You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2018/05/09 09:47:45 UTC
[2/3] ranger git commit: RANGER-2083 : Restrict KMS audit events to
KMS related users only
RANGER-2083 : Restrict KMS audit events to KMS related users only
Signed-off-by: Mehul Parikh <me...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/cccb5e1b
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/cccb5e1b
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/cccb5e1b
Branch: refs/heads/master
Commit: cccb5e1b949e843f6ff756f2019938d65125ea08
Parents: eed027a
Author: fatimaawez <fa...@gmail.com>
Authored: Wed May 9 11:36:00 2018 +0530
Committer: Mehul Parikh <me...@apache.org>
Committed: Wed May 9 15:15:24 2018 +0530
----------------------------------------------------------------------
.../java/org/apache/ranger/rest/AssetREST.java | 4 +++-
.../ranger/solr/SolrAccessAuditsService.java | 3 ++-
.../src/main/webapp/scripts/utils/XAEnums.js | 3 ++-
.../webapp/scripts/views/reports/AuditLayout.js | 22 +++++++++++++++-----
4 files changed, 24 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/cccb5e1b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
index b7e045d..b2a43d2 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
@@ -655,7 +655,9 @@ public class AssetREST {
if(isKeyAdmin && xxServiceDef != null || isAuditKeyAdmin && xxServiceDef != null){
searchCriteria.getParamList().put("repoType", xxServiceDef.getId());
}
-
+ else if (xxServiceDef != null) {
+ searchCriteria.getParamList().put("-repoType", xxServiceDef.getId());
+ }
return assetMgr.getAccessLogs(searchCriteria);
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/cccb5e1b/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java b/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
index 7dcb074..397639b 100644
--- a/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
+++ b/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
@@ -103,7 +103,8 @@ public class SolrAccessAuditsService {
SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("repoType", "repoType",
SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
-
+ searchFields.add(new SearchField("-repoType", "-repoType",
+ SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("resourceType", "resType",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("reason", "reason",
http://git-wip-us.apache.org/repos/asf/ranger/blob/cccb5e1b/security-admin/src/main/webapp/scripts/utils/XAEnums.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAEnums.js b/security-admin/src/main/webapp/scripts/utils/XAEnums.js
index 6e101bf..ea80545 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAEnums.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAEnums.js
@@ -130,7 +130,8 @@ define(function(require) {
Service_HBASE:{value:3, label:'hbase', rbkey:'xa.enum.AssetType.ASSET_HBASE', tt: 'lbl.AssetType_ASSET_HBASE'},
Service_KNOX:{value:4, label:'knox', rbkey:'xa.enum.AssetType.ASSET_KNOX', tt: 'lbl.AssetType_ASSET_KNOX'},
Service_STORM:{value:5, label:'storm', rbkey:'xa.enum.AssetType.ASSET_STORM', tt: 'lbl.AssetType_ASSET_STORM'},
- SERVICE_TAG:{value:6, label:'tag', rbkey:'xa.enum.ServiceType.SERVICE_TAG', tt: 'lbl.ServiceType_SERVICE_TAG'}
+ SERVICE_TAG:{value:6, label:'tag', rbkey:'xa.enum.ServiceType.SERVICE_TAG', tt: 'lbl.ServiceType_SERVICE_TAG'},
+ Service_KMS:{value:7, label:'kms', rbkey:'xa.enum.ServiceType.SERVICE_KMS', tt: 'lbl.ServiceType_SERVICE_KMS'}
});
XAEnums.AuthStatus = mergeParams(XAEnums.AuthStatus, {
http://git-wip-us.apache.org/repos/asf/ranger/blob/cccb5e1b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
index b3da7b5..b55d57e 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
@@ -361,9 +361,15 @@ define(function(require) {
serviceList.setPageSize(100);
serviceList.fetch().done(function(){
serviceList.each(function(m){
- if(m.get('type') !== XAEnums.ServiceType.SERVICE_TAG.label){
- serviceNameVal.push(m.get('name'));
- };
+ if(SessionMgr.isKeyAdmin() || SessionMgr.isKMSAuditor()){
+ if(m.get('type') !== XAEnums.ServiceType.SERVICE_TAG.label){
+ serviceNameVal.push(m.get('name'));
+ }
+ }else{
+ if(m.get('type') !== XAEnums.ServiceType.SERVICE_TAG.label && m.get('type') !== XAEnums.ServiceType.Service_KMS.label){
+ serviceNameVal.push(m.get('name'));
+ }
+ }
});
callback(serviceNameVal);
});
@@ -371,8 +377,14 @@ define(function(require) {
case 'Service Type':
var serviveDefs = [];
that.serviceDefList.each(function(m){
- if(m.get('name').toUpperCase() != (XAEnums.ServiceType.SERVICE_TAG.label).toUpperCase()){
- serviveDefs.push({ 'label' : m.get('name').toUpperCase(), 'value' : m.get('name').toUpperCase() });
+ if(SessionMgr.isKeyAdmin() || SessionMgr.isKMSAuditor()){
+ if(m.get('name').toUpperCase() != (XAEnums.ServiceType.SERVICE_TAG.label).toUpperCase()){
+ serviveDefs.push({ 'label' : m.get('name').toUpperCase(), 'value' : m.get('name').toUpperCase() });
+ }
+ }else{
+ if(m.get('name').toUpperCase() != (XAEnums.ServiceType.SERVICE_TAG.label).toUpperCase() && m.get('name') !== XAEnums.ServiceType.Service_KMS.label){
+ serviveDefs.push({ 'label' : m.get('name').toUpperCase(), 'value' : m.get('name').toUpperCase() });
+ }
}
});
callback(serviveDefs);