You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/08/26 01:01:59 UTC
[7/7] incubator-ranger git commit: Merge branch 'master' into
tag-policy
Merge branch 'master' into tag-policy
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/cc2b96ec
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/cc2b96ec
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/cc2b96ec
Branch: refs/heads/tag-policy
Commit: cc2b96ec808d0748049ecd57f8ef05052a6095e3
Parents: f29f4fc 13cdf4f
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Tue Aug 25 16:01:37 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue Aug 25 16:01:37 2015 -0700
----------------------------------------------------------------------
.../audit/destination/DBAuditDestination.java | 5 +-
.../audit/entity/AuthzAuditEventDbObj.java | 144 +++++++++++++++++--
.../ranger/audit/model/AuditEventBase.java | 14 +-
.../ranger/audit/model/AuthzAuditEvent.java | 10 +-
.../ranger/audit/provider/DbAuditProvider.java | 4 +
agents-common/scripts/enable-agent.sh | 2 +-
hbase-agent/scripts/install.sh | 2 +-
hdfs-agent/scripts/install.sh | 2 +-
hive-agent/scripts/install.sh | 2 +-
.../main/java/org/apache/util/sql/Jisql.java | 1 +
kms/scripts/db_setup.py | 2 +-
kms/scripts/dba_script.py | 4 +-
kms/scripts/install.properties | 2 +-
kms/scripts/setup.sh | 4 +-
knox-agent/scripts/install.sh | 2 +-
security-admin/scripts/db_setup.py | 7 +-
security-admin/scripts/dba_script.py | 10 +-
security-admin/scripts/install.properties | 2 +-
security-admin/scripts/setup.sh | 4 +-
security-admin/src/bin/ranger_install.py | 4 +-
.../org/apache/ranger/biz/RangerBizUtil.java | 6 +-
.../webapp/scripts/models/RangerServiceDef.js | 4 +-
.../views/policies/RangerPolicyTableLayout.js | 11 +-
storm-agent/scripts/install.sh | 2 +-
24 files changed, 179 insertions(+), 71 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cc2b96ec/agents-audit/src/main/java/org/apache/ranger/audit/entity/AuthzAuditEventDbObj.java
----------------------------------------------------------------------
diff --cc agents-audit/src/main/java/org/apache/ranger/audit/entity/AuthzAuditEventDbObj.java
index c63aa62,d52a60a..e917ea2
--- a/agents-audit/src/main/java/org/apache/ranger/audit/entity/AuthzAuditEventDbObj.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/entity/AuthzAuditEventDbObj.java
@@@ -33,10 -33,11 +33,12 @@@ import javax.persistence.Temporal
import javax.persistence.TemporalType;
import javax.persistence.SequenceGenerator;
- import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+ import org.apache.commons.logging.Log;
+ import org.apache.commons.logging.LogFactory;
import org.apache.ranger.audit.model.EnumRepositoryType;
import org.apache.ranger.audit.model.AuthzAuditEvent;
+ import org.apache.ranger.audit.provider.MiscUtil;
/**
* Entity implementation class for Entity: AuthzAuditEventDbObj
@@@ -65,8 -83,61 +84,62 @@@ public class AuthzAuditEventDbObj imple
private String clientType;
private String clientIP;
private String requestData;
+ private String tags;
+ public static void init(Properties props)
+ {
+ LOG.info("AuthzAuditEventDbObj.init()");
+
+ final String AUDIT_DB_MAX_COLUMN_VALUE = "xasecure.audit.destination.db.max.column.length";
+ MaxValueLengthAccessType = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "access_type", MaxValueLengthAccessType);
+ logMaxColumnValue("access_type", MaxValueLengthAccessType);
+
+ MaxValueLengthAclEnforcer = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "acl_enforcer", MaxValueLengthAclEnforcer);
+ logMaxColumnValue("acl_enforcer", MaxValueLengthAclEnforcer);
+
+ MaxValueLengthAction = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "action", MaxValueLengthAction);
+ logMaxColumnValue("action", MaxValueLengthAction);
+
+ MaxValueLengthAgentId = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "agent_id", MaxValueLengthAgentId);
+ logMaxColumnValue("agent_id", MaxValueLengthAgentId);
+
+ MaxValueLengthClientIp = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "client_id", MaxValueLengthClientIp);
+ logMaxColumnValue("client_id", MaxValueLengthClientIp);
+
+ MaxValueLengthClientType = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "client_type", MaxValueLengthClientType);
+ logMaxColumnValue("client_type", MaxValueLengthClientType);
+
+ MaxValueLengthRepoName = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "repo_name", MaxValueLengthRepoName);
+ logMaxColumnValue("repo_name", MaxValueLengthRepoName);
+
