ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ab...@apache.org
Subject ranger git commit: RANGER-1482: 'Ranger KMS' repo is not getting created in manual installation
Date Mon, 03 Apr 2017 21:44:11 GMT
Repository: ranger
Updated Branches:
  refs/heads/ranger-0.7 6c0b06252 -> ceb556ee1


RANGER-1482: 'Ranger KMS' repo is not getting created in manual installation


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/ceb556ee
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/ceb556ee
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/ceb556ee

Branch: refs/heads/ranger-0.7
Commit: ceb556ee1c12227d6a50ece1fee7a1c8a6d7dd8f
Parents: 6c0b062
Author: Abhay Kulkarni <akulkarni@hortonworks.com>
Authored: Mon Apr 3 14:24:05 2017 -0700
Committer: Abhay Kulkarni <akulkarni@hortonworks.com>
Committed: Mon Apr 3 14:43:13 2017 -0700

----------------------------------------------------------------------
 .../ranger/services/tag/RangerServiceTag.java   |   1 +
 .../org/apache/ranger/biz/ServiceDBStore.java   | 103 +++++++++++++++++--
 2 files changed, 94 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/ceb556ee/agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java
b/agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java
index 05d3a9b..92f4164 100644
--- a/agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java
+++ b/agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java
@@ -163,6 +163,7 @@ public class RangerServiceTag extends RangerBaseService {
 					String value = RANGER_TAG_NAME_EXPIRES_ON;
 
 					tagPolicyResource.setValue(value);
+					defaultPolicy.setName(value);
 					defaultPolicy.setDescription("Policy for data with " + value + " tag");
 
 					List<RangerPolicy.RangerPolicyItem> defaultPolicyItems = defaultPolicy.getPolicyItems();

http://git-wip-us.apache.org/repos/asf/ranger/blob/ceb556ee/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 06475c1..f1248bc 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -54,6 +54,7 @@ import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
 import org.apache.ranger.common.AppConstants;
 import org.apache.ranger.common.ContextUtil;
 import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.RangerCommonEnums;
 import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
 import org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher;
 import org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher;
@@ -158,11 +159,13 @@ import org.apache.ranger.service.RangerServiceDefService;
 import org.apache.ranger.service.RangerServiceDefWithAssignedIdService;
 import org.apache.ranger.service.RangerServiceService;
 import org.apache.ranger.service.RangerServiceWithAssignedIdService;
+import org.apache.ranger.service.XGroupService;
 import org.apache.ranger.service.XUserService;
 import org.apache.ranger.view.RangerExportPolicyList;
 import org.apache.ranger.view.RangerPolicyList;
 import org.apache.ranger.view.RangerServiceDefList;
 import org.apache.ranger.view.RangerServiceList;
+import org.apache.ranger.view.VXGroup;
 import org.apache.ranger.view.VXString;
 import org.apache.ranger.view.VXUser;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -234,7 +237,10 @@ public class ServiceDBStore extends AbstractServiceStore {
 	
 	@Autowired
 	XUserMgr xUserMgr;
-	
+
+	@Autowired
+	XGroupService xGroupService;
+
 	@Autowired
 	RangerDataHistService dataHistService;
 
@@ -2456,20 +2462,97 @@ public class ServiceDBStore extends AbstractServiceStore {
 
 			List<RangerPolicy.RangerPolicyItemAccess> allAccesses = svc.getAndAllowAllAccesses();
 
-			for (RangerPolicy defaultPolicy : svc.getDefaultRangerPolicies()) {
+			List<RangerPolicy> defaultPolicies = svc.getDefaultRangerPolicies();
+
+			if (CollectionUtils.isNotEmpty(defaultPolicies)) {
 
-				if (CollectionUtils.isNotEmpty(serviceCheckUsers)
-				&& StringUtils.equalsIgnoreCase(defaultPolicy.getService(), createdService.getName()))
{
+				createDefaultPolicyUsersAndGroups(defaultPolicies);
 
