You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ga...@apache.org on 2016/05/31 06:04:31 UTC
[1/3] incubator-ranger git commit: RANGER-900 : Remove support for DB
based auditing
Repository: incubator-ranger
Updated Branches:
refs/heads/master ced7c3b7a -> bc634846b
RANGER-900 : Remove support for DB based auditing
Signed-off-by: Gautam Borad <ga...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/4d3ce6cc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/4d3ce6cc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/4d3ce6cc
Branch: refs/heads/master
Commit: 4d3ce6cc036f490921653f9b3385b16b17fda181
Parents: ced7c3b
Author: Pradeep Agrawal <pr...@freestoneinfotech.com>
Authored: Wed Apr 20 23:55:52 2016 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Tue May 31 11:34:00 2016 +0530
----------------------------------------------------------------------
agents-common/scripts/enable-agent.sh | 6 ++-
plugin-kms/scripts/enable-kms-plugin.sh | 6 ++-
security-admin/scripts/db_setup.py | 51 ++++++++++---------
security-admin/scripts/dba_script.py | 76 ++++++++++++++++++++--------
security-admin/scripts/setup.sh | 19 ++++---
5 files changed, 102 insertions(+), 56 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4d3ce6cc/agents-common/scripts/enable-agent.sh
----------------------------------------------------------------------
diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh
index 39c4633..1c94c40 100755
--- a/agents-common/scripts/enable-agent.sh
+++ b/agents-common/scripts/enable-agent.sh
@@ -395,7 +395,7 @@ then
# We need to do the AUDIT JDBC url
#
db_flavor=''
-#db_flavor=`echo $(getInstallProperty 'XAAUDIT.DB.FLAVOUR') | tr '[:lower:]' '[:upper:]'`
+db_flavor=`echo $(getInstallProperty 'XAAUDIT.DB.FLAVOUR') | tr '[:lower:]' '[:upper:]'`
if [ "${db_flavor}" != "" ]
then
audit_db_hostname=$(getInstallProperty 'XAAUDIT.DB.HOSTNAME')
@@ -583,7 +583,9 @@ then
auditdbCred=$(getInstallProperty 'XAAUDIT.DB.PASSWORD')
- #create_jceks "${auditCredAlias}" "${auditdbCred}" "${CredFile}"
+ if [ "${auditdbCred}" != "" ]; then
+ create_jceks "${auditCredAlias}" "${auditdbCred}" "${CredFile}"
+ fi
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4d3ce6cc/plugin-kms/scripts/enable-kms-plugin.sh
----------------------------------------------------------------------
diff --git a/plugin-kms/scripts/enable-kms-plugin.sh b/plugin-kms/scripts/enable-kms-plugin.sh
index 1661a61..375544a 100755
--- a/plugin-kms/scripts/enable-kms-plugin.sh
+++ b/plugin-kms/scripts/enable-kms-plugin.sh
@@ -361,7 +361,7 @@ then
# We need to do the AUDIT JDBC url
#
db_flavor=''
-#db_flavor=`echo $(getInstallProperty 'XAAUDIT.DB.FLAVOUR') | tr '[:lower:]' '[:upper:]'`
+db_flavor=`echo $(getInstallProperty 'XAAUDIT.DB.FLAVOUR') | tr '[:lower:]' '[:upper:]'`
if [ "${db_flavor}" != "" ]
then
audit_db_hostname=$(getInstallProperty 'XAAUDIT.DB.HOSTNAME')
@@ -528,7 +528,9 @@ then
auditdbCred=$(getInstallProperty 'XAAUDIT.DB.PASSWORD')
- #create_jceks "${auditCredAlias}" "${auditdbCred}" "${CredFile}"
+ if [ "${auditdbCred}" != "" ]; then
+ create_jceks "${auditCredAlias}" "${auditdbCred}" "${CredFile}"
+ fi
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4d3ce6cc/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index 595f810..0460efd 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -2106,9 +2106,21 @@ def main(argv):
xa_access_audit = 'xa_access_audit'
x_user = 'x_portal_user'
- #audit_db_name = globalDict['db_name']
- #audit_db_user = globalDict['db_user']
- #audit_db_password = globalDict['db_password']
+ audit_db_name=''
+ audit_db_user=''
+ audit_db_password=''
+ audit_store = None
+ if 'audit_store' in globalDict:
+ audit_store = globalDict['audit_store']
+ audit_store=audit_store.lower()
+
+ if audit_store =='db':
+ if 'audit_db_name' in globalDict:
+ audit_db_name = globalDict['audit_db_name']
+ if 'audit_db_user' in globalDict:
