You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2017/01/25 21:54:12 UTC
[2/3] ranger git commit: RANGER-1324 : Analytics Metric for Ranger
KMS usage
RANGER-1324 : Analytics Metric for Ranger KMS usage
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/8ae95294
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/8ae95294
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/8ae95294
Branch: refs/heads/master
Commit: 8ae952943926a00b2ce2a33690d553dc47472235
Parents: d5fee78
Author: Ankita Sinha <an...@freestoneinfotech.com>
Authored: Wed Jan 25 14:45:27 2017 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Wed Jan 25 16:52:05 2017 -0500
----------------------------------------------------------------------
.../service-defs/ranger-servicedef-hbase.json | 2 +-
kms/scripts/ranger-kms | 10 ++
.../crypto/key/kms/server/KMSMetricUtil.java | 169 +++++++++++++++++++
.../hadoop/crypto/key/kms/server/KMSWebApp.java | 8 +-
.../apache/ranger/patch/cliutil/MetricUtil.java | 144 ++++++++++++----
.../ranger/view/VXMetricAuditDetailsCount.java | 109 ++++++++----
.../ranger/view/VXMetricUserGroupCount.java | 90 +++++++---
7 files changed, 431 insertions(+), 101 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/8ae95294/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
index 1f5f35b..71fae66 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
@@ -52,7 +52,7 @@
"level": 30,
"parent": "column-family",
"mandatory": true,
- "lookupSupported": true,
+ "lookupSupported": false,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
http://git-wip-us.apache.org/repos/asf/ranger/blob/8ae95294/kms/scripts/ranger-kms
----------------------------------------------------------------------
diff --git a/kms/scripts/ranger-kms b/kms/scripts/ranger-kms
index 5202a54..11dc4ff 100755
--- a/kms/scripts/ranger-kms
+++ b/kms/scripts/ranger-kms
@@ -19,9 +19,12 @@ if [ -z "$1" ]
then
echo "Invalid argument [$1];"
echo "Usage: Only start | stop | restart | version, are supported."
+ echo "For KMSMetric Usage: metric -type hsmenabled | encryptedkey | encryptedkeybyalgorithm"
exit;
fi
action=$1
+arg2=$2
+arg3=$3
action=`echo $action | tr '[:lower:]' '[:upper:]'`
realScriptPath=`readlink -f $0`
realScriptDir=`dirname $realScriptPath`
@@ -138,6 +141,9 @@ killRangerKMSPid () {
echo "Apache Ranger KMS Service is not running"
fi
}
+metric(){
+ java ${JAVA_OPTS} org.apache.hadoop.crypto.key.kms.server.KMSMetricUtil ${arg2} ${arg3} 2>/dev/null
+}
if [ "${action}" == "START" ]; then
if [ -f "$pidf" ] ; then
pid=`cat $pidf`
@@ -160,11 +166,15 @@ elif [ "${action}" == "RESTART" ]; then
killRangerKMSPid
createRangerKMSPid
exit
+elif [ "${action}" == "METRIC" ]; then
+ metric;
+ exit
elif [ "${action}" == "VERSION" ]; then
( cd ${RANGER_KMS_LIB_DIR} ; java -cp ranger-util-*.jar org.apache.ranger.common.RangerVersionInfo )
exit
else
echo "Invalid argument [$1];"
echo "Usage: Only start | stop | restart | version, are supported."
