You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/05/23 04:05:35 UTC
[01/26] incubator-ranger git commit: RANGER-488: updated pom.xml with
proper hive version
Repository: incubator-ranger
Updated Branches:
refs/heads/tag-policy 6568faabb -> 3e4af58f5
RANGER-488: updated pom.xml with proper hive version
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/b84b391e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/b84b391e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/b84b391e
Branch: refs/heads/tag-policy
Commit: b84b391e88066cd3a00daf8bcb97611149fcd8eb
Parents: fa19908
Author: sneethiraj <sn...@apache.org>
Authored: Mon May 18 18:38:19 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Mon May 18 18:38:19 2015 -0400
----------------------------------------------------------------------
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b84b391e/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index c70a4cc..124d49e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,7 +132,7 @@
<hadoop.version>2.7.0</hadoop.version>
<hamcrest.all.version>1.3</hamcrest.all.version>
<hbase.version>1.1.0</hbase.version>
- <hive.version>1.2.0-SNAPSHOT</hive.version>
+ <hive.version>1.2.0</hive.version>
<storm.version>0.9.2-incubating</storm.version>
<httpcomponent.httpmime.version>4.2.5</httpcomponent.httpmime.version>
<httpcomponent.httpclient.version>4.2.5</httpcomponent.httpclient.version>
[09/26] incubator-ranger git commit: RANGER-492: Added new ldap/ad
properties in windows install
Posted by ma...@apache.org.
RANGER-492: Added new ldap/ad properties in windows install
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d0333206
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/d0333206
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/d0333206
Branch: refs/heads/tag-policy
Commit: d03332064db212dea8c54e108356432f9ce54feb
Parents: 58b8d36
Author: Velmurugan Periasamy <ve...@apache.org>
Authored: Tue May 19 01:50:49 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Tue May 19 03:02:56 2015 -0400
----------------------------------------------------------------------
security-admin/src/bin/ranger_install.py | 74 +++++++++++++++++++-
.../handler/RangerAuthenticationProvider.java | 12 ++--
2 files changed, 78 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d0333206/security-admin/src/bin/ranger_install.py
----------------------------------------------------------------------
diff --git a/security-admin/src/bin/ranger_install.py b/security-admin/src/bin/ranger_install.py
index a3c7836..346f292 100644
--- a/security-admin/src/bin/ranger_install.py
+++ b/security-admin/src/bin/ranger_install.py
@@ -893,11 +893,81 @@ def update_properties():
else:
propertyName="ranger.jpa.jdbc.password"
newPropertyValue=os.getenv("RANGER_ADMIN_DB_PASSWORD")
- cObj.set('dummysection',propertyName,newPropertyValue)
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.password"
newPropertyValue=os.getenv("RANGER_AUDIT_DB_PASSWORD")
- cObj.set('dummysection',propertyName,newPropertyValue)
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ if os.getenv("RANGER_AUTHENTICATION_METHOD") == "LDAP":
+ propertyName="ranger.authentication.method"
+ newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.url"
+ newPropertyValue=os.getenv("RANGER_LDAP_URL")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.user.dnpattern"
+ newPropertyValue=os.getenv("RANGER_LDAP_USERDNPATTERN")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.group.searchbase"
+ newPropertyValue=os.getenv("RANGER_LDAP_GROUPSEARCHBASE")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.group.searchfilter"
+ newPropertyValue=os.getenv("RANGER_LDAP_GROUPSEARCHFILTER")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.group.roleattribute"
+ newPropertyValue=os.getenv("RANGER_LDAP_GROUPROLEATTRIBUTE")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.base.dn"
+ newPropertyValue=os.getenv("RANGER_LDAP_BASE_DN")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.bind.dn"
+ newPropertyValue=os.getenv("RANGER_LDAP_BIND_DN")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.bind.password"
+ newPropertyValue="_"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.referral"
+ newPropertyValue=os.getenv("RANGER_LDAP_REFERRAL")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ elif os.getenv("RANGER_AUTHENTICATION_METHOD") == "ACTIVE_DIRECTORY":
+ propertyName="ranger.authentication.method"
+ newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.ad.domain"
+ newPropertyValue=os.getenv("RANGER_LDAP_AD_DOMAIN")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.ad.url"
+ newPropertyValue=os.getenv("RANGER_LDAP_AD_URL")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.ad.base.dn"
+ newPropertyValue=os.getenv("RANGER_LDAP_AD_BASE_DN")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.ad.bind.dn"
+ newPropertyValue=os.getenv("RANGER_LDAP_AD_BIND_DN")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ldap.ad.bind.password"
+ newPropertyValue="_"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.ad.referral"
+ newPropertyValue=os.getenv("RANGER_LDAP_AD_REFERRAL")
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
def setup_authentication(authentication_method, xmlPath):
if authentication_method == "UNIX":
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d0333206/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index 5446dc4..3275a8e 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -230,12 +230,12 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
.authenticate(finalAuthentication);
return authentication;
} else {
- return null;
+ return authentication;
}
} catch (Exception e) {
logger.debug("LDAP Authentication Failed:", e);
}
- return null;
+ return authentication;
}
public Authentication getADAuthentication(Authentication authentication) {
@@ -272,7 +272,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
.authenticate(finalAuthentication);
return authentication;
} else {
- return null;
+ return authentication;
}
}catch (Exception e) {
logger.debug("AD Authentication Failed:", e);
@@ -330,7 +330,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
.authenticate(finalAuthentication);
return authentication;
} else {
- return null;
+ return authentication;
}
} catch (Exception e) {
logger.debug("Unix Authentication Failed:", e);
@@ -402,7 +402,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
return authentication;
} else {
- return null;
+ return authentication;
}
} catch (Exception e) {
logger.debug("AD Authentication Failed:", e);
@@ -463,7 +463,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
return authentication;
} else {
- return null;
+ return authentication;
}
} catch (Exception e) {
logger.debug("LDAP Authentication Failed:", e);
[15/26] incubator-ranger git commit: RANGER-482: HDFS plugin updated
to check for traverse access (EXECUTE) when no-access is specified
Posted by ma...@apache.org.
RANGER-482: HDFS plugin updated to check for traverse access (EXECUTE) when no-access is specified
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/afe001bb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/afe001bb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/afe001bb
Branch: refs/heads/tag-policy
Commit: afe001bb7c734d10cca1f9189241f1bdecae7de1
Parents: 154c490
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Tue May 19 12:50:24 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 12:51:11 2015 -0700
----------------------------------------------------------------------
.../hadoop/RangerHdfsAuthorizer.java | 36 ++++++++++++--------
1 file changed, 22 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/afe001bb/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index 1599074..5b115b2 100644
--- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -213,6 +213,25 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider {
INode parent = inodes.length > 1 ? inodes[inodes.length - 2] : null;
INode inode = inodes[inodes.length - 1];
+ boolean noAccessToCheck = access == null && parentAccess == null && ancestorAccess == null && subAccess == null;
+
+ if(noAccessToCheck) { // check for traverse (EXECUTE) access on the path (if path is a directory) or its parent (if path is a file)
+ INode node = null;
+ INodeAttributes nodeAttribs = null;
+
+ if(inode != null && inode.isDirectory()) {
+ node = inode;
+ nodeAttribs = inodeAttrs.length > 0 ? inodeAttrs[inodeAttrs.length - 1] : null;
+ } else if(parent != null) {
+ node = parent;
+ nodeAttribs = inodeAttrs.length > 1 ? inodeAttrs[inodeAttrs.length - 2] : null;
+ }
+
+ if(node != null) {
+ accessGranted = isAccessAllowed(node, nodeAttribs, FsAction.EXECUTE, user, groups, fsOwner, superGroup, plugin, null);
+ }
+ }
+
// checkStickyBit
if (accessGranted && parentAccess != null && parentAccess.implies(FsAction.WRITE) && parent != null && inode != null) {
if (parent.getFsPermission() != null && parent.getFsPermission().getStickyBit()) {
@@ -222,21 +241,10 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider {
}
// checkAncestorAccess
- if(accessGranted && ancestor != null) {
- FsAction accessToCheck = ancestorAccess;
- RangerHdfsAuditHandler auditHandlerToUse = auditHandler;
-
- // if ancestorAccess is not specified and none of other access is specified, then check for traverse access (EXECUTE) to the ancestor
- if(ancestorAccess == null && access == null && parentAccess == null && subAccess == null) {
- accessToCheck = FsAction.EXECUTE;
- auditHandlerToUse = null; // don't audit this access
- }
+ if(accessGranted && ancestorAccess != null && ancestor != null) {
+ INodeAttributes ancestorAttribs = inodeAttrs.length > ancestorIndex ? inodeAttrs[ancestorIndex] : null;
- if(accessToCheck != null) {
- INodeAttributes ancestorAttribs = inodeAttrs.length > ancestorIndex ? inodeAttrs[ancestorIndex] : null;
-
- accessGranted = isAccessAllowed(ancestor, ancestorAttribs, accessToCheck, user, groups, fsOwner, superGroup, plugin, auditHandlerToUse);
- }
+ accessGranted = isAccessAllowed(ancestor, ancestorAttribs, ancestorAccess, user, groups, fsOwner, superGroup, plugin, auditHandler);
}
// checkParentAccess
[20/26] incubator-ranger git commit: RANGER-500 - Check for url
property also
Posted by ma...@apache.org.
RANGER-500 - Check for url property also
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/54caee22
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/54caee22
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/54caee22
Branch: refs/heads/tag-policy
Commit: 54caee221cb7a04b8b61d857464d1faf66ac9830
Parents: d04a9a2
Author: Don Bosco Durai <bo...@apache.org>
Authored: Thu May 21 01:05:58 2015 -0700
Committer: Don Bosco Durai <bo...@apache.org>
Committed: Thu May 21 01:05:58 2015 -0700
----------------------------------------------------------------------
.../src/main/java/org/apache/ranger/solr/SolrMgr.java | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/54caee22/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java b/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
index ee52992..2a57fa1 100644
--- a/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
@@ -48,6 +48,8 @@ public class SolrMgr {
Date lastConnectTime = null;
volatile boolean initDone = false;
+ final static String SOLR_URLS_PROP = "ranger.audit.solr.urls";
+
public SolrMgr() {
}
@@ -58,16 +60,22 @@ public class SolrMgr {
if (!initDone) {
if (rangerBizUtil.getAuditDBType().equalsIgnoreCase("solr")) {
String solrURL = PropertiesUtil
- .getProperty("ranger.audit.solr.urls");
+ .getProperty(SOLR_URLS_PROP);
if (solrURL == null) {
- //Let's try older property name
+ // Try with url
+ solrURL = PropertiesUtil
+ .getProperty("ranger.audit.solr.url");
+ }
+ if (solrURL == null) {
+ // Let's try older property name
solrURL = PropertiesUtil
.getProperty("ranger.solr.url");
}
if (solrURL == null || solrURL.isEmpty()
|| solrURL.equalsIgnoreCase("none")) {
- logger.fatal("Solr URL for Audit is empty");
+ logger.fatal("Solr URL for Audit is empty. Please set property "
+ + SOLR_URLS_PROP);
} else {
try {
solrClient = new HttpSolrClient(solrURL);
[11/26] incubator-ranger git commit: RANGER-488: added build-release
script in the release tar
Posted by ma...@apache.org.
RANGER-488: added build-release script in the release tar
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/a2c9654a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/a2c9654a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/a2c9654a
Branch: refs/heads/tag-policy
Commit: a2c9654a40886e5708cb1adf6d6486c77b71a45d
Parents: 3c2facf
Author: sneethiraj <sn...@apache.org>
Authored: Tue May 19 03:13:34 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Tue May 19 03:13:34 2015 -0400
----------------------------------------------------------------------
release-build.xml | 1 -
1 file changed, 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c9654a/release-build.xml
----------------------------------------------------------------------
diff --git a/release-build.xml b/release-build.xml
index 0625408..5b3db7e 100644
--- a/release-build.xml
+++ b/release-build.xml
@@ -51,7 +51,6 @@
<exclude name="*/bin/**" />
<exclude name="*/target/**" />
<exclude name="**/.DS_Store" />
- <exclude name="release-build.xml" />
<exclude name="target/**" />
</tarfileset>
</tar>
[08/26] incubator-ranger git commit: RANGER-488: added an ANT script
to do build-release
Posted by ma...@apache.org.
RANGER-488: added an ANT script to do build-release
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/58b8d369
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/58b8d369
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/58b8d369
Branch: refs/heads/tag-policy
Commit: 58b8d36930ec396670fc3de0b4d021e2ebc16dbd
Parents: 0c0d8e3
Author: sneethiraj <sn...@apache.org>
Authored: Tue May 19 03:00:11 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Tue May 19 03:00:11 2015 -0400
----------------------------------------------------------------------
release-build.xml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 74 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/58b8d369/release-build.xml
----------------------------------------------------------------------
diff --git a/release-build.xml b/release-build.xml
new file mode 100644
index 0000000..0625408
--- /dev/null
+++ b/release-build.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project name="Apache Ranger Release Tasks" default="build-release">
+ <description>
+ Apache Ranger Build Release Tasks
+ </description>
+
+ <property name="release-dir" value="target" />
+ <property name="release-name" value="ranger-${ranger-release-version}" />
+
+ <property name="build-release-tar-file" value="${release-name}.tar.gz" />
+
+ <target name="version-check">
+ <fail message="Missing ranger-release-version; -Dranger-release-version=<version-number> should be defined"
+ unless="ranger-release-version" />
+ </target>
+
+ <target name="build-release" depends="version-check">
+ <tstamp/>
+ <exec executable="mvn">
+ <arg value="clean" />
+ </exec>
+ <mkdir dir="${release-dir}" />
+ <tar destfile="${release-dir}/${build-release-tar-file}" compression="gzip" longfile="posix">
+ <tarfileset prefix="${release-name}" dir=".">
+ <exclude name="git" />
+ <exclude name="*/.gitignore" />
+ <exclude name=".settings/**" />
+ <exclude name="*/.settings/**" />
+ <exclude name=".classpath" />
+ <exclude name="*/.classpath" />
+ <exclude name=".project" />
+ <exclude name="*/.project" />
+ <exclude name="winpkg/*" />
+ <exclude name="hdfs-agent/dependency-reduced-pom.xml" />
+ <exclude name="*/bin/**" />
+ <exclude name="*/target/**" />
+ <exclude name="**/.DS_Store" />
+ <exclude name="release-build.xml" />
+ <exclude name="target/**" />
+ </tarfileset>
+ </tar>
+
+ <exec executable="gpg">
+ <arg value="--armor" />
+ <arg value="--output" />
+ <arg value="${release-dir}/${build-release-tar-file}.asc" />
+ <arg value="--detach-sig" />
+ <arg value="${release-dir}/${build-release-tar-file}" />
+ </exec>
+
+ <exec executable="gpg" output="${release-dir}/${build-release-tar-file}.mds">
+ <arg value="--print-mds" />
+ <arg value="${release-dir}/${build-release-tar-file}" />
+ </exec>
+
+ </target>
+
+</project>
[12/26] incubator-ranger git commit: RANGER-494 Coverity scan issues
with RangerPolicyResourceSignature: toString should not return null
Posted by ma...@apache.org.
RANGER-494 Coverity scan issues with RangerPolicyResourceSignature: toString should not return null
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/18595792
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/18595792
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/18595792
Branch: refs/heads/tag-policy
Commit: 18595792f3b47b69eee652cb1136426dd3b9b113
Parents: a2c9654
Author: Alok Lal <al...@hortonworks.com>
Authored: Tue May 19 01:17:25 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 08:45:06 2015 -0700
----------------------------------------------------------------------
.../ranger/plugin/model/RangerPolicyResourceSignature.java | 9 ++-------
.../plugin/model/TestRangerPolicyResourceSignature.java | 2 +-
2 files changed, 3 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/18595792/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
index 6d19f44..76d853a 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
@@ -44,12 +44,7 @@ public class RangerPolicyResourceSignature {
public RangerPolicyResourceSignature(RangerPolicy policy) {
_policy = policy;
PolicySerializer serializer = new PolicySerializer(_policy);
- String asString = serializer.toString();
- if (asString == null) {
- _string = "";
- } else {
- _string = asString;
- }
+ _string = serializer.toString();
_hash = DigestUtils.md5Hex(_string);
}
@@ -128,7 +123,7 @@ public class RangerPolicyResourceSignature {
// invalid/empty policy gets a deterministic signature as if it had an
// empty resource string
if (!isPolicyValidForResourceSignatureComputation()) {
- return null;
+ return "";
}
int type = 0;
if (_policy.getPolicyType() != null) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/18595792/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java
index a605cd7..8c8c4c0 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java
@@ -154,7 +154,7 @@ public class TestRangerPolicyResourceSignature {
// null policy returns signature of empty resource
RangerPolicy policy = null;
PolicySerializer serializer = new PolicySerializer(policy);
- assertTrue("Null policy", serializer.toString() == null);
+ assertTrue("Null policy", serializer.toString() == "");
policy = mock(RangerPolicy.class);
when(policy.getPolicyType()).thenReturn(null);
[07/26] incubator-ranger git commit: RANGER-488: updated README.txt
with build steps
Posted by ma...@apache.org.
RANGER-488: updated README.txt with build steps
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/0c0d8e3c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/0c0d8e3c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/0c0d8e3c
Branch: refs/heads/tag-policy
Commit: 0c0d8e3c303f6e76c17ef45c94a795330356169b
Parents: 80ce0ef
Author: sneethiraj <sn...@apache.org>
Authored: Tue May 19 01:44:24 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Tue May 19 01:44:24 2015 -0400
----------------------------------------------------------------------
README.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0c0d8e3c/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index d410e18..b5fad2e 100644
--- a/README.txt
+++ b/README.txt
@@ -6,7 +6,7 @@ Build Process
2. On the root folder, please execute the following Maven command:
$ mvn clean compile package install assembly:assembly
- $ mvn eclise:eclipse
+ $ mvn eclipse:eclipse
3. After the above build command execution, you should see the following TAR files in the target folder:
[13/26] incubator-ranger git commit: RANGER-178 - Updated code based
on testing with latest Solr patch
Posted by ma...@apache.org.
RANGER-178 - Updated code based on testing with latest Solr patch
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/68d01056
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/68d01056
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/68d01056
Branch: refs/heads/tag-policy
Commit: 68d01056ca4386c541dfc4cde9fc974391d12749
Parents: 1859579
Author: Don Bosco Durai <bo...@apache.org>
Authored: Tue May 19 10:25:26 2015 -0700
Committer: sneethiraj <sn...@apache.org>
Committed: Tue May 19 13:56:26 2015 -0400
----------------------------------------------------------------------
.../audit/destination/SolrAuditDestination.java | 4 +
.../apache/ranger/audit/provider/MiscUtil.java | 2 +-
agents-common/scripts/enable-agent.sh | 26 +-
.../audit/RangerMultiResourceAuditHandler.java | 2 -
plugin-solr/scripts/install.properties | 3 +
.../scripts/solr-plugin-install.properties | 6 +-
.../solr/authorizer/RangerSolrAuthorizer.java | 2 +-
src/main/assembly/plugin-solr.xml | 302 ++++++++++---------
8 files changed, 194 insertions(+), 153 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
index 06ce4d7..ac522cd 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
@@ -61,9 +61,13 @@ public class SolrAuditDestination extends AuditDestination {
if (solrClient == null) {
String urls = MiscUtil.getStringProperty(props, propPrefix
+ "." + PROP_SOLR_URLS);
+ if( urls != null) {
+ urls = urls.trim();
+ }
if (urls != null && urls.equalsIgnoreCase("NONE")) {
urls = null;
}
+
List<String> solrURLs = new ArrayList<String>();
String zkHosts = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
index f5b07be..fe6b0e9 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
@@ -370,7 +370,7 @@ public class MiscUtil {
public static List<String> toArray(String destListStr, String delim) {
List<String> list = new ArrayList<String>();
if (destListStr != null && !destListStr.isEmpty()) {
- StringTokenizer tokenizer = new StringTokenizer(destListStr, delim);
+ StringTokenizer tokenizer = new StringTokenizer(destListStr, delim.trim());
while (tokenizer.hasMoreTokens()) {
list.add(tokenizer.nextToken());
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/agents-common/scripts/enable-agent.sh
----------------------------------------------------------------------
diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh
index 4e873b8..3550e16 100755
--- a/agents-common/scripts/enable-agent.sh
+++ b/agents-common/scripts/enable-agent.sh
@@ -128,7 +128,12 @@ then
HCOMPONENT_INSTALL_DIR_NAME=${HCOMPONENT_NAME}
fi
-hdir=${PROJ_INSTALL_DIR}/../${HCOMPONENT_INSTALL_DIR_NAME}
+firstletter=${HCOMPONENT_INSTALL_DIR_NAME:0:1}
+if [ "$firstletter" = "/" ]; then
+ hdir=${HCOMPONENT_INSTALL_DIR_NAME}
+else
+ hdir=${PROJ_INSTALL_DIR}/../${HCOMPONENT_INSTALL_DIR_NAME}
+fi
#
# TEST - START
@@ -142,11 +147,24 @@ fi
#
HCOMPONENT_INSTALL_DIR=`(cd ${hdir} ; pwd)`
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/lib
-if [ "${HCOMPONENT_NAME}" = "knox" ]
-then
+if [ "${HCOMPONENT_NAME}" = "knox" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/ext
+elif [ "${HCOMPONENT_NAME}" = "solr" ]; then
+ HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/solr-webapp/webapp/WEB-INF/lib
fi
+
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf
+if [ "${HCOMPONENT_NAME}" = "solr" ]; then
+ HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/solr-webapp/webapp/WEB-INF/classes
+ if [ ! -d $HCOMPONENT_CONF_DIR ]; then
+ install_owner=`ls -ld | cut -f 3 -d " "`
+ echo "INFO: Creating $HCOMPONENT_CONF_DIR"
+ mkdir -p $HCOMPONENT_CONF_DIR
+ echo "INFO: Changing ownership of $HCOMPONENT_CONF_DIR to $install_owner"
+ chown $install_owner:$install_owner $HCOMPONENT_CONF_DIR
+ fi
+fi
+
HCOMPONENT_ARCHIVE_CONF_DIR=${HCOMPONENT_CONF_DIR}/.archive
SET_ENV_SCRIPT=${HCOMPONENT_CONF_DIR}/${SET_ENV_SCRIPT_NAME}
@@ -221,6 +239,8 @@ create_jceks() {
rm -f ${tempFile}
}
+log "${HCOMPONENT_NAME}: lib folder=$HCOMPONENT_LIB_DIR conf folder=$HCOMPONENT_CONF_DIR"
+
#
# If there is a set-ranger-${COMPONENT}-env.sh, install it
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java
index f40d39f..17dcfdc 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java
@@ -23,7 +23,6 @@ import java.util.ArrayList;
import java.util.Collection;
import org.apache.ranger.audit.model.AuthzAuditEvent;
-import org.apache.ranger.plugin.policyengine.RangerAccessResult;
/**
* This class should be generated per request and flushed at the end of the
@@ -32,7 +31,6 @@ import org.apache.ranger.plugin.policyengine.RangerAccessResult;
public class RangerMultiResourceAuditHandler extends RangerDefaultAuditHandler {
Collection<AuthzAuditEvent> auditEvents = new ArrayList<AuthzAuditEvent>();
- boolean deniedExists = false;
public RangerMultiResourceAuditHandler() {
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/plugin-solr/scripts/install.properties
----------------------------------------------------------------------
diff --git a/plugin-solr/scripts/install.properties b/plugin-solr/scripts/install.properties
index 6070968..1f3852e 100644
--- a/plugin-solr/scripts/install.properties
+++ b/plugin-solr/scripts/install.properties
@@ -13,6 +13,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+#Location of the solr server folder.
