You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2019/08/21 16:40:15 UTC
[ranger] branch master updated: RANGER-2526: Log does not get
generated for "Deny All Other Accesses" toggle button available on Policy
page
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new f04b3e4 RANGER-2526: Log does not get generated for "Deny All Other Accesses" toggle button available on Policy page
f04b3e4 is described below
commit f04b3e4e6629dd468765633d8e5f2dcb5008ef6a
Author: mateenmansoori <ma...@gmail.com>
AuthorDate: Fri Aug 16 18:57:46 2019 +0530
RANGER-2526: Log does not get generated for "Deny All Other Accesses" toggle button available on Policy page
Signed-off-by: Pradeep <pr...@apache.org>
---
.../apache/ranger/service/RangerPolicyService.java | 94 +++++++++++++++++-----
.../ranger/service/TestRangerPolicyService.java | 1 +
2 files changed, 76 insertions(+), 19 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
index 95342c3..78954af 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
@@ -25,6 +25,7 @@ import java.util.List;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.biz.RangerPolicyRetriever;
@@ -74,6 +75,8 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
public static final String POLICY_VALIDITYSCHEDULES_CLASS_FIELD_NAME="validitySchedules";
public static final String POLICY_PRIORITY_CLASS_FIELD_NAME="policyPriority";
public static final String POLICY_CONDITION_CLASS_FIELD_NAME="conditions";
+ public static final String POLICY_IS_DENY_ALL_ELSE_CLASS_FIELD_NAME="isDenyAllElse";
+ public static final String POLICY_ZONE_NAME_CLASS_FIELD_NAME="zoneName";
static HashMap<String, VTrxLogAttr> trxLogAttrs = new HashMap<String, VTrxLogAttr>();
String actionCreate;
@@ -99,6 +102,7 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
trxLogAttrs.put("validitySchedules", new VTrxLogAttr("validitySchedules", "Validity Schedules", false));
trxLogAttrs.put("policyPriority", new VTrxLogAttr("policyPriority", "Priority", false));
trxLogAttrs.put("zoneName", new VTrxLogAttr("zoneName", "Zone Name", false));
+ trxLogAttrs.put("isDenyAllElse", new VTrxLogAttr("isDenyAllElse", "Deny All Other Accesses", false));
}
public RangerPolicyService() {
@@ -190,7 +194,21 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
return trxLogList;
}
-
+
+ public String restrictIsDenyAllElseLogForMaskingAndRowfilterPolicy(String fieldName, RangerPolicy vObj,
+ int action) {
+ String result = "";
+ if (StringUtils.isNotBlank(fieldName)
+ && StringUtils.equalsIgnoreCase(fieldName.trim(), POLICY_IS_DENY_ALL_ELSE_CLASS_FIELD_NAME)
+ && vObj != null) {
+
+ if (vObj.getPolicyType() == RangerPolicy.POLICY_TYPE_ROWFILTER
+ || vObj.getPolicyType() == RangerPolicy.POLICY_TYPE_DATAMASK) {
+ result = null;
+ }
+ }
+ return result;
+ }
private XXTrxLog processFieldToCreateTrxLog(Field field, String objectName,
RangerPolicy vObj, XXPolicy mObj, RangerPolicy oldPolicy, int action) {
@@ -256,21 +274,35 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
value = processPriorityClassFieldNameForTrxLog(field.get(vObj));
} else if (IS_AUDIT_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processIsAuditEnabledClassFieldNameForTrxLog(field.get(vObj));
- } else {
+ } else if (POLICY_IS_DENY_ALL_ELSE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
+ value = processIsAuditEnabledClassFieldNameForTrxLog(field.get(vObj));
+ } else if (POLICY_ZONE_NAME_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
+ value = processPolicyNameForTrxLog(field.get(vObj));
+ }
+ else {
value = "" + field.get(vObj);
}
}
if (action == OPERATION_CREATE_CONTEXT) {
+ if(restrictIsDenyAllElseLogForMaskingAndRowfilterPolicy(fieldName, vObj, action) == null) {
+ return null;
+ }
if (stringUtil.isEmpty(value)) {
return null;
}
xTrxLog.setNewValue(value);
actionString = actionCreate;
} else if (action == OPERATION_DELETE_CONTEXT) {
+ if(restrictIsDenyAllElseLogForMaskingAndRowfilterPolicy(fieldName, vObj, action) == null) {
+ return null;
+ }
xTrxLog.setPreviousValue(value);
actionString = actionDelete;
} else if (action == OPERATION_UPDATE_CONTEXT) {
+ if(restrictIsDenyAllElseLogForMaskingAndRowfilterPolicy(fieldName, vObj, action) == null) {
+ return null;
+ }
actionString = actionUpdate;
String oldValue = null;
Field[] mFields = mObj.getClass().getDeclaredFields();
@@ -360,15 +392,18 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