+ echo "For KMSMetric Usage: metric -type hsmenabled | encryptedkey | encryptedkeybyalgorithm"
exit;
fi
http://git-wip-us.apache.org/repos/asf/ranger/blob/8ae95294/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java
new file mode 100644
index 0000000..22fb03c
--- /dev/null
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java
@@ -0,0 +1,169 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.crypto.key.kms.server;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+
+public class KMSMetricUtil {
+ private static Logger logger = Logger.getLogger(KMSMetricUtil.class);
+
+ private static final String HSM_ENABLED = "ranger.ks.hsm.enabled";
+ private static String metricType;
+
+ public static void main(String[] args) {
+ logger.getRootLogger().setLevel(Level.OFF);
+ logger.info("KMSMetricUtil : main()");
+ if(args.length != 2){
+ System.out.println("type: Incorrect Arguments usage : For KMSMetric Usage: metric -type hsmenabled | encryptedkey | encryptedkeybyalgorithm");
+ }
+ else
+ {
+ if(!(args[0].equalsIgnoreCase("-type")) || !(args[1].equalsIgnoreCase("hsmenabled") || args[1].equalsIgnoreCase("encryptedkey") || args[1].equalsIgnoreCase("encryptedkeybyalgorithm"))){
+ System.out.println("type: Incorrect Arguments usage : For KMSMetric Usage: metric -type hsmenabled | encryptedkey | encryptedkeybyalgorithm");
+ }
+ else {
+ metricType = args[1];
+ if(logger.isDebugEnabled()){
+ logger.debug("KMSMetric Type : " + metricType);
+ }
+ }
+ }
+ KMSMetricUtil kmsmetricutil = new KMSMetricUtil();
+ kmsmetricutil.getKMSMetricCalculation(metricType);
+ }
+
+
+ @SuppressWarnings("static-access")
+ private void getKMSMetricCalculation(String caseValue) {
+ logger.info("Metric Type : " + caseValue);
+ try
+ {
+ switch (caseValue.toLowerCase()) {
+ case "hsmenabled":
+ try {
+ KMSConfiguration kmsConfig = new KMSConfiguration();
+ if(kmsConfig != null && kmsConfig.getACLsConf() != null) {
+ String hsmEnabledValue = kmsConfig.getACLsConf().get(HSM_ENABLED);
+ Map<String,String> hsmEnabledMap = new HashMap<String, String>();
+ if(hsmEnabledValue != null){
+ hsmEnabledMap.put("HSMEnabled", hsmEnabledValue);
+ Gson gson = new GsonBuilder().create();
+ final String jsonHSMEnabled = gson.toJson(hsmEnabledMap);
+ System.out.println(jsonHSMEnabled);
+ } else {
+ hsmEnabledMap.put("HSMEnabled", "");
+ Gson gson = new GsonBuilder().create();
+ final String jsonHSMEnabled = gson.toJson(hsmEnabledMap);
+ System.out.println(jsonHSMEnabled);
+ }
+ }
+ }
+ catch (Exception e) {
+ logger.error("Error calculating KMSMetric for HSM enabled : "+e.getMessage());
+ }
+ break;
+ case "encryptedkey":
+ try {
+ KMSWebApp kmsWebAppEncryptedKey = new KMSWebApp();
+ if(kmsWebAppEncryptedKey != null){
+ kmsWebAppEncryptedKey.contextInitialized(null);
+ KeyProviderCryptoExtension keyProvider = kmsWebAppEncryptedKey.getKeyProvider();
+ if(keyProvider != null && keyProvider.getKeys() != null){
+ Integer encryptedKeyCount = keyProvider.getKeys().size();
+ if(encryptedKeyCount != null){
+ Map<String,Integer> encryptedKeyCountValueMap = new HashMap<String, Integer>();
+ encryptedKeyCountValueMap.put("encryptedKeycount", encryptedKeyCount);
+ Gson gson = new GsonBuilder().create();
+ final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap);
+ System.out.println(jsonEncKeycount);
+ }else{
+ Map<String,String> encryptedKeyCountValueMap = new HashMap<String, String>();
+ encryptedKeyCountValueMap.put("encryptedKeycount","");
+ Gson gson = new GsonBuilder().create();
+ final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap);
+ System.out.println(jsonEncKeycount);
+ }
+
+ }
+ kmsWebAppEncryptedKey.contextDestroyed(null);
+ }
+ }
+ catch(Exception e){
+ logger.error("Error calculating KMSMetric for encrypted key count: "+e.getMessage());
+ }
+ break;
+ case "encryptedkeybyalgorithm":
+ try {
+ KMSWebApp kmsWebApp = new KMSWebApp();
+ if(kmsWebApp != null)
+ {
+ kmsWebApp.contextInitialized(null);
+ KeyProviderCryptoExtension keyProvider = kmsWebApp.getKeyProvider();
+ if(keyProvider != null && keyProvider.getKeys() != null){
+ List<String> keyList = new ArrayList<String>();
+ keyList.addAll(keyProvider.getKeys());
+ if(keyList != null){
+ Map<String,Integer> encryptedKeyByAlgorithmCountMap = new HashMap<String, Integer>();
+ int count = 0;
+ for (int i = 0; i < keyList.size(); i++) {
+ String algorithmName = keyProvider.getMetadata(keyList.get(i)).getCipher();
+ if(encryptedKeyByAlgorithmCountMap.containsKey(algorithmName)) {
+ count = encryptedKeyByAlgorithmCountMap.get(algorithmName);
+ count += 1;
+ encryptedKeyByAlgorithmCountMap.put(algorithmName, count);
+ }
+ else {
+ encryptedKeyByAlgorithmCountMap.put(algorithmName, 1);
+ }
+ }
+ Gson gson = new GsonBuilder().create();
+ final String jsonEncKeyByAlgo = gson.toJson(encryptedKeyByAlgorithmCountMap);
+ System.out.println(jsonEncKeyByAlgo);
+ }
+ kmsWebApp.contextDestroyed(null);
+ }else{
+ Map<String,String> encryptedKeyByAlgorithmCountMap = new HashMap<String, String>();
+ encryptedKeyByAlgorithmCountMap.put("encryptedkeybyalgorithm", " ");
+ Gson gson = new GsonBuilder().create();
+ final String jsonEncKeyByAlgo = gson.toJson(encryptedKeyByAlgorithmCountMap);
+ System.out.println(jsonEncKeyByAlgo);
+ }
+ }
+ }
+ catch (IOException e) {
+ logger.error("Error calculating KMSMetric for encrypted key by algorithm : "+e.getMessage());
+ }
+ break;
+ default:
+ System.out.println("type: Incorrect Arguments usage : For KMSMetric Usage: metric -type hsmenabled | encryptedkey | encryptedkeybyalgorithm");
+ break;
+ }
+ }
+ catch (Exception e) {
+ logger.error("Error calculating KMSMetric : "+e.getMessage());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/ranger/blob/8ae95294/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
index 2ecaff5..b2540cb 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
@@ -158,10 +158,10 @@ public class KMSWebApp implements ServletContextListener {
// this is required for the the JMXJsonServlet to work properly.
