You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2015/04/18 05:24:44 UTC
incubator-ranger git commit: RANGER-407: Policy Creation should set both Delegate Admin and Admin permission for Hbase when Admin Permission is true during policy creation

Repository: incubator-ranger
Updated Branches:
  refs/heads/master c7727f571 -> 80c289370


RANGER-407: Policy Creation should set both Delegate Admin and Admin permission for Hbase when Admin Permission is true during policy creation


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/80c28937
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/80c28937
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/80c28937

Branch: refs/heads/master
Commit: 80c28937043f5b7a5ca26c9d168fb07a7c0ea5df
Parents: c7727f5
Author: rmani <rm...@hortonworks.com>
Authored: Fri Apr 17 20:24:26 2015 -0700
Committer: rmani <rm...@hortonworks.com>
Committed: Fri Apr 17 20:24:26 2015 -0700

----------------------------------------------------------------------
 .../org/apache/ranger/common/ServiceUtil.java   | 81 ++++++++++++++------
 1 file changed, 56 insertions(+), 25 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/80c28937/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
index e883e1d..3c48e4c 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
@@ -68,6 +68,7 @@ public class ServiceUtil {
 	static Map<String, Integer> mapAccessTypeToPermType   = new HashMap<String, Integer>();
 	static String version;
 	static String uniqueKeySeparator;
+	static int	  assetType;
 	
 	@Autowired
 	JSONUtil jsonUtil;
@@ -90,22 +91,22 @@ public class ServiceUtil {
 
 		mapAccessTypeToPermType.put("Unknown", 0);
 		mapAccessTypeToPermType.put("Reset", 1);
-		mapAccessTypeToPermType.put("Read", 2);
-		mapAccessTypeToPermType.put("Write", 3);
-		mapAccessTypeToPermType.put("Create", 4);
-		mapAccessTypeToPermType.put("Delete", 5);
-		mapAccessTypeToPermType.put("Admin", 6);
+		mapAccessTypeToPermType.put("read", 2);
+		mapAccessTypeToPermType.put("write", 3);
+		mapAccessTypeToPermType.put("create", 4);
+		mapAccessTypeToPermType.put("delete", 5);
+		mapAccessTypeToPermType.put("admin", 6);
 		mapAccessTypeToPermType.put("Obfuscate", 7);
 		mapAccessTypeToPermType.put("Mask", 8);
-		mapAccessTypeToPermType.put("Execute", 9);
-		mapAccessTypeToPermType.put("Select", 10);
-		mapAccessTypeToPermType.put("Update", 11);
-		mapAccessTypeToPermType.put("Drop", 12);
-		mapAccessTypeToPermType.put("Alter", 13);
-		mapAccessTypeToPermType.put("Index", 14);
-		mapAccessTypeToPermType.put("Lock", 15);
-		mapAccessTypeToPermType.put("All", 16);
-		mapAccessTypeToPermType.put("Allow", 17);
+		mapAccessTypeToPermType.put("execute", 9);
+		mapAccessTypeToPermType.put("select", 10);
+		mapAccessTypeToPermType.put("update", 11);
+		mapAccessTypeToPermType.put("drop", 12);
+		mapAccessTypeToPermType.put("alter", 13);
+		mapAccessTypeToPermType.put("index", 14);
+		mapAccessTypeToPermType.put("lock", 15);
+		mapAccessTypeToPermType.put("all", 16);
+		mapAccessTypeToPermType.put("allow", 17);
 		mapAccessTypeToPermType.put("submitTopology", 18);
 		mapAccessTypeToPermType.put("fileUpload", 19);
 		mapAccessTypeToPermType.put("getNimbusConf", 20);
@@ -218,6 +219,8 @@ public class ServiceUtil {
 			}
 		}
 
