You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2021/04/15 07:57:45 UTC
[ranger] branch ranger-2.2 updated (3da2dee -> 9b6fad5)
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a change to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git.
from 3da2dee RANGER-3212: Fix packaging for Java Client
new ff0682b RANGER-3214 : Configure default audit filters when ranger repo is created
new 9b6fad5 RANGER-3234 : Ranger db patch no 045 is failing for oracle db
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../service-defs/ranger-servicedef-atlas.json | 13 ++
.../service-defs/ranger-servicedef-hbase.json | 13 ++
.../service-defs/ranger-servicedef-hdfs.json | 13 ++
.../service-defs/ranger-servicedef-hive.json | 13 ++
.../service-defs/ranger-servicedef-kafka.json | 13 ++
.../service-defs/ranger-servicedef-knox.json | 13 ++
.../service-defs/ranger-servicedef-ozone.json | 13 ++
.../service-defs/ranger-servicedef-solr.json | 13 ++
.../optimized/current/ranger_core_db_mysql.sql | 2 +
.../optimized/current/ranger_core_db_oracle.sql | 2 +
...playName-col-in-x_service_def_and_x_service.sql | 12 +-
.../optimized/current/ranger_core_db_postgres.sql | 2 +
.../current/ranger_core_db_sqlanywhere.sql | 4 +
.../optimized/current/ranger_core_db_sqlserver.sql | 2 +
.../java/org/apache/ranger/biz/ServiceDBStore.java | 7 +
...viceDefUpdateForDefaultAuditFilters_J10049.java | 186 +++++++++++++++++++++
.../patch/PatchForDefaultAuidtFilters_J10050.java | 159 ++++++++++++++++++
.../views/service/RangerServiceViewDetail.js | 9 +-
.../webapp/scripts/views/service/ServiceForm.js | 9 +
19 files changed, 488 insertions(+), 10 deletions(-)
create mode 100644 security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.java
create mode 100644 security-admin/src/main/java/org/apache/ranger/patch/PatchForDefaultAuidtFilters_J10050.java
[ranger] 01/02: RANGER-3214 : Configure default audit filters when
ranger repo is created
Posted by me...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit ff0682b35dd6008627c87695b19d607e57548f62
Author: Dineshkumar Yadav <di...@outlook.com>
AuthorDate: Wed Apr 14 13:49:16 2021 +0530
RANGER-3214 : Configure default audit filters when ranger repo is created
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../service-defs/ranger-servicedef-atlas.json | 13 ++
.../service-defs/ranger-servicedef-hbase.json | 13 ++
.../service-defs/ranger-servicedef-hdfs.json | 13 ++
.../service-defs/ranger-servicedef-hive.json | 13 ++
.../service-defs/ranger-servicedef-kafka.json | 13 ++
.../service-defs/ranger-servicedef-knox.json | 13 ++
.../service-defs/ranger-servicedef-ozone.json | 13 ++
.../service-defs/ranger-servicedef-solr.json | 13 ++
.../optimized/current/ranger_core_db_mysql.sql | 2 +
.../optimized/current/ranger_core_db_oracle.sql | 2 +
.../optimized/current/ranger_core_db_postgres.sql | 2 +
.../current/ranger_core_db_sqlanywhere.sql | 4 +
.../optimized/current/ranger_core_db_sqlserver.sql | 2 +
.../java/org/apache/ranger/biz/ServiceDBStore.java | 7 +
...viceDefUpdateForDefaultAuditFilters_J10049.java | 186 +++++++++++++++++++++
.../patch/PatchForDefaultAuidtFilters_J10050.java | 159 ++++++++++++++++++
.../views/service/RangerServiceViewDetail.js | 9 +-
.../webapp/scripts/views/service/ServiceForm.js | 9 +
18 files changed, 482 insertions(+), 4 deletions(-)
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
index 4ce7ec9..d8331db 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
@@ -441,6 +441,19 @@
"type": "string",
"mandatory": false,
"label": "Common Name for Certificate"
+ },
+
+ {
+ "itemId": 5,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['atlas'] ,'isAudited':false} ]"
}
],
"options": {
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
index 594e175..791b5bc 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
@@ -208,6 +208,19 @@
"validationMessage": "",
"uiHint":"",
"label": "Common Name for Certificate"
+ },
+
+ {
+ "itemId": 10,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'table':{'values':['*-ROOT-*','*.META.*', '*_acl_*', 'hbase:meta', 'hbase:acl']}}, 'users':['hbase'], 'isAudited': false }, {'resources':{'table':{'values':['atlas_janus','ATLAS_ENTITY_AUDIT_EVENTS']},'column-family':{'values':['*']},'column':{'values':['*']}},'users':['atlas'],'isAudited':false},{'users':['hbase'], 'actions':['balance'],'isAudited':false}]"