// the JMXJsonServlet is behind the authentication filter,
// thus the '*' ACL.
- sce.getServletContext().setAttribute(HttpServer2.CONF_CONTEXT_ATTRIBUTE,
- kmsConf);
- sce.getServletContext().setAttribute(HttpServer2.ADMINS_ACL,
- new AccessControlList(AccessControlList.WILDCARD_ACL_VALUE));
+ if(sce != null) {
+ sce.getServletContext().setAttribute(HttpServer2.CONF_CONTEXT_ATTRIBUTE, kmsConf);
+ sce.getServletContext().setAttribute(HttpServer2.ADMINS_ACL, new AccessControlList(AccessControlList.WILDCARD_ACL_VALUE));
+ }
// intializing the KeyProvider
String providerString = kmsConf.get(KMSConfiguration.KEY_PROVIDER_URI);
http://git-wip-us.apache.org/repos/asf/ranger/blob/8ae95294/security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java
index 50a0d37..77b3f95 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java
@@ -16,19 +16,26 @@
*/
package org.apache.ranger.patch.cliutil;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Date;
+import org.apache.ranger.common.DateUtil;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
+import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.biz.AssetMgr;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.biz.XUserMgr;
import org.apache.ranger.common.AppConstants;
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.patch.BaseLoader;
@@ -40,6 +47,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
import org.apache.ranger.plugin.store.PList;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.util.CLIUtil;
+import org.apache.ranger.util.RestUtil;
import org.apache.ranger.view.VXAccessAuditList;
import org.apache.ranger.view.VXGroupList;
import org.apache.ranger.view.VXMetricContextEnricher;
@@ -73,6 +81,9 @@ public class MetricUtil extends BaseLoader {
@Autowired
RangerBizUtil xaBizUtil;
+ @Autowired
+ RESTErrorUtil restErrorUtil;
+
public static void main(String[] args) {
logger.getRootLogger().setLevel(Level.OFF);
logger.info("MetricUtil : main()");
@@ -82,7 +93,7 @@ public class MetricUtil extends BaseLoader {
if(args.length != 2){
System.out.println("type: Incorrect Arguments usage : -type policies | audits | usergroup | services | database | contextenrichers | denyconditions");
}else {
- if((!args[0].equalsIgnoreCase("-type")) && (!args[1].equalsIgnoreCase("policies") || !args[1].equalsIgnoreCase("audits") || !args[1].equalsIgnoreCase("usergroup") || !args[1].equalsIgnoreCase("services") || !args[1].equalsIgnoreCase("database") || !args[1].equalsIgnoreCase("contextenrichers") || !args[1].equalsIgnoreCase("denyconditions"))){
+ if(!(args[0].equalsIgnoreCase("-type")) || !(args[1].equalsIgnoreCase("policies") || args[1].equalsIgnoreCase("audits") || args[1].equalsIgnoreCase("usergroup") || args[1].equalsIgnoreCase("services") || args[1].equalsIgnoreCase("database") || args[1].equalsIgnoreCase("contextenrichers") || args[1].equalsIgnoreCase("denyconditions"))){
System.out.println("type: Incorrect Arguments usage : -type policies | audits | usergroup | services | database | contextenrichers | denyconditions");
}else{
metricType = args[1];
@@ -119,7 +130,7 @@ public class MetricUtil extends BaseLoader {
public void printStats() {
}
- private Object metricCalculation(String caseValue) {
+ private void metricCalculation(String caseValue) {
logger.info("Metric Type : " + caseValue);
try {
SearchCriteria searchCriteria = new SearchCriteria();
@@ -131,42 +142,92 @@ public class MetricUtil extends BaseLoader {
switch (caseValue.toLowerCase()) {
case "usergroup":
try {
- VXGroupList VXGroupList = xUserMgr.searchXGroups(searchCriteria);
-
- long groupCount = VXGroupList.getTotalCount();
-
- ArrayList<String> userRoleList = new ArrayList<String>();
- userRoleList.add(RangerConstants.ROLE_SYS_ADMIN);
- userRoleList.add(RangerConstants.ROLE_KEY_ADMIN);
- userRoleList.add(RangerConstants.ROLE_USER);
- searchCriteria.addParam("userRoleList", userRoleList);