+COMPONENT_INSTALL_DIR_NAME=/opt/solr/server
+
#
# Location of Policy Manager URL
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/plugin-solr/scripts/solr-plugin-install.properties
----------------------------------------------------------------------
diff --git a/plugin-solr/scripts/solr-plugin-install.properties b/plugin-solr/scripts/solr-plugin-install.properties
index a360906..c040949 100644
--- a/plugin-solr/scripts/solr-plugin-install.properties
+++ b/plugin-solr/scripts/solr-plugin-install.properties
@@ -19,5 +19,7 @@
# Name of the directory where the component's lib and conf directory exist.
# This location should be relative to the parent of the directory containing
# the plugin installation files.
-#
-COMPONENT_INSTALL_DIR_NAME=solr
+#
+
+#In the case of Solr, the component might be installed anywhere. So update install.properties
+#COMPONENT_INSTALL_DIR_NAME=solr
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
index de786d7..673f652 100644
--- a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
+++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
@@ -57,7 +57,7 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
public static final String ACCESS_TYPE_UPDATE = "update";
public static final String ACCESS_TYPE_QUERY = "query";
public static final String ACCESS_TYPE_OTHER = "other";
- public static final String ACCESS_TYPE_ADMIN = "admin";
+ public static final String ACCESS_TYPE_ADMIN = "solr_admin";
private static volatile RangerBasePlugin solrPlugin = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/src/main/assembly/plugin-solr.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/plugin-solr.xml b/src/main/assembly/plugin-solr.xml
index 06844ae..5276cc4 100644
--- a/src/main/assembly/plugin-solr.xml
+++ b/src/main/assembly/plugin-solr.xml
@@ -1,148 +1,162 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ You under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<assembly>
+ <id>solr-plugin</id>
+ <formats>
+ <format>tar.gz</format>
+ <format>zip</format>
+ </formats>
+ <baseDirectory>${project.name}-${project.version}-solr-plugin
+ </baseDirectory>
+ <includeBaseDirectory>true</includeBaseDirectory>
+ <moduleSets>
+ <moduleSet>
+ <binaries>
+ <includeDependencies>false</includeDependencies>
+ <unpack>false</unpack>
+ <directoryMode>755</directoryMode>
+ <fileMode>644</fileMode>
+ <dependencySets>
+ <dependencySet>
+ <outputDirectory>/lib</outputDirectory>
+ <unpack>false</unpack>
+ <includes>
+ <include>com.google.code.gson:gson</include>
+ <include>org.eclipse.persistence:eclipselink</include>
+ <include>org.eclipse.persistence:javax.persistence</include>
+ <include>com.sun.jersey:jersey-bundle</include>
+ <include>com.google.guava:guava:jar:${guava.version}</include>
+ <include>org.codehaus.jackson:jackson-core-asl</include>
+ <include>org.codehaus.jackson:jackson-jaxrs</include>
+ <include>org.codehaus.jackson:jackson-mapper-asl</include>
+ <include>org.codehaus.jackson:jackson-xc</include>
- http://www.apache.org/licenses/LICENSE-2.0
+ </includes>
+ </dependencySet>
+ <dependencySet>
+ <outputDirectory>/install/lib</outputDirectory>
+ <unpack>false</unpack>
+ <directoryMode>755</directoryMode>
+ <fileMode>644</fileMode>
+ <includes>
+ <include>commons-cli:commons-cli</include>
+ <include>commons-collections:commons-collections</include>
+ <include>commons-configuration:commons-configuration:jar:${commons.configuration.version}
+ </include>
+ <include>commons-io:commons-io:jar:${commons.io.version}
+ </include>
+ <include>commons-lang:commons-lang:jar:${commons.lang.version}
+ </include>
+ <include>commons-logging:commons-logging</include>
+ <include>com.google.guava:guava:jar:${guava.version}</include>
+ <include>org.hamcrest:hamcrest-all</include>
+ <include>junit:junit</include>
+ <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include>
+ <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}
+ </include>
+ <include>org.apache.hadoop:hadoop-auth:jar:${hadoop-common.version}
+ </include>
+ <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred
+ </include>
+ <include>org.apache.ranger:credentialbuilder</include>
+ <include>security_plugins.ranger-solr-plugin:ranger-solr-plugin
+ </include>
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<assembly>
- <id>solr-plugin</id>
- <formats>
- <format>tar.gz</format>
- <format>zip</format>
- </formats>
- <baseDirectory>${project.name}-${project.version}-solr-plugin</baseDirectory>
- <includeBaseDirectory>true</includeBaseDirectory>
- <moduleSets>
- <moduleSet>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <unpack>false</unpack>
- <directoryMode>755</directoryMode>
- <fileMode>644</fileMode>
- <dependencySets>
- <dependencySet>
- <outputDirectory>/lib</outputDirectory>
- <unpack>false</unpack>
- <includes>
- <include>com.google.code.gson:gson</include>
- <include>org.eclipse.persistence:eclipselink</include>
- <include>org.eclipse.persistence:javax.persistence</include>
- <include>com.sun.jersey:jersey-bundle</include>
- <include>com.google.guava:guava:jar:${guava.version}</include>
- </includes>
- </dependencySet>
- <dependencySet>
- <outputDirectory>/install/lib</outputDirectory>
- <unpack>false</unpack>
- <directoryMode>755</directoryMode>
- <fileMode>644</fileMode>
- <includes>
- <include>commons-cli:commons-cli</include>
- <include>commons-collections:commons-collections</include>
- <include>commons-configuration:commons-configuration:jar:${commons.configuration.version}</include>
- <include>commons-io:commons-io:jar:${commons.io.version}</include>
- <include>commons-lang:commons-lang:jar:${commons.lang.version}</include>
- <include>commons-logging:commons-logging</include>
- <include>com.google.guava:guava:jar:${guava.version}</include>
- <include>org.hamcrest:hamcrest-all</include>
- <include>junit:junit</include>
- <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include>
- <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include>
- <include>org.apache.hadoop:hadoop-auth:jar:${hadoop-common.version}</include>
- <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred</include>
- <include>org.apache.ranger:credentialbuilder</include>
- </includes>
- </dependencySet>
- </dependencySets>
- <outputDirectory>/lib</outputDirectory>
- </binaries>
- <includes>
- <include>org.apache.ranger:ranger_solrj</include>
- <include>security_plugins.ranger-plugins-audit:ranger-plugins-audit</include>
- <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred</include>
- <include>security_plugins.ranger-plugins-impl:ranger-plugins-impl</include>
- <include>security_plugins.ranger-plugins-common:ranger-plugins-common</include>
- <include>security_plugins.ranger-solr-plugin:ranger-solr-plugin</include>
- </includes>
- </moduleSet>
- <moduleSet>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <outputDirectory>/install/lib</outputDirectory>
- <unpack>false</unpack>
- </binaries>
- <includes>
- <include>security_plugins.ranger-plugins-installer:ranger-plugins-installer</include>
- <include>org.apache.ranger:credentialbuilder</include>
- </includes>
- </moduleSet>
- </moduleSets>
- <fileSets>
- <!-- conf.templates for enable -->
- <fileSet>
- <outputDirectory>/install/conf.templates/enable</outputDirectory>
- <directory>plugin-solr/conf</directory>
- <excludes>
- <exclude>*.sh</exclude>
- </excludes>
- <fileMode>700</fileMode>
- </fileSet>
- <fileSet>
- <outputDirectory>/install/conf.templates/disable</outputDirectory>
- <directory>plugin-solr/disable-conf</directory>
- <fileMode>700</fileMode>
- </fileSet>
- <fileSet>
- <outputDirectory>/install/conf.templates/default</outputDirectory>
- <directory>plugin-solr/template</directory>
- <fileMode>700</fileMode>
- </fileSet>
- <!-- version file -->
- <fileSet>
- <outputDirectory>/</outputDirectory>
- <directory>${project.build.outputDirectory}</directory>
- <includes>
- <include>version</include>
- </includes>
- <fileMode>444</fileMode>
- </fileSet>
- </fileSets>
- <!-- enable/disable script for Plugin -->
- <files>
- <file>
- <source>agents-common/scripts/enable-agent.sh</source>
- <outputDirectory>/</outputDirectory>
- <destName>enable-solr-plugin.sh</destName>
- <fileMode>755</fileMode>
- </file>
- <file>
- <source>agents-common/scripts/enable-agent.sh</source>
- <outputDirectory>/</outputDirectory>
- <destName>disable-solr-plugin.sh</destName>
- <fileMode>755</fileMode>
- </file>
- <file>
- <source>plugin-solr/scripts/install.properties</source>
- <outputDirectory>/</outputDirectory>
- <destName>install.properties</destName>
- <fileMode>755</fileMode>
- </file>
- <file>
- <source>plugin-solr/scripts/solr-plugin-install.properties</source>
- <outputDirectory>/</outputDirectory>
- <destName>solr-plugin-install.properties</destName>
- <fileMode>755</fileMode>
- </file>
- </files>
+ </includes>
+ </dependencySet>
+ </dependencySets>
+ <outputDirectory>/lib</outputDirectory>
+ </binaries>
+ <includes>
+ <include>security_plugins.ranger-plugins-audit:ranger-plugins-audit
+ </include>
+ <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred
+ </include>
+ <include>security_plugins.ranger-plugins-impl:ranger-plugins-impl
+ </include>
+ <include>security_plugins.ranger-plugins-common:ranger-plugins-common
+ </include>
+ <include>security_plugins.ranger-solr-plugin:ranger-solr-plugin
+ </include>
+ </includes>
+ </moduleSet>
+ <moduleSet>
+ <binaries>
+ <includeDependencies>false</includeDependencies>
+ <outputDirectory>/install/lib</outputDirectory>
+ <unpack>false</unpack>
+ </binaries>
+ <includes>
+ <include>security_plugins.ranger-plugins-installer:ranger-plugins-installer
+ </include>
+ <include>org.apache.ranger:credentialbuilder</include>
+ </includes>
+ </moduleSet>
+ </moduleSets>
+ <fileSets>
+ <!-- conf.templates for enable -->
+ <fileSet>
+ <outputDirectory>/install/conf.templates/enable</outputDirectory>
+ <directory>plugin-solr/conf</directory>
+ <excludes>
+ <exclude>*.sh</exclude>
+ </excludes>
+ <fileMode>700</fileMode>
+ </fileSet>
+ <fileSet>
+ <outputDirectory>/install/conf.templates/disable</outputDirectory>
+ <directory>plugin-solr/disable-conf</directory>
+ <fileMode>700</fileMode>
+ </fileSet>
+ <fileSet>
+ <outputDirectory>/install/conf.templates/default</outputDirectory>
+ <directory>plugin-solr/template</directory>
+ <fileMode>700</fileMode>
+ </fileSet>
+ <!-- version file -->
+ <fileSet>
+ <outputDirectory>/</outputDirectory>
+ <directory>${project.build.outputDirectory}</directory>
+ <includes>
+ <include>version</include>
+ </includes>
+ <fileMode>444</fileMode>
+ </fileSet>
+ </fileSets>
+ <!-- enable/disable script for Plugin -->
+ <files>
+ <file>
+ <source>agents-common/scripts/enable-agent.sh</source>
+ <outputDirectory>/</outputDirectory>
+ <destName>enable-solr-plugin.sh</destName>
+ <fileMode>755</fileMode>
+ </file>
+ <file>
+ <source>agents-common/scripts/enable-agent.sh</source>
+ <outputDirectory>/</outputDirectory>
+ <destName>disable-solr-plugin.sh</destName>
+ <fileMode>755</fileMode>
+ </file>
+ <file>
+ <source>plugin-solr/scripts/install.properties</source>
+ <outputDirectory>/</outputDirectory>
+ <destName>install.properties</destName>
+ <fileMode>755</fileMode>
+ </file>
+ <file>
+ <source>plugin-solr/scripts/solr-plugin-install.properties</source>
+ <outputDirectory>/</outputDirectory>
+ <destName>solr-plugin-install.properties</destName>
+ <fileMode>755</fileMode>
+ </file>
+ </files>
</assembly>
[26/26] incubator-ranger git commit: Merge branch 'master' into
tag-policy
Posted by ma...@apache.org.
Merge branch 'master' into tag-policy
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/3e4af58f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/3e4af58f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/3e4af58f
Branch: refs/heads/tag-policy
Commit: 3e4af58f53a31da151cad1b1d91602861db88f26
Parents: 0247590 f31274b
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Fri May 22 18:20:19 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Fri May 22 18:20:19 2015 -0700
----------------------------------------------------------------------
.../RangerAbstractConditionEvaluator.java | 43 +++
.../RangerConditionEvaluator.java | 7 +-
.../conditionevaluator/RangerIpMatcher.java | 8 +-
.../conditionevaluator/RangerSimpleMatcher.java | 8 +-
.../RangerTimeOfDayMatcher.java | 8 +-
.../RangerAbstractContextEnricher.java | 10 +-
.../contextenricher/RangerContextEnricher.java | 4 +-
.../contextenricher/RangerCountryProvider.java | 5 +-
.../contextenricher/RangerProjectProvider.java | 5 +-
.../policyengine/RangerPolicyRepository.java | 3 +-
.../RangerDefaultPolicyEvaluator.java | 8 +-
.../RangerAbstractResourceMatcher.java | 26 +-
.../RangerPathResourceMatcher.java | 10 +-
.../resourcematcher/RangerResourceMatcher.java | 9 +-
.../conditionevaluator/RangerIpMatcherTest.java | 8 +-
.../RangerSimpleMatcherTest.java | 36 +-
.../RangerTimeOfDayMatcherTest.java | 4 +-
.../RangerDefaultPolicyEvaluatorTest.java | 13 +-
.../resourcematcher/TestResourceMatcher.java | 15 +-
.../test_resourcematcher_default.json | 78 +++--
.../test_resourcematcher_path.json | 84 +++--
.../scripts/ranger-admin-services.sh | 10 +-
kms/scripts/ranger-kms | 10 +-
.../ranger/services/kms/client/KMSClient.java | 306 +++++++++++------
security-admin/scripts/db_setup.py | 17 +-
security-admin/scripts/dba_script.py | 13 +-
security-admin/scripts/install.properties | 5 +-
.../scripts/ranger-admin-site-template.xml | 2 +-
security-admin/scripts/setup.sh | 63 +++-
security-admin/scripts/upgrade_admin.py | 2 +-
.../java/org/apache/ranger/biz/KmsKeyMgr.java | 331 ++++++++++++++-----
.../apache/ranger/common/PropertiesUtil.java | 19 ++
.../conf.dist/ranger-admin-default-site.xml | 6 +-
.../resources/conf.dist/ranger-admin-site.xml | 18 +-
.../scripts/ranger-usersync-services.sh | 10 +-
35 files changed, 867 insertions(+), 337 deletions(-)
----------------------------------------------------------------------
[14/26] incubator-ranger git commit: RANGER-265 Policy manager should
timeout if a service is not responding to lookup requests in time.
Posted by ma...@apache.org.
RANGER-265 Policy manager should timeout if a service is not responding to lookup requests in time.
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/154c4904
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/154c4904
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/154c4904
Branch: refs/heads/tag-policy
Commit: 154c49041863f040ce99c5d45fa5e996968ced96
Parents: 68d0105
Author: Alok Lal <al...@hortonworks.com>
Authored: Fri May 15 10:00:01 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 19 11:57:28 2015 -0700
----------------------------------------------------------------------
.../plugin/service/ResourceLookupContext.java | 7 +-
security-admin/pom.xml | 1 -
.../org/apache/ranger/biz/ServiceDBStore.java | 2 +-
.../java/org/apache/ranger/biz/ServiceMgr.java | 178 +++++++++++++++--
.../org/apache/ranger/common/RangerFactory.java | 33 ++++
.../org/apache/ranger/common/TimedExecutor.java | 160 ++++++++++++++++
.../common/TimedExecutorConfigurator.java | 93 +++++++++
.../apache/ranger/service/RangerFactory.java | 33 ----
.../conf.dist/ranger-admin-default-site.xml | 27 +++
.../apache/ranger/common/TestTimedExecutor.java | 190 +++++++++++++++++++
10 files changed, 669 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/154c4904/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
index 913f824..a8b8ac0 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
@@ -27,8 +27,8 @@ import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import org.codehaus.jackson.annotate.JsonAutoDetect;
-import org.codehaus.jackson.annotate.JsonIgnoreProperties;
import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
import org.codehaus.jackson.map.annotate.JsonSerialize;
@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
@@ -82,4 +82,9 @@ public class ResourceLookupContext {
public void setResources(Map<String, List<String>> resources) {
this.resources = resources;
}
+
+ @Override
+ public String toString() {
+ return String.format("ResourceLookupContext={resourceName=%s,userInput=%s,resources=%s}", resourceName, userInput, resources);
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/154c4904/security-admin/pom.xml
----------------------------------------------------------------------
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
index 9783d1f..3c26837 100644
--- a/security-admin/pom.xml
+++ b/security-admin/pom.xml
@@ -251,7 +251,6 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>4.11</version>
<scope>test</scope>
</dependency>
<dependency>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/154c4904/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 009cbf8..2c9ceff 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -40,6 +40,7 @@ import org.apache.ranger.common.PasswordUtils;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerCommonEnums;
import org.apache.ranger.common.RangerConstants;
+import org.apache.ranger.common.RangerFactory;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.db.RangerDaoManager;
@@ -106,7 +107,6 @@ import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.service.RangerAuditFields;
import org.apache.ranger.service.RangerDataHistService;
-import org.apache.ranger.service.RangerFactory;
import org.apache.ranger.service.RangerPolicyService;
import org.apache.ranger.service.RangerPolicyWithAssignedIdService;
import org.apache.ranger.service.RangerServiceDefService;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/154c4904/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
index 8498fbf..576090f 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
@@ -23,13 +23,18 @@ import java.io.File;
import java.net.URL;
import java.net.URLClassLoader;
import java.util.ArrayList;
+import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.concurrent.Callable;
+import java.util.concurrent.TimeUnit;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.common.PropertiesUtil;
+import org.apache.ranger.common.TimedExecutor;
import org.apache.ranger.plugin.client.HadoopException;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
@@ -54,6 +59,9 @@ public class ServiceMgr {
@Autowired
ServiceDBStore svcDBStore;
+ @Autowired
+ TimedExecutor timedExecutor;
+
public List<String> lookupResource(String serviceName, ResourceLookupContext context, ServiceStore svcStore) throws Exception {
List<String> ret = null;
@@ -69,18 +77,9 @@ public class ServiceMgr {
}
if(svc != null) {
- ClassLoader clsLoader = Thread.currentThread().getContextClassLoader();
-
- try {
- Thread.currentThread().setContextClassLoader(svc.getClass().getClassLoader());
-
- ret = svc.lookupResource(context);
- } catch (Exception e) {
- LOG.error("==> ServiceMgr.lookupResource Error:" + e);
- throw e;
- } finally {
- Thread.currentThread().setContextClassLoader(clsLoader);
- }
+ LookupCallable callable = new LookupCallable(svc, context);
+ long time = getTimeoutValueForLookupInMilliSeconds(svc);
+ ret = timedExecutor.timedTask(callable, time, TimeUnit.MILLISECONDS);
}
if(LOG.isDebugEnabled()) {
@@ -103,12 +102,11 @@ public class ServiceMgr {
}
if(svc != null) {
- ClassLoader clsLoader = Thread.currentThread().getContextClassLoader();
-
try {
- Thread.currentThread().setContextClassLoader(svc.getClass().getClassLoader());
-
- HashMap<String, Object> responseData = svc.validateConfig();
+ // Timeout value use during validate config is 10 times that used during lookup
+ long time = getTimeoutValueForValidateConfigInMilliSeconds(svc);
+ ValidateCallable callable = new ValidateCallable(svc);
+ HashMap<String, Object> responseData = timedExecutor.timedTask(callable, time, TimeUnit.MILLISECONDS);
ret = generateResponseForTestConn(responseData, "");
} catch (Exception e) {
@@ -120,8 +118,6 @@ public class ServiceMgr {
}
ret = generateResponseForTestConn(respData, msg);
LOG.error("==> ServiceMgr.validateConfig Error:" + e);
- } finally {
- Thread.currentThread().setContextClassLoader(clsLoader);
}
}
@@ -344,5 +340,149 @@ public class ServiceMgr {
vXResponse.setStatusCode(statusCode);
return vXResponse;
}
+
+ static final long _DefaultTimeoutValue_Lookp = 1000; // 1 s
+ static final long _DefaultTimeoutValue_ValidateConfig = 10000; // 10 s
+
+ long getTimeoutValueForLookupInMilliSeconds(RangerBaseService svc) {
+ return getTimeoutValueInMilliSeconds("resource.lookup", svc, _DefaultTimeoutValue_Lookp);
+ }
+
+ long getTimeoutValueForValidateConfigInMilliSeconds(RangerBaseService svc) {
+ return getTimeoutValueInMilliSeconds("validate.config", svc, _DefaultTimeoutValue_ValidateConfig);
+ }
+
+ long getTimeoutValueInMilliSeconds(final String type, RangerBaseService svc, long defaultValue) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("==> ServiceMgr.getTimeoutValueInMilliSeconds (%s, %s)", type, svc));
+ }
+ String propertyName = type + ".timeout.value.in.ms"; // type == "lookup" || type == "validate-config"
+
+ Long result = null;
+ Map<String, String> config = svc.getConfigs();
+ if (config != null && config.containsKey(propertyName)) {
+ result = parseLong(config.get(propertyName));
+ }
+ if (result != null) {
+ LOG.debug("Found override in service config!");
+ } else {
+ String[] keys = new String[] {
+ "ranger.service." + svc.getServiceName() + "." + propertyName,
+ "ranger.servicetype." + svc.getServiceType() + "." + propertyName,
+ "ranger." + propertyName
+ };
+ for (String key : keys) {
+ String value = PropertiesUtil.getProperty(key);
+ if (value != null) {
+ result = parseLong(value);
+ if (result != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Using the value[" + value + "] found in property[" + key + "]");
+ }
+ break;
+ }
+ }
+ }
+ }
+ if (result == null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("No overrides found in service config of properties file. Using supplied default of[" + defaultValue + "]!");
+ }
+ result = defaultValue;
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("<== ServiceMgr.getTimeoutValueInMilliSeconds (%s, %s): %s", type, svc, result));
+ }
+ return result;
+ }
+
+ Long parseLong(String str) {
+ try {
+ return Long.valueOf(str);
+ } catch (NumberFormatException e) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("ServiceMgr.parseLong: could not parse [" + str + "] as Long! Returning null");
+ }
+ return null;
+ }
+ }
+
+ abstract static class TimedCallable<T> implements Callable<T> {
+
+ final RangerBaseService svc;
+ final Date creation; // NOTE: This would be different from when the callable was actually offered to the executor
+
+ public TimedCallable(RangerBaseService svc) {
+ this.svc = svc;
+ this.creation = new Date();
+ }
+
+ @Override
+ public T call() throws Exception {
+ Date start = null;
+ if (LOG.isDebugEnabled()) {
+ start = new Date();
+ LOG.debug("==> TimedCallable: " + toString());
+ }
+
+ ClassLoader clsLoader = Thread.currentThread().getContextClassLoader();
+ try {
+ Thread.currentThread().setContextClassLoader(svc.getClass().getClassLoader());
+ return actualCall();
+ } catch (Exception e) {
+ LOG.error("TimedCallable.call: Error:" + e);
+ throw e;
+ } finally {
+ Thread.currentThread().setContextClassLoader(clsLoader);
+ if (LOG.isDebugEnabled()) {
+ Date finish = new Date();
+ long waitTime = start.getTime() - creation.getTime();
+ long executionTime = finish.getTime() - start.getTime();
+ LOG.debug(String.format("<== TimedCallable: %s: wait time[%d ms], execution time [%d ms]", toString(), waitTime, executionTime));
+ }
+ }
+ }
+
+ abstract T actualCall() throws Exception;
+ }
+
+ static class LookupCallable extends TimedCallable<List<String>> {
+
+ final ResourceLookupContext context;
+
+ public LookupCallable(final RangerBaseService svc, final ResourceLookupContext context) {
+ super(svc);
+ this.context = context;
+ }
+
+ @Override
+ public String toString() {
+ return String.format("lookup resource[%s] for service[%s], ", context.toString(), svc.getServiceName());
+ }
+
+ @Override
+ public List<String> actualCall() throws Exception {
+ List<String> ret = svc.lookupResource(context);
+ return ret;
+ }
+ }
+
+ static class ValidateCallable extends TimedCallable<HashMap<String, Object>> {
+
+ public ValidateCallable(RangerBaseService svc) {
+ super(svc);
+ }
+
+ @Override
+ public String toString() {
+ return String.format("validate config for service[%s]", svc.getServiceName());
+ }
+
+ @Override
+ public HashMap<String, Object> actualCall() throws Exception {
+ return svc.validateConfig();
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/154c4904/security-admin/src/main/java/org/apache/ranger/common/RangerFactory.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerFactory.java b/security-admin/src/main/java/org/apache/ranger/common/RangerFactory.java
new file mode 100644
index 0000000..29d972e
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerFactory.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.common;
+
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+
+@Service
+@Scope("singleton")
+public class RangerFactory {
+ public RangerPolicyResourceSignature createPolicyResourceSignature(RangerPolicy policy) {
+ return new RangerPolicyResourceSignature(policy);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/154c4904/security-admin/src/main/java/org/apache/ranger/common/TimedExecutor.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/TimedExecutor.java b/security-admin/src/main/java/org/apache/ranger/common/TimedExecutor.java
new file mode 100644
index 0000000..643d882
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/common/TimedExecutor.java
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.common;
+
+import java.lang.Thread.UncaughtExceptionHandler;
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.Callable;
+import java.util.concurrent.CancellationException;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Future;
+import java.util.concurrent.RejectedExecutionException;
+import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+
+import com.google.common.util.concurrent.ThreadFactoryBuilder;
+
+@Service
+@Scope("singleton")
+public class TimedExecutor {
+
+ static final private Logger LOG = Logger.getLogger(TimedExecutor.class);
+
+ @Autowired
+ TimedExecutorConfigurator _configurator;
+
+ ExecutorService _executorService;
+
+ public TimedExecutor() {
+ }
+
+ @PostConstruct
+ void initialize() {
+ initialize(_configurator);
+ }
+
+ // Not designed for public access - only for testability
+ void initialize(TimedExecutorConfigurator configurator) {
+ final ThreadFactory _ThreadFactory = new ThreadFactoryBuilder()
+ .setDaemon(true)
+ .setNameFormat("timed-executor-pool-%d")
+ .setUncaughtExceptionHandler(new LocalUncaughtExceptionHandler())
+ .build();
+
+ final BlockingQueue<Runnable> blockingQueue = new ArrayBlockingQueue<>(configurator.getBlockingQueueSize());
+
+ _executorService = new LocalThreadPoolExecutor(configurator.getCoreThreadPoolSize(), configurator.getMaxThreadPoolSize(),
+ configurator.getKeepAliveTime(), configurator.getKeepAliveTimeUnit(),
+ blockingQueue, _ThreadFactory);
+ }
+
+ public <T> T timedTask(Callable<T> callable, long time, TimeUnit unit) throws Exception{
+ try {
+ Future<T> future = _executorService.submit(callable);
+ if (LOG.isDebugEnabled()) {
+ if (future.isCancelled()) {
+ LOG.debug("Got back a future that was cancelled already for callable[" + callable + "]!");
+ }
+ }
+ try {
+ T result = future.get(time, unit);
+ return result;
+ } catch (CancellationException | ExecutionException | InterruptedException e) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("TimedExecutor: Caught exception[%s] for callable[%s]: detail[%s]. Re-throwing...", e.getClass().getName(), callable, e.getMessage()));
+ }
+ throw e;
+ } catch (TimeoutException e) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("TimedExecutor: Timed out waiting for callable[%s] to finish. Cancelling the task.", callable));
+ }
+ boolean interruptRunningTask = true;
+ future.cancel(interruptRunningTask);
+ LOG.debug("TimedExecutor: Re-throwing timeout exception to caller");
+ throw e;
+ }
+ } catch (RejectedExecutionException e) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Executor rejected callable[" + callable + "], due to resource exhaustion. Rethrowing exception...");
+ }
+ throw e;
+ }
+ }
+
+ /**
+ * Not designed for public access. Non-private only for testability. Expected to be called by tests to do proper cleanup.
+ */
+ void shutdown() {
+ _executorService.shutdownNow();
+ }
+
+ static class LocalUncaughtExceptionHandler implements UncaughtExceptionHandler {
+
+ @Override
+ public void uncaughtException(Thread t, Throwable e) {
+ String message = String.format("TimedExecutor: Uncaught exception hanlder received exception[%s] in thread[%s]", t.getClass().getName(), t.getName());
+ LOG.warn(message, e);
+ }
+ }
+
+ static class LocalThreadPoolExecutor extends ThreadPoolExecutor {
+
+ private ThreadLocal<Long> startNanoTime = new ThreadLocal<Long>();
+
+ public LocalThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime, TimeUnit unit, BlockingQueue<Runnable> workQueue, ThreadFactory threadFactory) {
+ super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue, threadFactory);
+ }
+
+ @Override
+ protected void beforeExecute(Thread t, Runnable r) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("TimedExecutor: Starting execution of a task.");
+ startNanoTime.set(System.nanoTime());
+ }
+ super.beforeExecute(t, r);
+ }
+
+ @Override
+ protected void afterExecute(Runnable r, Throwable t) {
+ super.afterExecute(r, t);
+ if (LOG.isDebugEnabled()) {
+ long duration = System.nanoTime() - startNanoTime.get();
+ LOG.debug("TimedExecutor: Done execution of task. Duration[" + duration/1000000 + " ms].");
+ }
+ }
+
+ @Override
+ protected void terminated() {
+ super.terminated();
+ LOG.info("TimedExecutor: thread pool has terminated");
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/154c4904/security-admin/src/main/java/org/apache/ranger/common/TimedExecutorConfigurator.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/TimedExecutorConfigurator.java b/security-admin/src/main/java/org/apache/ranger/common/TimedExecutorConfigurator.java
new file mode 100644
index 0000000..1b43abe
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/common/TimedExecutorConfigurator.java
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.common;
+
+import java.util.concurrent.TimeUnit;
+
+import javax.annotation.PostConstruct;
+
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+
+@Service
+@Scope("singleton")
+public class TimedExecutorConfigurator {
+
+ // these two are important and hence are user configurable.
+ static final String Property_MaxThreadPoolSize = "ranger.timed.executor.max.threadpool.size";
+ static final String Property_QueueSize = "ranger.timed.executor.queue.size";
+ // We need these default-defaults since default-site.xml file isn't inside the jar, i.e. file itself may be missing or values in it might be messed up! :(
+ static final int _DefaultMaxThreadPoolSize = 10;
+ static final private int _DefaultBlockingQueueSize = 100;
+
+
+ private int _maxThreadPoolSize;
+ private int _blockingQueueSize;
+ // The following are hard-coded for now and can be exposed if there is a pressing need.
+ private int _coreThreadPoolSize = 1;
+ private long _keepAliveTime = 10;
+ private TimeUnit _keepAliveTimeUnit = TimeUnit.SECONDS;
+
+ public TimedExecutorConfigurator() {
+ }
+
+ // Infrequently used class (once per lifetime of policy manager) hence, values read from property file aren't cached.
+ @PostConstruct
+ void initialize() {
+ Integer value = PropertiesUtil.getIntProperty(Property_MaxThreadPoolSize);
+ if (value == null) {
+ _maxThreadPoolSize = _DefaultMaxThreadPoolSize;
+ } else {
+ _maxThreadPoolSize = value;
+ }
+
+ value = PropertiesUtil.getIntProperty(Property_QueueSize);
+ if (value == null) {
+ _blockingQueueSize = _DefaultBlockingQueueSize;
+ } else {
+ _blockingQueueSize = value;
+ }
+ }
+ /**
+ * Provided mostly only testability.
