You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/05/20 00:14:39 UTC
[01/13] incubator-ranger git commit: RANGER-493 : Fix KMS dba script
to work from non-install location
Repository: incubator-ranger
Updated Branches:
refs/heads/tag-policy 79a4f9dbd -> b5a23b273
RANGER-493 : Fix KMS dba script to work from non-install location
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/8c3504ca
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/8c3504ca
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/8c3504ca
Branch: refs/heads/tag-policy
Commit: 8c3504ca5c9f78d154f719fdc477a88fa3bd3ec6
Parents: 5dc535e
Author: Gautam Borad <gb...@gmail.com>
Authored: Tue May 19 11:15:40 2015 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 15:08:22 2015 -0700
----------------------------------------------------------------------
kms/scripts/db_setup.py | 14 ++++++++------
kms/scripts/dba_script.py | 30 ++++++++++++++++--------------
2 files changed, 24 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8c3504ca/kms/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py
index 792327b..e7aa9a1 100644
--- a/kms/scripts/db_setup.py
+++ b/kms/scripts/db_setup.py
@@ -32,9 +32,11 @@ os_name = platform.system()
os_name = os_name.upper()
if os_name == "LINUX":
- RANGER_KMS_HOME = os.getcwd()
+ RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
+ if RANGER_KMS_HOME is None:
+ RANGER_KMS_HOME = os.getcwd()
elif os_name == "WINDOWS":
- RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
+ RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
def check_output(query):
if os_name == "LINUX":
@@ -119,7 +121,7 @@ class MysqlConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
@@ -189,7 +191,7 @@ class OracleConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, user, password)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password)
return jisql_cmd
@@ -275,7 +277,7 @@ class PostgresConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,self.host, db_name, user, password)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
@@ -345,7 +347,7 @@ class SqlServerConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, user, password, self.host,db_name)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
return jisql_cmd
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8c3504ca/kms/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py
index 0749038..327d5ca 100644
--- a/kms/scripts/dba_script.py
+++ b/kms/scripts/dba_script.py
@@ -31,9 +31,11 @@ os_name = platform.system()
os_name = os_name.upper()
if os_name == "LINUX":
+ RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
+ if RANGER_KMS_HOME is None:
RANGER_KMS_HOME = os.getcwd()
elif os_name == "WINDOWS":
- RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
+ RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
def call_keystore(libpath,aliasKey,aliasValue , filepath,getorcreate):
finalLibPath = libpath.replace('\\','/').replace('//','/')
@@ -81,7 +83,7 @@ def populate_global_dict():
elif os_name == "WINDOWS":
read_config_file = open(os.path.join(RANGER_KMS_HOME,'bin','install_config.properties'))
library_path = os.path.join(RANGER_KMS_HOME,"cred","lib","*")
- read_config_file = open(os.path.join(os.getcwd(),'install.properties'))
+ read_config_file = open(os.path.join(RANGER_KMS_HOME,'install.properties'))
for each_line in read_config_file.read().split('\n') :
if len(each_line) == 0 : continue
if re.search('=', each_line):
@@ -136,9 +138,9 @@ class MysqlConf(BaseDB):
def get_jisql_cmd(self, user, password ,db_name):
#TODO: User array for forming command
- path = os.getcwd()
+ path = RANGER_KMS_HOME
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
elif os_name == "WINDOWS":
self.JAVA_BIN = self.JAVA_BIN.strip("'")
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
@@ -321,9 +323,9 @@ class OracleConf(BaseDB):
def get_jisql_cmd(self, user, password):
#TODO: User array for forming command
- path = os.getcwd()
+ path = RANGER_KMS_HOME
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, user, password)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password)
return jisql_cmd
@@ -517,10 +519,10 @@ class PostgresConf(BaseDB):
def get_jisql_cmd(self, user, password, db_name):
#TODO: User array for forming command
- path = os.getcwd()
+ path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,self.host, db_name, user, password)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
@@ -714,10 +716,10 @@ class SqlServerConf(BaseDB):
def get_jisql_cmd(self, user, password, db_name):
#TODO: User array for forming command
- path = os.getcwd()
+ path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
return jisql_cmd
@@ -1043,7 +1045,7 @@ def main(argv):
if XA_DB_FLAVOR == "MYSQL":
MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN)
- xa_db_core_file = os.path.join(os.getcwd(),mysql_core_file)
+ xa_db_core_file = os.path.join(RANGER_KMS_HOME,mysql_core_file)
elif XA_DB_FLAVOR == "ORACLE":
ORACLE_CONNECTOR_JAR=CONNECTOR_JAR
@@ -1052,17 +1054,17 @@ def main(argv):
elif os_name == "WINDOWS":
xa_db_root_user = xa_db_root_user
xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
- xa_db_core_file = os.path.join(os.getcwd(),oracle_core_file)
+ xa_db_core_file = os.path.join(RANGER_KMS_HOME,oracle_core_file)
elif XA_DB_FLAVOR == "POSTGRES":
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
- xa_db_core_file = os.path.join(os.getcwd(),postgres_core_file)
+ xa_db_core_file = os.path.join(RANGER_KMS_HOME,postgres_core_file)
elif XA_DB_FLAVOR == "MSSQL":
SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = SqlServerConf(xa_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
- xa_db_core_file = os.path.join(os.getcwd(),sqlserver_core_file)
+ xa_db_core_file = os.path.join(RANGER_KMS_HOME,sqlserver_core_file)
else:
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
[05/13] incubator-ranger git commit: RANGER-488: updated README.txt
with build steps
Posted by ma...@apache.org.
RANGER-488: updated README.txt with build steps
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2c16bc8f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2c16bc8f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2c16bc8f
Branch: refs/heads/tag-policy
Commit: 2c16bc8fcdb166b823f126b61e893bdb35f3f170
Parents: dc8ef17
Author: sneethiraj <sn...@apache.org>
Authored: Tue May 19 01:44:24 2015 -0400
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 15:08:22 2015 -0700
----------------------------------------------------------------------
README.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c16bc8f/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index d410e18..b5fad2e 100644
--- a/README.txt
+++ b/README.txt
@@ -6,7 +6,7 @@ Build Process
2. On the root folder, please execute the following Maven command:
$ mvn clean compile package install assembly:assembly
- $ mvn eclise:eclipse
+ $ mvn eclipse:eclipse
3. After the above build command execution, you should see the following TAR files in the target folder:
[04/13] incubator-ranger git commit: RANGER-492: Added new ldap/ad
properties in windows install
Posted by ma...@apache.org.
RANGER-492: Added new ldap/ad properties in windows install
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/5dc535e6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/5dc535e6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/5dc535e6
Branch: refs/heads/tag-policy
Commit: 5dc535e61185a305c74d567c83963752338e21f0
Parents: 8034858
Author: Velmurugan Periasamy <ve...@apache.org>
Authored: Tue May 19 01:50:49 2015 -0400
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 15:08:22 2015 -0700
----------------------------------------------------------------------
security-admin/src/bin/ranger_install.py | 74 +++++++++++++++++++-
.../handler/RangerAuthenticationProvider.java | 12 ++--
2 files changed, 78 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5dc535e6/security-admin/src/bin/ranger_install.py
----------------------------------------------------------------------
diff --git a/security-admin/src/bin/ranger_install.py b/security-admin/src/bin/ranger_install.py
index a3c7836..346f292 100644
--- a/security-admin/src/bin/ranger_install.py
+++ b/security-admin/src/bin/ranger_install.py
@@ -893,11 +893,81 @@ def update_properties():
else:
propertyName="ranger.jpa.jdbc.password"
newPropertyValue=os.getenv("RANGER_ADMIN_DB_PASSWORD")
- cObj.set('dummysection',propertyName,newPropertyValue)
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.password"
newPropertyValue=os.getenv("RANGER_AUDIT_DB_PASSWORD")
- cObj.set('dummysection',propertyName,newPropertyValue)
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ if os.getenv("RANGER_AUTHENTICATION_METHOD") == "LDAP":
+ propertyName="ranger.authentication.method"
+ newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.url"
+ newPropertyValue=os.getenv("RANGER_LDAP_URL")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.user.dnpattern"
+ newPropertyValue=os.getenv("RANGER_LDAP_USERDNPATTERN")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.group.searchbase"
+ newPropertyValue=os.getenv("RANGER_LDAP_GROUPSEARCHBASE")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.group.searchfilter"
+ newPropertyValue=os.getenv("RANGER_LDAP_GROUPSEARCHFILTER")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.group.roleattribute"
+ newPropertyValue=os.getenv("RANGER_LDAP_GROUPROLEATTRIBUTE")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.base.dn"
+ newPropertyValue=os.getenv("RANGER_LDAP_BASE_DN")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.bind.dn"
+ newPropertyValue=os.getenv("RANGER_LDAP_BIND_DN")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.bind.password"
+ newPropertyValue="_"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.referral"
+ newPropertyValue=os.getenv("RANGER_LDAP_REFERRAL")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ elif os.getenv("RANGER_AUTHENTICATION_METHOD") == "ACTIVE_DIRECTORY":
+ propertyName="ranger.authentication.method"
+ newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.ad.domain"
+ newPropertyValue=os.getenv("RANGER_LDAP_AD_DOMAIN")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.ad.url"
+ newPropertyValue=os.getenv("RANGER_LDAP_AD_URL")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.ad.base.dn"
+ newPropertyValue=os.getenv("RANGER_LDAP_AD_BASE_DN")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.ad.bind.dn"
+ newPropertyValue=os.getenv("RANGER_LDAP_AD_BIND_DN")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.ad.bind.password"
+ newPropertyValue="_"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ad.referral"
+ newPropertyValue=os.getenv("RANGER_LDAP_AD_REFERRAL")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
def setup_authentication(authentication_method, xmlPath):
if authentication_method == "UNIX":
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5dc535e6/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index 5446dc4..3275a8e 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -230,12 +230,12 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
.authenticate(finalAuthentication);
return authentication;
} else {
- return null;
+ return authentication;
}
} catch (Exception e) {
logger.debug("LDAP Authentication Failed:", e);
}
- return null;
+ return authentication;
}
public Authentication getADAuthentication(Authentication authentication) {
@@ -272,7 +272,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
.authenticate(finalAuthentication);
return authentication;
} else {
- return null;
+ return authentication;
}
}catch (Exception e) {
logger.debug("AD Authentication Failed:", e);
@@ -330,7 +330,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
.authenticate(finalAuthentication);
return authentication;
} else {
- return null;
+ return authentication;
}
} catch (Exception e) {
logger.debug("Unix Authentication Failed:", e);
@@ -402,7 +402,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
return authentication;
} else {
- return null;
+ return authentication;
}
} catch (Exception e) {
logger.debug("AD Authentication Failed:", e);
@@ -463,7 +463,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
return authentication;
} else {
- return null;
+ return authentication;
}
} catch (Exception e) {
logger.debug("LDAP Authentication Failed:", e);
[02/13] incubator-ranger git commit: RANGER-489 : Revise Top
navigation menu
Posted by ma...@apache.org.