- VXUserList VXUserList = xUserMgr.searchXUsers(searchCriteria);
- long userCount = VXUserList.getTotalCount();
+ VXGroupList vxGroupList = xUserMgr.searchXGroups(searchCriteria);
+ long groupCount = vxGroupList.getTotalCount();
+
+ ArrayList<String> userKeyAdminRoleCount = new ArrayList<String>();
+ userKeyAdminRoleCount.add(RangerConstants.ROLE_SYS_ADMIN);
+ long userSysAdminCount = getUserCountBasedOnUserRole(userKeyAdminRoleCount);
+
+ ArrayList<String> userRoleListKeyRoleAdmin = new ArrayList<String>();
+ userRoleListKeyRoleAdmin.add(RangerConstants.ROLE_KEY_ADMIN);
+ long userKeyAdminCount = getUserCountBasedOnUserRole(userRoleListKeyRoleAdmin);
+
+ ArrayList<String> userRoleListUser = new ArrayList<String>();
+ userRoleListUser.add(RangerConstants.ROLE_USER);
+ long userRoleCount = getUserCountBasedOnUserRole(userRoleListUser);
+
+ long userTotalCount = userSysAdminCount + userKeyAdminCount + userRoleCount;
+
VXMetricUserGroupCount metricUserGroupCount = new VXMetricUserGroupCount();
- metricUserGroupCount.setUserCount(userCount);
+ metricUserGroupCount.setUserCountOfUserRole(userRoleCount);
+ metricUserGroupCount.setUserCountOfKeyAdminRole(userKeyAdminCount);
+ metricUserGroupCount.setUserCountOfSysAdminRole(userSysAdminCount);
+ metricUserGroupCount.setUserTotalCount(userTotalCount);
metricUserGroupCount.setGroupCount(groupCount);
Gson gson = new GsonBuilder().create();
final String jsonUserGroupCount = gson.toJson(metricUserGroupCount);
System.out.println(jsonUserGroupCount);
} catch (Exception e) {
- logger.error("Error for calculating Metric for usergroup : "+ e.getMessage());
+ logger.error("Error calculating Metric for usergroup : "+ e.getMessage());
}
break;
case "audits":
try{
+ int clientTimeOffsetInMinute = RestUtil.getClientTimeOffset();
+ String defaultDateFormat="MM/dd/yyyy";
+ DateFormat formatter = new SimpleDateFormat(defaultDateFormat);
+
VXMetricAuditDetailsCount auditObj = new VXMetricAuditDetailsCount();
- VXMetricServiceCount deniedCountObj = getAuditsCount(0);
- auditObj.setDenialEventsCount(deniedCountObj);
- VXMetricServiceCount allowedCountObj = getAuditsCount(1);
- auditObj.setAccessEventsCount(allowedCountObj);
- long totalAuditsCount = deniedCountObj.getTotalCount() + allowedCountObj.getTotalCount();
- auditObj.setSolrIndexCount(totalAuditsCount);
+ DateUtil dateUtilTwoDays = new DateUtil();
+ Date startDateUtilTwoDays = dateUtilTwoDays.getDateFromNow(-2);
+ Date dStart2 = restErrorUtil.parseDate(formatter.format(startDateUtilTwoDays),
+ "Invalid value for startDate",
+ MessageEnums.INVALID_INPUT_DATA, null, "startDate", defaultDateFormat);
+
+ Date endDateTwoDays = MiscUtil.getUTCDate();
+ Date dEnd2 = restErrorUtil.parseDate(formatter.format(endDateTwoDays),
+ "Invalid value for endDate",
+ MessageEnums.INVALID_INPUT_DATA, null, "endDate", defaultDateFormat);
+ dEnd2 = dateUtilTwoDays.getDateFromGivenDate(dEnd2, 0, 23, 59, 59);
+ dEnd2 = dateUtilTwoDays.addTimeOffset(dEnd2, clientTimeOffsetInMinute);
+ VXMetricServiceCount deniedCountObj = getAuditsCount(0,dStart2,dEnd2);
+ auditObj.setDenialEventsCountTwoDays(deniedCountObj);
+
+ VXMetricServiceCount allowedCountObj = getAuditsCount(1,dStart2,dEnd2);
+ auditObj.setAccessEventsCountTwoDays(allowedCountObj);
+
+ long totalAuditsCountTwoDays = deniedCountObj.getTotalCount() + allowedCountObj.getTotalCount();
+ auditObj.setSolrIndexCountTwoDays(totalAuditsCountTwoDays);
+
+ DateUtil dateUtilWeek = new DateUtil();
+ Date startDateUtilWeek = dateUtilWeek.getDateFromNow(-7);
+ Date dStart7 = restErrorUtil.parseDate(formatter.format(startDateUtilWeek),
+ "Invalid value for startDate",
+ MessageEnums.INVALID_INPUT_DATA, null, "startDate", defaultDateFormat);
+
+ Date endDateWeek = MiscUtil.getUTCDate();
+ DateUtil dateUtilweek = new DateUtil();
+ Date dEnd7 = restErrorUtil.parseDate(formatter.format(endDateWeek),
