You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ni...@apache.org on 2021/04/07 06:48:45 UTC
[ranger] branch master updated (1efae2f -> d4e6475)
This is an automated email from the ASF dual-hosted git repository.
ni3galave pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git.
from 1efae2f RANGER-3157 : Improvements for audit details page part-2
new 71e503f RANGER-3186 : [Ranger Access Audit Improvement]Changes done from one user, persists for other users as well.
new d4e6475 RANGER-3228 : Improvement in audit filter feature.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../webapp/scripts/modules/globalize/message/en.js | 6 +-
.../src/main/webapp/scripts/prelogin/XAPrelogin.js | 3 +
.../main/webapp/scripts/views/common/ProfileBar.js | 3 +
.../scripts/views/service/AuditFilterConfig.js | 97 +++++++++++++++++---
.../views/service/RangerServiceViewDetail.js | 28 ++++--
.../webapp/scripts/views/service/ServiceForm.js | 14 +++
.../templates/service/AuditFilterList_tmpl.html | 2 +-
.../service/RangerServiceViewDetail_tmpl.html | 101 +++++++++++++++++++++
8 files changed, 234 insertions(+), 20 deletions(-)
[ranger] 01/02: RANGER-3186 : [Ranger Access Audit
Improvement]Changes done from one user, persists for other users as well.
Posted by ni...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ni3galave pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 71e503f31a27d561979cc6095a3d0add8e50510f
Author: Nitin Galave <ni...@apache.org>
AuthorDate: Mon Feb 22 16:23:41 2021 +0530
RANGER-3186 : [Ranger Access Audit Improvement]Changes done from one user, persists for other users as well.
---
security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js | 3 +++
security-admin/src/main/webapp/scripts/views/common/ProfileBar.js | 3 +++
2 files changed, 6 insertions(+)
diff --git a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
index 4597225..a2eecca 100644
--- a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
+++ b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
@@ -69,6 +69,9 @@ function doLogin() {
"cache-control" : "no-cache"
},
success : function() {
+ if (localStorage && localStorage['backgrid-colmgr']) {
+ delete localStorage['backgrid-colmgr'];
+ }
if(location.hash.length > 2)
window.location.replace('index.html'+location.hash);
else
diff --git a/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js b/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js
index baeb367..9dbfa9c 100644
--- a/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js
+++ b/security-admin/src/main/webapp/scripts/views/common/ProfileBar.js
@@ -66,6 +66,9 @@ define(function(require){
"cache-control" : "no-cache"
},
success : function() {
+ if (localStorage && localStorage['backgrid-colmgr']) {
+ delete localStorage['backgrid-colmgr'];
+ }
if(!_.isUndefined(checksso) && checksso){
if(checksso == 'false'){
window.location.replace('locallogin');
[ranger] 02/02: RANGER-3228 : Improvement in audit filter feature.
Posted by ni...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ni3galave pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit d4e647590b882a20f7c7d8d2e5188def17382c4c
Author: Nitin Galave <ni...@apache.org>
AuthorDate: Mon Apr 5 16:19:34 2021 +0530
RANGER-3228 : Improvement in audit filter feature.
---
.../webapp/scripts/modules/globalize/message/en.js | 6 +-
.../scripts/views/service/AuditFilterConfig.js | 97 +++++++++++++++++---
.../views/service/RangerServiceViewDetail.js | 28 ++++--
.../webapp/scripts/views/service/ServiceForm.js | 14 +++
.../templates/service/AuditFilterList_tmpl.html | 2 +-
.../service/RangerServiceViewDetail_tmpl.html | 101 +++++++++++++++++++++
6 files changed, 228 insertions(+), 20 deletions(-)
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index 3bc933f..cc18902 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -397,8 +397,10 @@ define(function(require) {
