ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From me...@apache.org
Subject ranger git commit: RANGER-1963 : Show actual hive query on ranger audit UI
Date Wed, 21 Feb 2018 12:50:09 GMT
Repository: ranger
Updated Branches:
  refs/heads/master 3286f6a55 -> 9b1ddbf3f


RANGER-1963 : Show actual hive query on ranger audit UI

Signed-off-by: Mehul Parikh <mehul@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/9b1ddbf3
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/9b1ddbf3
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/9b1ddbf3

Branch: refs/heads/master
Commit: 9b1ddbf3ffe2ecbbb0912e533c9c5a321dbd37e9
Parents: 3286f6a
Author: Nikhil P <nikhil.purbhe@gmail.com>
Authored: Wed Feb 14 14:22:37 2018 +0530
Committer: Mehul Parikh <mehul@apache.org>
Committed: Wed Feb 21 18:19:42 2018 +0530

----------------------------------------------------------------------
 .../ranger/service/XAccessAuditService.java     | 16 +++++-
 .../ranger/solr/SolrAccessAuditsService.java    | 19 +++++--
 .../resources/conf.dist/ranger-admin-site.xml   |  6 +++
 .../src/main/webapp/scripts/utils/XAUtils.js    |  3 ++
 .../main/webapp/scripts/utils/XAViewUtils.js    | 57 +++++++++++++++++++-
 .../webapp/scripts/views/reports/AuditLayout.js | 29 ++++++----
 security-admin/src/main/webapp/styles/xa.css    | 26 ++++++---
 .../templates/reports/AuditLayout_tmpl.html     |  2 +-
 8 files changed, 133 insertions(+), 25 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/9b1ddbf3/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
index 5d03fb2..4c8ed83 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
@@ -19,11 +19,13 @@
 
  package org.apache.ranger.service;
 
+import java.io.UnsupportedEncodingException;
 import java.util.ArrayList;
 import java.util.List;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
+import org.apache.ranger.common.PropertiesUtil;
 import org.apache.ranger.common.SearchCriteria;
 import org.apache.ranger.common.SearchField;
 import org.apache.ranger.common.SearchField.DATA_TYPE;
@@ -41,6 +43,7 @@ import org.springframework.stereotype.Service;
 @Service
 @Scope("singleton")
 public class XAccessAuditService extends XAccessAuditServiceBase<XXAccessAudit, VXAccessAudit>{
+
 	public static final String NAME = "XAccessAudit";
 	protected final String distinctCountQueryStr;
 	protected final String distinctQueryStr;
@@ -159,7 +162,7 @@ public class XAccessAuditService extends XAccessAuditServiceBase<XXAccessAudit,
 
         List<XXAccessAudit> resultList = (List<XXAccessAudit>) searchResources(searchCriteria,
                 searchFields, sortFields, returnList);
-
+        final boolean hiveQueryVisibility = PropertiesUtil.getBooleanProperty("ranger.audit.hive.query.visibility",
true);
         // Iterate over the result list and create the return list
         for (XXAccessAudit gjXAccessAudit : resultList) {
             VXAccessAudit vXAccessAudit = populateViewBean(gjXAccessAudit);
@@ -168,7 +171,16 @@ public class XAccessAuditService extends XAccessAuditServiceBase<XXAccessAudit,
                 if(StringUtils.equalsIgnoreCase(vXAccessAudit.getAclEnforcer(), RangerHadoopConstants.DEFAULT_XASECURE_MODULE_ACL_NAME))
{
                     vXAccessAudit.setAclEnforcer(RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME);
                 }
-
+                                if (!hiveQueryVisibility && "hive".equalsIgnoreCase(vXAccessAudit.getServiceType()))
{
+                                        vXAccessAudit.setRequestData(null);
+                                }
+                                else if("hive".equalsIgnoreCase(vXAccessAudit.getServiceType())
&& ("grant".equalsIgnoreCase(vXAccessAudit.getAccessType()) || "revoke".equalsIgnoreCase(vXAccessAudit.getAccessType()))){
+                                        try {
+                                                vXAccessAudit.setRequestData(java.net.URLDecoder.decode(vXAccessAudit.getRequestData(),
"UTF-8"));
+                                        } catch (UnsupportedEncodingException e) {
+                                                logger.warn("Error while encoding request
data");
+                                        }
+                                }
                 xAccessAuditList.add(vXAccessAudit);
             }
         }

http://git-wip-us.apache.org/repos/asf/ranger/blob/9b1ddbf3/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
b/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
index a3c693e..7dcb074 100644
--- a/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
+++ b/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
@@ -19,11 +19,13 @@
 
 package org.apache.ranger.solr;
 
