This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new c9f8102 RANGER-2351 : Implement Import / Export of Policies by Zone
c9f8102 is described below
commit c9f8102cc8dfe80e15d12fa936e9956224d6238e
Author: Nikhil P <nikhil.pur...@gmail.com>
AuthorDate: Thu Apr 25 12:40:56 2019 +0530
RANGER-2351 : Implement Import / Export of Policies by Zone
Signed-off-by: Pradeep <prad...@apache.org>
---
.../apache/ranger/biz/RangerPolicyRetriever.java | 1 +
.../java/org/apache/ranger/biz/ServiceDBStore.java | 81 ++--
.../java/org/apache/ranger/db/XXPolicyDao.java | 13 +
.../ranger/db/XXSecurityZoneRefServiceDao.java | 24 ++
.../java/org/apache/ranger/rest/ServiceREST.java | 394 ++++++++++++-------
.../ranger/service/RangerBaseModelService.java | 3 +-
.../apache/ranger/service/RangerPolicyService.java | 14 +
.../ranger/service/RangerPolicyServiceBase.java | 1 +
.../main/resources/META-INF/jpa_named_queries.xml | 16 +
.../webapp/scripts/modules/globalize/message/en.js | 2 +
.../src/main/webapp/scripts/utils/XAGlobals.js | 4 +-
.../webapp/scripts/views/DownloadServicePolicy.js | 9 +-
.../webapp/scripts/views/UploadServicePolicy.js | 417 ++++++++++++---------
.../scripts/views/policymanager/ServiceLayout.js | 11 +-
.../webapp/scripts/views/reports/AuditLayout.js | 6 +-
.../views/reports/PlugableServiceDiffDetail.js | 6 +-
.../templates/common/uploadservicepolicy_tmpl.html | 62 +--
.../org/apache/ranger/rest/TestServiceREST.java | 65 +++-
18 files changed, 744 insertions(+), 385 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
index 1bd8dc0..f48a803 100644
---
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
+++
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
@@ -526,6 +526,7 @@ public class RangerPolicyRetriever {
ret.setVersion(xPolicy.getVersion());
ret.setPolicyType(xPolicy.getPolicyType() == null ?
RangerPolicy.POLICY_TYPE_ACCESS : xPolicy.getPolicyType());
ret.setService(service.getName());
+
ret.setServiceType(service.getType().toString());
ret.setZoneName(lookupCache.getSecurityZoneName(xPolicy.getZoneId()));
updatePolicyReferenceFields(ret);
getPolicyLabels(ret);
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 7ad0570..35dc940 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -1906,7 +1906,8 @@ public class ServiceDBStore extends AbstractServiceStore {
handlePolicyUpdate(service,
RangerPolicyDelta.CHANGE_TYPE_POLICY_CREATE, createdPolicy);
dataHistService.createObjectDataHistory(createdPolicy,
RangerDataHistService.ACTION_CREATE);
- List<XXTrxLog> trxLogList =
policyService.getTransactionLog(createdPolicy,
RangerPolicyService.OPERATION_CREATE_CONTEXT);
+ List<XXTrxLog> trxLogList = getTransactionLogList(createdPolicy,
+
RangerPolicyService.OPERATION_IMPORT_CREATE_CONTEXT,
RangerPolicyService.OPERATION_CREATE_CONTEXT);
bizUtil.createTrxLog(trxLogList);
return createdPolicy;
@@ -2039,7 +2040,8 @@ public class ServiceDBStore extends AbstractServiceStore {
policy.setVersion(version);
- List<XXTrxLog> trxLogList =
policyService.getTransactionLog(policy,
RangerPolicyService.OPERATION_DELETE_CONTEXT);
+ List<XXTrxLog> trxLogList = getTransactionLogList(policy,
RangerPolicyService.OPERATION_IMPORT_DELETE_CONTEXT,
+ RangerPolicyService.OPERATION_DELETE_CONTEXT);
policyRefUpdater.cleanupRefTables(policy);
deleteExistingPolicyLabel(policy);
@@ -2054,6 +2056,18 @@ public class ServiceDBStore extends AbstractServiceStore
{
LOG.info("Policy Deleted Successfully. PolicyName : " +
policyName);
}
+ List<XXTrxLog> getTransactionLogList(RangerPolicy policy, int
operationImportContext, int operationContext) {
+ List<XXTrxLog> trxLogList;
+ StackTraceElement[] trace =
Thread.currentThread().getStackTrace();
+ if (trace.length > 3 &&
(StringUtils.contains(trace[4].getMethodName(), "import") ||
+ StringUtils.contains(trace[5].getMethodName(), "import"))) {
+ trxLogList = policyService.getTransactionLog(policy,
operationImportContext);
+ } else {
+ trxLogList = policyService.getTransactionLog(policy,
operationContext);
+ }
+ return trxLogList;
+ }
+
@Override
public RangerPolicy getPolicy(Long id) throws Exception {
return policyService.read(id);
@@ -2165,7 +2179,7 @@ public class ServiceDBStore extends AbstractServiceStore {
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.getServicePolicies(" +
serviceId + ")");
}
-
+ String zoneName = filter.getParam("zoneName");
XXService service = daoMgr.getXXService().getById(serviceId);
if (service == null) {
@@ -2173,7 +2187,9 @@ public class ServiceDBStore extends AbstractServiceStore {
}
List<RangerPolicy> ret = getServicePolicies(service, filter);
-
+ if(StringUtils.isBlank(zoneName)) {
+ ret = noZoneFilter(ret);
+ }
if(LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.getServicePolicies(" +
serviceId + ") : policy-count=" + (ret == null ? 0 : ret.size()));
}
@@ -2181,6 +2197,16 @@ public class ServiceDBStore extends AbstractServiceStore
{
}
+ public List<RangerPolicy> noZoneFilter(List<RangerPolicy>
servicePolicies) {
+ List<RangerPolicy> noZonePolicies = new
ArrayList<RangerPolicy>();
+ for (RangerPolicy policy : servicePolicies) {
+ if (StringUtils.isBlank(policy.getZoneName())) {
+ noZonePolicies.add(policy);
+ }
+ }
+ return noZonePolicies;
+ }
+
public PList<RangerPolicy> getPaginatedServicePolicies(Long serviceId,
SearchFilter filter) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==>
ServiceDBStore.getPaginatedServicePolicies(" + serviceId + ")");
@@ -2207,7 +2233,7 @@ public class ServiceDBStore extends AbstractServiceStore {
}
List<RangerPolicy> ret = null;
-
+ String zoneName = filter.getParam("zoneName");
XXService service =
daoMgr.getXXService().findByName(serviceName);
if (service == null) {
@@ -2215,7 +2241,9 @@ public class ServiceDBStore extends AbstractServiceStore {
}
ret = getServicePolicies(service, filter);
-
+ if(StringUtils.isBlank(zoneName)) {
+ ret = noZoneFilter(ret);
+ }
if(LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.getServicePolicies(" +
serviceName + "): count=" + ((ret == null) ? 0 : ret.size()));
}
@@ -3850,25 +3878,24 @@ public class ServiceDBStore extends
AbstractServiceStore {
}
}
}
-
- public Map<String, String> getServiceMap(InputStream serviceMapStream)
- throws IOException {
