You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2017/08/22 04:39:32 UTC
[2/2] ranger git commit: RANGER-1676: Policy Details popup from
Access audit page not displaying details of masking policy.
RANGER-1676: Policy Details popup from Access audit page not displaying details of masking policy.
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/d4cf1226
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/d4cf1226
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/d4cf1226
Branch: refs/heads/master
Commit: d4cf1226427e8c49e63a751f4fe8bada565f64d1
Parents: f6d4f11
Author: Nitin Galave <ni...@gmail.com>
Authored: Mon Aug 21 14:56:45 2017 +0530
Committer: Mehul Parikh <me...@apache.org>
Committed: Tue Aug 22 10:08:59 2017 +0530
----------------------------------------------------------------------
.../ranger/plugin/model/RangerPolicy.java | 10 +++
.../ranger/service/RangerDataHistService.java | 10 +++
.../scripts/modules/globalize/message/en.js | 6 +-
.../scripts/views/policies/RangerPolicyRO.js | 53 +++++++++++++--
.../webapp/scripts/views/reports/AuditLayout.js | 63 +++++++++---------
.../templates/policies/RangerPolicyRO_tmpl.html | 68 ++++++++++++++++----
6 files changed, 157 insertions(+), 53 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/d4cf1226/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
index 19475aa..60daed9 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
@@ -70,6 +70,7 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
private List<RangerPolicyItem> denyExceptions;
private List<RangerDataMaskPolicyItem> dataMaskPolicyItems;
private List<RangerRowFilterPolicyItem> rowFilterPolicyItems;
+ private String serviceType;
/**
@@ -211,6 +212,14 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
this.isAuditEnabled = isAuditEnabled == null ? Boolean.TRUE : isAuditEnabled;
}
+ public String getServiceType() {
+ return serviceType;
+ }
+
+ public void setServiceType(String serviceType) {
+ this.serviceType = serviceType;
+ }
+
/**
* @return the resources
*/
@@ -403,6 +412,7 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
sb.append("description={").append(description).append("} ");
sb.append("resourceSignature={").append(resourceSignature).append("} ");
sb.append("isAuditEnabled={").append(isAuditEnabled).append("} ");
+ sb.append("serviceType={").append(serviceType).append("} ");
sb.append("resources={");
if(resources != null) {
http://git-wip-us.apache.org/repos/asf/ranger/blob/d4cf1226/security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java
index e94bad4..a96d648 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java
@@ -26,6 +26,8 @@ import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXDataHist;
+import org.apache.ranger.entity.XXService;
+import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.plugin.model.RangerBaseModelObject;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
@@ -92,6 +94,14 @@ public class RangerDataHistService {
RangerPolicy policy = (RangerPolicy) baseModelObj;
objectName = policy.getName();
classType = AppConstants.CLASS_TYPE_RANGER_POLICY;
+ XXService xXService = daoMgr.getXXService().findByName(policy.getService());
+ XXServiceDef xxServiceDef = null;
+ if(xXService != null){
+ xxServiceDef = daoMgr.getXXServiceDef().getById(xXService.getType());
+ }
+ if(xxServiceDef != null){
+ policy.setServiceType(xxServiceDef.getName());
+ }
content = writeObjectAsString(policy);
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/d4cf1226/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index d5f9fef..73b4cd3 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -208,8 +208,6 @@ define(function(require) {
selectTopologyName : 'Select Topology Name',
selectServiceName : 'Select Service Name',
topologyName : 'Topology Name',
- serivceName : 'Service Name',
- serivceType : 'Service Type',
ipAddress : 'IP Address',
isVisible : 'Visible',
delegatedAdmin : 'Delegate Admin',
@@ -242,8 +240,8 @@ define(function(require) {
selectAndAddGroup : 'Select and Add Group',
download : 'Download',
lastUpdate : 'Last Update',
- modules : 'Modules',
- clusterName : 'Cluster Name'
+ modules : 'Modules',
+ clusterName : 'Cluster Name'
},
btn : {
add : 'Add',
http://git-wip-us.apache.org/repos/asf/ranger/blob/d4cf1226/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js
index 0d8e3df..3011f1e 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js
@@ -35,8 +35,17 @@ define(function(require) {
template: RangerPolicyROTmpl,
templateHelpers: function() {
+ var isDelegatAdminChk;
+ if(this.policyDetails.serviceType !== XAEnums.ServiceType.SERVICE_TAG.label
+ && !XAUtils.isMaskingPolicy(this.policy.get('policyType'))
+ && !XAUtils.isRowFilterPolicy(this.policy.get('policyType'))) {
+ isDelegatAdminChk = true;
+ } else {
+ isDelegatAdminChk = false;
+ }
return {
PolicyDetails: this.policyDetails,
+ isDelegatAdmin: isDelegatAdminChk
};
},
breadCrumbs: [],
@@ -79,6 +88,12 @@ define(function(require) {
},
initializePolicyDetailsObj : function(){
+ // In this.policy service type is undefined then we take repotype.