+import java.io.UnsupportedEncodingException;
 import java.util.ArrayList;
 import java.util.List;
 
 import org.apache.log4j.Logger;
 import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.PropertiesUtil;
 import org.apache.ranger.common.RESTErrorUtil;
 import org.apache.ranger.common.SearchCriteria;
 import org.apache.ranger.common.SearchField;
@@ -126,7 +128,7 @@ public class SolrAccessAuditsService {
 
 		// Make call to Solr
 		SolrClient solrClient = solrMgr.getSolrClient();
-
+                final boolean hiveQueryVisibility = PropertiesUtil.getBooleanProperty("ranger.audit.hive.query.visibility",
true);
 		if (solrClient == null) {
 			logger.warn("Solr client is null, so not running the query.");
 			throw restErrorUtil.createRESTException(
@@ -141,11 +143,22 @@ public class SolrAccessAuditsService {
 		SolrDocumentList docs = response.getResults();
 		for (int i = 0; i < docs.size(); i++) {
 			SolrDocument doc = docs.get(i);
-			
 			VXAccessAudit vXAccessAudit = populateViewBean(doc);
+                        if (vXAccessAudit != null) {
+                                if (!hiveQueryVisibility && "hive".equalsIgnoreCase(vXAccessAudit.getServiceType()))
{
+                                        vXAccessAudit.setRequestData(null);
+                                }
+                                else if("hive".equalsIgnoreCase(vXAccessAudit.getServiceType())
&& "grant".equalsIgnoreCase(vXAccessAudit.getAccessType()) || "revoke".equalsIgnoreCase(vXAccessAudit.getAccessType())){
+                                        try {
+                                                vXAccessAudit.setRequestData(java.net.URLDecoder.decode(vXAccessAudit.getRequestData(),
"UTF-8"));
+                                        } catch (UnsupportedEncodingException e) {
+                                                logger.warn("Error while encoding request
data");
+                                        }
+                                }
+                        }
 			xAccessAuditList.add(vXAccessAudit);
 		}
-		
+
 		VXAccessAuditList returnList = new VXAccessAuditList();
 		returnList.setPageSize(searchCriteria.getMaxRows());
 		returnList.setResultSize(docs.size());

http://git-wip-us.apache.org/repos/asf/ranger/blob/9b1ddbf3/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
index 939d7e6..4d4a1de 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
@@ -280,6 +280,12 @@
         <name>ranger.kms.service.user.hive</name>
         <value>hive</value>
     </property>
+
+    <property>
+        <name>ranger.audit.hive.query.visibility</name>
+        <value>true</value>
+        <description></description>
+    </property>
     <property>
 		<name>ranger.service.https.attrib.keystore.credential.alias</name>
 		<value>keyStoreCredentialAlias</value>

http://git-wip-us.apache.org/repos/asf/ranger/blob/9b1ddbf3/security-admin/src/main/webapp/scripts/utils/XAUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 8fa7fca..0cc31a4 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -762,6 +762,9 @@ define(function(require) {
 		var search = function(searchCollection, serverAttrName, searchOpt,
 				collection) {
 			var params = {};
+                        if($('.popover')){
+                                $('.popover').remove();
+                        }
 			searchCollection.each(function(m) {
 				var serverParamName = _.findWhere(serverAttrName, {
 					text : m.attributes.category

http://git-wip-us.apache.org/repos/asf/ranger/blob/9b1ddbf3/security-admin/src/main/webapp/scripts/utils/XAViewUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAViewUtils.js b/security-admin/src/main/webapp/scripts/utils/XAViewUtils.js
index 08e1881..28a6b44 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAViewUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAViewUtils.js
@@ -22,7 +22,62 @@
 define(function(require) {
     'use strict';
 	