+		assetType = getAssetType(service,ret.getService());
+
 		for (Entry<String, List<VXPermMap>> entry : sortedPermMap.entrySet()) {
 			List<String>                 userList   = new ArrayList<String>();
 			List<String>                 groupList  = new ArrayList<String>();
@@ -245,6 +248,9 @@ public class ServiceUtil {
 				
 				if(StringUtils.equalsIgnoreCase(accessType, "Admin")) {
 					policyItem.setDelegateAdmin(Boolean.TRUE);
+					if ( assetType == RangerCommonEnums.ASSET_HBASE) {
+						accessList.add(new RangerPolicyItemAccess(accessType));
+					}
 				} else {
 					accessList.add(new RangerPolicyItemAccess(accessType));
 				}
@@ -368,12 +374,15 @@ public class ServiceUtil {
 	}
 
 	public static Integer toAssetType(String serviceType) {
-		
-		if(serviceType == null) {
-			return null;
+		Integer ret = null;
+
+		if(serviceType != null) {
+			ret = mapServiceTypeToAssetType.get(serviceType.toLowerCase());
+		}
+
+		if(ret == null) {
+			ret = new Integer(-1);
 		}
-		
-		Integer ret = mapServiceTypeToAssetType.get(serviceType.toLowerCase());
 
 		return ret;
 	}
@@ -1026,7 +1035,8 @@ public class ServiceUtil {
 		if (vXPolicy.getServices() != null) {
 			toRangerResourceList(vXPolicy.getServices(), "service", Boolean.FALSE, isRecursive, ret.getResources());
 		}  
-		
+
+		assetType = getAssetType(service,ret.getService());
 		
 		if ( vXPolicy.getPermMapList() != null) {
 			List<VXPermObj> vXPermObjList = vXPolicy.getPermMapList();
@@ -1059,7 +1069,9 @@ public class ServiceUtil {
 						if ( AppConstants.getEnumFor_XAPermType(perm) != 0 ) {
 							if (perm.equalsIgnoreCase("Admin")) {
 								delegatedAdmin=true;
-								continue;
+								if ( assetType != RangerCommonEnums.ASSET_HBASE) {
+									continue;
+								}
 							}
 							accessList.add(new RangerPolicyItemAccess(perm));
 						}
@@ -1181,9 +1193,9 @@ public class ServiceUtil {
 			
 			ret.setReplaceExistingPermissions(toBooleanReplacePerm(vXPolicy.isReplacePerm()));
 		
-			int assertType =  toAssetType(serviceType);
+			int assetType =  toAssetType(serviceType);
 			
-			if (assertType == RangerCommonEnums.ASSET_HIVE) {
+			if (assetType == RangerCommonEnums.ASSET_HIVE) {
 				
 				String database = StringUtils.isEmpty(vXPolicy.getDatabases()) ? "*" : vXPolicy.getDatabases();
 				String table    = getTableOrUdf(vXPolicy);
@@ -1195,7 +1207,7 @@ public class ServiceUtil {
 				mapResource.put("column", column);
 				ret.setResource(mapResource);
 			}
-			else if ( assertType == RangerCommonEnums.ASSET_HBASE) {
+			else if ( assetType == RangerCommonEnums.ASSET_HBASE) {
 				
 				String tableName = vXPolicy.getTables();
 					   tableName = StringUtil.isEmpty(tableName) ? "*" : tableName;
@@ -1241,7 +1253,9 @@ public class ServiceUtil {
 							if ( AppConstants.getEnumFor_XAPermType(perm) != 0 ) {
 								if (perm.equalsIgnoreCase("Admin")) {
 									delegatedAdmin=true;
-									continue;
+									if ( assetType != RangerCommonEnums.ASSET_HBASE) {
+										continue;
+									}
 								}
 								ret.getAccessTypes().add(perm);
 							}
@@ -1378,5 +1392,22 @@ public class ServiceUtil {
 		}
 		return ret;
 	}
+
+	private Integer getAssetType(RangerService service, String serviceName) {
+		if(service == null || StringUtils.isEmpty(service.getType())) {
+			try {
+				service = svcStore.getServiceByName(serviceName);
+			} catch (Exception e) {
+				  LOG.info( HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName:" + serviceName ); 
+				  throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, e.getMessage() + serviceName, true);
+			}
+		}
+		
+		String serviceType = service != null ? service.getType() : null;
+
+		Integer assetType = toAssetType(serviceType);
+		 
+		return assetType;
+	}
 }