You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2015/04/22 16:46:12 UTC
[2/2] incubator-ranger git commit: RANGER-417 : Add support for KMS
UI in Ranger Admin
RANGER-417 : Add support for KMS UI in Ranger Admin
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2f8bcd23
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2f8bcd23
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2f8bcd23
Branch: refs/heads/master
Commit: 2f8bcd23477a651cc4d70467045765109286b8fa
Parents: 94bf590
Author: Gautam Borad <gb...@gmail.com>
Authored: Wed Apr 22 18:37:06 2015 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Wed Apr 22 10:45:46 2015 -0400
----------------------------------------------------------------------
.../ranger/plugin/util/KeySearchFilter.java | 116 +++++++
kms/config/kms-webapp/dbks-site.xml | 2 +-
.../db/postgres/kms_core_db_postgres.sql | 12 +-
kms/scripts/install.properties | 2 +-
kms/scripts/setup.sh | 12 +
.../crypto/key/RangerKeyStoreProvider.java | 6 -
.../hadoop/crypto/key/kms/server/KMSACLs.java | 12 +-
.../hadoop/crypto/key/kms/server/KMSWebApp.java | 13 +-
.../kms/server/KeyAuthorizationKeyProvider.java | 4 +-
.../apache/ranger/entity/XXRangerKeyStore.java | 4 +-
.../apache/ranger/entity/XXRangerMasterKey.java | 4 +-
.../kms/authorizer/RangerKmsAuthorizer.java | 15 +-
.../ranger/services/kms/client/KMSClient.java | 156 ++++-----
.../services/kms/client/KMSResourceMgr.java | 27 +-
.../java/org/apache/ranger/biz/KmsKeyMgr.java | 317 +++++++++++++++++
.../org/apache/ranger/common/AppConstants.java | 6 +-
.../java/org/apache/ranger/rest/XKeyREST.java | 169 +++++++++
.../java/org/apache/ranger/view/VXKmsKey.java | 239 +++++++++++++
.../org/apache/ranger/view/VXKmsKeyList.java | 84 +++++
.../collection_bases/VXKmsKeyListBase.js | 68 ++++
.../webapp/scripts/collections/VXKmsKeyList.js | 36 ++
.../webapp/scripts/controllers/Controller.js | 37 ++
.../webapp/scripts/model_bases/VXKmsKeyBase.js | 103 ++++++
.../src/main/webapp/scripts/models/VXKmsKey.js | 54 +++
.../src/main/webapp/scripts/modules/XALinks.js | 34 +-
.../scripts/modules/globalize/message/en.js | 17 +-
.../src/main/webapp/scripts/routers/Router.js | 12 +-
.../src/main/webapp/scripts/utils/XAGlobals.js | 12 +-
.../webapp/scripts/views/kms/KMSTableLayout.js | 345 +++++++++++++++++++
.../webapp/scripts/views/kms/KmsKeyCreate.js | 186 ++++++++++
.../main/webapp/scripts/views/kms/KmsKeyForm.js | 107 ++++++
.../webapp/templates/common/TopNav_tmpl.html | 12 +-
.../webapp/templates/kms/KmsKeyCreate_tmpl.html | 30 ++
.../webapp/templates/kms/KmsKeyForm_tmpl.html | 19 +
.../templates/kms/KmsTableLayout_tmpl.html | 46 +++
35 files changed, 2139 insertions(+), 179 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/agents-common/src/main/java/org/apache/ranger/plugin/util/KeySearchFilter.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/KeySearchFilter.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/KeySearchFilter.java
new file mode 100644
index 0000000..f28a46b
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/KeySearchFilter.java
@@ -0,0 +1,116 @@
+package org.apache.ranger.plugin.util;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
+
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.lang.StringUtils;
+
+public class KeySearchFilter {
+ public static final String KEY_NAME = "name";// search, sort
+
+ public static final String START_INDEX = "startIndex";
+ public static final String PAGE_SIZE = "pageSize";
+ public static final String SORT_BY = "sortBy";
+
+ private Map<String, String> params = null;
+ private int startIndex = 0;
+ private int maxRows = Integer.MAX_VALUE;
+ private boolean getCount = true;
+ private String sortBy = null;
+ private String sortType = null;
+
+ public KeySearchFilter() {
+ this(null);
+ }
+
+ public KeySearchFilter(String name, String value) {
+ setParam(name, value);
+ }
+
+ public KeySearchFilter(Map<String, String> values) {
+ setParams(values);
+ }
+
+ public Map<String, String> getParams() {
+ return params;
+ }
+
+ public void setParams(Map<String, String> params) {
+ this.params = params;
+ }
+
+ public String getParam(String name) {
+ return params == null ? null : params.get(name);
+ }
+
+ public void setParam(String name, String value) {
+ if(StringUtils.isEmpty(name) || StringUtils.isEmpty(value)) {
+ return;
+ }
+
+ if(params == null) {
+ params = new HashMap<String, String>();
+ }
+
+ params.put(name, value);
+ }
+ public boolean isEmpty() {
+ return MapUtils.isEmpty(params);
+ }
+
+ public int getStartIndex() {
+ return startIndex;
+ }
+
+ public void setStartIndex(int startIndex) {
+ this.startIndex = startIndex;
+ }
+
+ public int getMaxRows() {
+ return maxRows;
+ }
+
+ public void setMaxRows(int maxRows) {
+ this.maxRows = maxRows;
+ }
+
+ public boolean isGetCount() {
+ return getCount;
+ }
+
+ public void setGetCount(boolean getCount) {
+ this.getCount = getCount;
+ }
+
+ public String getSortBy() {
+ return sortBy;
+ }
+
+ public void setSortBy(String sortBy) {
+ this.sortBy = sortBy;
+ }
+
+ public String getSortType() {
+ return sortType;
+ }
+
+ public void setSortType(String sortType) {
+ this.sortType = sortType;
+ }
+
+ @Override
+ public boolean equals(Object object) {
+ if (object == null || !(object instanceof KeySearchFilter)) {
+ return false;
+ }
+ KeySearchFilter that = (KeySearchFilter)object;
+ return Objects.equals(params, that.params);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(params);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/config/kms-webapp/dbks-site.xml
----------------------------------------------------------------------
diff --git a/kms/config/kms-webapp/dbks-site.xml b/kms/config/kms-webapp/dbks-site.xml
old mode 100644
new mode 100755
index f29f0e4..734d537
--- a/kms/config/kms-webapp/dbks-site.xml
+++ b/kms/config/kms-webapp/dbks-site.xml
@@ -44,7 +44,7 @@
<name>ranger.ks.jpa.jdbc.url</name>
<value>jdbc:log4jdbc:mysql://localhost:3306/rangerkms</value>
<description>
- ULR for Database
+ URL for Database
</description>
</property>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/scripts/db/postgres/kms_core_db_postgres.sql
----------------------------------------------------------------------
diff --git a/kms/scripts/db/postgres/kms_core_db_postgres.sql b/kms/scripts/db/postgres/kms_core_db_postgres.sql
old mode 100644
new mode 100755
index 829ab84..19c8369
--- a/kms/scripts/db/postgres/kms_core_db_postgres.sql
+++ b/kms/scripts/db/postgres/kms_core_db_postgres.sql
@@ -1,8 +1,8 @@
DROP TABLE IF EXISTS ranger_masterkey CASCADE;
-DROP SEQUENCE IF EXISTS ranger_masterkey_seq;
-CREATE SEQUENCE ranger_masterkey_seq;
+DROP SEQUENCE IF EXISTS RANGER_MASTERKEY_SEQ;
+CREATE SEQUENCE RANGER_MASTERKEY_SEQ;
CREATE TABLE ranger_masterkey(
-id BIGINT DEFAULT nextval('ranger_masterkey_seq'::regclass),
+id BIGINT DEFAULT nextval('RANGER_MASTERKEY_SEQ'::regclass),
create_time TIMESTAMP DEFAULT NULL NULL,
update_time TIMESTAMP DEFAULT NULL NULL,
added_by_id BIGINT DEFAULT NULL NULL,
@@ -14,10 +14,10 @@ PRIMARY KEY (id)
);
DROP TABLE IF EXISTS ranger_keystore CASCADE;
-DROP SEQUENCE IF EXISTS ranger_keystore_seq;
-CREATE SEQUENCE ranger_keystore_seq;
+DROP SEQUENCE IF EXISTS RANGER_KEYSTORE_SEQ;
+CREATE SEQUENCE RANGER_KEYSTORE_SEQ;
CREATE TABLE ranger_keystore(
-id BIGINT DEFAULT nextval('ranger_keystore_seq'::regclass),
+id BIGINT DEFAULT nextval('RANGER_KEYSTORE_SEQ'::regclass),
create_time TIMESTAMP DEFAULT NULL NULL,
update_time TIMESTAMP DEFAULT NULL NULL,
added_by_id BIGINT DEFAULT NULL NULL,
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/scripts/install.properties
----------------------------------------------------------------------
diff --git a/kms/scripts/install.properties b/kms/scripts/install.properties
index 1a77976..b54f30f 100644