+ "Invalid value for endDate",
+ MessageEnums.INVALID_INPUT_DATA, null, "endDate", defaultDateFormat);
+ dEnd7 = dateUtilweek.getDateFromGivenDate(dEnd7,0, 23, 59, 59 );
+ dEnd7 = dateUtilweek.addTimeOffset(dEnd7, clientTimeOffsetInMinute);
+ VXMetricServiceCount deniedCountObjWeek = getAuditsCount(0,dStart7,dEnd7);
+ auditObj.setDenialEventsCountWeek(deniedCountObjWeek);
+
+ VXMetricServiceCount allowedCountObjWeek = getAuditsCount(1,dStart7,dEnd7);
+ auditObj.setAccessEventsCountWeek(allowedCountObjWeek);
+
+ long totalAuditsCountWeek = deniedCountObjWeek.getTotalCount() + allowedCountObjWeek.getTotalCount();
+ auditObj.setSolrIndexCountWeek(totalAuditsCountWeek);
+
Gson gson = new GsonBuilder().create();
final String jsonAudit = gson.toJson(auditObj);
System.out.println(jsonAudit);
}catch (Exception e) {
- logger.error("Error for calculating Metric for audits : "+e.getMessage());
+ logger.error("Error calculating Metric for audits : "+e.getMessage());
}
break;
case "services" :
@@ -198,7 +259,7 @@ public class MetricUtil extends BaseLoader {
final String jsonServices = gson.toJson(vXMetricServiceCount);
System.out.println(jsonServices);
}catch (Exception e) {
- logger.error("Error for calculating Metric for services : "+e.getMessage());
+ logger.error("Error calculating Metric for services : "+e.getMessage());
}
break;
case "policies" :
@@ -229,7 +290,7 @@ public class MetricUtil extends BaseLoader {
{
policyFilter.setParam("serviceType","tag");
PList<RangerPolicy> policiestype = svcStore.getPaginatedPolicies(policyFilter);
- Map<String,Long> tagMap= new HashMap<String,Long>();
+ Map<String,Long> tagMap = new HashMap<String,Long>();
long tagCount = policiestype.getTotalCount();
tagMap.put("tag",tagCount);
VXMetricServiceCount vXMetricServiceCount = new VXMetricServiceCount();
@@ -243,7 +304,7 @@ public class MetricUtil extends BaseLoader {
final String jsonPolicies = gson.toJson(vXMetricPolicyCount);
System.out.println(jsonPolicies);
}catch (Exception e) {
- logger.error("Error for calculating Metric for policies : "+e.getMessage());
+ logger.error("Error calculating Metric for policies : "+e.getMessage());
}
break;
case "database" :
@@ -266,7 +327,7 @@ public class MetricUtil extends BaseLoader {
final String jsonDBDetail = gson.toJson(dbDetail);
System.out.println(jsonDBDetail);
}catch (Exception e) {
- logger.error("Error for calculating Metric for database : "+e.getMessage());
+ logger.error("Error calculating Metric for database : "+e.getMessage());
}
break;
case "contextenrichers":
@@ -274,7 +335,7 @@ public class MetricUtil extends BaseLoader {
{
SearchFilter filter = new SearchFilter();
filter.setStartIndex(0);
- VXMetricContextEnricher serviceWithContextEnrichers= new VXMetricContextEnricher();
+ VXMetricContextEnricher serviceWithContextEnrichers = new VXMetricContextEnricher();
PList<RangerServiceDef> paginatedSvcDefs = svcStore.getPaginatedServiceDefs(filter);
List<RangerServiceDef> repoTypeList = paginatedSvcDefs.getList();
if(repoTypeList != null){
@@ -294,7 +355,7 @@ public class MetricUtil extends BaseLoader {
System.out.println(jsonContextEnrichers);
}
catch (Exception e) {
- logger.error("Error for calculating Metric for contextenrichers : "+e.getMessage());
+ logger.error("Error calculating Metric for contextenrichers : "+e.getMessage());
}
break;
case "denyconditions":
@@ -324,7 +385,7 @@ public class MetricUtil extends BaseLoader {
int policyListCount = policiesList.getListSize();
if (policyListCount > 0 && policiesList.getList() != null) {
List<RangerPolicy> policies = policiesList.getList();
- for(int j=0; j<policies.size(); j++){
+ for(int j = 0; j < policies.size(); j++){
if(policies.get(j) != null){
List<RangerPolicyItem> policyItem = policies.get(j).getDenyPolicyItems();
if(policyItem != null && policyItem.size() > 0){
@@ -358,7 +419,7 @@ public class MetricUtil extends BaseLoader {
