ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject git commit: ARGUS-17: grant() REST API updated in policymgr with addition of 'replacePerm' flag - to support HBase GRANT. Installation updated with addition of UPDATE_XAPOLICIES_ON_GRANT_REVOKE property.
Date Thu, 28 Aug 2014 17:55:40 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master d59e0ee41 -> cb728432c


ARGUS-17: grant() REST API updated in policymgr with addition of
'replacePerm' flag - to support HBase GRANT. Installation updated with
addition of UPDATE_XAPOLICIES_ON_GRANT_REVOKE property.

Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/cb728432
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/cb728432
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/cb728432

Branch: refs/heads/master
Commit: cb728432cb83ebb39681ae729613681aed2a9c41
Parents: d59e0ee
Author: mneethiraj <mneethiraj@hortonworks.com>
Authored: Thu Aug 28 09:56:28 2014 -0700
Committer: mneethiraj <mneethiraj@hortonworks.com>
Committed: Thu Aug 28 09:56:28 2014 -0700

----------------------------------------------------------------------
 .../admin/client/datatype/GrantRevokeData.java  |  3 ++
 .../conf/xasecure-hbase-security-changes.cfg    |  1 +
 hbase-agent/scripts/install.properties          |  9 ++++
 .../conf/xasecure-hive-security-changes.cfg     |  1 +
 hive-agent/scripts/install.properties           |  9 ++++
 .../main/java/com/xasecure/biz/AssetMgr.java    | 50 +++++++++++++++++++-
 .../main/java/com/xasecure/rest/AssetREST.java  |  2 +-
 .../main/java/com/xasecure/view/VXPolicy.java   | 12 ++++-
 8 files changed, 84 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/cb728432/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
b/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
index 223b4dd..0431f97 100644
--- a/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
+++ b/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
@@ -31,6 +31,7 @@ public class GrantRevokeData implements java.io.Serializable {
 	private String        columnFamilies;
 	private boolean       isEnabled;
 	private boolean       isAuditEnabled;
+	private boolean       replacePerm;
 	private List<PermMap> permMapList = new ArrayList<PermMap>();
 
 
@@ -116,6 +117,7 @@ public class GrantRevokeData implements java.io.Serializable {
 		this.columns        = columns;
 		this.isAuditEnabled = true;
 		this.isEnabled      = true;
+		this.replacePerm    = false;
 		this.permMapList.add(permMap);
 	}
 
@@ -133,6 +135,7 @@ public class GrantRevokeData implements java.io.Serializable {
 		this.columnFamilies = columnFamilies;
 		this.isAuditEnabled = true;
 		this.isEnabled      = true;
+		this.replacePerm    = true;
 		this.permMapList.add(permMap);
 	}
 	