+ * @param maxThreadPoolSize
+ * @param blockingQueueSize
+ */
+ public TimedExecutorConfigurator(int maxThreadPoolSize, int blockingQueueSize) {
+ _maxThreadPoolSize = maxThreadPoolSize;
+ _blockingQueueSize = blockingQueueSize;
+ }
+
+ public int getCoreThreadPoolSize() {
+ return _coreThreadPoolSize;
+ }
+ public int getMaxThreadPoolSize() {
+ return _maxThreadPoolSize;
+ }
+ public long getKeepAliveTime() {
+ return _keepAliveTime;
+ }
+ public TimeUnit getKeepAliveTimeUnit() {
+ return _keepAliveTimeUnit;
+ }
+ public int getBlockingQueueSize() {
+ return _blockingQueueSize;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/154c4904/security-admin/src/main/java/org/apache/ranger/service/RangerFactory.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerFactory.java b/security-admin/src/main/java/org/apache/ranger/service/RangerFactory.java
deleted file mode 100644
index 7834262..0000000
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerFactory.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.service;
-
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
-import org.springframework.context.annotation.Scope;
-import org.springframework.stereotype.Service;
-
-@Service
-@Scope("singleton")
-public class RangerFactory {
- public RangerPolicyResourceSignature createPolicyResourceSignature(RangerPolicy policy) {
- return new RangerPolicyResourceSignature(policy);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/154c4904/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
index 571d2a1..0783f69 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
@@ -395,14 +395,41 @@
<value>ranger.auditdb.password</value>
<description></description>
</property>
+
<property>
<name>ranger.ldap.binddn.credential.alias</name>
<value>ranger.ldap.binddn.password</value>
<description></description>
</property>
+
<property>
<name>ranger.ldap.ad.binddn.credential.alias</name>
<value>ranger.ad.binddn.password</value>
<description></description>
</property>
+
+ <property>
+ <name>ranger.resource.lookup.timeout.value.in.ms</name>
+ <value>1000</value>
+ <description></description>
+ </property>
+
+ <property>
+ <name>ranger.validate.config.timeout.value.in.ms</name>
+ <value>10000</value>
+ <description></description>
+ </property>
+
+ <property>
+ <name>ranger.timed.executor.max.threadpool.size</name>
+ <value>10</value>
+ <description></description>
+ </property>
+
+ <property>
+ <name>ranger.timed.executor.queue.size</name>
+ <value>100</value>
+ <description></description>
+ </property>
+
</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/154c4904/security-admin/src/test/java/org/apache/ranger/common/TestTimedExecutor.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/common/TestTimedExecutor.java b/security-admin/src/test/java/org/apache/ranger/common/TestTimedExecutor.java
new file mode 100644
index 0000000..39d8ecf
--- /dev/null
+++ b/security-admin/src/test/java/org/apache/ranger/common/TestTimedExecutor.java
@@ -0,0 +1,190 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.common;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicInteger;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.junit.Before;
+import org.junit.Test;
+
+public class TestTimedExecutor {
+
+ private static final Log LOG = LogFactory.getLog(TestTimedExecutor.class);
+
+ @Before
+ public void before() {
+
+ }
+
+ @Test
+ public void test() throws InterruptedException {
+ /*
+ * Create a pool with 2 threads and queue size of 3 such that 6th item should get rejected right away due to capacity.
+ */
+ int poolSize = 2;
+ int queueSize = 3;
+ _configurator = new TimedExecutorConfigurator(poolSize, queueSize);
+ // Just toa void thread shutting down and restarting set keep alive to high value.
+ _executor.initialize(_configurator);
+
+ // now create 2 callalbles that would keep waiting unless we ask them to proceed
+ // create an executor which would simulate simultaneous threads calling into executor to perform lookups
+ ExecutorService executorService = Executors.newCachedThreadPool();
+ List<Future<Integer>> futures = new ArrayList<Future<Integer>>();
+ /*
+ * We would have 2 permits for 10 callables, such that
+ * - 2 should succeed
+ * - 5 should timeout (2 in pool + 3 in queue)
+ * - 3 should get rejected.
+ */
+ Semaphore semaphore = new Semaphore(2);
+ /*
+ * We need a latch to keep track of when the processing is done so we can check the results of teh test
+ */
+ CountDownLatch latch = new CountDownLatch(10);
+ // Callables will record exception in this map
+ final ConcurrentMap<String, AtomicInteger> results = new ConcurrentHashMap<String, AtomicInteger>();
+ for (int i = 0; i < 10; i++) {
+ LookupTask lookupTask = new LookupTask(i, semaphore);
+ TimedTask timedTask = new TimedTask(_executor, lookupTask, 1, TimeUnit.SECONDS, results, latch);
+ Future<Integer> aFuture = executorService.submit(timedTask);
+ futures.add(aFuture);
+ }
+ // Let's wait for the threads to finish
+ LOG.debug("Starting to wait for threadpool to finish");
+ latch.await();
+ /*
+ * depending on how threads get scheduled the count in results would vary, except we know for sure that.
+ * - 2 must succeed since we have exactly 2 permits available.
+ * - sum of timed out and rejected must be equal to 8.
+ * - at least 3 and no more than 5 tasks must get rejected.
+ * - at least 3 and no more than 5 tasks must get timed out
+ */
+ int successCount = results.get("success").get();
+ int timeoutCount = results.get("java.util.concurrent.TimeoutException").get();
+ int rejectedCount = results.get("java.util.concurrent.RejectedExecutionException").get();
+ assertEquals("success count", 2, successCount);
+ assertTrue("timeout[" + timeoutCount + "]: 3 <= count(timeout) <= 5", timeoutCount >= 3 && timeoutCount <= 5);
+ assertTrue("rejected[" + rejectedCount + "]: 3 <= count(timeout) <= 5", rejectedCount >= 3 && rejectedCount <= 5);
+ assertEquals("total should equal 10", 10, successCount + timeoutCount + rejectedCount);
+ _executor.shutdown();
+ }
+
+ static final String format = "%15s id: %2d";
+
+ static class LookupTask implements Callable<Integer> {
+
+ final int _id;
+ final private Semaphore _semaphore;
+
+ public LookupTask(int id, Semaphore latch) {
+ _id = id;
+ _semaphore = latch;
+ }
+
+ int getId() {
+ return _id;
+ }
+
+ @Override
+ public Integer call() throws Exception {
+ LOG.debug(String.format(format, "Starting", _id));
+ _semaphore.acquire();
+ LOG.debug(String.format(format, "Acquired", _id));
+ LOG.debug(String.format(format, "Ended", _id));
+ return _id;
+ }
+
+ }
+
+ static class TimedTask implements Callable<Integer> {
+
+ final LookupTask _callable;
+ final TimedExecutor _executor;
+ final ConcurrentMap<String, AtomicInteger> _results;
+ final long _timeout;
+ final TimeUnit _unit;
+ final CountDownLatch _latch;
+
+ public TimedTask(TimedExecutor executor, LookupTask callable, int timout, TimeUnit unit, ConcurrentMap<String, AtomicInteger> results, CountDownLatch latch) {
+ _callable = callable;
+ _executor = executor;
+ _results = results;
+ _timeout = timout;
+ _unit = unit;
+ _latch = latch;
+ }
+
+ @Override
+ public Integer call() throws Exception {
+ int id = _callable.getId();
+ LOG.debug(String.format(format, "Submitting", id));
+ try {
+ Integer result = _executor.timedTask(_callable, _timeout, _unit);
+ LOG.debug(String.format(format, "Finished", id));
+ recordResult(_results, "success");
+ return result;
+ } catch (Exception e) {
+ LOG.debug(String.format(format, "Exception", id));
+ recordResult(_results, e);
+ // re-throw caught exception
+ throw e;
+ } finally {
+ _latch.countDown();
+ }
+ }
+
+ }
+
+ static void recordResult(ConcurrentMap<String, AtomicInteger> results, String key) {
+ if (results.containsKey(key)) {
+ results.get(key).incrementAndGet();
+ } else {
+ AtomicInteger previous = results.putIfAbsent(key, new AtomicInteger(1));
+ if (previous != null) { // a value was already associated with the key
+ previous.incrementAndGet();
+ }
+ }
+ }
+
+ static void recordResult(ConcurrentMap<String, AtomicInteger> results, Exception e) {
+ String exceptionName = e.getClass().getCanonicalName();
+ recordResult(results, exceptionName);
+ }
+
+ private TimedExecutorConfigurator _configurator;
+ private TimedExecutor _executor = new TimedExecutor();
+}
[02/26] incubator-ranger git commit: RANGER-489 : Revise Top
navigation menu
Posted by ma...@apache.org.
RANGER-489 : Revise Top navigation menu
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/7ed35a9b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/7ed35a9b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/7ed35a9b
Branch: refs/heads/tag-policy
Commit: 7ed35a9b0cbf589ff9964c0c2670907c58a98caf
Parents: fa19908
Author: Gautam Borad <gb...@gmail.com>
Authored: Mon May 18 19:06:31 2015 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Mon May 18 19:45:18 2015 -0400
----------------------------------------------------------------------
.../db/mysql/patches/013-permissionmodel.sql | 2 +-
.../db/oracle/patches/013-permissionmodel.sql | 6 +-
.../db/postgres/xa_core_db_postgres.sql | 6 +-
.../db/sqlserver/xa_core_db_sqlserver.sql | 6 +-
.../java/org/apache/ranger/biz/XUserMgr.java | 17 +++---
.../apache/ranger/common/RangerConstants.java | 6 +-
.../webapp/scripts/controllers/Controller.js | 59 ++++++++-----------
.../webapp/scripts/models/RangerServiceDef.js | 2 +-
.../src/main/webapp/scripts/modules/XALinks.js | 16 ++---
.../main/webapp/scripts/modules/XAOverrides.js | 2 +-
.../scripts/modules/globalize/message/en.js | 9 ++-
.../src/main/webapp/scripts/utils/XAEnums.js | 8 +++
.../src/main/webapp/scripts/utils/XAGlobals.js | 27 ++++-----
.../src/main/webapp/scripts/utils/XAUtils.js | 54 ++++++++++++++---
.../main/webapp/scripts/views/common/TopNav.js | 25 ++++++++
.../views/permissions/ModulePermissionCreate.js | 30 ----------
.../webapp/scripts/views/reports/AuditLayout.js | 33 ++++-------
security-admin/src/main/webapp/styles/xa.css | 4 ++
.../webapp/templates/common/TopNav_tmpl.html | 62 +++++++++++---------
.../reports/AssetOperationDiff_tmpl.html | 4 +-
.../reports/AssetUpdateOperationDiff_tmpl.html | 2 +-
.../templates/service/ServiceCreate_tmpl.html | 4 +-
.../templates/service/ServiceForm_tmpl.html | 2 +-
23 files changed, 207 insertions(+), 179 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/db/mysql/patches/013-permissionmodel.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/patches/013-permissionmodel.sql b/security-admin/db/mysql/patches/013-permissionmodel.sql
index 4bf3e8e..ffd261b 100644
--- a/security-admin/db/mysql/patches/013-permissionmodel.sql
+++ b/security-admin/db/mysql/patches/013-permissionmodel.sql
@@ -25,7 +25,7 @@ CREATE TABLE `x_modules_master` (
PRIMARY KEY (`id`)
);
-INSERT INTO `x_modules_master` VALUES (1,now(),now(),1,1,'Policy Manager',''),(2,now(),now(),1,1,'Users/Groups',''),(3,now(),now(),1,1,'Analytics',''),(4,now(),now(),1,1,'Audit',''),(5,now(),now(),1,1,'KMS','');
+INSERT INTO `x_modules_master` VALUES (1,now(),now(),1,1,'Resource Based Policies',''),(2,now(),now(),1,1,'Users/Groups',''),(3,now(),now(),1,1,'Reports',''),(4,now(),now(),1,1,'Audit',''),(5,now(),now(),1,1,'Key Manager','');
DROP TABLE IF EXISTS `x_user_module_perm`;
CREATE TABLE `x_user_module_perm` (
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/db/oracle/patches/013-permissionmodel.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/013-permissionmodel.sql b/security-admin/db/oracle/patches/013-permissionmodel.sql
index 9504261..4ac7901 100644
--- a/security-admin/db/oracle/patches/013-permissionmodel.sql
+++ b/security-admin/db/oracle/patches/013-permissionmodel.sql
@@ -26,11 +26,11 @@ url VARCHAR(1024) DEFAULT NULL NULL,
PRIMARY KEY (id)
);
COMMIT;
-INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Policy Manager','');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Resource Based Policies','');
INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Users/Groups','');
-INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Analytics','');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Reports','');
INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Audit','');
-INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'KMS','');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Key Manager','');
COMMIT;
CREATE SEQUENCE X_USER_MODULE_PERM_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE x_user_module_perm(
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/db/postgres/xa_core_db_postgres.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/postgres/xa_core_db_postgres.sql b/security-admin/db/postgres/xa_core_db_postgres.sql
index ac54aa8..577f2a2 100644
--- a/security-admin/db/postgres/xa_core_db_postgres.sql
+++ b/security-admin/db/postgres/xa_core_db_postgres.sql
@@ -931,11 +931,11 @@ url VARCHAR(1024) DEFAULT NULL NULL,
PRIMARY KEY(id)
);
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Policy Manager','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Resource Based Policies','');
INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Users/Groups','');
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Analytics','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Reports','');
INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Audit','');
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'KMS','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Key Manager','');
DROP TABLE IF EXISTS x_user_module_perm CASCADE;
DROP SEQUENCE IF EXISTS x_user_module_perm_seq;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
index af0241c..87b8171 100644
--- a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
@@ -2752,15 +2752,15 @@ CREATE NONCLUSTERED INDEX [x_grp_module_perm_idx_moduleid] ON [x_group_module_pe
)
WITH (SORT_IN_TEMPDB = OFF, DROP_EXISTING = OFF, IGNORE_DUP_KEY = OFF, ONLINE = OFF) ON [PRIMARY]
GO
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Policy Manager','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Resource Based Policies','');
GO
INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Users/Groups','');
GO
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Analytics','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Reports','');
GO
INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Audit','');
GO
-INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'KMS','');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Key Manager','');
GO
insert into x_portal_user (CREATE_TIME,UPDATE_TIME,FIRST_NAME,LAST_NAME,PUB_SCR_NAME,LOGIN_ID,PASSWORD,EMAIL,STATUS) values (CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,'rangerusersync','','rangerusersync','rangerusersync','70b8374d3dfe0325aaa5002a688c7e3b','rangerusersync',1);
GO
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 49be508..4d649c2 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -266,20 +266,20 @@ public class XUserMgr extends XUserMgrBase {
if (role.equals(RangerConstants.ROLE_USER)) {
insertMappingUserPermisson(vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_ANALYTICS),
+ moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES),
isCreate);
insertMappingUserPermisson(
vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),
+ moduleNameId.get(RangerConstants.MODULE_REPORTS),
isCreate);
} else if (role.equals(RangerConstants.ROLE_SYS_ADMIN)) {
insertMappingUserPermisson(vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_ANALYTICS),
+ moduleNameId.get(RangerConstants.MODULE_REPORTS),
isCreate);
insertMappingUserPermisson(
vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),
+ moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES),
isCreate);
insertMappingUserPermisson(vXPortalUser.getId(),
moduleNameId.get(RangerConstants.MODULE_AUDIT),
@@ -295,16 +295,13 @@ public class XUserMgr extends XUserMgrBase {
isCreate);
} else if (role.equals(RangerConstants.ROLE_KEY_ADMIN)) {
insertMappingUserPermisson(vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_KMS), isCreate);
+ moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER), isCreate);
insertMappingUserPermisson(vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_ANALYTICS),
+ moduleNameId.get(RangerConstants.MODULE_REPORTS),
isCreate);
insertMappingUserPermisson(
vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),
- isCreate);
- insertMappingUserPermisson(vXPortalUser.getId(),
- moduleNameId.get(RangerConstants.MODULE_AUDIT),
+ moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES),
isCreate);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
index a3a9c7b..c65981b 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
@@ -66,12 +66,12 @@ public class RangerConstants extends RangerCommonEnums {
public static final String SENDGRID_REPLY_TO = "replyto";
//Permission Names
- public static final String MODULE_POLICY_MANAGER="Policy Manager";
+ public static final String MODULE_RESOURCE_BASED_POLICIES="Resource Based Policies";
public static final String MODULE_USER_GROUPS="Users/Groups";
- public static final String MODULE_ANALYTICS="Analytics";
+ public static final String MODULE_REPORTS="Reports";
public static final String MODULE_AUDIT="Audit";
public static final String MODULE_PERMISSION="Permissions";
- public static final String MODULE_KMS="KMS";
+ public static final String MODULE_KEY_MANAGER="Key Manager";
// User create validation errors
public enum ValidationUserProfile {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/scripts/controllers/Controller.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/controllers/Controller.js b/security-admin/src/main/webapp/scripts/controllers/Controller.js
index 60f8976..ec7ccee 100755
--- a/security-admin/src/main/webapp/scripts/controllers/Controller.js
+++ b/security-admin/src/main/webapp/scripts/controllers/Controller.js
@@ -57,7 +57,7 @@ define(function(require) {
//************** Analytics(reports) Related *********************/
userAccessReportAction : function(){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.Analytics.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
var view = require('views/reports/UserAccessLayout');
var RangerPolicyList = require('collections/RangerPolicyList');
var VXGroupList = require('collections/VXGroupList');
@@ -132,7 +132,7 @@ define(function(require) {
/************** UserORGroups Related *********************/
userManagerAction :function(tab){
MAppState.set({
- 'currentTab' : XAGlobals.AppTabs.Users.value
+ 'currentTab' : XAGlobals.AppTabs.Settings.value
});
var view = require('views/users/UserTableLayout');
var VXUserList = require('collections/VXUserList');
@@ -148,7 +148,7 @@ define(function(require) {
},
userCreateAction : function(){
MAppState.set({
- 'currentTab' : XAGlobals.AppTabs.Users.value
+ 'currentTab' : XAGlobals.AppTabs.Settings.value
});
var view = require('views/users/UserCreate');
var VXUser = require('models/VXUser');
@@ -167,7 +167,7 @@ define(function(require) {
},
userEditAction : function(userId){
MAppState.set({
- 'currentTab' : XAGlobals.AppTabs.Users.value
+ 'currentTab' : XAGlobals.AppTabs.Settings.value
});
var view = require('views/users/UserCreate');
var VXUser = require('models/VXUser');
@@ -184,7 +184,7 @@ define(function(require) {
},
groupCreateAction : function(){
MAppState.set({
- 'currentTab' : XAGlobals.AppTabs.Users.value
+ 'currentTab' : XAGlobals.AppTabs.Settings.value
});
var view = require('views/users/GroupCreate');
var VXGroup = require('models/VXGroup');
@@ -198,7 +198,7 @@ define(function(require) {
},
groupEditAction : function(groupId){
MAppState.set({
- 'currentTab' : XAGlobals.AppTabs.Users.value
+ 'currentTab' : XAGlobals.AppTabs.Settings.value
});
var view = require('views/users/GroupCreate');
var VXGroup = require('models/VXGroup');
@@ -220,7 +220,7 @@ define(function(require) {
/************************************************************/
serviceManagerAction :function(){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.PolicyManager.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
console.log('Policy Manager action called..');
var view = require('views/policymanager/ServiceLayout');
var RangerServiceDefList = require('collections/RangerServiceDefList');
@@ -240,7 +240,7 @@ define(function(require) {
},
serviceCreateAction :function(serviceTypeId){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.PolicyManager.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
var view = require('views/service/ServiceCreate');
var RangerServiceDef = require('models/RangerServiceDef');
var RangerService = require('models/RangerService');
@@ -254,7 +254,7 @@ define(function(require) {
}));
},
serviceEditAction :function(serviceTypeId, serviceId){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.PolicyManager.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
var view = require('views/service/ServiceCreate');
var RangerServiceDef = require('models/RangerServiceDef');
var RangerService = require('models/RangerService');
@@ -273,7 +273,7 @@ define(function(require) {
},
policyManageAction :function(serviceId){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.PolicyManager.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
var XAUtil = require('utils/XAUtils');
var view = require('views/policies/RangerPolicyTableLayout');
var RangerService = require('models/RangerService');
@@ -296,7 +296,7 @@ define(function(require) {
}));
},
RangerPolicyCreateAction :function(serviceId){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.PolicyManager.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
var view = require('views/policies/RangerPolicyCreate');
var RangerService = require('models/RangerService');
@@ -313,7 +313,7 @@ define(function(require) {
});
},
RangerPolicyEditAction :function(serviceId, policyId){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.PolicyManager.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.AccessManager.value });
var view = require('views/policies/RangerPolicyCreate');
var RangerService = require('models/RangerService');
@@ -336,7 +336,7 @@ define(function(require) {
},
/************PERMISSIONS LISTING *****************************************/
modulePermissionsAction :function(){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.Permissions.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.Settings.value });
var view = require('views/permissions/ModulePermsTableLayout');
var ModulePermission = require('models/VXModuleDef');
var ModulePermissionList = require('collections/VXModuleDefList');
@@ -354,7 +354,7 @@ define(function(require) {
},
modulePermissionEditAction : function(moduleId){
MAppState.set({
- 'currentTab' : XAGlobals.AppTabs.Permissions.value
+ 'currentTab' : XAGlobals.AppTabs.Settings.value
});
var view = require('views/permissions/ModulePermissionCreate');
var ModulePermission = require('models/VXModuleDef');
@@ -371,29 +371,16 @@ define(function(require) {
});
},
postLoginDefaultView : function(){
- var SessionMgr = require('mgrs/SessionMgr');
- var XAGlobals = require('utils/XAGlobals');
- var XALinks = require('modules/XALinks');
- var vXPortalUser = SessionMgr.getUserProfile();
- var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName');
- if (_.contains(userModuleNames, 'Policy Manager')){
- location.hash = XALinks.get('ServiceManager').href;
- }else if(_.contains(userModuleNames, 'Users/Groups')){
- location.hash = XALinks.get('Users').href;
- }else if(_.contains(userModuleNames, 'Analytics')){
- location.hash = XALinks.get('UserAccessReport').href;
- }else if(_.contains(userModuleNames, 'Audit')){
- location.hash = XALinks.get('AuditReport').href +'/bigData';
- }else if(SessionMgr.isSystemAdmin()){
- location.hash = XALinks.get('ModulePermissions').href;
- }else{
- //If a user doesnot has access to any tab - taking user to by default Profile page.
