You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2014/09/28 00:34:23 UTC
git commit: ARGUS-85:Avoid duplicate policy creation
Repository: incubator-argus
Updated Branches:
refs/heads/master 548aa516a -> ee6d77c81
ARGUS-85:Avoid duplicate policy creation
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/ee6d77c8
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/ee6d77c8
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/ee6d77c8
Branch: refs/heads/master
Commit: ee6d77c811a75943ca90fea7ccabca316483f19f
Parents: 548aa51
Author: vperiasamy <vp...@hortonworks.com>
Authored: Fri Sep 26 15:43:00 2014 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Sat Sep 27 15:33:57 2014 -0700
----------------------------------------------------------------------
.../main/java/com/xasecure/biz/AssetMgr.java | 18 ++++--
.../com/xasecure/service/XPolicyService.java | 60 ++++++++++++++++----
.../com/xasecure/service/XResourceService.java | 8 ++-
.../scripts/views/hbase/HbasePolicyForm.js | 22 +++++++
.../scripts/views/hive/HivePolicyCreate.js | 24 ++++++--
.../webapp/scripts/views/hive/HivePolicyForm.js | 39 +++++++++++--
.../webapp/scripts/views/knox/KnoxPolicyForm.js | 14 +++++
7 files changed, 159 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/ee6d77c8/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
index 6c8a4c8..55fc3e3 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
@@ -85,6 +85,7 @@ import com.xasecure.service.XAccessAuditService;
import com.xasecure.service.XAuditMapService;
import com.xasecure.service.XGroupService;
import com.xasecure.service.XPermMapService;
+import com.xasecure.service.XPolicyService;
import com.xasecure.service.XTrxLogService;
import com.xasecure.service.XUserService;
import com.xasecure.storm.client.StormClient;
@@ -153,6 +154,9 @@ public class AssetMgr extends AssetMgrBase {
@Qualifier(value = "transactionManager")
PlatformTransactionManager txManager;
+ @Autowired
+ XPolicyService xPolicyService;
+
static Logger logger = Logger.getLogger(AssetMgr.class);
@Override
@@ -1261,9 +1265,11 @@ public class AssetMgr extends AssetMgrBase {
vXResource.setTopologies("*");
vXResource.setServices("*");
vXResource.setName("/*/*");
+ vXResource.setResourceType(AppConstants.RESOURCE_SERVICE_NAME);
} else if (assetType == AppConstants.ASSET_STORM) {
vXResource.setTopologies("*");
vXResource.setName("/*");
+ vXResource.setResourceType(AppConstants.RESOURCE_TOPOLOGY);
}
vXResource = xResourceService.createResource(vXResource);
@@ -1662,7 +1668,8 @@ public class AssetMgr extends AssetMgrBase {
StringBuilder stringBuilder = new StringBuilder();
- int resourceType = vXResource.getResourceType();
+// int resourceType = vXResource.getResourceType();
+ int resourceType = xPolicyService.getResourceType(vXResource);
if (databases == null) {
logger.error("Invalid resources for hive policy.");
@@ -1736,7 +1743,8 @@ public class AssetMgr extends AssetMgrBase {
StringBuilder stringBuilder = new StringBuilder();
- int resourceType = vXResource.getResourceType();
+// int resourceType = vXResource.getResourceType();
+ int resourceType = xPolicyService.getResourceType(vXResource);
if (tables == null) {
logger.error("Invalid resources for hbase policy.");
@@ -1799,7 +1807,8 @@ public class AssetMgr extends AssetMgrBase {
StringBuilder stringBuilder = new StringBuilder();