}
],
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
index fbb16d7..b04b906 100755
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
@@ -180,6 +180,19 @@
"validationMessage": "",
"uiHint":"",
"label": "Common Name for Certificate"
+ },
+
+ {
+ "itemId": 12,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true}, {'actions':['delete','rename'],'isAudited':true}, {'users':['hdfs'], 'actions': ['listStatus', 'getfileinfo', 'listCachePools','listCacheDirectives'], 'isAudited': false}, {'actions': ['getfileinfo'], 'isAudited':false} ]"
}
],
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
index 42df0a8..ab8ca5c 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
@@ -302,6 +302,19 @@
"validationMessage": "",
"uiHint":"",
"label": "Common Name for Certificate"
+ },
+
+ {
+ "itemId": 6,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'actions':['METADATA OPERATION'], 'isAudited': false}, {'users':['hive','hue'],'actions':['SHOW_ROLES'],'isAudited':false} ]"
}
],
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
index 6ea52f7..1deb969 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
@@ -211,6 +211,19 @@
"type":"string",
"mandatory":false,
"label":"Ranger Plugin SSL CName"
+ },
+
+ {
+ "itemId": 5,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'topic':{'values':['ATLAS_ENTITIES']}},'users':['atlas'],'actions':['publish'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_HOOK']}},'users':['atlas'],'actions':['consume'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_HOOK']}},'users':['hive','hbase','impala','nifi'],'actions':['publish'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_ENTITIES']}},'users':['rangertagsy [...]
}
],
"enums":[
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
index aa0f672..410b9ef 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
@@ -100,6 +100,19 @@
"validationMessage": "",
"uiHint":"",
"label": "Common Name for Certificate"
+ },
+
+ {
+ "itemId":5,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['knox'] ,'isAudited':false} ]"
}
],
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
index b9a0275..a009ab2 100755
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
@@ -199,6 +199,19 @@
"validationRegEx":"",
"validationMessage": "",
"uiHint":""
+ },
+
+ {
+ "itemId": 7,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['om'] ,'isAudited':false} ]"
}
],
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
index ec2ebcf..dfaa2f7 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
@@ -95,6 +95,19 @@
"validationMessage":"",
"uiHint":"",
"label":"Ranger Plugin SSL CName"
+ },
+
+ {
+ "itemId":600,
+ "name": "ranger.plugin.audit.filters",
+ "type": "string",
+ "subType": "",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Ranger Default Audit Filters",
+ "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['hive','hdfs','kafka','hbase','solr','rangerraz','knox','atlas'] ,'isAudited':false} ]"
}
],
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 7179dc9..9d0cd9d 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1834,4 +1834,6 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10044',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10045',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10046',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 40917cd..1904c68 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -2048,5 +2048,7 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10044',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10045',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10046',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10049',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10050',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
commit;
diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index ba9eb01..51ef67b 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1972,6 +1972,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10044',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10045',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10046',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
DROP VIEW IF EXISTS vx_trx_log;
diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 371846f..97ddb5d 100644
--- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -2393,6 +2393,10 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10046',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
exit
diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 90004ec..d150150 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -4169,6 +4169,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10044',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10045',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10046',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
CREATE VIEW [dbo].[vx_trx_log] AS
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index a7871ed..4fb71f0 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -246,6 +246,7 @@ public class ServiceDBStore extends AbstractServiceStore {
public static Integer TAG_RETENTION_PERIOD_IN_DAYS = 3;
private static final String RANGER_PLUGIN_CONFIG_PREFIX = "ranger.plugin.";
+ public static final String RANGER_PLUGIN_AUDIT_FILTERS = "ranger.plugin.audit.filters";
static {
try {
@@ -3451,6 +3452,12 @@ public class ServiceDBStore extends AbstractServiceStore {
"Please provide value of mandatory: "+ svcConfDef.getName(),
MessageEnums.INVALID_INPUT_DATA);
}
+
+ if (StringUtils.equals(svcConfDef.getName(), RANGER_PLUGIN_AUDIT_FILTERS) && !configs.containsKey(RANGER_PLUGIN_AUDIT_FILTERS)) {
+ if (svcConfDef.getDefaultvalue() != null) {
+ configs.put(RANGER_PLUGIN_AUDIT_FILTERS, svcConfDef.getDefaultvalue());
+ }
+ }
}
Map<String, String> validConfigs = new HashMap<String, String>();
for(Entry<String, String> config : configs.entrySet()) {
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.java
new file mode 100644
index 0000000..d8abc0a
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.java
@@ -0,0 +1,186 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.List;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXServiceConfigDefDao;
+import org.apache.ranger.entity.XXServiceConfigDef;
+import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.service.RangerServiceDefService;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049 extends BaseLoader {
+ private static final Logger logger = Logger
+ .getLogger(PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.class);
+
+ @Autowired
+ RangerDaoManager daoMgr;
+
+ @Autowired
+ ServiceDBStore svcDBStore;
+
+ @Autowired
+ RangerServiceDefService serviceDefService;
+
+ @Autowired
+ StringUtil stringUtil;
+
+ public static void main(String[] args) {
+ try {
+ PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049 loader = (PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049) CLIUtil
+ .getBean(PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.class);
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting!!!");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==> PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.execLoad()");
+ try {
+ updateAllServiceDef();
+ } catch (Exception e) {
+ logger.error("Error in PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.execLoad()", e);
+ }
+ logger.info("<== PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.execLoad()");
+ }
+
+ @Override
+ public void printStats() {
+ logger.info("adding default audit-filters to all service-defs");
+ }
+
+ private void updateAllServiceDef() throws Exception {
+ if(logger.isDebugEnabled()) {
+ logger.debug("==> PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.updateAllServiceDef()");
+ }
+ List<XXServiceDef> allXXServiceDefs;
+ allXXServiceDefs = daoMgr.getXXServiceDef().getAll();
+
+ if (CollectionUtils.isNotEmpty(allXXServiceDefs)) {
+ logger.info("Found " + allXXServiceDefs.size() + " services-defs");
+ for (XXServiceDef xxServiceDef : allXXServiceDefs) {
+
+ String serviceDefName = xxServiceDef.getName();
+
+ try {
+ RangerServiceConfigDef defualtAuditFiltersSvcConfDef = getDefaultAuditFiltersByServiceDef(serviceDefName);
+
+ if (defualtAuditFiltersSvcConfDef == null) {
+ logger.info("No default audit-filter available for service-def " + serviceDefName + ". Skipped");
+ continue;
+ }
+
+ RangerServiceDef serviceDef = svcDBStore.getServiceDefByName(serviceDefName);
+
+ if (serviceDef != null) {