--- a/kms/scripts/install.properties
+++ b/kms/scripts/install.properties
@@ -92,7 +92,7 @@ POLICY_MGR_URL=
# Example:
# REPOSITORY_NAME=kmsdev
#
-REPOSITORY_NAME=kms
+REPOSITORY_NAME=kmsdev
#
# AUDIT DB Configuration
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/kms/scripts/setup.sh b/kms/scripts/setup.sh
old mode 100644
new mode 100755
index 295a71d..a3680b7
--- a/kms/scripts/setup.sh
+++ b/kms/scripts/setup.sh
@@ -390,6 +390,14 @@ update_properties() {
propertyName=ranger.ks.jpa.jdbc.password
newPropertyValue="_"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file
+
+ propertyName=ranger.ks.masterkey.credential.alias
+ newPropertyValue="${MK_CREDENTIAL_ALIAS}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file
+
+ propertyName=ranger.db.encrypt.key.password
+ newPropertyValue="_"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file
else
propertyName="${DB_CREDENTIAL_ATTR}"
newPropertyValue="${db_password}"
@@ -416,6 +424,10 @@ update_properties() {
updatePropertyToFilePy $propertyName $newPropertyValue $to_file
fi
+ propertyName=hadoop.kms.blacklist.CREATE
+ newPropertyValue="BlacklistUser"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file
+
###########
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
index a0a082f..db0dc38 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
@@ -77,7 +77,6 @@ public class RangerKeyStoreProvider extends KeyProvider{
RangerMasterKey rangerMasterKey = new RangerMasterKey(daoManager);
dbStore = new RangerKeyStore(daoManager);
String password = conf.get(ENCRYPTION_KEY);
- // System.out.println("RKSP Password = "+password);
if(password == null || password.trim().equals("") || password.trim().equals("_") || password.trim().equals("crypted")){
throw new IOException("Master Key Jceks does not exists");
}
@@ -318,18 +317,13 @@ public class RangerKeyStoreProvider extends KeyProvider{
private void getFromJceks(Configuration conf, String path, String alias, String key){
//update credential from keystore
- // System.out.println("getFromJCEKS path = "+path+" alias = "+alias+" key = "+key);
if(conf!=null){
String pathValue=conf.get(path);
- // System.out.println("path Value = "+pathValue);
String aliasValue=conf.get(alias);
- // System.out.println("alias Value = "+aliasValue);
if(pathValue!=null && aliasValue!=null){
String xaDBPassword=CredentialReader.getDecryptedString(pathValue.trim(),aliasValue.trim());
- // System.out.println("xaDBPassword = "+xaDBPassword);
if(xaDBPassword!=null&& !xaDBPassword.trim().isEmpty() &&
!xaDBPassword.trim().equalsIgnoreCase("none")){
- // System.out.println("inside key = "+key+" xaDBaswword "+xaDBPassword);
conf.set(key, xaDBPassword);
}else{
logger.info("Credential keystore password not applied for KMS; clear text password shall be applicable");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java
old mode 100644
new mode 100755
index f2298c0..92d3470
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java
@@ -160,6 +160,7 @@ public class KMSACLs implements Runnable, KeyACLs {
}
}
+ @Override
public synchronized void startReloader() {
if (executorService == null) {
executorService = Executors.newScheduledThreadPool(1);
@@ -168,6 +169,7 @@ public class KMSACLs implements Runnable, KeyACLs {
}
}
+ @Override
public synchronized void stopReloader() {
if (executorService != null) {
executorService.shutdownNow();
@@ -240,14 +242,4 @@ public class KMSACLs implements Runnable, KeyACLs {
public boolean isACLPresent(String keyName, KeyOpType opType) {
return (keyAcls.containsKey(keyName) || defaultKeyAcls.containsKey(opType));
}
-
- @Override
- public void startACLReloader() {
- this.startReloader();
- }
-
- @Override
- public void stopACLReloader() {
- this.stopReloader();
- }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
old mode 100644
new mode 100755
index 67b9f88..403c310
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
@@ -132,9 +132,7 @@ public class KMSWebApp implements ServletContextListener {
kmsAcls = getAcls(kmsConf.get(KMSConfiguration.KMS_SECURITY_AUTHORIZER));
-
- //kmsAcls = new KMSACLs();
- kmsAcls.startACLReloader();
+ kmsAcls.startReloader();
metricRegistry = new MetricRegistry();
jmxReporter = JmxReporter.forRegistry(metricRegistry).build();
@@ -225,6 +223,7 @@ public class KMSWebApp implements ServletContextListener {
}
}
+ @SuppressWarnings("unchecked")
private KeyACLs getAcls(String clsStr) throws IOException {
KeyACLs keyAcl = null;
try {
@@ -232,13 +231,9 @@ public class KMSWebApp implements ServletContextListener {
if (clsStr == null || clsStr.trim().equals("")) {
cls = KMSACLs.class;
} else {
- //Class<?> configClass = Class.forName(clsStr, true, JavaUtils.getClassLoader());
Class<?> configClass = Class.forName(clsStr);
- //Class<?> configClass = Class.forName(clsStr, true, JavaUtils.getClassLoader());
if(!KeyACLs.class.isAssignableFrom(configClass) ){
- //if it's not of type KeyACLs
- //we can have default also "cls = KMSACLs.class;"
- return null;
+ throw new RuntimeException(clsStr+" should implement KeyACLs");
}
cls = (Class<? extends KeyACLs>)configClass;
}
@@ -254,7 +249,7 @@ public class KMSWebApp implements ServletContextListener {
@Override
public void contextDestroyed(ServletContextEvent sce) {
kmsAudit.shutdown();
- kmsAcls.stopACLReloader();
+ kmsAcls.stopReloader();
jmxReporter.stop();
jmxReporter.close();
metricRegistry = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
old mode 100644
new mode 100755
index 5099daf..1e43dac
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
@@ -82,9 +82,9 @@ public class KeyAuthorizationKeyProvider extends KeyProviderCryptoExtension {
*/
public boolean isACLPresent(String aclName, KeyOpType opType);
- public void startACLReloader();
+ public void startReloader();
- public void stopACLReloader();
+ public void stopReloader();
public boolean hasAccess(KMSACLsType.Type aclType, UserGroupInformation ugi);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/src/main/java/org/apache/ranger/entity/XXRangerKeyStore.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/ranger/entity/XXRangerKeyStore.java b/kms/src/main/java/org/apache/ranger/entity/XXRangerKeyStore.java
old mode 100644
new mode 100755
index f29341a..9bc53c2
--- a/kms/src/main/java/org/apache/ranger/entity/XXRangerKeyStore.java
+++ b/kms/src/main/java/org/apache/ranger/entity/XXRangerKeyStore.java
@@ -34,8 +34,8 @@ public class XXRangerKeyStore extends XXDBBase implements java.io.Serializable {
private static final long serialVersionUID = 1L;
@Id
- @SequenceGenerator(name="kmskeys",sequenceName="kmskeys",allocationSize=1)
- @GeneratedValue(strategy=GenerationType.AUTO,generator="kmskeys")
+ @SequenceGenerator(name="RANGER_KEYSTORE_SEQ",sequenceName="RANGER_KEYSTORE_SEQ",allocationSize=1)
+ @GeneratedValue(strategy=GenerationType.AUTO,generator="RANGER_KEYSTORE_SEQ")
@Column(name="ID")
protected Long id;
@Override
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/src/main/java/org/apache/ranger/entity/XXRangerMasterKey.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/ranger/entity/XXRangerMasterKey.java b/kms/src/main/java/org/apache/ranger/entity/XXRangerMasterKey.java
old mode 100644
new mode 100755
index 6c1c119..c6c9703
--- a/kms/src/main/java/org/apache/ranger/entity/XXRangerMasterKey.java
+++ b/kms/src/main/java/org/apache/ranger/entity/XXRangerMasterKey.java
@@ -34,8 +34,8 @@ public class XXRangerMasterKey extends XXDBBase implements java.io.Serializable
private static final long serialVersionUID = 1L;
@Id
- @SequenceGenerator(name="rangermasterkey",sequenceName="rangermasterkey",allocationSize=1)
- @GeneratedValue(strategy=GenerationType.AUTO,generator="rangermasterkey")
+ @SequenceGenerator(name="RANGER_MASTERKEY_SEQ",sequenceName="RANGER_MASTERKEY_SEQ",allocationSize=1)