+
+ public Map<String, String> getMapFromInputStream(InputStream mapStream)
throws IOException {
if (LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDBStore.getServiceMap()");
+ LOG.debug("==> ServiceDBStore.getMapFromInputStream()");
}
- Map<String, String> serviceMap = new LinkedHashMap<String,
String>();
- String serviceMapString = IOUtils.toString(serviceMapStream);
- if (StringUtils.isNotEmpty(serviceMapString)) {
- serviceMap = jsonUtil.jsonToMap(serviceMapString);
+ Map<String, String> inputMap = new LinkedHashMap<String,
String>();
+ String inputMapString = IOUtils.toString(mapStream);
+ if (StringUtils.isNotEmpty(inputMapString)) {
+ inputMap = jsonUtil.jsonToMap(inputMapString);
}
- if(!CollectionUtils.sizeIsEmpty(serviceMap)){
+ if (!CollectionUtils.sizeIsEmpty(inputMap)) {
if (LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDBStore.getServiceMap()");
+ LOG.debug("<==
ServiceDBStore.getMapFromInputStream()");
}
- return serviceMap;
- }else{
- LOG.error("Provided service map is empty!!");
- throw restErrorUtil.createRESTException("Provided
service map is empty!!");
+ return inputMap;
+ } else {
+ LOG.error("Provided zone/service input map is empty!!");
+ throw restErrorUtil.createRESTException("Provided
zone/service map is empty!!");
}
}
@@ -3876,7 +3903,8 @@ public class ServiceDBStore extends AbstractServiceStore {
if (StringUtils.isNotEmpty(policy.getName().trim())
&&
StringUtils.isNotEmpty(policy.getService().trim())
&&
StringUtils.isNotEmpty(policy.getResources().toString().trim())) {
- policiesMap.put(policy.getName().trim() + " " +
policy.getService().trim() + " " + policy.getResources().toString().trim(),
policy);
+ policiesMap.put(policy.getName().trim() + " " +
policy.getService().trim() + " "
+ +
policy.getResources().toString().trim() + " " + policy.getZoneName(), policy);
}else if (StringUtils.isEmpty(policy.getName().trim()) &&
StringUtils.isNotEmpty(policy.getService().trim())){
LOG.error("Policy Name is not provided for service : "
+ policy.getService().trim());
throw restErrorUtil.createRESTException("Policy Name is
not provided for service : " + policy.getService().trim());
@@ -3890,10 +3918,13 @@ public class ServiceDBStore extends
AbstractServiceStore {
return policiesMap;
}
- public Map<String, RangerPolicy> createPolicyMap(
- Map<String, String> servicesMappingMap,
- List<String> sourceServices, List<String>
destinationServices,
- RangerPolicy policy, Map<String, RangerPolicy>
policiesMap) {
+ public Map<String, RangerPolicy> createPolicyMap(Map<String, String>
zoneMappingMap, List<String> sourceZones,
+ String destinationZoneName, Map<String, String>
servicesMappingMap, List<String> sourceServices,
+ List<String> destinationServices, RangerPolicy policy,
Map<String, RangerPolicy> policiesMap) {
+
+ if (!CollectionUtils.sizeIsEmpty(zoneMappingMap)) {
+ policy.setZoneName(destinationZoneName);// set
destination zone name in policy.
+ }
if (!CollectionUtils.sizeIsEmpty(servicesMappingMap)) {
if (!StringUtils.isEmpty(policy.getService().trim())){
if
(sourceServices.contains(policy.getService().trim())) {
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
index 6cb85f9..5d513bd 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
@@ -64,6 +64,19 @@ public class XXPolicyDao extends BaseDao<XXPolicy> {
return ret;
}
+ public XXPolicy findByPolicyName(String polName) {
+ if (polName == null) {
+ return null;
+ }
+ try {
+ XXPolicy xPol =
getEntityManager().createNamedQuery("XXPolicy.findByPolicyName", tClass)
+ .setParameter("polName",
polName).getSingleResult();
+ return xPol;
+ } catch (NoResultException e) {
+ return null;
+ }
+ }
+
public List<XXPolicy> findByServiceId(Long serviceId) {
if (serviceId == null) {
return new ArrayList<XXPolicy>();
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java
index d568d81..f5c1a88 100644
---
a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java
+++
b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java
@@ -59,4 +59,28 @@ public class XXSecurityZoneRefServiceDao extends
BaseDao<XXSecurityZoneRefServic
return Collections.emptyList();
}
}
+
+ public List<XXSecurityZoneRefService> findByServiceName(String
serviceName) {
+ if (serviceName == null) {
+ return Collections.emptyList();
+ }
+ try {
+ return
getEntityManager().createNamedQuery("XXSecurityZoneRefService.findByServiceName",
tClass)
+ .setParameter("serviceName",
serviceName).getResultList();
+ } catch (NoResultException e) {
+ return Collections.emptyList();
+ }
+ }
+
+ public List<XXSecurityZoneRefService> findByServiceNameAndZoneId(String
serviceName, Long zoneId) {
+ if (serviceName == null) {
+ return Collections.emptyList();
+ }
+ try {
+ return
getEntityManager().createNamedQuery("XXSecurityZoneRefService.findByServiceNameAndZoneId",
tClass)
+ .setParameter("serviceName",
serviceName).setParameter("zoneId", zoneId).getResultList();
+ } catch (NoResultException e) {
+ return Collections.emptyList();
+ }
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 6ddb359..f17b65e 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -82,6 +82,8 @@ import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.db.XXGroupUserDao;
import org.apache.ranger.entity.XXGroupUser;
import org.apache.ranger.entity.XXPolicyExportAudit;
+import org.apache.ranger.entity.XXSecurityZone;
+import org.apache.ranger.entity.XXSecurityZoneRefService;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.entity.XXTrxLog;
@@ -1992,10 +1994,10 @@ public class ServiceREST {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.getPoliciesInJson()");
}
-
+
RangerPerfTracer perf = null;
SearchFilter filter =
searchUtil.getSearchFilter(request,policyService.sortFields);
-
+ String zoneName = filter.getParam("zoneName");
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf =
RangerPerfTracer.getPerfTracer(PERF_LOG,"ServiceREST.getPoliciesInJson()");
@@ -2007,6 +2009,9 @@ public class ServiceREST {
List<RangerPolicy> policyLists = new
ArrayList<RangerPolicy>();
policyLists = getAllFilteredPolicyList(filter, request,
policyLists);
+ if (StringUtils.isBlank(zoneName)) {// if zoneName not
provided in search parameter, return only policies which are not in any zone.
