You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2018/04/04 06:20:15 UTC
ranger git commit: RANGER-2039: Allow access to Audit tab for all
users of role Keyadmin and KMS Auditor
Repository: ranger
Updated Branches:
refs/heads/master cafe7aee0 -> 57e01bab6
RANGER-2039: Allow access to Audit tab for all users of role Keyadmin and KMS Auditor
Signed-off-by: pradeep <pr...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/57e01bab
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/57e01bab
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/57e01bab
Branch: refs/heads/master
Commit: 57e01bab63a5d4972886954399e8e4fc240d4431
Parents: cafe7ae
Author: fatimaawez <fa...@gmail.com>
Authored: Mon Apr 2 12:20:39 2018 +0530
Committer: pradeep <pr...@apache.org>
Committed: Wed Apr 4 11:49:45 2018 +0530
----------------------------------------------------------------------
.../optimized/current/ranger_core_db_mysql.sql | 1 +
.../optimized/current/ranger_core_db_oracle.sql | 1 +
.../current/ranger_core_db_postgres.sql | 1 +
.../current/ranger_core_db_sqlanywhere.sql | 2 +
.../current/ranger_core_db_sqlserver.sql | 1 +
.../java/org/apache/ranger/biz/XUserMgr.java | 25 ++--
...rantAuditPermissionToKeyRoleUser_J10014.java | 142 +++++++++++++++++++
7 files changed, 162 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/57e01bab/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 51ba599..23c3562 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1375,4 +1375,5 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10011',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10012',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10013',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10014',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
http://git-wip-us.apache.org/repos/asf/ranger/blob/57e01bab/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 54228e9..eb12d56 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -1351,5 +1351,6 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10011',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10012',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10013',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10014',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
commit;
http://git-wip-us.apache.org/repos/asf/ranger/blob/57e01bab/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index 8de469f..f60ad5c 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1464,6 +1464,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10011',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10012',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10013',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10014',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
DROP VIEW IF EXISTS vx_trx_log;
http://git-wip-us.apache.org/repos/asf/ranger/blob/57e01bab/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 594ee8a..91f7b7a 100644
--- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -1650,6 +1650,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10013',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10014',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
exit
http://git-wip-us.apache.org/repos/asf/ranger/blob/57e01bab/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index f8591a3..28c89dc 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -3131,6 +3131,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10011',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10012',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10013',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10014',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
CREATE VIEW [dbo].[vx_trx_log] AS
http://git-wip-us.apache.org/repos/asf/ranger/blob/57e01bab/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index b3d3e96..7f5eab7 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -253,21 +253,24 @@ public class XUserMgr extends XUserMgrBase {
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_USER_GROUPS), isCreate);
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_TAG_BASED_POLICIES), isCreate);
} else if (role.equals(RangerConstants.ROLE_KEY_ADMIN)) {
-
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_USER_GROUPS),isCreate);
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER), isCreate);
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
- } else if (role.equals(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_REPORTS),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES),isCreate);
- } else if (role.equals(RangerConstants.ROLE_ADMIN_AUDITOR)) {
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_REPORTS),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_AUDIT),isCreate);