RANGER-489 : Revise Top navigation menu
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ce43b397
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ce43b397
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ce43b397
Branch: refs/heads/tag-policy
Commit: ce43b3978adef90fba382f81f809fe2a6780848b
Parents: 3ecc107
Author: Gautam Borad <gb...@gmail.com>
Authored: Mon May 18 19:06:31 2015 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 15:08:22 2015 -0700
----------------------------------------------------------------------
.../db/mysql/patches/013-permissionmodel.sql | 2 +-
.../db/oracle/patches/013-permissionmodel.sql | 6 +-
.../db/postgres/xa_core_db_postgres.sql | 6 +-
.../db/sqlserver/xa_core_db_sqlserver.sql | 6 +-
.../java/org/apache/ranger/biz/XUserMgr.java | 17 +++---
.../apache/ranger/common/RangerConstants.java | 6 +-
.../webapp/scripts/controllers/Controller.js | 59 ++++++++-----------
.../webapp/scripts/models/RangerServiceDef.js | 2 +-
.../src/main/webapp/scripts/modules/XALinks.js | 16 ++---
.../main/webapp/scripts/modules/XAOverrides.js | 2 +-
.../scripts/modules/globalize/message/en.js | 9 ++-
.../src/main/webapp/scripts/utils/XAEnums.js | 8 +++
.../src/main/webapp/scripts/utils/XAGlobals.js | 27 ++++-----
.../src/main/webapp/scripts/utils/XAUtils.js | 54 ++++++++++++++---
.../main/webapp/scripts/views/common/TopNav.js | 25 ++++++++
.../views/permissions/ModulePermissionCreate.js | 30 ----------
.../webapp/scripts/views/reports/AuditLayout.js | 33 ++++-------
security-admin/src/main/webapp/styles/xa.css | 4 ++
.../webapp/templates/common/TopNav_tmpl.html | 62 +++++++++++---------
.../reports/AssetOperationDiff_tmpl.html | 4 +-
.../reports/AssetUpdateOperationDiff_tmpl.html | 2 +-
.../templates/service/ServiceCreate_tmpl.html | 4 +-
.../templates/service/ServiceForm_tmpl.html | 2 +-
23 files changed, 207 insertions(+), 179 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/db/mysql/patches/013-permissionmodel.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/patches/013-permissionmodel.sql b/security-admin/db/mysql/patches/013-permissionmodel.sql
index 4bf3e8e..ffd261b 100644
--- a/security-admin/db/mysql/patches/013-permissionmodel.sql
+++ b/security-admin/db/mysql/patches/013-permissionmodel.sql
@@ -25,7 +25,7 @@ CREATE TABLE `x_modules_master` (
PRIMARY KEY (`id`)
);
-INSERT INTO `x_modules_master` VALUES (1,now(),now(),1,1,'Policy Manager',''),(2,now(),now(),1,1,'Users/Groups',''),(3,now(),now(),1,1,'Analytics',''),(4,now(),now(),1,1,'Audit',''),(5,now(),now(),1,1,'KMS','');
+INSERT INTO `x_modules_master` VALUES (1,now(),now(),1,1,'Resource Based Policies',''),(2,now(),now(),1,1,'Users/Groups',''),(3,now(),now(),1,1,'Reports',''),(4,now(),now(),1,1,'Audit',''),(5,now(),now(),1,1,'Key Manager','');
DROP TABLE IF EXISTS `x_user_module_perm`;
CREATE TABLE `x_user_module_perm` (
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/db/oracle/patches/013-permissionmodel.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/013-permissionmodel.sql b/security-admin/db/oracle/patches/013-permissionmodel.sql
index 9504261..4ac7901 100644
--- a/security-admin/db/oracle/patches/013-permissionmodel.sql
+++ b/security-admin/db/oracle/patches/013-permissionmodel.sql
@@ -26,11 +26,11 @@ url VARCHAR(1024) DEFAULT NULL NULL,
PRIMARY KEY (id)
);
COMMIT;
-INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Policy Manager','');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Resource Based Policies','');
INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Users/Groups','');
-INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Analytics','');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Reports','');
INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Audit','');
-INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'KMS','');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Key Manager','');
COMMIT;
CREATE SEQUENCE X_USER_MODULE_PERM_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE x_user_module_perm(
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/db/postgres/xa_core_db_postgres.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/postgres/xa_core_db_postgres.sql b/security-admin/db/postgres/xa_core_db_postgres.sql
index b022543..61389aa 100644
--- a/security-admin/db/postgres/xa_core_db_postgres.sql
+++ b/security-admin/db/postgres/xa_core_db_postgres.sql
@@ -933,11 +933,11 @@ url VARCHAR(1024) DEFAULT NULL NULL,
PRIMARY KEY(id)
);
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Policy Manager','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Resource Based Policies','');
INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Users/Groups','');
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Analytics','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Reports','');
INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Audit','');
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'KMS','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Key Manager','');
DROP TABLE IF EXISTS x_user_module_perm CASCADE;
DROP SEQUENCE IF EXISTS x_user_module_perm_seq;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
index ed573f1..9fbd4b1 100644
--- a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
@@ -2763,15 +2763,15 @@ CREATE NONCLUSTERED INDEX [x_grp_module_perm_idx_moduleid] ON [x_group_module_pe
)
WITH (SORT_IN_TEMPDB = OFF, DROP_EXISTING = OFF, IGNORE_DUP_KEY = OFF, ONLINE = OFF) ON [PRIMARY]
GO
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Policy Manager','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Resource Based Policies','');
GO
INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Users/Groups','');
GO
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Analytics','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Reports','');
GO
INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Audit','');
GO
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'KMS','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Key Manager','');
GO
insert into x_portal_user (CREATE_TIME,UPDATE_TIME,FIRST_NAME,LAST_NAME,PUB_SCR_NAME,LOGIN_ID,PASSWORD,EMAIL,STATUS) values (CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,'rangerusersync','','rangerusersync','rangerusersync','70b8374d3dfe0325aaa5002a688c7e3b','rangerusersync',1);
GO
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 49be508..4d649c2 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -266,20 +266,20 @@ public class XUserMgr extends XUserMgrBase {
if (role.equals(RangerConstants.ROLE_USER)) {
insertMappingUserPermisson(vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_ANALYTICS),
+ moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES),
isCreate);
insertMappingUserPermisson(
vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),
+ moduleNameId.get(RangerConstants.MODULE_REPORTS),
isCreate);
} else if (role.equals(RangerConstants.ROLE_SYS_ADMIN)) {
insertMappingUserPermisson(vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_ANALYTICS),
+ moduleNameId.get(RangerConstants.MODULE_REPORTS),
isCreate);
insertMappingUserPermisson(
vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),
+ moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES),
isCreate);
insertMappingUserPermisson(vXPortalUser.getId(),
moduleNameId.get(RangerConstants.MODULE_AUDIT),
@@ -295,16 +295,13 @@ public class XUserMgr extends XUserMgrBase {
isCreate);
} else if (role.equals(RangerConstants.ROLE_KEY_ADMIN)) {
insertMappingUserPermisson(vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_KMS), isCreate);
+ moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER), isCreate);
insertMappingUserPermisson(vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_ANALYTICS),
+ moduleNameId.get(RangerConstants.MODULE_REPORTS),
isCreate);
insertMappingUserPermisson(
vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),
- isCreate);
- insertMappingUserPermisson(vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_AUDIT),
+ moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES),
isCreate);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
index a3a9c7b..c65981b 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
@@ -66,12 +66,12 @@ public class RangerConstants extends RangerCommonEnums {
public static final String SENDGRID_REPLY_TO = "replyto";
//Permission Names
- public static final String MODULE_POLICY_MANAGER="Policy Manager";
+ public static final String MODULE_RESOURCE_BASED_POLICIES="Resource Based Policies";
public static final String MODULE_USER_GROUPS="Users/Groups";
- public static final String MODULE_ANALYTICS="Analytics";
+ public static final String MODULE_REPORTS="Reports";
public static final String MODULE_AUDIT="Audit";
public static final String MODULE_PERMISSION="Permissions";
- public static final String MODULE_KMS="KMS";
+ public static final String MODULE_KEY_MANAGER="Key Manager";
// User create validation errors
public enum ValidationUserProfile {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/scripts/controllers/Controller.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/controllers/Controller.js b/security-admin/src/main/webapp/scripts/controllers/Controller.js
index 60f8976..ec7ccee 100755
--- a/security-admin/src/main/webapp/scripts/controllers/Controller.js
+++ b/security-admin/src/main/webapp/scripts/controllers/Controller.js
@@ -57,7 +57,7 @@ define(function(require) {
//************** Analytics(reports) Related *********************/
userAccessReportAction : function(){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.Analytics.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
var view = require('views/reports/UserAccessLayout');
var RangerPolicyList = require('collections/RangerPolicyList');
var VXGroupList = require('collections/VXGroupList');
@@ -132,7 +132,7 @@ define(function(require) {
/************** UserORGroups Related *********************/
userManagerAction :function(tab){
MAppState.set({
- 'currentTab' : XAGlobals.AppTabs.Users.value
+ 'currentTab' : XAGlobals.AppTabs.Settings.value
});
var view = require('views/users/UserTableLayout');
var VXUserList = require('collections/VXUserList');
@@ -148,7 +148,7 @@ define(function(require) {
},
userCreateAction : function(){
MAppState.set({
- 'currentTab' : XAGlobals.AppTabs.Users.value
+ 'currentTab' : XAGlobals.AppTabs.Settings.value
});
var view = require('views/users/UserCreate');
var VXUser = require('models/VXUser');
@@ -167,7 +167,7 @@ define(function(require) {
},
userEditAction : function(userId){
MAppState.set({
- 'currentTab' : XAGlobals.AppTabs.Users.value
+ 'currentTab' : XAGlobals.AppTabs.Settings.value
});
var view = require('views/users/UserCreate');
var VXUser = require('models/VXUser');
@@ -184,7 +184,7 @@ define(function(require) {
},
groupCreateAction : function(){
MAppState.set({
- 'currentTab' : XAGlobals.AppTabs.Users.value
+ 'currentTab' : XAGlobals.AppTabs.Settings.value
});
var view = require('views/users/GroupCreate');
var VXGroup = require('models/VXGroup');
@@ -198,7 +198,7 @@ define(function(require) {
},
groupEditAction : function(groupId){
MAppState.set({
- 'currentTab' : XAGlobals.AppTabs.Users.value
+ 'currentTab' : XAGlobals.AppTabs.Settings.value
});
var view = require('views/users/GroupCreate');
var VXGroup = require('models/VXGroup');
@@ -220,7 +220,7 @@ define(function(require) {
/************************************************************/
serviceManagerAction :function(){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.PolicyManager.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
console.log('Policy Manager action called..');
var view = require('views/policymanager/ServiceLayout');
var RangerServiceDefList = require('collections/RangerServiceDefList');
@@ -240,7 +240,7 @@ define(function(require) {
},
serviceCreateAction :function(serviceTypeId){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.PolicyManager.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
var view = require('views/service/ServiceCreate');
var RangerServiceDef = require('models/RangerServiceDef');
var RangerService = require('models/RangerService');
@@ -254,7 +254,7 @@ define(function(require) {
}));
},
serviceEditAction :function(serviceTypeId, serviceId){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.PolicyManager.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
var view = require('views/service/ServiceCreate');
var RangerServiceDef = require('models/RangerServiceDef');
var RangerService = require('models/RangerService');
@@ -273,7 +273,7 @@ define(function(require) {
},
policyManageAction :function(serviceId){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.PolicyManager.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
var XAUtil = require('utils/XAUtils');
var view = require('views/policies/RangerPolicyTableLayout');
var RangerService = require('models/RangerService');
@@ -296,7 +296,7 @@ define(function(require) {
}));
},
RangerPolicyCreateAction :function(serviceId){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.PolicyManager.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
var view = require('views/policies/RangerPolicyCreate');
var RangerService = require('models/RangerService');
@@ -313,7 +313,7 @@ define(function(require) {
});
},
RangerPolicyEditAction :function(serviceId, policyId){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.PolicyManager.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
var view = require('views/policies/RangerPolicyCreate');
var RangerService = require('models/RangerService');
@@ -336,7 +336,7 @@ define(function(require) {
},
/************PERMISSIONS LISTING *****************************************/
modulePermissionsAction :function(){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.Permissions.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.Settings.value });
var view = require('views/permissions/ModulePermsTableLayout');
var ModulePermission = require('models/VXModuleDef');
var ModulePermissionList = require('collections/VXModuleDefList');
@@ -354,7 +354,7 @@ define(function(require) {
},
modulePermissionEditAction : function(moduleId){
MAppState.set({
- 'currentTab' : XAGlobals.AppTabs.Permissions.value
+ 'currentTab' : XAGlobals.AppTabs.Settings.value
});
var view = require('views/permissions/ModulePermissionCreate');
var ModulePermission = require('models/VXModuleDef');
@@ -371,29 +371,16 @@ define(function(require) {
});
},
postLoginDefaultView : function(){
- var SessionMgr = require('mgrs/SessionMgr');
- var XAGlobals = require('utils/XAGlobals');
- var XALinks = require('modules/XALinks');
- var vXPortalUser = SessionMgr.getUserProfile();
- var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName');
- if (_.contains(userModuleNames, 'Policy Manager')){
- location.hash = XALinks.get('ServiceManager').href;
- }else if(_.contains(userModuleNames, 'Users/Groups')){
- location.hash = XALinks.get('Users').href;
- }else if(_.contains(userModuleNames, 'Analytics')){
- location.hash = XALinks.get('UserAccessReport').href;
- }else if(_.contains(userModuleNames, 'Audit')){
- location.hash = XALinks.get('AuditReport').href +'/bigData';
- }else if(SessionMgr.isSystemAdmin()){
- location.hash = XALinks.get('ModulePermissions').href;
- }else{
- //If a user doesnot has access to any tab - taking user to by default Profile page.
