You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/01/21 08:50:25 UTC
incubator-ranger git commit: RANGER-203: Updated AssetREST to support
policy-download by earlier plugins - from the policy data in the new model.
Repository: incubator-ranger
Updated Branches:
refs/heads/stack 3493c02f3 -> 84382d387
RANGER-203: Updated AssetREST to support policy-download by earlier
plugins - from the policy data in the new model.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/84382d38
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/84382d38
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/84382d38
Branch: refs/heads/stack
Commit: 84382d38779b40b1e30e0dde6fe0559d2e975c99
Parents: 3493c02
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Tue Jan 20 23:48:16 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue Jan 20 23:48:16 2015 -0800
----------------------------------------------------------------------
.../java/org/apache/ranger/biz/AssetMgr.java | 395 ++++++++-----------
.../org/apache/ranger/common/ServiceUtil.java | 36 +-
.../java/org/apache/ranger/rest/AssetREST.java | 96 ++---
3 files changed, 228 insertions(+), 299 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84382d38/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index 2f42868..e13b632 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -22,7 +22,6 @@
import java.io.File;
import java.io.IOException;
import java.security.cert.X509Certificate;
-import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
@@ -55,7 +54,6 @@ import org.apache.ranger.common.TimedEventUtil;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXAsset;
-import org.apache.ranger.entity.XXAuditMap;
import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXPermMap;
import org.apache.ranger.entity.XXPolicyExportAudit;
@@ -688,6 +686,11 @@ public class AssetMgr extends AssetMgrBase {
MessageEnums.DATA_NOT_FOUND, id, "dataSourceId",
"DataSource not found with " + "id " + id);
}
+
+ return getXResourceFile(xResource, fileType);
+ }
+
+ public File getXResourceFile(VXResource xResource, String fileType) {
File file = null;
try {
if (fileType != null) {
@@ -778,11 +781,9 @@ public class AssetMgr extends AssetMgrBase {
}
}
- public String getLatestRepoPolicy(String repository,
+ public String getLatestRepoPolicy(VXAsset xAsset, List<VXResource> xResourceList, Long updatedTime,
X509Certificate[] certchain, boolean httpEnabled, String epoch,
String ipAddress, boolean isSecure, String count, String agentId) {
-
- XXAsset xAsset = rangerDaoManager.getXXAsset().findByAssetName(repository);
if(xAsset==null){
logger.error("Requested repository not found");
throw restErrorUtil.createRESTException("No Data Found.",
@@ -793,9 +794,12 @@ public class AssetMgr extends AssetMgrBase {
throw restErrorUtil.createRESTException("Unauthorized access.",
MessageEnums.OPER_NO_EXPORT);
}
+
+ HashMap<String, Object> updatedRepo = new HashMap<String, Object>();
+ updatedRepo.put("repository_name", xAsset.getName());
XXPolicyExportAudit policyExportAudit = new XXPolicyExportAudit();
- policyExportAudit.setRepositoryName(repository);
+ policyExportAudit.setRepositoryName(xAsset.getName());
if (agentId != null && !agentId.isEmpty()) {
policyExportAudit.setAgentId(agentId);
@@ -872,29 +876,6 @@ public class AssetMgr extends AssetMgrBase {
}
}
- if (repository == null || repository.isEmpty()) {
-
- policyExportAudit
- .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST);
- createPolicyAudit(policyExportAudit);
-
- logger.error("Repository name not provided");
- throw restErrorUtil.createRESTException("Unauthorized access.",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
- }
-
-
-
- if (xAsset == null) {
- policyExportAudit
- .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST);
- createPolicyAudit(policyExportAudit);