+ audit_db_user = globalDict['audit_db_user']
+ if 'audit_db_password' in globalDict:
+ audit_db_password = globalDict['audit_db_password']
if XA_DB_FLAVOR == "MYSQL":
MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
@@ -2171,8 +2183,8 @@ def main(argv):
audit_db_file = os.path.join(RANGER_ADMIN_HOME , oracle_audit_file)
elif AUDIT_DB_FLAVOR == "POSTGRES":
- #audit_db_user=audit_db_user.lower()
- #audit_db_name=audit_db_name.lower()
+ audit_db_user=audit_db_user.lower()
+ audit_db_name=audit_db_name.lower()
POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
audit_sqlObj = PostgresConf(audit_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME , postgres_audit_file)
@@ -2193,17 +2205,6 @@ def main(argv):
log("[I] --------- Verifying Ranger DB connection ---------","info")
xa_sqlObj.check_connection(db_name, db_user, db_password)
- if 'audit_store' in globalDict:
- audit_store = globalDict['audit_store']
- else:
- audit_store = None
-
- if audit_store is None or audit_store == "":
- audit_store = "solr"
- audit_store=audit_store.lower()
- if not audit_store =='solr':
- log("[E] Only 'Solr' audit store is supported from current version!","error")
- sys.exit(1)
if len(argv)==1:
log("[I] --------- Verifying Ranger DB tables ---------","info")
@@ -2212,10 +2213,10 @@ def main(argv):
else:
log("[I] --------- Importing Ranger Core DB Schema ---------","info")
xa_sqlObj.import_db_file(db_name, db_user, db_password, xa_db_core_file)
- #if XA_DB_FLAVOR == "ORACLE":
- #if xa_sqlObj.check_table(db_name, db_user, db_password, xa_access_audit):
- #if db_user != audit_db_user:
- #xa_sqlObj.create_synonym(db_name, db_user, db_password,audit_db_user)
+ if XA_DB_FLAVOR == "ORACLE":
+ if xa_sqlObj.check_table(db_name, db_user, db_password, xa_access_audit):
+ if audit_db_user != "" and db_user != audit_db_user:
+ xa_sqlObj.create_synonym(db_name, db_user, db_password,audit_db_user)
log("[I] --------- Verifying upgrade history table ---------","info")
output = xa_sqlObj.check_table(db_name, db_user, db_password, x_db_version)
if output == False:
@@ -2223,11 +2224,11 @@ def main(argv):
xa_sqlObj.upgrade_db(db_name, db_user, db_password, xa_db_version_file)
log("[I] --------- Applying Ranger DB patches ---------","info")
xa_sqlObj.apply_patches(db_name, db_user, db_password, xa_patch_file)
- #if audit_store == "db":
- #log("[I] --------- Starting Audit Operation ---------","info")
- #audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_file, xa_access_audit)
- #log("[I] --------- Applying Audit DB patches ---------","info")
- #audit_sqlObj.apply_auditdb_patches(xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_patch_file, xa_access_audit)
+ if audit_store == "db" and audit_db_password!='':
+ log("[I] --------- Starting Audit Operation ---------","info")
+ audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_file, xa_access_audit)
+ log("[I] --------- Applying Audit DB patches ---------","info")
+ audit_sqlObj.apply_auditdb_patches(xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_patch_file, xa_access_audit)
if len(argv)>1:
for i in range(len(argv)):
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4d3ce6cc/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index 5f3fd42..89df1ad 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -1540,6 +1540,51 @@ def main(argv):
log("Enter db user password:","info")
db_password = getpass.getpass("Enter db user password:")
+ audit_db_name=''
+ audit_db_user=''
+ audit_db_password=''
+ audit_store = None
+ if 'audit_store' in globalDict:
+ audit_store = globalDict['audit_store']
+ audit_store=audit_store.lower()
+
+ if audit_store =='db':
+ if (quiteMode):
+ if 'audit_db_name' in globalDict:
+ audit_db_name = globalDict['audit_db_name']
+ else:
+ if (dryMode):
+ audit_db_name='ranger_audit_db'
+ else:
+ audit_db_name=''
+ while audit_db_name == "":
+ log("Enter audit db name:","info")