+ if(_.isUndefined(this.policy.get('serviceType'))){
+ this.serviceDef = this.serviceDefList.findWhere({'id' : this.repoType})
+ }else{
+ this.serviceDef = this.serviceDefList.findWhere({'name':this.policy.get('serviceType')});
+ }
var self = this;
var details = this.policyDetails = {};
details.id = this.policy.get('id');
@@ -109,6 +124,18 @@ define(function(require) {
perm.allowException = this.policy.get('allowExceptions');
perm.denyPolicyItems = this.policy.get('denyPolicyItems');
perm.denyExceptions = this.policy.get('denyExceptions');
+ if(this.policy.get('dataMaskPolicyItems')){
+ _.each(this.policy.get('dataMaskPolicyItems'), function(mask){
+ var maskingInfo = _.find(self.serviceDef.get("dataMaskDef").maskTypes, function(m){
+ return m.name == mask.dataMaskInfo.dataMaskType;
+ });
+ if(maskingInfo){
+ _.extend(mask.dataMaskInfo , _.pick(maskingInfo, 'label'));
+ }
+ })
+ perm.maskingPolicy = this.policy.get('dataMaskPolicyItems');
+ }
+ perm.rowLevelPolicy = this.policy.get('rowFilterPolicyItems');
details.createdBy = this.policy.get('createdBy');
details.createTime = Globalize.format(new Date(this.policy.get('createTime')), "MM/dd/yyyy hh:mm tt");
details.updatedBy = this.policy.get('updatedBy');
@@ -124,7 +151,9 @@ define(function(require) {
var items = [{'itemName': 'policyItems',title : 'Allow Condition'},
{'itemName': 'allowExceptions',title : 'Exclude from Allow Conditions'},
{'itemName': 'denyPolicyItems',title : 'Deny Condition'},
- {'itemName': 'denyExceptions',title : 'Exclude from Deny Conditions'},]
+ {'itemName': 'denyExceptions',title : 'Exclude from Deny Conditions'},
+ {'itemName': 'dataMaskPolicyItems',title : 'Masking Conditions'},
+ {'itemName': 'rowFilterPolicyItems',title : 'Row Level Conditions'}]
_.each(items, function(item){
if(!_.isUndefined(this.policy.get(item.itemName)) && !_.isEmpty(this.policy.get(item.itemName))){
this.policyDetails['policyItemsCond'].push({ title : item.title, headers : headers.header, policyItems : this.policy.get(item.itemName)})
@@ -145,9 +174,23 @@ define(function(require) {
getPermHeaders : function(){
var permList = [],
- policyCondition = false;
- permList.unshift(localization.tt('lbl.delegatedAdmin'));
- permList.unshift(localization.tt('lbl.permissions'));
+ policyCondition = false;
+ if(this.policyDetails.serviceType !== XAEnums.ServiceType.SERVICE_TAG.label
+ && !XAUtils.isMaskingPolicy(this.policy.get('policyType'))
+ && !XAUtils.isRowFilterPolicy(this.policy.get('policyType'))){
+ permList.unshift(localization.tt('lbl.delegatedAdmin'));
+ }
+ if(XAUtils.isRowFilterPolicy(this.policy.get('policyType'))){
+ permList.unshift(localization.tt('lbl.rowLevelFilter'));
+ }
+ if(XAUtils.isMaskingPolicy(this.policy.get('policyType'))){
+ permList.unshift(localization.tt('lbl.selectMaskingOption'));
+ }
+ if(XAUtils.isRowFilterPolicy(this.policy.get('policyType')) || XAUtils.isMaskingPolicy(this.policy.get('policyType'))){
+ permList.unshift(localization.tt('lbl.accessTypes'));
+ }else{
+ permList.unshift(localization.tt('lbl.permissions'));
+ }
if(!_.isEmpty(this.serviceDef.get('policyConditions'))){
permList.unshift(localization.tt('h.policyCondition'));
policyCondition = true;
@@ -177,6 +220,8 @@ define(function(require) {
},
getPolicyByVersion : function(ver, e){
+ //to support old policy log after updating that policy.