nifiResource :'NiFi Resource Identifier.',
securityZone :'Security Zone',
zoneCreate :'Create Zone',
- zoneEdit :'Zone Edit'
- },
+ zoneEdit :'Zone Edit',
+ bucket :'Name of the S3 bucket.',
+ auditFilter :'Audit Filter'
+ },
msg : {
deletePolicyValidationMsg : 'Policy does not have any settings for the specific resource. Policy will be deleted. Press [Ok] to continue. Press [Cancel] to edit the policy.',
areYouSureWantToDelete : 'Are you sure want to delete ?',
diff --git a/security-admin/src/main/webapp/scripts/views/service/AuditFilterConfig.js b/security-admin/src/main/webapp/scripts/views/service/AuditFilterConfig.js
index f5e01f2..a190275 100644
--- a/security-admin/src/main/webapp/scripts/views/service/AuditFilterConfig.js
+++ b/security-admin/src/main/webapp/scripts/views/service/AuditFilterConfig.js
@@ -84,7 +84,11 @@ define(function(require) {
});
this.setupFormForEditMode();
this.evIsAudited();
- this.renderPermissions();
+ if(XAUtil.isTagBasedDef(this.rangerServiceDefModel)){
+ this.renderPermsForTagBasedService();
+ } else {
+ this.renderPermissions();
+ }
this.ui.selectUsers.select2(XAUtil.getUsersGroupsList("users", this, '250px', "auditFilter"));
this.ui.selectGroups.select2(XAUtil.getUsersGroupsList("groups", this, '250px', "auditFilter"));
this.ui.selectRoles.select2(XAUtil.getUsersGroupsList("roles", this, '250px', "auditFilter"));
@@ -228,20 +232,86 @@ define(function(require) {
});
},
+ renderPermsForTagBasedService :function() {
+ var that = this;
+ this.permsIds = [];
+ if (this.model && this.model.get('accessTypes')) {
+ this.permsIds = this.model.get('accessTypes');
+ }
+ this.ui.addPerms.attr('data-type','tagchecklist')
+ this.ui.addPerms.attr('title','Components Permissions')
+ this.perms = _.map(this.accessTypes,function(m){return {text : m.label, value : m.name}});
+ var select2optn = { width :'600px' };
+ //create x-editable for permissions
+ this.ui.addPerms.editable({
+ emptytext : 'Add Permissions',
+ source: this.perms,
+ value : this.permsIds,
+ select2option : select2optn,
+ placement : 'top',
+ showbuttons : 'bottom',
+ display: function(values,srcData) {
+ if(_.contains(values,"on")) values = _.without(values,"on");
+ if(_.isNull(values) || _.isEmpty(values)){
+ $(this).empty();
+ that.model.unset('accessTypes');
+ that.ui.addPermissionsSpan.find('i').attr('class', 'fa-fw fa fa-plus');
+ that.ui.addPermissionsSpan.attr('title','add');
+ return;
+ }
+ //To remove selectall options
+ values = _.uniq(values);
+ if(values.indexOf("selectall") >= 0){
+ values.splice(values.indexOf("selectall"), 1)
+ }
+ var permTypeArr = [];
+ var valArr = _.map(values, function(id){
+ if(!_.isUndefined(id)){
+ var obj = _.findWhere(srcData,{'value' : id});
+ permTypeArr.push({permType : obj.value});
+ return "<span class='badge badge-info'>" + id.substr(0,id.indexOf(":")).toUpperCase() + "</span>";
+ }
+ });
+ // Save form data to model
+ that.model.set('accessTypes', values);
+ $(this).html(_.uniq(valArr).join(" "));
+ that.ui.addPermissionsSpan.find('i').attr('class', 'fa-fw fa fa-pencil');
+ that.ui.addPermissionsSpan.attr('title','edit');
+ },
+ }).on('hidden',function(e){
+ // $(e.currentTarget).parent().find('.tag-condition-popover').remove()
+ $('.popover').parent().remove()
+ }).on('click', function(e) {
+ e.stopPropagation();
+ if($('.popover')){
+ $('.tag-condition-popover').remove()
+ }
+ //Sticky popup
+ var pop = $('.popover')
+ pop.wrap('<div class="tag-fixed-popover-wrapper"></div>');
+ pop.addClass('tag-fixed-popover');
+ pop.find('.arrow').removeClass('arrow')
+ });
+ that.ui.addPermissionsSpan.click(function(e) {
+ e.stopPropagation();
+ if($('.popover')){
+ $('.tag-condition-popover').remove()
+ }
+ that.$('a[data-js="permissions"]').editable('toggle');
+ var pop = $('.popover')