- location.hash = XALinks.get('UserProfile').href;
- }
- },
+ var SessionMgr = require('mgrs/SessionMgr');
+ var XAGlobals = require('utils/XAGlobals');
+ var XAUtils = require('utils/XAUtils');
+ var vXPortalUser = SessionMgr.getUserProfile();
+ var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName');
+ XAUtils.setLocationHash(userModuleNames);
+ },
/************** KMS *********************/
kmsManagerAction :function(kmsManagePage, kmsServiceName){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.KMS.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.Encryption.value });
var view = require('views/kms/KMSTableLayout');
var KmsKeyList = require('collections/VXKmsKeyList');
App.rContent.show(new view({
@@ -403,7 +390,7 @@ define(function(require) {
}));
},
kmsKeyCreateAction : function(kmsServiceName){
- MAppState.set({ 'currentTab' : XAGlobals.AppTabs.KMS.value });
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.Encryption.value });
var view = require('views/kms/KmsKeyCreate');
var KmsKey = require('models/VXKmsKey');
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js b/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js
index e628ee5..f76938d 100644
--- a/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js
+++ b/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js
@@ -57,7 +57,7 @@ define(function(require){
return _.extend(attrs,{
name : {
type : 'Text',
- title : 'Repository Name *',
+ title : 'Service Name *',
validators : ['required'],
editorAttrs :{ maxlength: 255},
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/scripts/modules/XALinks.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/XALinks.js b/security-admin/src/main/webapp/scripts/modules/XALinks.js
index b4d4483..efa3454 100755
--- a/security-admin/src/main/webapp/scripts/modules/XALinks.js
+++ b/security-admin/src/main/webapp/scripts/modules/XALinks.js
@@ -110,12 +110,12 @@ define(function(require) {
title: 'h.managePolices'
},
PolicyCreate: {
- href : '#!/policy/create',
+ href : 'javascipt:;',
text: 'h.createPolicy',
title: 'h.createPolicy'
},
PolicyEdit: {
- href : '#!/policy/create',
+ href : 'javascipt:;',
text: 'h.editPolicy',
title: 'h.editPolicy'
},
@@ -198,8 +198,8 @@ define(function(require) {
}
return {
href : href,
- text : 'lbl.editAsset',
- title: 'lbl.editAsset'
+ text : 'lbl.editService',
+ title: 'lbl.editService'
};
},
@@ -210,8 +210,8 @@ define(function(require) {
}
return {
href : href,
- text : 'lbl.createAsset',
- title: 'lbl.createAsset'
+ text : 'lbl.createService',
+ title: 'lbl.createService'
};
},
ServiceEdit : function(options){
@@ -224,8 +224,8 @@ define(function(require) {
}
return {
href : href,
- text : 'lbl.editAsset',
- title: 'lbl.editAsset'
+ text : 'lbl.editService',
+ title: 'lbl.editService'
};
},
ManagePolicies : function(options){
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
index 2d36a98..b7af13a 100644
--- a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
+++ b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
@@ -480,7 +480,7 @@
}
//reset values
that.value.isExcludes = false;
- that.value.isRecursive = true;
+ that.value.isRecursive = false;
that.$excludeSupport.trigger('toggleOn');
that.$recursiveSupport.trigger('toggleOn');
($(e.currentTarget).addClass('dirtyField'))
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index 30450e2..8532152 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -223,7 +223,10 @@ define(function(require) {
version : 'Version',
attributes : 'Attributes',
material : 'Material',
- addNewConfig : 'Add New Configurations'
+ addNewConfig : 'Add New Configurations',
+ createService : 'Create Service',
+ editService : 'Edit Service',
+ serviceDetails : 'Service Details'
},
btn : {
add : 'Add',
@@ -287,8 +290,10 @@ define(function(require) {
permissions : 'Permissions',
kms : 'KMS',
keyCreate : 'Key Create',
- keyEdit : 'Key Edit',
+ keyEdit : 'Key Edit',
searchForKeys :"Search for your keys...",
+ encryption : 'Encryption',
+ settings : 'Settings',
},
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/scripts/utils/XAEnums.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAEnums.js b/security-admin/src/main/webapp/scripts/utils/XAEnums.js
index 1e619a0..98cc0c8 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAEnums.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAEnums.js
@@ -355,6 +355,14 @@ define(function(require) {
});
+
+ XAEnums.MenuPermissions = mergeParams(XAEnums.MenuPermissions, {
+ XA_RESOURCE_BASED_POLICIES:{value:0, label:'Resource Based Policies', rbkey:'xa.enum.MenuPermissions.XA_RESOURCE_BASED_POLICIES', tt: 'lbl.XAPermForType_XA_PERM_FOR_UNKNOWN'},
+ XA_USER_GROUPS:{value:1, label:'Users/Groups', rbkey:'xa.enum.MenuPermissions.XA_USER_GROUP', tt: 'lbl.XAPermForType_XA_PERM_FOR_USER'},
+ XA_REPORTS:{value:2, label:'Reports', rbkey:'xa.enum.MenuPermissions.XA_REPORTS', tt: 'lbl.XAPermForType_XA_PERM_FOR_GROUP'},
+ XA_AUDITS:{value:3, label:'Audit', rbkey:'xa.enum.MenuPermissions.XA_AUDITS', tt: 'lbl.XAPermForType_XA_PERM_FOR_GROUP'},
+ XA_KEY_MANAGER:{value:4, label:'Key Manager', rbkey:'xa.enum.MenuPermissions.XA_KEY_MANAGER', tt: 'lbl.XAPermForType_XA_PERM_FOR_GROUP'}
+ });
return XAEnums;
});
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
index 1de57bc..21b3cb4 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
@@ -44,13 +44,11 @@ define(function(require){
XAGlobals.version = 0;//0 : production version 1: any other
XAGlobals.AppTabs = {
Dashboard : { value:1, valStr: 'Dashboard'},
- PolicyManager : { value:2, valStr: 'Policy'},
- Users : { value:3, valStr: 'Users'},
- Analytics : { value:4, valStr: 'Analytics'},
- Audit : { value:5, valStr: 'Audit'},
- Permissions : { value:6, valStr:'Permissions'},
- KMS : { value:7, valStr: 'KMS'},
- None : { value:8, valStr: 'None'}
+ AccessManager : { value:2, valStr: 'Access Manager'},
+ Audit : { value:3, valStr: 'Audit'},
+ Encryption : { value:4, valStr: 'Encryption'},
+ Settings : { value:5, valStr: 'Settings'},
+ None : { value:6, valStr: 'None'}
};
XAGlobals.BooleanValue = {
@@ -65,12 +63,13 @@ define(function(require){
'groupEditAction','auditReportAction','loginSessionDetail','serviceCreateAction','serviceEditAction','modulePermissionsAction','modulePermissionEditAction'];
XAGlobals.ListOfModuleActions = {
- 'Policy Manager':['serviceManagerAction','serviceCreateAction','serviceEditAction', 'policyManageAction','RangerPolicyCreateAction','RangerPolicyEditAction'],
- 'Users/Groups' : ['userManagerAction','userCreateAction','userEditAction','groupCreateAction','groupEditAction'],
- 'Analytics' : ['userAccessReportAction'],
- 'Audit' : ['auditReportAction','loginSessionDetail'],
- 'Permissions' : ['modulePermissionsAction','modulePermissionEditAction'],
- 'KMS' : ['kmsManagerAction','kmsKeyCreateAction']
- };
+ 'Access Manager' : { 'Resource Based Policies' : ['serviceManagerAction','serviceCreateAction','serviceEditAction', 'policyManageAction','RangerPolicyCreateAction','RangerPolicyEditAction'],
+ 'Reports' : ['userAccessReportAction'] },
+ 'Audit' : ['auditReportAction','loginSessionDetail'],
+ 'Encryption' : {'Key Manager' : ['kmsManagerAction','kmsKeyCreateAction'] },
+ 'Settings' : {'Users/Groups' : ['userManagerAction','userCreateAction','userEditAction','groupCreateAction','groupEditAction'],
+ 'Permissions' : ['modulePermissionsAction','modulePermissionEditAction'] },
+ };
+
return XAGlobals;
});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index b87ff51..89668a2 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -1009,17 +1009,35 @@ define(function(require) {
var that = this;
var vXPortalUser = SessionMgr.getUserProfile();
var denyControllerActions = [];
- var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),
- 'moduleName');
- var groupModuleNames = _.pluck(
- vXPortalUser.get('groupPermissions'), 'moduleName');
+ var denyModulesObj = [];
+ var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName');
+ var groupModuleNames = _.pluck(vXPortalUser.get('groupPermissions'), 'moduleName');
var moduleNames = _.union(userModuleNames, groupModuleNames);
- var denyModulesObj = _.omit(XAGlobals.ListOfModuleActions,
- moduleNames);
+ //TODO
+ /*if($.inArray('Policy Manager',moduleNames) >= 0){
+ moduleNames.push('Resource Based Policies')
+ }
+ if($.inArray('Analytics',moduleNames) >= 0){
+ moduleNames.push('Reports')
+ }
+ if($.inArray('KMS',moduleNames) >= 0){
+ moduleNames.push('Key Manager')
+ }*/
+ _.each(XAGlobals.ListOfModuleActions,function(val,key){
+ if(!_.isArray(val)){
+ _.each(val,function(val1,key1){
+ if($.inArray(key1,moduleNames) < 0){
+ denyModulesObj = val1.concat(denyModulesObj)
+ }
+ });
+ }else{
+ if($.inArray(key,moduleNames) < 0){
+ denyModulesObj = val.concat(denyModulesObj)
+ }
+ }
+ });
if (!_.isEmpty(denyModulesObj)) {
- _.each(denyModulesObj, function(deniedModule) {
- denyControllerActions.push(_.values(deniedModule));
- });
+ denyControllerActions.push(_.values(denyModulesObj));
denyControllerActions = _.flatten(denyControllerActions);
}
@@ -1041,5 +1059,23 @@ define(function(require) {
XAUtils.getRangerServiceByName = function(name) {
return "service/plugins/services/name/" + name;
};
+ XAUtils.setLocationHash = function(userModuleNames) {
+ var XALinks = require('modules/XALinks');
+ var SessionMgr = require('mgrs/SessionMgr');
+ if (_.contains(userModuleNames, XAEnums.MenuPermissions.XA_RESOURCE_BASED_POLICIES.label)){
+ location.hash = XALinks.get('ServiceManager').href;
+ }else if(_.contains(userModuleNames,XAEnums.MenuPermissions.XA_USER_GROUPS.label)){
+ location.hash = XALinks.get('Users').href;
+ }else if(_.contains(userModuleNames, XAEnums.MenuPermissions.XA_REPORTS.label)){
+ location.hash = XALinks.get('UserAccessReport').href;
+ }else if(_.contains(userModuleNames, XAEnums.MenuPermissions.XA_AUDITS.label)){
+ location.hash = XALinks.get('AuditReport').href +'/bigData';
+ }else if(SessionMgr.isSystemAdmin()){
+ location.hash = XALinks.get('ModulePermissions').href;
+ }else{
+ //If a user doesnot has access to any tab - taking user to by default Profile page.
+ location.hash = XALinks.get('UserProfile').href;
+ }
+ }
return XAUtils;
});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/scripts/views/common/TopNav.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/common/TopNav.js b/security-admin/src/main/webapp/scripts/views/common/TopNav.js
index 7e34aa4..0e7c6e9 100644
--- a/security-admin/src/main/webapp/scripts/views/common/TopNav.js
+++ b/security-admin/src/main/webapp/scripts/views/common/TopNav.js
@@ -73,6 +73,28 @@ define(function(require){
that.$('ul li:first').addClass('active');
});
$.cookie('clientTimeOffset', new Date().getTimezoneOffset());
+
+ //To hide top menu when user don't have access to all it's sub menu's
+ _.each($(this.$el.find('.page-nav ul')), function(ul) {
+ if($(ul).find('li').length <= 0){
+ $(ul).parent('.dropdown').hide();
+ }
+ });
+
+ //Set TopMenu href's
+ var pageNavUl= this.$el.find('.page-nav')
+ _.each(pageNavUl.find('.dropdown'),function(li){
+ var href = $(li).find('.dropdown-menu li').first().find('a').attr('href')
+ var menuAnchor = $(li).find('.dropdown-menu').siblings();
+ menuAnchor.attr('href',href);
+ });
+
+ this.$el.find(".dropdown").hover(function(e) {
+ $(e.currentTarget).children('').show();
+ }, function(e) {
+ $(e.currentTarget).children('ul').hide();
+ });
+
},
/** all post render plugin initialization */
@@ -87,6 +109,9 @@ define(function(require){
this.$('ul li').removeClass('active');
this.$('#nav' + this.appState.get('currentTab')).parent().addClass('active');
},
+ mainManuURLS : function() {
+
+ },
/** on close */
onClose: function(){
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
index 8a9ff83..7981d34 100644
--- a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
+++ b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
@@ -141,37 +141,7 @@ define(function(require){
XAUtil.allowNavigation();
var msg = that.editMode ? 'Module Permissions updated successfully' :'Module Permissions created successfully';
XAUtil.notifySuccess('Success', msg);
- if(that.editMode){
- App.appRouter.navigate("#!/permissions",{trigger: true});
- return;
- }
App.appRouter.navigate("#!/permissions",{trigger: true});
-
- var modulePermissionList = new VXModuleDefList();
-
- modulePermissionList.fetch({
- cache:false
- }).done(function(){
- var newColl = modulePermissionList;
- modulePermissionList.getLastPage({
- cache : false,
- success : function(collection, response, options){
- App.rContent.show(new UserTableLayout({
- collection : collection,
- }));
- newColl = collection;
- }
- }).done(function(){
- var model = newColl.get(that.model.id);
- if(model){
- model.trigger("model:highlightBackgridRow");
- }
- });
-
- App.rContent.show(new UserTableLayout({
- collection : modulePermissionList
- }));
- });
} ,
error : function(model,resp){
XAUtil.blockUI('unblock');
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
index 25d6d7e..2f418be 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
@@ -172,14 +172,13 @@ define(function(require) {
<th class="renderable pid"></th>\
<th class="renderable ruser"></th>\
<th class="renderable ruser"></th>\
- <th class="renderable cip">Repository</th>\
+ <th class="renderable cip">Service</th>\
<th class="renderable name" ></th>\
<th class="renderable cip"></th>\
<th class="renderable cip"></th>\
<th class="renderable cip"> </th>\
<th class="renderable aip" > </th>\
<th class="renderable aip" > </th>\
- <th class="renderable aip" > </th>\
</tr>');
},
renderDateFields : function(){
@@ -266,14 +265,14 @@ define(function(require) {
var serverListForRepoType = this.serviceDefList.map(function(serviceDef){ return {'label' : serviceDef.get('name').toUpperCase(), 'value' : serviceDef.get('id')}; })
var serverAttrName = [{text : 'Start Date',label :'startDate'},{text : 'End Date',label :'endDate'},
{text : 'Today',label :'today'},{text : 'User',label :'requestUser'},
- {text : 'Resource Name',label :'resourcePath'},{text : 'Policy ID',label :'policyId'},
- {text : 'Resource Type',label :'resourceType'},{text : 'Repository Name',label :'repoName'},
- {text : 'Repository Type',label :'repoType','multiple' : true, 'optionsArr' : serverListForRepoType},
+ {text : 'Service Name',label :'resourcePath'},{text : 'Policy ID',label :'policyId'},
+ {text : 'Resource Type',label :'resourceType'},{text : 'Service Name',label :'repoName'},
+ {text : 'Service Type',label :'repoType','multiple' : true, 'optionsArr' : serverListForRepoType},
{text : 'Result',label :'accessResult', 'multiple' : true, 'optionsArr' : XAUtils.enumToSelectLabelValuePairs(XAEnums.AccessResult)},
{text : 'Access Type',label :'accessType'},{text : 'Access Enforcer',label :'aclEnforcer'},
{text : 'Audit Type',label :'auditType'},{text : 'Session ID',label :'sessionId'},
{text : 'Client IP',label :'clientIP'},{text : 'Client Type',label :'clientType'}];
- var searchOpt = ['Start Date','End Date','User','Repository Name','Repository Type','Resource Name','Access Type','Result','Access Enforcer','Client IP'];//,'Policy ID'
+ var searchOpt = ['Start Date','End Date','User','Service Name','Service Type','Resource Name','Access Type','Result','Access Enforcer','Client IP'];//,'Policy ID'
this.clearVisualSearch(this.accessAuditList, serverAttrName);
//'Resource Type','Audit Type','Session IP','Client Type','Today',
@@ -296,13 +295,13 @@ define(function(require) {
});
switch (facet) {
- case 'Repository Name':
+ case 'Service Name':
var assetList = new VXAssetList();
assetList.fetch().done(function(){
callback(assetList.map(function(model){return model.get('name');}));
});
break;
- case 'Repository Type':
+ case 'Service Type':
var serviceList = that.serviceDefList.map(function(serviceDef){ return {'label' : serviceDef.get('name').toUpperCase(), 'value' : serviceDef.get('name').toUpperCase()}; })
callback(serviceList);
break;
@@ -467,11 +466,11 @@ define(function(require) {
},
addSearchForAgentTab : function(){
var that = this;
- var searchOpt = ["Export Date", "Repository Name", "Plugin Id", "Plugin IP", "Http Response Code"];
+ var searchOpt = ["Export Date", "Service Name", "Plugin Id", "Plugin IP", "Http Response Code"];
searchOpt = _.without(searchOpt,'Export Date');
searchOpt = _.union(searchOpt, ['Start Date','End Date']);//'Today'
var serverAttrName = [{text : "Plugin Id", label :"agentId"}, {text : "Plugin IP", label :"clientIP"},
- {text : "Repository Name", label :"repositoryName"},{text : "Http Response Code", label :"httpRetCode"},
+ {text : "Service Name", label :"repositoryName"},{text : "Http Response Code", label :"httpRetCode"},
{text : "Export Date", label :"createDate"},
{text : 'Start Date',label :'startDate'},{text : 'End Date',label :'endDate'},
{text : 'Today',label :'today'}];
@@ -597,7 +596,7 @@ define(function(require) {
gridOpts : {
row : TableRow,
header : XABackgrid,
- emptyText : 'No repository found!!'
+ emptyText : 'No service found!!'
}
}));
},
@@ -627,7 +626,7 @@ define(function(require) {
var action = model.get('action'), name = _.escape(model.get('objectName')),
label = XAUtils.enumValueToLabel(XAEnums.ClassTypes,rawValue), html = '';
if(rawValue == XAEnums.ClassTypes.CLASS_TYPE_XA_ASSET.value || rawValue == XAEnums.ClassTypes.CLASS_TYPE_RANGER_SERVICE.value)
- html = 'Repository '+action+'d '+'<b>'+name+'</b>';
+ html = 'Service '+action+'d '+'<b>'+name+'</b>';
if(rawValue == XAEnums.ClassTypes.CLASS_TYPE_XA_RESOURCE.value|| rawValue == XAEnums.ClassTypes.CLASS_TYPE_RANGER_POLICY.value)
html = 'Policy '+action+'d '+'<b>'+name+'</b>';
if(rawValue == XAEnums.ClassTypes.CLASS_TYPE_XA_USER.value)
@@ -915,14 +914,6 @@ define(function(require) {
sortable:false,
editable:false
},
- eventDuration : {
- label : 'Event Duration(ms)',
- cell: "string",
- click : false,
- drag : false,
- sortable:false,
- editable:false
- }
};
return this.accessAuditList.constructor.getTableCols(cols, this.accessAuditList);
},
@@ -1072,7 +1063,7 @@ define(function(require) {
},
repositoryName : {
cell : 'html',
- label : localization.tt('lbl.repositoryName'),
+ label : localization.tt('lbl.serviceName'),
editable:false,
sortable:false,
formatter: _.extend({}, Backgrid.CellFormatter.prototype, {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/styles/xa.css
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/styles/xa.css b/security-admin/src/main/webapp/styles/xa.css
index 6b1d77f..ceb1f53 100644
--- a/security-admin/src/main/webapp/styles/xa.css
+++ b/security-admin/src/main/webapp/styles/xa.css
@@ -1835,3 +1835,7 @@ td.select-row-cell {
float: left;
margin: 2px;
}
+
+#r_topNav .dropdown-menu {
+ margin:0;
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html b/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
index d59527c..876f9df 100644
--- a/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
+++ b/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
@@ -16,38 +16,44 @@
--}}
<div class="nav-collapse collapse" >
<ul class="nav page-nav" >
- <!-- <li class="active">
- <a href="#" id="nav1"><i class="icon-dashboard"></i> {{tt 'h.dashboard'}} </a>
- </li> -->
- {{#hasAccessToTab 'Policy Manager'}}
- <li >
- <a href="#!/policymanager" id="nav2"><i class="icon-shield"></i>{{tt 'h.policyManager'}} </a>
+ <li class="active dropdown">
+ <a href="javascript:;" id="nav2"><i class="icon-shield"></i>Access Manager</a>
+ <ul class="dropdown-menu">
+ {{#hasAccessToTab 'Resource Based Policies'}}
+ <li><a href="#!/policymanager"><i class="icon-file"></i>Resource Based Policies</a></li>
+ {{/hasAccessToTab}}
+ {{#hasAccessToTab 'Reports'}}
+ <li><a href="#!/reports/userAccess"><i class="icon-beaker"></i>Reports</a></li>
+ {{/hasAccessToTab}}
+ <!-- <li><a href="#">Tag Based Policies</a></li> -->
+ </ul>
</li>
- {{/hasAccessToTab}}
- {{#hasAccessToTab 'Users/Groups'}}
- <li>
- <a href="#!/users/usertab" id="nav3"><i class="icon-group"></i> {{tt 'h.usersOrGroups'}} </a>
- </li>
- {{/hasAccessToTab}}
- {{#hasAccessToTab 'Analytics'}}
- <li>
- <a href="#!/reports/userAccess" id="nav4"><i class="icon-beaker"></i> {{tt 'h.analytics'}} </a>
- </li>
- {{/hasAccessToTab}}
{{#hasAccessToTab 'Audit'}}
- <li>
- <a href="#!/reports/audit/bigData" id="nav5"><i class=" icon-file-alt"></i> {{tt 'h.audit'}} </a>
- </li>
+ <li>
+ <a href="#!/reports/audit/bigData" id="nav3"><i class=" icon-file-alt"></i> {{tt 'h.audit'}} </a>
+ </li>
{{/hasAccessToTab}}
- {{#isSystemAdmin .}}
- <li>
- <a href="#!/permissions" id="nav6"><i class=" icon-file-alt"></i> {{tt 'h.permissions'}} </a>
+
+ <li class="dropdown">
+ <a href="javascript:;" id="nav4"><i class="icon-lock"></i> {{tt 'h.encryption'}} </a>
+ <ul class="dropdown-menu">
+ {{#hasAccessToTab 'Key Manager'}}
+ <li><a href="#!/kms/keys/new/manage/service"><i class="icon-key"></i>Key Manager </a></li>
+ {{/hasAccessToTab}}
+ <!-- <li><a href="#">Encryption Policies</a></li> -->
+ </ul>
</li>
- {{/isSystemAdmin}}
- {{#hasAccessToTab 'KMS'}}
- <li>
- <a href="#!/kms/keys/new/manage/service" id="nav7"><i class="icon-key"></i> {{tt 'h.kms'}} </a>
+ <li class="dropdown">
+ <a href="javascript:;" id="nav5"><i class="icon-gear"></i> {{tt 'h.settings'}} </a>
+ <ul class="dropdown-menu">
+ {{#hasAccessToTab 'Users/Groups'}}
+ <li><a href="#!/users/usertab"><i class="icon-group"></i>{{tt 'h.usersOrGroups'}}</a></li>
+ {{/hasAccessToTab}}
+ {{#isSystemAdmin .}}
+ <li><a href="#!/permissions"><i class="icon-file-alt"></i> {{tt 'h.permissions'}}</a></li>
+ {{/isSystemAdmin}}
+ </ul>
</li>
- {{/hasAccessToTab}}
+
</ul>
</div>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/templates/reports/AssetOperationDiff_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/reports/AssetOperationDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/AssetOperationDiff_tmpl.html
index 7c9f3cf..7f0cef6 100644
--- a/security-admin/src/main/webapp/templates/reports/AssetOperationDiff_tmpl.html
+++ b/security-admin/src/main/webapp/templates/reports/AssetOperationDiff_tmpl.html
@@ -19,7 +19,7 @@
<label class="no-margin label-size13-weightbold"> Date : {{objectCreatedDate}}</label>
{{#compare action 'eq' 'create'}}
<label class="no-margin label-size13-weightbold" > Created By : {{userName}}</label>
- <h5>Repository Details :</h5>
+ <h5>Service Details :</h5>
<div class="diff">
<div class="diff-left">
<h3>Fields</h3>
@@ -74,7 +74,7 @@
{{else}}
<label class="no-margin label-size13-weightbold" > Deleted By : {{userName}}</label>
- <h4>Repository Details</h4>
+ <h4>Service Details</h4>
<div class="diff">
<div class="diff-left">
<h3>Fields</h3>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/templates/reports/AssetUpdateOperationDiff_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/reports/AssetUpdateOperationDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/AssetUpdateOperationDiff_tmpl.html
index 72591d4..7874341 100644
--- a/security-admin/src/main/webapp/templates/reports/AssetUpdateOperationDiff_tmpl.html
+++ b/security-admin/src/main/webapp/templates/reports/AssetUpdateOperationDiff_tmpl.html
@@ -27,7 +27,7 @@
</div>
</div>
{{#if collection.length}}
- <h5>Repository Details :</h5>
+ <h5>Service Details :</h5>
<div class="diff">
<div class="diff-left">
<h3>Fields</h3>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/templates/service/ServiceCreate_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/service/ServiceCreate_tmpl.html b/security-admin/src/main/webapp/templates/service/ServiceCreate_tmpl.html
index 43b7f24..587a7c6 100644
--- a/security-admin/src/main/webapp/templates/service/ServiceCreate_tmpl.html
+++ b/security-admin/src/main/webapp/templates/service/ServiceCreate_tmpl.html
@@ -15,9 +15,9 @@
limitations under the License.
--}}
{{#if editAsset}}
- <h4 class="wrap-header bold"> Edit Repository </h4>
+ <h4 class="wrap-header bold"> Edit Service </h4>
{{else}}
- <h4 class="wrap-header bold"> Create Repository </h4>
+ <h4 class="wrap-header bold"> Create Service </h4>
{{/if}}
<div class="wrap non-collapsible ">
<div data-id="r_form"></div>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7ed35a9b/security-admin/src/main/webapp/templates/service/ServiceForm_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/service/ServiceForm_tmpl.html b/security-admin/src/main/webapp/templates/service/ServiceForm_tmpl.html
index 75d621d..58f90a5 100644
--- a/security-admin/src/main/webapp/templates/service/ServiceForm_tmpl.html
+++ b/security-admin/src/main/webapp/templates/service/ServiceForm_tmpl.html
@@ -17,7 +17,7 @@
<form class="form-horizontal" >
<fieldset class="configProp">
<p class="formHeader">
- {{tt 'lbl.repositoryDetails'}} :
+ {{tt 'lbl.serviceDetails'}} :
</p>
<div class="serviceDetail" data-fields={{serviceDetail}}></div>
</fieldset>
[05/26] incubator-ranger git commit: RANGER-488: updated README.txt
with build steps
Posted by ma...@apache.org.
RANGER-488: updated README.txt with build steps
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/6ffacc62
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/6ffacc62
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/6ffacc62
Branch: refs/heads/tag-policy
Commit: 6ffacc62327e28746a17adfe247a8f952982d3f5
Parents: 804e666
Author: sneethiraj <sn...@apache.org>
Authored: Tue May 19 01:39:55 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Tue May 19 01:42:40 2015 -0400
----------------------------------------------------------------------
README.txt | 28 ++++++++++++++++++----------
1 file changed, 18 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6ffacc62/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index a0445b7..b5fad2e 100644
--- a/README.txt
+++ b/README.txt
@@ -10,16 +10,23 @@ Build Process
3. After the above build command execution, you should see the following TAR files in the target folder:
- ranger-<version-number>-admin.tar.gz
- ranger-<version-number>-usersync.tar.gz
- ranger-<version-number>-hdfs-plugin.tar.gz
- ranger-<version-number>-hive-plugin.tar.gz
- ranger-<version-number>-hbase-plugin.tar.gz
- ranger-<version-number>-knox-plugin.tar.gz
- ranger-<version-number>-storm-plugin.tar.gz
+
+ ranger-<version>-admin.tar.gz
+ ranger-<version>-hbase-plugin.tar.gz
+ ranger-<version>-hdfs-plugin.tar.gz
+ ranger-<version>-hive-plugin.tar.gz
+ ranger-<version>-kafka-plugin.tar.gz
+ ranger-<version>-kms.tar.gz
+ ranger-<version>-knox-plugin.tar.gz
+ ranger-<version>-migration-util.tar.gz
+ ranger-<version>-solr-plugin.tar.gz
+ ranger-<version>-src.tar.gz
+ ranger-<version>-storm-plugin.tar.gz
+ ranger-<version>-usersync.tar.gz
+ ranger-<version>-yarn-plugin.tar.gz
Importing Apache Ranger Project into Eclipse
-====================================
+============================================
1. Create a Eclipse workspace called 'ranger'
@@ -39,6 +46,7 @@ Installation Host Information
(c) HBase Plugin needs to be installed on both Master and Regional Server nodes.
(d) Knox Plugin needs to be installed on Knox hosts.
(e) Storm Plugin needs to be installed on Storm hosts.
+ (f) Kafka/Solr Plugin needs to be installed on their respective component hosts.
Installation Process
~~~~~~~~~~~~~~~~~~~~
@@ -51,8 +59,8 @@ Installation Process
4. Modify the install.properties file with appropriate variables
-5. If the module has install.sh,
- Execute ./install.sh
+5. If the module has setup.sh,
+ Execute ./setup.sh
If the install.sh file does not exists,
Execute ./enable-<component>-plugin.sh
[24/26] incubator-ranger git commit: RANGER-504: Fixed KMS Client to
handle multiple KMS instances in URL
Posted by ma...@apache.org.