-
- logger.error("Requested repository doesn't exist");
- throw restErrorUtil.createRESTException("Unauthorized access.",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
- }
-
if (policyCount == null) {
policyCount = 0l;
}
@@ -917,197 +898,168 @@ public class AssetMgr extends AssetMgrBase {
}
}
- // //////////////////////////////////////
- // Get latest updated time of repository
- // //////////////////////////////////////
- Timestamp luTime = rangerDaoManager.getXXResource()
- .getMaxUpdateTimeForAssetName(repository);
+ long epochTime = epoch != null ? Long.parseLong(epoch) : 0;
- HashMap<String, Object> updatedRepo = new HashMap<String, Object>();
- updatedRepo.put("repository_name", repository);
+ if(epochTime == updatedTime) {
+ int resourceListSz = (xResourceList == null) ? 0 : xResourceList.size() ;
+
+ if (policyCount == resourceListSz) {
+ policyExportAudit
+ .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_NOT_MODIFIED);
+ createPolicyAudit(policyExportAudit);
- Long updatedTime = 0l;
- List<HashMap<String, Object>> resourceList = new ArrayList<HashMap<String, Object>>();
-
- if (luTime != null) {
- updatedTime = luTime.getTime();
+ throw restErrorUtil.createRESTException(
+ HttpServletResponse.SC_NOT_MODIFIED,
+ "No change since last update", false);
+ }
}
-
- {
- List<XXResource> xResourceList = new ArrayList<XXResource>();
- long epochTime = epoch != null ? Long.parseLong(epoch) : 0;
+ List<HashMap<String, Object>> resourceList = new ArrayList<HashMap<String, Object>>();
- if(epochTime == updatedTime) {
- //TODO: instead of getting entire list, get just count(*) for the given repository
- xResourceList = rangerDaoManager.getXXResource().findUpdatedResourcesByAssetName(repository, new Date(0L));
-
- int resourceListSz = (xResourceList == null) ? 0 : xResourceList.size() ;
-
- if (policyCount == resourceListSz) {
- policyExportAudit
- .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_NOT_MODIFIED);
- createPolicyAudit(policyExportAudit);
-
- throw restErrorUtil.createRESTException(
- HttpServletResponse.SC_NOT_MODIFIED,
- "No change since last update", false);
+ // HDFS Repository
+ if (xAsset.getAssetType() == AppConstants.ASSET_HDFS) {
+ for (VXResource xResource : xResourceList) {
+ HashMap<String, Object> resourceMap = new HashMap<String, Object>();
+ resourceMap.put("id", xResource.getId());
+ resourceMap.put("resource", xResource.getName());
+ resourceMap.put("isRecursive",
+ getBooleanValue(xResource.getIsRecursive()));
+ resourceMap.put("policyStatus", RangerCommonEnums
+ .getLabelFor_ActiveStatus(xResource
+ .getResourceStatus()));
+ // resourceMap.put("isEncrypt",
+ // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
+ populatePermMap(xResource, resourceMap, AppConstants.ASSET_HDFS);
+ List<VXAuditMap> xAuditMaps = xResource.getAuditList();
+ if (xAuditMaps.size() != 0) {
+ resourceMap.put("audit", 1);
+ } else {
+ resourceMap.put("audit", 0);
}
-
- } else {
- xResourceList = rangerDaoManager.getXXResource().findUpdatedResourcesByAssetName(repository, new Date(0L));
- }
-
-
- // HDFS Repository
- if (xAsset.getAssetType() == AppConstants.ASSET_HDFS) {
- for (XXResource xResource : xResourceList) {
- HashMap<String, Object> resourceMap = new HashMap<String, Object>();
- resourceMap.put("id", xResource.getId());
- resourceMap.put("resource", xResource.getName());
- resourceMap.put("isRecursive",
- getBooleanValue(xResource.getIsRecursive()));
- resourceMap.put("policyStatus", RangerCommonEnums
- .getLabelFor_ActiveStatus(xResource
- .getResourceStatus()));
- // resourceMap.put("isEncrypt",
- // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
- populatePermMap(xResource, resourceMap, AppConstants.ASSET_HDFS);
- List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap()