-					RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
+				for (RangerPolicy defaultPolicy : defaultPolicies) {
+					if (CollectionUtils.isNotEmpty(serviceCheckUsers)
+							&& StringUtils.equalsIgnoreCase(defaultPolicy.getService(), createdService.getName()))
{
 
-					policyItem.setUsers(serviceCheckUsers);
-					policyItem.setAccesses(allAccesses);
-					policyItem.setDelegateAdmin(true);
+						RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
 
-					defaultPolicy.getPolicyItems().add(policyItem);
+						policyItem.setUsers(serviceCheckUsers);
+						policyItem.setAccesses(allAccesses);
+						policyItem.setDelegateAdmin(true);
+
+						defaultPolicy.getPolicyItems().add(policyItem);
+					}
+					createPolicy(defaultPolicy);
+				}
+			}
+		}
+	}
+
+	void createDefaultPolicyUsersAndGroups(List<RangerPolicy> defaultPolicies) {
+		Set<String> defaultPolicyUsers = new HashSet<String>();
+		Set<String> defaultPolicyGroups = new HashSet<String>();
+
+		for (RangerPolicy defaultPolicy : defaultPolicies) {
+
+			for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getPolicyItems()) {
+				defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
+				defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
+			}
+			for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getAllowExceptions()) {
+				defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
+				defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
+			}
+			for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getDenyPolicyItems()) {
+				defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
+				defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
+			}
+			for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getDenyExceptions()) {
+				defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
+				defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
+			}
+			for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getDataMaskPolicyItems()) {
+				defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
+				defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
+			}
+			for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getRowFilterPolicyItems()) {
+				defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
+				defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
+			}
+		}
+		for (String policyUser : defaultPolicyUsers) {
+			if (LOG.isDebugEnabled()) {
+				LOG.debug("Checking policyUser:[" + policyUser + "] for existence");
+			}
+			if (StringUtils.isNotBlank(policyUser) && !StringUtils.equals(policyUser, RangerPolicyEngine.USER_CURRENT)
+					&& !StringUtils.equals(policyUser, RangerPolicyEngine.RESOURCE_OWNER)) {
+				XXUser xxUser = daoMgr.getXXUser().findByUserName(policyUser);
+				if (xxUser == null) {
+					UserSessionBase usb = ContextUtil.getCurrentUserSession();
+					if (usb != null && !usb.isKeyAdmin() && !usb.isUserAdmin() &&
!usb.isSpnegoEnabled()) {
+						throw restErrorUtil.createRESTException("User does not exist with given username: ["
+								+ policyUser + "] please use existing user", MessageEnums.OPER_NO_PERMISSION);
+					}
+					xUserMgr.createServiceConfigUser(policyUser);
+				}
+			}
+		}
+		for (String policyGroup : defaultPolicyGroups) {
+			if (LOG.isDebugEnabled()) {
+				LOG.debug("Checking policyGroup:[" + policyGroup + "] for existence");
+			}
+			if (StringUtils.isNotBlank(policyGroup)) {
+				XXGroup xxGroup = daoMgr.getXXGroup().findByGroupName(policyGroup);
+				if (xxGroup == null) {
+					UserSessionBase usb = ContextUtil.getCurrentUserSession();
+					if (usb != null && !usb.isKeyAdmin() && !usb.isUserAdmin() &&
!usb.isSpnegoEnabled()) {
+						throw restErrorUtil.createRESTException("Group does not exist with given groupname:
["
+								+ policyGroup + "] please use existing group", MessageEnums.OPER_NO_PERMISSION);
+					}
+					VXGroup vXGroup = new VXGroup();
+					vXGroup.setName(policyGroup);
+					vXGroup.setDescription(policyGroup);
+					vXGroup.setGroupSource(RangerCommonEnums.GROUP_INTERNAL);
+					vXGroup.setIsVisible(RangerCommonEnums.IS_VISIBLE);
+					xGroupService.createResource(vXGroup);
 				}
-				createPolicy(defaultPolicy);
 			}
 		}
 	}


Mime
View raw message