String jsonContextDenyCondtionOn = gson.toJson(denyconditionsonMap);
System.out.println(jsonContextDenyCondtionOn);
} catch (Exception e) {
- logger.error("Error for calculating Metric for denyconditions : "+ e.getMessage());
+ logger.error("Error calculating Metric for denyconditions : "+ e.getMessage());
}
break;
default:
@@ -367,9 +428,8 @@ public class MetricUtil extends BaseLoader {
break;
}
} catch(Exception e) {
- logger.error("Error for calculating Metric : "+e.getMessage());
+ logger.error("Error calculating Metric : "+e.getMessage());
}
- return null;
}
private VXMetricServiceCount getVXMetricServiceCount(String serviceType) throws Exception
@@ -402,7 +462,7 @@ public class MetricUtil extends BaseLoader {
servicesforPolicyType.put(serviceName,count);
}
else{
- tagCount=count;
+ tagCount = count;
}
}
}
@@ -414,12 +474,11 @@ public class MetricUtil extends BaseLoader {
return vXMetricServiceCount;
}
- private VXMetricServiceCount getAuditsCount(int accessResult) throws Exception {
-
+ private VXMetricServiceCount getAuditsCount(int accessResult, Date startDate, Date endDate) throws Exception
+ {
long totalCountOfAudits = 0;
SearchFilter filter = new SearchFilter();
filter.setStartIndex(0);
-
Map<String,Long> servicesRepoType = new HashMap<String,Long>();
VXMetricServiceCount vXMetricServiceCount = new VXMetricServiceCount();
PList<RangerServiceDef> paginatedSvcDefs = svcStore.getPaginatedServiceDefs(filter);
@@ -431,6 +490,8 @@ public class MetricUtil extends BaseLoader {
SearchCriteria searchCriteriaWithType = new SearchCriteria();
searchCriteriaWithType.getParamList().put("repoType",id);
searchCriteriaWithType.getParamList().put("accessResult", accessResult);
+ searchCriteriaWithType.addParam("startDate",startDate);
+ searchCriteriaWithType.addParam("endDate",endDate);
VXAccessAuditList vXAccessAuditListwithType = assetMgr.getAccessLogs(searchCriteriaWithType);
long toltalCountOfRepo = vXAccessAuditListwithType.getTotalCount();
if(toltalCountOfRepo != 0)
@@ -443,4 +504,15 @@ public class MetricUtil extends BaseLoader {
vXMetricServiceCount.setTotalCount(totalCountOfAudits);
return vXMetricServiceCount;
}
+ private Long getUserCountBasedOnUserRole(@SuppressWarnings("rawtypes") List userRoleList) {
+ SearchCriteria searchCriteria = new SearchCriteria();
+ searchCriteria.setStartIndex(0);
+ searchCriteria.setMaxRows(100);
+ searchCriteria.setGetCount(true);
+ searchCriteria.setSortType("asc");
+ searchCriteria.addParam("userRoleList", userRoleList);
+ VXUserList VXUserListKeyAdmin = xUserMgr.searchXUsers(searchCriteria);
+ long userCount = VXUserListKeyAdmin.getTotalCount();
+ return userCount;
+ }
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/8ae95294/security-admin/src/main/java/org/apache/ranger/view/VXMetricAuditDetailsCount.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXMetricAuditDetailsCount.java b/security-admin/src/main/java/org/apache/ranger/view/VXMetricAuditDetailsCount.java
index ada6e82..788c314 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXMetricAuditDetailsCount.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXMetricAuditDetailsCount.java
@@ -30,65 +30,102 @@ import org.codehaus.jackson.map.annotate.JsonSerialize;
public class VXMetricAuditDetailsCount implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- protected Long solrIndexCount;
- protected VXMetricServiceCount accessEventsCount;
- protected VXMetricServiceCount denialEventsCount;
-
+ protected Long solrIndexCountTwoDays;
+ protected VXMetricServiceCount accessEventsCountTwoDays;
+ protected VXMetricServiceCount denialEventsCountTwoDays;
+ protected Long solrIndexCountWeek;
+ protected VXMetricServiceCount accessEventsCountWeek;
+ protected VXMetricServiceCount denialEventsCountWeek;
/**
* Default constructor. This will set all the attributes to default value.