+ audit_db_name = raw_input()
+
+ if (quiteMode):
+ if 'audit_db_user' in globalDict:
+ audit_db_user = globalDict['audit_db_user']
+ else:
+ if (dryMode):
+ audit_db_user='ranger_logger_user'
+ else:
+ audit_db_user=''
+ while audit_db_user == "":
+ log("Enter audit user name:","info")
+ audit_db_user = raw_input()
+
+ if (quiteMode):
+ if 'audit_db_password' in globalDict:
+ audit_db_password = globalDict['audit_db_password']
+ else:
+ if (dryMode):
+ audit_db_password='*****'
+ else:
+ audit_db_password=''
+ while audit_db_password == "":
+ log("Enter audit db user password:","info")
+ audit_db_password = getpass.getpass("Enter audit db user password:")
+
audit_db_root_user = xa_db_root_user
audit_db_root_password = xa_db_root_password
@@ -1633,8 +1678,8 @@ def main(argv):
audit_db_file = os.path.join(RANGER_ADMIN_HOME,oracle_audit_file)
elif AUDIT_DB_FLAVOR == "POSTGRES":
- #audit_db_user=audit_db_user.lower()
- #audit_db_name=audit_db_name.lower()
+ audit_db_user=audit_db_user.lower()
+ audit_db_name=audit_db_name.lower()
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = PostgresConf(audit_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,postgres_audit_file)
@@ -1652,18 +1697,6 @@ def main(argv):
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
- if 'audit_store' in globalDict:
- audit_store = globalDict['audit_store']
- else:
- audit_store = None
-
- if audit_store is None or audit_store == "":
- audit_store = "solr"
- audit_store=audit_store.lower()
- if not audit_store =='solr':
- log("[E] Only 'Solr' audit store is supported from current version!","error")
- sys.exit(1)
-
if not dryMode:
log("[I] ---------- Verifying DB root password ---------- ","info")
password_validation(xa_db_root_password,"DBA root");
@@ -1674,7 +1707,10 @@ def main(argv):
if (dryMode==True):
log("[I] Logging DBA Script in file:"+str(globalDict["dryModeOutputFile"]),"info")
logFile("===============================================\n")
- xa_sqlObj.writeDrymodeCmd(xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, db_user, db_password, db_name)
+ if audit_store=="db":
+ xa_sqlObj.writeDrymodeCmd(xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name)
+ else:
+ xa_sqlObj.writeDrymodeCmd(xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, db_user, db_password, db_name)
logFile("===============================================\n")
if (dryMode==False):
log("[I] ---------- Creating Ranger Admin db user ---------- ","info")
@@ -1685,10 +1721,10 @@ def main(argv):
if not XA_DB_FLAVOR == "SQLA":
xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
# Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same
- #if audit_store == "db":
- #log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info")
- #password_validation(audit_db_password,"audit");
- #log("[I] ---------- Verifying/Creating audit user --------- ","info")
- #audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
+ if audit_store == "db" and audit_db_password!="":
+ log("[I] ---------- Verifying Ranger Audit db user password ---------- ","info")
+ password_validation(audit_db_password,"audit");
+ log("[I] ---------- Verifying/Creating audit user --------- ","info")
+ audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
log("[I] ---------- Ranger Policy Manager DB and User Creation Process Completed.. ---------- ","info")
main(sys.argv)
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4d3ce6cc/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 9633363..c6defd8 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -217,15 +217,17 @@ init_variables(){
fi
log "[I] DB_FLAVOR=${DB_FLAVOR}"
audit_store=`echo $audit_store | tr '[:upper:]' '[:lower:]'`
+ log "[I] Audit source=${audit_store}"
if [ "${audit_store}" == "solr" ] ;then
- log "[I] Audit source=${DB_FLAVOR}"
if [ "${audit_solr_urls}" == "" ] ;then
log "[I] Please provide valid URL for 'solr' audit store!"