+ MaxValueLengthResultReason = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "result_reason", MaxValueLengthResultReason);
+ logMaxColumnValue("result_reason", MaxValueLengthResultReason);
+
+ MaxValueLengthSessionId = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "session_id", MaxValueLengthSessionId);
+ logMaxColumnValue("session_id", MaxValueLengthSessionId);
+
+ MaxValueLengthRequestUser = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "request_user", MaxValueLengthRequestUser);
+ logMaxColumnValue("request_user", MaxValueLengthRequestUser);
+
+ MaxValueLengthRequestData = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "request_data", MaxValueLengthRequestData);
+ logMaxColumnValue("request_data", MaxValueLengthRequestData);
+
+ MaxValueLengthResourcePath = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "resource_path", MaxValueLengthResourcePath);
+ logMaxColumnValue("resource_path", MaxValueLengthResourcePath);
+
+ MaxValueLengthResourceType = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "resource_type", MaxValueLengthResourceType);
+ logMaxColumnValue("resource_type", MaxValueLengthResourceType);
+ }
+
+ public static void logMaxColumnValue(String columnName, int configuredMaxValueLength) {
+ LOG.info("Setting max column value for column[" + columnName + "] to [" + configuredMaxValueLength + "].");
+ if (configuredMaxValueLength == 0) {
+ LOG.info("Max length of column[" + columnName + "] was 0! Column will NOT be emitted in the audit.");
+ } else if (configuredMaxValueLength < 0) {
+ LOG.info("Max length of column[" + columnName + "] was less than 0! Column value will never be truncated.");
+ }
+ }
+
public AuthzAuditEventDbObj() {
super();
@@@ -260,14 -330,46 +333,55 @@@
public void setRequestData(String requestData) {
this.requestData = requestData;
}
+
+ @Column(name = "tags")
+ public String getTags() {
+ return this.tags;
+ }
+
+ public void setTags(String tags) {
+ this.tags = tags;
+ }
+
+ static final String TruncationMarker = "...";
+ static final int TruncationMarkerLength = TruncationMarker.length();
+
+ protected String truncate(String value, int limit, String columnName) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("==> getTrunctedValue(%s, %d, %s)", value, limit, columnName));
+ }
+
+ String result = value;
+ if (value != null) {
+ if (limit < 0) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Truncation is suppressed for column[%s]: old value [%s], new value[%s]", columnName, value, result));
+ }
+ } else if (limit == 0) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Column[%s] is to be excluded from audit: old value [%s], new value[%s]", columnName, value, result));
+ }
+ result = null;
+ } else {
+ if (value.length() > limit) {
+ if (limit <= TruncationMarkerLength) {
+ // NOTE: If value is to be truncated to a size that is less than of equal to the Truncation Marker then we won't put the marker in!!
+ result = value.substring(0, limit);
+ } else {
+ StringBuilder sb = new StringBuilder(value.substring(0, limit - TruncationMarkerLength));
+ sb.append(TruncationMarker);
+ result = sb.toString();
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Truncating value for column[%s] to [%d] characters: old value [%s], new value[%s]", columnName, limit, value, result));
+ }
+ }
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("<== getTrunctedValue(%s, %d, %s): %s", value, limit, columnName, result));
+ }
+ return result;
+ }
-
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cc2b96ec/agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cc2b96ec/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cc2b96ec/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
----------------------------------------------------------------------
diff --cc security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
index 93cffce,c809294..f3f233d
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
@@@ -383,11 -364,8 +382,11 @@@ define(function(require)
if(obj.label != XAEnums.ActiveStatus.STATUS_DELETED.label)
return obj;
});
- return _.map(activeStatusList, function(status) { return { 'label': status.label, 'value': status.label.toLowerCase()}; })
+ return _.map(activeStatusList, function(status) { return { 'label': status.label, 'value': status.label}; })
},
+ getNameOfPolicyTypeNVList : function() {
+ return _.map(XAEnums.PolicyType, function(type) { return { 'label': type.label, 'value': type.label};});
+ },
/** on close */
onClose: function(){
}