- .findByResourceId(xResource.getId());
- if (xAuditMaps.size() != 0) {
- resourceMap.put("audit", 1);
- } else {
- resourceMap.put("audit", 0);
- }
- resourceList.add(resourceMap);
+ resourceList.add(resourceMap);
+ }
+ } else if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
+ for (VXResource xResource : xResourceList) {
+ HashMap<String, Object> resourceMap = new HashMap<String, Object>();
+ resourceMap.put("id", xResource.getId());
+ resourceMap.put("database_name", xResource.getDatabases());
+ resourceMap.put("policyStatus", RangerCommonEnums
+ .getLabelFor_ActiveStatus(xResource
+ .getResourceStatus()));
+ resourceMap.put("tablePolicyType", AppConstants
+ .getLabelFor_PolicyType(xResource.getTableType()));
+ resourceMap.put("columnPolicyType", AppConstants
+ .getLabelFor_PolicyType(xResource.getColumnType()));
+ int resourceType = xResource.getResourceType();
+ if (resourceType == AppConstants.RESOURCE_UDF) {
+ resourceMap.put("udf_name", xResource.getUdfs());
+ } else if (resourceType == AppConstants.RESOURCE_COLUMN) {
+ resourceMap.put("table_name", xResource.getTables());
+ resourceMap.put("column_name", xResource.getColumns());
+ } else if (resourceType == AppConstants.RESOURCE_TABLE) {
+ resourceMap.put("table_name", xResource.getTables());
}
- } else if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
- for (XXResource xResource : xResourceList) {
- HashMap<String, Object> resourceMap = new HashMap<String, Object>();
- resourceMap.put("id", xResource.getId());
- resourceMap.put("database_name", xResource.getDatabases());
- resourceMap.put("policyStatus", RangerCommonEnums
- .getLabelFor_ActiveStatus(xResource
- .getResourceStatus()));
- resourceMap.put("tablePolicyType", AppConstants
- .getLabelFor_PolicyType(xResource.getTableType()));
- resourceMap.put("columnPolicyType", AppConstants
- .getLabelFor_PolicyType(xResource.getColumnType()));
- int resourceType = xResource.getResourceType();
- if (resourceType == AppConstants.RESOURCE_UDF) {
- resourceMap.put("udf_name", xResource.getUdfs());
- } else if (resourceType == AppConstants.RESOURCE_COLUMN) {
- resourceMap.put("table_name", xResource.getTables());
- resourceMap.put("column_name", xResource.getColumns());
- } else if (resourceType == AppConstants.RESOURCE_TABLE) {
- resourceMap.put("table_name", xResource.getTables());
- }
- populatePermMap(xResource, resourceMap, AppConstants.ASSET_HIVE);
- List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap()
- .findByResourceId(xResource.getId());
- if (xAuditMaps.size() != 0) {
- resourceMap.put("audit", 1);
- } else {
- resourceMap.put("audit", 0);
- }
- resourceList.add(resourceMap);
+ populatePermMap(xResource, resourceMap, AppConstants.ASSET_HIVE);
+
+ List<VXAuditMap> xAuditMaps = xResource.getAuditList();
+ if (xAuditMaps.size() != 0) {
+ resourceMap.put("audit", 1);
+ } else {
+ resourceMap.put("audit", 0);
}
+ resourceList.add(resourceMap);
}
+ }
- else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
- for (XXResource xResource : xResourceList) {
- HashMap<String, Object> resourceMap = new HashMap<String, Object>();
+ else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
+ for (VXResource xResource : xResourceList) {
+ HashMap<String, Object> resourceMap = new HashMap<String, Object>();
- resourceMap.put("id", xResource.getId());
- resourceMap.put("table_name", xResource.getTables());
- resourceMap.put("column_name", xResource.getColumns());
- resourceMap.put("column_families",
- xResource.getColumnFamilies());
- resourceMap.put("policyStatus", RangerCommonEnums
- .getLabelFor_ActiveStatus(xResource
- .getResourceStatus()));
- if (xResource.getIsEncrypt() == 1) {
- resourceMap.put("encrypt", 1);
- } else {
- resourceMap.put("encrypt", 0);
- }
- // resourceMap.put("isEncrypt",
- // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