RANGER-504: Fixed KMS Client to handle multiple KMS instances in URL
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/14ec7d52
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/14ec7d52
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/14ec7d52
Branch: refs/heads/tag-policy
Commit: 14ec7d526b344a597f81b31613416c383c94f467
Parents: 0421271
Author: Velmurugan Periasamy <ve...@apache.org>
Authored: Fri May 22 20:15:03 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Fri May 22 20:24:41 2015 -0400
----------------------------------------------------------------------
.../ranger/services/kms/client/KMSClient.java | 306 +++++++++++------
.../java/org/apache/ranger/biz/KmsKeyMgr.java | 331 ++++++++++++++-----
2 files changed, 457 insertions(+), 180 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/14ec7d52/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
----------------------------------------------------------------------
diff --git a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
index 60e9bd3..59fa634 100755
--- a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
+++ b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java
@@ -19,17 +19,25 @@
package org.apache.ranger.services.kms.client;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.ProviderUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.plugin.client.BaseClient;
import org.apache.ranger.plugin.client.HadoopException;
import org.apache.ranger.services.kms.client.KMSClient;
+import com.google.common.base.Strings;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.sun.jersey.api.client.Client;
@@ -38,122 +46,209 @@ import com.sun.jersey.api.client.WebResource;
public class KMSClient {
- public static final Logger LOG = Logger.getLogger(KMSClient.class) ;
+ public static final Logger LOG = Logger.getLogger(KMSClient.class);
private static final String EXPECTED_MIME_TYPE = "application/json";
-
- private static final String KMS_LIST_API_ENDPOINT = "v1/keys/names?user.name=${userName}"; //GET
-
- private static final String errMessage = " You can still save the repository and start creating "
- + "policies, but you would not be able to use autocomplete for "
- + "resource names. Check xa_portal.log for more info.";
-
+
+ private static final String KMS_LIST_API_ENDPOINT = "v1/keys/names?user.name=${userName}"; // GET
+
+ private static final String errMessage = " You can still save the repository and start creating "
+ + "policies, but you would not be able to use autocomplete for "
+ + "resource names. Check xa_portal.log for more info.";
+
String provider;
String username;
String password;
- public KMSClient(String provider, String username, String password) {
- provider = provider.replaceAll("kms://","");
- provider = provider.replaceAll("http@","http://");
+ public KMSClient(String provider, String username, String password) {
this.provider = provider;
- this.username = username ;
+ this.username = username;
this.password = password;
-
+
if (LOG.isDebugEnabled()) {
- LOG.debug("Kms Client is build with url [" + provider + "] user: [" + username + "]");
- }
+ LOG.debug("Kms Client is build with url [" + provider + "] user: ["
+ + username + "]");
+ }
+ }
+
+ private String[] createProvider(String uri) throws IOException,
+ URISyntaxException {
+ URI providerUri = new URI(uri);
+ URL origUrl = new URL(extractKMSPath(providerUri).toString());
+ String authority = origUrl.getAuthority();
+ // check for ';' which delimits the backup hosts
+ if (Strings.isNullOrEmpty(authority)) {
+ throw new IOException("No valid authority in kms uri [" + origUrl
+ + "]");
+ }
+ // Check if port is present in authority
+ // In the current scheme, all hosts have to run on the same port
+ int port = -1;
+ String hostsPart = authority;
+ if (authority.contains(":")) {
+ String[] t = authority.split(":");
+ try {
+ port = Integer.parseInt(t[1]);
+ } catch (Exception e) {
+ throw new IOException("Could not parse port in kms uri ["
+ + origUrl + "]");
+ }
+ hostsPart = t[0];
+ }
+ return createProvider(providerUri, origUrl, port, hostsPart);
+ }
+
+ private static Path extractKMSPath(URI uri) throws MalformedURLException,
+ IOException {
+ return ProviderUtils.unnestUri(uri);
}
-
- public List<String> getKeyList(final String keyNameMatching, final List<String> existingKeyList) {
+
+ private String[] createProvider(URI providerUri, URL origUrl, int port,
+ String hostsPart) throws IOException {
+ String[] hosts = hostsPart.split(";");
+ String[] providers = new String[hosts.length];
+ if (hosts.length == 1) {
+ providers[0] = origUrl.toString();
+ } else {
+ for (int i = 0; i < hosts.length; i++) {
+ try {
+ String url = origUrl.getProtocol() + "://" + hosts[i] + ":"
+ + port + origUrl.getPath();
+ providers[i] = new URI(url).toString();
+ } catch (URISyntaxException e) {
+ throw new IOException("Could not Prase KMS URL..", e);
+ }
+ }
+ }
+ return providers;
+ }
+
+ public List<String> getKeyList(final String keyNameMatching,
+ final List<String> existingKeyList) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Getting Kms Key list for keyNameMatching : " + keyNameMatching);
+ String providers[] = null;
+ try {
+ providers = createProvider(provider);
+ } catch (IOException | URISyntaxException e) {
+ return null;
}
final String errMsg = errMessage;
- List<String> lret = new ArrayList<String>();
- String keyLists = KMS_LIST_API_ENDPOINT.replaceAll(Pattern.quote("${userName}"), username);
- String uri = provider + (provider.endsWith("/") ? keyLists : ("/" + keyLists));
- Client client = null ;
- ClientResponse response = null ;
-
- try {
- client = Client.create() ;
-
- WebResource webResource = client.resource(uri);
-
- response = webResource.accept(EXPECTED_MIME_TYPE).get(ClientResponse.class);
-
+ List<String> lret = null;
+ for (int i = 0; i < providers.length; i++) {
+ lret = new ArrayList<String>();
if (LOG.isDebugEnabled()) {
- LOG.debug("getKeyList():calling " + uri);
+ LOG.debug("Getting Kms Key list for keyNameMatching : "
+ + keyNameMatching);
}
-
- if (response != null) {
+ String keyLists = KMS_LIST_API_ENDPOINT.replaceAll(
+ Pattern.quote("${userName}"), username);
+ String uri = providers[i]
+ + (providers[i].endsWith("/") ? keyLists : ("/" + keyLists));
+ Client client = null;
+ ClientResponse response = null;
+
+ try {
+ client = Client.create();
+
+ WebResource webResource = client.resource(uri);
+
+ response = webResource.accept(EXPECTED_MIME_TYPE).get(
+ ClientResponse.class);
+
if (LOG.isDebugEnabled()) {
- LOG.debug("getKeyList():response.getStatus()= " + response.getStatus());
+ LOG.debug("getKeyList():calling " + uri);
}
- if (response.getStatus() == 200) {
- String jsonString = response.getEntity(String.class);
- Gson gson = new GsonBuilder().setPrettyPrinting().create();
- @SuppressWarnings("unchecked")
- List<String> keys = gson.fromJson(jsonString, List.class) ;
- if (keys != null) {
- for ( String key : keys) {
- if ( existingKeyList != null && existingKeyList.contains(key)) {
- continue;
- }
- if (keyNameMatching == null || keyNameMatching.isEmpty() || key.startsWith(keyNameMatching)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("getKeyList():Adding kmsKey " + key);
- }
- lret.add(key) ;
+ if (response != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("getKeyList():response.getStatus()= "
+ + response.getStatus());
+ }
+ if (response.getStatus() == 200) {
+ String jsonString = response.getEntity(String.class);
+ Gson gson = new GsonBuilder().setPrettyPrinting()
+ .create();
+ @SuppressWarnings("unchecked")
+ List<String> keys = gson.fromJson(jsonString,
+ List.class);
+ if (keys != null) {
+ for (String key : keys) {
+ if (existingKeyList != null
+ && existingKeyList.contains(key)) {
+ continue;
+ }
+ if (keyNameMatching == null
+ || keyNameMatching.isEmpty()
+ || key.startsWith(keyNameMatching)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("getKeyList():Adding kmsKey "
+ + key);
}
+ lret.add(key);
+ }
}
- }
- }else if (response.getStatus() == 401) {
- LOG.info("getKeyList():response.getStatus()= " + response.getStatus() + " for URL " + uri + ", so returning null list");
- return lret;
- }else if (response.getStatus() == 403) {
- LOG.info("getKeyList():response.getStatus()= " + response.getStatus() + " for URL " + uri + ", so returning null list");
- return lret;
- }else {
- LOG.info("getKeyList():response.getStatus()= " + response.getStatus() + " for URL " + uri + ", so returning null list");
- String jsonString = response.getEntity(String.class);
- LOG.info(jsonString);
- lret = null;
+ return lret;
+ }
+ } else if (response.getStatus() == 401) {
+ LOG.info("getKeyList():response.getStatus()= "
+ + response.getStatus() + " for URL " + uri
+ + ", so returning null list");
+ return lret;
+ } else if (response.getStatus() == 403) {
+ LOG.info("getKeyList():response.getStatus()= "
+ + response.getStatus() + " for URL " + uri
+ + ", so returning null list");
+ return lret;
+ } else {
+ LOG.info("getKeyList():response.getStatus()= "
+ + response.getStatus() + " for URL " + uri
+ + ", so returning null list");
+ String jsonString = response.getEntity(String.class);
+ LOG.info(jsonString);
+ lret = null;
+ }
+ } else {
+ String msgDesc = "Unable to get a valid response for "
+ + "expected mime type : [" + EXPECTED_MIME_TYPE
+ + "] URL : " + uri + " - got null response.";
+ LOG.error(msgDesc);
+ HadoopException hdpException = new HadoopException(msgDesc);
+ hdpException.generateResponseDataMap(false, msgDesc,
+ msgDesc + errMsg, null, null);
+ lret = null;
+ throw hdpException;
}
- }else {
- String msgDesc = "Unable to get a valid response for "
- + "expected mime type : [" + EXPECTED_MIME_TYPE
- + "] URL : " + uri + " - got null response.";
- LOG.error(msgDesc);
- HadoopException hdpException = new HadoopException(msgDesc);
- hdpException.generateResponseDataMap(false, msgDesc, msgDesc + errMsg, null, null);
+ } catch (HadoopException he) {
+ lret = null;
+ throw he;
+ } catch (Throwable t) {
+ String msgDesc = "Exception while getting Kms Key List. URL : "
+ + uri;
+ HadoopException hdpException = new HadoopException(msgDesc, t);
+ LOG.error(msgDesc, t);
+ hdpException.generateResponseDataMap(false,
+ BaseClient.getMessage(t), msgDesc + errMsg, null, null);
lret = null;
throw hdpException;
- }
- } catch (HadoopException he) {
- lret = null;
- throw he;
- }catch (Throwable t) {
- String msgDesc = "Exception while getting Kms Key List. URL : " + uri;
- HadoopException hdpException = new HadoopException(msgDesc, t);
- LOG.error(msgDesc, t);
- hdpException.generateResponseDataMap(false, BaseClient.getMessage(t), msgDesc + errMsg, null, null);
- lret = null;
- throw hdpException;
- } finally {
- if (response != null) {
- response.close();
- }
-
- if (client != null) {
- client.destroy();
- }
+ } finally {
+ if (response != null) {
+ response.close();
+ }
+
+ if (client != null) {
+ client.destroy();
+ }
+
+ if(lret == null){
+ if (i != providers.length - 1)
+ continue;
+ }
+ }
}
- return lret ;
+ return lret;
}
-
- public static HashMap<String, Object> testConnection(String serviceName, Map<String, String> configs) {
+
+ public static HashMap<String, Object> testConnection(String serviceName,
+ Map<String, String> configs) {
List<String> strList = new ArrayList<String>();
String errMsg = errMessage;
@@ -170,7 +265,7 @@ public class KMSClient {
BaseClient.generateResponseDataMap(connectivityStatus, successMsg,
successMsg, null, null, responseData);
} else {
- String failureMsg = "Unable to retrieve any Kms Key using given parameters.";
+ String failureMsg = "Unable to retrieve any Kms Key using given URL.";
BaseClient.generateResponseDataMap(connectivityStatus, failureMsg,
failureMsg + errMsg, null, null, responseData);
}
@@ -194,17 +289,17 @@ public class KMSClient {
+ errMsg, null, null);
throw hdpException;
} else {
- String kmsUrl = configs.get("provider");
+ String kmsUrl = configs.get("provider");
String kmsUserName = configs.get("username");
String kmsPassWord = configs.get("password");
- kmsClient = new KMSClient (kmsUrl, kmsUserName,
- kmsPassWord);
-
+ kmsClient = new KMSClient(kmsUrl, kmsUserName, kmsPassWord);
+
}
return kmsClient;
}
- public static List<String> getKmsKey (final KMSClient kmsClient, String keyName, List<String> existingKeyName) {
+ public static List<String> getKmsKey(final KMSClient kmsClient,
+ String keyName, List<String> existingKeyName) {
List<String> resultList = new ArrayList<String>();
String errMsg = errMessage;
@@ -221,10 +316,12 @@ public class KMSClient {
if (keyName != null) {
String finalkmsKeyName = keyName.trim();
- resultList = kmsClient.getKeyList(finalkmsKeyName,existingKeyName);
+ resultList = kmsClient.getKeyList(finalkmsKeyName,
+ existingKeyName);
if (resultList != null) {
if (LOG.isDebugEnabled()) {
- LOG.debug("Returning list of " + resultList.size() + " Kms Keys");
+ LOG.debug("Returning list of " + resultList.size()
+ + " Kms Keys");
}
}
}
@@ -232,13 +329,14 @@ public class KMSClient {
resultList = null;
throw he;
} catch (Exception e) {
- String msgDesc = "Unable to get a valid response from the provider";
+ String msgDesc = "Unable to get a valid response from the provider : "+e.getMessage();
LOG.error(msgDesc, e);
HadoopException hdpException = new HadoopException(msgDesc);
- hdpException.generateResponseDataMap(false, msgDesc, msgDesc + errMsg, null, null);
+ hdpException.generateResponseDataMap(false, msgDesc, msgDesc
+ + errMsg, null, null);
resultList = null;
throw hdpException;
}
return resultList;
- }
-}
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/14ec7d52/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
index 5f2d4af..7446d1e 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
@@ -19,9 +19,15 @@
package org.apache.ranger.biz;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
@@ -32,6 +38,8 @@ import org.apache.commons.collections.MapUtils;
import org.apache.commons.collections.Predicate;
import org.apache.commons.collections.PredicateUtils;
import org.apache.commons.lang.StringUtils;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.ProviderUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.MessageEnums;
@@ -46,10 +54,11 @@ import org.apache.ranger.view.VXKmsKeyList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import com.google.common.base.Strings;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.sun.jersey.api.client.Client;
-import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.UniformInterfaceException;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.ClientConfig;
import com.sun.jersey.api.client.config.DefaultClientConfig;
@@ -65,6 +74,8 @@ public class KmsKeyMgr {
private static final String KMS_DELETE_KEY_URI = "v1/key/${alias}?user.name=${userName}"; //DELETE
private static final String KMS_KEY_METADATA_URI = "v1/key/${alias}/_metadata?user.name=${userName}"; //GET
private static final String KMS_URL_CONFIG = "provider";
+ private static Map<String, String> providerList = new HashMap<String, String>();
+ private static int nextProvider = 0;
@Autowired
ServiceDBStore svcStore;
@@ -75,28 +86,46 @@ public class KmsKeyMgr {
@Autowired
RangerConfigUtil configUtil;
+ @SuppressWarnings("unchecked")
public VXKmsKeyList searchKeys(String repoName){
- String provider = null;
+ String providers[] = null;
try {
- provider = getKMSURL(repoName);
+ providers = getKMSURL(repoName);
} catch (Exception e) {
logger.error("getKey(" + repoName + ") failed", e);
}
- Client c = getClient() ;
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
- String keyLists = KMS_KEY_LIST_URI.replaceAll(Pattern.quote("${userName}"), currentUserLoginId);
- String uri = provider + (provider.endsWith("/") ? keyLists : ("/" + keyLists));
+ List<VXKmsKey> vXKeys = new ArrayList<VXKmsKey>();
VXKmsKeyList vxKmsKeyList = new VXKmsKeyList();
- WebResource r = c.resource(uri) ;
- String response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
- Gson gson = new GsonBuilder().create() ;
- logger.debug(" Search Key RESPONSE: [" + response + "]") ;
- List<VXKmsKey> vXKeys = new ArrayList<VXKmsKey>();
- @SuppressWarnings("unchecked")
- List<String> keys = gson.fromJson(response, List.class) ;
- if(keys != null && keys.size() > 0){
- for(String name : keys){
- VXKmsKey key = getKey(repoName, name);
+ List<String> keys = null;
+ String connProvider = null;
+ for (int i = 0; i < providers.length; i++) {
+ Client c = getClient();
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String keyLists = KMS_KEY_LIST_URI.replaceAll(
+ Pattern.quote("${userName}"), currentUserLoginId);
+ connProvider = providers[i];
+ String uri = providers[i]
+ + (providers[i].endsWith("/") ? keyLists : ("/" + keyLists));
+
+ WebResource r = c.resource(uri);
+ try {
+ String response = r.accept(MediaType.APPLICATION_JSON_TYPE)
+ .get(String.class);
+ Gson gson = new GsonBuilder().create();
+ logger.debug(" Search Key RESPONSE: [" + response + "]");
+
+ keys = gson.fromJson(response, List.class);
+ break;
+ } catch (Exception e) {
+ if (e instanceof UniformInterfaceException || i == providers.length - 1)
+ throw e;
+ else
+ continue;
+ }
+ }
+ if (keys != null && keys.size() > 0) {
+ for (String name : keys) {
+ VXKmsKey key = getKeyFromUri(connProvider, name);
vXKeys.add(key);
}
vxKmsKeyList.setResultSize(vXKeys.size());
@@ -105,102 +134,252 @@ public class KmsKeyMgr {
vxKmsKeyList.setPageSize(vXKeys.size());
}
vxKmsKeyList.setVXKeys(vXKeys);
- return vxKmsKeyList;
+ return vxKmsKeyList;
}
public VXKmsKey rolloverKey(String provider, VXKmsKey vXKey){
+ String providers[] = null;
try {
- provider = getKMSURL(provider);
+ providers = getKMSURL(provider);
} catch (Exception e) {
- logger.error("rolloverKey(" + provider + ", "+ vXKey.getName() +") failed", e);
+ logger.error("rolloverKey(" + provider + ", " + vXKey.getName()
+ + ") failed", e);
}
- VXKmsKey ret = null ;
- Client c = getClient() ;
- String rollRest = KMS_ROLL_KEY_URI.replaceAll(Pattern.quote("${alias}"), vXKey.getName());
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
- rollRest = rollRest.replaceAll(Pattern.quote("${userName}"), currentUserLoginId);
- String uri = provider + (provider.endsWith("/") ? rollRest : ("/" + rollRest));
- WebResource r = c.resource(uri) ;
- Gson gson = new GsonBuilder().create() ;
- String jsonString = gson.toJson(vXKey) ;
- String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString) ;
- logger.debug("Roll RESPONSE: [" + response + "]") ;
- ret = gson.fromJson(response, VXKmsKey.class) ;
- return ret ;
+ VXKmsKey ret = null;
+ for (int i = 0; i < providers.length; i++) {
+ Client c = getClient();
+ String rollRest = KMS_ROLL_KEY_URI.replaceAll(
+ Pattern.quote("${alias}"), vXKey.getName());
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ rollRest = rollRest.replaceAll(Pattern.quote("${userName}"),
+ currentUserLoginId);
+ String uri = providers[i]
+ + (providers[i].endsWith("/") ? rollRest : ("/" + rollRest));
+ WebResource r = c.resource(uri);
+ Gson gson = new GsonBuilder().create();
+ String jsonString = gson.toJson(vXKey);
+ try {
+ String response = r.accept(MediaType.APPLICATION_JSON_TYPE)
+ .type(MediaType.APPLICATION_JSON_TYPE)
+ .post(String.class, jsonString);
+ logger.debug("Roll RESPONSE: [" + response + "]");
+ ret = gson.fromJson(response, VXKmsKey.class);
+ break;
+ } catch (Exception e) {
+ if (e instanceof UniformInterfaceException || i == providers.length - 1)
+ throw e;
+ else
+ continue;
+ }
+ }
+ return ret;
}
public void deleteKey(String provider, String name){
+ String providers[] = null;
try {
- provider = getKMSURL(provider);
+ providers = getKMSURL(provider);
} catch (Exception e) {
- logger.error("deleteKey(" + provider + ", "+ name +") failed", e);
+ logger.error("deleteKey(" + provider + ", " + name + ") failed", e);
}
- Client c = getClient() ;
- String deleteRest = KMS_DELETE_KEY_URI.replaceAll(Pattern.quote("${alias}"), name);
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
- deleteRest = deleteRest.replaceAll(Pattern.quote("${userName}"), currentUserLoginId);
- String uri = provider + (provider.endsWith("/") ? deleteRest : ("/" + deleteRest));
- WebResource r = c.resource(uri) ;
- String response = r.delete(String.class) ;
- logger.debug("delete RESPONSE: [" + response + "]") ;
+ for (int i = 0; i < providers.length; i++) {
+ Client c = getClient();
+ String deleteRest = KMS_DELETE_KEY_URI.replaceAll(
+ Pattern.quote("${alias}"), name);
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ deleteRest = deleteRest.replaceAll(Pattern.quote("${userName}"),
+ currentUserLoginId);
+ String uri = providers[i]
+ + (providers[i].endsWith("/") ? deleteRest
+ : ("/" + deleteRest));
+ WebResource r = c.resource(uri);
+ try {
+ String response = r.delete(String.class) ;
+ logger.debug("delete RESPONSE: [" + response + "]") ;
+ break;
+ } catch (Exception e) {
+ if (e instanceof UniformInterfaceException || i == providers.length - 1)
+ throw e;
+ else
+ continue;
+ }
+ }
}
public VXKmsKey createKey(String provider, VXKmsKey vXKey){
+ String providers[] = null;
try {
- provider = getKMSURL(provider);
+ providers = getKMSURL(provider);
} catch (Exception e) {
- logger.error("createKey(" + provider + ", "+ vXKey.getName() +") failed", e);
+ logger.error("createKey(" + provider + ", " + vXKey.getName()
+ + ") failed", e);
}
- VXKmsKey ret = null ;
- Client c = getClient() ;
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
- String createRest = KMS_ADD_KEY_URI.replaceAll(Pattern.quote("${userName}"), currentUserLoginId);
- String uri = provider + (provider.endsWith("/") ? createRest : ("/" + createRest));
- WebResource r = c.resource(uri) ;
- Gson gson = new GsonBuilder().create() ;
- String jsonString = gson.toJson(vXKey) ;
- String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString) ;
- logger.debug("Create RESPONSE: [" + response + "]") ;
- ret = gson.fromJson(response, VXKmsKey.class) ;
- return ret ;
+ VXKmsKey ret = null;
+ for (int i = 0; i < providers.length; i++) {
+ Client c = getClient();
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ String createRest = KMS_ADD_KEY_URI.replaceAll(
+ Pattern.quote("${userName}"), currentUserLoginId);
+ String uri = providers[i]
+ + (providers[i].endsWith("/") ? createRest
+ : ("/" + createRest));
+ WebResource r = c.resource(uri);
+ Gson gson = new GsonBuilder().create();
+ String jsonString = gson.toJson(vXKey);
+ try {
+ String response = r.accept(MediaType.APPLICATION_JSON_TYPE)
+ .type(MediaType.APPLICATION_JSON_TYPE)
+ .post(String.class, jsonString);
+ logger.debug("Create RESPONSE: [" + response + "]");
+ ret = gson.fromJson(response, VXKmsKey.class);
+ return ret;
+ } catch (Exception e) {
+ if (e instanceof UniformInterfaceException || i == providers.length - 1)
+ throw e;
+ else
+ continue;
+ }
+ }
+ return ret;
}
public VXKmsKey getKey(String provider, String name){
+ String providers[] = null;
try {
- provider = getKMSURL(provider);
+ providers = getKMSURL(provider);
} catch (Exception e) {
- logger.error("getKey(" + provider + ", "+ name +") failed", e);
+ logger.error("getKey(" + provider + ", " + name + ") failed", e);
+ }
+ for (int i = 0; i < providers.length; i++) {
+ Client c = getClient();
+ String keyRest = KMS_KEY_METADATA_URI.replaceAll(
+ Pattern.quote("${alias}"), name);
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ keyRest = keyRest.replaceAll(Pattern.quote("${userName}"),
+ currentUserLoginId);
+ String uri = providers[i]
+ + (providers[i].endsWith("/") ? keyRest : ("/" + keyRest));
+ WebResource r = c.resource(uri);
+ try {
+ String response = r.accept(MediaType.APPLICATION_JSON_TYPE)
+ .get(String.class);
+ Gson gson = new GsonBuilder().create();
+ logger.debug("RESPONSE: [" + response + "]");
+ VXKmsKey key = gson.fromJson(response, VXKmsKey.class);
+ return key;
+ } catch (Exception e) {
+ if (e instanceof UniformInterfaceException || i == providers.length - 1)
+ throw e;
+ else
+ continue;
+ }
}
- Client c = getClient() ;
- String keyRest = KMS_KEY_METADATA_URI.replaceAll(Pattern.quote("${alias}"), name);
+ return null;
+ }
+
+ public VXKmsKey getKeyFromUri(String provider, String name) {
+ Client c = getClient();
+ String keyRest = KMS_KEY_METADATA_URI.replaceAll(
+ Pattern.quote("${alias}"), name);
String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
- keyRest = keyRest.replaceAll(Pattern.quote("${userName}"), currentUserLoginId);
+ keyRest = keyRest.replaceAll(Pattern.quote("${userName}"),
+ currentUserLoginId);
String uri = provider + (provider.endsWith("/") ? keyRest : ("/" + keyRest));
- WebResource r = c.resource(uri) ;
+ WebResource r = c.resource(uri);
String response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
- Gson gson = new GsonBuilder().create() ;
- logger.debug("RESPONSE: [" + response + "]") ;
- VXKmsKey key = gson.fromJson(response, VXKmsKey.class) ;
- return key;
+ Gson gson = new GsonBuilder().create();
+ logger.debug("RESPONSE: [" + response + "]");
+ VXKmsKey key = gson.fromJson(response, VXKmsKey.class);
+ return key;
}
- private String getKMSURL(String name) throws Exception{
- String provider = null;
+ private String[] getKMSURL(String name) throws Exception{
+ String providers[] = null;
RangerService rangerService = null;
try {
rangerService = svcStore.getServiceByName(name);
- provider = rangerService.getConfigs().get(KMS_URL_CONFIG);
- provider = provider.replaceAll("kms://","");
- provider = provider.replaceAll("http@","http://");
- } catch(Exception excp) {
+ String kmsUrl = rangerService.getConfigs().get(KMS_URL_CONFIG);
+ String dbKmsUrl = kmsUrl;
+ if(providerList.containsKey(kmsUrl)){
+ kmsUrl = providerList.get(kmsUrl);
+ }else{
+ providerList.put(kmsUrl, kmsUrl);
+ }
+ providers = createProvider(dbKmsUrl,kmsUrl);
+ } catch (Exception excp) {
logger.error("getServiceByName(" + name + ") failed", excp);
throw new Exception("getServiceByName(" + name + ") failed", excp);
}
- if(rangerService == null || provider == null) {
- throw new Exception("Provider "+provider+" not found");
+ if (rangerService == null || providers == null) {
+ throw new Exception("Provider " + name + " not found");
+ }
+ return providers;
+ }
+
+ private String[] createProvider(String dbKmsUrl, String uri) throws IOException,URISyntaxException {
+ URI providerUri = new URI(uri);
+ URL origUrl = new URL(extractKMSPath(providerUri).toString());
+ String authority = origUrl.getAuthority();
+ // check for ';' which delimits the backup hosts
+ if (Strings.isNullOrEmpty(authority)) {
+ throw new IOException("No valid authority in kms uri [" + origUrl+ "]");
+ }
+ // Check if port is present in authority
+ // In the current scheme, all hosts have to run on the same port
+ int port = -1;
+ String hostsPart = authority;
+ if (authority.contains(":")) {
+ String[] t = authority.split(":");
+ try {
+ port = Integer.parseInt(t[1]);
+ } catch (Exception e) {
+ throw new IOException("Could not parse port in kms uri ["
+ + origUrl + "]");
+ }
+ hostsPart = t[0];
+ }
+ return createProvider(dbKmsUrl, providerUri, origUrl, port, hostsPart);
+ }
+
+ private static Path extractKMSPath(URI uri) throws MalformedURLException,IOException {
+ return ProviderUtils.unnestUri(uri);
+ }
+
+ private String[] createProvider(String dbkmsUrl, URI providerUri, URL origUrl, int port,
+ String hostsPart) throws IOException {
+ String[] hosts = hostsPart.split(";");
+ String[] providers = new String[hosts.length];
+ if (hosts.length == 1) {
+ providers[0] = origUrl.toString();
+ } else {
+ String providerNext=providerUri.getScheme()+"://"+origUrl.getProtocol()+"@";
+ for(int i=nextProvider; i<hosts.length; i++){
+ providerNext = providerNext+hosts[i];
+ if(i!=(hosts.length-1)){
+ providerNext = providerNext+";";
+ }
+ }
+ for(int i=0; i<nextProvider; i++){
+ providerNext = providerNext+";"+hosts[i];
+ }
+ if(nextProvider != hosts.length-1){
+ nextProvider = nextProvider+1;
+ }else{
+ nextProvider = 0;
+ }
+ providerNext = providerNext +":"+port+origUrl.getPath();
+ providerList.put(dbkmsUrl, providerNext);
+ for (int i = 0; i < hosts.length; i++) {
+ try {
+ String url = origUrl.getProtocol()+"://"+hosts[i]+":"+port+origUrl.getPath();
+ providers[i] = new URI(url).toString();
+ } catch (URISyntaxException e) {
+ throw new IOException("Could not Prase KMS URL..", e);
+ }
+ }
}
- return provider;
+ return providers;
}
private synchronized Client getClient() {
[04/26] incubator-ranger git commit: RANGER-488: updated README.txt
with build steps
Posted by ma...@apache.org.
