ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From v..@apache.org
Subject ranger git commit: RANGER-1336 : audit based policy that has no policy item are not exported in CSV file
Date Wed, 01 Feb 2017 20:39:04 GMT
Repository: ranger
Updated Branches:
  refs/heads/master ed6488361 -> 7fe9290b1


RANGER-1336 : audit based policy that has no policy item are not exported in CSV file

Signed-off-by: Velmurugan Periasamy <vel@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/7fe9290b
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/7fe9290b
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/7fe9290b

Branch: refs/heads/master
Commit: 7fe9290b174121025960535ebccb2b0d91e1855e
Parents: ed64883
Author: Gautam Borad <gautam@apache.org>
Authored: Tue Jan 31 10:13:29 2017 +0530
Committer: Velmurugan Periasamy <vel@apache.org>
Committed: Wed Feb 1 15:30:03 2017 -0500

----------------------------------------------------------------------
 .../hadoop/crypto/key/RangerMasterKey.java      |  22 ++-
 .../crypto/key/kms/server/KMSMetricUtil.java    | 178 +++++++++----------
 .../org/apache/ranger/biz/ServiceDBStore.java   |  89 ++++++----
 3 files changed, 152 insertions(+), 137 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/7fe9290b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
index 021685c..009bcf4 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
@@ -205,10 +205,13 @@ public class RangerMasterKey implements RangerKMSMKI{
 	}
 	private byte[] encryptKey(byte[] data, PBEKeySpec keyspec) throws Throwable {
 		SecretKey key = getPasswordKey(keyspec);
-		PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount());
-		Cipher c = Cipher.getInstance(key.getAlgorithm());
-		c.init(Cipher.ENCRYPT_MODE, key,paramSpec);
-		return c.doFinal(data);
+		if(keyspec != null && keyspec.getSalt() != null){
+			PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount());
+			Cipher c = Cipher.getInstance(key.getAlgorithm());
+			c.init(Cipher.ENCRYPT_MODE, key,paramSpec);
+			return c.doFinal(data);
+		}
+		return null;
 	}
 	private SecretKey getPasswordKey(PBEKeySpec keyspec) throws Throwable {
 		SecretKeyFactory factory = SecretKeyFactory.getInstance(PBE_ALGO);
@@ -216,10 +219,13 @@ public class RangerMasterKey implements RangerKMSMKI{
 	}
 	private byte[] decryptKey(byte[] encrypted, PBEKeySpec keyspec) throws Throwable {
 		SecretKey key = getPasswordKey(keyspec);
-		PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount());
-		Cipher c = Cipher.getInstance(key.getAlgorithm());
-		c.init(Cipher.DECRYPT_MODE, key, paramSpec);
-		return c.doFinal(encrypted);
+		if(keyspec != null && keyspec.getSalt() != null){
+			PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount());
+			Cipher c = Cipher.getInstance(key.getAlgorithm());
+			c.init(Cipher.DECRYPT_MODE, key, paramSpec);
+			return c.doFinal(encrypted);
+		}
+		return null;
 	}
 	private SecretKey getMasterKeyFromBytes(byte[] keyData) throws Throwable {
 		return new SecretKeySpec(keyData, MK_CIPHER);

http://git-wip-us.apache.org/repos/asf/ranger/blob/7fe9290b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java
b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java
index 22fb03c..71ebb8d 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java
@@ -58,112 +58,102 @@ public class KMSMetricUtil {
 	