- int resourceType = vXResource.getResourceType();
+// int resourceType = vXResource.getResourceType();
+ int resourceType = xPolicyService.getResourceType(vXResource);
if (topologies == null) {
logger.error("Invalid resources for knox policy.");
@@ -1852,7 +1861,8 @@ public class AssetMgr extends AssetMgrBase {
StringBuilder stringBuilder = new StringBuilder();
- int resourceType = vXResource.getResourceType();
+// int resourceType = vXResource.getResourceType();
+ int resourceType = xPolicyService.getResourceType(vXResource);
if (topologies == null) {
logger.error("Invalid resources for Storm policy.");
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/ee6d77c8/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/service/XPolicyService.java b/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
index 4fcd90e..f48fdd2 100644
--- a/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
+++ b/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
@@ -51,6 +51,7 @@ import com.xasecure.entity.XXResource;
import com.xasecure.entity.XXUser;
import com.xasecure.view.VXAuditMap;
import com.xasecure.view.VXAuditMapList;
+import com.xasecure.view.VXDataObject;
import com.xasecure.view.VXPermMap;
import com.xasecure.view.VXPermMapList;
import com.xasecure.view.VXPermObj;
@@ -689,33 +690,70 @@ public class XPolicyService extends PublicAPIServiceBase<VXResource, VXPolicy> {
return true;
}
- public int getResourceType(VXPolicy vXPolicy) {
+ public int getResourceType(VXDataObject vObj) {
int resourceType = AppConstants.RESOURCE_PATH;
- if (vXPolicy == null) {
+ if (vObj == null) {
return resourceType;
}
- if (!stringUtil.isEmpty(vXPolicy.getDatabases())) {
+
+ VXPolicy vXPolicy = null;
+ VXResource vXResource = null;
+ if (vObj instanceof VXPolicy) {
+ vXPolicy = (VXPolicy) vObj;
+ } else if (vObj instanceof VXResource) {
+ vXResource = (VXResource) vObj;
+ } else {
+ return resourceType;
+ }
+
+ String databases = null;
+ String tables = null;
+ String columns = null;
+ String udfs = null;
+ String columnFamilies = null;
+ String topologies = null;
+ String services = null;
+
+ if (vXPolicy != null) {
+ databases = vXPolicy.getDatabases();
+ tables = vXPolicy.getTables();
+ columns = vXPolicy.getColumns();
+ udfs = vXPolicy.getUdfs();
+ columnFamilies = vXPolicy.getColumnFamilies();
+ topologies = vXPolicy.getTopologies();
+ services = vXPolicy.getServices();
+ } else if (vXResource != null) {
+ databases = vXResource.getDatabases();
+ tables = vXResource.getTables();
+ columns = vXResource.getColumns();
+ udfs = vXResource.getUdfs();
+ columnFamilies = vXResource.getColumnFamilies();
+ topologies = vXResource.getTopologies();
+ services = vXResource.getServices();
+ }
+
+ if (!stringUtil.isEmpty(databases)) {
resourceType = AppConstants.RESOURCE_DB;
- if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getTables())) {
+ if (!stringUtil.isEmptyOrWildcardAsterisk(tables)) {
resourceType = AppConstants.RESOURCE_TABLE;
}
- if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getColumns())) {
+ if (!stringUtil.isEmptyOrWildcardAsterisk(columns)) {
resourceType = AppConstants.RESOURCE_COLUMN;
}
- if (!stringUtil.isEmpty(vXPolicy.getUdfs())) {
+ if (!stringUtil.isEmpty(udfs)) {
resourceType = AppConstants.RESOURCE_UDF;
}
- } else if (!stringUtil.isEmpty(vXPolicy.getTables())) {
+ } else if (!stringUtil.isEmpty(tables)) {
resourceType = AppConstants.RESOURCE_TABLE;