+ pop.wrap('<div class="tag-fixed-popover-wrapper"></div>');
+ pop.addClass('tag-fixed-popover');
+ pop.find('.arrow').removeClass('arrow')
+ });
+ },
+
eGetResources :function () {
var model = null;
if (!_.isUndefined(this.model.get('resources'))) {
- this.model.set('policyType', 0);
- this.model.set('id', 'resource' + this.model.collection.length);
model = $.extend(true, {}, this.model);
- // model = _.clone(resourceModel)
- // _.each(model.get('resources'), function(val, key, obj) {
- // obj[key] = {
- // 'values': val
- // };
- // });
+ model.set('policyType', 0);
+ model.set('id', 'resource' + this.model.collection.length);
}
- // this.rangerServiceDefModel.get('resources')[0].lookupSupported = false
if (_.isEmpty(this.serviceName)) {
this.rangerServiceDefModel.get('resources').map( function(m){
m.lookupSupported = false;
@@ -329,6 +399,7 @@ define(function(require) {
if(this.model && !_.isUndefined(this.model.get('resources'))) {
this.model.unset('resources');
}
+ this.ui.addResources.find('i').attr('class', 'fa-fw fa fa-plus');
},
evSelectUserGroupRole : function (e) {
@@ -337,6 +408,10 @@ define(function(require) {
evDelete : function(){
var that = this;
this.collection.remove(this.model);
+ if (this.collection.length == 0) {
+ var $data = '<tr><td class="emptySet text-muted" colspan="9">No Audit Filter Data Found !!</td></tr>'
+ $(".auditFilterData").html($data)
+ }
},
selectOparations : function() {
var that = this;
@@ -344,7 +419,7 @@ define(function(require) {
this.ui.oparations.select2({
multiple: true,
closeOnSelect : true,
- placeholder : 'Select Action',
+ placeholder : 'Type Action Name',
allowClear: true,
width : '200px',
tokenSeparators: [","],
diff --git a/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js b/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
index 0c637ab..c8a47a4 100644
--- a/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
+++ b/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
@@ -35,12 +35,25 @@ define(function(require) {
template: RangerServiceViewDetailTmpl,
templateHelpers: function() {
- var that = this, tagDetails = [];
+ var that = this, tagDetails = []; this.isExcludes = "", this.isRecursive = "";
if(this.rangerService.get('tagService') && !_.isEmpty(this.rangerService.get('tagService'))) {
tagDetails = this.rangerSeviceList.find(function(m) {
return m.get('name') == that.rangerService.get('tagService')
})
}
+ _.filter(this.auditFilters, function(model, modVal) {
+ model.isAudited = model.isAudited ? 'Yes' : 'No'
+ _.filter(model.resources, function(key){
+ var $toggleBtn =''
+ if(!_.isUndefined(key.isExcludes)) {
+ key.isExcludes = key.isExcludes ? XAEnums.ExcludeStatus.STATUS_EXCLUDE.label : XAEnums.ExcludeStatus.STATUS_INCLUDE.label;
+ }
+ if (!_.isUndefined(key.isRecursive)) {
+ key.isRecursive = key.isRecursive ? XAEnums.RecursiveStatus.STATUS_RECURSIVE.label : XAEnums.RecursiveStatus.STATUS_NONRECURSIVE.label;
+ }
+ key.values = key.values.join(', ')
+ })
+ })
return {
configsList : this.conf,
customConfigs : this.customConfigs,
@@ -49,7 +62,8 @@ define(function(require) {
isEnabled : this.rangerService.get('isEnabled'),
tagService : (!_.isEmpty(tagDetails)) ? tagDetails.get('displayName') : false,
displayName : this.rangerService.get('displayName'),
- }
+ auditFilters : this.auditFilters,
+ }
},
/**
@@ -75,10 +89,12 @@ define(function(require) {
customConfigs = _.omit(customConfigs , m.name);
})
this.conf = configs;
- if(_.isEmpty(customConfigs)){
- this.customConfigs = false
- }else{
- this.customConfigs = customConfigs;
+ this.auditFilters = (_.isEmpty(customConfigs) && _.isUndefined(customConfigs['ranger.plugin.audit.filters'])) ?
+ false : customConfigs['ranger.plugin.audit.filters'];
+ this.customConfigs = _.isEmpty(_.omit(customConfigs, 'ranger.plugin.audit.filters')) ?
