You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2021/04/15 07:57:46 UTC
[ranger] 01/02: RANGER-3214 : Configure default audit filters when
ranger repo is created
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit ff0682b35dd6008627c87695b19d607e57548f62
Author: Dineshkumar Yadav <di...@outlook.com>
AuthorDate: Wed Apr 14 13:49:16 2021 +0530
RANGER-3214 : Configure default audit filters when ranger repo is created
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../service-defs/ranger-servicedef-atlas.json | 13 ++
.../service-defs/ranger-servicedef-hbase.json | 13 ++
.../service-defs/ranger-servicedef-hdfs.json | 13 ++
.../service-defs/ranger-servicedef-hive.json | 13 ++
.../service-defs/ranger-servicedef-kafka.json | 13 ++
.../service-defs/ranger-servicedef-knox.json | 13 ++
.../service-defs/ranger-servicedef-ozone.json | 13 ++
.../service-defs/ranger-servicedef-solr.json | 13 ++
.../optimized/current/ranger_core_db_mysql.sql | 2 +
.../optimized/current/ranger_core_db_oracle.sql | 2 +
.../optimized/current/ranger_core_db_postgres.sql | 2 +
.../current/ranger_core_db_sqlanywhere.sql | 4 +
.../optimized/current/ranger_core_db_sqlserver.sql | 2 +
.../java/org/apache/ranger/biz/ServiceDBStore.java | 7 +
...viceDefUpdateForDefaultAuditFilters_J10049.java | 186 +++++++++++++++++++++
.../patch/PatchForDefaultAuidtFilters_J10050.java | 159 ++++++++++++++++++
.../views/service/RangerServiceViewDetail.js | 9 +-
.../webapp/scripts/views/service/ServiceForm.js | 9 +
18 files changed, 482 insertions(+), 4 deletions(-)
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
index 4ce7ec9..d8331db 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
@@ -441,6 +441,19 @@
"type": "string",
"mandatory": false,
"label": "Common Name for Certificate"
+ },
+
+ {
+ "itemId": 5,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['atlas'] ,'isAudited':false} ]"
}
],
"options": {
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
index 594e175..791b5bc 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
@@ -208,6 +208,19 @@
"validationMessage": "",
"uiHint":"",
"label": "Common Name for Certificate"
+ },
+
+ {
+ "itemId": 10,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'table':{'values':['*-ROOT-*','*.META.*', '*_acl_*', 'hbase:meta', 'hbase:acl']}}, 'users':['hbase'], 'isAudited': false }, {'resources':{'table':{'values':['atlas_janus','ATLAS_ENTITY_AUDIT_EVENTS']},'column-family':{'values':['*']},'column':{'values':['*']}},'users':['atlas'],'isAudited':false},{'users':['hbase'], 'actions':['balance'],'isAudited':false}]"
}
],
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
index fbb16d7..b04b906 100755
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
@@ -180,6 +180,19 @@
"validationMessage": "",
"uiHint":"",
"label": "Common Name for Certificate"
+ },
+
+ {
+ "itemId": 12,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true}, {'actions':['delete','rename'],'isAudited':true}, {'users':['hdfs'], 'actions': ['listStatus', 'getfileinfo', 'listCachePools','listCacheDirectives'], 'isAudited': false}, {'actions': ['getfileinfo'], 'isAudited':false} ]"
}
],
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
index 42df0a8..ab8ca5c 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
@@ -302,6 +302,19 @@
"validationMessage": "",
"uiHint":"",
"label": "Common Name for Certificate"
+ },
+
+ {
+ "itemId": 6,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'actions':['METADATA OPERATION'], 'isAudited': false}, {'users':['hive','hue'],'actions':['SHOW_ROLES'],'isAudited':false} ]"
}
],
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
index 6ea52f7..1deb969 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
@@ -211,6 +211,19 @@
"type":"string",
"mandatory":false,
"label":"Ranger Plugin SSL CName"
+ },
+
+ {
+ "itemId": 5,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'topic':{'values':['ATLAS_ENTITIES']}},'users':['atlas'],'actions':['publish'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_HOOK']}},'users':['atlas'],'actions':['consume'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_HOOK']}},'users':['hive','hbase','impala','nifi'],'actions':['publish'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_ENTITIES']}},'users':['rangertagsy [...]