+ policyLists =
svcStore.noZoneFilter(policyLists);
+ }
if (CollectionUtils.isNotEmpty(policyLists)) {
for (RangerPolicy rangerPolicy : policyLists) {
if (rangerPolicy != null) {
@@ -2052,10 +2057,11 @@ public class ServiceREST {
public void importPoliciesFromFile(
@Context HttpServletRequest request,
@FormDataParam("servicesMapJson") InputStream
serviceMapStream,
+ @FormDataParam("zoneMapJson") InputStream zoneMapStream,
@FormDataParam("file") InputStream uploadedInputStream,
@FormDataParam("file") FormDataContentDisposition
fileDetail,
- @QueryParam("isOverride") Boolean isOverride) {
-
+ @QueryParam("isOverride") Boolean isOverride,
+ @QueryParam("importType") String importType) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.importPoliciesFromFile()");
}
@@ -2081,98 +2087,57 @@ public class ServiceREST {
isOverride = false;
}
List<String> serviceNameList = new ArrayList<String>();
- String serviceType = null;
- List<String> serviceTypeList = null;
- SearchFilter filter =
searchUtil.getSearchFilter(request,policyService.sortFields);
- if
(StringUtils.isNotEmpty(request.getParameter(PARAM_SERVICE_TYPE))){
- serviceType =
request.getParameter(PARAM_SERVICE_TYPE);
- }
- if(StringUtils.isNotEmpty(serviceType)){
- serviceTypeList = new
ArrayList<String>(Arrays.asList(serviceType.split(",")));
- }
- List<RangerService> rangerServiceList = null;
- List<RangerService> rangerServiceLists = new
ArrayList<RangerService>();
- if (CollectionUtils.isNotEmpty(serviceTypeList)){
- for (String s : serviceTypeList) {
- filter.removeParam(PARAM_SERVICE_TYPE);
- filter.setParam(PARAM_SERVICE_TYPE,
s.trim());
- rangerServiceList = getServices(filter);
-
rangerServiceLists.addAll(rangerServiceList);
- }
- }
- if(!CollectionUtils.sizeIsEmpty(rangerServiceLists)){
- for(RangerService rService :
rangerServiceLists){
- if
(StringUtils.isNotEmpty(rService.getName())){
-
serviceNameList.add(rService.getName());
- }
- }
- }
+ getServiceNameList(request,serviceNameList);
Map<String, String> servicesMappingMap = new
LinkedHashMap<String, String>();
List<String> sourceServices = new ArrayList<String>();
List<String> destinationServices = new
ArrayList<String>();
+ Map<String, String> zoneMappingMap = new
LinkedHashMap<String, String>();
+ List<String> sourceZones = new ArrayList<String>();
+ List<String> destinationZones = new ArrayList<String>();
+ if (zoneMapStream != null) {
+ zoneMappingMap =
svcStore.getMapFromInputStream(zoneMapStream);
+ processZoneMapping(zoneMappingMap, sourceZones,
destinationZones);
+ }
+
if (serviceMapStream != null){
- servicesMappingMap =
svcStore.getServiceMap(serviceMapStream);
- }
- if(!CollectionUtils.sizeIsEmpty(servicesMappingMap)){
- for (Entry<String, String> map :
servicesMappingMap.entrySet()) {
- String sourceServiceName = null;
- String destinationServiceName = null;
- if
(StringUtils.isNotEmpty(map.getKey().trim()) &&
StringUtils.isNotEmpty(map.getValue().trim())){
- sourceServiceName =
map.getKey().trim();
- destinationServiceName =
map.getValue().trim();
- }else{
- LOG.error("Source service or
destonation service name is not provided!!");
- throw
restErrorUtil.createRESTException("Source service or destonation service name
is not provided!!");
- }
- if
(StringUtils.isNotEmpty(sourceServiceName)
- &&
StringUtils.isNotEmpty(destinationServiceName)) {
-
sourceServices.add(sourceServiceName);
-
destinationServices.add(destinationServiceName);
- }
- }
- }
-
+ servicesMappingMap =
svcStore.getMapFromInputStream(serviceMapStream);
+ processServiceMapping(servicesMappingMap,
sourceServices, destinationServices);
+ }
+
String fileName = fileDetail.getFileName();
int totalPolicyCreate = 0;
+ String zoneNameInJson = null;
Map<String, RangerPolicy> policiesMap = new
LinkedHashMap<String, RangerPolicy>();
List<String> dataFileSourceServices = new
ArrayList<String>();
if (fileName.endsWith("json")) {
try {
RangerExportPolicyList
rangerExportPolicyList = null;
List<RangerPolicy> policies = null;
- Gson gson = new Gson();
-
- String policiesString =
IOUtils.toString(uploadedInputStream);
- policiesString = policiesString.trim();
- if
(StringUtils.isNotEmpty(policiesString)){
- gson.fromJson(policiesString,
RangerExportPolicyList.class);
- rangerExportPolicyList = new
ObjectMapper().readValue(policiesString, RangerExportPolicyList.class);
- } else {
- LOG.error("Provided json file
is empty!!");
- throw
restErrorUtil.createRESTException("Provided json file is empty!!");
- }
- if (rangerExportPolicyList != null &&
!CollectionUtils.sizeIsEmpty(rangerExportPolicyList.getMetaDataInfo())){
+ rangerExportPolicyList =
processPolicyInputJsonForMetaData(uploadedInputStream,rangerExportPolicyList);
+ if (rangerExportPolicyList != null &&
!CollectionUtils.sizeIsEmpty(rangerExportPolicyList.getMetaDataInfo())) {
metaDataInfo = new
ObjectMapper().writeValueAsString(rangerExportPolicyList.getMetaDataInfo());
} else {
LOG.info("metadata info is not
provided!!");
}
- if (rangerExportPolicyList != null &&
!CollectionUtils.sizeIsEmpty(rangerExportPolicyList.getPolicies())){
- policies =
rangerExportPolicyList.getPolicies();
- } else {
- LOG.error("Provided json file
does not contain any policy!!");
- throw
restErrorUtil.createRESTException("Provided json file does not contain any
policy!!");
- }
+ policies =
getPoliciesFromProvidedJson(rangerExportPolicyList);
+
+ int i = 0;
if
(CollectionUtils.sizeIsEmpty(servicesMappingMap) && isOverride){
if(policies != null &&
!CollectionUtils.sizeIsEmpty(policies)){
for (RangerPolicy
policyInJson: policies){
- if
(policyInJson != null) {
+ if
(policyInJson != null ) {
+ if (i
== 0 && StringUtils.isNotBlank(policyInJson.getZoneName())) {
+
zoneNameInJson = policyInJson.getZoneName().trim();
+ }
if
(StringUtils.isNotEmpty(policyInJson.getService().trim())) {
String serviceName = policyInJson.getService().trim();
if (CollectionUtils.isNotEmpty(serviceNameList) &&
serviceNameList.contains(serviceName)) {
sourceServices.add(serviceName);
destinationServices.add(serviceName);
-
} else if (CollectionUtils.isEmpty(serviceNameList)) {
+
} else if (CollectionUtils.isEmpty(serviceNameList)
+
&& !sourceServices.contains(serviceName)
+
&& !destinationServices.contains(serviceName)) {
sourceServices.add(serviceName);
destinationServices.add(serviceName);
}
@@ -2181,18 +2146,24 @@ public class ServiceREST {