- location.hash = XALinks.get('UserProfile').href;
- }
- },
+ var SessionMgr = require('mgrs/SessionMgr');
+ var XAGlobals = require('utils/XAGlobals');
+ var XAUtils = require('utils/XAUtils');
+ var vXPortalUser = SessionMgr.getUserProfile();
+ var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName');
+ XAUtils.setLocationHash(userModuleNames);
+ },
/************** KMS *********************/
kmsManagerAction :function(kmsManagePage, kmsServiceName){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.KMS.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.Encryption.value });
var view = require('views/kms/KMSTableLayout');
var KmsKeyList = require('collections/VXKmsKeyList');
App.rContent.show(new view({
@@ -403,7 +390,7 @@ define(function(require) {
}));
},
kmsKeyCreateAction : function(kmsServiceName){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.KMS.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.Encryption.value });
var view = require('views/kms/KmsKeyCreate');
var KmsKey = require('models/VXKmsKey');
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js b/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js
index e628ee5..f76938d 100644
--- a/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js
+++ b/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js
@@ -57,7 +57,7 @@ define(function(require){
return _.extend(attrs,{
name : {
type : 'Text',
- title : 'Repository Name *',
+ title : 'Service Name *',
validators : ['required'],
editorAttrs :{ maxlength: 255},
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/scripts/modules/XALinks.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/XALinks.js b/security-admin/src/main/webapp/scripts/modules/XALinks.js
index b4d4483..efa3454 100755
--- a/security-admin/src/main/webapp/scripts/modules/XALinks.js
+++ b/security-admin/src/main/webapp/scripts/modules/XALinks.js
@@ -110,12 +110,12 @@ define(function(require) {
title: 'h.managePolices'
},
PolicyCreate: {
- href : '#!/policy/create',
+ href : 'javascipt:;',
text: 'h.createPolicy',
title: 'h.createPolicy'
},
PolicyEdit: {
- href : '#!/policy/create',
+ href : 'javascipt:;',
text: 'h.editPolicy',
title: 'h.editPolicy'
},
@@ -198,8 +198,8 @@ define(function(require) {
}
return {
href : href,
- text : 'lbl.editAsset',
- title: 'lbl.editAsset'
+ text : 'lbl.editService',
+ title: 'lbl.editService'
};
},
@@ -210,8 +210,8 @@ define(function(require) {
}
return {
href : href,
- text : 'lbl.createAsset',
- title: 'lbl.createAsset'
+ text : 'lbl.createService',
+ title: 'lbl.createService'
};
},
ServiceEdit : function(options){
@@ -224,8 +224,8 @@ define(function(require) {
}
return {
href : href,
- text : 'lbl.editAsset',
- title: 'lbl.editAsset'
+ text : 'lbl.editService',
+ title: 'lbl.editService'
};
},
ManagePolicies : function(options){
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
index 2d36a98..b7af13a 100644
--- a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
+++ b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
@@ -480,7 +480,7 @@
}
//reset values
that.value.isExcludes = false;
- that.value.isRecursive = true;
+ that.value.isRecursive = false;
that.$excludeSupport.trigger('toggleOn');
that.$recursiveSupport.trigger('toggleOn');
($(e.currentTarget).addClass('dirtyField'))
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index 30450e2..8532152 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -223,7 +223,10 @@ define(function(require) {
version : 'Version',
attributes : 'Attributes',
material : 'Material',
- addNewConfig : 'Add New Configurations'
+ addNewConfig : 'Add New Configurations',
+ createService : 'Create Service',
+ editService : 'Edit Service',
+ serviceDetails : 'Service Details'
},
btn : {
add : 'Add',
@@ -287,8 +290,10 @@ define(function(require) {
permissions : 'Permissions',
kms : 'KMS',
keyCreate : 'Key Create',
- keyEdit : 'Key Edit',
+ keyEdit : 'Key Edit',
searchForKeys :"Search for your keys...",
+ encryption : 'Encryption',
+ settings : 'Settings',
},
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/scripts/utils/XAEnums.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAEnums.js b/security-admin/src/main/webapp/scripts/utils/XAEnums.js
index 1e619a0..98cc0c8 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAEnums.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAEnums.js
@@ -355,6 +355,14 @@ define(function(require) {
});
+
+ XAEnums.MenuPermissions = mergeParams(XAEnums.MenuPermissions, {
+ XA_RESOURCE_BASED_POLICIES:{value:0, label:'Resource Based Policies', rbkey:'xa.enum.MenuPermissions.XA_RESOURCE_BASED_POLICIES', tt: 'lbl.XAPermForType_XA_PERM_FOR_UNKNOWN'},
+ XA_USER_GROUPS:{value:1, label:'Users/Groups', rbkey:'xa.enum.MenuPermissions.XA_USER_GROUP', tt: 'lbl.XAPermForType_XA_PERM_FOR_USER'},
+ XA_REPORTS:{value:2, label:'Reports', rbkey:'xa.enum.MenuPermissions.XA_REPORTS', tt: 'lbl.XAPermForType_XA_PERM_FOR_GROUP'},
+ XA_AUDITS:{value:3, label:'Audit', rbkey:'xa.enum.MenuPermissions.XA_AUDITS', tt: 'lbl.XAPermForType_XA_PERM_FOR_GROUP'},
+ XA_KEY_MANAGER:{value:4, label:'Key Manager', rbkey:'xa.enum.MenuPermissions.XA_KEY_MANAGER', tt: 'lbl.XAPermForType_XA_PERM_FOR_GROUP'}
+ });
return XAEnums;
});
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
index 1de57bc..21b3cb4 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
@@ -44,13 +44,11 @@ define(function(require){
XAGlobals.version = 0;//0 : production version 1: any other
XAGlobals.AppTabs = {
Dashboard : { value:1, valStr: 'Dashboard'},
- PolicyManager : { value:2, valStr: 'Policy'},
- Users : { value:3, valStr: 'Users'},
- Analytics : { value:4, valStr: 'Analytics'},
- Audit : { value:5, valStr: 'Audit'},
- Permissions : { value:6, valStr:'Permissions'},
- KMS : { value:7, valStr: 'KMS'},
- None : { value:8, valStr: 'None'}
+ AccessManager : { value:2, valStr: 'Access Manager'},
+ Audit : { value:3, valStr: 'Audit'},
+ Encryption : { value:4, valStr: 'Encryption'},
+ Settings : { value:5, valStr: 'Settings'},
+ None : { value:6, valStr: 'None'}
};
XAGlobals.BooleanValue = {
@@ -65,12 +63,13 @@ define(function(require){
'groupEditAction','auditReportAction','loginSessionDetail','serviceCreateAction','serviceEditAction','modulePermissionsAction','modulePermissionEditAction'];
XAGlobals.ListOfModuleActions = {
- 'Policy Manager':['serviceManagerAction','serviceCreateAction','serviceEditAction', 'policyManageAction','RangerPolicyCreateAction','RangerPolicyEditAction'],
- 'Users/Groups' : ['userManagerAction','userCreateAction','userEditAction','groupCreateAction','groupEditAction'],
- 'Analytics' : ['userAccessReportAction'],
- 'Audit' : ['auditReportAction','loginSessionDetail'],
- 'Permissions' : ['modulePermissionsAction','modulePermissionEditAction'],
- 'KMS' : ['kmsManagerAction','kmsKeyCreateAction']
- };
+ 'Access Manager' : { 'Resource Based Policies' : ['serviceManagerAction','serviceCreateAction','serviceEditAction', 'policyManageAction','RangerPolicyCreateAction','RangerPolicyEditAction'],
+ 'Reports' : ['userAccessReportAction'] },
+ 'Audit' : ['auditReportAction','loginSessionDetail'],
+ 'Encryption' : {'Key Manager' : ['kmsManagerAction','kmsKeyCreateAction'] },
+ 'Settings' : {'Users/Groups' : ['userManagerAction','userCreateAction','userEditAction','groupCreateAction','groupEditAction'],
+ 'Permissions' : ['modulePermissionsAction','modulePermissionEditAction'] },
+ };
+
return XAGlobals;
});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/scripts/utils/XAUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index b87ff51..89668a2 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -1009,17 +1009,35 @@ define(function(require) {
var that = this;
var vXPortalUser = SessionMgr.getUserProfile();
var denyControllerActions = [];
- var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),
- 'moduleName');
- var groupModuleNames = _.pluck(
- vXPortalUser.get('groupPermissions'), 'moduleName');
+ var denyModulesObj = [];
+ var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName');
+ var groupModuleNames = _.pluck(vXPortalUser.get('groupPermissions'), 'moduleName');
var moduleNames = _.union(userModuleNames, groupModuleNames);
- var denyModulesObj = _.omit(XAGlobals.ListOfModuleActions,
- moduleNames);
+ //TODO
+ /*if($.inArray('Policy Manager',moduleNames) >= 0){
+ moduleNames.push('Resource Based Policies')
+ }
+ if($.inArray('Analytics',moduleNames) >= 0){
+ moduleNames.push('Reports')
+ }
+ if($.inArray('KMS',moduleNames) >= 0){
+ moduleNames.push('Key Manager')
+ }*/
+ _.each(XAGlobals.ListOfModuleActions,function(val,key){
+ if(!_.isArray(val)){
+ _.each(val,function(val1,key1){
+ if($.inArray(key1,moduleNames) < 0){
+ denyModulesObj = val1.concat(denyModulesObj)
+ }
+ });
+ }else{
+ if($.inArray(key,moduleNames) < 0){
+ denyModulesObj = val.concat(denyModulesObj)
+ }
+ }
+ });
if (!_.isEmpty(denyModulesObj)) {
- _.each(denyModulesObj, function(deniedModule) {
- denyControllerActions.push(_.values(deniedModule));
- });
+ denyControllerActions.push(_.values(denyModulesObj));
denyControllerActions = _.flatten(denyControllerActions);
}
@@ -1041,5 +1059,23 @@ define(function(require) {
XAUtils.getRangerServiceByName = function(name) {
return "service/plugins/services/name/" + name;
};
+ XAUtils.setLocationHash = function(userModuleNames) {
+ var XALinks = require('modules/XALinks');
+ var SessionMgr = require('mgrs/SessionMgr');
+ if (_.contains(userModuleNames, XAEnums.MenuPermissions.XA_RESOURCE_BASED_POLICIES.label)){
+ location.hash = XALinks.get('ServiceManager').href;
+ }else if(_.contains(userModuleNames,XAEnums.MenuPermissions.XA_USER_GROUPS.label)){
+ location.hash = XALinks.get('Users').href;
+ }else if(_.contains(userModuleNames, XAEnums.MenuPermissions.XA_REPORTS.label)){
+ location.hash = XALinks.get('UserAccessReport').href;
+ }else if(_.contains(userModuleNames, XAEnums.MenuPermissions.XA_AUDITS.label)){
+ location.hash = XALinks.get('AuditReport').href +'/bigData';
+ }else if(SessionMgr.isSystemAdmin()){
+ location.hash = XALinks.get('ModulePermissions').href;
+ }else{
+ //If a user doesnot has access to any tab - taking user to by default Profile page.
+ location.hash = XALinks.get('UserProfile').href;
+ }
+ }
return XAUtils;
});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/scripts/views/common/TopNav.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/common/TopNav.js b/security-admin/src/main/webapp/scripts/views/common/TopNav.js
index 7e34aa4..0e7c6e9 100644
--- a/security-admin/src/main/webapp/scripts/views/common/TopNav.js
+++ b/security-admin/src/main/webapp/scripts/views/common/TopNav.js
@@ -73,6 +73,28 @@ define(function(require){
that.$('ul li:first').addClass('active');
});
$.cookie('clientTimeOffset', new Date().getTimezoneOffset());
+
+ //To hide top menu when user don't have access to all it's sub menu's
+ _.each($(this.$el.find('.page-nav ul')), function(ul) {
+ if($(ul).find('li').length <= 0){
+ $(ul).parent('.dropdown').hide();
+ }
+ });
+
+ //Set TopMenu href's
+ var pageNavUl= this.$el.find('.page-nav')
+ _.each(pageNavUl.find('.dropdown'),function(li){
+ var href = $(li).find('.dropdown-menu li').first().find('a').attr('href')
+ var menuAnchor = $(li).find('.dropdown-menu').siblings();
+ menuAnchor.attr('href',href);
+ });
+
+ this.$el.find(".dropdown").hover(function(e) {
+ $(e.currentTarget).children('').show();
+ }, function(e) {
+ $(e.currentTarget).children('ul').hide();
+ });
+
},
/** all post render plugin initialization */
@@ -87,6 +109,9 @@ define(function(require){
this.$('ul li').removeClass('active');
this.$('#nav' + this.appState.get('currentTab')).parent().addClass('active');
},
+ mainManuURLS : function() {
+
+ },
/** on close */
onClose: function(){
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
index 8a9ff83..7981d34 100644
--- a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
+++ b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
@@ -141,37 +141,7 @@ define(function(require){
XAUtil.allowNavigation();
var msg = that.editMode ? 'Module Permissions updated successfully' :'Module Permissions created successfully';
XAUtil.notifySuccess('Success', msg);
- if(that.editMode){
- App.appRouter.navigate("#!/permissions",{trigger: true});
- return;
- }
App.appRouter.navigate("#!/permissions",{trigger: true});
-
- var modulePermissionList = new VXModuleDefList();
-
- modulePermissionList.fetch({
- cache:false
- }).done(function(){
- var newColl = modulePermissionList;
- modulePermissionList.getLastPage({
- cache : false,
- success : function(collection, response, options){
- App.rContent.show(new UserTableLayout({
- collection : collection,
- }));
- newColl = collection;
- }
- }).done(function(){
- var model = newColl.get(that.model.id);
- if(model){
- model.trigger("model:highlightBackgridRow");
- }
- });
-
- App.rContent.show(new UserTableLayout({
- collection : modulePermissionList
- }));
- });
} ,
error : function(model,resp){
XAUtil.blockUI('unblock');
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
index 25d6d7e..2f418be 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
@@ -172,14 +172,13 @@ define(function(require) {
<th class="renderable pid"></th>\
<th class="renderable ruser"></th>\
<th class="renderable ruser"></th>\
- <th class="renderable cip">Repository</th>\
+ <th class="renderable cip">Service</th>\
<th class="renderable name" ></th>\
<th class="renderable cip"></th>\
<th class="renderable cip"></th>\
<th class="renderable cip"> </th>\
<th class="renderable aip" > </th>\
<th class="renderable aip" > </th>\
- <th class="renderable aip" > </th>\
</tr>');
},
renderDateFields : function(){
@@ -266,14 +265,14 @@ define(function(require) {
var serverListForRepoType = this.serviceDefList.map(function(serviceDef){ return {'label' : serviceDef.get('name').toUpperCase(), 'value' : serviceDef.get('id')}; })
var serverAttrName = [{text : 'Start Date',label :'startDate'},{text : 'End Date',label :'endDate'},
{text : 'Today',label :'today'},{text : 'User',label :'requestUser'},
- {text : 'Resource Name',label :'resourcePath'},{text : 'Policy ID',label :'policyId'},
- {text : 'Resource Type',label :'resourceType'},{text : 'Repository Name',label :'repoName'},
- {text : 'Repository Type',label :'repoType','multiple' : true, 'optionsArr' : serverListForRepoType},
+ {text : 'Service Name',label :'resourcePath'},{text : 'Policy ID',label :'policyId'},
+ {text : 'Resource Type',label :'resourceType'},{text : 'Service Name',label :'repoName'},
+ {text : 'Service Type',label :'repoType','multiple' : true, 'optionsArr' : serverListForRepoType},
{text : 'Result',label :'accessResult', 'multiple' : true, 'optionsArr' : XAUtils.enumToSelectLabelValuePairs(XAEnums.AccessResult)},
{text : 'Access Type',label :'accessType'},{text : 'Access Enforcer',label :'aclEnforcer'},
{text : 'Audit Type',label :'auditType'},{text : 'Session ID',label :'sessionId'},
{text : 'Client IP',label :'clientIP'},{text : 'Client Type',label :'clientType'}];
- var searchOpt = ['Start Date','End Date','User','Repository Name','Repository Type','Resource Name','Access Type','Result','Access Enforcer','Client IP'];//,'Policy ID'
+ var searchOpt = ['Start Date','End Date','User','Service Name','Service Type','Resource Name','Access Type','Result','Access Enforcer','Client IP'];//,'Policy ID'
this.clearVisualSearch(this.accessAuditList, serverAttrName);
//'Resource Type','Audit Type','Session IP','Client Type','Today',
@@ -296,13 +295,13 @@ define(function(require) {
});
switch (facet) {
- case 'Repository Name':
+ case 'Service Name':
var assetList = new VXAssetList();
assetList.fetch().done(function(){
callback(assetList.map(function(model){return model.get('name');}));
});
break;
- case 'Repository Type':
+ case 'Service Type':
var serviceList = that.serviceDefList.map(function(serviceDef){ return {'label' : serviceDef.get('name').toUpperCase(), 'value' : serviceDef.get('name').toUpperCase()}; })
callback(serviceList);
break;
@@ -467,11 +466,11 @@ define(function(require) {
},
addSearchForAgentTab : function(){
var that = this;
- var searchOpt = ["Export Date", "Repository Name", "Plugin Id", "Plugin IP", "Http Response Code"];
+ var searchOpt = ["Export Date", "Service Name", "Plugin Id", "Plugin IP", "Http Response Code"];
searchOpt = _.without(searchOpt,'Export Date');
searchOpt = _.union(searchOpt, ['Start Date','End Date']);//'Today'
var serverAttrName = [{text : "Plugin Id", label :"agentId"}, {text : "Plugin IP", label :"clientIP"},
- {text : "Repository Name", label :"repositoryName"},{text : "Http Response Code", label :"httpRetCode"},
+ {text : "Service Name", label :"repositoryName"},{text : "Http Response Code", label :"httpRetCode"},
{text : "Export Date", label :"createDate"},
{text : 'Start Date',label :'startDate'},{text : 'End Date',label :'endDate'},
{text : 'Today',label :'today'}];
@@ -597,7 +596,7 @@ define(function(require) {
gridOpts : {
row : TableRow,
header : XABackgrid,
- emptyText : 'No repository found!!'