}
],
"enums":[
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
index aa0f672..410b9ef 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
@@ -100,6 +100,19 @@
"validationMessage": "",
"uiHint":"",
"label": "Common Name for Certificate"
+ },
+
+ {
+ "itemId":5,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['knox'] ,'isAudited':false} ]"
}
],
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
index b9a0275..a009ab2 100755
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
@@ -199,6 +199,19 @@
"validationRegEx":"",
"validationMessage": "",
"uiHint":""
+ },
+
+ {
+ "itemId": 7,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['om'] ,'isAudited':false} ]"
}
],
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
index ec2ebcf..dfaa2f7 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
@@ -95,6 +95,19 @@
"validationMessage":"",
"uiHint":"",
"label":"Ranger Plugin SSL CName"
+ },
+
+ {
+ "itemId":600,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['hive','hdfs','kafka','hbase','solr','rangerraz','knox','atlas'] ,'isAudited':false} ]"
}
],
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 7179dc9..9d0cd9d 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1834,4 +1834,6 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10044',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10045',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10046',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 40917cd..1904c68 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -2048,5 +2048,7 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10044',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10045',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10046',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10049',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10050',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
commit;
diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index ba9eb01..51ef67b 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1972,6 +1972,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10044',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10045',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10046',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
DROP VIEW IF EXISTS vx_trx_log;
diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 371846f..97ddb5d 100644
--- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -2393,6 +2393,10 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10046',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
exit
diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 90004ec..d150150 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -4169,6 +4169,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10044',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10045',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10046',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
CREATE VIEW [dbo].[vx_trx_log] AS
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index a7871ed..4fb71f0 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -246,6 +246,7 @@ public class ServiceDBStore extends AbstractServiceStore {
public static Integer TAG_RETENTION_PERIOD_IN_DAYS = 3;
private static final String RANGER_PLUGIN_CONFIG_PREFIX = "ranger.plugin.";
+ public static final String RANGER_PLUGIN_AUDIT_FILTERS = "ranger.plugin.audit.filters";
static {
try {
@@ -3451,6 +3452,12 @@ public class ServiceDBStore extends AbstractServiceStore {
"Please provide value of mandatory: "+ svcConfDef.getName(),
MessageEnums.INVALID_INPUT_DATA);
}
+
+ if (StringUtils.equals(svcConfDef.getName(), RANGER_PLUGIN_AUDIT_FILTERS) && !configs.containsKey(RANGER_PLUGIN_AUDIT_FILTERS)) {
+ if (svcConfDef.getDefaultvalue() != null) {
+ configs.put(RANGER_PLUGIN_AUDIT_FILTERS, svcConfDef.getDefaultvalue());
+ }
+ }
}
Map<String, String> validConfigs = new HashMap<String, String>();
for(Entry<String, String> config : configs.entrySet()) {
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.java
new file mode 100644
index 0000000..d8abc0a
