You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2017/02/01 20:39:04 UTC
ranger git commit: RANGER-1336 : audit based policy that has no
policy item are not exported in CSV file
Repository: ranger
Updated Branches:
refs/heads/master ed6488361 -> 7fe9290b1
RANGER-1336 : audit based policy that has no policy item are not exported in CSV file
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/7fe9290b
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/7fe9290b
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/7fe9290b
Branch: refs/heads/master
Commit: 7fe9290b174121025960535ebccb2b0d91e1855e
Parents: ed64883
Author: Gautam Borad <ga...@apache.org>
Authored: Tue Jan 31 10:13:29 2017 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Wed Feb 1 15:30:03 2017 -0500
----------------------------------------------------------------------
.../hadoop/crypto/key/RangerMasterKey.java | 22 ++-
.../crypto/key/kms/server/KMSMetricUtil.java | 178 +++++++++----------
.../org/apache/ranger/biz/ServiceDBStore.java | 89 ++++++----
3 files changed, 152 insertions(+), 137 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/7fe9290b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
index 021685c..009bcf4 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
@@ -205,10 +205,13 @@ public class RangerMasterKey implements RangerKMSMKI{
}
private byte[] encryptKey(byte[] data, PBEKeySpec keyspec) throws Throwable {
SecretKey key = getPasswordKey(keyspec);
- PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount());
- Cipher c = Cipher.getInstance(key.getAlgorithm());
- c.init(Cipher.ENCRYPT_MODE, key,paramSpec);
- return c.doFinal(data);
+ if(keyspec != null && keyspec.getSalt() != null){
+ PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount());
+ Cipher c = Cipher.getInstance(key.getAlgorithm());
+ c.init(Cipher.ENCRYPT_MODE, key,paramSpec);
+ return c.doFinal(data);
+ }
+ return null;
}
private SecretKey getPasswordKey(PBEKeySpec keyspec) throws Throwable {
SecretKeyFactory factory = SecretKeyFactory.getInstance(PBE_ALGO);
@@ -216,10 +219,13 @@ public class RangerMasterKey implements RangerKMSMKI{
}
private byte[] decryptKey(byte[] encrypted, PBEKeySpec keyspec) throws Throwable {
SecretKey key = getPasswordKey(keyspec);
- PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount());
- Cipher c = Cipher.getInstance(key.getAlgorithm());
- c.init(Cipher.DECRYPT_MODE, key, paramSpec);
- return c.doFinal(encrypted);
+ if(keyspec != null && keyspec.getSalt() != null){
+ PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount());
+ Cipher c = Cipher.getInstance(key.getAlgorithm());
+ c.init(Cipher.DECRYPT_MODE, key, paramSpec);
+ return c.doFinal(encrypted);
+ }
+ return null;
}
private SecretKey getMasterKeyFromBytes(byte[] keyData) throws Throwable {
return new SecretKeySpec(keyData, MK_CIPHER);
http://git-wip-us.apache.org/repos/asf/ranger/blob/7fe9290b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java
index 22fb03c..71ebb8d 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java
@@ -58,112 +58,102 @@ public class KMSMetricUtil {
@SuppressWarnings("static-access")
private void getKMSMetricCalculation(String caseValue) {
- logger.info("Metric Type : " + caseValue);
- try
- {
+ logger.info("Metric Type : " + caseValue);
+ try {
switch (caseValue.toLowerCase()) {
- case "hsmenabled":
- try {
- KMSConfiguration kmsConfig = new KMSConfiguration();
- if(kmsConfig != null && kmsConfig.getACLsConf() != null) {
- String hsmEnabledValue = kmsConfig.getACLsConf().get(HSM_ENABLED);
- Map<String,String> hsmEnabledMap = new HashMap<String, String>();
- if(hsmEnabledValue != null){
- hsmEnabledMap.put("HSMEnabled", hsmEnabledValue);
- Gson gson = new GsonBuilder().create();
- final String jsonHSMEnabled = gson.toJson(hsmEnabledMap);
- System.out.println(jsonHSMEnabled);
- } else {
- hsmEnabledMap.put("HSMEnabled", "");
- Gson gson = new GsonBuilder().create();