 	@SuppressWarnings("static-access")
 	private void getKMSMetricCalculation(String caseValue) {
-		logger.info("Metric Type : " + caseValue);		
-		try
-		{
+		logger.info("Metric Type : " + caseValue);
+		try {
 			switch (caseValue.toLowerCase()) {
-				case "hsmenabled":
-					try {
-						KMSConfiguration kmsConfig = new KMSConfiguration();
-						if(kmsConfig != null && kmsConfig.getACLsConf() != null) {
-							String hsmEnabledValue = kmsConfig.getACLsConf().get(HSM_ENABLED);
-							Map<String,String> hsmEnabledMap = new HashMap<String, String>();
-							if(hsmEnabledValue != null){								
-								hsmEnabledMap.put("HSMEnabled", hsmEnabledValue);
-								Gson gson = new GsonBuilder().create();
-								final String jsonHSMEnabled = gson.toJson(hsmEnabledMap);
-								System.out.println(jsonHSMEnabled);
-							} else {
-								hsmEnabledMap.put("HSMEnabled", "");
-								Gson gson = new GsonBuilder().create();
-								final String jsonHSMEnabled = gson.toJson(hsmEnabledMap);
-								System.out.println(jsonHSMEnabled);
-							}
+			case "hsmenabled":
+				try {
+					KMSConfiguration kmsConfig = new KMSConfiguration();
+					if (kmsConfig != null && kmsConfig.getACLsConf() != null) {
+						String hsmEnabledValue = kmsConfig.getACLsConf().get(HSM_ENABLED);
+						Map<String, String> hsmEnabledMap = new HashMap<String, String>();
+						if (hsmEnabledValue != null) {
+							hsmEnabledMap.put("hsmEnabled", hsmEnabledValue);
+							Gson gson = new GsonBuilder().create();
+							final String jsonHSMEnabled = gson.toJson(hsmEnabledMap);
+							System.out.println(jsonHSMEnabled);
+						} else {
+							hsmEnabledMap.put("hsmEnabled", "");
+							Gson gson = new GsonBuilder().create();
+							final String jsonHSMEnabled = gson.toJson(hsmEnabledMap);
+							System.out.println(jsonHSMEnabled);
 						}
 					}
-					catch (Exception e) {
-						logger.error("Error calculating KMSMetric for HSM enabled : "+e.getMessage());
-					}
-					break;
-				case "encryptedkey":					
-					try	{
-					   KMSWebApp kmsWebAppEncryptedKey = new KMSWebApp();
-					   if(kmsWebAppEncryptedKey != null){
-						   kmsWebAppEncryptedKey.contextInitialized(null);
-						   KeyProviderCryptoExtension keyProvider = kmsWebAppEncryptedKey.getKeyProvider();
-						   if(keyProvider != null && keyProvider.getKeys() != null){
-							   Integer encryptedKeyCount = keyProvider.getKeys().size();
-							   if(encryptedKeyCount != null){
-								   Map<String,Integer> encryptedKeyCountValueMap = new HashMap<String, Integer>();

-								   encryptedKeyCountValueMap.put("encryptedKeycount", encryptedKeyCount);
-								   Gson gson = new GsonBuilder().create();
-								   final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap);
-								   System.out.println(jsonEncKeycount);
-							  }else{
-								  Map<String,String> encryptedKeyCountValueMap = new HashMap<String, String>();