- populatePermMap(xResource, resourceMap, AppConstants.ASSET_HBASE);
- List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap()
- .findByResourceId(xResource.getId());
- if (xAuditMaps.size() != 0) {
- resourceMap.put("audit", 1);
- } else {
- resourceMap.put("audit", 0);
- }
- resourceList.add(resourceMap);
+ resourceMap.put("id", xResource.getId());
+ resourceMap.put("table_name", xResource.getTables());
+ resourceMap.put("column_name", xResource.getColumns());
+ resourceMap.put("column_families",
+ xResource.getColumnFamilies());
+ resourceMap.put("policyStatus", RangerCommonEnums
+ .getLabelFor_ActiveStatus(xResource
+ .getResourceStatus()));
+ if (xResource.getIsEncrypt() == 1) {
+ resourceMap.put("encrypt", 1);
+ } else {
+ resourceMap.put("encrypt", 0);
}
+ // resourceMap.put("isEncrypt",
+ // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
+ populatePermMap(xResource, resourceMap, AppConstants.ASSET_HBASE);
+ List<VXAuditMap> xAuditMaps = xResource.getAuditList();
+ if (xAuditMaps.size() != 0) {
+ resourceMap.put("audit", 1);
+ } else {
+ resourceMap.put("audit", 0);
+ }
+ resourceList.add(resourceMap);
}
- else if (xAsset.getAssetType() == AppConstants.ASSET_KNOX) {
- for (XXResource xResource : xResourceList) {
- HashMap<String, Object> resourceMap = new HashMap<String, Object>();
-
- resourceMap.put("id", xResource.getId());
- resourceMap.put("topology_name", xResource.getTopologies()) ;
- resourceMap.put("service_name", xResource.getServices()) ;
- resourceMap.put("policyStatus", RangerCommonEnums
- .getLabelFor_ActiveStatus(xResource
- .getResourceStatus()));
- if (xResource.getIsEncrypt() == 1) {
- resourceMap.put("encrypt", 1);
- } else {
- resourceMap.put("encrypt", 0);
- }
- // resourceMap.put("isEncrypt",
- // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
- populatePermMap(xResource, resourceMap, AppConstants.ASSET_KNOX);
- List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap()
- .findByResourceId(xResource.getId());
- if (xAuditMaps.size() != 0) {
- resourceMap.put("audit", 1);
- } else {
- resourceMap.put("audit", 0);
- }
- resourceList.add(resourceMap);
+ }
+ else if (xAsset.getAssetType() == AppConstants.ASSET_KNOX) {
+ for (VXResource xResource : xResourceList) {
+ HashMap<String, Object> resourceMap = new HashMap<String, Object>();
+
+ resourceMap.put("id", xResource.getId());
+ resourceMap.put("topology_name", xResource.getTopologies()) ;
+ resourceMap.put("service_name", xResource.getServices()) ;
+ resourceMap.put("policyStatus", RangerCommonEnums
+ .getLabelFor_ActiveStatus(xResource
+ .getResourceStatus()));
+ if (xResource.getIsEncrypt() == 1) {
+ resourceMap.put("encrypt", 1);
+ } else {
+ resourceMap.put("encrypt", 0);
}
-
- }
- else if (xAsset.getAssetType() == AppConstants.ASSET_STORM) {
- for (XXResource xResource : xResourceList) {
- HashMap<String, Object> resourceMap = new HashMap<String, Object>();
-
- resourceMap.put("id", xResource.getId());
- resourceMap.put("topology_name", xResource.getTopologies()) ;
- resourceMap.put("policyStatus", RangerCommonEnums
- .getLabelFor_ActiveStatus(xResource
- .getResourceStatus()));
- if (xResource.getIsEncrypt() == 1) {
- resourceMap.put("encrypt", 1);
- } else {
- resourceMap.put("encrypt", 0);
- }
- populatePermMap(xResource, resourceMap, AppConstants.ASSET_STORM);
- List<XXAuditMap> xAuditMaps = rangerDaoManager.getXXAuditMap()
- .findByResourceId(xResource.getId());
- if (xAuditMaps.size() != 0) {
- resourceMap.put("audit", 1);
- } else {
- resourceMap.put("audit", 0);
- }
- resourceList.add(resourceMap);
- }
- } else {
- policyExportAudit
- .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST);
- createPolicyAudit(policyExportAudit);
- throw restErrorUtil.createRESTException(