-	var XAViewUtil = {};
+    var XAEnums = require('utils/XAEnums');
+    var localization = require('utils/XALangSupport');
+    var XAViewUtil = {};
+
+    XAViewUtil.resourceTypeFormatter = function(rawValue, model){
+        var resourcePath = _.isUndefined(model.get('resourcePath')) ? undefined : model.get('resourcePath');
+        var resourceType = _.isUndefined(model.get('resourceType')) ? undefined : model.get('resourceType');
+        if(model.get('serviceType') == XAEnums.ServiceType.Service_HIVE.label &&
model.get('aclEnforcer') == "ranger-acl"
+            && model.get('requestData')){
+            if(resourcePath && !_.isEmpty(model.get('requestData'))) {
+                return '<div class="clearfix">\
+                            <div class="pull-left resourceText" title="'+ resourcePath+'">'+resourcePath+'</div>\
+                            <div class="pull-right">\
+                                <i class="icon-table queryInfo" title="Query Info" data-id
="'+model.get('id')+'"data-name = "queryInfo"></i>\
+                            </div>\
+                        </div>\
+                        <div title="'+resourceType+'" class="border-top-1">'+resourceType+'</div>';
+            }else{
+                return '<div class="clearfix">\
+                            <div class="pull-left">--</div>\
+                            <div class="pull-right">\
+                                <i class="icon-table queryInfo" title="Query Info" data-id
="'+model.get('id')+'"data-name = "queryInfo"></i>\
+                            </div>\
+                        </div>';
+            }
+        }else{
+            if(resourcePath){
+                return '<div class ="resourceText" title="'+resourcePath+'">'+resourcePath+'</div>\
+                        <div title="'+resourceType+'" class="border-top-1">'+resourceType+'</div>';
+            }else{
+                return '--';
+            }
+        }
+    };
+
+    XAViewUtil.showQueryPopup = function(model, that){
+        if(model.get('serviceType') == XAEnums.ServiceType.Service_HIVE.label &&
model.get('aclEnforcer') == "ranger-acl"
+            && model.get('requestData') && !_.isEmpty(model.get('requestData'))){
+            var msg = '<div class="query-content">'+model.get('requestData')+'</div>';
+            var $elements = that.$el.find('table [data-name = "queryInfo"][data-id = "'+model.id+'"]');
+            $elements.popover({
+                html: true,
+                title:'<b> Query </b>'+
+                '<button type="button"  id="queryInfoClose" class="close closeBtn" onclick="$(&quot;.queryInfo&quot;).popover(&quot;hide&quot;);">&times;</button>',
+                content: msg,
+                selector : true,
+                container:'body',
+                placement: 'top',
+            }).on("click", function(e){
+                e.stopPropagation();
+                if($(e.target).data('toggle') !== 'popover' && $(e.target).parents('.popover.in').length
=== 0){
+                    $('.queryInfo').not(this).popover('hide');
+                }
+            });
+        }
+    };
 	
 	return XAViewUtil;
 

http://git-wip-us.apache.org/repos/asf/ranger/blob/9b1ddbf3/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
index 338943f..d2703c0 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
@@ -31,6 +31,7 @@ define(function(require) {
 	var XATableLayout	= require('views/common/XATableLayout');
 	var localization	= require('utils/XALangSupport');
 	var SessionMgr 		= require('mgrs/SessionMgr');
+	var XAViewUtils		= require('utils/XAViewUtils');
 	
 	var VXAuthSession				= require('collections/VXAuthSessionList');
 	var VXTrxLogList   				= require('collections/VXTrxLogList');
@@ -88,7 +89,8 @@ define(function(require) {
             'iconSearchInfo' : '[data-id="searchInfo"]',
             btnShowMore : '[data-id="showMore"]',
                         btnShowLess : '[data-id="showLess"]',
-			
+            iconqueryInfo : '[data-name="queryInfo"]',
+            hidePopup : '[data-id="hide-popup"]'
 		},
 
 		/** ui events hash */
@@ -99,7 +101,10 @@ define(function(require) {
 			events['click '+this.ui.tab+' a']		   = 'onTabChange';
                         events['click ' + this.ui.btnShowMore]  = 'onShowMore';
                         events['click ' + this.ui.btnShowLess]  = 'onShowLess';
-			return events;
+            if(this.currentTab == '#bigData'){
+                events['click ' + this.ui.hidePopup]  = 'onClickOutSide';
+            }
+            return events;
 		},
 
 		/**
@@ -123,9 +128,15 @@ define(function(require) {
 
 		/** all events binding here */
 		bindEvents : function() {
-            this.listenTo(this.accessAuditList, "sync",this.showTagsAttributes, this);
+            this.listenTo(this.accessAuditList, "sync", this.showTagsAttributes, this);
 		},
 