throw restErrorUtil.createRESTException("Service Name or Policy Name is not
provided!!");
}
}
+ i++;
}
}
}else if
(!CollectionUtils.sizeIsEmpty(servicesMappingMap)) {
if (policies != null &&
!CollectionUtils.sizeIsEmpty(policies)){
+ i = 0;
for (RangerPolicy
policyInJson: policies){
if
(policyInJson != null){
+ if (i
== 0 && StringUtils.isNotBlank(policyInJson.getZoneName())) {
+
zoneNameInJson = policyInJson.getZoneName().trim();
+ }
if
(StringUtils.isNotEmpty(policyInJson.getService().trim())) {
dataFileSourceServices.add(policyInJson.getService().trim());
}else{
LOG.error("Service Name or Policy Name is not provided!!");
throw restErrorUtil.createRESTException("Service Name or Policy Name is not
provided!!");
}
+ i++;
}
}
if(!dataFileSourceServices.containsAll(sourceServices)){
@@ -2208,12 +2179,13 @@ public class ServiceREST {
} else if
(updateIfExists.equalsIgnoreCase("true")) {
isOverride = false;
}
+ String destinationZoneName =
getDestinationZoneName(destinationZones,zoneNameInJson);
if (isOverride &&
"false".equalsIgnoreCase(updateIfExists) && StringUtils.isEmpty(polResource)) {
if (LOG.isDebugEnabled()) {
LOG.debug("Deleting
Policy from provided services in servicesMapJson file...");
}
if
(CollectionUtils.isNotEmpty(sourceServices) &&
CollectionUtils.isNotEmpty(destinationServices)) {
-
deletePoliciesProvidedInServiceMap(sourceServices, destinationServices);
+
deletePoliciesProvidedInServiceMap(sourceServices,
destinationServices,destinationZoneName);//In order to delete Zone specific
policies from service
}
}
@@ -2222,61 +2194,32 @@ public class ServiceREST {
LOG.debug("Deleting
Policy from provided services in servicesMapJson file for specific
resource...");
}
if
(CollectionUtils.isNotEmpty(sourceServices) &&
CollectionUtils.isNotEmpty(destinationServices)){
-
deletePoliciesForResource(sourceServices, destinationServices, request,
policies);
+
deletePoliciesForResource(sourceServices, destinationServices, request,
policies,destinationZoneName);//In order to delete Zone specific policies from
service
}
}
if (policies != null &&
!CollectionUtils.sizeIsEmpty(policies)){
for (RangerPolicy policyInJson:
policies){
if (policyInJson !=
null){
- policiesMap =
svcStore.createPolicyMap(servicesMappingMap, sourceServices,
destinationServices, policyInJson, policiesMap);
- }
- }
- }
- if
(!CollectionUtils.sizeIsEmpty(policiesMap.entrySet())) {
- for (Entry<String,
RangerPolicy> entry : policiesMap.entrySet()) {
- RangerPolicy policy =
entry.getValue();
- if (policy != null){
- if
(!CollectionUtils.isEmpty(serviceNameList)) {
- for
(String service : serviceNameList) {
-
if (StringUtils.isNotEmpty(service.trim()) &&
StringUtils.isNotEmpty(policy.getService().trim())){
-
if (policy.getService().trim().equalsIgnoreCase(service.trim())) {
-
if (updateIfExists != null && !updateIfExists.isEmpty()){
-
request.setAttribute(PARAM_SERVICE_NAME,
policy.getService());
-
request.setAttribute(PARAM_POLICY_NAME,
policy.getName());
-
}
-
createPolicy(policy, request);
-
totalPolicyCreate = totalPolicyCreate + 1;
-
if (LOG.isDebugEnabled()) {
-
LOG.debug("Policy " + policy.getName() + " created
successfully.");
-
}
-
break;
-
}
-
} else {
-
LOG.error("Service Name or Policy Name is not provided!!");
-
throw restErrorUtil.createRESTException("Service Name or Policy Name is
not provided!!");
-
}
- }
- } else {
- if
(updateIfExists != null && !updateIfExists.isEmpty()){
-
request.setAttribute(PARAM_SERVICE_NAME, policy.getService());
-
request.setAttribute(PARAM_POLICY_NAME, policy.getName());
- }
-
createPolicy(policy, request);
-
totalPolicyCreate = totalPolicyCreate + 1;
- if
(LOG.isDebugEnabled()) {
-
LOG.debug("Policy " + policy.getName() + " created successfully.");
+ if
(StringUtils.isNotBlank(destinationZoneName)) {
+ boolean
isZoneServiceExistAtDestination =
validateDestZoneServiceMapping(destinationZoneName, policyInJson,
servicesMappingMap);
+
if(!isZoneServiceExistAtDestination) {
+
LOG.warn("provided service of policy in File is not associated with zone");
+
continue;
}
}
+ policiesMap =
svcStore.createPolicyMap(zoneMappingMap, sourceZones, destinationZoneName,
+
servicesMappingMap, sourceServices, destinationServices, policyInJson,
+
policiesMap);// zone Info is also sent for creating policy map
}
}
- if (LOG.isDebugEnabled()) {
- LOG.debug("Total Policy
Created From Json file : " + totalPolicyCreate);
- }
- if(!(totalPolicyCreate > 0)){
- LOG.error("zero policy
is created from provided data file!!");
- throw
restErrorUtil.createRESTException("zero policy is created from provided data
file!!");
- }
}
+
+ totalPolicyCreate =
createPolicesBasedOnPolicyMap(request,policiesMap, serviceNameList,
updateIfExists, totalPolicyCreate);
+ if(!(totalPolicyCreate > 0)){
+ LOG.error("zero policy is
created from provided data file!!");
+ throw
restErrorUtil.createRESTException("zero policy is created from provided data
file!!");
+ }
+
} catch (IOException e) {
LOG.error(e.getMessage());
throw
restErrorUtil.createRESTException(e.getMessage());
@@ -2332,6 +2275,193 @@ public class ServiceREST {
}
}
+ private int createPolicesBasedOnPolicyMap(HttpServletRequest request,
Map<String, RangerPolicy> policiesMap,
+ List<String> serviceNameList, String updateIfExists,
int totalPolicyCreate) {
+ if (!CollectionUtils.sizeIsEmpty(policiesMap.entrySet())) {
+ for (Entry<String, RangerPolicy> entry :
policiesMap.entrySet()) {
+ RangerPolicy policy = entry.getValue();
+ if (policy != null){
+ if
(!CollectionUtils.isEmpty(serviceNameList)) {
+ for (String service :
serviceNameList) {
+ if
(StringUtils.isNotEmpty(service.trim()) &&
StringUtils.isNotEmpty(policy.getService().trim())){
+ if
(policy.getService().trim().equalsIgnoreCase(service.trim())) {
+ if
(updateIfExists != null && !updateIfExists.isEmpty()){
+
request.setAttribute(PARAM_SERVICE_NAME, policy.getService());
+
request.setAttribute(PARAM_POLICY_NAME, policy.getName());
+ }
+
createPolicy(policy, request);
+
totalPolicyCreate = totalPolicyCreate + 1;
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug("Policy " + policy.getName() + " created successfully.");
+ }
+ break;
+ }
+ } else {
+
LOG.error("Service Name or Policy Name is not provided!!");
+ throw
restErrorUtil.createRESTException("Service Name or Policy Name is not
provided!!");
+ }
+ }
+ } else {
+ if (updateIfExists != null &&
!updateIfExists.isEmpty()){
+