- "The operation isn't yet supported for the repository",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
+ // resourceMap.put("isEncrypt",
+ // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
+ populatePermMap(xResource, resourceMap, AppConstants.ASSET_KNOX);
+ List<VXAuditMap> xAuditMaps = xResource.getAuditList();
+ if (xAuditMaps.size() != 0) {
+ resourceMap.put("audit", 1);
+ } else {
+ resourceMap.put("audit", 0);
+ }
+ resourceList.add(resourceMap);
}
+
+ }
+ else if (xAsset.getAssetType() == AppConstants.ASSET_STORM) {
+ for (VXResource xResource : xResourceList) {
+ HashMap<String, Object> resourceMap = new HashMap<String, Object>();
+
+ resourceMap.put("id", xResource.getId());
+ resourceMap.put("topology_name", xResource.getTopologies()) ;
+ resourceMap.put("policyStatus", RangerCommonEnums
+ .getLabelFor_ActiveStatus(xResource
+ .getResourceStatus()));
+ if (xResource.getIsEncrypt() == 1) {
+ resourceMap.put("encrypt", 1);
+ } else {
+ resourceMap.put("encrypt", 0);
+ }
+ populatePermMap(xResource, resourceMap, AppConstants.ASSET_STORM);
+ List<VXAuditMap> xAuditMaps = xResource.getAuditList();
+ if (xAuditMaps.size() != 0) {
+ resourceMap.put("audit", 1);
+ } else {
+ resourceMap.put("audit", 0);
+ }
+ resourceList.add(resourceMap);
+ }
+ } else {
+ policyExportAudit
+ .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST);
+ createPolicyAudit(policyExportAudit);
+ throw restErrorUtil.createRESTException(
+ "The operation isn't yet supported for the repository",
+ MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
policyCount = Long.valueOf(resourceList.size());
@@ -1963,20 +1915,19 @@ public class AssetMgr extends AssetMgrBase {
}
}
@SuppressWarnings("unchecked")
- private HashMap<String, Object> populatePermMap(XXResource xResource,
+ private HashMap<String, Object> populatePermMap(VXResource xResource,
HashMap<String, Object> resourceMap, int assetType) {
- List<XXPermMap> xPermMapList = rangerDaoManager.getXXPermMap()
- .findByResourceId(xResource.getId());
+ List<VXPermMap> xPermMapList = xResource.getPermMapList();
Set<Long> groupList = new HashSet<Long>();
- for (XXPermMap xPermMap : xPermMapList) {
+ for (VXPermMap xPermMap : xPermMapList) {
groupList.add(xPermMap.getId());
}
List<HashMap<String, Object>> sortedPermMapGroupList = new ArrayList<HashMap<String, Object>>();
// Loop for adding group perms
- for (XXPermMap xPermMap : xPermMapList) {
+ for (VXPermMap xPermMap : xPermMapList) {
String groupKey = xPermMap.getPermGroup();
if (groupKey != null) {
boolean found = false;
@@ -1988,21 +1939,17 @@ public class AssetMgr extends AssetMgrBase {
Long userId = xPermMap.getUserId();
if (groupId != null) {
- Set<String> groups = (Set<String>) sortedPermMap
- .get("groups");
- XXGroup xGroup = rangerDaoManager.getXXGroup()
- .getById(groupId);
- if(xGroup!=null && groups != null){
- groups.add(xGroup.getName());
+ Set<String> groups = (Set<String>) sortedPermMap.get("groups");
+
+ if(groups != null){
+ groups.add(xPermMap.getGroupName());
sortedPermMap.put("groups", groups);
}
} else if (userId != null) {
- Set<String> users = (Set<String>) sortedPermMap
- .get("users");
- XXUser xUser = rangerDaoManager.getXXUser().getById(
- userId);
- if (users != null && xUser != null) {
- users.add(xUser.getName());
+ Set<String> users = (Set<String>) sortedPermMap.get("users");
+
+ if (users != null) {
+ users.add(xPermMap.getUserName());
sortedPermMap.put("users", users);
}
}
@@ -2040,16 +1987,12 @@ public class AssetMgr extends AssetMgrBase {
if (groupId != null) {
Set<String> groupSet = new HashSet<String>();
- XXGroup xGroup = rangerDaoManager.getXXGroup().getById(
- xPermMap.getGroupId());
- String group = xGroup.getName();
+ String group = xPermMap.getGroupName();
groupSet.add(group);
sortedPermMap.put("groups", groupSet);
} else if (userId != null) {