-								   encryptedKeyCountValueMap.put("encryptedKeycount","");
-								   Gson gson = new GsonBuilder().create();
-								   final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap);
-								   System.out.println(jsonEncKeycount);
-							  }
-							   
-						   }
-						   kmsWebAppEncryptedKey.contextDestroyed(null);
-					   }
+				} catch (Exception e) {
+					logger.error("Error calculating KMSMetric for HSM enabled : " + e.getMessage());
+				}
+				break;
+			case "encryptedkey":
+				try {
+					KMSWebApp kmsWebAppEncryptedKey = new KMSWebApp();
+					if (kmsWebAppEncryptedKey != null) {
+						kmsWebAppEncryptedKey.contextInitialized(null);
+						KeyProviderCryptoExtension keyProvider = kmsWebAppEncryptedKey.getKeyProvider();
+						if (keyProvider != null && keyProvider.getKeys() != null) {
+							Integer encryptedKeyCount = keyProvider.getKeys().size();
+							Map<String, Integer> encryptedKeyCountValueMap = new HashMap<String, Integer>();
+							encryptedKeyCountValueMap.put("encryptedKeyCount", encryptedKeyCount);
+							Gson gson = new GsonBuilder().create();
+							final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap);
+							System.out.println(jsonEncKeycount);
+						} else {
+							Map<String, String> encryptedKeyCountValueMap = new HashMap<String, String>();
+							encryptedKeyCountValueMap.put("encryptedKeyCount", "");
+							Gson gson = new GsonBuilder().create();
+							final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap);
+							System.out.println(jsonEncKeycount);
+						}
+						kmsWebAppEncryptedKey.contextDestroyed(null);
 					}
-					catch(Exception e){
-					  logger.error("Error calculating KMSMetric for encrypted key count: "+e.getMessage());
-					}					
-					break;
-				case "encryptedkeybyalgorithm":
-					try {	
-						KMSWebApp kmsWebApp = new KMSWebApp();
-						if(kmsWebApp != null)
-						{
-							kmsWebApp.contextInitialized(null);
-							KeyProviderCryptoExtension keyProvider = kmsWebApp.getKeyProvider();
-							if(keyProvider != null && keyProvider.getKeys() != null){
-								List<String> keyList = new ArrayList<String>(); 
-								keyList.addAll(keyProvider.getKeys());
-								if(keyList != null){
-								Map<String,Integer> encryptedKeyByAlgorithmCountMap = new HashMap<String,
Integer>();
+				} catch (Exception e) {
+					logger.error("Error calculating KMSMetric for encrypted key count: " + e.getMessage());
+				}
+				break;
+			case "encryptedkeybyalgorithm":
+				try {
+					KMSWebApp kmsWebApp = new KMSWebApp();
+					if (kmsWebApp != null) {
+						kmsWebApp.contextInitialized(null);
+						KeyProviderCryptoExtension keyProvider = kmsWebApp.getKeyProvider();
+						if (keyProvider != null && keyProvider.getKeys() != null) {
+							List<String> keyList = new ArrayList<String>();
+							keyList.addAll(keyProvider.getKeys());
+							if (keyList != null) {
+								Map<String, Integer> encryptedKeyByAlgorithmCountMap = new HashMap<String,
Integer>();
 								int count = 0;
 								for (int i = 0; i < keyList.size(); i++) {
-									 String algorithmName = keyProvider.getMetadata(keyList.get(i)).getCipher();
-									 if(encryptedKeyByAlgorithmCountMap.containsKey(algorithmName)) {
-										 count = encryptedKeyByAlgorithmCountMap.get(algorithmName);
-										 count += 1;
-										 encryptedKeyByAlgorithmCountMap.put(algorithmName, count);
-									 }
-									 else {
-										 encryptedKeyByAlgorithmCountMap.put(algorithmName, 1);
-									 }
+									String algorithmName = keyProvider.getMetadata(keyList.get(i)).getCipher();
+									if (encryptedKeyByAlgorithmCountMap.containsKey(algorithmName)) {
+										count = encryptedKeyByAlgorithmCountMap.get(algorithmName);
+										count += 1;
+										encryptedKeyByAlgorithmCountMap.put(algorithmName, count);
+									} else {
+										encryptedKeyByAlgorithmCountMap.put(algorithmName, 1);
+									}
 								}
 								Gson gson = new GsonBuilder().create();
 								final String jsonEncKeyByAlgo = gson.toJson(encryptedKeyByAlgorithmCountMap);
 								System.out.println(jsonEncKeyByAlgo);
-								}
-								kmsWebApp.contextDestroyed(null);
-							}else{
-								Map<String,String> encryptedKeyByAlgorithmCountMap = new HashMap<String,
String>();
-								encryptedKeyByAlgorithmCountMap.put("encryptedkeybyalgorithm", " ");
-								Gson gson = new GsonBuilder().create();
-								final String jsonEncKeyByAlgo = gson.toJson(encryptedKeyByAlgorithmCountMap);
-								System.out.println(jsonEncKeyByAlgo);
-							}								
+							}
+							kmsWebApp.contextDestroyed(null);
+						} else {
+							Map<String, String> encryptedKeyByAlgorithmCountMap = new HashMap<String,
String>();
+							encryptedKeyByAlgorithmCountMap.put("encryptedKeyByAlgorithm", "");
+							Gson gson = new GsonBuilder().create();
+							final String jsonEncKeyByAlgo = gson.toJson(encryptedKeyByAlgorithmCountMap);
+							System.out.println(jsonEncKeyByAlgo);
 						}
-					} 
-					catch (IOException e) {
-						logger.error("Error calculating KMSMetric for encrypted key by algorithm : "+e.getMessage());
 					}
-					break;					
-				default:
-					System.out.println("type: Incorrect Arguments usage : For KMSMetric Usage: metric -type
 hsmenabled | encryptedkey | encryptedkeybyalgorithm");
-					break;
-			}			
-		}
-		catch (Exception e) {
-			logger.error("Error calculating KMSMetric : "+e.getMessage());
+				} catch (IOException e) {
+					logger.error("Error calculating KMSMetric for encrypted key by algorithm : " + e.getMessage());
+				}
+				break;
+			default:
+				System.out.println("type: Incorrect Arguments usage : For KMSMetric Usage: metric -type
 hsmenabled | encryptedkey | encryptedkeybyalgorithm");
+				break;
+			}
+		} catch (Exception e) {
+			logger.error("Error calculating KMSMetric : " + e.getMessage());
 		}
 	}
 }