+ emptyText : 'No service found!!'
}
}));
},
@@ -627,7 +626,7 @@ define(function(require) {
var action = model.get('action'), name = _.escape(model.get('objectName')),
label = XAUtils.enumValueToLabel(XAEnums.ClassTypes,rawValue), html = '';
if(rawValue == XAEnums.ClassTypes.CLASS_TYPE_XA_ASSET.value || rawValue == XAEnums.ClassTypes.CLASS_TYPE_RANGER_SERVICE.value)
- html = 'Repository '+action+'d '+'<b>'+name+'</b>';
+ html = 'Service '+action+'d '+'<b>'+name+'</b>';
if(rawValue == XAEnums.ClassTypes.CLASS_TYPE_XA_RESOURCE.value|| rawValue == XAEnums.ClassTypes.CLASS_TYPE_RANGER_POLICY.value)
html = 'Policy '+action+'d '+'<b>'+name+'</b>';
if(rawValue == XAEnums.ClassTypes.CLASS_TYPE_XA_USER.value)
@@ -915,14 +914,6 @@ define(function(require) {
sortable:false,
editable:false
},
- eventDuration : {
- label : 'Event Duration(ms)',
- cell: "string",
- click : false,
- drag : false,
- sortable:false,
- editable:false
- }
};
return this.accessAuditList.constructor.getTableCols(cols, this.accessAuditList);
},
@@ -1072,7 +1063,7 @@ define(function(require) {
},
repositoryName : {
cell : 'html',
- label : localization.tt('lbl.repositoryName'),
+ label : localization.tt('lbl.serviceName'),
editable:false,
sortable:false,
formatter: _.extend({}, Backgrid.CellFormatter.prototype, {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/styles/xa.css
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/styles/xa.css b/security-admin/src/main/webapp/styles/xa.css
index 6b1d77f..ceb1f53 100644
--- a/security-admin/src/main/webapp/styles/xa.css
+++ b/security-admin/src/main/webapp/styles/xa.css
@@ -1835,3 +1835,7 @@ td.select-row-cell {
float: left;
margin: 2px;
}
+
+#r_topNav .dropdown-menu {
+ margin:0;
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html b/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
index d59527c..876f9df 100644
--- a/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
+++ b/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
@@ -16,38 +16,44 @@
--}}
<div class="nav-collapse collapse" >
<ul class="nav page-nav" >
- <!-- <li class="active">
- <a href="#" id="nav1"><i class="icon-dashboard"></i> {{tt 'h.dashboard'}} </a>
- </li> -->
- {{#hasAccessToTab 'Policy Manager'}}
- <li >
- <a href="#!/policymanager" id="nav2"><i class="icon-shield"></i>{{tt 'h.policyManager'}} </a>
+ <li class="active dropdown">
+ <a href="javascript:;" id="nav2"><i class="icon-shield"></i>Access Manager</a>
+ <ul class="dropdown-menu">
+ {{#hasAccessToTab 'Resource Based Policies'}}
+ <li><a href="#!/policymanager"><i class="icon-file"></i>Resource Based Policies</a></li>
+ {{/hasAccessToTab}}
+ {{#hasAccessToTab 'Reports'}}
+ <li><a href="#!/reports/userAccess"><i class="icon-beaker"></i>Reports</a></li>
+ {{/hasAccessToTab}}
+ <!-- <li><a href="#">Tag Based Policies</a></li> -->
+ </ul>
</li>
- {{/hasAccessToTab}}
- {{#hasAccessToTab 'Users/Groups'}}
- <li>
- <a href="#!/users/usertab" id="nav3"><i class="icon-group"></i> {{tt 'h.usersOrGroups'}} </a>
- </li>
- {{/hasAccessToTab}}
- {{#hasAccessToTab 'Analytics'}}
- <li>
- <a href="#!/reports/userAccess" id="nav4"><i class="icon-beaker"></i> {{tt 'h.analytics'}} </a>
- </li>
- {{/hasAccessToTab}}
{{#hasAccessToTab 'Audit'}}
- <li>
- <a href="#!/reports/audit/bigData" id="nav5"><i class=" icon-file-alt"></i> {{tt 'h.audit'}} </a>
- </li>
+ <li>
+ <a href="#!/reports/audit/bigData" id="nav3"><i class=" icon-file-alt"></i> {{tt 'h.audit'}} </a>
+ </li>
{{/hasAccessToTab}}
- {{#isSystemAdmin .}}
- <li>
- <a href="#!/permissions" id="nav6"><i class=" icon-file-alt"></i> {{tt 'h.permissions'}} </a>
+
+ <li class="dropdown">
+ <a href="javascript:;" id="nav4"><i class="icon-lock"></i> {{tt 'h.encryption'}} </a>
+ <ul class="dropdown-menu">
+ {{#hasAccessToTab 'Key Manager'}}
+ <li><a href="#!/kms/keys/new/manage/service"><i class="icon-key"></i>Key Manager </a></li>
+ {{/hasAccessToTab}}
+ <!-- <li><a href="#">Encryption Policies</a></li> -->
+ </ul>
</li>
- {{/isSystemAdmin}}
- {{#hasAccessToTab 'KMS'}}
- <li>
- <a href="#!/kms/keys/new/manage/service" id="nav7"><i class="icon-key"></i> {{tt 'h.kms'}} </a>
+ <li class="dropdown">
+ <a href="javascript:;" id="nav5"><i class="icon-gear"></i> {{tt 'h.settings'}} </a>
+ <ul class="dropdown-menu">
+ {{#hasAccessToTab 'Users/Groups'}}
+ <li><a href="#!/users/usertab"><i class="icon-group"></i>{{tt 'h.usersOrGroups'}}</a></li>
+ {{/hasAccessToTab}}
+ {{#isSystemAdmin .}}
+ <li><a href="#!/permissions"><i class="icon-file-alt"></i> {{tt 'h.permissions'}}</a></li>
+ {{/isSystemAdmin}}
+ </ul>
</li>
- {{/hasAccessToTab}}
+
</ul>
</div>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/templates/reports/AssetOperationDiff_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/reports/AssetOperationDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/AssetOperationDiff_tmpl.html
index 7c9f3cf..7f0cef6 100644
--- a/security-admin/src/main/webapp/templates/reports/AssetOperationDiff_tmpl.html
+++ b/security-admin/src/main/webapp/templates/reports/AssetOperationDiff_tmpl.html
@@ -19,7 +19,7 @@
<label class="no-margin label-size13-weightbold"> Date : {{objectCreatedDate}}</label>
{{#compare action 'eq' 'create'}}
<label class="no-margin label-size13-weightbold" > Created By : {{userName}}</label>
- <h5>Repository Details :</h5>
+ <h5>Service Details :</h5>
<div class="diff">
<div class="diff-left">
<h3>Fields</h3>
@@ -74,7 +74,7 @@
{{else}}
<label class="no-margin label-size13-weightbold" > Deleted By : {{userName}}</label>
- <h4>Repository Details</h4>
+ <h4>Service Details</h4>
<div class="diff">
<div class="diff-left">
<h3>Fields</h3>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/templates/reports/AssetUpdateOperationDiff_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/reports/AssetUpdateOperationDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/AssetUpdateOperationDiff_tmpl.html
index 72591d4..7874341 100644
--- a/security-admin/src/main/webapp/templates/reports/AssetUpdateOperationDiff_tmpl.html
+++ b/security-admin/src/main/webapp/templates/reports/AssetUpdateOperationDiff_tmpl.html
@@ -27,7 +27,7 @@
</div>
</div>
{{#if collection.length}}
- <h5>Repository Details :</h5>
+ <h5>Service Details :</h5>
<div class="diff">
<div class="diff-left">
<h3>Fields</h3>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/templates/service/ServiceCreate_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/service/ServiceCreate_tmpl.html b/security-admin/src/main/webapp/templates/service/ServiceCreate_tmpl.html
index 43b7f24..587a7c6 100644
--- a/security-admin/src/main/webapp/templates/service/ServiceCreate_tmpl.html
+++ b/security-admin/src/main/webapp/templates/service/ServiceCreate_tmpl.html
@@ -15,9 +15,9 @@
limitations under the License.
--}}
{{#if editAsset}}
- <h4 class="wrap-header bold"> Edit Repository </h4>
+ <h4 class="wrap-header bold"> Edit Service </h4>
{{else}}
- <h4 class="wrap-header bold"> Create Repository </h4>
+ <h4 class="wrap-header bold"> Create Service </h4>
{{/if}}
<div class="wrap non-collapsible ">
<div data-id="r_form"></div>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ce43b397/security-admin/src/main/webapp/templates/service/ServiceForm_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/service/ServiceForm_tmpl.html b/security-admin/src/main/webapp/templates/service/ServiceForm_tmpl.html
index 75d621d..58f90a5 100644
--- a/security-admin/src/main/webapp/templates/service/ServiceForm_tmpl.html
+++ b/security-admin/src/main/webapp/templates/service/ServiceForm_tmpl.html
@@ -17,7 +17,7 @@
<form class="form-horizontal" >
<fieldset class="configProp">
<p class="formHeader">
- {{tt 'lbl.repositoryDetails'}} :
+ {{tt 'lbl.serviceDetails'}} :
</p>
<div class="serviceDetail" data-fields={{serviceDetail}}></div>
</fieldset>
[09/13] incubator-ranger git commit: RANGER-488: added build-release
script in the release tar
Posted by ma...@apache.org.
RANGER-488: added build-release script in the release tar
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f0ce9730
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f0ce9730
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f0ce9730
Branch: refs/heads/tag-policy
Commit: f0ce97300aefffee29b034f060b319bda588faed
Parents: 8c3504c
Author: sneethiraj <sn...@apache.org>
Authored: Tue May 19 03:13:34 2015 -0400
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 15:08:23 2015 -0700
----------------------------------------------------------------------
release-build.xml | 1 -
1 file changed, 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f0ce9730/release-build.xml
----------------------------------------------------------------------
diff --git a/release-build.xml b/release-build.xml
index 0625408..5b3db7e 100644
--- a/release-build.xml
+++ b/release-build.xml
@@ -51,7 +51,6 @@
<exclude name="*/bin/**" />
<exclude name="*/target/**" />
<exclude name="**/.DS_Store" />
- <exclude name="release-build.xml" />
<exclude name="target/**" />
</tarfileset>
</tar>
[13/13] incubator-ranger git commit: RANGER-178 - Updated code based
on testing with latest Solr patch
Posted by ma...@apache.org.