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/cb728432/hbase-agent/conf/xasecure-hbase-security-changes.cfg
----------------------------------------------------------------------
diff --git a/hbase-agent/conf/xasecure-hbase-security-changes.cfg b/hbase-agent/conf/xasecure-hbase-security-changes.cfg
index 094d2a7..5f0d578 100644
--- a/hbase-agent/conf/xasecure-hbase-security-changes.cfg
+++ b/hbase-agent/conf/xasecure-hbase-security-changes.cfg
@@ -8,5 +8,6 @@ xasecure.hbase.policymgr.url.saveAsFile				   	/tmp/hbase_%REPOSITORY_NAME%_json
 xasecure.hbase.policymgr.url.laststoredfile				%POLICY_CACHE_FILE_PATH%/hbase_%REPOSITORY_NAME%_json
				mod create-if-not-exists
 xasecure.hbase.policymgr.url.reloadIntervalInMillis 	30000 																mod create-if-not-exists
 xasecure.hbase.policymgr.ssl.config						/etc/hbase/conf/xasecure-policymgr-ssl.xml					
	mod create-if-not-exists
+xasecure.hbase.update.xapolicies.on.grant.revoke        %UPDATE_XAPOLICIES_ON_GRANT_REVOKE%
                                mod create-if-not-exists
 xasecure.policymgr.url							        %POLICY_MGR_URL% 													mod create-if-not-exists
 xasecure.policymgr.sslconfig.filename				    /etc/hbase/conf/xasecure-policymgr-ssl.xml	
					mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/cb728432/hbase-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hbase-agent/scripts/install.properties b/hbase-agent/scripts/install.properties
index 42cc0ee..2aaf56a 100644
--- a/hbase-agent/scripts/install.properties
+++ b/hbase-agent/scripts/install.properties
@@ -76,3 +76,12 @@ SSL_KEYSTORE_FILE_PATH=agentKey.jks
 SSL_KEYSTORE_PASSWORD=myKeyFilePassword
 SSL_TRUSTSTORE_FILE_PATH=cacert
 SSL_TRUSTSTORE_PASSWORD=changeit
+
+#
+# Should HBase GRANT/REVOKE update XA policies?
+#
+# Example:
+#     UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
+#     UPDATE_XAPOLICIES_ON_GRANT_REVOKE=false
+#
+UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/cb728432/hive-agent/conf/xasecure-hive-security-changes.cfg
----------------------------------------------------------------------
diff --git a/hive-agent/conf/xasecure-hive-security-changes.cfg b/hive-agent/conf/xasecure-hive-security-changes.cfg
index 7883913..d21f377 100644
--- a/hive-agent/conf/xasecure-hive-security-changes.cfg
+++ b/hive-agent/conf/xasecure-hive-security-changes.cfg
@@ -8,5 +8,6 @@ xasecure.hive.policymgr.url.saveAsFile				/tmp/hive_%REPOSITORY_NAME%_json
 xasecure.hive.policymgr.url.laststoredfile			%POLICY_CACHE_FILE_PATH%/hive_%REPOSITORY_NAME%_json
					mod create-if-not-exists
 xasecure.hive.policymgr.url.reloadIntervalInMillis 	30000 																	mod create-if-not-exists
 xasecure.hive.policymgr.ssl.config					/etc/hive/conf/xasecure-policymgr-ssl.xml								mod
create-if-not-exists
+xasecure.hive.update.xapolicies.on.grant.revoke     %UPDATE_XAPOLICIES_ON_GRANT_REVOKE% 
                                   mod create-if-not-exists
 xasecure.policymgr.url							    %POLICY_MGR_URL% 														mod create-if-not-exists
 xasecure.policymgr.sslconfig.filename				/etc/hive/conf/xasecure-policymgr-ssl.xml						
	mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/cb728432/hive-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hive-agent/scripts/install.properties b/hive-agent/scripts/install.properties
index 6d26ec3..a9f8a50 100644
--- a/hive-agent/scripts/install.properties
+++ b/hive-agent/scripts/install.properties
@@ -71,3 +71,12 @@ SSL_KEYSTORE_FILE_PATH=agentKey.jks
 SSL_KEYSTORE_PASSWORD=myKeyFilePassword
 SSL_TRUSTSTORE_FILE_PATH=cacert
 SSL_TRUSTSTORE_PASSWORD=changeit
+
+#
+# Should Hive GRANT/REVOKE update XA policies?
+#
+# Example:
+#     UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
+#     UPDATE_XAPOLICIES_ON_GRANT_REVOKE=false
+#
+UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/cb728432/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
index d62c625..439363e 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
@@ -73,6 +73,7 @@ import com.xasecure.view.VXAuditMap;
 import com.xasecure.view.VXAuditMapList;
 import com.xasecure.view.VXPermMap;
 import com.xasecure.view.VXPermMapList;
+import com.xasecure.view.VXPolicy;
 import com.xasecure.view.VXPolicyExportAuditList;
 import com.xasecure.view.VXResource;
 import com.xasecure.view.VXResourceList;
@@ -2336,7 +2337,7 @@ public class AssetMgr extends AssetMgrBase {
 		return isValidAuthentication;
 	}
 	
-	public VXResource grantXResource(VXResource vXResource) {
+	public VXResource grantXResource(VXResource vXResource,VXPolicy vXPolicy) {
 		if(vXResource==null){
 			return vXResource;
 		}
@@ -2560,6 +2561,53 @@ public class AssetMgr extends AssetMgrBase {
 			}			
 		}
 		
