You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2021/01/28 17:03:47 UTC
[ranger] branch ranger-2.2 updated: RANGER-2724: Support EXECUTE permission in HBase Authorisation - Part 2

This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.2 by this push:
     new 8a542c1  RANGER-2724: Support EXECUTE permission in HBase Authorisation - Part 2
8a542c1 is described below

commit 8a542c14a4991d06b61a514233726c81d62662b6
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Thu Jan 28 08:21:24 2021 -0800

    RANGER-2724: Support EXECUTE permission in HBase Authorisation - Part 2
---
 .../optimized/current/ranger_core_db_mysql.sql     |   1 +
 .../optimized/current/ranger_core_db_oracle.sql    |   1 +
 .../optimized/current/ranger_core_db_postgres.sql  |   1 +
 .../current/ranger_core_db_sqlanywhere.sql         |   2 +
 .../optimized/current/ranger_core_db_sqlserver.sql |   3 +-
 .../PatchForHBaseDefaultPolicyUpdate_J10045.java   | 143 +++++++++++++++++++++
 6 files changed, 150 insertions(+), 1 deletion(-)

diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index cc73e0b..ad8c3ff 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1832,4 +1832,5 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10041',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10043',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10044',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10045',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 6556a09..759cdd0 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -2046,5 +2046,6 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act
 INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10041',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10043',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10044',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10045',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 commit;
diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index d734222..022ff82 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1970,6 +1970,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10041',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10043',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10044',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10045',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 
 DROP VIEW IF EXISTS vx_trx_log;
diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index f1d67be..69ccd81 100644
--- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -2389,6 +2389,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
 GO
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10044',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10045',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
 exit
diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 80307af..a2d7cb4 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -3954,7 +3954,7 @@ CREATE TABLE [dbo].[x_rms_notification](
         [hl_service_id] [bigint] NULL DEFAULT NULL,
         [ll_resource_id] [bigint] NULL DEFAULT NULL,
         [ll_service_id] [bigint] NULL DEFAULT NULL,
-        
+
 PRIMARY KEY CLUSTERED
 (
         [id] ASC
@@ -4167,6 +4167,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10041',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10043',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10044',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10045',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
 CREATE VIEW [dbo].[vx_trx_log] AS
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseDefaultPolicyUpdate_J10045.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseDefaultPolicyUpdate_J10045.java
new file mode 100644
index 0000000..574c02a
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseDefaultPolicyUpdate_J10045.java
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXService;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.util.CLIUtil;
+import org.apache.solr.common.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+@Component
+public class PatchForHBaseDefaultPolicyUpdate_J10045 extends BaseLoader {
+	private static final Logger logger = Logger.getLogger(PatchForHBaseDefaultPolicyUpdate_J10045.class);
+	public static final  String SERVICE_CONFIG_USER_NAME_PARAM = "username";
+	public static final  String DEFAULT_HBASE_USER_NAME        = "hbase";
+	public static final  String DEFAULT_HBASE_POLICY_NAME      = "all - table, column-family, column";
+
+	@Autowired
+	RangerDaoManager daoMgr;
+
+	@Autowired
+	ServiceDBStore svcDBStore;
+
+	public static void main(String[] args) {
+		logger.info("main()");
+		try {
+			PatchForHBaseDefaultPolicyUpdate_J10045 loader = (PatchForHBaseDefaultPolicyUpdate_J10045) CLIUtil.getBean(PatchForHBaseDefaultPolicyUpdate_J10045.class);
+			loader.init();
+			while (loader.isMoreToProcess()) {
+				loader.load();
+			}
+			logger.info("Load complete. Exiting.");
+			System.exit(0);
+		} catch (Exception e) {
+			logger.error("Error loading", e);
+			System.exit(1);
+		}
+	}
+
+	@Override
+	public void printStats() {
+		logger.info("PatchForHBaseDefaultPolicyUpdate data ");
+	}
+
+	@Override
+	public void execLoad() {
+		logger.info("==> PatchForHBaseDefaultPolicyUpdate.execLoad()");
+		try {
+			if (!updateHBaseDefaultPolicy()) {
+				logger.error("Failed to apply the patch.");
+				System.exit(1);
+			}
+		} catch (Exception e) {
+			logger.error("Error while updateHBaseDefaultPolicy()data.", e);
+			System.exit(1);
+		}
+		logger.info("<== PatchForHBaseDefaultPolicyUpdate.execLoad()");
+	}
+
+	@Override
+	public void init() throws Exception {
+		// Do Nothing
+	}
+
+	private boolean updateHBaseDefaultPolicy() throws Exception {
+		RangerServiceDef embeddedHBaseServiceDef;
+
+		embeddedHBaseServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HBASE_NAME);
+
+		if (embeddedHBaseServiceDef != null) {
+			List<XXService> dbServices = daoMgr.getXXService().findByServiceDefId(embeddedHBaseServiceDef.getId());
+			if (CollectionUtils.isNotEmpty(dbServices)) {
+				SearchFilter filter = new SearchFilter();
+
+				for(XXService dbService : dbServices) {
+					RangerService service = svcDBStore.getServiceByName(dbService.getName());
+					if (service != null) {
+						String userName = service.getConfigs().get(SERVICE_CONFIG_USER_NAME_PARAM);
+						if (StringUtils.isEmpty(userName)) {
+							userName = DEFAULT_HBASE_USER_NAME;
+						}
+						updateDefaultHBasePolicy(svcDBStore.getServicePolicies(dbService.getId(), filter), userName);
+					} else {
+						logger.error("Cannot get RangerService with name:[" + dbService.getName() + "]");
+					}
+				}
+			}
+		} else {
+			logger.error("The embedded HBase service-definition does not exist.");
+			return false;
+		}
+		return true;
+	}
+
+	private void updateDefaultHBasePolicy(List<RangerPolicy> policies, String userName) throws Exception{
+		if (CollectionUtils.isNotEmpty(policies)) {
+			for (RangerPolicy policy : policies) {
+				if (policy.getName().equals(DEFAULT_HBASE_POLICY_NAME)) {
+					RangerPolicy.RangerPolicyItem policyItemForHBase = new RangerPolicy.RangerPolicyItem();
+					policyItemForHBase.setUsers(Collections.singletonList(userName));
+					List<RangerPolicy.RangerPolicyItemAccess> accesses = new ArrayList<>();
+					accesses.add(new RangerPolicy.RangerPolicyItemAccess("read", true));
+					accesses.add(new RangerPolicy.RangerPolicyItemAccess("write", true));
+					accesses.add(new RangerPolicy.RangerPolicyItemAccess("create", true));
+					accesses.add(new RangerPolicy.RangerPolicyItemAccess("admin", true));
+					accesses.add(new RangerPolicy.RangerPolicyItemAccess("execute", true));
+					policyItemForHBase.setAccesses(accesses);
+					policyItemForHBase.setDelegateAdmin(true);
+					policy.getPolicyItems().add(policyItemForHBase);
+				}
+				svcDBStore.updatePolicy(policy);
+			}
+		}
+	}
+}