RANGER-178 - Updated code based on testing with latest Solr patch
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/9a06c646
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/9a06c646
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/9a06c646
Branch: refs/heads/tag-policy
Commit: 9a06c6461b43bd82746d258f5be901c926f36c5d
Parents: a826b1b
Author: Don Bosco Durai <bo...@apache.org>
Authored: Tue May 19 10:25:26 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 15:08:23 2015 -0700
----------------------------------------------------------------------
.../audit/destination/SolrAuditDestination.java | 4 +
.../apache/ranger/audit/provider/MiscUtil.java | 2 +-
agents-common/scripts/enable-agent.sh | 26 +-
.../audit/RangerMultiResourceAuditHandler.java | 2 -
plugin-solr/scripts/install.properties | 3 +
.../scripts/solr-plugin-install.properties | 6 +-
.../solr/authorizer/RangerSolrAuthorizer.java | 2 +-
src/main/assembly/plugin-solr.xml | 302 ++++++++++---------
8 files changed, 194 insertions(+), 153 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9a06c646/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
index 06ce4d7..ac522cd 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
@@ -61,9 +61,13 @@ public class SolrAuditDestination extends AuditDestination {
if (solrClient == null) {
String urls = MiscUtil.getStringProperty(props, propPrefix
+ "." + PROP_SOLR_URLS);
+ if( urls != null) {
+ urls = urls.trim();
+ }
if (urls != null && urls.equalsIgnoreCase("NONE")) {
urls = null;
}
+
List<String> solrURLs = new ArrayList<String>();
String zkHosts = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9a06c646/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
index f5b07be..fe6b0e9 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
@@ -370,7 +370,7 @@ public class MiscUtil {
public static List<String> toArray(String destListStr, String delim) {
List<String> list = new ArrayList<String>();
if (destListStr != null && !destListStr.isEmpty()) {
- StringTokenizer tokenizer = new StringTokenizer(destListStr, delim);
+ StringTokenizer tokenizer = new StringTokenizer(destListStr, delim.trim());
while (tokenizer.hasMoreTokens()) {
list.add(tokenizer.nextToken());
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9a06c646/agents-common/scripts/enable-agent.sh
----------------------------------------------------------------------
diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh
index 4e873b8..3550e16 100755
--- a/agents-common/scripts/enable-agent.sh
+++ b/agents-common/scripts/enable-agent.sh
@@ -128,7 +128,12 @@ then
HCOMPONENT_INSTALL_DIR_NAME=${HCOMPONENT_NAME}
fi
-hdir=${PROJ_INSTALL_DIR}/../${HCOMPONENT_INSTALL_DIR_NAME}
+firstletter=${HCOMPONENT_INSTALL_DIR_NAME:0:1}
+if [ "$firstletter" = "/" ]; then
+ hdir=${HCOMPONENT_INSTALL_DIR_NAME}
+else
+ hdir=${PROJ_INSTALL_DIR}/../${HCOMPONENT_INSTALL_DIR_NAME}
+fi
#
# TEST - START
@@ -142,11 +147,24 @@ fi
#
HCOMPONENT_INSTALL_DIR=`(cd ${hdir} ; pwd)`
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/lib
-if [ "${HCOMPONENT_NAME}" = "knox" ]
-then
+if [ "${HCOMPONENT_NAME}" = "knox" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/ext
+elif [ "${HCOMPONENT_NAME}" = "solr" ]; then
+ HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/solr-webapp/webapp/WEB-INF/lib
fi
+
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf
+if [ "${HCOMPONENT_NAME}" = "solr" ]; then
+ HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/solr-webapp/webapp/WEB-INF/classes
+ if [ ! -d $HCOMPONENT_CONF_DIR ]; then
+ install_owner=`ls -ld | cut -f 3 -d " "`
+ echo "INFO: Creating $HCOMPONENT_CONF_DIR"
+ mkdir -p $HCOMPONENT_CONF_DIR
+ echo "INFO: Changing ownership of $HCOMPONENT_CONF_DIR to $install_owner"
+ chown $install_owner:$install_owner $HCOMPONENT_CONF_DIR
+ fi
+fi
+
HCOMPONENT_ARCHIVE_CONF_DIR=${HCOMPONENT_CONF_DIR}/.archive
SET_ENV_SCRIPT=${HCOMPONENT_CONF_DIR}/${SET_ENV_SCRIPT_NAME}
@@ -221,6 +239,8 @@ create_jceks() {
rm -f ${tempFile}
}
+log "${HCOMPONENT_NAME}: lib folder=$HCOMPONENT_LIB_DIR conf folder=$HCOMPONENT_CONF_DIR"
+
#
# If there is a set-ranger-${COMPONENT}-env.sh, install it
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9a06c646/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java
index f40d39f..17dcfdc 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java
@@ -23,7 +23,6 @@ import java.util.ArrayList;
import java.util.Collection;
import org.apache.ranger.audit.model.AuthzAuditEvent;
-import org.apache.ranger.plugin.policyengine.RangerAccessResult;
/**
* This class should be generated per request and flushed at the end of the
@@ -32,7 +31,6 @@ import org.apache.ranger.plugin.policyengine.RangerAccessResult;
public class RangerMultiResourceAuditHandler extends RangerDefaultAuditHandler {
Collection<AuthzAuditEvent> auditEvents = new ArrayList<AuthzAuditEvent>();
- boolean deniedExists = false;
public RangerMultiResourceAuditHandler() {
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9a06c646/plugin-solr/scripts/install.properties
----------------------------------------------------------------------
diff --git a/plugin-solr/scripts/install.properties b/plugin-solr/scripts/install.properties
index 6070968..1f3852e 100644
--- a/plugin-solr/scripts/install.properties
+++ b/plugin-solr/scripts/install.properties
@@ -13,6 +13,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+#Location of the solr server folder.
+COMPONENT_INSTALL_DIR_NAME=/opt/solr/server
+
#
# Location of Policy Manager URL
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9a06c646/plugin-solr/scripts/solr-plugin-install.properties
----------------------------------------------------------------------
diff --git a/plugin-solr/scripts/solr-plugin-install.properties b/plugin-solr/scripts/solr-plugin-install.properties
index a360906..c040949 100644
--- a/plugin-solr/scripts/solr-plugin-install.properties
+++ b/plugin-solr/scripts/solr-plugin-install.properties
@@ -19,5 +19,7 @@
# Name of the directory where the component's lib and conf directory exist.
# This location should be relative to the parent of the directory containing
# the plugin installation files.
-#
-COMPONENT_INSTALL_DIR_NAME=solr
+#
+
+#In the case of Solr, the component might be installed anywhere. So update install.properties
+#COMPONENT_INSTALL_DIR_NAME=solr
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9a06c646/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
index de786d7..673f652 100644
--- a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
+++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
@@ -57,7 +57,7 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
public static final String ACCESS_TYPE_UPDATE = "update";
public static final String ACCESS_TYPE_QUERY = "query";
public static final String ACCESS_TYPE_OTHER = "other";
- public static final String ACCESS_TYPE_ADMIN = "admin";
+ public static final String ACCESS_TYPE_ADMIN = "solr_admin";
private static volatile RangerBasePlugin solrPlugin = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9a06c646/src/main/assembly/plugin-solr.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/plugin-solr.xml b/src/main/assembly/plugin-solr.xml
index 06844ae..5276cc4 100644
--- a/src/main/assembly/plugin-solr.xml
+++ b/src/main/assembly/plugin-solr.xml
@@ -1,148 +1,162 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ You under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<assembly>
+ <id>solr-plugin</id>
+ <formats>
+ <format>tar.gz</format>
+ <format>zip</format>
+ </formats>
+ <baseDirectory>${project.name}-${project.version}-solr-plugin
+ </baseDirectory>
+ <includeBaseDirectory>true</includeBaseDirectory>
+ <moduleSets>
+ <moduleSet>
+ <binaries>
+ <includeDependencies>false</includeDependencies>
+ <unpack>false</unpack>
+ <directoryMode>755</directoryMode>
+ <fileMode>644</fileMode>
+ <dependencySets>
+ <dependencySet>
+ <outputDirectory>/lib</outputDirectory>
+ <unpack>false</unpack>
+ <includes>
+ <include>com.google.code.gson:gson</include>
+ <include>org.eclipse.persistence:eclipselink</include>
+ <include>org.eclipse.persistence:javax.persistence</include>
+ <include>com.sun.jersey:jersey-bundle</include>
+ <include>com.google.guava:guava:jar:${guava.version}</include>
+ <include>org.codehaus.jackson:jackson-core-asl</include>
+ <include>org.codehaus.jackson:jackson-jaxrs</include>
+ <include>org.codehaus.jackson:jackson-mapper-asl</include>
+ <include>org.codehaus.jackson:jackson-xc</include>
- http://www.apache.org/licenses/LICENSE-2.0
+ </includes>
+ </dependencySet>
+ <dependencySet>
+ <outputDirectory>/install/lib</outputDirectory>
+ <unpack>false</unpack>
+ <directoryMode>755</directoryMode>
+ <fileMode>644</fileMode>
+ <includes>
+ <include>commons-cli:commons-cli</include>
+ <include>commons-collections:commons-collections</include>
+ <include>commons-configuration:commons-configuration:jar:${commons.configuration.version}
+ </include>
+ <include>commons-io:commons-io:jar:${commons.io.version}
+ </include>
+ <include>commons-lang:commons-lang:jar:${commons.lang.version}
+ </include>
+ <include>commons-logging:commons-logging</include>
+ <include>com.google.guava:guava:jar:${guava.version}</include>
+ <include>org.hamcrest:hamcrest-all</include>
+ <include>junit:junit</include>
+ <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include>
+ <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}
+ </include>
+ <include>org.apache.hadoop:hadoop-auth:jar:${hadoop-common.version}
+ </include>
+ <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred
+ </include>
+ <include>org.apache.ranger:credentialbuilder</include>
+ <include>security_plugins.ranger-solr-plugin:ranger-solr-plugin
+ </include>
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<assembly>
- <id>solr-plugin</id>
- <formats>
- <format>tar.gz</format>
- <format>zip</format>
- </formats>
- <baseDirectory>${project.name}-${project.version}-solr-plugin</baseDirectory>
- <includeBaseDirectory>true</includeBaseDirectory>
- <moduleSets>
- <moduleSet>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <unpack>false</unpack>
- <directoryMode>755</directoryMode>
- <fileMode>644</fileMode>
- <dependencySets>
- <dependencySet>
- <outputDirectory>/lib</outputDirectory>
- <unpack>false</unpack>
- <includes>
- <include>com.google.code.gson:gson</include>
- <include>org.eclipse.persistence:eclipselink</include>
- <include>org.eclipse.persistence:javax.persistence</include>
- <include>com.sun.jersey:jersey-bundle</include>
- <include>com.google.guava:guava:jar:${guava.version}</include>
- </includes>
- </dependencySet>
- <dependencySet>
- <outputDirectory>/install/lib</outputDirectory>
- <unpack>false</unpack>
- <directoryMode>755</directoryMode>
- <fileMode>644</fileMode>
- <includes>
- <include>commons-cli:commons-cli</include>
- <include>commons-collections:commons-collections</include>
- <include>commons-configuration:commons-configuration:jar:${commons.configuration.version}</include>
- <include>commons-io:commons-io:jar:${commons.io.version}</include>
- <include>commons-lang:commons-lang:jar:${commons.lang.version}</include>
- <include>commons-logging:commons-logging</include>
- <include>com.google.guava:guava:jar:${guava.version}</include>
- <include>org.hamcrest:hamcrest-all</include>
- <include>junit:junit</include>
- <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include>
- <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include>
- <include>org.apache.hadoop:hadoop-auth:jar:${hadoop-common.version}</include>
- <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred</include>
- <include>org.apache.ranger:credentialbuilder</include>
- </includes>
- </dependencySet>
- </dependencySets>
- <outputDirectory>/lib</outputDirectory>
- </binaries>
- <includes>
- <include>org.apache.ranger:ranger_solrj</include>
- <include>security_plugins.ranger-plugins-audit:ranger-plugins-audit</include>
- <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred</include>
- <include>security_plugins.ranger-plugins-impl:ranger-plugins-impl</include>
- <include>security_plugins.ranger-plugins-common:ranger-plugins-common</include>
- <include>security_plugins.ranger-solr-plugin:ranger-solr-plugin</include>
- </includes>
- </moduleSet>
- <moduleSet>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <outputDirectory>/install/lib</outputDirectory>
- <unpack>false</unpack>
- </binaries>
- <includes>
- <include>security_plugins.ranger-plugins-installer:ranger-plugins-installer</include>
- <include>org.apache.ranger:credentialbuilder</include>
- </includes>
- </moduleSet>
- </moduleSets>
- <fileSets>
- <!-- conf.templates for enable -->
- <fileSet>
- <outputDirectory>/install/conf.templates/enable</outputDirectory>
- <directory>plugin-solr/conf</directory>
- <excludes>
- <exclude>*.sh</exclude>
- </excludes>
- <fileMode>700</fileMode>
- </fileSet>
- <fileSet>
- <outputDirectory>/install/conf.templates/disable</outputDirectory>
- <directory>plugin-solr/disable-conf</directory>
- <fileMode>700</fileMode>
- </fileSet>
- <fileSet>
- <outputDirectory>/install/conf.templates/default</outputDirectory>
- <directory>plugin-solr/template</directory>
- <fileMode>700</fileMode>
- </fileSet>
- <!-- version file -->
- <fileSet>
- <outputDirectory>/</outputDirectory>
- <directory>${project.build.outputDirectory}</directory>
- <includes>
- <include>version</include>
- </includes>
- <fileMode>444</fileMode>
- </fileSet>
- </fileSets>
- <!-- enable/disable script for Plugin -->
- <files>
- <file>
- <source>agents-common/scripts/enable-agent.sh</source>
- <outputDirectory>/</outputDirectory>
- <destName>enable-solr-plugin.sh</destName>
- <fileMode>755</fileMode>
- </file>
- <file>
- <source>agents-common/scripts/enable-agent.sh</source>
- <outputDirectory>/</outputDirectory>
- <destName>disable-solr-plugin.sh</destName>
- <fileMode>755</fileMode>
- </file>
- <file>
- <source>plugin-solr/scripts/install.properties</source>
- <outputDirectory>/</outputDirectory>
- <destName>install.properties</destName>
- <fileMode>755</fileMode>
- </file>
- <file>
- <source>plugin-solr/scripts/solr-plugin-install.properties</source>
- <outputDirectory>/</outputDirectory>
- <destName>solr-plugin-install.properties</destName>
- <fileMode>755</fileMode>
- </file>
- </files>
+ </includes>
+ </dependencySet>
+ </dependencySets>
+ <outputDirectory>/lib</outputDirectory>
+ </binaries>
+ <includes>
+ <include>security_plugins.ranger-plugins-audit:ranger-plugins-audit
+ </include>
+ <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred
+ </include>
+ <include>security_plugins.ranger-plugins-impl:ranger-plugins-impl
+ </include>
+ <include>security_plugins.ranger-plugins-common:ranger-plugins-common
+ </include>
+ <include>security_plugins.ranger-solr-plugin:ranger-solr-plugin
+ </include>
+ </includes>
+ </moduleSet>
+ <moduleSet>
+ <binaries>
+ <includeDependencies>false</includeDependencies>
+ <outputDirectory>/install/lib</outputDirectory>
+ <unpack>false</unpack>
+ </binaries>
+ <includes>
+ <include>security_plugins.ranger-plugins-installer:ranger-plugins-installer
+ </include>
+ <include>org.apache.ranger:credentialbuilder</include>
+ </includes>
+ </moduleSet>
+ </moduleSets>
+ <fileSets>
+ <!-- conf.templates for enable -->
+ <fileSet>
+ <outputDirectory>/install/conf.templates/enable</outputDirectory>
+ <directory>plugin-solr/conf</directory>
+ <excludes>
+ <exclude>*.sh</exclude>
+ </excludes>
+ <fileMode>700</fileMode>
+ </fileSet>
+ <fileSet>
+ <outputDirectory>/install/conf.templates/disable</outputDirectory>
+ <directory>plugin-solr/disable-conf</directory>
+ <fileMode>700</fileMode>
+ </fileSet>
+ <fileSet>
+ <outputDirectory>/install/conf.templates/default</outputDirectory>
+ <directory>plugin-solr/template</directory>
+ <fileMode>700</fileMode>
+ </fileSet>
+ <!-- version file -->
+ <fileSet>
+ <outputDirectory>/</outputDirectory>
+ <directory>${project.build.outputDirectory}</directory>
+ <includes>
+ <include>version</include>
+ </includes>
+ <fileMode>444</fileMode>
+ </fileSet>
+ </fileSets>
+ <!-- enable/disable script for Plugin -->
+ <files>
+ <file>
+ <source>agents-common/scripts/enable-agent.sh</source>
+ <outputDirectory>/</outputDirectory>
+ <destName>enable-solr-plugin.sh</destName>
+ <fileMode>755</fileMode>
+ </file>
+ <file>
+ <source>agents-common/scripts/enable-agent.sh</source>
+ <outputDirectory>/</outputDirectory>
+ <destName>disable-solr-plugin.sh</destName>
+ <fileMode>755</fileMode>
+ </file>
+ <file>
+ <source>plugin-solr/scripts/install.properties</source>
+ <outputDirectory>/</outputDirectory>
+ <destName>install.properties</destName>
+ <fileMode>755</fileMode>
+ </file>
+ <file>
+ <source>plugin-solr/scripts/solr-plugin-install.properties</source>
+ <outputDirectory>/</outputDirectory>
+ <destName>solr-plugin-install.properties</destName>
+ <fileMode>755</fileMode>
+ </file>
+ </files>
</assembly>
[11/13] incubator-ranger git commit: RANGER-482: HDFS plugin updated
to check for traverse access (EXECUTE) when no-access is specified
Posted by ma...@apache.org.