+                onClickOutSide: function(){
+                        if($('.queryInfo') && this.currentTab == '#bigData'){
+                                $('.queryInfo').popover('hide');
+                        }
+                },
+
 		initializeServiceDefColl : function() {
 			this.serviceDefList	= new RangerServiceDefList();
 			this.serviceDefList.fetch({ 
@@ -146,7 +157,7 @@ define(function(require) {
 				this.addSearchForBigDataTab();
 				this.modifyTableForSubcolumns();
 			}
-            this.showTagsAttributes();
+			this.showTagsAttributes();
 
 		},
 		modifyTableForSubcolumns : function(){
@@ -192,7 +203,7 @@ define(function(require) {
 					this.addSearchForBigDataTab();
                     this.listenTo(this.accessAuditList, "request", that.updateLastRefresh);
                     this.ui.iconSearchInfo.show();
-                                        this.showTagsAttributes();
+                    this.showTagsAttributes();
 					break;
 				case "#admin":
 					this.currentTab = '#admin';
@@ -978,12 +989,7 @@ define(function(require) {
 						click: false,
 						formatter: _.extend({},Backgrid.CellFormatter.prototype,{
 							 fromRaw: function(rawValue,model) {
-								 var resourcePath = _.isUndefined(model.get('resourcePath')) ? undefined : model.get('resourcePath');
-								 var resourceType = _.isUndefined(model.get('resourceType')) ? undefined : model.get('resourceType');
-								 if(resourcePath) {
-								 return '<span title="'+resourcePath+'">'+resourcePath+'</span>\
-									<div title="'+resourceType+'" style="border-top: 1px solid #ddd;">'+resourceType+'</div>';
-								 }
+							     return XAViewUtils.resourceTypeFormatter(rawValue, model);
 							 }
 						}),
 						drag: false,
@@ -1580,6 +1586,7 @@ define(function(require) {
 
                                         });
                                 }
+                                XAViewUtils.showQueryPopup(model, that);
                         });
                 },
                 onShowMore : function(e){

http://git-wip-us.apache.org/repos/asf/ranger/blob/9b1ddbf3/security-admin/src/main/webapp/styles/xa.css
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/styles/xa.css b/security-admin/src/main/webapp/styles/xa.css
index ee13655..afda08f 100644
--- a/security-admin/src/main/webapp/styles/xa.css
+++ b/security-admin/src/main/webapp/styles/xa.css
@@ -1763,12 +1763,6 @@ margin-bottom: 12px !important;
 .margin-bottom-5{
 margin-bottom: 5px;
 }
-
-.popover-content {
-	/*overflow-y: auto;
-	max-height: 250px;*/
-	padding-right: 25px;
-}
 .margin-bottom-57 {
 	margin-bottom:57px;
 }
@@ -2238,4 +2232,22 @@ textarea:read-only{
 }
 .label-margin{
     margin-left: 10px;
-}
\ No newline at end of file
+}
+.resourceText{
+	overflow: hidden;
+	text-overflow: ellipsis;
+	width: 85%;
+}
+.closeBtn{
+	position: absolute;
+	top: 5px;
+	right: 4px;
+}
+.border-top-1 {
+	border-top: 1px solid #ddd;
+}
+.query-content {
+	font-style: italic;
+	max-height: 200px;
+	overflow-y: auto;
+}

http://git-wip-us.apache.org/repos/asf/ranger/blob/9b1ddbf3/security-admin/src/main/webapp/templates/reports/AuditLayout_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/reports/AuditLayout_tmpl.html b/security-admin/src/main/webapp/templates/reports/AuditLayout_tmpl.html
index bee65db..b977d3d 100644
--- a/security-admin/src/main/webapp/templates/reports/AuditLayout_tmpl.html
+++ b/security-admin/src/main/webapp/templates/reports/AuditLayout_tmpl.html
@@ -31,7 +31,7 @@
      <a data-toggle="tab" href="#bigData">{{tt 'h.access'}} </a> 
    </li> 
 </ul>
-<div class="wrap non-collapsible " style="margin-top:-6px;">
+<div class="wrap non-collapsible " data-id="hide-popup" style="margin-top:-6px;">
 	<div class="wrap well">
 		<div class="row-fluid">
                         <div class="span11">


Mime
View raw message