- final String jsonHSMEnabled = gson.toJson(hsmEnabledMap);
- System.out.println(jsonHSMEnabled);
- }
+ case "hsmenabled":
+ try {
+ KMSConfiguration kmsConfig = new KMSConfiguration();
+ if (kmsConfig != null && kmsConfig.getACLsConf() != null) {
+ String hsmEnabledValue = kmsConfig.getACLsConf().get(HSM_ENABLED);
+ Map<String, String> hsmEnabledMap = new HashMap<String, String>();
+ if (hsmEnabledValue != null) {
+ hsmEnabledMap.put("hsmEnabled", hsmEnabledValue);
+ Gson gson = new GsonBuilder().create();
+ final String jsonHSMEnabled = gson.toJson(hsmEnabledMap);
+ System.out.println(jsonHSMEnabled);
+ } else {
+ hsmEnabledMap.put("hsmEnabled", "");
+ Gson gson = new GsonBuilder().create();
+ final String jsonHSMEnabled = gson.toJson(hsmEnabledMap);
+ System.out.println(jsonHSMEnabled);
}
}
- catch (Exception e) {
- logger.error("Error calculating KMSMetric for HSM enabled : "+e.getMessage());
- }
- break;
- case "encryptedkey":
- try {
- KMSWebApp kmsWebAppEncryptedKey = new KMSWebApp();
- if(kmsWebAppEncryptedKey != null){
- kmsWebAppEncryptedKey.contextInitialized(null);
- KeyProviderCryptoExtension keyProvider = kmsWebAppEncryptedKey.getKeyProvider();
- if(keyProvider != null && keyProvider.getKeys() != null){
- Integer encryptedKeyCount = keyProvider.getKeys().size();
- if(encryptedKeyCount != null){
- Map<String,Integer> encryptedKeyCountValueMap = new HashMap<String, Integer>();
- encryptedKeyCountValueMap.put("encryptedKeycount", encryptedKeyCount);
- Gson gson = new GsonBuilder().create();
- final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap);
- System.out.println(jsonEncKeycount);
- }else{
- Map<String,String> encryptedKeyCountValueMap = new HashMap<String, String>();
- encryptedKeyCountValueMap.put("encryptedKeycount","");
- Gson gson = new GsonBuilder().create();
- final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap);
- System.out.println(jsonEncKeycount);
- }
-
- }
- kmsWebAppEncryptedKey.contextDestroyed(null);
- }
+ } catch (Exception e) {
+ logger.error("Error calculating KMSMetric for HSM enabled : " + e.getMessage());
+ }
+ break;
+ case "encryptedkey":
+ try {
+ KMSWebApp kmsWebAppEncryptedKey = new KMSWebApp();
+ if (kmsWebAppEncryptedKey != null) {
+ kmsWebAppEncryptedKey.contextInitialized(null);
+ KeyProviderCryptoExtension keyProvider = kmsWebAppEncryptedKey.getKeyProvider();
+ if (keyProvider != null && keyProvider.getKeys() != null) {
+ Integer encryptedKeyCount = keyProvider.getKeys().size();
+ Map<String, Integer> encryptedKeyCountValueMap = new HashMap<String, Integer>();
+ encryptedKeyCountValueMap.put("encryptedKeyCount", encryptedKeyCount);
+ Gson gson = new GsonBuilder().create();
+ final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap);
+ System.out.println(jsonEncKeycount);
+ } else {
+ Map<String, String> encryptedKeyCountValueMap = new HashMap<String, String>();
+ encryptedKeyCountValueMap.put("encryptedKeyCount", "");
+ Gson gson = new GsonBuilder().create();
+ final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap);
+ System.out.println(jsonEncKeycount);
+ }
+ kmsWebAppEncryptedKey.contextDestroyed(null);
}
- catch(Exception e){
- logger.error("Error calculating KMSMetric for encrypted key count: "+e.getMessage());
- }
- break;
- case "encryptedkeybyalgorithm":
- try {
- KMSWebApp kmsWebApp = new KMSWebApp();
- if(kmsWebApp != null)
- {
- kmsWebApp.contextInitialized(null);
- KeyProviderCryptoExtension keyProvider = kmsWebApp.getKeyProvider();
- if(keyProvider != null && keyProvider.getKeys() != null){
- List<String> keyList = new ArrayList<String>();
- keyList.addAll(keyProvider.getKeys());
- if(keyList != null){
- Map<String,Integer> encryptedKeyByAlgorithmCountMap = new HashMap<String, Integer>();
+ } catch (Exception e) {
+ logger.error("Error calculating KMSMetric for encrypted key count: " + e.getMessage());
+ }
+ break;
+ case "encryptedkeybyalgorithm":
+ try {
+ KMSWebApp kmsWebApp = new KMSWebApp();