+ List<RangerServiceConfigDef> svcConfDefList = serviceDef.getConfigs();
+ boolean defaultAuditFiltresFound = false;
+ for (RangerServiceConfigDef svcConfDef : svcConfDefList) {
+ if (StringUtils.equals(svcConfDef.getName(), ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) {
+ defaultAuditFiltresFound = true;
+ break;
+ }
+ }
+ if (!defaultAuditFiltresFound) {
+ logger.info("adding default audit-filter for service-def:[" + serviceDefName + "]");
+ int sortOrder = serviceDef.getConfigs().size() - 1;
+ addDefaultAuditFilterConfig(defualtAuditFiltersSvcConfDef, xxServiceDef, sortOrder);
+ logger.info("Completed adding default audit-filter for service-def:[" + serviceDefName + "]");
+ }else {
+ logger.info("default audit-filter already available for service-def " + serviceDefName + ". Skipped");
+ }
+
+ }else {
+ logger.info("No service-def:[" + serviceDefName + "] found");
+ }
+
+ } catch (Exception e) {
+ logger.error("Error while adding default audit-filter service-def:[" + serviceDefName + "]", e);
+ }
+ }
+ }else {
+ logger.info("No service-def found");
+ }
+ if(logger.isDebugEnabled()) {
+ logger.debug("<== PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.updateAllServiceDef()");
+ }
+ }
+
+ private RangerServiceConfigDef getDefaultAuditFiltersByServiceDef(String serviceDefName) throws Exception {
+ if(logger.isDebugEnabled()) {
+ logger.debug("==> PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.getDefaultAuditFiltersByServiceDef() for serviceDefName:["+serviceDefName+ "]");
+ }
+ RangerServiceConfigDef ret = null;
+ RangerServiceDef embeddedAtlasServiceDef = null;
+ embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(serviceDefName);
+
+ List<RangerServiceConfigDef> svcConfDefList = embeddedAtlasServiceDef.getConfigs();
+ for (RangerServiceConfigDef svcConfDef : svcConfDefList) {
+ if (StringUtils.equals(svcConfDef.getName(), ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) {
+ ret = svcConfDef;
+ break;
+ }
+ }
+
+ if(logger.isDebugEnabled()) {
+ logger.debug("<== PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.getDefaultAuditFiltersByServiceDef() for serviceDefName:["+serviceDefName+"] ret : "+ret);
+ }
+ return ret;
+ }
+
+ private void addDefaultAuditFilterConfig(RangerServiceConfigDef config, XXServiceDef createdSvcDef, int sortOrder) {
+ if(logger.isDebugEnabled()) {
+ logger.debug("==> PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.addDefaultAuditFilterConfig() for config:["+config+"] sortOrder: "+sortOrder );
+ }
+ XXServiceConfigDefDao xxServiceConfigDao = daoMgr.getXXServiceConfigDef();
+ XXServiceConfigDef xConfig = new XXServiceConfigDef();
+ xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef,
+ RangerServiceDefService.OPERATION_CREATE_CONTEXT);
+ xConfig.setOrder(sortOrder);
+ xConfig = xxServiceConfigDao.create(xConfig);
+ if(logger.isDebugEnabled()) {
+ logger.debug("<== PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.addDefaultAuditFilterConfig() for config:["+config+"] sortOrder: "+sortOrder);
+ }
+ }
+}
\ No newline at end of file
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForDefaultAuidtFilters_J10050.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForDefaultAuidtFilters_J10050.java
new file mode 100644
index 0000000..542f395
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForDefaultAuidtFilters_J10050.java
@@ -0,0 +1,159 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXServiceConfigMapDao;
+import org.apache.ranger.entity.XXService;
+import org.apache.ranger.entity.XXServiceConfigDef;
+import org.apache.ranger.entity.XXServiceConfigMap;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.service.RangerAuditFields;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PatchForDefaultAuidtFilters_J10050 extends BaseLoader {
+
+ private static final Logger logger = Logger.getLogger(PatchForDefaultAuidtFilters_J10050.class);
+
+ @Autowired
+ RangerDaoManager daoMgr;
+
+ @Autowired
+ ServiceDBStore svcStore;
+
+ @Autowired
+ RangerAuditFields<?> rangerAuditFields;
+
+ public static void main(String[] args) {
+
+ logger.info("main()");
+ try {
+ PatchForDefaultAuidtFilters_J10050 loader = (PatchForDefaultAuidtFilters_J10050) CLIUtil
+ .getBean(PatchForDefaultAuidtFilters_J10050.class);