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.java
@@ -0,0 +1,186 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.List;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXServiceConfigDefDao;
+import org.apache.ranger.entity.XXServiceConfigDef;
+import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.service.RangerServiceDefService;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049 extends BaseLoader {
+ private static final Logger logger = Logger
+ .getLogger(PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.class);
+
+ @Autowired
+ RangerDaoManager daoMgr;
+
+ @Autowired
+ ServiceDBStore svcDBStore;
+
+ @Autowired
+ RangerServiceDefService serviceDefService;
+
+ @Autowired
+ StringUtil stringUtil;
+
+ public static void main(String[] args) {
+ try {
+ PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049 loader = (PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049) CLIUtil
+ .getBean(PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.class);
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting!!!");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==> PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.execLoad()");
+ try {
+ updateAllServiceDef();
+ } catch (Exception e) {
+ logger.error("Error in PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.execLoad()", e);
+ }
+ logger.info("<== PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.execLoad()");
+ }
+
+ @Override
+ public void printStats() {
+ logger.info("adding default audit-filters to all service-defs");
+ }
+
+ private void updateAllServiceDef() throws Exception {
+ if(logger.isDebugEnabled()) {
+ logger.debug("==> PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.updateAllServiceDef()");
+ }
+ List<XXServiceDef> allXXServiceDefs;
+ allXXServiceDefs = daoMgr.getXXServiceDef().getAll();
+
+ if (CollectionUtils.isNotEmpty(allXXServiceDefs)) {
+ logger.info("Found " + allXXServiceDefs.size() + " services-defs");
+ for (XXServiceDef xxServiceDef : allXXServiceDefs) {
+
+ String serviceDefName = xxServiceDef.getName();
+
+ try {
+ RangerServiceConfigDef defualtAuditFiltersSvcConfDef = getDefaultAuditFiltersByServiceDef(serviceDefName);
+
+ if (defualtAuditFiltersSvcConfDef == null) {
+ logger.info("No default audit-filter available for service-def " + serviceDefName + ". Skipped");
+ continue;
+ }
+
+ RangerServiceDef serviceDef = svcDBStore.getServiceDefByName(serviceDefName);
+
+ if (serviceDef != null) {
+ List<RangerServiceConfigDef> svcConfDefList = serviceDef.getConfigs();
+ boolean defaultAuditFiltresFound = false;
+ for (RangerServiceConfigDef svcConfDef : svcConfDefList) {
+ if (StringUtils.equals(svcConfDef.getName(), ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) {
+ defaultAuditFiltresFound = true;
+ break;
+ }
+ }
+ if (!defaultAuditFiltresFound) {
+ logger.info("adding default audit-filter for service-def:[" + serviceDefName + "]");
+ int sortOrder = serviceDef.getConfigs().size() - 1;
+ addDefaultAuditFilterConfig(defualtAuditFiltersSvcConfDef, xxServiceDef, sortOrder);
+ logger.info("Completed adding default audit-filter for service-def:[" + serviceDefName + "]");
+ }else {
+ logger.info("default audit-filter already available for service-def " + serviceDefName + ". Skipped");
+ }
+
+ }else {
+ logger.info("No service-def:[" + serviceDefName + "] found");
+ }
+
+ } catch (Exception e) {
+ logger.error("Error while adding default audit-filter service-def:[" + serviceDefName + "]", e);
+ }
+ }
+ }else {
+ logger.info("No service-def found");
+ }
+ if(logger.isDebugEnabled()) {
+ logger.debug("<== PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.updateAllServiceDef()");
+ }
+ }
+
+ private RangerServiceConfigDef getDefaultAuditFiltersByServiceDef(String serviceDefName) throws Exception {
+ if(logger.isDebugEnabled()) {
+ logger.debug("==> PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.getDefaultAuditFiltersByServiceDef() for serviceDefName:["+serviceDefName+ "]");
+ }
+ RangerServiceConfigDef ret = null;
+ RangerServiceDef embeddedAtlasServiceDef = null;
+ embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(serviceDefName);