RANGER-488: updated README.txt with build steps
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/df27a360
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/df27a360
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/df27a360
Branch: refs/heads/tag-policy
Commit: df27a36038f52c34fb323dbfc54b4670c27431b8
Parents: 804e666
Author: sneethiraj <sn...@apache.org>
Authored: Tue May 19 01:39:55 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Tue May 19 01:39:55 2015 -0400
----------------------------------------------------------------------
README.txt | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/df27a360/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index a0445b7..d410e18 100644
--- a/README.txt
+++ b/README.txt
@@ -6,20 +6,27 @@ Build Process
2. On the root folder, please execute the following Maven command:
$ mvn clean compile package install assembly:assembly
- $ mvn eclipse:eclipse
+ $ mvn eclise:eclipse
3. After the above build command execution, you should see the following TAR files in the target folder:
- ranger-<version-number>-admin.tar.gz
- ranger-<version-number>-usersync.tar.gz
- ranger-<version-number>-hdfs-plugin.tar.gz
- ranger-<version-number>-hive-plugin.tar.gz
- ranger-<version-number>-hbase-plugin.tar.gz
- ranger-<version-number>-knox-plugin.tar.gz
- ranger-<version-number>-storm-plugin.tar.gz
+
+ ranger-<version>-admin.tar.gz
+ ranger-<version>-hbase-plugin.tar.gz
+ ranger-<version>-hdfs-plugin.tar.gz
+ ranger-<version>-hive-plugin.tar.gz
+ ranger-<version>-kafka-plugin.tar.gz
+ ranger-<version>-kms.tar.gz
+ ranger-<version>-knox-plugin.tar.gz
+ ranger-<version>-migration-util.tar.gz
+ ranger-<version>-solr-plugin.tar.gz
+ ranger-<version>-src.tar.gz
+ ranger-<version>-storm-plugin.tar.gz
+ ranger-<version>-usersync.tar.gz
+ ranger-<version>-yarn-plugin.tar.gz
Importing Apache Ranger Project into Eclipse
-====================================
+============================================
1. Create a Eclipse workspace called 'ranger'
@@ -39,6 +46,7 @@ Installation Host Information
(c) HBase Plugin needs to be installed on both Master and Regional Server nodes.
(d) Knox Plugin needs to be installed on Knox hosts.
(e) Storm Plugin needs to be installed on Storm hosts.
+ (f) Kafka/Solr Plugin needs to be installed on their respective component hosts.
Installation Process
~~~~~~~~~~~~~~~~~~~~
@@ -51,8 +59,8 @@ Installation Process
4. Modify the install.properties file with appropriate variables
-5. If the module has install.sh,
- Execute ./install.sh
+5. If the module has setup.sh,
+ Execute ./setup.sh
If the install.sh file does not exists,
Execute ./enable-<component>-plugin.sh
[22/26] incubator-ranger git commit: RANGER-501 : Add solr audit
connectivity properties to Ranger Admin
Posted by ma...@apache.org.
RANGER-501 : Add solr audit connectivity properties to Ranger Admin
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/0421271e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/0421271e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/0421271e
Branch: refs/heads/tag-policy
Commit: 0421271e2b891a7fe0ade809e0e41f720fafe62a
Parents: 6de1bbc
Author: Gautam Borad <gb...@gmail.com>
Authored: Thu May 21 20:26:05 2015 +0530
Committer: sneethiraj <sn...@apache.org>
Committed: Fri May 22 09:31:48 2015 -0400
----------------------------------------------------------------------
security-admin/scripts/db_setup.py | 17 ++++--
security-admin/scripts/dba_script.py | 13 +++-
security-admin/scripts/install.properties | 5 +-
.../scripts/ranger-admin-site-template.xml | 2 +-
security-admin/scripts/setup.sh | 63 +++++++++++++++++---
security-admin/scripts/upgrade_admin.py | 2 +-
.../apache/ranger/common/PropertiesUtil.java | 19 ++++++
.../conf.dist/ranger-admin-default-site.xml | 6 +-
.../resources/conf.dist/ranger-admin-site.xml | 18 +++++-
9 files changed, 125 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0421271e/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index 6590eb2..e50421c 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -1263,6 +1263,14 @@ def main(argv):
log("[I] --------- Verifying Ranger DB connection ---------","info")
xa_sqlObj.check_connection(db_name, db_user, db_password)
+ if 'audit_store' in globalDict:
+ audit_store = globalDict['audit_store']
+ else:
+ audit_store = None
+
+ if audit_store is None or audit_store == "":
+ audit_store = "db"
+ audit_store=audit_store.lower()
if len(argv)==1:
log("[I] --------- Verifying Ranger DB tables ---------","info")
@@ -1278,10 +1286,11 @@ def main(argv):
xa_sqlObj.upgrade_db(db_name, db_user, db_password, xa_db_version_file)
log("[I] --------- Applying Ranger DB patches ---------","info")
xa_sqlObj.apply_patches(db_name, db_user, db_password, xa_patch_file)
- log("[I] --------- Starting Audit Operation ---------","info")
- audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_file, xa_access_audit)
- log("[I] --------- Applying Audit DB patches ---------","info")
- audit_sqlObj.apply_auditdb_patches(xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_patch_file, xa_access_audit)
+ if audit_store == "db":
+ log("[I] --------- Starting Audit Operation ---------","info")
+ audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_file, xa_access_audit)
+ log("[I] --------- Applying Audit DB patches ---------","info")
+ audit_sqlObj.apply_auditdb_patches(xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_patch_file, xa_access_audit)
# '''
if len(argv)>1:
for i in range(len(argv)):
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0421271e/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index 9dfba94..c37edbc 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -1373,6 +1373,14 @@ def main(argv):
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
+ if 'audit_store' in globalDict:
+ audit_store = globalDict['audit_store']
+ else:
+ audit_store = None
+
+ if audit_store is None or audit_store == "":
+ audit_store = "db"
+ audit_store=audit_store.lower()
# Methods Begin
if DBA_MODE == "TRUE" :
if (dryMode==True):
@@ -1392,7 +1400,8 @@ def main(argv):
log("[I] ---------- Granting permission to Ranger Admin db user ----------","info")
xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
# Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same
- log("[I] ---------- Verifying/Creating audit user --------- ","info")
- audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
+ if audit_store == "db":
+ log("[I] ---------- Verifying/Creating audit user --------- ","info")
+ audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
log("[I] ---------- Ranger Policy Manager DB and User Creation Process Completed.. ---------- ","info")
main(sys.argv)
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0421271e/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index 7490dd6..820d9c7 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -66,7 +66,10 @@ db_password=
audit_store=db
# * audit_solr_url URL to Solr. E.g. http://<solr_host>:6083/solr/ranger_audits
-audit_solr_url=
+audit_solr_urls=
+audit_solr_user=
+audit_solr_password=
+audit_solr_zookeepers=
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0421271e/security-admin/scripts/ranger-admin-site-template.xml
----------------------------------------------------------------------
diff --git a/security-admin/scripts/ranger-admin-site-template.xml b/security-admin/scripts/ranger-admin-site-template.xml
index 2c0462d..001248f 100644
--- a/security-admin/scripts/ranger-admin-site-template.xml
+++ b/security-admin/scripts/ranger-admin-site-template.xml
@@ -157,7 +157,7 @@
<value></value>
</property>
<property>
- <name>ranger.solr.url</name>
+ <name>ranger.audit.solr.urls</name>
<value></value>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0421271e/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 4b5e6b9..12224c4 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -157,10 +157,13 @@ init_variables(){
getPropertyFromFile 'db_password' $PROPFILE db_password
if [ "${audit_store}" == "solr" ]
then
- getPropertyFromFile 'audit_solr_url' $PROPFILE audit_solr_url
+ getPropertyFromFile 'audit_solr_urls' $PROPFILE audit_solr_urls
+ getPropertyFromFile 'audit_solr_user' $PROPFILE audit_solr_user
+ getPropertyFromFile 'audit_solr_password' $PROPFILE audit_solr_password
+ getPropertyFromFile 'audit_solr_zookeepers' $PROPFILE audit_solr_zookeepers
else
- getPropertyFromFile 'audit_db_user' $PROPFILE audit_db_user
- getPropertyFromFile 'audit_db_password' $PROPFILE audit_db_password
+ getPropertyFromFile 'audit_db_user' $PROPFILE audit_db_user
+ getPropertyFromFile 'audit_db_password' $PROPFILE audit_db_password
fi
}
@@ -872,11 +875,11 @@ update_properties() {
fi
if [ "${audit_store}" == "solr" ]
- then
- propertyName=ranger.solr.url
- newPropertyValue=${audit_solr_url}
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
- fi
+ then
+ propertyName=ranger.audit.solr.urls
+ newPropertyValue=${audit_solr_urls}
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ fi
propertyName=ranger.audit.source.type
newPropertyValue=${audit_store}
@@ -983,6 +986,50 @@ update_properties() {
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
fi
fi
+ if [ "${audit_store}" == "solr" ]
+ then
+ if [ "${audit_solr_zookeepers}" != "" ]
+ then
+ propertyName=ranger.audit.solr.zookeepers
+ newPropertyValue=${audit_solr_zookeepers}
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ fi
+ if [ "${audit_solr_user}" != "" ] && [ "${audit_solr_password}" != "" ]
+ then
+ propertyName=ranger.solr.audit.user
+ newPropertyValue=${audit_solr_user}
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+
+ if [ "${keystore}" != "" ]
+ then
+ echo "Starting configuration for solr credentials:"
+ mkdir -p `dirname "${keystore}"`
+ audit_solr_password_alias=ranger.solr.password
+
+ $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_solr_password_alias" -value "$audit_solr_password" -provider jceks://file$keystore
+
+ propertyName=ranger.solr.audit.credential.alias
+ newPropertyValue="${audit_solr_password_alias}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
+
+ propertyName=ranger.solr.audit.user.password
+ newPropertyValue="_"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ else
+ propertyName=ranger.solr.audit.user.password
+ newPropertyValue="${audit_solr_password}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ fi
+
+ if test -f $keystore; then
+ chown -R ${unix_user}:${unix_group} ${keystore}
+ else
+ propertyName=ranger.solr.audit.user.password
+ newPropertyValue="${audit_solr_password}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ fi
+ fi
+ fi
}
create_audit_db_user(){
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0421271e/security-admin/scripts/upgrade_admin.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/upgrade_admin.py b/security-admin/scripts/upgrade_admin.py
index 823edc1..5c79192 100755
--- a/security-admin/scripts/upgrade_admin.py
+++ b/security-admin/scripts/upgrade_admin.py
@@ -107,7 +107,7 @@ config2xmlMAP = {
'xa.logs.base.dir':'ranger.logs.base.dir',
'xa.scheduler.enabled':'ranger.scheduler.enabled',
'xa.audit.store':'ranger.audit.source.type',
- 'audit_solr_url':'ranger.solr.url',
+ 'audit_solr_urls':'ranger.audit.solr.urls',
'auditDB.jdbc.dialect':'ranger.jpa.audit.jdbc.dialect',
'auditDB.jdbc.driver':'ranger.jpa.audit.jdbc.driver',
'auditDB.jdbc.url':'ranger.jpa.audit.jdbc.url',
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0421271e/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
index 5549578..a0bfff4 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
@@ -133,6 +133,25 @@ public class PropertiesUtil extends PropertyPlaceholderConfigurer {
}
}
}
+ if(propertiesMap!=null && propertiesMap.containsKey("ranger.audit.source.type")){
+ String auditStore=propertiesMap.get("ranger.audit.source.type");
+ if(auditStore!=null && (auditStore.equalsIgnoreCase("solr"))){
+ if(propertiesMap!=null && propertiesMap.containsKey("ranger.credential.provider.path") && propertiesMap.containsKey("ranger.solr.audit.credential.alias")){
+ String path=propertiesMap.get("ranger.credential.provider.path");
+ String alias=propertiesMap.get("ranger.solr.audit.credential.alias");
+ if(path!=null && alias!=null){
+ String solrAuditPassword=CredentialReader.getDecryptedString(path.trim(), alias.trim());
+ if(solrAuditPassword!=null&& !solrAuditPassword.trim().isEmpty() &&
+ !solrAuditPassword.trim().equalsIgnoreCase("none")){
+ propertiesMap.put("ranger.solr.audit.user.password", solrAuditPassword);
+ props.put("ranger.solr.audit.user.password", solrAuditPassword);
+ }else{
+ logger.info("Credential keystore password not applied for Solr ; clear text password shall be applicable");
+ }
+ }
+ }
+ }
+ }
super.processProperties(beanFactory, props);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0421271e/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
index 0783f69..75d2490 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
@@ -431,5 +431,9 @@
<value>100</value>
<description></description>
</property>
-
+ <property>
+ <name>ranger.solr.audit.credential.alias</name>
+ <value>ranger.solr.password</value>
+ <description></description>
+ </property>
</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0421271e/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
index d0a4fe4..2660e19 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
@@ -46,7 +46,7 @@
<description></description>
</property>
<property>
- <name>ranger.solr.url</name>
+ <name>ranger.audit.solr.urls</name>
<value>http://##solr_host##:6083/solr/ranger_audits</value>
<description></description>
</property>
@@ -202,5 +202,19 @@
<name>ranger.service.https.attrib.keystore.file</name>
<value>/etc/ranger/admin/keys/server.jks</value>
</property>
-
+ <property>
+ <name>ranger.solr.audit.user</name>
+ <value></value>
+ <description></description>
+ </property>
+ <property>
+ <name>ranger.solr.audit.user.password</name>
+ <value></value>
+ <description></description>
+ </property>
+ <property>
+ <name>ranger.audit.solr.zookeepers</name>
+ <value></value>
+ <description></description>
+ </property>
</configuration>
[17/26] incubator-ranger git commit: RANGER-496 Fix build failure due
to Kafka API change
Posted by ma...@apache.org.
RANGER-496 Fix build failure due to Kafka API change
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/6e017928
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/6e017928
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/6e017928
Branch: refs/heads/tag-policy
Commit: 6e017928ef11e9031f404ee06a44f659a8192b98
Parents: de5ea54
Author: Don Bosco Durai <bo...@apache.org>
Authored: Tue May 19 15:53:49 2015 -0700
Committer: Don Bosco Durai <bo...@apache.org>
Committed: Tue May 19 15:55:32 2015 -0700
----------------------------------------------------------------------
.../authorization/kafka/authorizer/RangerKafkaAuthorizer.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6e017928/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
index 4689957..655f1b9 100644
--- a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
+++ b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
@@ -108,7 +108,7 @@ public class RangerKafkaAuthorizer implements Authorizer {
rangerResource.setValue(KEY_TOPIC, resource.name());
} else if (resource.resourceType().equals(ResourceType.CLUSTER)) {
rangerResource.setValue(KEY_CLUSTER, resource.name());
- } else if (resource.resourceType().equals(ResourceType.GROUP)) {
+ } else if (resource.resourceType().equals(ResourceType.CONSUMER_GROUP)) {
rangerResource.setValue(KEY_CONSUMER_GROUP, resource.name());
} else {
logger.fatal("Unsupported resourceType=" + resource.resourceType());
[03/26] incubator-ranger git commit: Merge branch 'master' of
https://git-wip-us.apache.org/repos/asf/incubator-ranger
Posted by ma...@apache.org.
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/incubator-ranger
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/804e6663
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/804e6663
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/804e6663
Branch: refs/heads/tag-policy
Commit: 804e666340f69a3dc9643943aba847c14de85b4a
Parents: b84b391 7ed35a9
Author: sneethiraj <sn...@apache.org>
Authored: Mon May 18 20:29:50 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Mon May 18 20:29:50 2015 -0400
----------------------------------------------------------------------
.../db/mysql/patches/013-permissionmodel.sql | 2 +-
.../db/oracle/patches/013-permissionmodel.sql | 6 +-
.../db/postgres/xa_core_db_postgres.sql | 6 +-
.../db/sqlserver/xa_core_db_sqlserver.sql | 6 +-
.../java/org/apache/ranger/biz/XUserMgr.java | 17 +++---
.../apache/ranger/common/RangerConstants.java | 6 +-
.../webapp/scripts/controllers/Controller.js | 59 ++++++++-----------
.../webapp/scripts/models/RangerServiceDef.js | 2 +-
.../src/main/webapp/scripts/modules/XALinks.js | 16 ++---
.../main/webapp/scripts/modules/XAOverrides.js | 2 +-
.../scripts/modules/globalize/message/en.js | 9 ++-
.../src/main/webapp/scripts/utils/XAEnums.js | 8 +++
.../src/main/webapp/scripts/utils/XAGlobals.js | 27 ++++-----
.../src/main/webapp/scripts/utils/XAUtils.js | 54 ++++++++++++++---
.../main/webapp/scripts/views/common/TopNav.js | 25 ++++++++
.../views/permissions/ModulePermissionCreate.js | 30 ----------
.../webapp/scripts/views/reports/AuditLayout.js | 33 ++++-------
security-admin/src/main/webapp/styles/xa.css | 4 ++
.../webapp/templates/common/TopNav_tmpl.html | 62 +++++++++++---------
.../reports/AssetOperationDiff_tmpl.html | 4 +-
.../reports/AssetUpdateOperationDiff_tmpl.html | 2 +-
.../templates/service/ServiceCreate_tmpl.html | 4 +-
.../templates/service/ServiceForm_tmpl.html | 2 +-
23 files changed, 207 insertions(+), 179 deletions(-)
----------------------------------------------------------------------
[10/26] incubator-ranger git commit: RANGER-493 : Fix KMS dba script
to work from non-install location
Posted by ma...@apache.org.
RANGER-493 : Fix KMS dba script to work from non-install location
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/3c2facfd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/3c2facfd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/3c2facfd
Branch: refs/heads/tag-policy
Commit: 3c2facfda17d05089935ecdb8adbad40bd41f393
Parents: d033320
Author: Gautam Borad <gb...@gmail.com>
Authored: Tue May 19 11:15:40 2015 +0530
Committer: sneethiraj <sn...@apache.org>
Committed: Tue May 19 03:05:51 2015 -0400
----------------------------------------------------------------------
kms/scripts/db_setup.py | 14 ++++++++------
kms/scripts/dba_script.py | 30 ++++++++++++++++--------------
2 files changed, 24 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3c2facfd/kms/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py
index 792327b..e7aa9a1 100644
--- a/kms/scripts/db_setup.py
+++ b/kms/scripts/db_setup.py
@@ -32,9 +32,11 @@ os_name = platform.system()
os_name = os_name.upper()
if os_name == "LINUX":
- RANGER_KMS_HOME = os.getcwd()
+ RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
+ if RANGER_KMS_HOME is None:
+ RANGER_KMS_HOME = os.getcwd()
elif os_name == "WINDOWS":
- RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
+ RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
def check_output(query):
if os_name == "LINUX":
@@ -119,7 +121,7 @@ class MysqlConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
@@ -189,7 +191,7 @@ class OracleConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, user, password)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password)
return jisql_cmd
@@ -275,7 +277,7 @@ class PostgresConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,self.host, db_name, user, password)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
@@ -345,7 +347,7 @@ class SqlServerConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, user, password, self.host,db_name)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
return jisql_cmd
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3c2facfd/kms/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py
index 0749038..327d5ca 100644
--- a/kms/scripts/dba_script.py
+++ b/kms/scripts/dba_script.py
@@ -31,9 +31,11 @@ os_name = platform.system()
os_name = os_name.upper()
if os_name == "LINUX":
+ RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
+ if RANGER_KMS_HOME is None:
RANGER_KMS_HOME = os.getcwd()
elif os_name == "WINDOWS":
- RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
+ RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
def call_keystore(libpath,aliasKey,aliasValue , filepath,getorcreate):
finalLibPath = libpath.replace('\\','/').replace('//','/')
@@ -81,7 +83,7 @@ def populate_global_dict():
elif os_name == "WINDOWS":
read_config_file = open(os.path.join(RANGER_KMS_HOME,'bin','install_config.properties'))
library_path = os.path.join(RANGER_KMS_HOME,"cred","lib","*")
- read_config_file = open(os.path.join(os.getcwd(),'install.properties'))
+ read_config_file = open(os.path.join(RANGER_KMS_HOME,'install.properties'))
for each_line in read_config_file.read().split('\n') :
if len(each_line) == 0 : continue
if re.search('=', each_line):
@@ -136,9 +138,9 @@ class MysqlConf(BaseDB):
def get_jisql_cmd(self, user, password ,db_name):
#TODO: User array for forming command
- path = os.getcwd()
+ path = RANGER_KMS_HOME
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
elif os_name == "WINDOWS":
self.JAVA_BIN = self.JAVA_BIN.strip("'")
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
@@ -321,9 +323,9 @@ class OracleConf(BaseDB):
def get_jisql_cmd(self, user, password):
#TODO: User array for forming command
- path = os.getcwd()
+ path = RANGER_KMS_HOME
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, user, password)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password)
return jisql_cmd
@@ -517,10 +519,10 @@ class PostgresConf(BaseDB):
def get_jisql_cmd(self, user, password, db_name):
#TODO: User array for forming command
- path = os.getcwd()
+ path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,self.host, db_name, user, password)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
@@ -714,10 +716,10 @@ class SqlServerConf(BaseDB):
def get_jisql_cmd(self, user, password, db_name):
#TODO: User array for forming command
- path = os.getcwd()
+ path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
return jisql_cmd
@@ -1043,7 +1045,7 @@ def main(argv):
if XA_DB_FLAVOR == "MYSQL":
MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN)
- xa_db_core_file = os.path.join(os.getcwd(),mysql_core_file)
+ xa_db_core_file = os.path.join(RANGER_KMS_HOME,mysql_core_file)
elif XA_DB_FLAVOR == "ORACLE":
ORACLE_CONNECTOR_JAR=CONNECTOR_JAR
@@ -1052,17 +1054,17 @@ def main(argv):
elif os_name == "WINDOWS":
xa_db_root_user = xa_db_root_user
xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
- xa_db_core_file = os.path.join(os.getcwd(),oracle_core_file)
+ xa_db_core_file = os.path.join(RANGER_KMS_HOME,oracle_core_file)
elif XA_DB_FLAVOR == "POSTGRES":
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
- xa_db_core_file = os.path.join(os.getcwd(),postgres_core_file)
+ xa_db_core_file = os.path.join(RANGER_KMS_HOME,postgres_core_file)
elif XA_DB_FLAVOR == "MSSQL":
SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = SqlServerConf(xa_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
- xa_db_core_file = os.path.join(os.getcwd(),sqlserver_core_file)
+ xa_db_core_file = os.path.join(RANGER_KMS_HOME,sqlserver_core_file)
else:
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
[16/26] incubator-ranger git commit: Ranger-495: Coverity Scan for
Apache Ranger : - Null pointer issue on KnoxClient lookup manager
Posted by ma...@apache.org.
Ranger-495: Coverity Scan for Apache Ranger : - Null pointer issue on KnoxClient lookup manager
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/de5ea542
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/de5ea542
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/de5ea542
Branch: refs/heads/tag-policy
Commit: de5ea54217ffe910664e7844c7038876ecf76fa7
Parents: afe001b
Author: rmani <rm...@hortonworks.com>
Authored: Tue May 19 15:12:59 2015 -0700
Committer: rmani <rm...@hortonworks.com>
Committed: Tue May 19 15:15:39 2015 -0700
----------------------------------------------------------------------
.../apache/ranger/services/knox/client/KnoxResourceMgr.java | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/de5ea542/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxResourceMgr.java
----------------------------------------------------------------------
diff --git a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxResourceMgr.java b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxResourceMgr.java
index cf551b9..34a3c40 100644
--- a/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxResourceMgr.java
+++ b/knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxResourceMgr.java
@@ -101,9 +101,10 @@ public class KnoxResourceMgr {
}
final KnoxClient knoxClient = new KnoxConnectionMgr().getKnoxClient(knoxUrl, knoxAdminUser, knoxAdminPassword);
-
- synchronized(knoxClient) {
- resultList = KnoxClient.getKnoxResources(knoxClient, knoxTopologyName, knoxServiceName,knoxTopologyList,knoxServiceList);
+ if ( knoxClient != null) {
+ synchronized(knoxClient) {
+ resultList = KnoxClient.getKnoxResources(knoxClient, knoxTopologyName, knoxServiceName,knoxTopologyList,knoxServiceList);
+ }
}
return resultList;
}
[06/26] incubator-ranger git commit: Merge branch 'master' of
https://git-wip-us.apache.org/repos/asf/incubator-ranger
Posted by ma...@apache.org.
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/incubator-ranger
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/80ce0eff
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/80ce0eff
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/80ce0eff
Branch: refs/heads/tag-policy
Commit: 80ce0eff60f0684caef5e3cc188833574c34bde8
Parents: 6ffacc6 df27a36
Author: sneethiraj <sn...@apache.org>
Authored: Tue May 19 01:43:02 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Tue May 19 01:43:02 2015 -0400
----------------------------------------------------------------------
README.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
[21/26] incubator-ranger git commit: RANGER-503 : Fix Ranger Admin
script for SUSE-11
Posted by ma...@apache.org.
RANGER-503 : Fix Ranger Admin script for SUSE-11
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/6de1bbc8
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/6de1bbc8
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/6de1bbc8
Branch: refs/heads/tag-policy
Commit: 6de1bbc8f6382a3fa774205ddbb4b9d36dec769e
Parents: 54caee2
Author: Gautam Borad <gb...@gmail.com>
Authored: Fri May 22 18:01:23 2015 +0530
Committer: sneethiraj <sn...@apache.org>
Committed: Fri May 22 08:49:17 2015 -0400
----------------------------------------------------------------------
embeddedwebserver/scripts/ranger-admin-services.sh | 10 +++++-----
kms/scripts/ranger-kms | 10 +++++-----
unixauthservice/scripts/ranger-usersync-services.sh | 10 +++++-----
3 files changed, 15 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6de1bbc8/embeddedwebserver/scripts/ranger-admin-services.sh
----------------------------------------------------------------------
diff --git a/embeddedwebserver/scripts/ranger-admin-services.sh b/embeddedwebserver/scripts/ranger-admin-services.sh
index 73502a1..6931dbf 100755
--- a/embeddedwebserver/scripts/ranger-admin-services.sh
+++ b/embeddedwebserver/scripts/ranger-admin-services.sh
@@ -21,7 +21,7 @@ if [[ -z $1 ]]; then
exit;
fi
action=$1
-
+action=`echo $action | tr '[:lower:]' '[:upper:]'`
realScriptPath=`readlink -f $0`
realScriptDir=`dirname $realScriptPath`
XAPOLICYMGR_DIR=`(cd $realScriptDir/..; pwd)`
@@ -63,19 +63,19 @@ stop(){
}
-if [ ${action^^} == "START" ]; then
+if [ "${action}" == "START" ]; then
start;
exit;
-elif [ ${action^^} == "STOP" ]; then
+elif [ "${action}" == "STOP" ]; then
stop;
exit;
-elif [ ${action^^} == "RESTART" ]; then
+elif [ "${action}" == "RESTART" ]; then
echo "Restarting Apache Ranger Admin"
stop;
sleep 2
start;
exit;
-elif [ ${action^^} == "VERSION" ]; then
+elif [ "${action}" == "VERSION" ]; then
cd ${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/lib
java -cp ranger-util-*.jar org.apache.ranger.common.RangerVersionInfo
exit;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6de1bbc8/kms/scripts/ranger-kms
----------------------------------------------------------------------
diff --git a/kms/scripts/ranger-kms b/kms/scripts/ranger-kms
index cb31860..f0fa1b4 100755
--- a/kms/scripts/ranger-kms
+++ b/kms/scripts/ranger-kms
@@ -22,7 +22,7 @@ then
exit;
fi
action=$1
-
+action=`echo $action | tr '[:lower:]' '[:upper:]'`
realScriptPath=`readlink -f $0`
realScriptDir=`dirname $realScriptPath`
RANGER_KMS_DIR=`(cd $realScriptDir; pwd)`
@@ -74,16 +74,16 @@ KMS_CONF_DIR=${RANGER_KMS_EWS_DIR}/webapp/WEB-INF/classes/conf
JAVA_OPTS="${JAVA_OPTS} -Dcatalina.base=${RANGER_KMS_EWS_DIR} -Dkms.config.dir=${KMS_CONF_DIR} -Dkms.log.dir=${TOMCAT_LOG_DIR} -cp ${RANGER_KMS_EWS_CONF_DIR}:${RANGER_KMS_EWS_LIB_DIR}/*:${RANGER_KMS_EWS_DIR}/webapp/lib/*:${JAVA_HOME}/lib/* "
-if [ "${action^^}" == "START" ]; then
+if [ "${action}" == "START" ]; then
echo "+ java -D${PROC_NAME} ${JAVA_OPTS} ${START_CLASS_NAME} ${KMS_CONFIG_FILENAME} "
java -D${PROC_NAME} ${JAVA_OPTS} ${START_CLASS_NAME} ${KMS_CONFIG_FILENAME} > ${TOMCAT_LOG_FILE} 2>&1 &
echo "Apache Ranger KMS has started."
exit
-elif [ "${action^^}" == "STOP" ]; then
+elif [ "${action}" == "STOP" ]; then
java ${JAVA_OPTS} ${STOP_CLASS_NAME} ${KMS_CONFIG_FILENAME} > ${TOMCAT_STOP_LOG_FILE} 2>&1
echo "Apache Ranger KMS has been stopped."
exit
-elif [ "${action^^}" == "RESTART" ]; then
+elif [ "${action}" == "RESTART" ]; then
echo "Restarting Apache Ranger KMS"
java ${JAVA_OPTS} ${STOP_CLASS_NAME} ${KMS_CONFIG_FILENAME} > ${TOMCAT_STOP_LOG_FILE} 2>&1
echo "Apache Ranger KMS has been stopped."
