You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2023/06/09 14:32:01 UTC
[ranger] branch RANGER-3923 updated (ebcdc7f4d -> 0fbc8b383)
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a change to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
from ebcdc7f4d Merge branch 'master' into RANGER-3923
add 7ee520ae8 RANGER-4260: UI fix for initial load of policies for Add Permissions
add a07dbb804 RANGER-4255: Introduce option in Ranger to control retention period of x_auth_sess table data
add 67ab95f40 RANGER-4230: Add REST APIs to force delete external users & groups (#253)
add a8609db4b RANGER-4026: Allow sync source updates for existing users synced via different sync sources (#254)
add 6cd4e8ffe RANGER-4276: changed log level to DEBUG for enrich() (#264)
add 04cb1dc5b RANGER-4274: updated security-zones to support admin-roles and audit-roles
new 83dab8561 Merge branch 'master' into RANGER-3923
new 81a4aa60f RANGER-4274: updated security-zones to support admin-roles and audit-roles: fix unit test failures - #2
add cb65abc86 RANGER-4274: updated security-zones to support admin-roles and audit-roles: fix unit test failures - #2
new 0fbc8b383 Merge branch 'master' into RANGER-3923
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../ranger/plugin/errors/ValidationErrorCode.java | 2 +-
.../ranger/plugin/model/RangerSecurityZone.java | 24 ++-
.../validation/RangerSecurityZoneValidator.java | 16 +-
.../service/RangerDefaultRequestProcessor.java | 4 +-
.../RangerSecurityZoneValidatorTest.java | 2 +-
.../python/apache_ranger/client/ranger_client.py | 27 ++++
.../apache_ranger/model/ranger_security_zone.py | 2 +
.../optimized/current/ranger_core_db_mysql.sql | 18 +++
...t-info.sql => 075-create-sz-role-ref-table.sql} | 27 ++--
.../optimized/current/ranger_core_db_oracle.sql | 19 +++
.../patches/075-create-sz-ref-role-table.sql} | 36 ++---
.../optimized/current/ranger_core_db_postgres.sql | 21 +++
...t-info.sql => 075-create-sz-ref-role-table.sql} | 33 ++--
.../current/ranger_core_db_sqlanywhere.sql | 24 +++
.../patches/075-create-sz-ref-role-table.sql | 40 +++++
.../optimized/current/ranger_core_db_sqlserver.sql | 49 ++++++
.../patches/075-create-sz-ref-role-table.sql | 66 ++++++++
.../java/org/apache/ranger/biz/RoleDBStore.java | 18 +++
.../apache/ranger/biz/SecurityZoneRefUpdater.java | 144 ++++++++---------
.../java/org/apache/ranger/biz/ServiceDBStore.java | 36 +++++
.../java/org/apache/ranger/biz/ServiceMgr.java | 65 +++++++-
.../main/java/org/apache/ranger/biz/XUserMgr.java | 69 ++++++++
.../java/org/apache/ranger/common/db/BaseDao.java | 4 +
.../org/apache/ranger/db/RangerDaoManagerBase.java | 2 +
.../org/apache/ranger/db/XXAuthSessionDao.java | 19 ++-
.../main/java/org/apache/ranger/db/XXGroupDao.java | 2 +-
...fUserDao.java => XXSecurityZoneRefRoleDao.java} | 73 +++++----
...eRefService.java => XXSecurityZoneRefRole.java} | 81 +++++-----
.../java/org/apache/ranger/rest/PublicAPIsv2.java | 15 ++
.../org/apache/ranger/rest/SecurityZoneREST.java | 9 ++
.../java/org/apache/ranger/rest/ServiceREST.java | 39 +++++
.../java/org/apache/ranger/rest/XUserREST.java | 89 ++++++++++-
.../ranger/security/context/RangerAPIList.java | 2 +
.../service/RangerSecurityZoneServiceService.java | 2 +
.../apache/ranger/service/XGroupServiceBase.java | 18 +++
.../apache/ranger/service/XUserServiceBase.java | 18 +++
.../main/resources/META-INF/jpa_named_queries.xml | 22 +++
.../main/resources/conf.dist/ranger-admin-site.xml | 8 +
.../scripts/views/policies/PermissionList.js | 2 +-
.../org/apache/ranger/biz/TestRoleDBStore.java | 54 +++++--
.../unixusersync/config/UserGroupSyncConfig.java | 11 ++
.../process/PolicyMgrUserGroupBuilder.java | 175 ++++++++++++---------