*/
public VXMetricAuditDetailsCount() {
}
-
/**
- * @return the solrIndexCount
+ * @return the solrIndexCountTwoDays
*/
- public Long getSolrIndexCount() {
- return solrIndexCount;
+ public Long getSolrIndexCountTwoDays() {
+ return solrIndexCountTwoDays;
}
-
/**
- * @param solrIndexCount the solrIndexCount to set
+ * @param solrIndexCountTwoDays the solrIndexCountTwoDays to set
*/
- public void setSolrIndexCount(Long solrIndexCount) {
- this.solrIndexCount = solrIndexCount;
+ public void setSolrIndexCountTwoDays(Long solrIndexCountTwoDays) {
+ this.solrIndexCountTwoDays = solrIndexCountTwoDays;
}
-
/**
- * @return the accessEventsCount
+ * @return the accessEventsCountTwoDays
*/
- public VXMetricServiceCount getAccessEventsCount() {
- return accessEventsCount;
+ public VXMetricServiceCount getAccessEventsCountTwoDays() {
+ return accessEventsCountTwoDays;
}
-
/**
- * @param accessEventsCount the accessEventsCount to set
+ * @param accessEventsCountTwoDays the accessEventsCountTwoDays to set
*/
- public void setAccessEventsCount(VXMetricServiceCount accessEventsCount) {
- this.accessEventsCount = accessEventsCount;
+ public void setAccessEventsCountTwoDays(
+ VXMetricServiceCount accessEventsCountTwoDays) {
+ this.accessEventsCountTwoDays = accessEventsCountTwoDays;
}
-
/**
- * @return the denialEventsCount
+ * @return the denialEventsCountTwoDays
*/
- public VXMetricServiceCount getDenialEventsCount() {
- return denialEventsCount;
+ public VXMetricServiceCount getDenialEventsCountTwoDays() {
+ return denialEventsCountTwoDays;
}
-
/**
- * @param denialEventsCount the denialEventsCount to set
+ * @param denialEventsCountTwoDays the denialEventsCountTwoDays to set
*/
- public void setDenialEventsCount(VXMetricServiceCount denialEventsCount) {
- this.denialEventsCount = denialEventsCount;
+ public void setDenialEventsCountTwoDays(
+ VXMetricServiceCount denialEventsCountTwoDays) {
+ this.denialEventsCountTwoDays = denialEventsCountTwoDays;
}
-
+ /**
+ * @return the solrIndexCountWeek
+ */
+ public Long getSolrIndexCountWeek() {
+ return solrIndexCountWeek;
+ }
+ /**
+ * @param solrIndexCountWeek the solrIndexCountWeek to set
+ */
+ public void setSolrIndexCountWeek(Long solrIndexCountWeek) {
+ this.solrIndexCountWeek = solrIndexCountWeek;
+ }
+ /**
+ * @return the accessEventsCountWeek
+ */
+ public VXMetricServiceCount getAccessEventsCountWeek() {
+ return accessEventsCountWeek;
+ }
+ /**
+ * @param accessEventsCountWeek the accessEventsCountWeek to set
+ */
+ public void setAccessEventsCountWeek(VXMetricServiceCount accessEventsCountWeek) {
+ this.accessEventsCountWeek = accessEventsCountWeek;
+ }
+ /**
+ * @return the denialEventsCountWeek
+ */
+ public VXMetricServiceCount getDenialEventsCountWeek() {
+ return denialEventsCountWeek;
+ }
+ /**
+ * @param denialEventsCountWeek the denialEventsCountWeek to set
+ */
+ public void setDenialEventsCountWeek(VXMetricServiceCount denialEventsCountWeek) {
+ this.denialEventsCountWeek = denialEventsCountWeek;
+ }
+ /* (non-Javadoc)
+ * @see java.lang.Object#toString()
+ */
@Override
public String toString() {
- String str = "VXMetricAuditDetailsCount=[";
- str += "solrIndexCount={" + solrIndexCount + "},";
- str += "accessEventsCount={" + accessEventsCount.toString() + "}, ";
- str += "denialEventsCount={" + denialEventsCount.toString() + "} ";
- str += "]";
- return str;
- }
+ return "VXMetricAuditDetailsCount [solrIndexCountTwoDays="
+ + solrIndexCountTwoDays + ", accessEventsCountTwoDays="
+ + accessEventsCountTwoDays + ", denialEventsCountTwoDays="