- if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getColumnFamilies())) {
+ if (!stringUtil.isEmptyOrWildcardAsterisk(columnFamilies)) {
resourceType = AppConstants.RESOURCE_COL_FAM;
}
- if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getColumns())) {
+ if (!stringUtil.isEmptyOrWildcardAsterisk(columns)) {
resourceType = AppConstants.RESOURCE_COLUMN;
}
- } else if (!stringUtil.isEmpty(vXPolicy.getTopologies())) {
+ } else if (!stringUtil.isEmpty(topologies)) {
resourceType = AppConstants.RESOURCE_TOPOLOGY;
- if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getServices())) {
+ if (!stringUtil.isEmptyOrWildcardAsterisk(services)) {
resourceType = AppConstants.RESOURCE_SERVICE_NAME;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/ee6d77c8/security-admin/src/main/java/com/xasecure/service/XResourceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/service/XResourceService.java b/security-admin/src/main/java/com/xasecure/service/XResourceService.java
index c6f95a9..bbbf458 100644
--- a/security-admin/src/main/java/com/xasecure/service/XResourceService.java
+++ b/security-admin/src/main/java/com/xasecure/service/XResourceService.java
@@ -77,6 +77,9 @@ public class XResourceService extends
@Autowired
XAEnumUtil xaEnumUtil;
+
+ @Autowired
+ XPolicyService xPolicyService;
static HashMap<String, VTrxLogAttr> trxLogAttrs = new HashMap<String, VTrxLogAttr>();
@@ -259,7 +262,7 @@ public class XResourceService extends
@Override
protected void validateForUpdate(VXResource vObj, XXResource mObj) {
- if (vObj != null && vObj.getResourceType() == AppConstants.ASSET_HDFS) {
+ if (vObj != null && vObj.getAssetType() == AppConstants.ASSET_HDFS) {
if (!(vObj.getName() != null) || vObj.getName().isEmpty()) {
throw restErrorUtil.createRESTException("Please provide the "
+ "resource path.", MessageEnums.INVALID_INPUT_DATA);
@@ -480,7 +483,8 @@ public class XResourceService extends
if(assetType==AppConstants.ASSET_HDFS){
- int resourceType = vXResource.getResourceType();
+// int resourceType = vXResource.getResourceType();
+ int resourceType = xPolicyService.getResourceType(vXResource);
List<Integer> resourceTypeList = xaBizUtil
.getResorceTypeParentHirearchy(resourceType, assetType);
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/ee6d77c8/security-admin/src/main/webapp/scripts/views/hbase/HbasePolicyForm.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/hbase/HbasePolicyForm.js b/security-admin/src/main/webapp/scripts/views/hbase/HbasePolicyForm.js
index 8793077..6c87190 100644
--- a/security-admin/src/main/webapp/scripts/views/hbase/HbasePolicyForm.js
+++ b/security-admin/src/main/webapp/scripts/views/hbase/HbasePolicyForm.js
@@ -515,6 +515,7 @@ define(function(require){
else
this.model.set('resourceType',XAEnums.ResourceType.RESOURCE_TABLE.value);
+ this.setResourceTypeAsPerWildCard();
//TODO Already handled by server side so we need to remove following line
if(_.isEmpty(this.model.get('columnFamilies'))) {
this.model.unset('columnFamilies');
@@ -540,6 +541,27 @@ define(function(require){
newNameList = e.currentTarget.value.split(',');
XAUtil.checkDirtyField(nameList, newNameList, elem);
},
+ setResourceTypeAsPerWildCard :function(){
+ var type = this.model.get('resourceType');
+ //Set resourceType as per WildCard operator '*'
+ switch(this.model.get('resourceType')){