exit 1
fi
- else
- log "[I] Only 'solr' audit store is supported from current version, found : $audit_store"
- exit 1
+ fi
+ if [ "${audit_store}" == "db" ] ;then
+ audit_db_name=$(get_prop 'audit_db_name' $PROPFILE)
+ audit_db_user=$(get_prop 'audit_db_user' $PROPFILE)
+ audit_db_password=$(get_prop 'audit_db_password' $PROPFILE)
fi
}
@@ -598,9 +600,12 @@ update_properties() {
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
fi
- propertyName=ranger.audit.source.type
- newPropertyValue=${audit_store}
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ if [ "${audit_store}" != "" ]
+ then
+ propertyName=ranger.audit.source.type
+ newPropertyValue=${audit_store}
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ fi
propertyName=ranger.externalurl
newPropertyValue="${policymgr_external_url}"
[3/3] incubator-ranger git commit: RANGER-998: Trim Policy name
before storing it in Ranger DB.
Posted by ga...@apache.org.
RANGER-998: Trim Policy name before storing it in Ranger DB.
Signed-off-by: Gautam Borad <ga...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/bc634846
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/bc634846
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/bc634846
Branch: refs/heads/master
Commit: bc634846b5e9c177b38ba862e25a559c27adb070
Parents: 69f546a
Author: pradeep agrawal <pr...@freestoneinfotech.com>
Authored: Tue May 31 09:05:24 2016 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Tue May 31 11:34:09 2016 +0530
----------------------------------------------------------------------
.../ranger/biz/RangerPolicyRetriever.java | 3 +-
.../org/apache/ranger/biz/ServiceDBStore.java | 4 +-
.../org/apache/ranger/common/ServiceUtil.java | 6 +-
.../patch/PatchTagModulePermission_J10005.java | 128 +++++++++++++++++++
.../patch/PatchTagModulePersmission_J10005.java | 103 ---------------
.../org/apache/ranger/rest/PublicAPIsv2.java | 2 +-
.../org/apache/ranger/rest/ServiceREST.java | 2 +-
.../ranger/service/RangerPolicyServiceBase.java | 4 +-
.../apache/ranger/service/XPolicyService.java | 4 +-
9 files changed, 141 insertions(+), 115 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc634846/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
index 6b4b149..3ba33d4 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
@@ -26,6 +26,7 @@ import java.util.ListIterator;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.authorization.utils.StringUtil;
@@ -489,7 +490,7 @@ public class RangerPolicyRetriever {
ret.setUpdateTime(xPolicy.getUpdateTime());
ret.setVersion(xPolicy.getVersion());
ret.setService(service == null ? null : service.getName());
- ret.setName(xPolicy.getName());
+ ret.setName(StringUtils.trim(xPolicy.getName()));
ret.setPolicyType(xPolicy.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS : xPolicy.getPolicyType());
ret.setDescription(xPolicy.getDescription());
ret.setResourceSignature(xPolicy.getResourceSignature());
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc634846/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index c488d4a..d2178f4 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -2347,7 +2347,7 @@ public class ServiceDBStore extends AbstractServiceStore {
policy.setIsEnabled(true);
policy.setVersion(1L);
- policy.setName(policyName);
+ policy.setName(StringUtils.trim(policyName));
policy.setService(createdService.getName());
policy.setDescription("Policy for data with " + tagType + " tag");
policy.setIsAuditEnabled(true);
@@ -2427,7 +2427,7 @@ public class ServiceDBStore extends AbstractServiceStore {
policy.setIsEnabled(true);
policy.setVersion(1L);
- policy.setName(policyName);
+ policy.setName(StringUtils.trim(policyName));
policy.setService(createdService.getName());
policy.setDescription("Policy for " + policyName);
policy.setIsAuditEnabled(true);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc634846/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
index 4343c45..0feb5db 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
@@ -226,7 +226,7 @@ public class ServiceUtil {
ret.setService(resource.getAssetName());
}
- ret.setName(resource.getPolicyName());
+ ret.setName(StringUtils.trim(resource.getPolicyName()));