http://git-wip-us.apache.org/repos/asf/ranger/blob/7fe9290b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 9a4e571..cb67b6a 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -1980,7 +1980,7 @@ public class ServiceDBStore extends AbstractServiceStore {
 			String timeStamp = new SimpleDateFormat("yyyyMMdd_HHmmss").format(new Date());
 			CSVFileName = "Ranger_Policies_" + timeStamp + ".csv";
 			out = response.getOutputStream();
-			StringBuffer sb = writeCSV(policies, CSVFileName, response);
+			StringBuilder sb = writeCSV(policies, CSVFileName, response);
 			IOUtils.write(sb.toString(), out, "UTF-8");
 		} catch (Exception e) {
 			LOG.error("Error while generating report file " + CSVFileName, e);
@@ -3244,12 +3244,12 @@ public class ServiceDBStore extends AbstractServiceStore {
 		}
 	}
 
-	private StringBuffer writeCSV(List<RangerPolicy> policies, String cSVFileName, HttpServletResponse
response) {
+	private StringBuilder writeCSV(List<RangerPolicy> policies, String cSVFileName, HttpServletResponse
response) {
 		response.setContentType("text/csv");
 		final String COMMA_DELIMITER = "|";
 		final String LINE_SEPARATOR = "\n";
 		final String FILE_HEADER = "ID|Name|Resources|Groups|Users|Accesses|Service Type|Status";
-		StringBuffer csvBuffer = new StringBuffer();
+		StringBuilder csvBuffer = new StringBuilder();
 		csvBuffer.append(FILE_HEADER);
 		csvBuffer.append(LINE_SEPARATOR);
 		for (RangerPolicy policy : policies) {
@@ -3401,9 +3401,7 @@ public class ServiceDBStore extends AbstractServiceStore {
 					csvBuffer.append(COMMA_DELIMITER);
 					csvBuffer.append(LINE_SEPARATOR);
 				}
-			}
-
-			else {
+			} else {
 				Map<String, RangerPolicyResource> resources = policy.getResources();
 				if (resources != null) {
 					for (Entry<String, RangerPolicyResource> resource : resources.entrySet()) {
@@ -3417,39 +3415,59 @@ public class ServiceDBStore extends AbstractServiceStore {
 				resourceKeyVal = resKeyVal.toString();
 				resourceKeyVal = resourceKeyVal.substring(1);
 