+ case XAEnums.ResourceType.RESOURCE_COLUMN.value :
+ if(_.isEqual(this.model.get('columns'),"*")){
+ if(_.isEqual(this.model.get('columnFamilies'),"*"))
+ type = XAEnums.ResourceType.RESOURCE_TABLE.value;
+ else
+ type = XAEnums.ResourceType.RESOURCE_COL_FAM.value;
+
+ }
+ break;
+ case XAEnums.ResourceType.RESOURCE_COL_FAM.value :
+ if(_.isEqual(this.model.get('columnFamilies'),"*")){
+ type = XAEnums.ResourceType.RESOURCE_TABLE.value;
+ }
+ break;
+ }
+ this.model.set('resourceType',type);
+ },
/* all post render plugin initialization */
initializePlugins: function(){
}
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/ee6d77c8/security-admin/src/main/webapp/scripts/views/hive/HivePolicyCreate.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/hive/HivePolicyCreate.js b/security-admin/src/main/webapp/scripts/views/hive/HivePolicyCreate.js
index 50b752c..899dd3a 100644
--- a/security-admin/src/main/webapp/scripts/views/hive/HivePolicyCreate.js
+++ b/security-admin/src/main/webapp/scripts/views/hive/HivePolicyCreate.js
@@ -82,10 +82,7 @@ define(function(require){
_.extend(this, _.pick(options,'assetModel'));
this.bindEvents();
-
- if(this.model.get('resourceType') == XAEnums.ResourceType.RESOURCE_COLUMN.value)
- this.model.set('resourceType',XAEnums.ResourceType.RESOURCE_TABLE.value);
-
+ this.checkResourceTypeWithWildCard();
that.form = new HivePolicyForm({
template : require('hbs!tmpl/hive/HivePolicyForm_tmpl'),
model : this.model,
@@ -100,6 +97,25 @@ define(function(require){
/*this.listenTo(this.model, "change:foo", this.modelChanged, this);*/
/*this.listenTo(communicator.vent,'someView:someEvent', this.someEventHandler, this)'*/
},
+ checkResourceTypeWithWildCard : function(){
+ var type = this.model.get('resourceType');
+ switch(this.model.get('resourceType')){
+ case XAEnums.ResourceType.RESOURCE_DB.value :
+ if(!_.isEmpty(this.model.get("tables"))){
+ if(_.isEqual(this.model.get("tables"),"*"))
+ type = XAEnums.ResourceType.RESOURCE_TABLE.value;
+ }
+ if(!_.isEmpty(this.model.get("udfs"))){
+ if(_.isEqual(this.model.get("udfs"),"*"))
+ type = XAEnums.ResourceType.RESOURCE_UDF.value;
+ }
+ break;
+ case XAEnums.ResourceType.RESOURCE_COLUMN.value :
+ type = XAEnums.ResourceType.RESOURCE_TABLE.value;
+ break;
+ }
+ this.model.set('resourceType',type);
+ },
/** on render callback */
onRender: function() {
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/ee6d77c8/security-admin/src/main/webapp/scripts/views/hive/HivePolicyForm.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/hive/HivePolicyForm.js b/security-admin/src/main/webapp/scripts/views/hive/HivePolicyForm.js
index b2f1c07..5f8cc85 100644
--- a/security-admin/src/main/webapp/scripts/views/hive/HivePolicyForm.js
+++ b/security-admin/src/main/webapp/scripts/views/hive/HivePolicyForm.js
@@ -170,13 +170,14 @@ define(function(require){
//fieldAttrs : {style : 'display:none;'}
},
udfs : {
- type : 'Text',
+// type : 'Text',
+ type : 'Select2Remote',
title : localization.tt("lbl.permForUdf"),
- editorAttrs :{'placeholder': 'Enter UDF Name'}
+ editorAttrs :{'placeholder': 'Enter UDF Name'},
// fieldAttrs :{'style' :'visibility:hidden'},
//validators : [{type:'regexp',regexp:/^[a-zA-Z*?][a-zA-Z0-9_'&-/\$]*[A-Za-z0-9]*$/i,message :localization.tt('validationMessages.enterValidName')}],
- /*pluginAttr : this.getPlugginAttr(true,this.type.UDF),