+
+ List<RangerServiceConfigDef> svcConfDefList = embeddedAtlasServiceDef.getConfigs();
+ for (RangerServiceConfigDef svcConfDef : svcConfDefList) {
+ if (StringUtils.equals(svcConfDef.getName(), ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) {
+ ret = svcConfDef;
+ break;
+ }
+ }
+
+ if(logger.isDebugEnabled()) {
+ logger.debug("<== PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.getDefaultAuditFiltersByServiceDef() for serviceDefName:["+serviceDefName+"] ret : "+ret);
+ }
+ return ret;
+ }
+
+ private void addDefaultAuditFilterConfig(RangerServiceConfigDef config, XXServiceDef createdSvcDef, int sortOrder) {
+ if(logger.isDebugEnabled()) {
+ logger.debug("==> PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.addDefaultAuditFilterConfig() for config:["+config+"] sortOrder: "+sortOrder );
+ }
+ XXServiceConfigDefDao xxServiceConfigDao = daoMgr.getXXServiceConfigDef();
+ XXServiceConfigDef xConfig = new XXServiceConfigDef();
+ xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef,
+ RangerServiceDefService.OPERATION_CREATE_CONTEXT);
+ xConfig.setOrder(sortOrder);
+ xConfig = xxServiceConfigDao.create(xConfig);
+ if(logger.isDebugEnabled()) {
+ logger.debug("<== PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.addDefaultAuditFilterConfig() for config:["+config+"] sortOrder: "+sortOrder);
+ }
+ }
+}
\ No newline at end of file
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForDefaultAuidtFilters_J10050.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForDefaultAuidtFilters_J10050.java
new file mode 100644
index 0000000..542f395
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForDefaultAuidtFilters_J10050.java
@@ -0,0 +1,159 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXServiceConfigMapDao;
+import org.apache.ranger.entity.XXService;
+import org.apache.ranger.entity.XXServiceConfigDef;
+import org.apache.ranger.entity.XXServiceConfigMap;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.service.RangerAuditFields;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PatchForDefaultAuidtFilters_J10050 extends BaseLoader {
+
+ private static final Logger logger = Logger.getLogger(PatchForDefaultAuidtFilters_J10050.class);
+
+ @Autowired
+ RangerDaoManager daoMgr;
+
+ @Autowired
+ ServiceDBStore svcStore;
+
+ @Autowired
+ RangerAuditFields<?> rangerAuditFields;
+
+ public static void main(String[] args) {
+
+ logger.info("main()");
+ try {
+ PatchForDefaultAuidtFilters_J10050 loader = (PatchForDefaultAuidtFilters_J10050) CLIUtil
+ .getBean(PatchForDefaultAuidtFilters_J10050.class);
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting!!!");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ @Override
+ public void printStats() {
+ logger.info("adding default audit-filters to all services");
+
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==> PatchForDefaultAuidtFilters.execLoad()");
+
+ try {
+ addDefaultAuditFilters();
+ } catch (Exception e) {
+ logger.error("Error while PatchForDefaultAuidtFilters", e);
+ System.exit(1);
+ }
+ logger.info("<== PatchForDefaultAuidtFilters.execLoad()");
+ }
+
+ private void addDefaultAuditFilters() throws Exception {
+ logger.debug("==> PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilters()");
+
+ Map<String, String> defaultAuditFiltersMap = null;
+
+ List<XXService> xxServiceList = daoMgr.getXXService().getAll();
+
+ if (CollectionUtils.isNotEmpty(xxServiceList)) {
+ logger.info("Found " + xxServiceList.size() + " services");
+ defaultAuditFiltersMap = new HashMap<String, String>();
+
+ for (XXService xservice : xxServiceList) {
+ RangerService rangerService = svcStore.getServiceByName(xservice.getName());
+ if (rangerService != null && !rangerService.getConfigs().containsKey(ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) {
+
+ if (!defaultAuditFiltersMap.containsKey(rangerService.getType())) {
+ List<XXServiceConfigDef> svcConfDefList = daoMgr.getXXServiceConfigDef()
+ .findByServiceDefName(rangerService.getType());
+ for(XXServiceConfigDef svcConfDef : svcConfDefList) {
+ if(StringUtils.equals(svcConfDef.getName(),ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) {