+ @GeneratedValue(strategy=GenerationType.AUTO,generator="RANGER_MASTERKEY_SEQ")
@Column(name="ID")
protected Long id;
@Override
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java b/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java
index 96fcf31..d945201 100755
--- a/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java
+++ b/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java
@@ -113,6 +113,7 @@ public class RangerKmsAuthorizer implements Runnable, KeyACLs {
return conf;
}
+ @Override
public synchronized void startReloader() {
if (executorService == null) {
executorService = Executors.newScheduledThreadPool(1);
@@ -120,7 +121,7 @@ public class RangerKmsAuthorizer implements Runnable, KeyACLs {
RELOADER_SLEEP_MILLIS, TimeUnit.MILLISECONDS);
}
}
-
+ @Override
public synchronized void stopReloader() {
if (executorService != null) {
executorService.shutdownNow();
@@ -194,17 +195,7 @@ public class RangerKmsAuthorizer implements Runnable, KeyACLs {
return true;
}
- @Override
- public void startACLReloader() {
- this.startReloader();
- }
-
- @Override
- public void stopACLReloader() {
- this.stopReloader();
- }
-
- public void init(Configuration conf) {
+ public void init(Configuration conf) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerKmsAuthorizer.init()");
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
----------------------------------------------------------------------
diff --git a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
index c956914..6c69196 100755
--- a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
+++ b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
@@ -25,12 +25,12 @@ import java.util.List;
import java.util.Map;
import java.util.concurrent.Callable;
import java.util.concurrent.TimeUnit;
+import java.util.regex.Pattern;
import org.apache.log4j.Logger;
import org.apache.ranger.plugin.client.BaseClient;
import org.apache.ranger.plugin.client.HadoopException;
import org.apache.ranger.services.kms.client.KMSClient;
-import org.apache.ranger.services.kms.client.json.model.KMSSchedulerResponse;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
@@ -44,45 +44,42 @@ public class KMSClient {
private static final String EXPECTED_MIME_TYPE = "application/json";
- private static final String KMS_LIST_API_ENDPOINT = "/ws/v1/cluster/scheduler" ;
+ private static final String KMS_LIST_API_ENDPOINT = "v1/keys/names?user.name=${userName}"; //GET
private static final String errMessage = " You can still save the repository and start creating "
+ "policies, but you would not be able to use autocomplete for "
+ "resource names. Check xa_portal.log for more info.";
-
- String kmsQUrl;
- String userName;
+ String provider;
+ String username;
String password;
- public KMSClient(String kmsQueueUrl, String kmsUserName, String kmsPassWord) {
-
- this.kmsQUrl = kmsQueueUrl;
- this.userName = kmsUserName ;
- this.password = kmsPassWord;
+ public KMSClient(String provider, String username, String password) {
+ provider = provider.replaceAll("kms://","");
+ provider = provider.replaceAll("http@","http://");
+ this.provider = provider;
+ this.username = username ;
+ this.password = password;
if (LOG.isDebugEnabled()) {
- LOG.debug("Kms Client is build with url [" + kmsQueueUrl + "] user: [" + kmsPassWord + "], password: [" + "" + "]");
- }
-
+ LOG.debug("Kms Client is build with url [" + provider + "] user: [" + username + "]");
+ }
}
- public List<String> getQueueList(final String queueNameMatching, final List<String> existingQueueList) {
+ public List<String> getKeyList(final String keyNameMatching, final List<String> existingKeyList) {
if (LOG.isDebugEnabled()) {
- LOG.debug("Getting Kms queue list for queueNameMatching : " + queueNameMatching);
+ LOG.debug("Getting Kms Key list for keyNameMatching : " + keyNameMatching);
}
- final String errMsg = errMessage;
-
- List<String> ret = new ArrayList<String>();
+ final String errMsg = errMessage;
- Callable<List<String>> kmsQueueListGetter = new Callable<List<String>>() {
+ Callable<List<String>> kmsKeyListGetter = new Callable<List<String>>() {
@Override
public List<String> call() {
- List<String> lret = new ArrayList<String>();
-
- String url = kmsQUrl + KMS_LIST_API_ENDPOINT ;
+ List<String> lret = new ArrayList<String>();
+ String keyLists = KMS_LIST_API_ENDPOINT.replaceAll(Pattern.quote("${userName}"), username);
+ String uri = provider + (provider.endsWith("/") ? keyLists : ("/" + keyLists));
Client client = null ;
ClientResponse response = null ;
@@ -90,70 +87,65 @@ public class KMSClient {
try {
client = Client.create() ;
- WebResource webResource = client.resource(url);
+ WebResource webResource = client.resource(uri);
- response = webResource.accept(EXPECTED_MIME_TYPE)
- .get(ClientResponse.class);
+ response = webResource.accept(EXPECTED_MIME_TYPE).get(ClientResponse.class);
if (LOG.isDebugEnabled()) {
- LOG.debug("getQueueList():calling " + url);
+ LOG.debug("getKeyList():calling " + uri);
}
if (response != null) {
if (LOG.isDebugEnabled()) {
- LOG.debug("getQueueList():response.getStatus()= " + response.getStatus());
+ LOG.debug("getKeyList():response.getStatus()= " + response.getStatus());
}
if (response.getStatus() == 200) {
String jsonString = response.getEntity(String.class);
Gson gson = new GsonBuilder().setPrettyPrinting().create();
- KMSSchedulerResponse kmsQResponse = gson.fromJson(jsonString, KMSSchedulerResponse.class);
- if (kmsQResponse != null) {
- List<String> kmsQueueList = kmsQResponse.getQueueNames();
- if (kmsQueueList != null) {
- for ( String kmsQueueName : kmsQueueList) {
- if ( existingQueueList != null && existingQueueList.contains(kmsQueueName)) {
+ @SuppressWarnings("unchecked")
+ List<String> keys = gson.fromJson(jsonString, List.class) ;
+ if (keys != null) {
+ for ( String key : keys) {
+ if ( existingKeyList != null && existingKeyList.contains(key)) {
continue;
}
- if (queueNameMatching == null || queueNameMatching.isEmpty()
- || kmsQueueName.startsWith(queueNameMatching)) {
+ if (keyNameMatching == null || keyNameMatching.isEmpty() || key.startsWith(keyNameMatching)) {
if (LOG.isDebugEnabled()) {
- LOG.debug("getQueueList():Adding kmsQueue " + kmsQueueName);
+ LOG.debug("getKeyList():Adding kmsKey " + key);
}
- lret.add(kmsQueueName) ;
+ lret.add(key) ;
}
- }
}
- }
- } else{
- LOG.info("getQueueList():response.getStatus()= " + response.getStatus() + " for URL " + url + ", so returning null list");
- String jsonString = response.getEntity(String.class);
- LOG.info(jsonString);
- lret = null;
+ }
+ }else if (response.getStatus() == 401) {
+ LOG.info("getKeyList():response.getStatus()= " + response.getStatus() + " for URL " + uri + ", so returning null list");
+ return lret;
+ }else if (response.getStatus() == 403) {
+ LOG.info("getKeyList():response.getStatus()= " + response.getStatus() + " for URL " + uri + ", so returning null list");
+ return lret;
+ }else {
+ LOG.info("getKeyList():response.getStatus()= " + response.getStatus() + " for URL " + uri + ", so returning null list");
+ String jsonString = response.getEntity(String.class);
+ LOG.info(jsonString);
+ lret = null;
}
- } else {
+ }else {
String msgDesc = "Unable to get a valid response for "
+ "expected mime type : [" + EXPECTED_MIME_TYPE
- + "] URL : " + url + " - got null response.";
+ + "] URL : " + uri + " - got null response.";
LOG.error(msgDesc);
HadoopException hdpException = new HadoopException(msgDesc);
- hdpException.generateResponseDataMap(false, msgDesc,
- msgDesc + errMsg, null, null);
+ hdpException.generateResponseDataMap(false, msgDesc, msgDesc + errMsg, null, null);
throw hdpException;
}
} catch (HadoopException he) {
throw he;
- } catch (Throwable t) {
- String msgDesc = "Exception while getting Kms Queue List."