+ if (kmsWebApp != null) {
+ kmsWebApp.contextInitialized(null);
+ KeyProviderCryptoExtension keyProvider = kmsWebApp.getKeyProvider();
+ if (keyProvider != null && keyProvider.getKeys() != null) {
+ List<String> keyList = new ArrayList<String>();
+ keyList.addAll(keyProvider.getKeys());
+ if (keyList != null) {
+ Map<String, Integer> encryptedKeyByAlgorithmCountMap = new HashMap<String, Integer>();
int count = 0;
for (int i = 0; i < keyList.size(); i++) {
- String algorithmName = keyProvider.getMetadata(keyList.get(i)).getCipher();
- if(encryptedKeyByAlgorithmCountMap.containsKey(algorithmName)) {
- count = encryptedKeyByAlgorithmCountMap.get(algorithmName);
- count += 1;
- encryptedKeyByAlgorithmCountMap.put(algorithmName, count);
- }
- else {
- encryptedKeyByAlgorithmCountMap.put(algorithmName, 1);
- }
+ String algorithmName = keyProvider.getMetadata(keyList.get(i)).getCipher();
+ if (encryptedKeyByAlgorithmCountMap.containsKey(algorithmName)) {
+ count = encryptedKeyByAlgorithmCountMap.get(algorithmName);
+ count += 1;
+ encryptedKeyByAlgorithmCountMap.put(algorithmName, count);
+ } else {
+ encryptedKeyByAlgorithmCountMap.put(algorithmName, 1);
+ }
}
Gson gson = new GsonBuilder().create();
final String jsonEncKeyByAlgo = gson.toJson(encryptedKeyByAlgorithmCountMap);
System.out.println(jsonEncKeyByAlgo);
- }
- kmsWebApp.contextDestroyed(null);
- }else{
- Map<String,String> encryptedKeyByAlgorithmCountMap = new HashMap<String, String>();
- encryptedKeyByAlgorithmCountMap.put("encryptedkeybyalgorithm", " ");
- Gson gson = new GsonBuilder().create();
- final String jsonEncKeyByAlgo = gson.toJson(encryptedKeyByAlgorithmCountMap);
- System.out.println(jsonEncKeyByAlgo);
- }
+ }
+ kmsWebApp.contextDestroyed(null);
+ } else {
+ Map<String, String> encryptedKeyByAlgorithmCountMap = new HashMap<String, String>();
+ encryptedKeyByAlgorithmCountMap.put("encryptedKeyByAlgorithm", "");
+ Gson gson = new GsonBuilder().create();
+ final String jsonEncKeyByAlgo = gson.toJson(encryptedKeyByAlgorithmCountMap);
+ System.out.println(jsonEncKeyByAlgo);
}
- }
- catch (IOException e) {
- logger.error("Error calculating KMSMetric for encrypted key by algorithm : "+e.getMessage());
}
- break;
- default:
- System.out.println("type: Incorrect Arguments usage : For KMSMetric Usage: metric -type hsmenabled | encryptedkey | encryptedkeybyalgorithm");
- break;
- }
- }
- catch (Exception e) {
- logger.error("Error calculating KMSMetric : "+e.getMessage());
+ } catch (IOException e) {
+ logger.error("Error calculating KMSMetric for encrypted key by algorithm : " + e.getMessage());
+ }
+ break;
+ default:
+ System.out.println("type: Incorrect Arguments usage : For KMSMetric Usage: metric -type hsmenabled | encryptedkey | encryptedkeybyalgorithm");
+ break;
+ }
+ } catch (Exception e) {
+ logger.error("Error calculating KMSMetric : " + e.getMessage());
}
}
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/7fe9290b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 9a4e571..cb67b6a 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -1980,7 +1980,7 @@ public class ServiceDBStore extends AbstractServiceStore {
String timeStamp = new SimpleDateFormat("yyyyMMdd_HHmmss").format(new Date());
CSVFileName = "Ranger_Policies_" + timeStamp + ".csv";
out = response.getOutputStream();
- StringBuffer sb = writeCSV(policies, CSVFileName, response);
+ StringBuilder sb = writeCSV(policies, CSVFileName, response);
IOUtils.write(sb.toString(), out, "UTF-8");
} catch (Exception e) {
LOG.error("Error while generating report file " + CSVFileName, e);
@@ -3244,12 +3244,12 @@ public class ServiceDBStore extends AbstractServiceStore {
}
}
- private StringBuffer writeCSV(List<RangerPolicy> policies, String cSVFileName, HttpServletResponse response) {
+ private StringBuilder writeCSV(List<RangerPolicy> policies, String cSVFileName, HttpServletResponse response) {
response.setContentType("text/csv");