RANGER-482: HDFS plugin updated to check for traverse access (EXECUTE) when no-access is specified
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/0e076ddc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/0e076ddc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/0e076ddc
Branch: refs/heads/tag-policy
Commit: 0e076ddc7e011bd0f248ebbf15a3860f8ea3390f
Parents: 7381bc4
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Tue May 19 12:50:24 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 15:08:23 2015 -0700
----------------------------------------------------------------------
.../hadoop/RangerHdfsAuthorizer.java | 36 ++++++++++++--------
1 file changed, 22 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0e076ddc/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index 1599074..5b115b2 100644
--- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -213,6 +213,25 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider {
INode parent = inodes.length > 1 ? inodes[inodes.length - 2] : null;
INode inode = inodes[inodes.length - 1];
+ boolean noAccessToCheck = access == null && parentAccess == null && ancestorAccess == null && subAccess == null;
+
+ if(noAccessToCheck) { // check for traverse (EXECUTE) access on the path (if path is a directory) or its parent (if path is a file)
+ INode node = null;
+ INodeAttributes nodeAttribs = null;
+
+ if(inode != null && inode.isDirectory()) {
+ node = inode;
+ nodeAttribs = inodeAttrs.length > 0 ? inodeAttrs[inodeAttrs.length - 1] : null;
+ } else if(parent != null) {
+ node = parent;
+ nodeAttribs = inodeAttrs.length > 1 ? inodeAttrs[inodeAttrs.length - 2] : null;
+ }
+
+ if(node != null) {
+ accessGranted = isAccessAllowed(node, nodeAttribs, FsAction.EXECUTE, user, groups, fsOwner, superGroup, plugin, null);
+ }
+ }
+
// checkStickyBit
if (accessGranted && parentAccess != null && parentAccess.implies(FsAction.WRITE) && parent != null && inode != null) {
if (parent.getFsPermission() != null && parent.getFsPermission().getStickyBit()) {
@@ -222,21 +241,10 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider {
}
// checkAncestorAccess
- if(accessGranted && ancestor != null) {
- FsAction accessToCheck = ancestorAccess;
- RangerHdfsAuditHandler auditHandlerToUse = auditHandler;
-
- // if ancestorAccess is not specified and none of other access is specified, then check for traverse access (EXECUTE) to the ancestor
- if(ancestorAccess == null && access == null && parentAccess == null && subAccess == null) {
- accessToCheck = FsAction.EXECUTE;
- auditHandlerToUse = null; // don't audit this access
- }
+ if(accessGranted && ancestorAccess != null && ancestor != null) {
+ INodeAttributes ancestorAttribs = inodeAttrs.length > ancestorIndex ? inodeAttrs[ancestorIndex] : null;
- if(accessToCheck != null) {
- INodeAttributes ancestorAttribs = inodeAttrs.length > ancestorIndex ? inodeAttrs[ancestorIndex] : null;
-
- accessGranted = isAccessAllowed(ancestor, ancestorAttribs, accessToCheck, user, groups, fsOwner, superGroup, plugin, auditHandlerToUse);
- }
+ accessGranted = isAccessAllowed(ancestor, ancestorAttribs, ancestorAccess, user, groups, fsOwner, superGroup, plugin, auditHandler);
}
// checkParentAccess
[12/13] incubator-ranger git commit: RANGER-494 Coverity scan issues
with RangerPolicyResourceSignature: toString should not return null
Posted by ma...@apache.org.
RANGER-494 Coverity scan issues with RangerPolicyResourceSignature: toString should not return null
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/a826b1bb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/a826b1bb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/a826b1bb
Branch: refs/heads/tag-policy
Commit: a826b1bbc7f3ef334ec1e087d354839dfb7cb3ac
Parents: f0ce973
Author: Alok Lal <al...@hortonworks.com>
Authored: Tue May 19 01:17:25 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 15:08:23 2015 -0700
----------------------------------------------------------------------
.../ranger/plugin/model/RangerPolicyResourceSignature.java | 9 ++-------
.../plugin/model/TestRangerPolicyResourceSignature.java | 2 +-
2 files changed, 3 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a826b1bb/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
index 6d19f44..76d853a 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
@@ -44,12 +44,7 @@ public class RangerPolicyResourceSignature {
public RangerPolicyResourceSignature(RangerPolicy policy) {
_policy = policy;
PolicySerializer serializer = new PolicySerializer(_policy);
- String asString = serializer.toString();
- if (asString == null) {
- _string = "";
- } else {
- _string = asString;
- }
+ _string = serializer.toString();
_hash = DigestUtils.md5Hex(_string);
}
@@ -128,7 +123,7 @@ public class RangerPolicyResourceSignature {
// invalid/empty policy gets a deterministic signature as if it had an
// empty resource string
if (!isPolicyValidForResourceSignatureComputation()) {
- return null;
+ return "";
}
int type = 0;
if (_policy.getPolicyType() != null) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a826b1bb/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java
index a605cd7..8c8c4c0 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java
@@ -154,7 +154,7 @@ public class TestRangerPolicyResourceSignature {
// null policy returns signature of empty resource
RangerPolicy policy = null;
PolicySerializer serializer = new PolicySerializer(policy);
- assertTrue("Null policy", serializer.toString() == null);
+ assertTrue("Null policy", serializer.toString() == "");
policy = mock(RangerPolicy.class);
when(policy.getPolicyType()).thenReturn(null);
[03/13] incubator-ranger git commit: RANGER-488: updated pom.xml with
proper hive version
Posted by ma...@apache.org.
RANGER-488: updated pom.xml with proper hive version
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/3ecc1074
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/3ecc1074
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/3ecc1074
Branch: refs/heads/tag-policy
Commit: 3ecc107409265a4a61edf4784aa6234af7d2cd3c
Parents: 79a4f9d
Author: sneethiraj <sn...@apache.org>
Authored: Mon May 18 18:38:19 2015 -0400
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 15:08:22 2015 -0700
----------------------------------------------------------------------
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3ecc1074/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index c70a4cc..124d49e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,7 +132,7 @@
<hadoop.version>2.7.0</hadoop.version>
<hamcrest.all.version>1.3</hamcrest.all.version>
<hbase.version>1.1.0</hbase.version>
- <hive.version>1.2.0-SNAPSHOT</hive.version>
+ <hive.version>1.2.0</hive.version>
<storm.version>0.9.2-incubating</storm.version>
<httpcomponent.httpmime.version>4.2.5</httpcomponent.httpmime.version>
<httpcomponent.httpclient.version>4.2.5</httpcomponent.httpclient.version>
[08/13] incubator-ranger git commit: RANGER-265 Policy manager should
timeout if a service is not responding to lookup requests in time.
Posted by ma...@apache.org.
RANGER-265 Policy manager should timeout if a service is not responding to lookup requests in time.
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/7381bc4e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/7381bc4e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/7381bc4e
Branch: refs/heads/tag-policy
Commit: 7381bc4e971bf4383669584415143dccb6b0a918
Parents: 9a06c64
Author: Alok Lal <al...@hortonworks.com>
Authored: Fri May 15 10:00:01 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 15:08:23 2015 -0700
----------------------------------------------------------------------
.../plugin/service/ResourceLookupContext.java | 7 +-
security-admin/pom.xml | 1 -
.../org/apache/ranger/biz/ServiceDBStore.java | 2 +-
.../java/org/apache/ranger/biz/ServiceMgr.java | 178 +++++++++++++++--
.../org/apache/ranger/common/RangerFactory.java | 33 ++++
.../org/apache/ranger/common/TimedExecutor.java | 160 ++++++++++++++++
.../common/TimedExecutorConfigurator.java | 93 +++++++++
.../apache/ranger/service/RangerFactory.java | 33 ----
.../conf.dist/ranger-admin-default-site.xml | 27 +++
.../apache/ranger/common/TestTimedExecutor.java | 190 +++++++++++++++++++
10 files changed, 669 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7381bc4e/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
index 913f824..a8b8ac0 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
@@ -27,8 +27,8 @@ import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import org.codehaus.jackson.annotate.JsonAutoDetect;
-import org.codehaus.jackson.annotate.JsonIgnoreProperties;
import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
import org.codehaus.jackson.map.annotate.JsonSerialize;
@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
@@ -82,4 +82,9 @@ public class ResourceLookupContext {
public void setResources(Map<String, List<String>> resources) {
this.resources = resources;
}
+
+ @Override
+ public String toString() {
+ return String.format("ResourceLookupContext={resourceName=%s,userInput=%s,resources=%s}", resourceName, userInput, resources);
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7381bc4e/security-admin/pom.xml
----------------------------------------------------------------------
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
index 9783d1f..3c26837 100644
--- a/security-admin/pom.xml
+++ b/security-admin/pom.xml
@@ -251,7 +251,6 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>4.11</version>
<scope>test</scope>
</dependency>
<dependency>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7381bc4e/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 91fafa4..62670c0 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -40,6 +40,7 @@ import org.apache.ranger.common.PasswordUtils;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerCommonEnums;
import org.apache.ranger.common.RangerConstants;
+import org.apache.ranger.common.RangerFactory;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.db.RangerDaoManager;
@@ -106,7 +107,6 @@ import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.service.RangerAuditFields;
import org.apache.ranger.service.RangerDataHistService;
-import org.apache.ranger.service.RangerFactory;
import org.apache.ranger.service.RangerPolicyService;
import org.apache.ranger.service.RangerPolicyWithAssignedIdService;
import org.apache.ranger.service.RangerServiceDefService;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7381bc4e/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
index 8498fbf..576090f 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
@@ -23,13 +23,18 @@ import java.io.File;
import java.net.URL;
import java.net.URLClassLoader;
import java.util.ArrayList;
+import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.concurrent.Callable;
+import java.util.concurrent.TimeUnit;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.common.PropertiesUtil;
+import org.apache.ranger.common.TimedExecutor;
import org.apache.ranger.plugin.client.HadoopException;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
@@ -54,6 +59,9 @@ public class ServiceMgr {
@Autowired
ServiceDBStore svcDBStore;
+ @Autowired
+ TimedExecutor timedExecutor;
+
public List<String> lookupResource(String serviceName, ResourceLookupContext context, ServiceStore svcStore) throws Exception {
List<String> ret = null;
@@ -69,18 +77,9 @@ public class ServiceMgr {
}
if(svc != null) {
- ClassLoader clsLoader = Thread.currentThread().getContextClassLoader();
-
- try {
- Thread.currentThread().setContextClassLoader(svc.getClass().getClassLoader());
-
- ret = svc.lookupResource(context);
- } catch (Exception e) {
- LOG.error("==> ServiceMgr.lookupResource Error:" + e);
- throw e;
- } finally {
- Thread.currentThread().setContextClassLoader(clsLoader);
- }
+ LookupCallable callable = new LookupCallable(svc, context);
+ long time = getTimeoutValueForLookupInMilliSeconds(svc);
+ ret = timedExecutor.timedTask(callable, time, TimeUnit.MILLISECONDS);
}
if(LOG.isDebugEnabled()) {
@@ -103,12 +102,11 @@ public class ServiceMgr {
}
if(svc != null) {
- ClassLoader clsLoader = Thread.currentThread().getContextClassLoader();
-
try {
- Thread.currentThread().setContextClassLoader(svc.getClass().getClassLoader());
-
- HashMap<String, Object> responseData = svc.validateConfig();
+ // Timeout value use during validate config is 10 times that used during lookup
+ long time = getTimeoutValueForValidateConfigInMilliSeconds(svc);