request.setAttribute(PARAM_SERVICE_NAME, policy.getService());
+
request.setAttribute(PARAM_POLICY_NAME, policy.getName());
+ }
+ createPolicy(policy, request);
+ totalPolicyCreate =
totalPolicyCreate + 1;
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Policy " +
policy.getName() + " created successfully.");
+ }
+ }
+ }
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Total Policy Created From Json file
: " + totalPolicyCreate);
+ }
+ }
+ return totalPolicyCreate;
+ }
+
+ private List<RangerPolicy>
getPoliciesFromProvidedJson(RangerExportPolicyList rangerExportPolicyList) {
+ List<RangerPolicy> policies = null;
+ if (rangerExportPolicyList != null &&
!CollectionUtils.sizeIsEmpty(rangerExportPolicyList.getPolicies())) {
+ policies = rangerExportPolicyList.getPolicies();
+ } else {
+ LOG.error("Provided json file does not contain any
policy!!");
+ throw restErrorUtil.createRESTException("Provided json
file does not contain any policy!!");
+ }
+ return policies;
+ }
+
+ private RangerExportPolicyList
processPolicyInputJsonForMetaData(InputStream uploadedInputStream,
+ RangerExportPolicyList rangerExportPolicyList) throws
IOException, WebApplicationException {
+ Gson gson = new Gson();
+ String policiesString = IOUtils.toString(uploadedInputStream);
+ policiesString = policiesString.trim();
+ if (StringUtils.isNotEmpty(policiesString)) {
+ gson.fromJson(policiesString,
RangerExportPolicyList.class);
+ rangerExportPolicyList = new
ObjectMapper().readValue(policiesString, RangerExportPolicyList.class);
+ } else {
+ LOG.error("Provided json file is empty!!");
+ throw restErrorUtil.createRESTException("Provided json
file is empty!!");
+ }
+ return rangerExportPolicyList;
+ }
+
+ private void getServiceNameList(HttpServletRequest request,
List<String> serviceNameList) {
+ SearchFilter filter =
searchUtil.getSearchFilter(request,policyService.sortFields);
+ String serviceType = null;
+ List<String> serviceTypeList = null;
+ if
(StringUtils.isNotEmpty(request.getParameter(PARAM_SERVICE_TYPE))){
+ serviceType = request.getParameter(PARAM_SERVICE_TYPE);
+ }
+ if(StringUtils.isNotEmpty(serviceType)){
+ serviceTypeList = new
ArrayList<String>(Arrays.asList(serviceType.split(",")));
+ }
+ List<RangerService> rangerServiceList = null;
+ List<RangerService> rangerServiceLists = new
ArrayList<RangerService>();
+ if (CollectionUtils.isNotEmpty(serviceTypeList)){
+ for (String s : serviceTypeList) {
+ filter.removeParam(PARAM_SERVICE_TYPE);
+ filter.setParam(PARAM_SERVICE_TYPE, s.trim());
+ rangerServiceList = getServices(filter);
+ rangerServiceLists.addAll(rangerServiceList);
+ }
+ }
+ if(!CollectionUtils.sizeIsEmpty(rangerServiceLists)){
+ for(RangerService rService : rangerServiceLists){
+ if (StringUtils.isNotEmpty(rService.getName())){
+ serviceNameList.add(rService.getName());
+ }
+ }
+ }
+ }
+
+ private boolean validateDestZoneServiceMapping(String
destinationZoneName, RangerPolicy policyInJson,
+ Map<String, String> servicesMappingMap) {
+ boolean isZoneServiceExistAtDestination = false;
+ XXSecurityZone xdestZone =
daoManager.getXXSecurityZoneDao().findByZoneName(destinationZoneName);
+ if (xdestZone == null) {
+ LOG.error("destination zone provided does not exist");
+ throw restErrorUtil.createRESTException("destination
zone provided does not exist");
+ }
+ // CHECK IF json policies service is there on destination and
asscioated with
+ // destination zone.
+
+ String serviceNameToCheck = policyInJson.getService();
+
+ if (StringUtils.isNotBlank(serviceNameToCheck) &&
servicesMappingMap.containsKey(serviceNameToCheck)) {
+ serviceNameToCheck =
servicesMappingMap.get(policyInJson.getService());
+ }
+ List<XXSecurityZoneRefService> serviceZoneMapping =
daoManager.getXXSecurityZoneRefService()
+ .findByServiceNameAndZoneId(serviceNameToCheck,
xdestZone.getId());
+
+ if (!CollectionUtils.isEmpty(serviceZoneMapping)) {
+ isZoneServiceExistAtDestination = true;
+ }
+
+ return isZoneServiceExistAtDestination;
+ }
+
+ private String getDestinationZoneName(List<String> destinationZones,
String zoneNameInJson) {
+ String destinationZoneName = null;
+ if (CollectionUtils.isNotEmpty(destinationZones)) {
+ destinationZoneName = destinationZones.get(0);
+ } else {
+ destinationZoneName = zoneNameInJson;
+ }
+ return destinationZoneName;
+ }
+
+ private void processServiceMapping(Map<String, String>
servicesMappingMap, List<String> sourceServices,
+ List<String> destinationServices) {
+ if (!CollectionUtils.sizeIsEmpty(servicesMappingMap)) {
+ for (Entry<String, String> map :
servicesMappingMap.entrySet()) {
+ String sourceServiceName = null;
+ String destinationServiceName = null;
+ if (StringUtils.isNotEmpty(map.getKey().trim())
&& StringUtils.isNotEmpty(map.getValue().trim())) {
+ sourceServiceName = map.getKey().trim();
+ destinationServiceName =
map.getValue().trim();
+ } else {
+ LOG.error("Source service or
destination service name is not provided!!");
+ throw restErrorUtil
+
.createRESTException("Source service or destonation service name is not
provided!!");
+ }
+ if (StringUtils.isNotEmpty(sourceServiceName)
&& StringUtils.isNotEmpty(destinationServiceName)) {
+ sourceServices.add(sourceServiceName);
+
destinationServices.add(destinationServiceName);
+ }
+ }
+ }
+ }
+
+ private void processZoneMapping(Map<String, String> zoneMappingMap,
List<String> sourceZones,
+ List<String> destinationZones) {
+
+ if (!CollectionUtils.sizeIsEmpty(zoneMappingMap)) {
+ for (Entry<String, String> map :
zoneMappingMap.entrySet()) {
+ String sourceZoneName = null;
+ String destinationZoneName = null;
+ if (StringUtils.isNotEmpty(map.getKey().trim())
|| StringUtils.isNotEmpty(map.getValue().trim())) {
+ // zone to zone
+ // zone to unzone
+ // unzone to zone
+ sourceZoneName = map.getKey().trim();
+ destinationZoneName =
map.getValue().trim();
+ LOG.info("sourceZoneName =" +
sourceZoneName + "destinationZoneName = " + destinationZoneName);
+ } else if
(StringUtils.isEmpty(map.getKey().trim()) &&
StringUtils.isEmpty(map.getValue().trim())) {
+ LOG.info("Unzone to unzone policies
import");
+ } else {
+ LOG.error("Source zone or destination
zone name is not provided!!");
+ throw
restErrorUtil.createRESTException("Source zone or destination zone name is not
provided!!");
+ }
+ if (StringUtils.isNotEmpty(sourceZoneName) ||
StringUtils.isNotEmpty(destinationZoneName)) {
+ sourceZones.add(sourceZoneName);