ret.setDescription(resource.getDescription());
ret.setIsEnabled(resource.getResourceStatus() == RangerCommonEnums.STATUS_ENABLED);
ret.setIsAuditEnabled(resource.getAuditList() != null && resource.getAuditList().size() > 0);
@@ -797,7 +797,7 @@ public class ServiceUtil {
rangerObjectToDataObject(policy, ret);
- ret.setPolicyName(policy.getName());
+ ret.setPolicyName(StringUtils.trim(policy.getName()));
ret.setDescription(policy.getDescription());
ret.setRepositoryName(policy.getService());
ret.setIsEnabled(policy.getIsEnabled() ? true : false);
@@ -1004,7 +1004,7 @@ public class ServiceUtil {
ret = (RangerPolicy) dataObjectToRangerObject(vXPolicy, ret);
ret.setService(service.getName());
- ret.setName(vXPolicy.getPolicyName());
+ ret.setName(StringUtils.trim(vXPolicy.getPolicyName()));
ret.setDescription(vXPolicy.getDescription());
ret.setIsEnabled(vXPolicy.getIsEnabled() == true);
ret.setIsAuditEnabled(vXPolicy.getIsAuditEnabled());
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc634846/security-admin/src/main/java/org/apache/ranger/patch/PatchTagModulePermission_J10005.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchTagModulePermission_J10005.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchTagModulePermission_J10005.java
new file mode 100644
index 0000000..a274f97
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchTagModulePermission_J10005.java
@@ -0,0 +1,128 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.List;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXModuleDef;
+import org.apache.ranger.entity.XXPolicy;
+import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.service.XPortalUserService;
+import org.apache.ranger.biz.XUserMgr;
+import org.apache.ranger.common.RangerConstants;
+import org.apache.ranger.util.CLIUtil;
+import org.apache.ranger.view.VXPortalUser;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PatchTagModulePermission_J10005 extends BaseLoader {
+ private static Logger logger = Logger
+ .getLogger(PatchTagModulePermission_J10005.class);
+
+ @Autowired
+ XUserMgr xUserMgr;
+
+ @Autowired
+ XPortalUserService xPortalUserService;
+
+ @Autowired
+ RangerDaoManager daoManager;
+
+ public static void main(String[] args) {
+ logger.info("main()");
+ try {
+ PatchTagModulePermission_J10005 loader = (PatchTagModulePermission_J10005) CLIUtil
+ .getBean(PatchTagModulePermission_J10005.class);
+
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting!!!");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==> PermissionPatch.execLoad()");
+ assignPermissionOnTagModuleToAdminUsers();
+ trimPolicyName();
+ logger.info("<== PermissionPatch.execLoad()");
+ }
+
+ public void assignPermissionOnTagModuleToAdminUsers() {
+ int countUserPermissionUpdated = 0;
+ XXModuleDef xModDef = daoManager.getXXModuleDef().findByModuleName(RangerConstants.MODULE_TAG_BASED_POLICIES);
+ if(xModDef==null){
+ return;
+ }
+ List<XXPortalUser> allAdminUsers = daoManager.getXXPortalUser().findByRole(RangerConstants.ROLE_SYS_ADMIN);
+ if(!CollectionUtils.isEmpty(allAdminUsers)){
+ for (XXPortalUser xPortalUser : allAdminUsers) {
+ VXPortalUser vPortalUser = xPortalUserService.populateViewBean(xPortalUser);
+ if(vPortalUser!=null){
+ vPortalUser.setUserRoleList(daoManager.getXXPortalUserRole().findXPortalUserRolebyXPortalUserId(vPortalUser.getId()));
+ xUserMgr.createOrUpdateUserPermisson(vPortalUser,xModDef.getId(), false);
+ countUserPermissionUpdated += 1;
+ logger.info("Added '" + xModDef.getModule() + "' permission to user '" + xPortalUser.getLoginId() + "'");
+ }
+ }
+ }
+ logger.info(countUserPermissionUpdated + " permissions were assigned");
+ }
+
+ @Override
+ public void printStats() {
+ }
+
+ private void trimPolicyName(){
+ List<XXPolicy> policies=daoManager.getXXPolicy().getAll();
+ if(!CollectionUtils.isEmpty(policies)){
+ String policyName=null;
+ for(XXPolicy xXPolicy:policies){
+ try{
+ if(xXPolicy!=null){
+ policyName=xXPolicy.getName();
+ if(!StringUtils.isEmpty(policyName)){
+ if(policyName.startsWith(" ") || policyName.endsWith(" ")){
+ xXPolicy.setName(StringUtils.trim(policyName));
+ daoManager.getXXPolicy().update(xXPolicy);
+ }
+ }
+ }
+ }catch(Exception ex){