oldValue = processPolicyItemsForTrxLog(oldPolicy.getConditions());
}
}
- if (oldValue == null || oldValue.equalsIgnoreCase(value)) {
- if (field.getName().equalsIgnoreCase("zoneName") && !(stringUtil.isEmpty(value))) {
- oldValue=value;
- } else {
- return null;
- }
- } else if (POLICY_RESOURCE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
+ else if (POLICY_ZONE_NAME_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
+ oldValue = oldPolicy != null ? processPolicyNameForTrxLog(oldPolicy.getZoneName()) : "";
+
+ } else if (POLICY_IS_DENY_ALL_ELSE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
+ oldValue = oldPolicy != null
+ ? processIsAuditEnabledClassFieldNameForTrxLog(String.valueOf(oldPolicy.getIsDenyAllElse()))
+ : "";
+ }
+ //start comparing old and new values
+ if (POLICY_RESOURCE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// Compare old and new resources
- if(compareTwoPolicyResources(value, oldValue)) {
+ if (compareTwoPolicyResources(value, oldValue)) {
return null;
}
} else if (POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
@@ -398,7 +433,7 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
}
} else if (POLICY_DESCRIPTION_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
//compare old and new Description
- if(org.apache.commons.lang.StringUtils.equals(value, oldValue)) {
+ if(StringUtils.equals(value, oldValue)) {
return null;
}
} else if (DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
@@ -411,13 +446,9 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
if(compareTwoRowFilterPolicyItemList(value, oldValue)) {
return null;
}
- } else if (IS_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
- if (oldPolicy != null) {
- oldValue = processPolicyNameForTrxLog(String.valueOf(oldPolicy.getIsEnabled()));
- }
- } else if (IS_AUDIT_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
- if (oldPolicy != null) {
- oldValue = processPolicyNameForTrxLog(String.valueOf(oldPolicy.getIsAuditEnabled()));
+ }else if (IS_AUDIT_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
+ if(compareTwoPolicyName(value, oldValue)) {
+ return null;
}
} else if (IS_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if(compareTwoPolicyName(value, oldValue)) {
@@ -432,17 +463,42 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
return null;
}
}
+ else if (POLICY_ZONE_NAME_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
+ if(StringUtils.isBlank(oldValue)) {
+ if (!(stringUtil.isEmpty(value) && compareTwoPolicyName(value, oldValue))) {
+ oldValue=value;
+ }else {
+ return null;
+ }
+ }
+ }
+ else if (POLICY_IS_DENY_ALL_ELSE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
+ // comparing old and new value for isDenyAllElse
+ if (compareTwoPolicyName(value, oldValue)) {
+ return null;
+ }
+ }else if (POLICY_PRIORITY_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
+ if(StringUtils.equals(value, oldValue)) {
+ return null;
+ }
+ }
xTrxLog.setPreviousValue(oldValue);
xTrxLog.setNewValue(value);
}
else if (action == OPERATION_IMPORT_CREATE_CONTEXT) {
+ if(restrictIsDenyAllElseLogForMaskingAndRowfilterPolicy(fieldName, vObj, action) == null) {
+ return null;
+ }
if (stringUtil.isEmpty(value)) {
return null;
}
xTrxLog.setNewValue(value);
actionString = actionImportCreate;
} else if (action == OPERATION_IMPORT_DELETE_CONTEXT) {
+ if(restrictIsDenyAllElseLogForMaskingAndRowfilterPolicy(fieldName, vObj, action) == null) {
+ return null;
+ }
xTrxLog.setPreviousValue(value);
actionString = actionImportDelete;
}
@@ -623,7 +679,7 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
}
private boolean compareTwoPolicyName(String value, String oldValue) {
- return org.apache.commons.lang.StringUtils.equals(value, oldValue);
+ return StringUtils.equals(value, oldValue);
}
private String processPolicyNameForTrxLog(Object value) {
diff --git a/security-admin/src/test/java/org/apache/ranger/service/TestRangerPolicyService.java b/security-admin/src/test/java/org/apache/ranger/service/TestRangerPolicyService.java
index d33b24b..dfb78b6 100644
--- a/security-admin/src/test/java/org/apache/ranger/service/TestRangerPolicyService.java
+++ b/security-admin/src/test/java/org/apache/ranger/service/TestRangerPolicyService.java
@@ -123,6 +123,7 @@ public class TestRangerPolicyService {
policy.setIsAuditEnabled(true);
policy.setPolicyItems(policyItems);
policy.setResources(policyResource);
+ policy.setPolicyType(0);
return policy;
}