- options : function(callback, editor){
+ pluginAttr : this.getPlugginAttr(false,this.type.UDF),
+ /*options : function(callback, editor){
callback();
},*/
},
@@ -673,8 +674,9 @@ define(function(require){
var perm1 = resourceTypeTable && _.isEmpty(this.model.get('tables')) && columns;
var perm3 = resourceTypeUdf && _.isEmpty(this.model.get('udfs')) ;
- if(_.isEmpty(this.model.get('resourceType')))
+ if(_.isEmpty(this.model.get('resourceType'))){
this.model.set('resourceType',XAEnums.ResourceType.RESOURCE_DB.value);
+ }
else{
if(perm1 || perm3){ //if(perm1 || perm2 || perm3){
@@ -698,6 +700,8 @@ define(function(require){
}
}
}
+ //Set resourceType as per WildCard operator '*'
+ this.setResourceTypeAsPerWildCard();
if(this.fields.resourceType.getValue() != XAEnums.ResourceType.RESOURCE_UDF.value){
if(!_.isEmpty(this.model.get('tables'))){
@@ -733,6 +737,31 @@ define(function(require){
newNameList = e.currentTarget.value.split(',');
XAUtil.checkDirtyField(nameList, newNameList, elem);
},
+ setResourceTypeAsPerWildCard :function(){
+ //Set resourceType as per WildCard operator '*'
+ var type = this.model.get('resourceType');
+ switch(this.model.get('resourceType')){
+ case XAEnums.ResourceType.RESOURCE_COLUMN.value :
+ if(_.isEqual(this.model.get('columns'),"*")){
+ if(_.isEqual(this.model.get('tables'),"*"))
+ type = XAEnums.ResourceType.RESOURCE_DB.value;
+ else
+ type = XAEnums.ResourceType.RESOURCE_TABLE.value;
+
+ }
+ break;
+ case XAEnums.ResourceType.RESOURCE_TABLE.value :
+ if(_.isEqual(this.model.get('tables'),"*"))
+ type = XAEnums.ResourceType.RESOURCE_DB.value;
+ break;
+ case XAEnums.ResourceType.RESOURCE_UDF.value :
+ if(_.isEqual(this.model.get('udfs'),"*"))
+ type = XAEnums.ResourceType.RESOURCE_DB.value;
+ break;
+ }
+ this.model.set('resourceType',type);
+ },
+
/** all post render plugin initialization */
initializePlugins: function(){
}
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/ee6d77c8/security-admin/src/main/webapp/scripts/views/knox/KnoxPolicyForm.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/knox/KnoxPolicyForm.js b/security-admin/src/main/webapp/scripts/views/knox/KnoxPolicyForm.js
index 5cf4118..645df48 100644
--- a/security-admin/src/main/webapp/scripts/views/knox/KnoxPolicyForm.js
+++ b/security-admin/src/main/webapp/scripts/views/knox/KnoxPolicyForm.js
@@ -484,6 +484,7 @@ define(function(require){
var resourceType = _.isEmpty(this.model.get('services')) ? XAEnums.ResourceType.RESOURCE_TOPOLOGY.value : XAEnums.ResourceType.RESOURCE_SERVICE.value ;
this.model.set('resourceType',resourceType);
+ this.setResourceTypeAsPerWildCard();
},
checkMultiselectDirtyField : function(e, type){
var elem = $(e.currentTarget),columnName='',nameList = [], newNameList = [];
@@ -498,6 +499,19 @@ define(function(require){
newNameList = e.currentTarget.value.split(',');
XAUtil.checkDirtyField(nameList, newNameList, elem);
},
+ setResourceTypeAsPerWildCard :function(){
+ var type = this.model.get('resourceType');
+ //Set resourceType as per WildCard operator '*'
+ switch(this.model.get('resourceType')){
+ case XAEnums.ResourceType.RESOURCE_SERVICE.value :
+ if(_.isEqual(this.model.get('services'),"*")){
+ type = XAEnums.ResourceType.RESOURCE_TOPOLOGY.value;
+
+ }
+ break;
+ }
+ this.model.set('resourceType',type);
+ },
/** all post render plugin initialization */
initializePlugins: function(){
}