- + " URL : " + url;
- HadoopException hdpException = new HadoopException(msgDesc,
- t);
+ }catch (Throwable t) {
+ String msgDesc = "Exception while getting Kms Key List. URL : " + uri;
+ HadoopException hdpException = new HadoopException(msgDesc, t);
LOG.error(msgDesc, t);
-
- hdpException.generateResponseDataMap(false,
- BaseClient.getMessage(t), msgDesc + errMsg, null,
- null);
- throw hdpException;
-
+ hdpException.generateResponseDataMap(false, BaseClient.getMessage(t), msgDesc + errMsg, null, null);
+ throw hdpException;
} finally {
if (response != null) {
response.close();
@@ -161,34 +153,24 @@ public class KMSClient {
if (client != null) {
client.destroy();
- }
-
+ }
}
return lret ;
}
} ;
-
- try {
- ret = timedTask(kmsQueueListGetter, 5, TimeUnit.SECONDS);
- } catch ( Exception e) {
- LOG.error("Unable to get Kms Queue list from [" + kmsQUrl + "]", e) ;
- }
-
- return ret;
+ return null;
}
- public static HashMap<String, Object> testConnection(String serviceName,
- Map<String, String> configs) {
+ public static HashMap<String, Object> testConnection(String serviceName, Map<String, String> configs) {
List<String> strList = new ArrayList<String>();
String errMsg = errMessage;
boolean connectivityStatus = false;
HashMap<String, Object> responseData = new HashMap<String, Object>();
- KMSClient kmsClient = getKmsClient(serviceName,
- configs);
- strList = getKmsResource(kmsClient, "",null);
-
+ KMSClient kmsClient = getKmsClient(serviceName, configs);
+ strList = getKmsKey(kmsClient, "", null);
+
if (strList != null) {
connectivityStatus = true;
}
@@ -198,7 +180,7 @@ public class KMSClient {
BaseClient.generateResponseDataMap(connectivityStatus, successMsg,
successMsg, null, null, responseData);
} else {
- String failureMsg = "Unable to retrieve any Kms Queues using given parameters.";
+ String failureMsg = "Unable to retrieve any Kms Key using given parameters.";
BaseClient.generateResponseDataMap(connectivityStatus, failureMsg,
failureMsg + errMsg, null, null, responseData);
}
@@ -232,15 +214,14 @@ public class KMSClient {
return kmsClient;
}
- public static List<String> getKmsResource (final KMSClient kmsClient,
- String yanrQname, List<String> existingQueueName) {
+ public static List<String> getKmsKey (final KMSClient kmsClient, String keyName, List<String> existingKeyName) {
List<String> resultList = new ArrayList<String>();
String errMsg = errMessage;
try {
if (kmsClient == null) {
- String msgDesc = "Unable to get Kms Queue : KmsClient is null.";
+ String msgDesc = "Unable to get Kms Key : KmsClient is null.";
LOG.error(msgDesc);
HadoopException hdpException = new HadoopException(msgDesc);
hdpException.generateResponseDataMap(false, msgDesc, msgDesc
@@ -248,26 +229,22 @@ public class KMSClient {
throw hdpException;
}
- if (yanrQname != null) {
- String finalkmsQueueName = (yanrQname == null) ? ""
- : yanrQname.trim();
- resultList = kmsClient
- .getQueueList(finalkmsQueueName,existingQueueName);
+ if (keyName != null) {
+ String finalkmsKeyName = (keyName == null) ? "": keyName.trim();
+ resultList = kmsClient.getKeyList(finalkmsKeyName,existingKeyName);
if (resultList != null) {
if (LOG.isDebugEnabled()) {
- LOG.debug("Returning list of " + resultList.size() + " Kms Queues");
+ LOG.debug("Returning list of " + resultList.size() + " Kms Keys");
}
}
}
} catch (HadoopException he) {
throw he;
} catch (Exception e) {
- String msgDesc = "getKmsResource: Unable to get Kms resources.";
+ String msgDesc = "Unable to get a valid response from the provider";
LOG.error(msgDesc, e);
HadoopException hdpException = new HadoopException(msgDesc);
-
- hdpException.generateResponseDataMap(false,
- BaseClient.getMessage(e), msgDesc + errMsg, null, null);
+ hdpException.generateResponseDataMap(false, msgDesc, msgDesc + errMsg, null, null);
throw hdpException;
}
return resultList;
@@ -277,5 +254,4 @@ public class KMSClient {
TimeUnit timeUnit) throws Exception {
return callableObj.call();
}
-
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java
----------------------------------------------------------------------
diff --git a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java
index 36a4840..94ca822 100755
--- a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java
+++ b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java
@@ -28,7 +28,7 @@ import org.apache.ranger.plugin.service.ResourceLookupContext;
public class KMSResourceMgr {
public static final Logger LOG = Logger.getLogger(KMSResourceMgr.class);
- private static final String KMSQUEUE = "queue";
+ private static final String KMSKEY = "keyname";
public static HashMap<String, Object> validateConfig(String serviceName, Map<String, String> configs) throws Exception {
HashMap<String, Object> ret = null;
@@ -54,35 +54,32 @@ public class KMSResourceMgr {
String userInput = context.getUserInput();
Map<String, List<String>> resourceMap = context.getResources();
List<String> resultList = null;
- List<String> kmsQueueList = null;
- String kmsQueueName = null;
+ List<String> kmsKeyList = null;
+ String kmsKeyName = null;
- if ( resourceMap != null && !resourceMap.isEmpty() &&
- resourceMap.get(KMSQUEUE) != null ) {
- kmsQueueName = userInput;
- kmsQueueList = resourceMap.get(KMSQUEUE);
+ if ( resourceMap != null && !resourceMap.isEmpty() && resourceMap.get(KMSKEY) != null ) {
+ kmsKeyName = userInput;
+ kmsKeyList = resourceMap.get(KMSKEY);
} else {
- kmsQueueName = userInput;
+ kmsKeyName = userInput;
}
if (configs == null || configs.isEmpty()) {
LOG.error("Connection Config is empty");
-
} else {
- String url = configs.get("kms.url");
+ String url = configs.get("provider");
String username = configs.get("username");
String password = configs.get("password");
- resultList = getKMSResource(url, username, password,kmsQueueName,kmsQueueList) ;
+ resultList = getKMSResource(url, username, password,kmsKeyName,kmsKeyList) ;
}
return resultList ;
}
- public static List<String> getKMSResource(String url, String username, String password,String kmsQueueName, List<String> kmsQueueList) {
+ public static List<String> getKMSResource(String url, String username, String password,String kmsKeyName, List<String> kmsKeyList) {
final KMSClient KMSClient = KMSConnectionMgr.getKMSClient(url, username, password);
- List<String> topologyList = KMSClient.getQueueList(kmsQueueName, kmsQueueList);
+ List<String> topologyList = KMSClient.getKeyList(kmsKeyName, kmsKeyList);
return topologyList;
- }
-
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
new file mode 100755
index 0000000..fd2dd3b
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
@@ -0,0 +1,317 @@
+package org.apache.ranger.biz;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.MediaType;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.collections.Predicate;
+import org.apache.commons.collections.PredicateUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.common.ContextUtil;
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.RangerConfigUtil;
+import org.apache.ranger.common.SortField;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.util.KeySearchFilter;
+import org.apache.ranger.view.VXKmsKey;
+import org.apache.ranger.view.VXKmsKeyList;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.WebResource;
+import com.sun.jersey.api.client.config.ClientConfig;
+import com.sun.jersey.api.client.config.DefaultClientConfig;
+
+@Component
+public class KmsKeyMgr {
+
+ static final Logger logger = Logger.getLogger(KmsKeyMgr.class);
+
+ private static final String KMS_KEY_LIST_URI = "v1/keys/names?user.name=${userName}"; //GET
+ private static final String KMS_ADD_KEY_URI = "v1/keys?user.name=${userName}"; //POST
+ private static final String KMS_ROLL_KEY_URI = "v1/key/${alias}?user.name=${userName}"; //POST
+ private static final String KMS_DELETE_KEY_URI = "v1/key/${alias}?user.name=${userName}"; //DELETE
+ private static final String KMS_KEY_METADATA_URI = "v1/key/${alias}/_metadata?user.name=${userName}"; //GET
+ private static final String KMS_URL_CONFIG = "provider";
+
+ @Autowired
+ ServiceDBStore svcStore;
+
+ @Autowired
+ RESTErrorUtil restErrorUtil;
+
+ @Autowired
+ RangerConfigUtil configUtil;
+
+ public VXKmsKeyList searchKeys(String repoName){
+ String provider = null;
+ try {
+ provider = getKMSURL(repoName);
+ } catch (Exception e) {
+ logger.error("getKey(" + repoName + ") failed", e);
+ }
+ Client c = getClient() ;
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String keyLists = KMS_KEY_LIST_URI.replaceAll(Pattern.quote("${userName}"), currentUserLoginId);
+ String uri = provider + (provider.endsWith("/") ? keyLists : ("/" + keyLists));
+ VXKmsKeyList vxKmsKeyList = new VXKmsKeyList();