+
destinationZones.add(destinationZoneName);
+ }
+ }
+ }
+ }
+
private List<RangerPolicy> getAllFilteredPolicyList(SearchFilter filter,
HttpServletRequest request, List<RangerPolicy>
policyLists) {
String serviceNames = null;
@@ -2426,15 +2556,16 @@ public class ServiceREST {
return policyLists;
}
- private void deletePoliciesProvidedInServiceMap(
- List<String> sourceServices, List<String>
destinationServices) {
+ private void deletePoliciesProvidedInServiceMap(List<String>
sourceServices, List<String> destinationServices, String zoneName) {
int totalDeletedPilicies = 0;
if (CollectionUtils.isNotEmpty(sourceServices)
&&
CollectionUtils.isNotEmpty(destinationServices)) {
RangerPolicyValidator validator =
validatorFactory.getPolicyValidator(svcStore);
for (int i = 0; i < sourceServices.size(); i++) {
- if (!destinationServices.get(i).isEmpty()) {
- final RangerPolicyList servicePolicies
= getServicePolicies(destinationServices.get(i), new SearchFilter());
+ if (!destinationServices.get(i).isEmpty() ) {
+ SearchFilter filter = new
SearchFilter();
+ filter.setParam("zoneName",zoneName);
+ final RangerPolicyList servicePolicies
= getServicePolicies(destinationServices.get(i),filter);
if (servicePolicies != null) {
List<RangerPolicy>
rangerPolicyList = servicePolicies.getPolicies();
if
(CollectionUtils.isNotEmpty(rangerPolicyList)) {
@@ -2465,7 +2596,7 @@ public class ServiceREST {
}
}
- private void deletePoliciesForResource(List<String> sourceServices,
List<String> destinationServices, HttpServletRequest request,
List<RangerPolicy> exportPolicies) {
+ private void deletePoliciesForResource(List<String> sourceServices,
List<String> destinationServices, HttpServletRequest request,
List<RangerPolicy> exportPolicies, String zoneName) {
int totalDeletedPilicies = 0;
if (CollectionUtils.isNotEmpty(sourceServices)
&&
CollectionUtils.isNotEmpty(destinationServices)) {
@@ -2480,7 +2611,9 @@ public class ServiceREST {
for (int i = 0; i < sourceServices.size(); i++) {
if (!destinationServices.get(i).isEmpty()) {
RangerPolicyList servicePolicies = null;
- servicePolicies =
getServicePoliciesByName(destinationServices.get(i), request);
+ SearchFilter filter =
searchUtil.getSearchFilter(request,policyService.sortFields);
+ filter.setParam("zoneName", zoneName);
+ servicePolicies =
getServicePolicies(destinationServices.get(i), filter);
if (servicePolicies != null) {
List<RangerPolicy>
rangerPolicyList = servicePolicies.getPolicies();
if
(CollectionUtils.isNotEmpty(rangerPolicyList)) {
@@ -2600,7 +2733,7 @@ public class ServiceREST {
RangerPerfTracer perf = null;
SearchFilter filter = searchUtil.getSearchFilter(request,
policyService.sortFields);
- String zoneName = filter.getParam("zoneName");
+
try {
if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"ServiceREST.getServicePolicies(serviceId=" + serviceId + ")");
@@ -2628,9 +2761,7 @@ public class ServiceREST {
}
servicePolicies =
applyAdminAccessFilter(servicePolicies);
- if(StringUtils.isBlank(zoneName)) { //if
zoneName not provided in search parameter, return only policies which are not
in any zone.
- servicePolicies =
applyZoneFilter(servicePolicies);
- }
+
ret = toRangerPolicyList(servicePolicies,
filter);
}
} catch(WebApplicationException excp) {
@@ -2650,15 +2781,6 @@ public class ServiceREST {
return ret;
}
- private List<RangerPolicy> applyZoneFilter(List<RangerPolicy>
servicePolicies) {
- List<RangerPolicy> noZonePolicies = new
ArrayList<RangerPolicy>();
- for(RangerPolicy policy : servicePolicies){
- if(StringUtils.isBlank(policy.getZoneName())) {
- noZonePolicies.add(policy);
- }
- }
- return noZonePolicies;
- }
@GET
@Path("/policies/service/name/{name}")
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
index acba730..b16bfe7 100644
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
@@ -73,7 +73,8 @@ public abstract class RangerBaseModelService<T extends
XXDBBase, V extends Range
public static final int OPERATION_CREATE_CONTEXT = 1;
public static final int OPERATION_UPDATE_CONTEXT = 2;
public static final int OPERATION_DELETE_CONTEXT = 3;
-
+ public static final int OPERATION_IMPORT_CREATE_CONTEXT = 4;
+ public static final int OPERATION_IMPORT_DELETE_CONTEXT = 5;
protected Class<T> tEntityClass;
protected Class<V> tViewClass;
private Boolean populateExistingBaseFields;
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
index 771feec..0276367 100644
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
@@ -76,8 +76,10 @@ public class RangerPolicyService extends
RangerPolicyServiceBase<XXPolicy, Range
static HashMap<String, VTrxLogAttr> trxLogAttrs = new HashMap<String,
VTrxLogAttr>();
String actionCreate;
+ String actionImportCreate;
String actionUpdate;
String actionDelete;
+ String actionImportDelete;
static {
trxLogAttrs.put("name", new VTrxLogAttr("name", "Policy Name",
false));
@@ -101,6 +103,8 @@ public class RangerPolicyService extends
RangerPolicyServiceBase<XXPolicy, Range
public RangerPolicyService() {
super();
actionCreate = "create";
+ actionImportCreate = "Import Create";
+ actionImportDelete = "Import Delete";
actionUpdate = "update";
actionDelete = "delete";
}
@@ -422,6 +426,16 @@ public class RangerPolicyService extends
RangerPolicyServiceBase<XXPolicy, Range
xTrxLog.setPreviousValue(oldValue);
xTrxLog.setNewValue(value);
}
+ else if (action == OPERATION_IMPORT_CREATE_CONTEXT) {
+ if (stringUtil.isEmpty(value)) {
+ return null;
+ }
+ xTrxLog.setNewValue(value);
+ actionString = actionImportCreate;
+ } else if (action == OPERATION_IMPORT_DELETE_CONTEXT) {
+ xTrxLog.setPreviousValue(value);
+ actionString = actionImportDelete;
+ }
} catch (IllegalArgumentException | IllegalAccessException e) {
logger.error("Process field to create trx log
failure.", e);
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
index 8dfbf41..3e1a8e1 100644
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
@@ -140,6 +140,7 @@ public abstract class RangerPolicyServiceBase<T extends
XXPolicyBase, V extends
vObj.setGuid(xObj.getGuid());
vObj.setVersion(xObj.getVersion());
vObj.setService(xService.getName());
+ vObj.setServiceType(xService.getType().toString());
vObj.setName(StringUtils.trim(xObj.getName()));
vObj.setPolicyType(xObj.getPolicyType() == null ?
RangerPolicy.POLICY_TYPE_ACCESS : xObj.getPolicyType());
vObj.setPolicyPriority(xObj.getPolicyPriority() == null ?