+ this.policy.set('serviceType',undefined);
this.policy.fetchByVersion(ver, {
cache : false,
async : false
http://git-wip-us.apache.org/repos/asf/ranger/blob/d4cf1226/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
index 68be81e..aecaf95 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
@@ -116,14 +116,14 @@ define(function(require) {
this.timezone = date.replace(/^.*GMT.*\(/, "").replace(/\)$/, "");
this.initializeServiceDefColl();
if(_.isUndefined(App.vsHistory)){
- var startDateModel = new Backbone.Model({'category':'Start Date', value:Globalize.format(new Date(),"MM/dd/yyyy")});
- App.vsHistory = {'bigData':[startDateModel], 'admin':[], 'loginSession':[], 'plugin':[],'pluginStatus':[]};
+ var startDateModel = new Backbone.Model({'category':'Start Date', value:Globalize.format(new Date(),"MM/dd/yyyy")});
+ App.vsHistory = {'bigData':[startDateModel], 'admin':[], 'loginSession':[], 'plugin':[],'pluginStatus':[]};
}
},
/** all events binding here */
bindEvents : function() {
- this.listenTo(this.accessAuditList, "sync",this.showTagsAttributes, this);
+ this.listenTo(this.accessAuditList, "sync",this.showTagsAttributes, this);
},
initializeServiceDefColl : function() {
@@ -146,7 +146,7 @@ define(function(require) {
this.addSearchForBigDataTab();
this.modifyTableForSubcolumns();
}
- this.showTagsAttributes();
+ this.showTagsAttributes();
},
modifyTableForSubcolumns : function(){
@@ -190,16 +190,16 @@ define(function(require) {
this.renderBigDataTable();
this.modifyTableForSubcolumns();
this.addSearchForBigDataTab();
- this.listenTo(this.accessAuditList, "request", that.updateLastRefresh);
+ this.listenTo(this.accessAuditList, "request", that.updateLastRefresh);
this.ui.iconSearchInfo.show();
this.showTagsAttributes();
break;
case "#admin":
this.currentTab = '#admin';
- App.vsHistory.admin = XAUtils.removeEmptySearchValue(App.vsHistory.admin);
+ App.vsHistory.admin = XAUtils.removeEmptySearchValue(App.vsHistory.admin);
this.trxLogList = new VXTrxLogList();
this.renderAdminTable();
- if(_.isEmpty(App.vsHistory.admin) && _.isUndefined(App.sessionId)){
+ if(_.isEmpty(App.vsHistory.admin) && _.isUndefined(App.sessionId)){
this.trxLogList.fetch({
cache : false
});
@@ -211,16 +211,16 @@ define(function(require) {
break;
case "#loginSession":
this.currentTab = '#loginSession';
- App.vsHistory.loginSession = XAUtils.removeEmptySearchValue(App.vsHistory.loginSession);
+ App.vsHistory.loginSession = XAUtils.removeEmptySearchValue(App.vsHistory.loginSession);
this.authSessionList = new VXAuthSession();
this.renderLoginSessionTable();
//Setting SortBy as id and sortType as desc = 1
this.authSessionList.setSorting('id',1);
- if(_.isEmpty(App.vsHistory.loginSession)){
- this.authSessionList.fetch({
- cache:false,
- });
- }
+ if(_.isEmpty(App.vsHistory.loginSession)){
+ this.authSessionList.fetch({
+ cache:false,
+ });
+ }
this.addSearchForLoginSessionTab();
this.listenTo(this.authSessionList, "request", that.updateLastRefresh)
this.ui.iconSearchInfo.hide();
@@ -233,12 +233,12 @@ define(function(require) {
var params = { priAcctId : 1 };
that.renderAgentTable();
this.policyExportAuditList.setSorting('createDate',1);
- if(_.isEmpty(App.vsHistory.plugin)){
- this.policyExportAuditList.fetch({
- cache : false,
- data :params
- });
- }
+ if(_.isEmpty(App.vsHistory.plugin)){
+ this.policyExportAuditList.fetch({
+ cache : false,
+ data :params
+ });
+ }
this.addSearchForAgentTab();
this.listenTo(this.policyExportAuditList, "request", that.updateLastRefresh)
this.ui.iconSearchInfo.hide();
@@ -845,19 +845,18 @@ define(function(require) {
Backgrid.Row.prototype.initialize.apply(this, args);
},
onClick: function (e) {
- var self = this;
- if($(e.target).hasClass('tagsColumn') || $(e.target).closest('td').hasClass("tagsColumn")){
- return;
- }
+ var self = this ;
+ if($(e.target).hasClass('tagsColumn') || $(e.target).closest('td').hasClass("tagsColumn")){
+ return;