@@ -91,7 +91,7 @@ elif [ "${action^^}" == "RESTART" ]; then
java -D${PROC_NAME} ${JAVA_OPTS} ${START_CLASS_NAME} ${KMS_CONFIG_FILENAME} > ${TOMCAT_LOG_FILE} 2>&1 &
echo "Apache Ranger KMS has started successfully."
exit
-elif [ "${action^^}" == "VERSION" ]; then
+elif [ "${action}" == "VERSION" ]; then
( cd ${RANGER_KMS_LIB_DIR} ; java -cp ranger-util-*.jar org.apache.ranger.common.RangerVersionInfo )
exit
else
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6de1bbc8/unixauthservice/scripts/ranger-usersync-services.sh
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/ranger-usersync-services.sh b/unixauthservice/scripts/ranger-usersync-services.sh
index 3ec1999..9099f7d 100644
--- a/unixauthservice/scripts/ranger-usersync-services.sh
+++ b/unixauthservice/scripts/ranger-usersync-services.sh
@@ -21,7 +21,7 @@ if [[ -z $1 ]]; then
exit;
fi
action=$1
-
+action=`echo $action | tr '[:lower:]' '[:upper:]'`
realScriptPath=`readlink -f $0`
realScriptDir=`dirname $realScriptPath`
cd $realScriptDir
@@ -30,7 +30,7 @@ cdir=`pwd`
pidf=/var/run/ranger/usersync.pid
-if [ ${action^^} == "START" ]; then
+if [ "${action}" == "START" ]; then
#Export JAVA_HOME
. ${cdir}/conf/java_home.sh
@@ -76,7 +76,7 @@ if [ ${action^^} == "START" ]; then
fi
exit;
-elif [ ${action^^} == "STOP" ]; then
+elif [ "${action}" == "STOP" ]; then
if [ -f $pidf ]; then
pidf=/var/run/ranger/usersync.pid
@@ -90,13 +90,13 @@ elif [ ${action^^} == "STOP" ]; then
exit;
-elif [ ${action^^} == "RESTART" ]; then
+elif [ "${action}" == "RESTART" ]; then
echo "Stopping Ranger Usersync"
${cdir}/ranger-usersync-services.sh stop
echo "Starting Apache Ranger Usersync"
${cdir}/ranger-usersync-services.sh start
exit;
-elif [ ${action^^} == "VERSION" ]; then
+elif [ "${action}" == "VERSION" ]; then
cd ${cdir}/lib
java -cp ranger-util-*.jar org.apache.ranger.common.RangerVersionInfo
exit
[19/26] incubator-ranger git commit: RANGER-500 - Change URL to Solr
for audit
Posted by ma...@apache.org.
RANGER-500 - Change URL to Solr for audit
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d04a9a2f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/d04a9a2f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/d04a9a2f
Branch: refs/heads/tag-policy
Commit: d04a9a2fb3d0b7f64820d0db8476a08748ab15dd
Parents: e9d9aed
Author: Don Bosco Durai <bo...@apache.org>
Authored: Thu May 21 01:02:47 2015 -0700
Committer: Don Bosco Durai <bo...@apache.org>
Committed: Thu May 21 01:02:47 2015 -0700
----------------------------------------------------------------------
.../java/org/apache/ranger/solr/SolrMgr.java | 25 ++++++++++++++------
1 file changed, 18 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d04a9a2f/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java b/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
index 599f1df..ee52992 100644
--- a/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java
@@ -58,8 +58,15 @@ public class SolrMgr {
if (!initDone) {
if (rangerBizUtil.getAuditDBType().equalsIgnoreCase("solr")) {
String solrURL = PropertiesUtil
- .getProperty("ranger.solr.url");
- if (solrURL == null || solrURL.isEmpty()) {
+ .getProperty("ranger.audit.solr.urls");
+
+ if (solrURL == null) {
+ //Let's try older property name
+ solrURL = PropertiesUtil
+ .getProperty("ranger.solr.url");
+ }
+ if (solrURL == null || solrURL.isEmpty()
+ || solrURL.equalsIgnoreCase("none")) {
logger.fatal("Solr URL for Audit is empty");
} else {
try {
@@ -70,18 +77,22 @@ public class SolrMgr {
} else {
if (solrClient instanceof HttpSolrClient) {
HttpSolrClient httpSolrClient = (HttpSolrClient) solrClient;
- httpSolrClient.setAllowCompression(true);
- httpSolrClient.setConnectionTimeout(1000);
+ httpSolrClient
+ .setAllowCompression(true);
+ httpSolrClient
+ .setConnectionTimeout(1000);
// httpSolrClient.setSoTimeout(10000);
httpSolrClient.setMaxRetries(1);
- httpSolrClient.setRequestWriter(new BinaryRequestWriter());
+ httpSolrClient
+ .setRequestWriter(new BinaryRequestWriter());
}
initDone = true;
}
} catch (Throwable t) {
- logger.fatal("Can't connect to Solr server. URL="
- + solrURL, t);
+ logger.fatal(
+ "Can't connect to Solr server. URL="
+ + solrURL, t);
}
}
}
[23/26] incubator-ranger git commit: RANGER-274: tag-based-policies:
policyVersion of a service should be updated when its associated tagService
policyVersion is updated
Posted by ma...@apache.org.
RANGER-274: tag-based-policies: policyVersion of a service should be updated when its associated tagService policyVersion is updated
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/02475901
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/02475901
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/02475901
Branch: refs/heads/tag-policy
Commit: 0247590194798870a528fc32088a37b329d69fae
Parents: 6568faa
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Thu May 21 19:00:49 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Fri May 22 17:05:37 2015 -0700
----------------------------------------------------------------------
.../plugin/store/AbstractServiceStore.java | 201 ++++++++++++++-----
.../plugin/store/ServicePredicateUtil.java | 77 +++++++
.../plugin/store/file/ServiceFileStore.java | 29 ++-
.../org/apache/ranger/biz/ServiceDBStore.java | 62 +++++-
.../java/org/apache/ranger/db/XXServiceDao.java | 12 ++
.../resources/META-INF/jpa_named_queries.xml | 4 +
6 files changed, 314 insertions(+), 71 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02475901/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
index e30535a..2f75e38 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
@@ -19,6 +19,7 @@
package org.apache.ranger.plugin.store;
+import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -29,8 +30,11 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.util.SearchFilter;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.Date;
+import java.util.HashSet;
import java.util.List;
+import java.util.Objects;
import java.util.UUID;
public abstract class AbstractServiceStore implements ServiceStore {
@@ -39,6 +43,7 @@ public abstract class AbstractServiceStore implements ServiceStore {
private static final int MAX_ACCESS_TYPES_IN_SERVICE_DEF = 1000;
+
@Override
public void updateTagServiceDefForAccessTypes() throws Exception {
if (LOG.isDebugEnabled()) {
@@ -46,9 +51,6 @@ public abstract class AbstractServiceStore implements ServiceStore {
}
List<RangerServiceDef> allServiceDefs = getServiceDefs(new SearchFilter());
for (RangerServiceDef serviceDef : allServiceDefs) {
- if (StringUtils.isEmpty(serviceDef.getName()) || serviceDef.getName().equals(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
- continue;
- }
updateTagServiceDefForUpdatingAccessTypes(serviceDef);
}
if (LOG.isDebugEnabled()) {
@@ -203,7 +205,7 @@ public abstract class AbstractServiceStore implements ServiceStore {
protected void postCreate(RangerBaseModelObject obj) throws Exception {
if(obj instanceof RangerServiceDef) {
- updateTagServiceDefForAddingAccessTypes((RangerServiceDef)obj);
+ updateTagServiceDefForUpdatingAccessTypes((RangerServiceDef)obj);
}
}
@@ -234,7 +236,10 @@ public abstract class AbstractServiceStore implements ServiceStore {
protected void postUpdate(RangerBaseModelObject obj) throws Exception {
if(obj instanceof RangerServiceDef) {
- updateTagServiceDefForUpdatingAccessTypes((RangerServiceDef) obj);
+ RangerServiceDef serviceDef = (RangerServiceDef)obj;
+
+ updateTagServiceDefForUpdatingAccessTypes(serviceDef);
+ updateServicesForServiceDefUpdate(serviceDef);
}
}
@@ -261,40 +266,58 @@ public abstract class AbstractServiceStore implements ServiceStore {
return ret;
}
- private void updateTagServiceDefForAddingAccessTypes(RangerServiceDef serviceDef) throws Exception {
- if (serviceDef.getName().equals(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
- return;
- }
+ // when a service-def is updated, the updated service-def should be made available to plugins
+ // this is achieved by incrementing policyVersion of all its services
+ protected void updateServicesForServiceDefUpdate(RangerServiceDef serviceDef) throws Exception {
+ boolean isTagServiceDef = StringUtils.equals(serviceDef.getName(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME);
- RangerServiceDef tagServiceDef = null;
- try {
- tagServiceDef = this.getServiceDef(EmbeddedServiceDefsUtil.instance().getTagServiceDefId());
- } catch (Exception e) {
- LOG.error("AbstractServiceStore.updateTagServiceDefForAddingAccessTypes -- Could not find TAG ServiceDef.. ", e);
- throw e;
- }
- List<RangerServiceDef.RangerAccessTypeDef> accessTypes = new ArrayList<RangerServiceDef.RangerAccessTypeDef>();
+ SearchFilter filter = new SearchFilter();
+
+ filter.setParam(SearchFilter.SERVICE_TYPE, serviceDef.getName());
+
+ List<RangerService> services = getServices(filter);
- for (RangerServiceDef.RangerAccessTypeDef accessType : serviceDef.getAccessTypes()) {
- RangerServiceDef.RangerAccessTypeDef newAccessType = new RangerServiceDef.RangerAccessTypeDef(accessType);
+ if(CollectionUtils.isNotEmpty(services)) {
+ for(RangerService service : services) {
+ service.setPolicyVersion(getNextVersion(service.getPolicyVersion()));
+ service.setPolicyUpdateTime(serviceDef.getUpdateTime());
- newAccessType.setItemId(serviceDef.getId()*(MAX_ACCESS_TYPES_IN_SERVICE_DEF + 1) + accessType.getItemId());
- newAccessType.setName(serviceDef.getName() + ":" + accessType.getName());
- accessTypes.add(newAccessType);
+ updateService(service);
+
+ if(isTagServiceDef) {
+ filter = new SearchFilter();
+
+ filter.setParam(SearchFilter.TAG_SERVICE_NAME, service.getName());
+
+ List<RangerService> referrringServices = getServices(filter);
+
+ if(CollectionUtils.isNotEmpty(referrringServices)) {
+ for(RangerService referringService : referrringServices) {
+ referringService.setPolicyVersion(getNextVersion(referringService.getPolicyVersion()));
+ referringService.setPolicyUpdateTime(serviceDef.getUpdateTime());
+
+ updateService(referringService);
+ }
+ }
+ }
+ }
}
+ }
- tagServiceDef.getAccessTypes().addAll(accessTypes);
- try {
- updateServiceDef(tagServiceDef);
- LOG.info("AbstractServiceStore.updateTagServiceDefForAddingAccessTypes -- updated TAG service def with " + serviceDef.getName() + " access types");
- } catch (Exception e) {
- LOG.error("AbstractServiceStore.updateTagServiceDefForAddingAccessTypes -- Failed to update TAG ServiceDef.. ", e);
- throw e;
+ private RangerServiceDef.RangerAccessTypeDef findAccessTypeDef(long itemId, List<RangerServiceDef.RangerAccessTypeDef> accessTypeDefs) {
+ RangerServiceDef.RangerAccessTypeDef ret = null;
+
+ for(RangerServiceDef.RangerAccessTypeDef accessTypeDef : accessTypeDefs) {
+ if(itemId == accessTypeDef.getItemId()) {
+ ret = accessTypeDef;
+ break;
+ }
}
+ return ret;
}
private void updateTagServiceDefForUpdatingAccessTypes(RangerServiceDef serviceDef) throws Exception {
- if (serviceDef.getName().equals(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
+ if (StringUtils.equals(serviceDef.getName(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
return;
}
@@ -308,35 +331,106 @@ public abstract class AbstractServiceStore implements ServiceStore {
throw e;
}
- List<RangerServiceDef.RangerAccessTypeDef> tagSvcDefAccessTypes = new ArrayList<RangerServiceDef.RangerAccessTypeDef>();
+ List<RangerServiceDef.RangerAccessTypeDef> toAdd = new ArrayList<RangerServiceDef.RangerAccessTypeDef>();
+ List<RangerServiceDef.RangerAccessTypeDef> toUpdate = new ArrayList<RangerServiceDef.RangerAccessTypeDef>();
+ List<RangerServiceDef.RangerAccessTypeDef> toDelete = new ArrayList<RangerServiceDef.RangerAccessTypeDef>();
- for (RangerServiceDef.RangerAccessTypeDef accessType : tagServiceDef.getAccessTypes()) {
- if (accessType.getName().startsWith(serviceDefName + ":")) {
- RangerServiceDef.RangerAccessTypeDef tagSvcDefAccessType = new RangerServiceDef.RangerAccessTypeDef(accessType);
- tagSvcDefAccessTypes.add(tagSvcDefAccessType);
+ List<RangerServiceDef.RangerAccessTypeDef> svcDefAccessTypes = serviceDef.getAccessTypes();
+ List<RangerServiceDef.RangerAccessTypeDef> tagDefAccessTypes = tagServiceDef.getAccessTypes();
+
+ long itemIdOffset = serviceDef.getId() * (MAX_ACCESS_TYPES_IN_SERVICE_DEF + 1);
+
+ for (RangerServiceDef.RangerAccessTypeDef svcAccessType : svcDefAccessTypes) {
+ long tagAccessTypeItemId = svcAccessType.getItemId() + itemIdOffset;
+
+ RangerServiceDef.RangerAccessTypeDef tagAccessType = findAccessTypeDef(tagAccessTypeItemId, tagDefAccessTypes);
+
+ if(tagAccessType == null) {
+ tagAccessType = new RangerServiceDef.RangerAccessTypeDef();
+
+ tagAccessType.setItemId(tagAccessTypeItemId);
+ tagAccessType.setName(serviceDefName + ":" + svcAccessType.getName());
+ tagAccessType.setLabel(svcAccessType.getLabel());
+ tagAccessType.setRbKeyLabel(svcAccessType.getRbKeyLabel());
+
+ tagAccessType.setImpliedGrants(new HashSet<String>());
+ if(CollectionUtils.isNotEmpty(svcAccessType.getImpliedGrants())) {
+ for(String svcImpliedGrant : svcAccessType.getImpliedGrants()) {
+ tagAccessType.getImpliedGrants().add(serviceDefName + ":" + svcImpliedGrant);
+ }
+ }
+
+ toAdd.add(tagAccessType);
}
}
- List<RangerServiceDef.RangerAccessTypeDef> svcDefAccessTypes = new ArrayList<RangerServiceDef.RangerAccessTypeDef>();
+ for (RangerServiceDef.RangerAccessTypeDef tagAccessType : tagDefAccessTypes) {
+ if (tagAccessType.getName().startsWith(serviceDefName + ":")) {
+ long svcAccessTypeItemId = tagAccessType.getItemId() - itemIdOffset;
- for (RangerServiceDef.RangerAccessTypeDef accessType : serviceDef.getAccessTypes()) {
- RangerServiceDef.RangerAccessTypeDef svcDefAccessType = new RangerServiceDef.RangerAccessTypeDef(accessType);
- svcDefAccessType.setItemId(serviceDef.getId()*(MAX_ACCESS_TYPES_IN_SERVICE_DEF + 1) + accessType.getItemId());
- svcDefAccessType.setName(serviceDefName + ":" + accessType.getName());
- svcDefAccessTypes.add(svcDefAccessType);
- }
+ RangerServiceDef.RangerAccessTypeDef svcAccessType = findAccessTypeDef(svcAccessTypeItemId, svcDefAccessTypes);
- tagServiceDef.getAccessTypes().removeAll(tagSvcDefAccessTypes);
- tagServiceDef.getAccessTypes().addAll(svcDefAccessTypes);
+ if(svcAccessType == null) { // accessType has been deleted in service
+ toDelete.add(tagAccessType);
+ continue;
+ }
- try {
- updateServiceDef(tagServiceDef);
- LOG.info("AbstractServiceStore.updateTagServiceDefForUpdatingAccessTypes -- updated TAG service def with " + serviceDefName + " access types");
- } catch (Exception e) {
- LOG.error("AbstractServiceStore.updateTagServiceDefForUpdatingAccessTypes -- Failed to update TAG ServiceDef.. ", e);
- throw e;
+ boolean isUpdated = false;
+
+ if(! Objects.equals(tagAccessType.getName().substring(serviceDefName.length() + 1), svcAccessType.getName())) {
+ isUpdated = true;
+ } else if(! Objects.equals(tagAccessType.getLabel(), svcAccessType.getLabel())) {
+ isUpdated = true;
+ } else if(! Objects.equals(tagAccessType.getRbKeyLabel(), svcAccessType.getRbKeyLabel())) {
+ isUpdated = true;
+ } else {
+ Collection<String> tagImpliedGrants = tagAccessType.getImpliedGrants();
+ Collection<String> svcImpliedGrants = svcAccessType.getImpliedGrants();
+
+ int tagImpliedGrantsLen = tagImpliedGrants == null ? 0 : tagImpliedGrants.size();
+ int svcImpliedGrantsLen = svcImpliedGrants == null ? 0 : svcImpliedGrants.size();
+
+ if(tagImpliedGrantsLen != svcImpliedGrantsLen) {
+ isUpdated = true;
+ } else if(tagImpliedGrantsLen > 0) {
+ for(String svcImpliedGrant : svcImpliedGrants) {
+ if(! tagImpliedGrants.contains(serviceDefName + ":" + svcImpliedGrant)) {
+ isUpdated = true;
+ break;
+ }
+ }
+ }
+ }
+
+ if(isUpdated) {
+ tagAccessType.setName(serviceDefName + ":" + svcAccessType.getName());
+ tagAccessType.setLabel(svcAccessType.getLabel());
+ tagAccessType.setRbKeyLabel(svcAccessType.getRbKeyLabel());
+
+ tagAccessType.setImpliedGrants(new HashSet<String>());
+ if(CollectionUtils.isNotEmpty(svcAccessType.getImpliedGrants())) {
+ for(String svcImpliedGrant : svcAccessType.getImpliedGrants()) {
+ tagAccessType.getImpliedGrants().add(serviceDefName + ":" + svcImpliedGrant);
+ }
+ }
+
+ toUpdate.add(tagAccessType);
+ }
+ }
}
+ if(CollectionUtils.isNotEmpty(toAdd) || CollectionUtils.isNotEmpty(toUpdate) || CollectionUtils.isNotEmpty(toDelete)) {
+ tagDefAccessTypes.addAll(toAdd);
+ tagDefAccessTypes.removeAll(toDelete);
+
+ try {
+ updateServiceDef(tagServiceDef);
+ LOG.info("AbstractServiceStore.updateTagServiceDefForUpdatingAccessTypes -- updated TAG service def with " + serviceDefName + " access types");
+ } catch (Exception e) {
+ LOG.error("AbstractServiceStore.updateTagServiceDefForUpdatingAccessTypes -- Failed to update TAG ServiceDef.. ", e);
+ throw e;
+ }
+ }
}
private void updateTagServiceDefForDeletingAccessTypes(String serviceDefName) throws Exception {
@@ -355,8 +449,7 @@ public abstract class AbstractServiceStore implements ServiceStore {
for (RangerServiceDef.RangerAccessTypeDef accessType : tagServiceDef.getAccessTypes()) {
if (accessType.getName().startsWith(serviceDefName + ":")) {
- RangerServiceDef.RangerAccessTypeDef newAccessType = new RangerServiceDef.RangerAccessTypeDef(accessType);
- accessTypes.add(newAccessType);
+ accessTypes.add(accessType);
}
}
@@ -369,4 +462,8 @@ public abstract class AbstractServiceStore implements ServiceStore {
throw e;
}
}
+
+ protected long getNextVersion(Long currentVersion) {
+ return currentVersion == null ? 1L : currentVersion.longValue() + 1;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02475901/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java
index 69560e2..d919697 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java
@@ -42,6 +42,8 @@ public class ServicePredicateUtil extends AbstractPredicateUtil {
addPredicateForServiceType(filter.getParam(SearchFilter.SERVICE_TYPE), predicates);
addPredicateForServiceId(filter.getParam(SearchFilter.SERVICE_ID), predicates);
+ addPredicateForTagSeviceName(filter.getParam(SearchFilter.TAG_SERVICE_NAME), predicates);
+ addPredicateForTagSeviceId(filter.getParam(SearchFilter.TAG_SERVICE_ID), predicates);
}
private String getServiceType(String serviceName) {
@@ -153,4 +155,79 @@ public class ServicePredicateUtil extends AbstractPredicateUtil {
return ret;
}
+
+ private Predicate addPredicateForTagSeviceName(final String tagServiceName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(tagServiceName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerService) {
+ RangerService service = (RangerService)object;
+
+ ret = StringUtils.equals(tagServiceName, service.getTagService());
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForTagSeviceId(final String tagServiceId, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(tagServiceId)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerService) {
+ RangerService service = (RangerService)object;
+
+ if(! StringUtils.isEmpty(service.getTagService())) {
+ RangerService tagService = null;
+
+ try {
+ tagService = serviceStore.getServiceByName(service.getTagService());
+ } catch(Exception excp) {
+ }
+
+ ret = tagService != null && tagService.getId() != null && StringUtils.equals(tagServiceId, tagService.getId().toString());
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02475901/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
index 8a34c80..23dd0c0 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
@@ -39,7 +39,6 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.store.AbstractServiceStore;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.store.ServicePredicateUtil;
-import org.apache.ranger.plugin.store.ServiceStore;
import org.apache.ranger.plugin.store.file.FileStoreUtil;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.plugin.util.ServicePolicies;
@@ -809,19 +808,29 @@ public class ServiceFileStore extends AbstractServiceStore {
if(service == null) {
return;
}
-
- Long policyVersion = service.getPolicyVersion();
- if(policyVersion == null) {
- policyVersion = new Long(1);
- } else {
- policyVersion = new Long(policyVersion.longValue() + 1);
- }
-
- service.setPolicyVersion(policyVersion);
+ service.setPolicyVersion(getNextVersion(service.getPolicyVersion()));
service.setPolicyUpdateTime(new Date());
fileStoreUtil.saveToFile(service, FILE_PREFIX_SERVICE, true);
+
+ boolean isTagServiceDef = StringUtils.equals(service.getType(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME);
+
+ if(isTagServiceDef) {
+ SearchFilter filter = new SearchFilter();
+ filter.setParam(SearchFilter.TAG_SERVICE_NAME, service.getName());
+
+ List<RangerService> referringServices = getServices(filter);
+
+ if(CollectionUtils.isNotEmpty(referringServices)) {
+ for(RangerService referringService : referringServices) {
+ referringService.setPolicyVersion(getNextVersion(referringService.getPolicyVersion()));
+ referringService.setPolicyUpdateTime(service.getPolicyUpdateTime());
+
+ fileStoreUtil.saveToFile(referringService, FILE_PREFIX_SERVICE, true);
+ }
+ }
+ }
}
private RangerPolicy findPolicyByName(String serviceName, String policyName) throws Exception {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02475901/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 5628a32..0623518 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -29,6 +29,7 @@ import java.util.Map.Entry;
import javax.annotation.PostConstruct;
+import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -1798,21 +1799,29 @@ public class ServiceDBStore extends AbstractServiceStore {
return;
}
- Long policyVersion = service.getPolicyVersion();
-
- if(policyVersion == null) {
- policyVersion = new Long(1);
- } else {
- policyVersion = new Long(policyVersion.longValue() + 1);
- }
-
- service.setPolicyVersion(policyVersion);
+ service.setPolicyVersion(getNextVersion(service.getPolicyVersion()));
service.setPolicyUpdateTime(new Date());
serviceDbObj.setPolicyVersion(service.getPolicyVersion());
serviceDbObj.setPolicyUpdateTime(service.getPolicyUpdateTime());
serviceDao.update(serviceDbObj);
+
+ // if this is a tag service, update all services that refer to this tag service
+ // so that next policy-download from plugins will get updated tag policies
+ boolean isTagService = serviceDbObj.getType() == EmbeddedServiceDefsUtil.instance().getTagServiceDefId();
+ if(isTagService) {
+ List<XXService> referringServices = serviceDao.findByTagServiceId(serviceDbObj.getId());
+
+ if(CollectionUtils.isNotEmpty(referringServices)) {
+ for(XXService referringService : referringServices) {
+ referringService.setPolicyVersion(getNextVersion(referringService.getPolicyVersion()));
+ referringService.setPolicyUpdateTime(service.getPolicyUpdateTime());
+
+ serviceDao.update(referringService);
+ }
+ }
+ }
}
private void createNewPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerPolicyItem> policyItems, XXServiceDef xServiceDef) {
@@ -2066,4 +2075,39 @@ public class ServiceDBStore extends AbstractServiceStore {
}
}
+ // when a service-def is updated, the updated service-def should be made available to plugins
+ // this is achieved by incrementing policyVersion of all services of this service-def
+ protected void updateServicesForServiceDefUpdate(RangerServiceDef serviceDef) throws Exception {
+ if(serviceDef == null) {
+ return;
+ }
+
+ boolean isTagServiceDef = StringUtils.equals(serviceDef.getName(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME);
+
+ XXServiceDao serviceDao = daoMgr.getXXService();
+
+ List<XXService> services = serviceDao.findByServiceDefId(serviceDef.getId());
+
+ if(CollectionUtils.isNotEmpty(services)) {
+ for(XXService service : services) {
+ service.setPolicyVersion(getNextVersion(service.getPolicyVersion()));
+ service.setPolicyUpdateTime(serviceDef.getUpdateTime());
+
+ serviceDao.update(service);
+
+ if(isTagServiceDef) {
+ List<XXService> referrringServices = serviceDao.findByTagServiceId(service.getId());
+
+ if(CollectionUtils.isNotEmpty(referrringServices)) {
+ for(XXService referringService : referrringServices) {
+ referringService.setPolicyVersion(getNextVersion(referringService.getPolicyVersion()));
+ referringService.setPolicyUpdateTime(serviceDef.getUpdateTime());
+
+ serviceDao.update(referringService);
+ }
+ }
+ }
+ }
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02475901/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java
index 4f35ad3..5a38aaa 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java
@@ -69,4 +69,16 @@ public class XXServiceDao extends BaseDao<XXService> {
}
}
+ public List<XXService> findByTagServiceId(Long tagServiceId) {
+ if (tagServiceId == null) {
+ return new ArrayList<XXService>();
+ }
+ try {
+ return getEntityManager().createNamedQuery("XXService.findByTagServiceId", tClass)
+ .setParameter("tagServiceId", tagServiceId).getResultList();
+ } catch (NoResultException e) {
+ return new ArrayList<XXService>();
+ }
+ }
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02475901/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index 054a0bd..f844653 100644
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -352,6 +352,10 @@
<query>select obj from XXService obj where obj.type = :serviceDefId</query>
</named-query>
+ <named-query name="XXService.findByTagServiceId">
+ <query>select obj from XXService obj where obj.tagService = :tagServiceId</query>
+ </named-query>
+
<!-- XXPolicyResource -->
<named-query name="XXPolicyResource.findByResDefIdAndPolicyId">
<query>select obj from XXPolicyResource obj where
[18/26] incubator-ranger git commit: RANGER-498: added
ranger_credential_helper.py - needed for initial setup
Posted by ma...@apache.org.
