You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2022/06/08 11:41:17 UTC
[ranger] branch master updated (d0a6d3018 -> 2a057768f)
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
from d0a6d3018 RANGER-3606: Addendum to: 'remove unnecessary static members from plugin class loaders' - Cannot find plugin-class-loader for TAG service-type in JDK11
new e182e5b6c RANGER-3767 : Add text message in HDFS and YARN policy pages to highlight the fallback ACL option.
new 2a057768f RANGER-3740: Ranger- Add an API to refresh tag cache -- follow-up patch
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../main/java/org/apache/ranger/rest/TagREST.java | 47 ++++++++++++++++++----
.../src/main/webapp/scripts/utils/XAEnums.js | 14 ++++---
.../src/main/webapp/scripts/utils/XAUtils.js | 4 ++
.../views/policies/NRangerPolicyTableLayout.js | 10 ++++-
.../views/policies/RangerPolicyTableLayout.js | 9 +++++
.../policies/RangerPolicyTableLayout_tmpl.html | 4 ++
6 files changed, 75 insertions(+), 13 deletions(-)
[ranger] 02/02: RANGER-3740: Ranger- Add an API to refresh tag cache -- follow-up patch
Posted by me...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 2a057768fc6a345fce013a89c72d5d67d0df666d
Author: Kishor Gollapalliwar <ki...@gmail.com>
AuthorDate: Tue May 31 16:43:04 2022 +0530
RANGER-3740: Ranger- Add an API to refresh tag cache -- follow-up patch
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../main/java/org/apache/ranger/rest/TagREST.java | 47 ++++++++++++++++++----
1 file changed, 40 insertions(+), 7 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
index 79dbdc76d..01df04e3f 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
@@ -602,6 +602,11 @@ public class TagREST {
return ret;
}
+ /**
+ * Resets/ removes tag policy cache for given service.
+ * @param serviceName non-empty service-name
+ * @return {@code true} if successfully reseted/ removed for given service, {@code false} otherwise.
+ */
@GET
@Path(TagRESTConstants.TAGS_RESOURCE + "cache/reset")
@Produces({ "application/json", "application/xml" })
@@ -610,18 +615,20 @@ public class TagREST {
LOG.debug("==> TagREST.resetTagCache({})", serviceName);
}
+ if (StringUtils.isEmpty(serviceName)) {
+ throw restErrorUtil.createRESTException("Required parameter [serviceName] is missing.", MessageEnums.INVALID_INPUT_DATA);
+ }
+
// check for ADMIN access
if (!bizUtil.isAdmin()) {
boolean isServiceAdmin = false;
String loggedInUser = bizUtil.getCurrentUserLoginId();
- if (StringUtils.isNotEmpty(serviceName)) {
- try {
- RangerService rangerService = svcStore.getServiceByName(serviceName);
- isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser);
- } catch (Exception e) {
- LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + serviceName + "]", e);
- }
+ try {
+ RangerService rangerService = svcStore.getServiceByName(serviceName);
+ isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser);
+ } catch (Exception e) {
+ LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + serviceName + "]", e);
}
if (!isServiceAdmin) {
@@ -638,6 +645,32 @@ public class TagREST {
return ret;
}
+ /**
+ * Resets/ removes tag policy cache for all.
+ * @return {@code true} if successfully reseted/ removed, {@code false} otherwise.
+ */
+ @GET
+ @Path(TagRESTConstants.TAGS_RESOURCE + "cache/reset-all")
+ @Produces({ "application/json", "application/xml" })
+ public boolean resetTagCacheAll() {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> TagREST.resetTagCacheAll()");
+ }
+
+ // check for ADMIN access
+ if (!bizUtil.isAdmin()) {
+ throw restErrorUtil.createRESTException("User cannot reset policy cache", MessageEnums.OPER_NO_PERMISSION);
+ }
+
+ boolean ret = tagStore.resetTagCache(null);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== TagREST.resetTagCacheAll(): ret={}", ret);
+ }
+
+ return ret;
+ }
+
@POST
@Path(TagRESTConstants.RESOURCES_RESOURCE)
@Produces({ "application/json", "application/xml" })
[ranger] 01/02: RANGER-3767 : Add text message in HDFS and YARN policy pages to highlight the fallback ACL option.