+ }
+ if(this.model.get('repoType')){
+ var repoType = this.model.get('repoType');
+ }
var policyId = this.model.get('policyId');
if(policyId == -1){
return;
}
- var serviceDef = that.serviceDefList.findWhere({'id':this.model.get('repoType')});
- if(_.isUndefined(serviceDef)){
- return ;
- }
- var eventTime = this.model.get('eventTime');
+ var eventTime = this.model.get('eventTime');
var policy = new RangerPolicy({
id: policyId
@@ -866,17 +865,19 @@ define(function(require) {
var view = new RangerPolicyRO({
policy: policy,
policyVersionList : policyVersionList,
- serviceDef: serviceDef,
- eventTime : eventTime
+ serviceDefList: that.serviceDefList,
+ eventTime : eventTime,
+ repoType : repoType
});
var modal = new Backbone.BootstrapModal({
animate : true,
content : view,
title: localization.tt("h.policyDetails"),
okText :localization.tt("lbl.ok"),
- allowCancel : false,
+ allowCancel : true,
escape : true
}).open();
+ modal.$el.find('.cancel').hide();
var policyVerEl = modal.$el.find('.modal-footer').prepend('<div class="policyVer pull-left"></div>').find('.policyVer');
policyVerEl.append('<i id="preVer" class="icon-chevron-left '+ ((policy.get('version')>1) ? 'active' : '') +'"></i><text>Version '+ policy.get('version') +'</text>').find('#preVer').click(function(e){
view.previousVer(e);
http://git-wip-us.apache.org/repos/asf/ranger/blob/d4cf1226/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html b/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html
index 6ff5329..f298fd0 100644
--- a/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html
+++ b/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html
@@ -17,12 +17,12 @@
<div class="serviceInfo row-fluid">
<div class="pull-left">
<p>
- <strong>{{tt 'lbl.serivceName'}} :</strong> {{PolicyDetails.service}}
+ <strong>{{tt 'lbl.serviceName'}} :</strong> {{PolicyDetails.service}}
</p>
</div>
<div class="pull-right">
<p>
- <strong>{{tt 'lbl.serivceType'}} :</strong> {{PolicyDetails.serviceType}}
+ <strong>{{tt 'lbl.serviceType'}} :</strong> {{PolicyDetails.serviceType}}
</p>
</div>
</div>
@@ -66,9 +66,15 @@
<td>
{{tt 'lbl.description'}}
</td>
- <td>
- {{PolicyDetails.description}}
- </td>
+ {{#ifCond PolicyDetails.description '==' ""}}
+ <td>
+ --
+ </td>
+ {{else}}
+ <td>
+ {{PolicyDetails.description}}
+ </td>
+ {{/ifCond}}
</tr>
{{#if PolicyDetails.isRecursive}}
<tr>
@@ -106,12 +112,24 @@
<tbody>
{{#each this.policyItems}}
<tr>
- <td>{{#each this.groups}}
- <span class="label label-info">{{this}}</span>
- {{/each}}</td>
- <td>{{#each this.users}}
- <span class="label label-info">{{this}}</span>
- {{/each}}</td>
+ <td>
+ {{#if this.groups}}
+ {{#each this.groups}}
+ <span class="label label-info">{{this}}</span>
+ {{/each}}
+ {{else}}
+ --
+ {{/if}}
+ </td>
+ <td>
+ {{#if this.users}}
+ {{#each this.users}}
+ <span class="label label-info">{{this}}</span>
+ {{/each}}
+ {{else}}
+ --
+ {{/if}}
+ </td>
{{#if ../../PolicyDetails.policyCondition}}
<td>
{{#if this.conditions}}
@@ -131,9 +149,31 @@
<td>{{#each this.accesses}}
<span class="label label-info">{{#if this.isAllowed}}{{this.type}}{{/if}}</span>
{{/each}}</td>
- <td>
- <input type="checkbox" {{#if this.delegateAdmin}}checked{{/if}} disabled="disabled">
- </td>
+ {{#if this.dataMaskInfo}}
+ {{#ifCond this.dataMaskInfo.dataMaskType '==' "CUSTOM"}}
+ <td>
+ <span class="label label-info ">{{this.dataMaskInfo.label}} : {{this.dataMaskInfo.valueExpr}} </span>
+ </td>
+ {{else}}
+ <td>
+ <span class="label label-info">{{this.dataMaskInfo.label}}</span>
+ </td>
+ {{/ifCond}}
+ {{/if}}
+ {{#if this.rowFilterInfo}}
+ <td>
+ {{#if this.rowFilterInfo.filterExpr}}
+ <span class="label label-info">{{this.rowFilterInfo.filterExpr}}</span>
+ {{else}}
+ --
+ {{/if}}
+ </td>
+ {{/if}}
+ {{#if ../../isDelegatAdmin}}
+ <td>
+ <input type="checkbox" {{#if this.delegateAdmin}}checked{{/if}} disabled="disabled">
+ </td>
+ {{/if}}
</tr>
{{/each}}
</tbody>