42 files changed, 1072 insertions(+), 315 deletions(-)
copy security-admin/db/mysql/patches/{031-create-schema-for-usersync-audit-info.sql => 075-create-sz-role-ref-table.sql} (61%)
copy security-admin/db/{sqlserver/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql => oracle/patches/075-create-sz-ref-role-table.sql} (52%)
copy security-admin/db/postgres/patches/{031-create-schema-for-usersync-audit-info.sql => 075-create-sz-ref-role-table.sql} (53%)
create mode 100644 security-admin/db/sqlanywhere/patches/075-create-sz-ref-role-table.sql
create mode 100644 security-admin/db/sqlserver/patches/075-create-sz-ref-role-table.sql
copy security-admin/src/main/java/org/apache/ranger/db/{XXSecurityZoneRefUserDao.java => XXSecurityZoneRefRoleDao.java} (56%)
copy security-admin/src/main/java/org/apache/ranger/entity/{XXSecurityZoneRefService.java => XXSecurityZoneRefRole.java} (58%)
[ranger] 02/03: RANGER-4274: updated security-zones to support admin-roles and audit-roles: fix unit test failures - #2
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 81a4aa60ff489029293f138f9f56bd4c06e73a5a
Author: Madhan Neethiraj <ma...@apache.org>
AuthorDate: Fri Jun 9 06:33:50 2023 -0700
RANGER-4274: updated security-zones to support admin-roles and audit-roles: fix unit test failures - #2
---
.../main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java | 2 +-
.../ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
index ea79b69e8..bd10ff1df 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
@@ -55,7 +55,7 @@ public class RangerSecurityZone extends RangerBaseModelObject implements java.io
}
public RangerSecurityZone(String name, Map<String, RangerSecurityZoneService> services,List<String> tagServices, List<String> adminUsers, List<String> adminUserGroups, List<String> auditUsers, List<String> auditUserGroups, String description) {
- this(name, services, tagServices, adminUsers, adminUserGroups, null, adminUsers, adminUserGroups, null, description);
+ this(name, services, tagServices, adminUsers, adminUserGroups, null, auditUsers, auditUserGroups, null, description);
}
public RangerSecurityZone(String name, Map<String, RangerSecurityZoneService> services,List<String> tagServices, List<String> adminUsers, List<String> adminUserGroups, List<String> adminRoles, List<String> auditUsers, List<String> auditUserGroups, List<String> auditRoles, String description) {
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
index 8bc77672c..dcc970c47 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidatorTest.java
@@ -163,7 +163,7 @@ public class RangerSecurityZoneValidatorTest {
} catch (Exception ex) {
Assert.assertEquals(
ex.getMessage(),
- "(0) Validation failure: error code[3044], reason[No services specified for security-zone:[MyZone]], field[services], subfield[null], type[missing] (1) Validation failure: error code[3038], reason[both users and user-groups collections for the security zone were null/empty], field[security zone admin users/user-groups], subfield[null], type[missing] (2) Validation failure: error code[3038], reason[both users and user-groups collections for the security zone were null/empty], field[s [...]
+ "(0) Validation failure: error code[3044], reason[No services specified for security-zone:[MyZone]], field[services], subfield[null], type[missing] (1) Validation failure: error code[3038], reason[users, user-groups and roles collections for the security zone were null/empty], field[security zone admin users/user-groups/roles], subfield[null], type[missing] (2) Validation failure: error code[3038], reason[users, user-groups and roles collections for the security zone were null/empty [...]