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting!!!");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ @Override
+ public void printStats() {
+ logger.info("adding default audit-filters to all services");
+
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==> PatchForDefaultAuidtFilters.execLoad()");
+
+ try {
+ addDefaultAuditFilters();
+ } catch (Exception e) {
+ logger.error("Error while PatchForDefaultAuidtFilters", e);
+ System.exit(1);
+ }
+ logger.info("<== PatchForDefaultAuidtFilters.execLoad()");
+ }
+
+ private void addDefaultAuditFilters() throws Exception {
+ logger.debug("==> PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilters()");
+
+ Map<String, String> defaultAuditFiltersMap = null;
+
+ List<XXService> xxServiceList = daoMgr.getXXService().getAll();
+
+ if (CollectionUtils.isNotEmpty(xxServiceList)) {
+ logger.info("Found " + xxServiceList.size() + " services");
+ defaultAuditFiltersMap = new HashMap<String, String>();
+
+ for (XXService xservice : xxServiceList) {
+ RangerService rangerService = svcStore.getServiceByName(xservice.getName());
+ if (rangerService != null && !rangerService.getConfigs().containsKey(ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) {
+
+ if (!defaultAuditFiltersMap.containsKey(rangerService.getType())) {
+ List<XXServiceConfigDef> svcConfDefList = daoMgr.getXXServiceConfigDef()
+ .findByServiceDefName(rangerService.getType());
+ for(XXServiceConfigDef svcConfDef : svcConfDefList) {
+ if(StringUtils.equals(svcConfDef.getName(),ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) {
+ defaultAuditFiltersMap.put(rangerService.getType(), svcConfDef.getDefaultvalue());
+ continue;
+ }
+ }
+ }
+
+ if (defaultAuditFiltersMap.get(rangerService.getType()) != null) {
+ Map<String, String> configs = rangerService.getConfigs();
+ if (!configs.containsKey(ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) {
+ logger.info("adding default audit-filter to service " + rangerService.getName());
+ addDefaultAuditFilterConfig(xservice, defaultAuditFiltersMap.get(rangerService.getType()));
+ }
+ }else {
+ logger.info("No default audit-filter available for service " + rangerService.getName() + ". Skipped");
+ }
+ }
+ }
+ }
+
+ logger.info("<== PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilters()");
+ }
+
+ private void addDefaultAuditFilterConfig(XXService xservice, String defaultValue) {
+ if (logger.isDebugEnabled()) {
+ logger.debug("==> PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilterConfig() for service (id="
+ + xservice.getId() + ")");
+ }
+ try {
+ XXServiceConfigMapDao xConfMapDao = daoMgr.getXXServiceConfigMap();
+ XXServiceConfigMap xConfMap = new XXServiceConfigMap();
+ xConfMap = (XXServiceConfigMap) rangerAuditFields.populateAuditFields(xConfMap, xservice);
+ xConfMap.setServiceId(xservice.getId());
+ xConfMap.setConfigkey(ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS);
+ xConfMap.setConfigvalue(defaultValue);
+ xConfMapDao.create(xConfMap);
+ } catch (Exception e) {
+ logger.error("default audit filters addition for service (id=" + xservice.getId() + ") failed!!");
+ throw e;
+ }
+ if (logger.isDebugEnabled()) {
+ logger.debug("<== PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilterConfig()");
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js b/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
index c8a47a4..e057cb1 100644
--- a/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
+++ b/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
@@ -89,10 +89,11 @@ define(function(require) {
customConfigs = _.omit(customConfigs , m.name);
})
this.conf = configs;
- this.auditFilters = (_.isEmpty(customConfigs) && _.isUndefined(customConfigs['ranger.plugin.audit.filters'])) ?
- false : customConfigs['ranger.plugin.audit.filters'];
- this.customConfigs = _.isEmpty(_.omit(customConfigs, 'ranger.plugin.audit.filters')) ?
- false : _.omit(customConfigs, 'ranger.plugin.audit.filters');
+ this.auditFilters = (_.isEmpty(this.conf) && _.isUndefined(this.conf['Ranger Default Audit Filters'])) ?
+ false : this.conf['Ranger Default Audit Filters'];
+ this.conf = _.omit(this.conf, 'Ranger Default Audit Filters')
+ this.customConfigs = _.isEmpty(_.omit(customConfigs, 'Ranger Default Audit Filters')) ?