RangerPolicy.POLICY_PRIORITY_NORMAL : xObj.getPolicyPriority());
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index 97cc58b..e4647b1 100644
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -266,6 +266,10 @@
<!-- XXPolicy -->
+ <named-query name="XXPolicy.findByPolicyName">
+ <query>select obj from XXPolicy obj where obj.name = :polName
order by obj.id</query>
+ </named-query>
+
<named-query name="XXPolicy.findByNameAndServiceIdAndZoneId">
<query>select obj from XXPolicy obj where obj.name = :polName
and obj.service = :serviceId and obj.zoneId = :zoneId order by obj.id</query>
</named-query>
@@ -1358,6 +1362,18 @@
</query>
</named-query>
+ <named-query name="XXSecurityZoneRefService.findByServiceName">
+ <query>
+ select obj from XXSecurityZoneRefService obj where
obj.serviceName = :serviceName
+ </query>
+ </named-query>
+
+ <named-query name="XXSecurityZoneRefService.findByServiceNameAndZoneId">
+ <query>
+ select obj from XXSecurityZoneRefService obj where
obj.serviceName = :serviceName and obj.zoneId = :zoneId
+ </query>
+ </named-query>
+
<named-query name="XXSecurityZoneRefTagService.findByZoneId">
<query>
select obj from XXSecurityZoneRefTagService obj where obj.zoneId =
:zoneId
diff --git
a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index 19bb04b..7f5204a 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -455,6 +455,8 @@ define(function(require) {
zoneServiceNameValidation: 'Please select Service Name for
selected zone.',
adminUserGroupValidation: 'Please select atleast one Admin
Users/Usergroups to Zone else Zone will not be added.',
auditorUserGroupValidation: 'Please select atleast one Auditor
Users/Usergroups to Zone else Zone will not be added.',
+ selectZoneFile : 'Selected file does not contain zone
details, Please select appropriate file containing zone details',
+ selectOtherFile : 'Selected file contains zone
details, Please select appropriate file without zone details'
},
plcHldr : {
diff --git a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
index 8036d2f..2117f66 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
@@ -83,7 +83,9 @@ define(function(require){
Export_Csv : { value: 'EXPORT CSV', label: 'Export
Csv' },
Export_Excel : { value: 'EXPORT EXCEL', label: 'Export
Excel' },
Import_End : { value: 'IMPORT END', label: 'Import
End' },
- Import_Start : { value: 'IMPORT START', label: 'Import
Start'}
+ Import_Start : { value: 'IMPORT START', label: 'Import
Start'},
+ Import_Create : { value: 'IMPORT CREATE', label:
'Import Create'},
+ Import_Delete: { value: 'IMPORT DELETE', label: 'Import
Delete'}
};
XAGlobals.Timezones = [{"text":"Africa/Abidjan
(GMT)","id":"Africa/Abidjan"},{"text":"Africa/Accra
(GMT)","id":"Africa/Accra"},{"text":"Africa/Addis_Ababa
(EAT)","id":"Africa/Addis_Ababa"},{"text":"Africa/Algiers
(CET)","id":"Africa/Algiers"},{"text":"Africa/Asmara
(EAT)","id":"Africa/Asmara"},{"text":"Africa/Asmera
(EAT)","id":"Africa/Asmera"},{"text":"Africa/Bamako
(GMT)","id":"Africa/Bamako"},{"text":"Africa/Bangui
(WAT)","id":"Africa/Bangui"},{"text":"Africa/Banjul (GMT)","id [...]
diff --git
a/security-admin/src/main/webapp/scripts/views/DownloadServicePolicy.js
b/security-admin/src/main/webapp/scripts/views/DownloadServicePolicy.js
index 2b5cfdd..f701e3f 100644
--- a/security-admin/src/main/webapp/scripts/views/DownloadServicePolicy.js
+++ b/security-admin/src/main/webapp/scripts/views/DownloadServicePolicy.js
@@ -75,14 +75,19 @@ define(function(require){
if(urlString.slice(-1) == "/") {
urlString = urlString.slice(0,-1);
};
+ if(App.vZone && App.vZone.vZoneName &&
!_.isEmpty(App.vZone.vZoneName)){
+ var exportUrl = urlString +urls+
'?serviceName='+serviceName+'&zoneName='+App.vZone.vZoneName;
+ }else{
+ var exportUrl = urlString +urls+
'?serviceName='+serviceName;
+ }
XAUtil.blockUI();
$.ajax({
type: "GET",
- url:urlString +urls+
'?serviceName='+serviceName+'&checkPoliciesExists=true',
+ url:exportUrl+'&checkPoliciesExists=true',
success:function(data,status,response){
XAUtil.blockUI('unblock');
if(response.status == 200 ||
response.statusText == "ok"){
- var downloadUrl = urlString +
urls+'?serviceName='+serviceName+'&checkPoliciesExists=false';
+ var downloadUrl =
exportUrl+'&checkPoliciesExists=false';
var downloadReport = $('<a href
="'+downloadUrl+'"></a>');
downloadReport.appendTo('body');
downloadReport[0].click();
diff --git
a/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js
b/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js
index 68022e9..94362bf 100644
--- a/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js
+++ b/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js
@@ -18,13 +18,14 @@
*/
define(function(require){
- 'use strict';
+ 'use strict';
var Backbone = require('backbone');
var App = require('App');
var XAUtil = require('utils/XAUtils');
var XAEnums = require('utils/XAEnums');
var XALinks = require('modules/XALinks');
+ var localization = require('utils/XALangSupport');
var UploadservicepolicyTmpl =
require('hbs!tmpl/common/uploadservicepolicy_tmpl');
var ServiceMappingItem = Backbone.Marionette.ItemView.extend({
@@ -45,7 +46,7 @@ define(function(require){
},
initialize : function(options) {
- _.extend(this, _.pick(options,
'collection','serviceNames','services'));
+ _.extend(this, _.pick(options,
'collection','serviceNames','services','sourceData','zoneDestination','serviceType'));
},
onSourceChange : function(e){
@@ -53,31 +54,54 @@ define(function(require){
this.model.set('source', _.isEmpty(sourceValue) ?