Set<String> userSet = new HashSet<String>();
- XXUser xUser = rangerDaoManager.getXXUser()
- .getById(userId);
- String user = xUser.getName();
+ String user = xPermMap.getUserName();
userSet.add(user);
sortedPermMap.put("users", userSet);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84382d38/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
index 94d174f..fa74642 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
@@ -244,7 +244,7 @@ public class ServiceUtil {
VXAuditMap auditMap = new VXAuditMap();
auditMap.setResourceId(policy.getId());
- auditMap.setAuditType(1);
+ auditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);
auditList = new ArrayList<VXAuditMap>();
auditList.add(auditMap);
@@ -296,6 +296,10 @@ public class ServiceUtil {
for(String userName : policyItem.getUsers()) {
for(RangerPolicyItemAccess access : policyItem.getAccesses()) {
+ if(! access.getIsAllowed()) {
+ continue;
+ }
+
VXPermMap permMap = new VXPermMap();
permMap.setPermFor(AppConstants.XA_PERM_FOR_USER);
@@ -307,11 +311,28 @@ public class ServiceUtil {
permMapList.add(permMap);
}
+
+ if(policyItem.getDelegateAdmin()) {
+ VXPermMap permMap = new VXPermMap();
+
+ permMap.setPermFor(AppConstants.XA_PERM_FOR_USER);
+ permMap.setPermGroup(new Integer(permGroup).toString());
+ permMap.setUserName(userName);
+ permMap.setUserId(getUserId(userName));
+ permMap.setPermType(toPermType("Admin"));
+ permMap.setIpAddress(ipAddress);
+
+ permMapList.add(permMap);
+ }
}
permGroup++;
for(String groupName : policyItem.getGroups()) {
for(RangerPolicyItemAccess access : policyItem.getAccesses()) {
+ if(! access.getIsAllowed()) {
+ continue;
+ }
+
VXPermMap permMap = new VXPermMap();
permMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP);
@@ -323,6 +344,19 @@ public class ServiceUtil {
permMapList.add(permMap);
}
+
+ if(policyItem.getDelegateAdmin()) {
+ VXPermMap permMap = new VXPermMap();
+
+ permMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP);
+ permMap.setPermGroup(new Integer(permGroup).toString());
+ permMap.setGroupName(groupName);
+ permMap.setGroupId(getGroupId(groupName));
+ permMap.setPermType(toPermType("Admin"));
+ permMap.setIpAddress(ipAddress);
+
+ permMapList.add(permMap);
+ }
}
permGroup++;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84382d38/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
index f160382..4fd4cc8 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
@@ -70,7 +70,6 @@ import org.apache.ranger.view.VXPolicyExportAuditList;
import org.apache.ranger.view.VXResource;
import org.apache.ranger.view.VXResourceList;
import org.apache.ranger.view.VXResponse;
-import org.apache.ranger.view.VXStringList;
import org.apache.ranger.view.VXTrxLogList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
@@ -420,57 +419,6 @@ public class AssetREST {
}
@GET
- @Path("/hdfs/resources")
- @Produces({ "application/xml", "application/json" })
- public VXStringList pullHdfsResources(@Context HttpServletRequest request) {
- String dataSourceName = request.getParameter("dataSourceName");
- String baseDir = request.getParameter("baseDirectory");
- return assetMgr.getHdfsResources(dataSourceName, baseDir);
- }
-
- @GET
- @Path("/hive/resources")
- @Produces({ "application/xml", "application/json" })
- public VXStringList pullHiveResources(@Context HttpServletRequest request) {
- String dataSourceName = request.getParameter("dataSourceName");
- String databaseName = request.getParameter("databaseName");
- String tableName = request.getParameter("tableName");
- String columnName = request.getParameter("columnName");
- return assetMgr.getHiveResources(dataSourceName, databaseName,
- tableName, columnName);
- }
-
- @GET
- @Path("/hbase/resources")
- @Produces({ "application/xml", "application/json" })