+ false : _.omit(customConfigs, 'ranger.plugin.audit.filters');
+ if(this.auditFilters){
+ this.auditFilters = JSON.parse((this.auditFilters).replace(/'/g, '"'));
}
},
/** on close */
diff --git a/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js b/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js
index 668fa79..983f65b 100644
--- a/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js
+++ b/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js
@@ -129,6 +129,20 @@ define(function(require){
that.auditFilterColl.add(new Backbone.Model(model));
})
}
+ } else {
+ var configs = this.rangerServiceDefModel.get('configs');
+ var auditFilterCollValueIndex = _.findIndex(configs,function(m){
+ return m.name == 'ranger.plugin.audit.filters'
+ })
+ if(auditFilterCollValueIndex != -1) {
+ var auditFilterCollValue = configs[auditFilterCollValueIndex];
+ configs.splice(auditFilterCollValueIndex, 1);
+ auditFilterCollValue = JSON.parse((auditFilterCollValue.defaultValue).replace(/'/g, '"'));
+ console.log(auditFilterCollValue);
+ auditFilterCollValue.forEach(function(model) {
+ that.auditFilterColl.add(new Backbone.Model(model));
+ })
+ }
}
},
setupForm : function() {
diff --git a/security-admin/src/main/webapp/templates/service/AuditFilterList_tmpl.html b/security-admin/src/main/webapp/templates/service/AuditFilterList_tmpl.html
index 268917a..dc36490 100644
--- a/security-admin/src/main/webapp/templates/service/AuditFilterList_tmpl.html
+++ b/security-admin/src/main/webapp/templates/service/AuditFilterList_tmpl.html
@@ -32,7 +32,7 @@
<th></th>
</tr>
</thead>
- <tbody class="js-formInput permissionItemSortable">
+ <tbody class="js-formInput permissionItemSortable auditFilterData">
{{#if emptyAuditFilterCol}}
<td class="emptySet text-muted" colspan="9">No Audit Filter Data Found !!</td>
{{/if}}
diff --git a/security-admin/src/main/webapp/templates/service/RangerServiceViewDetail_tmpl.html b/security-admin/src/main/webapp/templates/service/RangerServiceViewDetail_tmpl.html
index af86930..8303180 100644
--- a/security-admin/src/main/webapp/templates/service/RangerServiceViewDetail_tmpl.html
+++ b/security-admin/src/main/webapp/templates/service/RangerServiceViewDetail_tmpl.html
@@ -125,4 +125,105 @@
{{/if}}
</tbody>
</table>
+</div>
+<div id="auditFilters">
+ <p class="formHeader">
+ {{tt 'h.auditFilter'}} :
+ </p>
+ <div class="table-responsive">
+ <table class="table table-permission table-condensed table-read-only">
+ <thead>
+ <tr>
+ <th>Is Audited</th>
+ <th>Access Result</th>
+ <th>Resources</th>
+ <th>Operations</th>
+ <th>Permissions</th>
+ <th>Users</th>
+ <th>Groups</th>
+ <th>Roles</th>
+ </tr>
+ </thead>
+ <tbody>
+ {{#each auditFilters}}
+ <tr>
+ <td>
+ {{#if this.isAudited}}
+ <span class="badge badge-info">{{this.isAudited}}</span>
+ {{else}}
+ --
+ {{/if}}
+ </td>
+ <td>
+ {{#if this.accessResult}}
+ <span class="badge badge-info">{{this.accessResult}}</span>
+ {{else}}
+ --
+ {{/if}}
+ </td>
+ <td>
+ {{#if this.resources}}
+ <div class="resource-list min-width-150">
+ <div class="resourceGrp ui-sortable-handle">
+ {{#each this.resources}}
+ <div class="resourcesFilter"><div><b>{{@key}}</b>:{{this.values}}</div>
+ {{#if this.isExcludes}}<span class="badge badge-dark pull-right">{{this.isExcludes}}</span> {{/if}}{{#if this.isRecursive}}<span class="badge badge-dark pull-right">{{this.isRecursive}}</span>{{/if}}
+ </div>
+ {{/each}}
+ </div>
+ </div>
+ {{else}}
+ --
+ {{/if}}
+ </td>
+ <td>
+ {{#if this.actions}}
+ {{#each this.actions}}
+ <span class="badge badge-info">{{this}}</span>
+ {{/each}}
+ {{else}}
+ --
+ {{/if}}
+ </td>
+ <td>
+ {{#if this.accessTypes}}
+ {{#each this.accessTypes}}
+ <span class="badge badge-info">{{this}}</span>
+ {{/each}}
+ {{else}}
+ --
+ {{/if}}
+ </td>
+ <td>
+ {{#if this.users}}
+ {{#each this.users}}
+ <span class="badge badge-info">{{this}}</span>
+ {{/each}}
+ {{else}}
+ --
+ {{/if}}
+ </td>
+ <td>
+ {{#if this.groups}}
+ {{#each this.groups}}
+ <span class="badge badge-info">{{this}}</span>
+ {{/each}}
+ {{else}}
+ --
+ {{/if}}
+ </td>
+ <td>
+ {{#if this.roles}}
+ {{#each this.roles}}
+ <span class="badge badge-info">{{this}}</span>
+ {{/each}}
+ {{else}}
+ --
+ {{/if}}
+ </td>
+ </tr>
+ {{/each}}
+ </tbody>
+ </table>
+ </div>
</div>
\ No newline at end of file