+ ValidateCallable callable = new ValidateCallable(svc);
+ HashMap<String, Object> responseData = timedExecutor.timedTask(callable, time, TimeUnit.MILLISECONDS);
ret = generateResponseForTestConn(responseData, "");
} catch (Exception e) {
@@ -120,8 +118,6 @@ public class ServiceMgr {
}
ret = generateResponseForTestConn(respData, msg);
LOG.error("==> ServiceMgr.validateConfig Error:" + e);
- } finally {
- Thread.currentThread().setContextClassLoader(clsLoader);
}
}
@@ -344,5 +340,149 @@ public class ServiceMgr {
vXResponse.setStatusCode(statusCode);
return vXResponse;
}
+
+ static final long _DefaultTimeoutValue_Lookp = 1000; // 1 s
+ static final long _DefaultTimeoutValue_ValidateConfig = 10000; // 10 s
+
+ long getTimeoutValueForLookupInMilliSeconds(RangerBaseService svc) {
+ return getTimeoutValueInMilliSeconds("resource.lookup", svc, _DefaultTimeoutValue_Lookp);
+ }
+
+ long getTimeoutValueForValidateConfigInMilliSeconds(RangerBaseService svc) {
+ return getTimeoutValueInMilliSeconds("validate.config", svc, _DefaultTimeoutValue_ValidateConfig);
+ }
+
+ long getTimeoutValueInMilliSeconds(final String type, RangerBaseService svc, long defaultValue) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("==> ServiceMgr.getTimeoutValueInMilliSeconds (%s, %s)", type, svc));
+ }
+ String propertyName = type + ".timeout.value.in.ms"; // type == "lookup" || type == "validate-config"
+
+ Long result = null;
+ Map<String, String> config = svc.getConfigs();
+ if (config != null && config.containsKey(propertyName)) {
+ result = parseLong(config.get(propertyName));
+ }
+ if (result != null) {
+ LOG.debug("Found override in service config!");
+ } else {
+ String[] keys = new String[] {
+ "ranger.service." + svc.getServiceName() + "." + propertyName,
+ "ranger.servicetype." + svc.getServiceType() + "." + propertyName,
+ "ranger." + propertyName
+ };
+ for (String key : keys) {
+ String value = PropertiesUtil.getProperty(key);
+ if (value != null) {
+ result = parseLong(value);
+ if (result != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Using the value[" + value + "] found in property[" + key + "]");
+ }
+ break;
+ }
+ }
+ }
+ }
+ if (result == null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("No overrides found in service config of properties file. Using supplied default of[" + defaultValue + "]!");
+ }
+ result = defaultValue;
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("<== ServiceMgr.getTimeoutValueInMilliSeconds (%s, %s): %s", type, svc, result));
+ }
+ return result;
+ }
+
+ Long parseLong(String str) {
+ try {
+ return Long.valueOf(str);
+ } catch (NumberFormatException e) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("ServiceMgr.parseLong: could not parse [" + str + "] as Long! Returning null");
+ }
+ return null;
+ }
+ }
+
+ abstract static class TimedCallable<T> implements Callable<T> {
+
+ final RangerBaseService svc;
+ final Date creation; // NOTE: This would be different from when the callable was actually offered to the executor
+
+ public TimedCallable(RangerBaseService svc) {
+ this.svc = svc;
+ this.creation = new Date();
+ }
+
+ @Override
+ public T call() throws Exception {
+ Date start = null;
+ if (LOG.isDebugEnabled()) {
+ start = new Date();
+ LOG.debug("==> TimedCallable: " + toString());
+ }
+
+ ClassLoader clsLoader = Thread.currentThread().getContextClassLoader();
+ try {
+ Thread.currentThread().setContextClassLoader(svc.getClass().getClassLoader());
+ return actualCall();
+ } catch (Exception e) {
+ LOG.error("TimedCallable.call: Error:" + e);
+ throw e;
+ } finally {
+ Thread.currentThread().setContextClassLoader(clsLoader);
+ if (LOG.isDebugEnabled()) {
+ Date finish = new Date();
+ long waitTime = start.getTime() - creation.getTime();
+ long executionTime = finish.getTime() - start.getTime();
+ LOG.debug(String.format("<== TimedCallable: %s: wait time[%d ms], execution time [%d ms]", toString(), waitTime, executionTime));
+ }
+ }
+ }
+
+ abstract T actualCall() throws Exception;
+ }
+
+ static class LookupCallable extends TimedCallable<List<String>> {
+
+ final ResourceLookupContext context;
+
+ public LookupCallable(final RangerBaseService svc, final ResourceLookupContext context) {
+ super(svc);
+ this.context = context;
+ }
+
+ @Override
+ public String toString() {
+ return String.format("lookup resource[%s] for service[%s], ", context.toString(), svc.getServiceName());
+ }
+
+ @Override
+ public List<String> actualCall() throws Exception {
+ List<String> ret = svc.lookupResource(context);
+ return ret;
+ }
+ }
+
+ static class ValidateCallable extends TimedCallable<HashMap<String, Object>> {
+
+ public ValidateCallable(RangerBaseService svc) {
+ super(svc);
+ }
+
+ @Override
+ public String toString() {
+ return String.format("validate config for service[%s]", svc.getServiceName());
+ }
+
+ @Override
+ public HashMap<String, Object> actualCall() throws Exception {
+ return svc.validateConfig();
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7381bc4e/security-admin/src/main/java/org/apache/ranger/common/RangerFactory.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerFactory.java b/security-admin/src/main/java/org/apache/ranger/common/RangerFactory.java
new file mode 100644
index 0000000..29d972e
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerFactory.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.common;
+
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+
+@Service
+@Scope("singleton")
+public class RangerFactory {
+ public RangerPolicyResourceSignature createPolicyResourceSignature(RangerPolicy policy) {
+ return new RangerPolicyResourceSignature(policy);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7381bc4e/security-admin/src/main/java/org/apache/ranger/common/TimedExecutor.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/TimedExecutor.java b/security-admin/src/main/java/org/apache/ranger/common/TimedExecutor.java
new file mode 100644
index 0000000..643d882
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/common/TimedExecutor.java
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.common;
+
+import java.lang.Thread.UncaughtExceptionHandler;
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.Callable;
+import java.util.concurrent.CancellationException;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Future;
+import java.util.concurrent.RejectedExecutionException;
+import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+
+import com.google.common.util.concurrent.ThreadFactoryBuilder;
+
+@Service
+@Scope("singleton")
+public class TimedExecutor {
+
+ static final private Logger LOG = Logger.getLogger(TimedExecutor.class);
+
+ @Autowired
+ TimedExecutorConfigurator _configurator;
+
+ ExecutorService _executorService;
+
+ public TimedExecutor() {
+ }
+
+ @PostConstruct
+ void initialize() {
+ initialize(_configurator);
+ }
+
+ // Not designed for public access - only for testability
+ void initialize(TimedExecutorConfigurator configurator) {
+ final ThreadFactory _ThreadFactory = new ThreadFactoryBuilder()
+ .setDaemon(true)
+ .setNameFormat("timed-executor-pool-%d")
+ .setUncaughtExceptionHandler(new LocalUncaughtExceptionHandler())
+ .build();
+
+ final BlockingQueue<Runnable> blockingQueue = new ArrayBlockingQueue<>(configurator.getBlockingQueueSize());
+
+ _executorService = new LocalThreadPoolExecutor(configurator.getCoreThreadPoolSize(), configurator.getMaxThreadPoolSize(),
+ configurator.getKeepAliveTime(), configurator.getKeepAliveTimeUnit(),
+ blockingQueue, _ThreadFactory);
+ }
+
+ public <T> T timedTask(Callable<T> callable, long time, TimeUnit unit) throws Exception{
+ try {
+ Future<T> future = _executorService.submit(callable);
+ if (LOG.isDebugEnabled()) {
+ if (future.isCancelled()) {
+ LOG.debug("Got back a future that was cancelled already for callable[" + callable + "]!");
+ }
+ }
+ try {
+ T result = future.get(time, unit);
+ return result;
+ } catch (CancellationException | ExecutionException | InterruptedException e) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("TimedExecutor: Caught exception[%s] for callable[%s]: detail[%s]. Re-throwing...", e.getClass().getName(), callable, e.getMessage()));
+ }
+ throw e;
+ } catch (TimeoutException e) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("TimedExecutor: Timed out waiting for callable[%s] to finish. Cancelling the task.", callable));
+ }
+ boolean interruptRunningTask = true;
+ future.cancel(interruptRunningTask);
+ LOG.debug("TimedExecutor: Re-throwing timeout exception to caller");
+ throw e;
+ }
+ } catch (RejectedExecutionException e) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Executor rejected callable[" + callable + "], due to resource exhaustion. Rethrowing exception...");
+ }
+ throw e;
+ }
+ }
+
+ /**
+ * Not designed for public access. Non-private only for testability. Expected to be called by tests to do proper cleanup.
+ */
+ void shutdown() {
+ _executorService.shutdownNow();
+ }
+
+ static class LocalUncaughtExceptionHandler implements UncaughtExceptionHandler {
+
+ @Override
+ public void uncaughtException(Thread t, Throwable e) {
+ String message = String.format("TimedExecutor: Uncaught exception hanlder received exception[%s] in thread[%s]", t.getClass().getName(), t.getName());
+ LOG.warn(message, e);
+ }
+ }
+
+ static class LocalThreadPoolExecutor extends ThreadPoolExecutor {
+
+ private ThreadLocal<Long> startNanoTime = new ThreadLocal<Long>();
+
+ public LocalThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime, TimeUnit unit, BlockingQueue<Runnable> workQueue, ThreadFactory threadFactory) {
+ super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue, threadFactory);
+ }
+
+ @Override
+ protected void beforeExecute(Thread t, Runnable r) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("TimedExecutor: Starting execution of a task.");
+ startNanoTime.set(System.nanoTime());
+ }
+ super.beforeExecute(t, r);
+ }
+
+ @Override
+ protected void afterExecute(Runnable r, Throwable t) {
+ super.afterExecute(r, t);
+ if (LOG.isDebugEnabled()) {
+ long duration = System.nanoTime() - startNanoTime.get();
+ LOG.debug("TimedExecutor: Done execution of task. Duration[" + duration/1000000 + " ms].");
+ }
+ }
+
+ @Override
+ protected void terminated() {
+ super.terminated();
+ LOG.info("TimedExecutor: thread pool has terminated");
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7381bc4e/security-admin/src/main/java/org/apache/ranger/common/TimedExecutorConfigurator.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/TimedExecutorConfigurator.java b/security-admin/src/main/java/org/apache/ranger/common/TimedExecutorConfigurator.java
new file mode 100644
index 0000000..1b43abe
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/common/TimedExecutorConfigurator.java
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.common;
+
+import java.util.concurrent.TimeUnit;
+
+import javax.annotation.PostConstruct;
+
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+
+@Service
+@Scope("singleton")
+public class TimedExecutorConfigurator {
+
+ // these two are important and hence are user configurable.
+ static final String Property_MaxThreadPoolSize = "ranger.timed.executor.max.threadpool.size";
+ static final String Property_QueueSize = "ranger.timed.executor.queue.size";
+ // We need these default-defaults since default-site.xml file isn't inside the jar, i.e. file itself may be missing or values in it might be messed up! :(
+ static final int _DefaultMaxThreadPoolSize = 10;
+ static final private int _DefaultBlockingQueueSize = 100;
+
+
+ private int _maxThreadPoolSize;
+ private int _blockingQueueSize;
+ // The following are hard-coded for now and can be exposed if there is a pressing need.
+ private int _coreThreadPoolSize = 1;
+ private long _keepAliveTime = 10;
+ private TimeUnit _keepAliveTimeUnit = TimeUnit.SECONDS;
+
+ public TimedExecutorConfigurator() {
+ }
+
+ // Infrequently used class (once per lifetime of policy manager) hence, values read from property file aren't cached.
+ @PostConstruct
+ void initialize() {
+ Integer value = PropertiesUtil.getIntProperty(Property_MaxThreadPoolSize);
+ if (value == null) {
+ _maxThreadPoolSize = _DefaultMaxThreadPoolSize;
+ } else {
+ _maxThreadPoolSize = value;
+ }
+
+ value = PropertiesUtil.getIntProperty(Property_QueueSize);
+ if (value == null) {
+ _blockingQueueSize = _DefaultBlockingQueueSize;
+ } else {
+ _blockingQueueSize = value;
+ }
+ }
+ /**
+ * Provided mostly only testability.