- public VXStringList pullHBaseResources(@Context HttpServletRequest request) {
- String dataSourceName = request.getParameter("dataSourceName");
- String tableName = request.getParameter("tableName");
- String columnFamiles = request.getParameter("columnFamilies");
- return assetMgr.getHBaseResources(dataSourceName, tableName,
- columnFamiles);
- }
-
- @GET
- @Path("/knox/resources")
- @Produces({ "application/xml", "application/json" })
- public VXStringList pullKnoxResources(@Context HttpServletRequest request) {
- String dataSourceName = request.getParameter("dataSourceName");
- String topologyName = request.getParameter("topologyName");
- String serviceName = request.getParameter("serviceName");
- return assetMgr.getKnoxResources(dataSourceName, topologyName, serviceName);
- }
-
- @GET
- @Path("/storm/resources")
- @Produces({ "application/xml", "application/json" })
- public VXStringList pullStormResources(@Context HttpServletRequest request) {
- String dataSourceName = request.getParameter("dataSourceName");
- String topologyName = request.getParameter("topologyName");
- return assetMgr.getStormResources(dataSourceName, topologyName);
- }
-
- @GET
@Path("/credstores/{id}")
@Produces({ "application/xml", "application/json" })
public VXCredentialStore getXCredentialStore(@PathParam("id") Long id) {
@@ -530,7 +478,10 @@ public class AssetREST {
new SearchCriteria(), "fileType", "File type",
StringUtil.VALIDATION_TEXT);
- File file = assetMgr.getXResourceFile(id, fileType);
+ VXResource resource = getXResource(id);
+
+ File file = assetMgr.getXResourceFile(resource, fileType);
+
return Response
.ok(file, MediaType.APPLICATION_OCTET_STREAM)
.header("Content-Disposition",
@@ -543,32 +494,33 @@ public class AssetREST {
public String getResourceJSON(@Context HttpServletRequest request,
@PathParam("repository") String repository) {
- boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true);
- String epoch = request.getParameter("epoch");
+ String epoch = request.getParameter("epoch");
+ X509Certificate[] certchain = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
+ String ipAddress = request.getHeader("X-FORWARDED-FOR");
+ boolean isSecure = request.isSecure();
+ String policyCount = request.getParameter("policyCount");
+ String agentId = request.getParameter("agentId");
- X509Certificate[] certchain = (X509Certificate[]) request.getAttribute(
- "javax.servlet.request.X509Certificate");
-
- String ipAddress = request.getHeader("X-FORWARDED-FOR");
if (ipAddress == null) {
ipAddress = request.getRemoteAddr();
}
- boolean isSecure = request.isSecure();
-
- String policyCount = request.getParameter("policyCount");
- String agentId = request.getParameter("agentId");
-
-// File file = assetMgr.getLatestRepoPolicy(repository,
-// certchain, httpEnabled, epoch, ipAddress, isSecure, policyCount, agentId);
-
+ boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true);
-// return Response
-// .ok(file, MediaType.APPLICATION_OCTET_STREAM)
-// .header("Content-Disposition",
-// "attachment;filename=" + file.getName()).build();
+ RangerService service = serviceREST.getServiceByName(repository);
+ List<RangerPolicy> policies = serviceREST.getServicePolicies(repository, request);
+
+ long policyUpdTime = (service != null && service.getPolicyUpdateTime() != null) ? service.getPolicyUpdateTime().getTime() : 0l;
+ VXAsset vAsset = serviceUtil.toVXAsset(service);
+ List<VXResource> vResourceList = new ArrayList<VXResource>();
- String file = assetMgr.getLatestRepoPolicy(repository,
+ if(policies != null) {
+ for(RangerPolicy policy : policies) {
+ vResourceList.add(serviceUtil.toVXResource(policy, service));
+ }
+ }
+
+ String file = assetMgr.getLatestRepoPolicy(vAsset, vResourceList, policyUpdTime,
certchain, httpEnabled, epoch, ipAddress, isSecure, policyCount, agentId);
return file;