+ logger.info("Error during policy update:"+xXPolicy.toString());
+ logger.error(ex);
+ }
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc634846/security-admin/src/main/java/org/apache/ranger/patch/PatchTagModulePersmission_J10005.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchTagModulePersmission_J10005.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchTagModulePersmission_J10005.java
deleted file mode 100644
index bda4b30..0000000
--- a/security-admin/src/main/java/org/apache/ranger/patch/PatchTagModulePersmission_J10005.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ranger.patch;
-
-import java.util.List;
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.log4j.Logger;
-import org.apache.ranger.db.RangerDaoManager;
-import org.apache.ranger.entity.XXModuleDef;
-import org.apache.ranger.entity.XXPortalUser;
-import org.apache.ranger.service.XPortalUserService;
-import org.apache.ranger.biz.XUserMgr;
-import org.apache.ranger.common.RangerConstants;
-import org.apache.ranger.util.CLIUtil;
-import org.apache.ranger.view.VXPortalUser;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-@Component
-public class PatchTagModulePersmission_J10005 extends BaseLoader {
- private static Logger logger = Logger
- .getLogger(PatchTagModulePersmission_J10005.class);
-
- @Autowired
- XUserMgr xUserMgr;
-
- @Autowired
- XPortalUserService xPortalUserService;
-
- @Autowired
- RangerDaoManager daoManager;
-
- public static void main(String[] args) {
- logger.info("main()");
- try {
- PatchTagModulePersmission_J10005 loader = (PatchTagModulePersmission_J10005) CLIUtil
- .getBean(PatchTagModulePersmission_J10005.class);
-
- loader.init();
- while (loader.isMoreToProcess()) {
- loader.load();
- }
- logger.info("Load complete. Exiting!!!");
- System.exit(0);
- } catch (Exception e) {
- logger.error("Error loading", e);
- System.exit(1);
- }
- }
-
- @Override
- public void init() throws Exception {
- // Do Nothing
- }
-
- @Override
- public void execLoad() {
- logger.info("==> PermissionPatch.execLoad()");
- assignPermissionOnTagModuleToAdminUsers();
- logger.info("<== PermissionPatch.execLoad()");
- }
-
- public void assignPermissionOnTagModuleToAdminUsers() {
- int countUserPermissionUpdated = 0;
- XXModuleDef xModDef = daoManager.getXXModuleDef().findByModuleName(RangerConstants.MODULE_TAG_BASED_POLICIES);
- if(xModDef==null){
- return;
- }
- List<XXPortalUser> allAdminUsers = daoManager.getXXPortalUser().findByRole(RangerConstants.ROLE_SYS_ADMIN);
- if(!CollectionUtils.isEmpty(allAdminUsers)){
- for (XXPortalUser xPortalUser : allAdminUsers) {
- VXPortalUser vPortalUser = xPortalUserService.populateViewBean(xPortalUser);
- if(vPortalUser!=null){
- vPortalUser.setUserRoleList(daoManager.getXXPortalUserRole().findXPortalUserRolebyXPortalUserId(vPortalUser.getId()));
- xUserMgr.createOrUpdateUserPermisson(vPortalUser,xModDef.getId(), false);
- countUserPermissionUpdated += 1;
- logger.info("Added '" + xModDef.getModule() + "' permission to user '" + xPortalUser.getLoginId() + "'");
- }
- }
- }
- logger.info(countUserPermissionUpdated + " permissions were assigned");
- }
-
- @Override
- public void printStats() {
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc634846/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
index 4432bac..6ecb356 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
@@ -362,7 +362,7 @@ public class PublicAPIsv2 {
policy.setGuid(oldPolicy.getGuid());
}
if(StringUtils.isEmpty(policy.getName())) {
- policy.setName(oldPolicy.getName());
+ policy.setName(StringUtils.trim(oldPolicy.getName()));
}
return serviceREST.updatePolicy(policy);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc634846/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 886e78f..1028c8d 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -1207,7 +1207,7 @@ public class ServiceREST {
}
if(StringUtils.isNotEmpty(policyName)) {
- policy.setName(policyName);
+ policy.setName(StringUtils.trim(policyName));
}
if(Boolean.valueOf(updateIfExists)) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc634846/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
index 630be4f..bde18bd 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