+ * @param maxThreadPoolSize
+ * @param blockingQueueSize
+ */
+ public TimedExecutorConfigurator(int maxThreadPoolSize, int blockingQueueSize) {
+ _maxThreadPoolSize = maxThreadPoolSize;
+ _blockingQueueSize = blockingQueueSize;
+ }
+
+ public int getCoreThreadPoolSize() {
+ return _coreThreadPoolSize;
+ }
+ public int getMaxThreadPoolSize() {
+ return _maxThreadPoolSize;
+ }
+ public long getKeepAliveTime() {
+ return _keepAliveTime;
+ }
+ public TimeUnit getKeepAliveTimeUnit() {
+ return _keepAliveTimeUnit;
+ }
+ public int getBlockingQueueSize() {
+ return _blockingQueueSize;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7381bc4e/security-admin/src/main/java/org/apache/ranger/service/RangerFactory.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerFactory.java b/security-admin/src/main/java/org/apache/ranger/service/RangerFactory.java
deleted file mode 100644
index 7834262..0000000
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerFactory.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.service;
-
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
-import org.springframework.context.annotation.Scope;
-import org.springframework.stereotype.Service;
-
-@Service
-@Scope("singleton")
-public class RangerFactory {
- public RangerPolicyResourceSignature createPolicyResourceSignature(RangerPolicy policy) {
- return new RangerPolicyResourceSignature(policy);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7381bc4e/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
index 571d2a1..0783f69 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
@@ -395,14 +395,41 @@
<value>ranger.auditdb.password</value>
<description></description>
</property>
+
<property>
<name>ranger.ldap.binddn.credential.alias</name>
<value>ranger.ldap.binddn.password</value>
<description></description>
</property>
+
<property>
<name>ranger.ldap.ad.binddn.credential.alias</name>
<value>ranger.ad.binddn.password</value>
<description></description>
</property>
+
+ <property>
+ <name>ranger.resource.lookup.timeout.value.in.ms</name>
+ <value>1000</value>
+ <description></description>
+ </property>
+
+ <property>
+ <name>ranger.validate.config.timeout.value.in.ms</name>
+ <value>10000</value>
+ <description></description>
+ </property>
+
+ <property>
+ <name>ranger.timed.executor.max.threadpool.size</name>
+ <value>10</value>
+ <description></description>
+ </property>
+
+ <property>
+ <name>ranger.timed.executor.queue.size</name>
+ <value>100</value>
+ <description></description>
+ </property>
+
</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7381bc4e/security-admin/src/test/java/org/apache/ranger/common/TestTimedExecutor.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/common/TestTimedExecutor.java b/security-admin/src/test/java/org/apache/ranger/common/TestTimedExecutor.java
new file mode 100644
index 0000000..39d8ecf
--- /dev/null
+++ b/security-admin/src/test/java/org/apache/ranger/common/TestTimedExecutor.java
@@ -0,0 +1,190 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.common;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicInteger;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.junit.Before;
+import org.junit.Test;
+
+public class TestTimedExecutor {
+
+ private static final Log LOG = LogFactory.getLog(TestTimedExecutor.class);
+
+ @Before
+ public void before() {
+
+ }
+
+ @Test
+ public void test() throws InterruptedException {
+ /*
+ * Create a pool with 2 threads and queue size of 3 such that 6th item should get rejected right away due to capacity.
+ */
+ int poolSize = 2;
+ int queueSize = 3;
+ _configurator = new TimedExecutorConfigurator(poolSize, queueSize);
+ // Just toa void thread shutting down and restarting set keep alive to high value.
+ _executor.initialize(_configurator);
+
+ // now create 2 callalbles that would keep waiting unless we ask them to proceed
+ // create an executor which would simulate simultaneous threads calling into executor to perform lookups
+ ExecutorService executorService = Executors.newCachedThreadPool();
+ List<Future<Integer>> futures = new ArrayList<Future<Integer>>();
+ /*
+ * We would have 2 permits for 10 callables, such that
+ * - 2 should succeed
+ * - 5 should timeout (2 in pool + 3 in queue)
+ * - 3 should get rejected.
+ */
+ Semaphore semaphore = new Semaphore(2);
+ /*
+ * We need a latch to keep track of when the processing is done so we can check the results of teh test
+ */
+ CountDownLatch latch = new CountDownLatch(10);
+ // Callables will record exception in this map
+ final ConcurrentMap<String, AtomicInteger> results = new ConcurrentHashMap<String, AtomicInteger>();
+ for (int i = 0; i < 10; i++) {
+ LookupTask lookupTask = new LookupTask(i, semaphore);
+ TimedTask timedTask = new TimedTask(_executor, lookupTask, 1, TimeUnit.SECONDS, results, latch);
+ Future<Integer> aFuture = executorService.submit(timedTask);
+ futures.add(aFuture);
+ }
+ // Let's wait for the threads to finish
+ LOG.debug("Starting to wait for threadpool to finish");
+ latch.await();
+ /*
+ * depending on how threads get scheduled the count in results would vary, except we know for sure that.
+ * - 2 must succeed since we have exactly 2 permits available.
+ * - sum of timed out and rejected must be equal to 8.
+ * - at least 3 and no more than 5 tasks must get rejected.
+ * - at least 3 and no more than 5 tasks must get timed out
+ */
+ int successCount = results.get("success").get();
+ int timeoutCount = results.get("java.util.concurrent.TimeoutException").get();
+ int rejectedCount = results.get("java.util.concurrent.RejectedExecutionException").get();
+ assertEquals("success count", 2, successCount);
+ assertTrue("timeout[" + timeoutCount + "]: 3 <= count(timeout) <= 5", timeoutCount >= 3 && timeoutCount <= 5);
+ assertTrue("rejected[" + rejectedCount + "]: 3 <= count(timeout) <= 5", rejectedCount >= 3 && rejectedCount <= 5);
+ assertEquals("total should equal 10", 10, successCount + timeoutCount + rejectedCount);
+ _executor.shutdown();
+ }
+
+ static final String format = "%15s id: %2d";
+
+ static class LookupTask implements Callable<Integer> {
+
+ final int _id;
+ final private Semaphore _semaphore;
+
+ public LookupTask(int id, Semaphore latch) {
+ _id = id;
+ _semaphore = latch;
+ }
+
+ int getId() {
+ return _id;
+ }
+
+ @Override
+ public Integer call() throws Exception {
+ LOG.debug(String.format(format, "Starting", _id));
+ _semaphore.acquire();
+ LOG.debug(String.format(format, "Acquired", _id));
+ LOG.debug(String.format(format, "Ended", _id));
+ return _id;
+ }
+
+ }
+
+ static class TimedTask implements Callable<Integer> {
+
+ final LookupTask _callable;
+ final TimedExecutor _executor;
+ final ConcurrentMap<String, AtomicInteger> _results;
+ final long _timeout;
+ final TimeUnit _unit;
+ final CountDownLatch _latch;
+
+ public TimedTask(TimedExecutor executor, LookupTask callable, int timout, TimeUnit unit, ConcurrentMap<String, AtomicInteger> results, CountDownLatch latch) {
+ _callable = callable;
+ _executor = executor;
+ _results = results;
+ _timeout = timout;
+ _unit = unit;
+ _latch = latch;
+ }
+
+ @Override
+ public Integer call() throws Exception {
+ int id = _callable.getId();
+ LOG.debug(String.format(format, "Submitting", id));
+ try {
+ Integer result = _executor.timedTask(_callable, _timeout, _unit);
+ LOG.debug(String.format(format, "Finished", id));
+ recordResult(_results, "success");
+ return result;
+ } catch (Exception e) {
+ LOG.debug(String.format(format, "Exception", id));
+ recordResult(_results, e);
+ // re-throw caught exception
+ throw e;
+ } finally {
+ _latch.countDown();
+ }
+ }
+
+ }
+
+ static void recordResult(ConcurrentMap<String, AtomicInteger> results, String key) {
+ if (results.containsKey(key)) {
+ results.get(key).incrementAndGet();
+ } else {
+ AtomicInteger previous = results.putIfAbsent(key, new AtomicInteger(1));
+ if (previous != null) { // a value was already associated with the key
+ previous.incrementAndGet();
+ }
+ }
+ }
+
+ static void recordResult(ConcurrentMap<String, AtomicInteger> results, Exception e) {
+ String exceptionName = e.getClass().getCanonicalName();
+ recordResult(results, exceptionName);
+ }
+
+ private TimedExecutorConfigurator _configurator;
+ private TimedExecutor _executor = new TimedExecutor();
+}
[06/13] incubator-ranger git commit: RANGER-488: updated README.txt
with build steps
Posted by ma...@apache.org.
RANGER-488: updated README.txt with build steps
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/dc8ef17a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/dc8ef17a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/dc8ef17a
Branch: refs/heads/tag-policy
Commit: dc8ef17ae5ce17892844fb2b408c95d61b19d000
Parents: ce43b39
Author: sneethiraj <sn...@apache.org>
Authored: Tue May 19 01:39:55 2015 -0400
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 15:08:22 2015 -0700
----------------------------------------------------------------------
README.txt | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/dc8ef17a/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index a0445b7..d410e18 100644
--- a/README.txt
+++ b/README.txt
@@ -6,20 +6,27 @@ Build Process
2. On the root folder, please execute the following Maven command:
$ mvn clean compile package install assembly:assembly
- $ mvn eclipse:eclipse
+ $ mvn eclise:eclipse
3. After the above build command execution, you should see the following TAR files in the target folder:
- ranger-<version-number>-admin.tar.gz
- ranger-<version-number>-usersync.tar.gz
- ranger-<version-number>-hdfs-plugin.tar.gz
- ranger-<version-number>-hive-plugin.tar.gz
- ranger-<version-number>-hbase-plugin.tar.gz
- ranger-<version-number>-knox-plugin.tar.gz
- ranger-<version-number>-storm-plugin.tar.gz
+
+ ranger-<version>-admin.tar.gz
+ ranger-<version>-hbase-plugin.tar.gz
+ ranger-<version>-hdfs-plugin.tar.gz
+ ranger-<version>-hive-plugin.tar.gz
+ ranger-<version>-kafka-plugin.tar.gz
+ ranger-<version>-kms.tar.gz
+ ranger-<version>-knox-plugin.tar.gz
+ ranger-<version>-migration-util.tar.gz
+ ranger-<version>-solr-plugin.tar.gz
+ ranger-<version>-src.tar.gz
+ ranger-<version>-storm-plugin.tar.gz
+ ranger-<version>-usersync.tar.gz
+ ranger-<version>-yarn-plugin.tar.gz
Importing Apache Ranger Project into Eclipse
-====================================
+============================================
1. Create a Eclipse workspace called 'ranger'
@@ -39,6 +46,7 @@ Installation Host Information
(c) HBase Plugin needs to be installed on both Master and Regional Server nodes.
(d) Knox Plugin needs to be installed on Knox hosts.
(e) Storm Plugin needs to be installed on Storm hosts.
+ (f) Kafka/Solr Plugin needs to be installed on their respective component hosts.
Installation Process
~~~~~~~~~~~~~~~~~~~~
@@ -51,8 +59,8 @@ Installation Process
4. Modify the install.properties file with appropriate variables
-5. If the module has install.sh,
- Execute ./install.sh
+5. If the module has setup.sh,
+ Execute ./setup.sh
If the install.sh file does not exists,
Execute ./enable-<component>-plugin.sh
[10/13] incubator-ranger git commit: RANGER-488: updated README.txt
with build steps
Posted by ma...@apache.org.
RANGER-488: updated README.txt with build steps
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/b5a23b27
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/b5a23b27
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/b5a23b27
Branch: refs/heads/tag-policy
Commit: b5a23b273e39a606b19673018290e124d4527620
Parents: 0e076dd
Author: sneethiraj <sn...@apache.org>
Authored: Tue May 19 01:39:55 2015 -0400
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 15:08:23 2015 -0700
----------------------------------------------------------------------
README.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b5a23b27/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index b5fad2e..d410e18 100644
--- a/README.txt
+++ b/README.txt
@@ -6,7 +6,7 @@ Build Process
2. On the root folder, please execute the following Maven command:
$ mvn clean compile package install assembly:assembly
- $ mvn eclipse:eclipse
+ $ mvn eclise:eclipse
3. After the above build command execution, you should see the following TAR files in the target folder:
[07/13] incubator-ranger git commit: RANGER-488: added an ANT script
to do build-release
Posted by ma...@apache.org.
RANGER-488: added an ANT script to do build-release
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/80348584
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/80348584
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/80348584
Branch: refs/heads/tag-policy
Commit: 803485841366d4c73ef3dd0add178ee7a952d178
Parents: 2c16bc8
Author: sneethiraj <sn...@apache.org>
Authored: Tue May 19 03:00:11 2015 -0400
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 15:08:22 2015 -0700
----------------------------------------------------------------------
release-build.xml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 74 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/80348584/release-build.xml
----------------------------------------------------------------------
diff --git a/release-build.xml b/release-build.xml
new file mode 100644
index 0000000..0625408
--- /dev/null
+++ b/release-build.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project name="Apache Ranger Release Tasks" default="build-release">
+ <description>
+ Apache Ranger Build Release Tasks
+ </description>
+
+ <property name="release-dir" value="target" />
+ <property name="release-name" value="ranger-${ranger-release-version}" />
+
+ <property name="build-release-tar-file" value="${release-name}.tar.gz" />
+
+ <target name="version-check">
+ <fail message="Missing ranger-release-version; -Dranger-release-version=<version-number> should be defined"
+ unless="ranger-release-version" />
+ </target>
+
+ <target name="build-release" depends="version-check">
+ <tstamp/>
+ <exec executable="mvn">
+ <arg value="clean" />
+ </exec>
+ <mkdir dir="${release-dir}" />
+ <tar destfile="${release-dir}/${build-release-tar-file}" compression="gzip" longfile="posix">
+ <tarfileset prefix="${release-name}" dir=".">
+ <exclude name="git" />
+ <exclude name="*/.gitignore" />
+ <exclude name=".settings/**" />
+ <exclude name="*/.settings/**" />
+ <exclude name=".classpath" />
+ <exclude name="*/.classpath" />
+ <exclude name=".project" />
+ <exclude name="*/.project" />
+ <exclude name="winpkg/*" />
+ <exclude name="hdfs-agent/dependency-reduced-pom.xml" />
+ <exclude name="*/bin/**" />
+ <exclude name="*/target/**" />
+ <exclude name="**/.DS_Store" />
+ <exclude name="release-build.xml" />
+ <exclude name="target/**" />
+ </tarfileset>
+ </tar>
+
+ <exec executable="gpg">
+ <arg value="--armor" />
+ <arg value="--output" />
+ <arg value="${release-dir}/${build-release-tar-file}.asc" />
+ <arg value="--detach-sig" />
+ <arg value="${release-dir}/${build-release-tar-file}" />
+ </exec>
+
+ <exec executable="gpg" output="${release-dir}/${build-release-tar-file}.mds">
+ <arg value="--print-mds" />
+ <arg value="${release-dir}/${build-release-tar-file}" />
+ </exec>
+
+ </target>
+
+</project>