+ WebResource r = c.resource(uri) ;
+ String response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+ Gson gson = new GsonBuilder().create() ;
+ logger.debug(" Search Key RESPONSE: [" + response + "]") ;
+ List<VXKmsKey> vXKeys = new ArrayList<VXKmsKey>();
+ @SuppressWarnings("unchecked")
+ List<String> keys = gson.fromJson(response, List.class) ;
+ if(keys != null && keys.size() > 0){
+ for(String name : keys){
+ VXKmsKey key = getKey(repoName, name);
+ vXKeys.add(key);
+ }
+ vxKmsKeyList.setResultSize(vXKeys.size());
+ vxKmsKeyList.setTotalCount(vXKeys.size());
+ vxKmsKeyList.setStartIndex(0);
+ vxKmsKeyList.setPageSize(vXKeys.size());
+ }
+ vxKmsKeyList.setVXKeys(vXKeys);
+ return vxKmsKeyList;
+ }
+
+ public VXKmsKey rolloverKey(String provider, VXKmsKey vXKey){
+ try {
+ provider = getKMSURL(provider);
+ } catch (Exception e) {
+ logger.error("rolloverKey(" + provider + ", "+ vXKey.getName() +") failed", e);
+ }
+ VXKmsKey ret = null ;
+ Client c = getClient() ;
+ String rollRest = KMS_ROLL_KEY_URI.replaceAll(Pattern.quote("${alias}"), vXKey.getName());
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ rollRest = rollRest.replaceAll(Pattern.quote("${userName}"), currentUserLoginId);
+ String uri = provider + (provider.endsWith("/") ? rollRest : ("/" + rollRest));
+ WebResource r = c.resource(uri) ;
+ Gson gson = new GsonBuilder().create() ;
+ String jsonString = gson.toJson(vXKey) ;
+ String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString) ;
+ logger.debug("Roll RESPONSE: [" + response + "]") ;
+ ret = gson.fromJson(response, VXKmsKey.class) ;
+ return ret ;
+ }
+
+ public void deleteKey(String provider, String name){
+ try {
+ provider = getKMSURL(provider);
+ } catch (Exception e) {
+ logger.error("deleteKey(" + provider + ", "+ name +") failed", e);
+ }
+ Client c = getClient() ;
+ String deleteRest = KMS_DELETE_KEY_URI.replaceAll(Pattern.quote("${alias}"), name);
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ deleteRest = deleteRest.replaceAll(Pattern.quote("${userName}"), currentUserLoginId);
+ String uri = provider + (provider.endsWith("/") ? deleteRest : ("/" + deleteRest));
+ WebResource r = c.resource(uri) ;
+ ClientResponse response = r.delete(ClientResponse.class) ;
+ logger.debug("delete RESPONSE: [" + response.toString() + "]") ;
+ if (response.getStatus() == 200) {
+ logger.debug("Alias "+name+" deleted successfully");
+ }
+ }
+
+ public VXKmsKey createKey(String provider, VXKmsKey vXKey){
+ try {
+ provider = getKMSURL(provider);
+ } catch (Exception e) {
+ logger.error("createKey(" + provider + ", "+ vXKey.getName() +") failed", e);
+ }
+ VXKmsKey ret = null ;
+ Client c = getClient() ;
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String createRest = KMS_ADD_KEY_URI.replaceAll(Pattern.quote("${userName}"), currentUserLoginId);
+ String uri = provider + (provider.endsWith("/") ? createRest : ("/" + createRest));
+ WebResource r = c.resource(uri) ;
+ Gson gson = new GsonBuilder().create() ;
+ String jsonString = gson.toJson(vXKey) ;
+ String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString) ;
+ logger.debug("Create RESPONSE: [" + response + "]") ;
+ ret = gson.fromJson(response, VXKmsKey.class) ;
+ return ret ;
+ }
+
+ public VXKmsKey getKey(String provider, String name){
+ try {
+ provider = getKMSURL(provider);
+ } catch (Exception e) {
+ logger.error("getKey(" + provider + ", "+ name +") failed", e);
+ }
+ Client c = getClient() ;
+ String keyRest = KMS_KEY_METADATA_URI.replaceAll(Pattern.quote("${alias}"), name);
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ keyRest = keyRest.replaceAll(Pattern.quote("${userName}"), currentUserLoginId);
+ String uri = provider + (provider.endsWith("/") ? keyRest : ("/" + keyRest));
+ WebResource r = c.resource(uri) ;
+ String response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
+ Gson gson = new GsonBuilder().create() ;
+ logger.debug("RESPONSE: [" + response + "]") ;
+ VXKmsKey key = gson.fromJson(response, VXKmsKey.class) ;
+ return key;
+ }
+
+ private String getKMSURL(String name) throws Exception{
+ String provider = null;
+ RangerService rangerService = null;
+ try {
+ rangerService = svcStore.getServiceByName(name);
+ provider = rangerService.getConfigs().get(KMS_URL_CONFIG);
+ provider = provider.replaceAll("kms://","");
+ provider = provider.replaceAll("http@","http://");
+ } catch(Exception excp) {
+ logger.error("getServiceByName(" + name + ") failed", excp);
+ throw new Exception("getServiceByName(" + name + ") failed", excp);
+ }
+
+ if(rangerService == null || provider == null) {
+ throw new Exception("Provider "+provider+" not found");
+ }
+ return provider;
+ }
+
+ private synchronized Client getClient() {
+ Client ret = null;
+ ClientConfig cc = new DefaultClientConfig();
+ cc.getProperties().put(ClientConfig.PROPERTY_FOLLOW_REDIRECTS, true);
+ ret = Client.create(cc);
+ return ret ;
+ }
+
+ public VXKmsKeyList getFilteredKeyList(HttpServletRequest request, VXKmsKeyList vXKmsKeyList){
+ List<SortField> sortFields = new ArrayList<SortField>();
+ sortFields.add(new SortField(KeySearchFilter.KEY_NAME, KeySearchFilter.KEY_NAME));
+
+ KeySearchFilter filter = getKeySearchFilter(request, sortFields);
+
+ Predicate pred = getPredicate(filter);
+
+ if(pred != null) {
+ CollectionUtils.filter(vXKmsKeyList.getVXKeys(), pred);
+ }
+ return vXKmsKeyList;
+ }
+
+ private Predicate getPredicate(KeySearchFilter filter) {
+ if(filter == null || filter.isEmpty()) {
+ return null;
+ }
+
+ List<Predicate> predicates = new ArrayList<Predicate>();
+
+ addPredicateForKeyName(filter.getParam(KeySearchFilter.KEY_NAME), predicates);
+
+ Predicate ret = CollectionUtils.isEmpty(predicates) ? null : PredicateUtils.allPredicate(predicates);
+
+ return ret;
+ }
+
+ private Predicate addPredicateForKeyName(final String name, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(name)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof VXKmsKey) {
+ VXKmsKey vXKmsKey = (VXKmsKey)object;
+ if(StringUtils.isEmpty(vXKmsKey.getName())) {
+ ret = true;
+ }else{
+ ret = vXKmsKey.getName().contains(name);
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private KeySearchFilter getKeySearchFilter(HttpServletRequest request, List<SortField> sortFields) {
+ if (request == null) {
+ return null;
+ }
+ KeySearchFilter ret = new KeySearchFilter();
+
+ if (MapUtils.isEmpty(request.getParameterMap())) {
+ ret.setParams(new HashMap<String, String>());
+ }
+
+ ret.setParam(KeySearchFilter.KEY_NAME, request.getParameter(KeySearchFilter.KEY_NAME));
+ extractCommonCriteriasForFilter(request, ret, sortFields);
+ return ret;
+ }
+
+ private KeySearchFilter extractCommonCriteriasForFilter(HttpServletRequest request, KeySearchFilter ret, List<SortField> sortFields) {
+ int startIndex = restErrorUtil.parseInt(request.getParameter(KeySearchFilter.START_INDEX), 0,
+ "Invalid value for parameter startIndex", MessageEnums.INVALID_INPUT_DATA, null,
+ KeySearchFilter.START_INDEX);
+ ret.setStartIndex(startIndex);
+
+ int pageSize = restErrorUtil.parseInt(request.getParameter(KeySearchFilter.PAGE_SIZE),
+ configUtil.getDefaultMaxRows(), "Invalid value for parameter pageSize",
+ MessageEnums.INVALID_INPUT_DATA, null, KeySearchFilter.PAGE_SIZE);
+ ret.setMaxRows(pageSize);
+
+ ret.setGetCount(restErrorUtil.parseBoolean(request.getParameter("getCount"), true));
+ String sortBy = restErrorUtil.validateString(request.getParameter(KeySearchFilter.SORT_BY),
+ StringUtil.VALIDATION_ALPHA, "Invalid value for parameter sortBy", MessageEnums.INVALID_INPUT_DATA,
+ null, KeySearchFilter.SORT_BY);
+
+ boolean sortSet = false;
+ if (!StringUtils.isEmpty(sortBy)) {
+ for (SortField sortField : sortFields) {
+ if (sortField.getParamName().equalsIgnoreCase(sortBy)) {
+ ret.setSortBy(sortField.getParamName());
+ String sortType = restErrorUtil.validateString(request.getParameter("sortType"),
+ StringUtil.VALIDATION_ALPHA, "Invalid value for parameter sortType",
+ MessageEnums.INVALID_INPUT_DATA, null, "sortType");
+ ret.setSortType(sortType);
+ sortSet = true;
+ break;
+ }
+ }
+ }
+
+ if (!sortSet && !StringUtils.isEmpty(sortBy)) {
+ logger.info("Invalid or unsupported sortBy field passed. sortBy=" + sortBy, new Throwable());
+ }
+
+ if(ret.getParams() == null) {
+ ret.setParams(new HashMap<String, String>());
+ }
+ return ret;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
index f9eb61b..b97f666 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
@@ -526,11 +526,15 @@ public class AppConstants extends RangerCommonEnums {
* CLASS_TYPE_RANGER_GROUP_PERMISSION is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_GROUP_PERMISSION".