Posted by me...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit e182e5b6ca9bf625101f787b4d31e07387ba6a4f
Author: Dhaval.Rajpara <dh...@gmail.com>
AuthorDate: Wed May 18 18:52:16 2022 +0530
RANGER-3767 : Add text message in HDFS and YARN policy pages to highlight the fallback ACL option.
Signed-off-by: Mehul Parikh <me...@apache.org>
---
security-admin/src/main/webapp/scripts/utils/XAEnums.js | 14 +++++++++-----
security-admin/src/main/webapp/scripts/utils/XAUtils.js | 4 ++++
.../scripts/views/policies/NRangerPolicyTableLayout.js | 10 +++++++++-
.../scripts/views/policies/RangerPolicyTableLayout.js | 9 +++++++++
.../templates/policies/RangerPolicyTableLayout_tmpl.html | 4 ++++
5 files changed, 35 insertions(+), 6 deletions(-)
diff --git a/security-admin/src/main/webapp/scripts/utils/XAEnums.js b/security-admin/src/main/webapp/scripts/utils/XAEnums.js
index 6407b68f3..9041908c6 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAEnums.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAEnums.js
@@ -133,8 +133,9 @@ define(function(require) {
Service_KNOX:{value:4, label:'knox', rbkey:'xa.enum.AssetType.ASSET_KNOX', tt: 'lbl.AssetType_ASSET_KNOX'},
Service_STORM:{value:5, label:'storm', rbkey:'xa.enum.AssetType.ASSET_STORM', tt: 'lbl.AssetType_ASSET_STORM'},
Service_SOLR:{value:6, label:'solr', rbkey:'xa.enum.AssetType.ASSET_SOLR', tt: 'lbl.AssetType_ASSET_SOLR'},
- SERVICE_TAG:{value:7, label:'tag', rbkey:'xa.enum.ServiceType.SERVICE_TAG', tt: 'lbl.ServiceType_SERVICE_TAG'},
- Service_KMS:{value:8, label:'kms', rbkey:'xa.enum.ServiceType.SERVICE_KMS', tt: 'lbl.ServiceType_SERVICE_KMS'}
+ SERVICE_TAG:{value:7, label:'tag', rbkey:'xa.enum.ServiceType.SERVICE_TAG', tt: 'lbl.ServiceType_SERVICE_TAG'},
+ Service_KMS:{value:8, label:'kms', rbkey:'xa.enum.ServiceType.SERVICE_KMS', tt: 'lbl.ServiceType_SERVICE_KMS'},
+ Service_YARN:{value:8, label:'yarn', rbkey:'xa.enum.ServiceType.SERVICE_YARN', tt: 'lbl.ServiceType_SERVICE_YARN'}
});
XAEnums.AuthStatus = mergeParams(XAEnums.AuthStatus, {
@@ -371,10 +372,13 @@ define(function(require) {
XA_PERM_TYPE_GET_USER_TOPOLOGY:{value:29, label:'Get User Topology', rbkey:'xa.enum.XAPermType.XA_PERM_TYPE_ALLOW', tt: 'lbl.XAPermType_XA_PERM_TYPE_ALLOW'},
XA_PERM_TYPE_GET_TOPOLOGY_INFO:{value:30, label:'Get Topology Info', rbkey:'xa.enum.XAPermType.XA_PERM_TYPE_ALLOW', tt: 'lbl.XAPermType_XA_PERM_TYPE_ALLOW'},
XA_PERM_TYPE_UPLOAD_NEW_CREDENTIAL:{value:31, label:'Upload New Credential', rbkey:'xa.enum.XAPermType.XA_PERM_TYPE_ALLOW', tt: 'lbl.XAPermType_XA_PERM_TYPE_ALLOW'},
-
-
});
-
+
+ XAEnums.PluginConfig = mergeParams(XAEnums.PluginConfig, {
+ HDFS : {configName:"xasecure.add-hadoop-authorization"},
+ YARN : {configName:"ranger.add-yarn-authorization"}
+ })
+
XAEnums.MenuPermissions = mergeParams(XAEnums.MenuPermissions, {
XA_RESOURCE_BASED_POLICIES:{value:1, label:'Resource Based Policies', rbkey:'xa.enum.MenuPermissions.XA_RESOURCE_BASED_POLICIES', tt: 'lbl.XAPermForType_XA_RESOURCE_BASED_POLICIES'},
XA_USER_GROUPS:{value:2, label:'Users/Groups', rbkey:'xa.enum.MenuPermissions.XA_USER_GROUP', tt: 'lbl.XAPermForType_XA_USER_GROUPS'},
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 37b35d2dd..b49387817 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -2020,5 +2020,9 @@ define(function(require) {
}
};
+ XAUtils.pluginConfigInfo = function (serviceName) {
+ return 'By default, fallback to '+ serviceName +' ACLs are enabled. If access cannot be determined by Ranger policies, authorization will fall back to '+ serviceName +' ACLs. If this behavior needs to be changed, modify '+serviceName+' plugin config - <i>'+XAEnums.PluginConfig[serviceName].configName+'</i>.'