+ } else if (role.equals(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate);
createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_USER_GROUPS),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_TAG_BASED_POLICIES),isCreate);
- createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerAPIMapping.TAB_PERMISSIONS),isCreate);
+ createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER),isCreate);
+ createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_REPORTS),isCreate);
+ createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES),isCreate);
+ } else if (role.equals(RangerConstants.ROLE_ADMIN_AUDITOR)) {
+ createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_REPORTS),isCreate);
+ createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES),isCreate);
+ createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_AUDIT),isCreate);
+ createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_USER_GROUPS),isCreate);
+ createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerConstants.MODULE_TAG_BASED_POLICIES),isCreate);
+ createOrUpdateUserPermisson(vXPortalUser,moduleNameId.get(RangerAPIMapping.TAB_PERMISSIONS),isCreate);
}
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/57e01bab/security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
new file mode 100644
index 0000000..5d3b180
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
@@ -0,0 +1,142 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.List;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXModuleDef;
+import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.service.XPortalUserService;
+import org.apache.ranger.biz.XUserMgr;
+import org.apache.ranger.common.RangerConstants;
+import org.apache.ranger.util.CLIUtil;
+import org.apache.ranger.view.VXPortalUser;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PatchGrantAuditPermissionToKeyRoleUser_J10014 extends BaseLoader {
+ private static final Logger logger = Logger
+ .getLogger(PatchGrantAuditPermissionToKeyRoleUser_J10014.class);
+
+ @Autowired
+ XUserMgr xUserMgr;
+
+ @Autowired
+ XPortalUserService xPortalUserService;
+
+ @Autowired
+ RangerDaoManager daoManager;
+
+ public static void main(String[] args) {
+ logger.info("main()");
+ try {
+ PatchGrantAuditPermissionToKeyRoleUser_J10014 loader = (PatchGrantAuditPermissionToKeyRoleUser_J10014) CLIUtil
+ .getBean(PatchGrantAuditPermissionToKeyRoleUser_J10014.class);
+
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting!!!");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==>Starting : PatchGrantAuditPermissionToKeyRoleUser.execLoad()");
+ assignAuditAndUserGroupPermissionToKeyAdminRoleUser();
+
+ logger.info("<==Completed : PatchGrantAuditPermissionToKeyRoleUser.execLoad()");
+ }
+
+ private void assignAuditAndUserGroupPermissionToKeyAdminRoleUser() {
+ try {
+ int countUserPermissionUpdated = 0;
+ XXModuleDef xAuditModDef = daoManager.getXXModuleDef()
+ .findByModuleName(RangerConstants.MODULE_AUDIT);
+ XXModuleDef xUserGrpModDef = daoManager.getXXModuleDef()
+ .findByModuleName(RangerConstants.MODULE_USER_GROUPS);
+ logger.warn("Audit Module Object : " + xAuditModDef);
+ logger.warn("USer Group Module Object : " + xUserGrpModDef);
+ if (xAuditModDef == null && xUserGrpModDef == null) {
+ logger.warn("Audit Module and User Group module not found");
+ return;
+ }
+ List<XXPortalUser> allKeyAdminUsers = daoManager.getXXPortalUser()
+ .findByRole(RangerConstants.ROLE_KEY_ADMIN);
+ if (!CollectionUtils.isEmpty(allKeyAdminUsers)) {
+ for (XXPortalUser xPortalUser : allKeyAdminUsers) {
+ boolean isUserUpdated = false;
+ VXPortalUser vPortalUser = xPortalUserService
+ .populateViewBean(xPortalUser);
+ if (vPortalUser != null) {
+ vPortalUser.setUserRoleList(daoManager
+ .getXXPortalUserRole()
+ .findXPortalUserRolebyXPortalUserId(
+ vPortalUser.getId()));
+ if (xAuditModDef != null) {
+ xUserMgr.createOrUpdateUserPermisson(vPortalUser,
+ xAuditModDef.getId(), true);
+ isUserUpdated = true;
+ logger.info("Added '" + xAuditModDef.getModule()
+ + "' permission to user '"
+ + xPortalUser.getLoginId() + "'");
+ }
+ if (xUserGrpModDef != null) {
+ xUserMgr.createOrUpdateUserPermisson(vPortalUser,
+ xUserGrpModDef.getId(), true);
+ isUserUpdated = true;
+ logger.info("Added '" + xUserGrpModDef.getModule()
+ + "' permission to user '"
+ + xPortalUser.getLoginId() + "'");
+ }
+ if (isUserUpdated) {
+ countUserPermissionUpdated += 1;
+ }
+
+ }
+ }
+
+ logger.info(countUserPermissionUpdated
+ + " permissions were assigned");
+ } else {
+ logger.info("There are no user with Key Admin role");
+ }
+ } catch (Exception ex) {
+ logger.error("Error while granting Audit and User group permission ",ex);
+ }
+ }
+
+
+
+ @Override
+ public void printStats() {
+ }
+}
\ No newline at end of file