*/
public static final int CLASS_TYPE_RANGER_GROUP_PERMISSION = 1036;
+ /**
+ * CLASS_TYPE_XA_KMS_KEY is an element of enum ClassTypes. Its value is "CLASS_TYPE_XA_KMS_KEY".
+ */
+ public static final int CLASS_TYPE_XA_KMS_KEY = 1037;
/**
* Max value for enum ClassTypes_MAX
*/
- public static final int ClassTypes_MAX = 1036;
+ public static final int ClassTypes_MAX = 1037;
/***************************************************************
* Enum values for Default SortOrder
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java
new file mode 100755
index 0000000..baab333
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java
@@ -0,0 +1,169 @@
+package org.apache.ranger.rest;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.KmsKeyMgr;
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.SearchUtil;
+import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
+import org.apache.ranger.view.VXKmsKey;
+import org.apache.ranger.view.VXKmsKeyList;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
+
+
+@Path("keys")
+@Component
+@Scope("request")
+@RangerAnnotationJSMgrName("KeyMgr")
+@Transactional(propagation = Propagation.REQUIRES_NEW)
+public class XKeyREST {
+ static Logger logger = Logger.getLogger(XKeyREST.class);
+
+ private static String UNAUTHENTICATED_MSG = "Unauthenticated : Please check the premission in the policy for the user";
+
+ @Autowired
+ KmsKeyMgr keyMgr;
+
+ @Autowired
+ SearchUtil searchUtil;
+
+ @Autowired
+ RESTErrorUtil restErrorUtil;
+
+ /**
+ * Implements the traditional search functionalities for Keys
+ *
+ * @param request
+ * @return
+ */
+ @GET
+ @Path("/keys")
+ @Produces({ "application/xml", "application/json" })
+ public VXKmsKeyList searchKeys(@Context HttpServletRequest request, @QueryParam("provider") String provider) {
+ VXKmsKeyList vxKmsKeyList = new VXKmsKeyList();
+ try{
+ vxKmsKeyList = keyMgr.searchKeys(provider);
+ vxKmsKeyList = keyMgr.getFilteredKeyList(request, vxKmsKeyList);
+ }catch(Exception e){
+ e.printStackTrace();
+ handleError(e.getMessage());
+ }
+ return vxKmsKeyList;
+ }
+
+ /**
+ * Implements the Rollover key functionality
+ * @param vXKey
+ * @return
+ */
+ @PUT
+ @Path("/key")
+ @Produces({ "application/xml", "application/json" })
+ public VXKmsKey rolloverKey(@QueryParam("provider") String provider, VXKmsKey vXKey) {
+ VXKmsKey vxKmsKey = new VXKmsKey();
+ try{
+ String name = vXKey.getName();
+ if (name == null || name.isEmpty()) {
+ throw restErrorUtil.createRESTException("Please provide a valid "
+ + "alias.", MessageEnums.INVALID_INPUT_DATA);
+ }
+ vxKmsKey = keyMgr.rolloverKey(provider, vXKey);
+ }catch(Exception e){
+ handleError(e.getMessage());
+ }
+ return vxKmsKey;
+ }
+
+ /**
+ * Implements the delete key functionality
+ * @param name
+ * @param request
+ */
+ @DELETE
+ @Path("/key/{alias}")
+ @Produces({ "application/xml", "application/json" })
+ public void deleteKey(@PathParam("alias") String name, @QueryParam("provider") String provider, @Context HttpServletRequest request) {
+ try{
+ if (name == null || name.isEmpty()) {
+ throw restErrorUtil.createRESTException("Please provide a valid "
+ + "alias.", MessageEnums.INVALID_INPUT_DATA);
+ }
+ keyMgr.deleteKey(provider, name);
+ }catch(Exception e){
+ handleError(e.getMessage());
+ }
+ }
+
+ /**
+ * Implements the create key functionality
+ * @param vXKey
+ * @return
+ */
+ @POST
+ @Path("/key")
+ @Produces({ "application/xml", "application/json" })
+ public VXKmsKey createKey(@QueryParam("provider") String provider, VXKmsKey vXKey) {
+ VXKmsKey vxKmsKey = new VXKmsKey();
+ try{
+ String name = vXKey.getName();
+ if (name == null || name.isEmpty()) {
+ throw restErrorUtil.createRESTException("Please provide a valid "
+ + "alias.", MessageEnums.INVALID_INPUT_DATA);
+ }
+ vxKmsKey = keyMgr.createKey(provider, vXKey);
+ }catch(Exception e){
+ handleError(e.getMessage());
+ }
+ return vxKmsKey;
+ }
+
+ /**
+ *
+ * @param name
+ * @param provider
+ * @return
+ */
+ @GET
+ @Path("/key/{alias}")
+ @Produces({ "application/xml", "application/json" })
+ public VXKmsKey getKey(@PathParam("alias") String name,@QueryParam("provider") String provider){
+ VXKmsKey vxKmsKey = new VXKmsKey();
+ try{
+ if (name == null || name.isEmpty()) {
+ throw restErrorUtil.createRESTException("Please provide a valid "
+ + "alias.", MessageEnums.INVALID_INPUT_DATA);
+ }
+ vxKmsKey = keyMgr.getKey(provider, name);
+ }catch(Exception e){
+ handleError(e.getMessage());
+ }
+ return vxKmsKey;
+ }
+
+ private void handleError(String message) {
+ if(!(message==null) && !(message.isEmpty()) && message.contains("Connection refused")){
+ message = "Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running";
+ }else if(!(message==null) && !(message.isEmpty()) && message.contains("response status of 403")){
+ message = UNAUTHENTICATED_MSG;
+ }else if(!(message==null) && !(message.isEmpty()) && message.contains("response status of 401")){
+ message = UNAUTHENTICATED_MSG;
+ }
+ throw restErrorUtil.createRESTException(message, MessageEnums.ERROR_SYSTEM);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/java/org/apache/ranger/view/VXKmsKey.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXKmsKey.java b/security-admin/src/main/java/org/apache/ranger/view/VXKmsKey.java
new file mode 100755
index 0000000..dc71f13
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXKmsKey.java
@@ -0,0 +1,239 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ package org.apache.ranger.view;
+
+/**
+ * Key
+ *
+ */
+
+import java.util.Map;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.AppConstants;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+public class VXKmsKey extends VXDataObject implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * Name
+ */
+ protected String name;
+ /**
+ * Cipher
+ */
+ protected String cipher;
+ /**
+ * Length
+ */
+ protected int length;
+ /**
+ * Description
+ */
+ protected String description;
+ /**
+ * Version
+ */
+ protected int versions;
+ /**
+ * Material
+ */
+ protected String material;
+ /**
+ * Version Name
+ */
+ protected String versionName;
+
+ /**
+ * Key Created Date
+ */
+ protected Long created;
+
+ /**
+ * Attributes
+ */
+ protected Map<String, String> attributes;
+
+ /**
+ * Default constructor. This will set all the attributes to default value.