+ defaultAuditFiltersMap.put(rangerService.getType(), svcConfDef.getDefaultvalue());
+ continue;
+ }
+ }
+ }
+
+ if (defaultAuditFiltersMap.get(rangerService.getType()) != null) {
+ Map<String, String> configs = rangerService.getConfigs();
+ if (!configs.containsKey(ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) {
+ logger.info("adding default audit-filter to service " + rangerService.getName());
+ addDefaultAuditFilterConfig(xservice, defaultAuditFiltersMap.get(rangerService.getType()));
+ }
+ }else {
+ logger.info("No default audit-filter available for service " + rangerService.getName() + ". Skipped");
+ }
+ }
+ }
+ }
+
+ logger.info("<== PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilters()");
+ }
+
+ private void addDefaultAuditFilterConfig(XXService xservice, String defaultValue) {
+ if (logger.isDebugEnabled()) {
+ logger.debug("==> PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilterConfig() for service (id="
+ + xservice.getId() + ")");
+ }
+ try {
+ XXServiceConfigMapDao xConfMapDao = daoMgr.getXXServiceConfigMap();
+ XXServiceConfigMap xConfMap = new XXServiceConfigMap();
+ xConfMap = (XXServiceConfigMap) rangerAuditFields.populateAuditFields(xConfMap, xservice);
+ xConfMap.setServiceId(xservice.getId());
+ xConfMap.setConfigkey(ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS);
+ xConfMap.setConfigvalue(defaultValue);
+ xConfMapDao.create(xConfMap);
+ } catch (Exception e) {
+ logger.error("default audit filters addition for service (id=" + xservice.getId() + ") failed!!");
+ throw e;
+ }
+ if (logger.isDebugEnabled()) {
+ logger.debug("<== PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilterConfig()");
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js b/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
index c8a47a4..e057cb1 100644
--- a/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
+++ b/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
@@ -89,10 +89,11 @@ define(function(require) {
customConfigs = _.omit(customConfigs , m.name);
})
this.conf = configs;
- this.auditFilters = (_.isEmpty(customConfigs) && _.isUndefined(customConfigs['ranger.plugin.audit.filters'])) ?
- false : customConfigs['ranger.plugin.audit.filters'];
- this.customConfigs = _.isEmpty(_.omit(customConfigs, 'ranger.plugin.audit.filters')) ?
- false : _.omit(customConfigs, 'ranger.plugin.audit.filters');
+ this.auditFilters = (_.isEmpty(this.conf) && _.isUndefined(this.conf['Ranger Default Audit Filters'])) ?
+ false : this.conf['Ranger Default Audit Filters'];
+ this.conf = _.omit(this.conf, 'Ranger Default Audit Filters')
+ this.customConfigs = _.isEmpty(_.omit(customConfigs, 'Ranger Default Audit Filters')) ?
+ false : _.omit(customConfigs, 'Ranger Default Audit Filters');
if(this.auditFilters){
this.auditFilters = JSON.parse((this.auditFilters).replace(/'/g, '"'));
}
diff --git a/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js b/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js
index 983f65b..41872af 100644
--- a/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js
+++ b/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js
@@ -110,6 +110,13 @@ define(function(require){
var auditFilterCollValue = this.model.get('configs')['ranger.plugin.audit.filters'];
delete this.model.get('configs')['ranger.plugin.audit.filters']
}
+ var configs = this.rangerServiceDefModel.get('configs');
+ var auditFilterCollValueIndex = _.findIndex(configs,function(m){
+ return m.name == 'ranger.plugin.audit.filters'
+ })
+ if(auditFilterCollValueIndex != -1) {
+ configs.splice(auditFilterCollValueIndex, 1);
+ }
_.each(this.model.get('configs'),function(value, name){
var configObj = _.findWhere(this.rangerServiceDefModel.get('configs'),{'name' : name });
if(!_.isUndefined(configObj) && configObj.type == 'bool'){
@@ -231,6 +238,8 @@ define(function(require){
auditFiltter.push(e.attributes);
})
config['ranger.plugin.audit.filters'] = (JSON.stringify(auditFiltter)).replace(/"/g, "'");
+ } else {
+ config['ranger.plugin.audit.filters'] = "";
}
this.model.set('configs',config);