}
}
[ranger] 03/03: Merge branch 'master' into RANGER-3923
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 0fbc8b38399ad8b722f0c62586166648272e6d4d
Merge: 81a4aa60f cb65abc86
Author: Madhan Neethiraj <ma...@apache.org>
AuthorDate: Fri Jun 9 07:31:24 2023 -0700
Merge branch 'master' into RANGER-3923
.../org/apache/ranger/biz/TestRoleDBStore.java | 54 ++++++++++++++++------
1 file changed, 41 insertions(+), 13 deletions(-)
[ranger] 01/03: Merge branch 'master' into RANGER-3923
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 83dab8561c8f65f04a8c5ea104c65d72370e104e
Merge: ebcdc7f4d 04cb1dc5b
Author: Madhan Neethiraj <ma...@apache.org>
AuthorDate: Fri Jun 9 06:06:41 2023 -0700
Merge branch 'master' into RANGER-3923
.../ranger/plugin/errors/ValidationErrorCode.java | 2 +-
.../ranger/plugin/model/RangerSecurityZone.java | 24 ++-
.../validation/RangerSecurityZoneValidator.java | 16 +-
.../service/RangerDefaultRequestProcessor.java | 4 +-
.../python/apache_ranger/client/ranger_client.py | 27 +++
.../apache_ranger/model/ranger_security_zone.py | 2 +
.../optimized/current/ranger_core_db_mysql.sql | 18 ++
.../mysql/patches/075-create-sz-role-ref-table.sql | 32 ++++
.../optimized/current/ranger_core_db_oracle.sql | 19 +++
.../patches/075-create-sz-ref-role-table.sql | 33 ++++
.../optimized/current/ranger_core_db_postgres.sql | 21 +++
.../patches/075-create-sz-ref-role-table.sql | 37 +++++
.../current/ranger_core_db_sqlanywhere.sql | 24 +++
.../patches/075-create-sz-ref-role-table.sql | 40 +++++
.../optimized/current/ranger_core_db_sqlserver.sql | 49 ++++++
.../patches/075-create-sz-ref-role-table.sql | 66 ++++++++
.../java/org/apache/ranger/biz/RoleDBStore.java | 18 ++
.../apache/ranger/biz/SecurityZoneRefUpdater.java | 144 +++++++---------
.../java/org/apache/ranger/biz/ServiceDBStore.java | 36 ++++
.../java/org/apache/ranger/biz/ServiceMgr.java | 65 +++++++-
.../main/java/org/apache/ranger/biz/XUserMgr.java | 69 ++++++++
.../java/org/apache/ranger/common/db/BaseDao.java | 4 +
.../org/apache/ranger/db/RangerDaoManagerBase.java | 2 +
.../org/apache/ranger/db/XXAuthSessionDao.java | 19 ++-
.../main/java/org/apache/ranger/db/XXGroupDao.java | 2 +-
.../apache/ranger/db/XXSecurityZoneRefRoleDao.java | 105 ++++++++++++
.../ranger/entity/XXSecurityZoneRefRole.java | 185 +++++++++++++++++++++
.../java/org/apache/ranger/rest/PublicAPIsv2.java | 15 ++
.../org/apache/ranger/rest/SecurityZoneREST.java | 9 +
.../java/org/apache/ranger/rest/ServiceREST.java | 39 +++++
.../java/org/apache/ranger/rest/XUserREST.java | 89 +++++++++-
.../ranger/security/context/RangerAPIList.java | 2 +
.../service/RangerSecurityZoneServiceService.java | 2 +
.../apache/ranger/service/XGroupServiceBase.java | 18 ++
.../apache/ranger/service/XUserServiceBase.java | 18 ++
.../main/resources/META-INF/jpa_named_queries.xml | 22 +++
.../main/resources/conf.dist/ranger-admin-site.xml | 8 +
.../scripts/views/policies/PermissionList.js | 2 +-
.../unixusersync/config/UserGroupSyncConfig.java | 11 ++
.../process/PolicyMgrUserGroupBuilder.java | 175 +++++++++++--------
40 files changed, 1298 insertions(+), 175 deletions(-)
diff --cc security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
index bbdd54a77,be360a66e..5784e49a9
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
@@@ -46,8 -49,9 +49,10 @@@ import org.apache.ranger.plugin.service
import org.apache.ranger.plugin.service.ResourceLookupContext;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.store.ServiceStore;
+ import org.apache.ranger.plugin.util.RangerRoles;
+ import org.apache.ranger.plugin.util.RangerRolesUtil;
import org.apache.ranger.service.RangerServiceService;