final String COMMA_DELIMITER = "|";
final String LINE_SEPARATOR = "\n";
final String FILE_HEADER = "ID|Name|Resources|Groups|Users|Accesses|Service Type|Status";
- StringBuffer csvBuffer = new StringBuffer();
+ StringBuilder csvBuffer = new StringBuilder();
csvBuffer.append(FILE_HEADER);
csvBuffer.append(LINE_SEPARATOR);
for (RangerPolicy policy : policies) {
@@ -3401,9 +3401,7 @@ public class ServiceDBStore extends AbstractServiceStore {
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(LINE_SEPARATOR);
}
- }
-
- else {
+ } else {
Map<String, RangerPolicyResource> resources = policy.getResources();
if (resources != null) {
for (Entry<String, RangerPolicyResource> resource : resources.entrySet()) {
@@ -3417,39 +3415,59 @@ public class ServiceDBStore extends AbstractServiceStore {
resourceKeyVal = resKeyVal.toString();
resourceKeyVal = resourceKeyVal.substring(1);
- for (RangerPolicyItem policyItem : policyItems) {
- groups = null;
- users = null;
- accesses = null;
- groupNames = "";
- userNames = "";
- accessType = "";
- groups = policyItem.getGroups();
- users = policyItem.getUsers();
- accesses = policyItem.getAccesses();
-
- if (CollectionUtils.isNotEmpty(accesses)) {
- for (RangerPolicyItemAccess access : accesses) {
- accessType = accessType + access.getType().replace("#", "").replace("|","") + "#";
+ if (CollectionUtils.isNotEmpty(policyItems)) {
+ for (RangerPolicyItem policyItem : policyItems) {
+ groups = null;
+ users = null;
+ accesses = null;
+ groupNames = "";
+ userNames = "";
+ accessType = "";
+ groups = policyItem.getGroups();
+ users = policyItem.getUsers();
+ accesses = policyItem.getAccesses();
+
+ if (CollectionUtils.isNotEmpty(accesses)) {
+ for (RangerPolicyItemAccess access : accesses) {
+ accessType = accessType + access.getType().replace("#", "").replace("|", "") + "#";
+ }
+ accessType = accessType.substring(0, accessType.lastIndexOf("#"));
}
- accessType = accessType.substring(0, accessType.lastIndexOf("#"));
- }
- if (CollectionUtils.isNotEmpty(groups)) {
- for (String group : groups){
- group=group.replace("|", "");
- group=group.replace("#", "");
- groupNames=groupNames+group+ "#";
+ if (CollectionUtils.isNotEmpty(groups)) {
+ for (String group : groups) {
+ group = group.replace("|", "");
+ group = group.replace("#", "");
+ groupNames = groupNames + group + "#";
+ }
+ groupNames = groupNames.substring(0, groupNames.lastIndexOf("#"));
}
- groupNames = groupNames.substring(0, groupNames.lastIndexOf("#"));
- }
- if (CollectionUtils.isNotEmpty(users)) {
- for (String user : users){
- user=user.replace("|", "");
- user=user.replace("#", "");
- userNames=userNames +user + "#";
+ if (CollectionUtils.isNotEmpty(users)) {
+ for (String user : users) {
+ user = user.replace("|", "");
+ user = user.replace("#", "");
+ userNames = userNames + user + "#";
+ }
+ userNames = userNames.substring(0, userNames.lastIndexOf("#"));
}
- userNames=userNames.substring(0,userNames.lastIndexOf("#"));
+ csvBuffer.append(policyId);
+ csvBuffer.append(COMMA_DELIMITER);
+ csvBuffer.append(policyName);
+ csvBuffer.append(COMMA_DELIMITER);
+ csvBuffer.append(resourceKeyVal);
+ csvBuffer.append(COMMA_DELIMITER);
+ csvBuffer.append(groupNames);
+ csvBuffer.append(COMMA_DELIMITER);
+ csvBuffer.append(userNames);
+ csvBuffer.append(COMMA_DELIMITER);
+ csvBuffer.append(accessType);
+ csvBuffer.append(COMMA_DELIMITER);
+ csvBuffer.append(ServiceType);
+ csvBuffer.append(COMMA_DELIMITER);
+ csvBuffer.append(policyStatus);
+ csvBuffer.append(COMMA_DELIMITER);
+ csvBuffer.append(LINE_SEPARATOR);
}
+ } else {
csvBuffer.append(policyId);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(policyName);
@@ -3502,6 +3520,7 @@ public class ServiceDBStore extends AbstractServiceStore {
try {
out = response.getOutputStream();
+ response.setStatus(HttpServletResponse.SC_OK);
IOUtils.write(json, out, "UTF-8");
} catch (Exception e) {
LOG.error("Error while exporting json file " + jsonFileName, e);