@@ -95,7 +95,7 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends
+ "Service Not Found : " + vObj.getName(), MessageEnums.INVALID_INPUT_DATA);
}
xObj.setService(xService.getId());
- xObj.setName(vObj.getName());
+ xObj.setName(StringUtils.trim(vObj.getName()));
xObj.setPolicyType(vObj.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS : vObj.getPolicyType());
xObj.setDescription(vObj.getDescription());
xObj.setResourceSignature(vObj.getResourceSignature());
@@ -112,7 +112,7 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends
vObj.setGuid(xObj.getGuid());
vObj.setVersion(xObj.getVersion());
vObj.setService(xService.getName());
- vObj.setName(xObj.getName());
+ vObj.setName(StringUtils.trim(xObj.getName()));
vObj.setPolicyType(xObj.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS : xObj.getPolicyType());
vObj.setDescription(xObj.getDescription());
vObj.setResourceSignature(xObj.getResourceSignature());
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc634846/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java
index 5e8ed56..16e3fdf 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XPolicyService.java
@@ -91,7 +91,7 @@ public class XPolicyService extends PublicAPIServiceBase<VXResource, VXPolicy> {
VXPolicy vXPolicy = new VXPolicy();
vXPolicy = super.mapBaseAttributesToPublicObject(vXResource, vXPolicy);
- vXPolicy.setPolicyName(vXResource.getPolicyName());
+ vXPolicy.setPolicyName(StringUtils.trim(vXResource.getPolicyName()));
vXPolicy.setResourceName(vXResource.getName());
vXPolicy.setDescription(vXResource.getDescription());
vXPolicy.setRepositoryName(vXResource.getAssetName());
@@ -153,7 +153,7 @@ public class XPolicyService extends PublicAPIServiceBase<VXResource, VXPolicy> {
vXResource = super.mapBaseAttributesToXAObject(vXPolicy, vXResource);
vXResource.setName(vXPolicy.getResourceName());
- vXResource.setPolicyName(vXPolicy.getPolicyName());
+ vXResource.setPolicyName(StringUtils.trim(vXPolicy.getPolicyName()));
vXResource.setDescription(vXPolicy.getDescription());
vXResource.setResourceType(getResourceType(vXPolicy));
[2/3] incubator-ranger git commit: RANGER-999: Delete Module REST API
is failing as it is not removing assigned users and groups
Posted by ga...@apache.org.
RANGER-999: Delete Module REST API is failing as it is not removing assigned users and groups
Signed-off-by: Gautam Borad <ga...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/69f546a6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/69f546a6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/69f546a6
Branch: refs/heads/master
Commit: 69f546a6d15ed08062512e8efdd20410ed3720ea
Parents: 4d3ce6c
Author: pradeep agrawal <pr...@freestoneinfotech.com>
Authored: Mon May 30 11:15:13 2016 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Tue May 31 11:34:05 2016 +0530
----------------------------------------------------------------------
.../main/java/org/apache/ranger/biz/XUserMgr.java | 2 ++
.../org/apache/ranger/db/XXGroupPermissionDao.java | 14 ++++++++++++++
.../org/apache/ranger/db/XXUserPermissionDao.java | 15 +++++++++++++++
.../main/resources/META-INF/jpa_named_queries.xml | 10 +++++++++-
.../java/org/apache/ranger/biz/TestXUserMgr.java | 12 +++++++-----
5 files changed, 47 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/69f546a6/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 96f2ee3..5760e9d 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -895,6 +895,8 @@ public class XUserMgr extends XUserMgrBase {
}
public void deleteXModuleDefPermission(Long id, boolean force) {
+ daoManager.getXXUserPermission().deleteByModuleId(id);
+ daoManager.getXXGroupPermission().deleteByModuleId(id);
xModuleDefService.deleteResource(id);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/69f546a6/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java
index f6444f8..fed83a1 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java
@@ -113,5 +113,19 @@ public class XXGroupPermissionDao extends BaseDao<XXGroupPermission> {
}
return null;
}
+ public void deleteByModuleId(Long moduleId) {
+ if (moduleId != null) {
+ try {
+ getEntityManager()