+import org.apache.ranger.services.gds.RangerServiceGds;
import org.apache.ranger.services.tag.RangerServiceTag;
import org.apache.ranger.view.VXMessage;
import org.apache.ranger.view.VXResponse;
@@@ -82,9 -86,9 +87,12 @@@ public class ServiceMgr
@Autowired
TagDBStore tagStore;
+ @Autowired
+ GdsDBStore gdsStore;
+
+ @Autowired
+ RoleDBStore rolesStore;
+
@Autowired
TimedExecutor timedExecutor;
diff --cc security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
index e3469c62d,816646eeb..4398764ae
--- a/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
@@@ -209,45 -209,6 +209,47 @@@ public class RangerAPIList
public static final String SET_USER_ROLES_BY_NAME="XUserREST.setUserRolesByName";
public static final String GET_USER_ROLES_BY_ID="XUserREST.getUserRolesByID";
public static final String GET_USER_ROLES_BY_NAME="XUserREST.getUserRolesByName";
+ public static final String FORCE_DELETE_EXTERNAL_USERS = "XUserREST.forceDeleteExternalUsers";
+ public static final String FORCE_DELETE_EXTERNAL_GROUPS = "XUserREST.forceDeleteExternalGroups";
+
+ /**
+ * List of APIs for DataShareREST
+ */
+ public static final String CREATE_DATASET = "GdsREST.createDataset";
+ public static final String UPDATE_DATASET = "GdsREST.updateDataset";
+ public static final String DELETE_DATASET = "GdsREST.deleteDataset";
+ public static final String GET_DATASET = "GdsREST.getDataset";
+ public static final String SEARCH_DATASETS = "GdsREST.searchDatasets";
+ public static final String LIST_DATASET_NAMES = "GdsREST.listDatasetNames";
+
+ public static final String CREATE_PROJECT = "GdsREST.createProject";
+ public static final String UPDATE_PROJECT = "GdsREST.updateProject";
+ public static final String DELETE_PROJECT = "GdsREST.deleteProject";
+ public static final String GET_PROJECT = "GdsREST.getProject";
+ public static final String SEARCH_PROJECTS = "GdsREST.searchProjects";
+ public static final String LIST_PROJECT_NAMES = "GdsREST.listProjectNames";
+
+ public static final String CREATE_DATA_SHARE = "GdsREST.createDataShare";
+ public static final String UPDATE_DATA_SHARE = "GdsREST.updateDataShare";
+ public static final String DELETE_DATA_SHARE = "GdsREST.deleteDataShare";
+ public static final String GET_DATA_SHARE = "GdsREST.getDataShare";
+ public static final String SEARCH_DATA_SHARES = "GdsREST.searchDataShares";
+
+ public static final String ADD_SHARED_RESOURCE = "GdsREST.addSharedResource";
+ public static final String UPDATE_SHARED_RESOURCE = "GdsREST.updateSharedResource";
+ public static final String REMOVE_SHARED_RESOURCE = "GdsREST.removeSharedResource";
+ public static final String GET_SHARED_RESOURCE = "GdsREST.getSharedResource";
+ public static final String SEARCH_SHARED_RESOURCES = "GdsREST.searchSharedResources";
+
+ public static final String ADD_DATASHARE_IN_DATASET = "GdsREST.addDataShareInDataset";
+ public static final String UPDATE_DATASHARE_IN_DATASET = "GdsREST.updateDataShareInDataset";
+ public static final String REMOVE_DATASHARE_IN_DATASET = "GdsREST.removeDataShareInDataset";
+ public static final String GET_DATASHARE_IN_DATASET = "GdsREST.getDataShareInDataset";
+ public static final String SEARCH_DATASHARE_IN_DATASET = "GdsREST.searchDataShareInDataset";
+
+ public static final String ADD_DATASET_IN_PROJECT = "GdsREST.addDatasetInProject";
+ public static final String UPDATE_DATASET_IN_PROJECT = "GdsREST.updateDatasetInProject";
+ public static final String REMOVE_DATASET_IN_PROJECT = "GdsREST.removeDatasetInProject";
+ public static final String GET_DATASET_IN_PROJECT = "GdsREST.getDatasetInProject";
+ public static final String SEARCH_DATASET_IN_PROJECT = "GdsREST.searchDatasetInProject";
}