources < 1 || numberOfResources > 3) {
+ 			logger.debug("Invalid policy name : " + resourceName);
+ 			return false;
+ 		}
+ 
+ 		boolean policyMatched = false;
+ 		// check all resources whether Knox policy is enabled in any resource
+ 		// of provided resource list
+ 		for (XXResource xResource : xResourceList) {
+ 			if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) {
+ 				continue;
+ 			}
+ 			Long resourceId = xResource.getId();
+ 			boolean hasPermission = checkUsrPermForPolicy(xUserId, permission,
+ 					resourceId);
+ 			// if permission is enabled then load Topologies,services list from resource
+ 			if (hasPermission) {
+ 				String[] xTopologies = (xResource.getTopologies() == null || xResource
+ 						.getTopologies().equalsIgnoreCase("")) ? null : stringUtil
+ 						.split(xResource.getTopologies(), ",");
+ 				/*String[] xServices = (xResource.getServices() == null || xResource
+ 						.getServices().equalsIgnoreCase("")) ? null
+ 						: stringUtil.split(xResource.getServices(), ",");*/
+ 
+ 				boolean matchFound = false;
+ 
+ 				for (int index = 0; index < numberOfResources; index++) {
+ 					matchFound = false;
+ 					// check whether given table resource matches with any
+ 					// existing topology resource
+ 					if (index == 0) {
+ 						if(xTopologies!=null){
+ 						for (String xTopology : xTopologies) {
+ 							if (matchPath(splittedResources[index], xTopology)) {
+ 								matchFound = true;
+ 								continue;
+ 							}
+ 						}
+ 						}
+ 					} // check whether given service resource matches with
+ 						// any existing service resource
+ 					/*else if (index == 1) {
+ 						if(xServices!=null){
+ 						for (String xService : xServices) {
+ 							if (matchPath(splittedResources[index],
+ 									xService)) {
+ 								matchFound = true;
+ 								continue;
+ 							}
+ 						}
+ 						}
+ 					}*/
+ 				}
+ 				if (matchFound) {
+ 					policyMatched = true;
+ 					break;
+ 				}
+ 			}
+ 		}
+ 		return policyMatched;
+ 	}
+
 	/**
 	 * returns path without meta characters
 	 *

[2/2] git commit: Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/incubator-argus

Posted by sn...@apache.org.

Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/incubator-argus


Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/8233fc25
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/8233fc25
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/8233fc25

Branch: refs/heads/master
Commit: 8233fc256016b1e63a91392a3b695b1837b197b4
Parents: 2f4ff7e da2ed83
Author: sneethiraj <sn...@apache.org>
Authored: Fri Sep 5 17:47:10 2014 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Fri Sep 5 17:47:10 2014 -0400

----------------------------------------------------------------------
 .../com/xasecure/knox/client/KnoxClient.java    | 88 ++------------------
 .../xasecure/knox/client/KnoxClientTest.java    | 36 ++++----
 2 files changed, 30 insertions(+), 94 deletions(-)
----------------------------------------------------------------------