-				for (RangerPolicyItem policyItem : policyItems) {
-					groups = null;
-					users = null;
-					accesses = null;
-					groupNames = "";
-					userNames = "";
-					accessType = "";
-					groups = policyItem.getGroups();
-					users = policyItem.getUsers();
-					accesses = policyItem.getAccesses();
-
-					if (CollectionUtils.isNotEmpty(accesses)) {
-						for (RangerPolicyItemAccess access : accesses) {
-							accessType = accessType + access.getType().replace("#", "").replace("|","") + "#";
+				if (CollectionUtils.isNotEmpty(policyItems)) {
+					for (RangerPolicyItem policyItem : policyItems) {
+						groups = null;
+						users = null;
+						accesses = null;
+						groupNames = "";
+						userNames = "";
+						accessType = "";
+						groups = policyItem.getGroups();
+						users = policyItem.getUsers();
+						accesses = policyItem.getAccesses();
+
+						if (CollectionUtils.isNotEmpty(accesses)) {
+							for (RangerPolicyItemAccess access : accesses) {
+								accessType = accessType + access.getType().replace("#", "").replace("|", "") + "#";
+							}
+							accessType = accessType.substring(0, accessType.lastIndexOf("#"));
 						}
-						accessType = accessType.substring(0, accessType.lastIndexOf("#"));
-					}
-					if (CollectionUtils.isNotEmpty(groups)) {
-						for (String group : groups){
-							group=group.replace("|", "");
-							group=group.replace("#", "");
-							groupNames=groupNames+group+ "#";
+						if (CollectionUtils.isNotEmpty(groups)) {
+							for (String group : groups) {
+								group = group.replace("|", "");
+								group = group.replace("#", "");
+								groupNames = groupNames + group + "#";
+							}
+							groupNames = groupNames.substring(0, groupNames.lastIndexOf("#"));
 						}
-						groupNames = groupNames.substring(0, groupNames.lastIndexOf("#"));
-					}
-					if (CollectionUtils.isNotEmpty(users)) {
-						for (String user : users){
-							user=user.replace("|", "");
-							user=user.replace("#", "");
-							userNames=userNames +user + "#";
+						if (CollectionUtils.isNotEmpty(users)) {
+							for (String user : users) {
+								user = user.replace("|", "");
+								user = user.replace("#", "");
+								userNames = userNames + user + "#";
+							}
+							userNames = userNames.substring(0, userNames.lastIndexOf("#"));
 						}
-						userNames=userNames.substring(0,userNames.lastIndexOf("#"));
+						csvBuffer.append(policyId);
+						csvBuffer.append(COMMA_DELIMITER);
+						csvBuffer.append(policyName);
+						csvBuffer.append(COMMA_DELIMITER);
+						csvBuffer.append(resourceKeyVal);
+						csvBuffer.append(COMMA_DELIMITER);
+						csvBuffer.append(groupNames);
+						csvBuffer.append(COMMA_DELIMITER);
+						csvBuffer.append(userNames);
+						csvBuffer.append(COMMA_DELIMITER);
+						csvBuffer.append(accessType);
+						csvBuffer.append(COMMA_DELIMITER);
+						csvBuffer.append(ServiceType);
+						csvBuffer.append(COMMA_DELIMITER);
+						csvBuffer.append(policyStatus);
+						csvBuffer.append(COMMA_DELIMITER);
+						csvBuffer.append(LINE_SEPARATOR);
 					}
+				} else {
 					csvBuffer.append(policyId);
 					csvBuffer.append(COMMA_DELIMITER);
 					csvBuffer.append(policyName);
@@ -3502,6 +3520,7 @@ public class ServiceDBStore extends AbstractServiceStore {
 
 		try {
 			out = response.getOutputStream();
+			response.setStatus(HttpServletResponse.SC_OK);
 			IOUtils.write(json, out, "UTF-8");
 		} catch (Exception e) {
 			LOG.error("Error while exporting json file " + jsonFileName, e);


Mime
View raw message