+ + denialEventsCountTwoDays + ", solrIndexCountWeek="
+ + solrIndexCountWeek + ", accessEventsCountWeek="
+ + accessEventsCountWeek + ", denialEventsCountWeek="
+ + denialEventsCountWeek + "]";
+ }
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/8ae95294/security-admin/src/main/java/org/apache/ranger/view/VXMetricUserGroupCount.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXMetricUserGroupCount.java b/security-admin/src/main/java/org/apache/ranger/view/VXMetricUserGroupCount.java
index 833606f..345465d 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXMetricUserGroupCount.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXMetricUserGroupCount.java
@@ -31,49 +31,91 @@ import org.codehaus.jackson.map.annotate.JsonSerialize;
public class VXMetricUserGroupCount implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- protected Long userCount;
protected Long groupCount;
-
+ protected Long userCountOfUserRole;
+ protected Long userCountOfKeyAdminRole;
+ protected Long userCountOfSysAdminRole;
+ protected Long userTotalCount;
+
/**
* Default constructor. This will set all the attributes to default value.
*/
public VXMetricUserGroupCount() {
}
-
- /**
- * @return the userCount
- */
- public Long getUserCount() {
- return userCount;
- }
-
- /**
- * @param userCount the userCount to set
- */
- public void setUserCount(Long userCount) {
- this.userCount = userCount;
- }
-
/**
* @return the groupCount
*/
public Long getGroupCount() {
return groupCount;
}
-
/**
* @param groupCount the groupCount to set
*/
public void setGroupCount(Long groupCount) {
this.groupCount = groupCount;
}
-
+ /**
+ * @return the userTotalCount
+ */
+ public Long getUserTotalCount() {
+ return userTotalCount;
+ }
+ /**
+ * @param userTotalCount the userTotalCount to set
+ */
+ public void setUserTotalCount(Long userTotalCount) {
+ this.userTotalCount = userTotalCount;
+ }
+ /**
+ * @return the userCountOfUserRole
+ */
+ public Long getUserCountOfUserRole() {
+ return userCountOfUserRole;
+ }
+ /**
+ * @param userCountOfUserRole the userCountOfUserRole to set
+ */
+ public void setUserCountOfUserRole(Long userCountOfUserRole) {
+ this.userCountOfUserRole = userCountOfUserRole;
+ }
+ /**
+ * @return the userCountOfKeyAdminRole
+ */
+ public Long getUserCountOfKeyAdminRole() {
+ return userCountOfKeyAdminRole;
+ }
+ /**
+ * @param userCountOfKeyAdminRole the userKeyAdminRoleCount to set
+ */
+ public void setUserCountOfKeyAdminRole(Long userCountOfKeyAdminRole) {
+ this.userCountOfKeyAdminRole = userCountOfKeyAdminRole;
+ }
+ /**
+ * @return the userCountOfSysAdminRole
+ */
+ public Long getUserCountOfSysAdminRole() {
+ return userCountOfSysAdminRole;
+ }
+ /**
+ * @param userCountOfSysAdminRole the userCountOfSysAdminRole to set
+ */
+ public void setUserCountOfSysAdminRole(Long userCountOfSysAdminRole) {
+ this.userCountOfSysAdminRole = userCountOfSysAdminRole;
+ }
+ /* (non-Javadoc)
+ * @see java.lang.Object#toString()
+ */
+ /* (non-Javadoc)
+ * @see java.lang.Object#toString()
+ */
@Override
public String toString() {
- String str = "VXMetricUserGroupCount={";
- str += "userCount={" + userCount + "} ";
- str += "groupCount={" + groupCount + "} ";
- str += "}";
- return str;
+ return "VXMetricUserGroupCount [groupCount=" + groupCount
+ + ", userCountBasedOnUserRole=" + userCountOfUserRole
+ + ", userKeyAdminRoleCount=" + userCountOfKeyAdminRole
+ + ", userSysAdminCount=" + userCountOfSysAdminRole
+ + ", userTotalCount=" + userTotalCount + "]";
}
+
+
}
\ No newline at end of file