+ false : _.omit(customConfigs, 'Ranger Default Audit Filters');
if(this.auditFilters){
this.auditFilters = JSON.parse((this.auditFilters).replace(/'/g, '"'));
}
diff --git a/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js b/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js
index 983f65b..41872af 100644
--- a/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js
+++ b/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js
@@ -110,6 +110,13 @@ define(function(require){
var auditFilterCollValue = this.model.get('configs')['ranger.plugin.audit.filters'];
delete this.model.get('configs')['ranger.plugin.audit.filters']
}
+ var configs = this.rangerServiceDefModel.get('configs');
+ var auditFilterCollValueIndex = _.findIndex(configs,function(m){
+ return m.name == 'ranger.plugin.audit.filters'
+ })
+ if(auditFilterCollValueIndex != -1) {
+ configs.splice(auditFilterCollValueIndex, 1);
+ }
_.each(this.model.get('configs'),function(value, name){
var configObj = _.findWhere(this.rangerServiceDefModel.get('configs'),{'name' : name });
if(!_.isUndefined(configObj) && configObj.type == 'bool'){
@@ -231,6 +238,8 @@ define(function(require){
auditFiltter.push(e.attributes);
})
config['ranger.plugin.audit.filters'] = (JSON.stringify(auditFiltter)).replace(/"/g, "'");
+ } else {
+ config['ranger.plugin.audit.filters'] = "";
}
this.model.set('configs',config);
[ranger] 02/02: RANGER-3234 : Ranger db patch no 045 is failing for
oracle db
Posted by me...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 9b6fad5787a37829dbd4f25c29040663127ee452
Author: mateenmansoori <ma...@gmail.com>
AuthorDate: Wed Apr 7 14:45:15 2021 +0530
RANGER-3234 : Ranger db patch no 045 is failing for oracle db
Signed-off-by: Mehul Parikh <me...@apache.org>
---
...45-add-displayName-col-in-x_service_def_and_x_service.sql | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/security-admin/db/oracle/patches/045-add-displayName-col-in-x_service_def_and_x_service.sql b/security-admin/db/oracle/patches/045-add-displayName-col-in-x_service_def_and_x_service.sql
index 54c5944..3fc4b97 100644
--- a/security-admin/db/oracle/patches/045-add-displayName-col-in-x_service_def_and_x_service.sql
+++ b/security-admin/db/oracle/patches/045-add-displayName-col-in-x_service_def_and_x_service.sql
@@ -16,7 +16,7 @@
DECLARE
v_count number:=0;
BEGIN
- select count(*) into v_count from user_tab_cols where table_name='x_service_def' and column_name='display_name';
+ select count(*) into v_count from user_tab_cols where table_name='X_SERVICE_DEF' and column_name='DISPLAY_NAME';
if (v_count = 0) then
execute immediate 'ALTER TABLE x_service_def ADD display_name VARCHAR(1024) DEFAULT NULL NULL';
execute immediate 'UPDATE x_service_def SET display_name=name';
@@ -24,7 +24,7 @@ BEGIN
end if;
v_count:=0;
- select count(*) into v_count from user_tab_cols where table_name='x_service' and column_name='display_name';
+ select count(*) into v_count from user_tab_cols where table_name='X_SERVICE' and column_name='DISPLAY_NAME';
if (v_count = 0) then
execute immediate 'ALTER TABLE x_service ADD display_name VARCHAR(255) DEFAULT NULL NULL';
execute immediate 'UPDATE x_service SET display_name=name';
@@ -32,21 +32,21 @@ BEGIN
commit;
v_count:=0;
- select count(*) into v_count from user_tab_cols where table_name='x_portal_user' and column_name='other_attributes';
+ select count(*) into v_count from user_tab_cols where table_name='X_PORTAL_USER' and column_name='OTHER_ATTRIBUTES';
if (v_count = 0) then
execute immediate 'ALTER TABLE x_portal_user ADD other_attributes VARCHAR(4000) DEFAULT NULL NULL';
end if;
v_count:=0;
- select count(*) into v_count from user_tab_cols where table_name='x_user' and column_name='other_attributes';
+ select count(*) into v_count from user_tab_cols where table_name='X_USER' and column_name='OTHER_ATTRIBUTES';
if (v_count = 0) then
execute immediate 'ALTER TABLE x_user ADD other_attributes VARCHAR(4000) DEFAULT NULL NULL';
end if;
v_count:=0;
- select count(*) into v_count from user_tab_cols where table_name='X_GROUP' and column_name='other_attributes';
+ select count(*) into v_count from user_tab_cols where table_name='X_GROUP' and column_name='OTHER_ATTRIBUTES';
if (v_count = 0) then
execute immediate 'ALTER TABLE X_GROUP ADD other_attributes VARCHAR(4000) DEFAULT NULL NULL';
end if;
commit;
-END;/
\ No newline at end of file
+END;/