+ */
+ public VXKmsKey ( ) {
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the cipher
+ */
+ public String getCipher() {
+ return cipher;
+ }
+
+ /**
+ * @param cipher the cipher to set
+ */
+ public void setCipher(String cipher) {
+ this.cipher = cipher;
+ }
+
+ /**
+ * @return the length
+ */
+ public int getLength() {
+ return length;
+ }
+
+ /**
+ * @param length the length to set
+ */
+ public void setLength(int length) {
+ this.length = length;
+ }
+
+ /**
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * @param description the description to set
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * @return the version
+ */
+ public int getVersions() {
+ return versions;
+ }
+
+ /**
+ * @param version the version to set
+ */
+ public void setVersions(int versions) {
+ this.versions = versions;
+ }
+
+ /**
+ * @return the material
+ */
+ public String getMaterial() {
+ return material;
+ }
+
+ /**
+ * @param material the material to set
+ */
+ public void setMaterial(String material) {
+ this.material = material;
+ }
+
+ /**
+ * @return the versionName
+ */
+ public String getVersionName() {
+ return versionName;
+ }
+
+ /**
+ * @param versionName the versionName to set
+ */
+ public void setVersionName(String versionName) {
+ this.versionName = versionName;
+ }
+
+ /**
+ * @return the created
+ */
+ public Long getCreated() {
+ return created;
+ }
+
+ /**
+ * @param created the created to set
+ */
+ public void setCreated(Long created) {
+ this.created = created;
+ }
+
+ /**
+ * @return the attributes
+ */
+ public Map<String, String> getAttributes() {
+ return attributes;
+ }
+
+ /**
+ * @param attributes the attributes to set
+ */
+ public void setAttributes(Map<String, String> attributes) {
+ this.attributes = attributes;
+ }
+
+ @Override
+ public int getMyClassType( ) {
+ return AppConstants.CLASS_TYPE_XA_KMS_KEY;
+ }
+
+ /**
+ * This return the bean content in string format
+ * @return formatedStr
+ */
+ public String toString( ) {
+ String str = "VXUser={";
+ str += super.toString();
+ str += "name={" + name + "} ";
+ str += "cipher={" + cipher + "} ";
+ str += "length={" + length + "} ";
+ str += "description={" + description + "} ";
+ str += "atrribute={" + attributes + "} ";
+ str += "created={" + created.toString() + "} ";
+ str += "version={" + versions + "} ";
+ str += "material={" + material + "} ";
+ str += "versionName={" + versionName + "} ";
+ str += "}";
+ return str;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/java/org/apache/ranger/view/VXKmsKeyList.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXKmsKeyList.java b/security-admin/src/main/java/org/apache/ranger/view/VXKmsKeyList.java
new file mode 100644
index 0000000..05e96f5
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXKmsKeyList.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ package org.apache.ranger.view;
+
+/**
+ * List wrapper class for VXKey
+ *
+ */
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.view.VList;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class VXKmsKeyList extends VList {
+ private static final long serialVersionUID = 1L;
+ List<VXKmsKey> vXKeys = new ArrayList<VXKmsKey>();
+
+ public VXKmsKeyList() {
+ super();
+ }
+
+ public VXKmsKeyList(List<VXKmsKey> objList) {
+ super(objList);
+ this.vXKeys = objList;
+ }
+
+ /**
+ * @return the vXKeys
+ */
+ public List<VXKmsKey> getVXKeys() {
+ return vXKeys;
+ }
+
+ /**
+ * @param vXKeys
+ * the vXKeys to set
+ */
+ public void setVXKeys(List<VXKmsKey> vXKeys) {
+ this.vXKeys = vXKeys;
+ }
+
+ @Override
+ public int getListSize() {
+ if (vXKeys != null) {
+ return vXKeys.size();
+ }
+ return 0;
+ }
+
+ @Override
+ public List<VXKmsKey> getList() {
+ return vXKeys;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/collection_bases/VXKmsKeyListBase.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/collection_bases/VXKmsKeyListBase.js b/security-admin/src/main/webapp/scripts/collection_bases/VXKmsKeyListBase.js
new file mode 100644
index 0000000..46feaf3
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/collection_bases/VXKmsKeyListBase.js
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var XABaseCollection = require('collections/XABaseCollection');
+ var XAGlobals = require('utils/XAGlobals');
+ var VXKmsKey = require('models/VXKmsKey');
+
+ var VXKmsKeyListBase = XABaseCollection.extend(
+ /** @lends VXKmsKeyListBase.prototype */
+ {
+ url: XAGlobals.baseURL + 'keys/keys',
+
+ model : VXKmsKey,
+
+ /**
+ * VXKmsKeyListBase initialize method
+ * @augments XABaseCollection
+ * @constructs
+ */
+ initialize : function() {
+ this.modelName = 'VXKmsKey';
+ this.modelAttrName = 'vXKeys';
+ this.bindErrorEvents();
+ },
+
+
+ /*************************
+ * Non - CRUD operations
+ *************************/
+
+
+
+ },{
+ // static class members
+ /**
+ * Table Cols to be passed to Backgrid
+ * UI has to use this as base and extend this.