RANGER-498: added ranger_credential_helper.py - needed for initial setup
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/e9d9aed3
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/e9d9aed3
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/e9d9aed3
Branch: refs/heads/tag-policy
Commit: e9d9aed394cc6ecf26ec7d2711f951de3866520d
Parents: 6e01792
Author: sneethiraj <sn...@apache.org>
Authored: Wed May 20 17:05:40 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Wed May 20 17:09:27 2015 -0400
----------------------------------------------------------------------
src/main/assembly/kms.xml | 5 +++++
1 file changed, 5 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e9d9aed3/src/main/assembly/kms.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/kms.xml b/src/main/assembly/kms.xml
index 87d8ea3..0e609ff 100755
--- a/src/main/assembly/kms.xml
+++ b/src/main/assembly/kms.xml
@@ -349,5 +349,10 @@
<destName>enable-kms-plugin.sh</destName>
<fileMode>755</fileMode>
</file>
+ <file>
+ <source>security-admin/scripts/ranger_credential_helper.py</source>
+ <outputDirectory>/</outputDirectory>
+ <fileMode>755</fileMode>
+ </file>
</files>
</assembly>
[25/26] incubator-ranger git commit: RANGER-502: Add abstract
implementation and parameterless init for easier extension of interfaces
ConditionEvaluator, ContextEnricher, ResourceMatcher
Posted by ma...@apache.org.
RANGER-502: Add abstract implementation and parameterless init for easier extension of interfaces ConditionEvaluator, ContextEnricher, ResourceMatcher
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f31274b8
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f31274b8
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f31274b8
Branch: refs/heads/tag-policy
Commit: f31274b8694563655691734ed74f6617109dc794
Parents: 14ec7d5
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Thu May 21 20:28:15 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Fri May 22 17:55:34 2015 -0700
----------------------------------------------------------------------
.../RangerAbstractConditionEvaluator.java | 43 ++++++++++
.../RangerConditionEvaluator.java | 7 +-
.../conditionevaluator/RangerIpMatcher.java | 8 +-
.../conditionevaluator/RangerSimpleMatcher.java | 8 +-
.../RangerTimeOfDayMatcher.java | 8 +-
.../RangerAbstractContextEnricher.java | 10 ++-
.../contextenricher/RangerContextEnricher.java | 4 +-
.../contextenricher/RangerCountryProvider.java | 5 +-
.../contextenricher/RangerProjectProvider.java | 5 +-
.../policyengine/RangerPolicyRepository.java | 3 +-
.../RangerDefaultPolicyEvaluator.java | 8 +-
.../RangerAbstractResourceMatcher.java | 26 +++---
.../RangerPathResourceMatcher.java | 10 +--
.../resourcematcher/RangerResourceMatcher.java | 9 ++-
.../conditionevaluator/RangerIpMatcherTest.java | 8 +-
.../RangerSimpleMatcherTest.java | 36 ++++++---
.../RangerTimeOfDayMatcherTest.java | 4 +-
.../RangerDefaultPolicyEvaluatorTest.java | 13 +--
.../resourcematcher/TestResourceMatcher.java | 15 ++--
.../test_resourcematcher_default.json | 78 ++++++++++++------
.../test_resourcematcher_path.json | 84 +++++++++++++-------
21 files changed, 270 insertions(+), 122 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java
new file mode 100644
index 0000000..be05144
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.conditionevaluator;
+
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
+
+
+public abstract class RangerAbstractConditionEvaluator implements RangerConditionEvaluator {
+ protected RangerPolicyConditionDef conditionDef = null;
+ protected RangerPolicyItemCondition condition = null;
+
+ @Override
+ public void setConditionDef(RangerPolicyConditionDef conditionDef) {
+ this.conditionDef = conditionDef;
+ }
+
+ @Override
+ public void setPolicyItemCondition(RangerPolicyItemCondition condition) {
+ this.condition = condition;
+ }
+
+ @Override
+ public void init() {
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java
index 10eb04b..3ad8781 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java
@@ -24,7 +24,12 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
public interface RangerConditionEvaluator {
+ void setConditionDef(RangerPolicyConditionDef conditionDef);
+
+ void setPolicyItemCondition(RangerPolicyItemCondition condition);
+
+
+ void init();
- void init(RangerPolicyConditionDef conditionDef, RangerPolicyItemCondition condition);
boolean isMatched(RangerAccessRequest request);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcher.java
index cb476b5..ba28e4a 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcher.java
@@ -29,8 +29,6 @@ import java.util.regex.Pattern;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
/**
@@ -38,7 +36,7 @@ import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
* @author alal
*
*/
-public class RangerIpMatcher implements RangerConditionEvaluator {
+public class RangerIpMatcher extends RangerAbstractConditionEvaluator {
private static final Log LOG = LogFactory.getLog(RangerIpMatcher.class);
private List<String> _exactIps = new ArrayList<String>();
@@ -46,11 +44,13 @@ public class RangerIpMatcher implements RangerConditionEvaluator {
private boolean _allowAny = false;
@Override
- public void init(final RangerPolicyConditionDef conditionDef, final RangerPolicyItemCondition condition) {
+ public void init() {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerIpMatcher.init(" + condition + ")");
}
+ super.init();
+
// NOTE: this evaluator does not use conditionDef!
if (condition == null) {
LOG.debug("init: null policy condition! Will match always!");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
index de4baf4..48f806d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
@@ -28,11 +28,9 @@ import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-public class RangerSimpleMatcher implements RangerConditionEvaluator {
+public class RangerSimpleMatcher extends RangerAbstractConditionEvaluator {
private static final Log LOG = LogFactory.getLog(RangerSimpleMatcher.class);
@@ -43,11 +41,13 @@ public class RangerSimpleMatcher implements RangerConditionEvaluator {
private List<String> _values = new ArrayList<String>();
@Override
- public void init(RangerPolicyConditionDef conditionDef, RangerPolicyItemCondition condition) {
+ public void init() {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerSimpleMatcher.init(" + condition + ")");
}
+ super.init();
+
if (condition == null) {
LOG.debug("init: null policy condition! Will match always!");
_allowAny = true;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcher.java
index e8bb8db..40d86a5 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcher.java
@@ -31,22 +31,22 @@ import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-public class RangerTimeOfDayMatcher implements RangerConditionEvaluator {
+public class RangerTimeOfDayMatcher extends RangerAbstractConditionEvaluator {
private static final Log LOG = LogFactory.getLog(RangerTimeOfDayMatcher.class);
boolean _allowAny = false;
List<int[]> _durations = new ArrayList<int[]>();
@Override
- public void init(RangerPolicyConditionDef conditionDef, RangerPolicyItemCondition condition) {
+ public void init() {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerTimeOfDayMatcher.init(" + condition + ")");
}
+ super.init();
+
if (condition == null) {
LOG.debug("init: null policy condition! Will match always!");
_allowAny = true;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
index f14360d..0e18494 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
@@ -21,7 +21,6 @@ package org.apache.ranger.plugin.contextenricher;
import java.io.FileInputStream;
import java.io.InputStream;
-import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
@@ -34,10 +33,17 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
public abstract class RangerAbstractContextEnricher implements RangerContextEnricher {
private static final Log LOG = LogFactory.getLog(RangerAbstractContextEnricher.class);
+ protected RangerContextEnricherDef enricherDef;
+
private Map<String, String> options = null;
@Override
- public void init(RangerContextEnricherDef enricherDef) {
+ public void setContextEnricherDef(RangerContextEnricherDef enricherDef) {
+ this.enricherDef = enricherDef;
+ }
+
+ @Override
+ public void init() {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAbstractContextEnricher.init(" + enricherDef + ")");
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java
index 98b72bd..073225b 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java
@@ -24,7 +24,9 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
public interface RangerContextEnricher {
- void init(RangerContextEnricherDef enricherDef);
+ void setContextEnricherDef(RangerContextEnricherDef enricherDef);
+
+ void init();
void enrich(RangerAccessRequest request);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java
index 0c40ec9..64f5023 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java
@@ -25,7 +25,6 @@ import java.util.Properties;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
@@ -36,12 +35,12 @@ public class RangerCountryProvider extends RangerAbstractContextEnricher {
private Properties userCountryMap = null;
@Override
- public void init(RangerContextEnricherDef enricherDef) {
+ public void init() {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerCountryProvider.init(" + enricherDef + ")");
}
- super.init(enricherDef);
+ super.init();
contextName = getOption("contextName", "COUNTRY");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java
index 01022c4..4df53cb 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java
@@ -25,7 +25,6 @@ import java.util.Properties;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
@@ -36,12 +35,12 @@ public class RangerProjectProvider extends RangerAbstractContextEnricher {
private Properties userProjectMap = null;
@Override
- public void init(RangerContextEnricherDef enricherDef) {
+ public void init() {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerProjectProvider.init(" + enricherDef + ")");
}
- super.init(enricherDef);
+ super.init();
contextName = getOption("contextName", "PROJECT");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index 8e3d17c..6a355ff 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -147,7 +147,8 @@ public class RangerPolicyRepository {
}
if(ret != null) {
- ret.init(enricherDef);
+ ret.setContextEnricherDef(enricherDef);
+ ret.init();
}
if(LOG.isDebugEnabled()) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index 3f9ab84..ede91f0 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -145,7 +145,9 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
if (anEvaluator == null) {
LOG.error("initializeConditionEvaluators: Serious Configuration error: Couldn't instantiate condition evaluator for class[" + evaluatorClassName + "]. All checks for condition[" + conditionName + "] disabled.");
} else {
- anEvaluator.init(conditionDef, condition);
+ anEvaluator.setConditionDef(conditionDef);
+ anEvaluator.setPolicyItemCondition(condition);
+ anEvaluator.init();
result.put(conditionName, anEvaluator);
}
}
@@ -649,7 +651,9 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
}
if (ret != null) {
- ret.init(resourceDef.getMatcherOptions(), resource);
+ ret.setResourceDef(resourceDef);
+ ret.setPolicyResource(resource);
+ ret.init();
}
} else {
LOG.error("RangerDefaultPolicyEvaluator: RangerResourceDef is null");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
index 95dd214..9e547f1 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
@@ -41,9 +41,9 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat
public final static String OPTION_IGNORE_CASE = "ignoreCase";
public final static String OPTION_WILD_CARD = "wildCard";
- private RangerResourceDef resourceDef = null;
- private RangerPolicyResource policyResource = null;
- private Map<String, String> options = null;
+ protected RangerResourceDef resourceDef = null;
+ protected RangerPolicyResource policyResource = null;
+ protected Map<String, String> options = null;
protected boolean optIgnoreCase = false;
protected boolean optWildCard = false;
@@ -53,13 +53,21 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat
protected boolean isMatchAny = false;
@Override
- public void init(Map<String, String> options, RangerPolicyResource policyResource) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerAbstractResourceMatcher.init(" + resourceDef + ", " + policyResource + ")");
- }
+ public void setResourceDef(RangerResourceDef resourceDef) {
+ this.resourceDef = resourceDef;
+ this.options = resourceDef != null ? resourceDef.getMatcherOptions() : null;
+ }
- this.options = options;
+ @Override
+ public void setPolicyResource(RangerPolicyResource policyResource) {
this.policyResource = policyResource;
+ }
+
+ @Override
+ public void init() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerAbstractResourceMatcher.init()");
+ }
optIgnoreCase = getBooleanOption(OPTION_IGNORE_CASE, true);
optWildCard = getBooleanOption(OPTION_WILD_CARD, true);
@@ -86,7 +94,7 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerAbstractResourceMatcher.init(" + resourceDef + ", " + policyResource + ")");
+ LOG.debug("<== RangerAbstractResourceMatcher.init()");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
index 6096c8d..79ab394 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
@@ -22,7 +22,6 @@ package org.apache.ranger.plugin.resourcematcher;
import java.util.ArrayList;
import java.util.List;
-import java.util.Map;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.IOCase;
@@ -30,7 +29,6 @@ import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher {
@@ -44,12 +42,12 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher {
private List<String> policyValuesForMatch = null;
@Override
- public void init(Map<String, String> options, RangerPolicyResource policyResource) {
+ public void init() {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPathResourceMatcher.init(" + options + ", " + policyResource + ")");
+ LOG.debug("==> RangerPathResourceMatcher.init()");
}
- super.init(options, policyResource);
+ super.init();
policyIsRecursive = policyResource == null ? false : policyResource.getIsRecursive();
pathSeparatorChar = getCharOption(OPTION_PATH_SEPERATOR, DEFAULT_PATH_SEPERATOR_CHAR);
@@ -69,7 +67,7 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher {
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPathResourceMatcher.init(" + options + ", " + policyResource + ")");
+ LOG.debug("<== RangerPathResourceMatcher.init()");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
index 3c4e99b..609d59d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
@@ -19,12 +19,15 @@
package org.apache.ranger.plugin.resourcematcher;
-import java.util.Map;
-
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
public interface RangerResourceMatcher {
- void init(Map<String, String> options, RangerPolicyResource policyResource);
+ void setResourceDef(RangerResourceDef resourceDef);
+
+ void setPolicyResource(RangerPolicyResource policyResource);
+
+ void init();
boolean isMatch(String resource);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java
index cc69324..1e82c65 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java
@@ -228,12 +228,16 @@ public class RangerIpMatcherTest {
RangerIpMatcher matcher = new RangerIpMatcher();
if (ipArray == null) {
- matcher.init(null, null);
+ matcher.setConditionDef(null);
+ matcher.setPolicyItemCondition(null);
+ matcher.init();
} else {
RangerPolicyItemCondition condition = mock(RangerPolicyItemCondition.class);
List<String> addresses = Arrays.asList(ipArray);
when(condition.getValues()).thenReturn(addresses);
- matcher.init(null, condition);
+ matcher.setConditionDef(null);
+ matcher.setPolicyItemCondition(condition);
+ matcher.init();
}
return matcher;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
index 7ce9cf3..8d0bc75 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
@@ -64,38 +64,52 @@ public class RangerSimpleMatcherTest {
RangerSimpleMatcher matcher = new RangerSimpleMatcher();
// Matcher initialized with null policy should behave sensibly! It matches everything!
- matcher.init(null, null);
+ matcher.setConditionDef(null);
+ matcher.setPolicyItemCondition(null);
+ matcher.init();
assertTrue(matcher.isMatched(request));
RangerPolicyItemCondition policyItemCondition = mock(RangerPolicyItemCondition.class);
- matcher.init(null, policyItemCondition);
+ matcher.setConditionDef(null);
+ matcher.setPolicyItemCondition(policyItemCondition);
+ matcher.init();
assertTrue(matcher.isMatched(request));
RangerPolicyConditionDef conditionDef = mock(RangerPolicyConditionDef.class);
- matcher.init(conditionDef, null);
+ matcher.setConditionDef(conditionDef);
+ matcher.setPolicyItemCondition(null);
+ matcher.init();
assertTrue(matcher.isMatched(request));
// so should a policy item condition with initialized with null list of values
when(policyItemCondition.getValues()).thenReturn(null);
- matcher.init(conditionDef, policyItemCondition);
+ matcher.setConditionDef(conditionDef);
+ matcher.setPolicyItemCondition(policyItemCondition);
+ matcher.init();
assertTrue(matcher.isMatched(request));
// not null item condition with empty condition list
List<String> values = new ArrayList<String>();
when(policyItemCondition.getValues()).thenReturn(values);
- matcher.init(conditionDef, policyItemCondition);
+ matcher.setConditionDef(conditionDef);
+ matcher.setPolicyItemCondition(policyItemCondition);
+ matcher.init();
assertTrue(matcher.isMatched(request));
// values as sensible items in it, however, the conditionDef has null evaluator option, so that too suppresses any check
values.add("AB");
when(policyItemCondition.getValues()).thenReturn(values);
when(conditionDef.getEvaluatorOptions()).thenReturn(null);
- matcher.init(conditionDef, policyItemCondition);
+ matcher.setConditionDef(conditionDef);
+ matcher.setPolicyItemCondition(policyItemCondition);
+ matcher.init();
assertTrue(matcher.isMatched(request));
// If evaluator option on the condition def is non-null then it starts to evaluate for real
when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
- matcher.init(conditionDef, policyItemCondition);
+ matcher.setConditionDef(conditionDef);
+ matcher.setPolicyItemCondition(policyItemCondition);
+ matcher.init();
assertTrue(matcher.isMatched(request));
}
@@ -103,7 +117,9 @@ public class RangerSimpleMatcherTest {
RangerSimpleMatcher matcher = new RangerSimpleMatcher();
if (ipArray == null) {
- matcher.init(null, null);
+ matcher.setConditionDef(null);
+ matcher.setPolicyItemCondition(null);
+ matcher.init();
} else {
RangerPolicyItemCondition condition = mock(RangerPolicyItemCondition.class);
List<String> addresses = Arrays.asList(ipArray);
@@ -112,7 +128,9 @@ public class RangerSimpleMatcherTest {
RangerPolicyConditionDef conditionDef = mock(RangerPolicyConditionDef.class);
when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
- matcher.init(conditionDef, condition);
+ matcher.setConditionDef(conditionDef);
+ matcher.setPolicyItemCondition(condition);
+ matcher.init();
}
return matcher;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java
index 21e4769..b6ca843 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java
@@ -178,7 +178,9 @@ public class RangerTimeOfDayMatcherTest {
when(itemCondition.getValues()).thenReturn(Arrays.asList("2:45a.m. -7:00 AM", " 9:15AM- 5:30P.M. "));
RangerTimeOfDayMatcher matcher = new RangerTimeOfDayMatcher();
- matcher.init(null, itemCondition);
+ matcher.setConditionDef(null);
+ matcher.setPolicyItemCondition(itemCondition);
+ matcher.init();
Object[][] input = new Object[][] {
{ 1, 0, false },
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java
index 88e668e..943b76a 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java
@@ -34,6 +34,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.apache.ranger.plugin.conditionevaluator.RangerAbstractConditionEvaluator;
import org.apache.ranger.plugin.conditionevaluator.RangerConditionEvaluator;
import org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher;
import org.apache.ranger.plugin.model.RangerPolicy;
@@ -210,11 +211,11 @@ public class RangerDefaultPolicyEvaluatorTest {
* @author alal
*
*/
- static class AlwaysPass implements RangerConditionEvaluator {
+ static class AlwaysPass extends RangerAbstractConditionEvaluator {
@Override
- public void init(RangerPolicyConditionDef conditionDef, RangerPolicyItemCondition condition) {
- // empty body!
+ public void init() {
+ super.init();
}
@Override
public boolean isMatched(RangerAccessRequest request) {
@@ -223,11 +224,11 @@ public class RangerDefaultPolicyEvaluatorTest {
}
- static class AlwaysFail implements RangerConditionEvaluator {
+ static class AlwaysFail extends RangerAbstractConditionEvaluator {
@Override
- public void init(RangerPolicyConditionDef conditionDef, RangerPolicyItemCondition condition) {
- // empty body
+ public void init() {
+ super.init();
}
@Override
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java b/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java
index 5775d0f..9b870d4 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java
@@ -24,9 +24,9 @@ import static org.junit.Assert.*;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.List;
-import java.util.Map;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
import org.apache.ranger.plugin.resourcematcher.TestResourceMatcher.ResourceMatcherTestCases.TestCase;
import org.apache.ranger.plugin.resourcematcher.TestResourceMatcher.ResourceMatcherTestCases.TestCase.OneTest;
import org.junit.After;
@@ -89,7 +89,7 @@ public class TestResourceMatcher {
assertTrue("invalid input: " + testName, testCases != null && testCases.testCases != null);
for(TestCase testCase : testCases.testCases) {
- RangerResourceMatcher matcher = createResourceMatcher(testCase.matcher, testCase.matcherOptions, testCase.policyResource);
+ RangerResourceMatcher matcher = createResourceMatcher(testCase.resourceDef, testCase.policyResource);
for(OneTest oneTest : testCase.tests) {
if(oneTest == null) {
@@ -104,14 +104,16 @@ public class TestResourceMatcher {
}
}
- private RangerResourceMatcher createResourceMatcher(String className, Map<String, String> options, RangerPolicyResource policyResource) throws Exception {
+ private RangerResourceMatcher createResourceMatcher(RangerResourceDef resourceDef, RangerPolicyResource policyResource) throws Exception {
RangerResourceMatcher ret = null;
@SuppressWarnings("unchecked")
- Class<RangerResourceMatcher> matcherClass = (Class<RangerResourceMatcher>) Class.forName(className);
+ Class<RangerResourceMatcher> matcherClass = (Class<RangerResourceMatcher>) Class.forName(resourceDef.getMatcher());
ret = matcherClass.newInstance();
- ret.init(options, policyResource);
+ ret.setResourceDef(resourceDef);
+ ret.setPolicyResource(policyResource);
+ ret.init();
return ret;
}
@@ -121,8 +123,7 @@ public class TestResourceMatcher {
class TestCase {
public String name;
- public String matcher;
- public Map<String, String> matcherOptions;
+ public RangerResourceDef resourceDef;
public RangerPolicyResource policyResource;
public List<OneTest> tests;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json b/agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json
index 24d1e4e..918c30f 100644
--- a/agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json
+++ b/agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json
@@ -2,8 +2,10 @@
"testCases":[
{
"name":"value=simple; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["simple"]
},
@@ -19,8 +21,10 @@
,
{
"name":"value=simple; wildCard=true; ignoreCase=true; isExcludes=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["simple"],
"isExcludes":true
@@ -37,8 +41,10 @@
,
{
"name":"value=simple; wildCard=true; ignoreCase=false",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":false},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":false}
+ },
"policyResource":{
"values": ["simple"]
},
@@ -54,8 +60,10 @@
,
{
"name":"value=SiMpLe; wildCard=true; ignoreCase=false",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":false},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":false}
+ },
"policyResource":{
"values": ["SiMpLe"]
},
@@ -71,8 +79,10 @@
,
{
"name":"value=simple*; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["simple*"]
},
@@ -97,8 +107,10 @@
,
{
"name":"value=simple*string; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["simple*string"]
},
@@ -123,8 +135,10 @@
,
{
"name":"value=simple*test*string; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["simple*test*string"]
},
@@ -152,8 +166,10 @@
,
{
"name":"value=*simple; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["*simple"]
},
@@ -184,8 +200,10 @@
,
{
"name":"value=simple*; wildCard=true; ignoreCase=false",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":false},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":false}
+ },
"policyResource":{
"values": ["simple*"]
},
@@ -207,8 +225,10 @@
,
{
"name":"value=simple?; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["simple?"]
},
@@ -239,8 +259,10 @@
,
{
"name":"value=simple?string; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["simple?string"]
},
@@ -265,8 +287,10 @@
,
{
"name":"value=simple?string?; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["simple?string?"]
},
@@ -294,8 +318,10 @@
,
{
"name":"value=simple1,simple2,wild*,onechar?,star*onechar?; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["simple1","simple2","wild*","onechar?","star*onechar?"]
},
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/resources/resourcematcher/test_resourcematcher_path.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/resourcematcher/test_resourcematcher_path.json b/agents-common/src/test/resources/resourcematcher/test_resourcematcher_path.json
index 352ed52..25b0eb7 100644
--- a/agents-common/src/test/resources/resourcematcher/test_resourcematcher_path.json
+++ b/agents-common/src/test/resources/resourcematcher/test_resourcematcher_path.json
@@ -2,8 +2,10 @@
"testCases":[
{
"name":"value=/; isRecursive=false; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["/"],
"isRecursive":false
@@ -18,8 +20,10 @@
,
{
"name":"value=/path1; isRecursive=false; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["/path1"],
"isRecursive":false
@@ -35,8 +39,10 @@
,
{
"name":"value=/path1/*; isRecursive=false; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["/path1/*"],
"isRecursive":false
@@ -53,8 +59,10 @@
,
{
"name":"value=/; isRecursive=true; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["/"],
"isRecursive":true
@@ -69,8 +77,10 @@
,
{
"name":"value=/path1; isRecursive=true; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["/path1"],
"isRecursive":true
@@ -90,8 +100,10 @@
,
{
"name":"value=/path*; isRecursive=true; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["/path*"],
"isRecursive":true
@@ -114,8 +126,10 @@
,
{
"name":"value=/path?; isRecursive=true; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["/path?"],
"isRecursive":true
@@ -137,8 +151,10 @@
,
{
"name":"value=/public/*test; isRecursive=true; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["/public/*test"],
"isRecursive":true
@@ -159,8 +175,10 @@
,
{
"name":"value=/public/*test/*result; isRecursive=true; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["/public/*test/*result"],
"isRecursive":true
@@ -188,8 +206,10 @@
,
{
"name":"value=/public/*test/*result; isRecursive=false; wildCard=true; ignoreCase=true",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true}
+ },
"policyResource":{
"values": ["/public/*test/*result"],
"isRecursive":true
@@ -217,8 +237,10 @@
,
{
"name":"value=root; isRecursive=false; wildCard=true; ignoreCase=true; pathSeparatorChar=.",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."}
+ },
"policyResource":{
"values": ["root"],
"isRecursive":false
@@ -233,8 +255,10 @@
,
{
"name":"value=root.default.mycompany*; isRecursive=false; wildCard=true; ignoreCase=true; pathSeparatorChar=.",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."}
+ },
"policyResource":{
"values": ["root.default.mycompany*"],
"isRecursive":false
@@ -253,8 +277,10 @@
,
{
"name":"value=root; isRecursive=true; wildCard=true; ignoreCase=true; pathSeparatorChar=.",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."}
+ },
"policyResource":{
"values": ["root"],
"isRecursive":true
@@ -269,8 +295,10 @@
,
{
"name":"value=root.default.mycompany*; isRecursive=true; wildCard=true; ignoreCase=true; pathSeparatorChar=.",
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."},
+ "resourceDef":{
+ "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."}
+ },
"policyResource":{
"values": ["root.default.mycompany*"],
"isRecursive":true