+		if(vXResourceList!=null && vXResourceList.getListSize()>0){					
+			//replace perm map if true
+			if(vXPolicy.isReplacePerm()){
+				XXResource xXResource = xADaoManager.getXXResource().getById(vXResource.getId());
+				VXResource vXResourceDBObj=xResourceService.populateViewBean(xXResource);
+				List<XXTrxLog> trxLogListDelete = xResourceService.getTransactionLog(
+						vXResourceDBObj, xXResource, "delete");
+				List<VXPermMap> permMapListtoDelete=vXResourceDBObj.getPermMapList();
+				List<String> permMapDeleteKeys=new ArrayList<String>();				
+				String userKey=null;				
+				for(VXPermMap permMapTemp :permMapList){					
+					if(permMapTemp==null||permMapTemp.getPermFor()==0||(permMapTemp.getUserId()==null &&
permMapTemp.getGroupId()==null)){
+						continue;					
+					}
+					userKey=null;
+					if(permMapTemp.getPermFor()==AppConstants.XA_PERM_FOR_USER){
+						userKey=permMapTemp.getPermFor()+"_"+permMapTemp.getUserId();
+					}
+					if(permMapTemp.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
+						userKey=permMapTemp.getPermFor()+"_"+permMapTemp.getGroupId();
+					}
+					if(!permMapDeleteKeys.contains(userKey) && !stringUtil.isEmpty(userKey)){
+						permMapDeleteKeys.add(userKey);
+					}
+				}
+				for (VXPermMap permMap : permMapListtoDelete) {
+					if(permMap!=null){
+						if(permMap==null||permMap.getPermFor()==0||(permMap.getUserId()==null && permMap.getGroupId()==null)){
+							continue;					
+						}
+						userKey=null;
+						if(permMap.getPermFor()==AppConstants.XA_PERM_FOR_USER){
+							userKey=permMap.getPermFor()+"_"+permMap.getUserId();
+						}
+						if(permMap.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
+							userKey=permMap.getPermFor()+"_"+permMap.getGroupId();
+						}
+						if(permMapDeleteKeys.contains(userKey)){
+							xPermMapService.deleteResource(permMap.getId());
+							trxLogListDelete.addAll(xPermMapService.getTransactionLog(permMap,"delete"));
+						}					
+					}
+				}//permission deletion processing end
+				xaBizUtil.createTrxLog(trxLogListDelete);	
+			}
+		}
+		
 		//update case
 		if(vXResourceList!=null && vXResourceList.getListSize()>0){
 			XXResource xXResource = xADaoManager.getXXResource().getById(vXResource.getId());

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/cb728432/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/rest/AssetREST.java b/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
index 5d21f93..873dfa9 100644
--- a/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
+++ b/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
@@ -577,7 +577,7 @@ public class AssetREST {
 		boolean isValidAuthentication=assetMgr.isValidHttpsAuthentication(repository,certchain,httpEnabled,ipAddress,isSecure);
 		if(isValidAuthentication){			
 			VXResource vXResource = xPolicyService.mapPublicToXAObject(vXPolicy,AbstractBaseResourceService.OPERATION_CREATE_CONTEXT);
-			vXResource=assetMgr.grantXResource(vXResource);
+			vXResource=assetMgr.grantXResource(vXResource,vXPolicy);
 			vXResource.setPermMapList(xPolicyService.updatePermGroup(vXResource));
 			vXPolicy=xPolicyService.mapXAToPublicObject(vXResource);	
 			vXPolicy.syncResponseWithJsonRequest();			

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/cb728432/security-admin/src/main/java/com/xasecure/view/VXPolicy.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/view/VXPolicy.java b/security-admin/src/main/java/com/xasecure/view/VXPolicy.java
index 6da75f8..90fb5c5 100644
--- a/security-admin/src/main/java/com/xasecure/view/VXPolicy.java
+++ b/security-admin/src/main/java/com/xasecure/view/VXPolicy.java
@@ -113,12 +113,14 @@ public class VXPolicy extends VXDataObject implements java.io.Serializable
{
 	protected String version;
 
 	protected String grantor;
+	protected boolean replacePerm;
 
 	/**
 	 * Default constructor. This will set all the attributes to default value.
 	 */
 	public VXPolicy() {
 		isRecursive = false;
+		replacePerm=false;
 	}
 
 	/**
@@ -509,6 +511,14 @@ public class VXPolicy extends VXDataObject implements java.io.Serializable
{
 		this.grantor = grantor;
 	}
 
+	public boolean isReplacePerm() {
+		return replacePerm;
+	}
+
+	public void setReplacePerm(boolean replacePerm) {
+		this.replacePerm = replacePerm;
+	}	
+
 	@Override
 	public int getMyClassType() {
 		return AppConstants.CLASS_TYPE_XA_RESOURCE;
@@ -555,5 +565,5 @@ public class VXPolicy extends VXDataObject implements java.io.Serializable
{
 		this.setRepositoryType(null);		
 		this.setVersion(null);
 		this.setIsRecursive(new Boolean(null));
-	}	
+	}
 }


Mime
View raw message