+ .createNamedQuery("XXGroupPermission.deleteByModuleId", XXGroupPermission.class)
+ .setParameter("moduleId", moduleId)
+ .executeUpdate();
+ } catch (Exception e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ModuleId not provided.");
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/69f546a6/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
index 2db6fd6..4e18e47 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
@@ -114,4 +114,19 @@ public class XXUserPermissionDao extends BaseDao<XXUserPermission>{
}
return null;
}
+
+ public void deleteByModuleId(Long moduleId) {
+ if (moduleId != null) {
+ try {
+ getEntityManager()
+ .createNamedQuery("XXUserPermission.deleteByModuleId", XXUserPermission.class)
+ .setParameter("moduleId", moduleId)
+ .executeUpdate();
+ } catch (Exception e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ModuleId not provided.");
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/69f546a6/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index 76d3f21..4fcf0ea 100644
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -670,7 +670,11 @@
</query>
</named-query>
- <!-- XXUserPermission -->
+ <named-query name="XXUserPermission.deleteByModuleId">
+ <query>DELETE FROM XXUserPermission obj WHERE obj.moduleId=:moduleId</query>
+ </named-query>
+
+ <!-- XXGroupPermission -->
<named-query name="XXGroupPermission.findByGroupId">
<query>SELECT obj FROM XXGroupPermission obj
WHERE obj.groupId=:groupId
@@ -706,6 +710,10 @@
<query>SELECT obj FROM XXGroupPermission obj WHERE obj.moduleId = :moduleId AND obj.groupId =:groupId
</query>
</named-query>
+
+ <named-query name="XXGroupPermission.deleteByModuleId">
+ <query>DELETE FROM XXGroupPermission obj WHERE obj.moduleId=:moduleId</query>
+ </named-query>
<named-query name="XXPortalUser.findByUserName">
<query>SELECT Obj FROM XXPortalUser obj
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/69f546a6/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index 37dddee..3323f11 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -52,7 +52,6 @@ import org.apache.ranger.entity.XXModuleDef;
import org.apache.ranger.entity.XXPolicy;
import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.entity.XXPortalUserRole;
-import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.entity.XXUser;
import org.apache.ranger.entity.XXUserPermission;
import org.apache.ranger.plugin.model.RangerPolicy;
@@ -72,7 +71,6 @@ import org.apache.ranger.service.XPermMapService;
import org.apache.ranger.service.XPortalUserService;
import org.apache.ranger.service.XUserPermissionService;
import org.apache.ranger.service.XUserService;
-import org.apache.ranger.view.VXAuditMap;
import org.apache.ranger.view.VXAuditMapList;
import org.apache.ranger.view.VXGroup;
import org.apache.ranger.view.VXGroupList;
@@ -80,7 +78,6 @@ import org.apache.ranger.view.VXGroupPermission;
import org.apache.ranger.view.VXGroupUser;
import org.apache.ranger.view.VXGroupUserList;
import org.apache.ranger.view.VXModuleDef;
-import org.apache.ranger.view.VXPermMap;
import org.apache.ranger.view.VXPermMapList;
import org.apache.ranger.view.VXPortalUser;
import org.apache.ranger.view.VXStringList;
@@ -93,7 +90,6 @@ import org.junit.Assert;
import org.junit.FixMethodOrder;
import org.junit.Rule;
import org.junit.Test;
-import org.junit.Ignore;
import org.junit.rules.ExpectedException;
import org.junit.runner.RunWith;
import org.junit.runners.MethodSorters;
@@ -1036,7 +1032,13 @@ public class TestXUserMgr {
@Test
public void test34deleteXModuleDefPermission() {
-
+ Long moduleId=Long.valueOf(1);
+ XXUserPermissionDao xUserPermissionDao = Mockito.mock(XXUserPermissionDao.class);
+ XXGroupPermissionDao xGroupPermissionDao = Mockito.mock(XXGroupPermissionDao.class);
+ Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao);
+ Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao);
+ Mockito.doNothing().when(xUserPermissionDao).deleteByModuleId(moduleId);
+ Mockito.doNothing().when(xGroupPermissionDao).deleteByModuleId(moduleId);
Mockito.when(xModuleDefService.deleteResource(1L)).thenReturn(true);
xUserMgr.deleteXModuleDefPermission(1L, true);
Mockito.verify(xModuleDefService).deleteResource(1L);