+ };
+
return XAUtils;
});
\ No newline at end of file
diff --git a/security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js b/security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js
index d7ff26da1..64f975a99 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js
@@ -51,6 +51,13 @@ define(function(require) {
template: RangerPolicyTableLayoutTmpl,
templateHelpers: function() {
+ var infoMsg ="", displayClass = "d-none";
+ if(this.rangerService && this.rangerService.get('type')){
+ if(this.rangerService.get('type') == XAEnums.ServiceType.Service_HDFS.label || this.rangerService.get('type') == XAEnums.ServiceType.Service_YARN.label) {
+ infoMsg = XAUtil.pluginConfigInfo(this.rangerService.get('type').toUpperCase())
+ displayClass = "show"
+ }
+ }
return {
rangerService: this.rangerService,
rangerServiceDef: this.rangerServiceDefModel,
@@ -61,7 +68,8 @@ define(function(require) {
setNewUi : localStorage.getItem('setOldUI') == "true" ? false : true,
isNotAuditorOrKMSAuditor : !XAUtil.isAuditorOrKMSAuditor(SessionMgr),
isNotUser : ! SessionMgr.isUser(),
-
+ displayClass : displayClass,
+ infoMsg : infoMsg,
};
},
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
index af7c70a80..1facb3737 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
@@ -49,6 +49,13 @@ define(function(require){
template: RangerPolicyTableLayoutTmpl,
templateHelpers : function(){
+ var infoMsg ="", displayClass = "d-none";
+ if(this.rangerService && this.rangerService.get('type')){
+ if(this.rangerService.get('type') == XAEnums.ServiceType.Service_HDFS.label || this.rangerService.get('type') == XAEnums.ServiceType.Service_YARN.label) {
+ infoMsg = XAUtil.pluginConfigInfo(this.rangerService.get('type').toUpperCase())
+ displayClass = "show"
+ }
+ }
return {
rangerService : this.rangerService,
rangerServiceDef : this.rangerServiceDefModel,
@@ -57,6 +64,8 @@ define(function(require){
: XAUtil.isRenderRowFilter(this.rangerServiceDefModel.get('rowFilterDef')) ? true : false,
isAddNewPolicyButtonShow : !(XAUtil.isAuditorOrKMSAuditor(SessionMgr)) && this.rangerService.get('isEnabled'),
setNewUi : localStorage.getItem('setOldUI') == "true" ? false : true,
+ displayClass : displayClass,
+ infoMsg : infoMsg,
};
},
diff --git a/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html b/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html
index d1ca2a94c..4518f17d2 100644
--- a/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html
+++ b/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html
@@ -46,6 +46,10 @@
{{/if}}
<h3 class="wrap-header bold"> {{tt 'lbl.listOfPolicies'}} : {{rangerService.attributes.displayName}} </h3>
<div class="wrap non-collapsible m-height ">
+ <div class="alert alert-warning {{displayClass}}" data-id="policyInfoAlert">
+ <button type="button" class="close" data-dismiss="alert">×</button>
+ <i class="fa-fw fa fa-info-circle searchInfoUserAccess padding-right-10"></i>{{{infoMsg}}}
+ </div>
<div>
<div class="row margin-bottom-11">
<div class="col-md-9">