+ *
+ */
+
+ tableCols : {}
+
+ });
+
+ return VXKmsKeyListBase;
+});
+
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/collections/VXKmsKeyList.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/collections/VXKmsKeyList.js b/security-admin/src/main/webapp/scripts/collections/VXKmsKeyList.js
new file mode 100644
index 0000000..7b4e59d
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/collections/VXKmsKeyList.js
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var VXKmsKeyListBase = require('collection_bases/VXKmsKeyListBase');
+
+ var VXKmsKeyList = VXKmsKeyListBase.extend(
+ /** @lends VXKmsKeyList.prototype */
+ {
+ },{
+ // static class members
+ });
+
+ return VXKmsKeyList;
+});
+
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/controllers/Controller.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/controllers/Controller.js b/security-admin/src/main/webapp/scripts/controllers/Controller.js
index a329dad..df820e5 100644
--- a/security-admin/src/main/webapp/scripts/controllers/Controller.js
+++ b/security-admin/src/main/webapp/scripts/controllers/Controller.js
@@ -391,6 +391,43 @@ define(function(require) {
location.hash = XALinks.get('UserProfile').href;
}
},
+ /************** KMS *********************/
+ kmsManagerAction :function(kmsManagePage, kmsServiceName){
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.KMS.value });
+ var view = require('views/kms/KMSTableLayout');
+ var KmsKeyList = require('collections/VXKmsKeyList');
+ App.rContent.show(new view({
+ collection : new KmsKeyList(),
+ kmsServiceName : kmsServiceName,
+ kmsManagePage : kmsManagePage
+ }));
+ },
+ kmsKeyCreateAction : function(kmsServiceName){
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.KMS.value });
+ var view = require('views/kms/KmsKeyCreate');
+ var KmsKey = require('models/VXKmsKey');
+
+ App.rContent.show(new view({
+ model : new KmsKey(),
+ kmsServiceName : kmsServiceName
+ }));
+ },
+ kmsKeyEditAction : function(kmsServiceName, keyName){
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.KMS.value });
+ var view = require('views/kms/KmsKeyCreate');
+ var VXKmsKey = require('models/VXKmsKey');
+ var kmsKeyModel = new VXKmsKey({'name' : keyName});
+ var data = {'provider': kmsServiceName}
+ kmsKeyModel.fetch({
+ cache : true,
+ data : data
+ }).done(function(){
+ App.rContent.show(new view({
+ model : kmsKeyModel,
+ kmsServiceName : kmsServiceName
+ }));
+ });
+ },
/**************** ERROR PAGE ******************************/
pageNotFoundAction : function() {
var XAUtils = require('utils/XAUtils');
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/model_bases/VXKmsKeyBase.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/model_bases/VXKmsKeyBase.js b/security-admin/src/main/webapp/scripts/model_bases/VXKmsKeyBase.js
new file mode 100644
index 0000000..9e431a0
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/model_bases/VXKmsKeyBase.js
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var XABaseModel = require('models/XABaseModel');
+ var XAGlobals = require('utils/XAGlobals');
+
+ var VXKmsKeyBase = XABaseModel.extend(
+ /** @lends VXKmsKeyBase.prototype */
+ {
+ urlRoot: XAGlobals.baseURL + 'keys/key',
+
+ defaults: {},
+
+ serverSchema : {
+ "id" : {
+ "dataType" : "Long"
+ },
+ "version" : {
+ "dataType" : "int"
+ },
+ "createDate" : {
+ "dataType" : "Date"
+ },
+ "updateDate" : {
+ "dataType" : "Date"
+ },
+ "permList" : {
+ "dataType" : "list",
+ "listType" : "VNameValue"
+ },
+ "forUserId" : {
+ "dataType" : "Long"
+ },
+ "status" : {
+ "dataType" : "int"
+ },
+ "priGrpId" : {
+ "dataType" : "Long"
+ },
+ "updatedBy" : {
+ "dataType" : "String"
+ },
+ "isSystem" : {
+ "dataType" : "boolean"
+ },
+ "name" : {
+ "dataType" : "String"
+ },
+ "description" : {
+ "dataType" : "String"
+ },
+ "groupType" : {
+ "dataType" : "int"
+ },
+ "credStoreId" : {
+ "dataType" : "Long"
+ }
+ },
+
+
+ idAttribute: 'name',
+
+ /**
+ * VXKmsKeyBase initialize method
+ * @augments XABaseModel
+ * @constructs
+ */
+ initialize: function() {
+ this.modelName = 'VXKmsKeyBase';
+ },
+ getKmsKeyURL: function(keyName, serviceName) {
+ return this.urlRoot + "/"+keyName;
+ },
+
+ }, {
+ // static class members
+ });
+
+ return VXKmsKeyBase;
+
+});
+
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/models/VXKmsKey.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/models/VXKmsKey.js b/security-admin/src/main/webapp/scripts/models/VXKmsKey.js
new file mode 100644
index 0000000..d7a464c
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/models/VXKmsKey.js
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var VXKmsKeyBase = require('model_bases/VXKmsKeyBase');
+ var localization = require('utils/XALangSupport');
+ var XAEnums = require('utils/XAEnums');
+
+ var VXKmsKey = VXKmsKeyBase.extend(
+ /** @lends VXKmsKey.prototype */
+ {
+ /**
+ * VXKmsKey initialize method
+ * @augments XABaseModel
+ * @constructs
+ */
+ initialize: function() {
+ this.modelName = 'VXKmsKey';
+ this.bindErrorEvents();
+ },
+
+ /** This models toString() */
+ toString : function(){
+ return /*this.get('name')*/;
+ }
+
+ }, {
+ // static class members
+ });
+
+ return VXKmsKey;
+
+});
+
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/modules/XALinks.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/XALinks.js b/security-admin/src/main/webapp/scripts/modules/XALinks.js
index 1c8ec93..747b6e6 100644
--- a/security-admin/src/main/webapp/scripts/modules/XALinks.js
+++ b/security-admin/src/main/webapp/scripts/modules/XALinks.js
@@ -64,10 +64,25 @@ define(function(require) {
text : 'h.usersOrGroups',
title: 'h.usersOrGroups'
},
- Configs: {
- href : '#!/configs',
- text : 'h.configs',
- title: 'h.configs'
+ Kms : {
+ href : '#!/kms/keys',
+ text : 'h.kms',
+ title: 'h.kms'
+ },
+ KmsKeyCreate : {
+ href : '#!/kms/keys/create',
+ text : 'h.keyCreate',
+ title: 'h.keyCreate'
+ },
+ KmsKeyEdit : {
+ href : 'javascript:void(0);',
+ text : 'h.keyEdit',
+ title: 'h.keyEdit'
+ },
+ KmsKeyForService : {
+ href : 'javascrit:;',
+ text : 'KMS_TEST1',
+ title: 'KMS_TEST1'
},
ManageTables: {
href : '#!/managetables',
@@ -284,6 +299,17 @@ define(function(require) {
title: options.model.get('module')
};
},
+ KmsServiceForKey : function(options) {
+ var href = "javascript:void(0);";
+ if(_.has(options,'kmsServiceDefModel') && _.has(options,'kmsService')){
+ href = '#!/service/'+options.kmsServiceDefModel.id+"/edit/"+options.kmsService.id;
+ }
+ return {
+ href : href,
+ text : options.kmsService.get('name'),
+ title: options.kmsService.get('name')
+ };
+ }
};
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index fa475b3..9eae73c 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -214,7 +214,15 @@ define(function(require) {
isVisible : 'Visible',
delegatedAdmin : 'Delegate Admin',
policyId : 'Policy ID',
- moduleName : 'Module Name'
+ moduleName : 'Module Name',
+ keyManagement : 'Key Management',
+ addNewKey : 'Add New Key',
+ keyName : 'Key Name',
+ cipher : 'Cipher',
+ length : 'Length',
+ version : 'Version',
+ attributes : 'Attributes',
+ material : 'Material'
},
btn : {
add : 'Add',
@@ -274,7 +282,11 @@ define(function(require) {
searchForYourGroup :"Search for your groups...",
access : 'Access',
policyCondition : 'Policy Condtions',
- permissions : 'Permissions'
+ permissions : 'Permissions',
+ kms : 'KMS',
+ keyCreate : 'Key Create',
+ keyEdit : 'Key Edit',
+ searchForKeys :"Search for your keys...",
},
@@ -303,6 +315,7 @@ define(function(require) {
repoDoesNotExistAnymore : 'Repository does not exist anymore..',
policyDisabledMsg : 'This policy is currently in disabled state.',
noRecordsFound : 'No Records Found',
+ keyDeleteMsg : 'Key deleted successfully'
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/routers/Router.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/routers/Router.js b/security-admin/src/main/webapp/scripts/routers/Router.js
index 70943a1..e706cdf 100644
--- a/security-admin/src/main/webapp/scripts/routers/Router.js
+++ b/security-admin/src/main/webapp/scripts/routers/Router.js
@@ -59,9 +59,15 @@ function(Backbone, Marionette, localization, MAppState, XAUtil){
"!/service/:serviceId/policies/:id/edit": "RangerPolicyEditAction",
/************PERMISSIONS VIEWS *****************************************/
- "!/permissions": "modulePermissionsAction",
- "!/permissions/:id/edit" : "modulePermissionEditAction",
- /*************** ERROR PAGE ****************************************/
+ "!/permissions" : "modulePermissionsAction",
+ "!/permissions/:id/edit" : "modulePermissionEditAction",
+
+ /************ KMS ***************************/
+ "!/kms/keys/:isService/manage/:serviceName" : "kmsManagerAction",
+ "!/kms/keys/:serviceName/create" : "kmsKeyCreateAction",
+ "!/kms/keys/:serviceName/edit/:id" : "kmsKeyEditAction",
+
+ /*************** ERROR PAGE ***********************/
"*actions" : "pageNotFoundAction"
},
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
index ee8c90d..f772e3c 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
@@ -46,13 +46,11 @@ define(function(require){
Dashboard : { value:1, valStr: 'Dashboard'},
PolicyManager : { value:2, valStr: 'Policy'},
Users : { value:3, valStr: 'Users'},
-// Reports : { value:4, valStr: 'Reports'},
- Config : { value:5, valStr: 'Config'},
- Assets : { value:6, valStr: 'Assets'},
- Analytics : { value:7, valStr: 'Analytics'},
- Audit : { value:8, valStr: 'Analytics'},
- Permissions : { value:9, valStr:'Permissions'},
- None : { value:10, valStr: 'None'}
+ Analytics : { value:4, valStr: 'Analytics'},
+ Audit : { value:5, valStr: 'Audit'},
+ Permissions : { value:6, valStr:'Permissions'},
+ KMS : { value:7, valStr: 'KMS'},
+ None : { value:8, valStr: 'None'}
};
XAGlobals.BooleanValue = {