undefined : sourceValue);
},
onDestinationSelect : function(e) {
- this.model.set('destination',
_.isEmpty(e.currentTarget.value) ? undefined : e.currentTarget.value);
- var serviceTypes = _.find( this.services.models ,
function(m){
- return m.get('name') == e.currentTarget.value
- });
- if(!_.isUndefined(serviceTypes)){
- this.model.set('serviceType' ,
serviceTypes.get('type') );
- }else{
- this.model.set('serviceType' , " " );
- }
+ this.model.set('destination',
_.isEmpty(e.currentTarget.value) ? undefined : e.currentTarget.value);
+ var serviceTypes = _.find( this.services.models ,
function(m){
+ return m.get('name') == e.currentTarget.value
+ });
+ if(!_.isUndefined(serviceTypes)){
+ this.model.set('serviceType' ,
serviceTypes.get('type') );
+ }else{
+ this.model.set('serviceType' , " " );
+ }
},
onDeleteMapClick : function(){
this.collection.remove(this.model)
},
-
+
onRender : function() {
var that = this;
- var options = _.map(this.serviceNames, function(m,
key){ return { 'id' : m.name, 'text' : m.name}; });
+ // source services
this.ui.sourceInput.val(this.model.get('source'));
-
this.ui.destinationSelect.val(this.model.get('destination'));
+ var sourceOptions =
_.map(_.groupBy(this.sourceData.policies , function(m){return m.service}),
function(m, key){ return { 'id' : key, 'text' : key}; });
+ this.ui.sourceInput.select2({
+ closeOnSelect: true,
+ placeholder: 'Select source name',
+ width: '220px',
+ allowClear: true,
+ data:sourceOptions,
+ });
+ // destination services
+ var serviceNameList = [], options;
+ if(that.model && that.model.has('sourceServiceType')){
+ serviceNameList = _.filter(this.serviceNames,
function(m){
+ return m.get('type') ==
that.model.get('sourceServiceType')
+ })
+ options = _.map(serviceNameList, function(m){
return { 'id' : m.get('name'), 'text' : m.get('name')}});
+ }else{
+ options = _.map(this.serviceNames, function(m){
return { 'id' : m.get('name'), 'text' : m.get('name')}});
+ }
+ if(_.some(options,function(m){return m.id ===
that.model.get('source')})){
+
this.ui.destinationSelect.val(that.model.get('source'));
+ this.model.set('destination',
that.model.get('source'))
+ }else{
+ this.ui.destinationSelect.val();
+ }
this.ui.destinationSelect.select2({
closeOnSelect: true,
placeholder: 'Select service name',
- width: '220px',
- allowClear: true,
- data:options,
+ width: '220px',
+ allowClear: true,
+ data:options,
});
}
});
@@ -99,30 +123,26 @@ define(function(require){
return {
'collection' : this.collection,
'serviceNames' : this.serviceNames,
- 'services': this.services,
+ 'services' : this.services,
+ 'sourceData' : this.importFileData,
+ 'zoneDestination':
this.ui.zoneDestination.val(),
+ 'serviceType' : this.serviceType
};
},
initialize: function(options) {
- this.bind("ok", this.okClicked);
- _.extend(this, _.pick(options,
'collection','serviceNames','serviceDefList','serviceType','services',
- 'zoneServiceDefList','zoneServices'));
- var that =this, componentServices=[];
- if(!_.isEmpty(that.zoneServices) &&
!_.isUndefined(that.zoneServices)){
- _.each(that.zoneServices, function(value, key){
- if(key === that.serviceType){
- componentServices =
componentServices.concat(value);
- }
- });
- }else{
- componentServices =
this.services.where({'type' : this.serviceType });
- }
- this.serviceNames = componentServices.map(function(m){
return { 'name' : m.get('name') } });
+ this.bind("ok", this.okClicked);
+ _.extend(this, _.pick(options,
'collection','serviceNames','serviceDefList','serviceType','services',
+ 'rangerZoneList'));
},
ui:{
'importFilePolicy' : '[data-id="uploadPolicyFile"]',
'addServiceMaping' :
'[data-id="addServiceMaping"]',
- 'componentType' : '[data-id="componentType"]',
- 'fileNameClosebtn' : '[data-id="fileNameClosebtn"]'
+ 'fileNameClosebtn' :
'[data-id="fileNameClosebtn"]',
+ 'zoneSource' : '[data-id="zoneSource"]',
+ 'zoneDestination' : '[data-id="zoneDestination"]',
+ 'selectFileValidationMsg' :
'[data-id="selectFileValidationMsg"]',
+ 'selectServicesMapping':
'[data-id="selectServicesMapping"]',
+ 'selectZoneMapping' : '[data-id="selectZoneMapping"]'
},
events: function() {
var events = {};
@@ -132,24 +152,13 @@ define(function(require){
return events;
},
okClicked: function (modal) {
- if( _.isUndefined(this.targetFileObj) ||
(_.isEmpty(this.ui.componentType.val()) &&
this.ui.componentType.is(":visible"))){
- if(_.isUndefined(this.targetFileObj)){
-
this.$el.find('.selectFileValidationMsg').show();
- }else{
-
this.$el.find('.selectFileValidationMsg').hide();
- }
- if (_.isEmpty(this.ui.componentType.val())){
-
this.$el.find('.seviceFiledValidationFile').show();
- }else{
-
this.$el.find('.seviceFiledValidationFile').hide();
- }
+ if( _.isUndefined(this.targetFileObj)){
+ this.ui.selectFileValidationMsg.show();
return modal.preventClose();
}
- var that = this, serviceMapping = {}, fileObj =
this.targetFileObj, preventModal = false , url ="";
-
if(this.$el.find('input[data-name="override"]').is(':checked')){
- url =
"service/plugins/policies/importPoliciesFromFile?isOverride=true";
- }else{
- url =
"service/plugins/policies/importPoliciesFromFile?isOverride=false";
+ var that = this, serviceMapping = {}, fileObj =
this.targetFileObj, preventModal = false , url ="", zoneMapping = {};;
+ if(!_.isEmpty(this.ui.zoneDestination.val()) ||
!_.isEmpty(this.ui.zoneSource.val())){
+ zoneMapping[this.ui.zoneSource.val()] =
this.ui.zoneDestination.val();
}
this.collection.each(function(m){
if( m.get('source') !== undefined &&
m.get('destination') == undefined
@@ -159,7 +168,7 @@ define(function(require){
preventModal = true;
}
if(!_.isUndefined(m.get('source'))){
- serviceMapping[m.get('source')] =
m.get('destination')
+ serviceMapping[m.get('source')] =
m.get('destination');
}
});
if(preventModal){
@@ -168,19 +177,19 @@ define(function(require){
}
if(this.collection.length>1){
that.collection.models.some(function(m){
- if (!_.isEmpty(m.attributes)) {
- if (m.has('source') && m.get('source') != '') {
- var model = that.collection.where({
- 'source': m.get('source')
- });
- if (model.length > 1) {
-
that.$el.find('.serviceMapTextError').show();
-
that.$el.find('.serviceMapErrorMsg').hide();
- preventModal = true;
- return true;
- }
- }
- }
+ if (!_.isEmpty(m.attributes)) {
+ if (m.has('source') &&
m.get('source') != '') {
+ var model =
that.collection.where({
+ 'source':
m.get('source')
+ });
+ if (model.length > 1) {
+
that.$el.find('.serviceMapTextError').show();
+
that.$el.find('.serviceMapErrorMsg').hide();
+ preventModal =
true;
+ return true;
+ }
+ }
+ }
})
}
if(preventModal){
@@ -188,129 +197,203 @@ define(function(require){
return;
}
this.formData = new FormData();
- this.formData.append('file', fileObj);
- if(!_.isEmpty(serviceMapping)){
- this.formData.append('servicesMapJson', new
Blob([JSON.stringify(serviceMapping)],{type:'application/json'}));
- }
- var compString = ''
- if(!_.isUndefined(that.serviceType)){
- compString=that.serviceType
- }else{
- compString = this.ui.componentType.val()
- }
- XAUtil.blockUI();
- $.ajax({
- type: 'POST',
- url: url+"&serviceType="+compString,
- enctype: 'multipart/form-data',
- data: this.formData,
- cache: false,
- dataType:'Json',
- contentType: false,
- processData: false,
- success: function () {
- XAUtil.blockUI('unblock');
- var msg = 'File import successfully.' ;
+ this.formData.append('file', fileObj);
+ //service mapping details
+ if(!_.isEmpty(serviceMapping)){
+ this.formData.append('servicesMapJson', new
Blob([JSON.stringify(serviceMapping)],{type:'application/json'}));
+ }
+ //zone mapping details
+ if(!_.isEmpty(zoneMapping)){
+ this.formData.append('zoneMapJson', new
Blob([JSON.stringify(zoneMapping)],{type:'application/json'}));
+ }
+ //override flag
+
if(this.$el.find('input[data-name="override"]').is(':checked')){
+ url =
"service/plugins/policies/importPoliciesFromFile?isOverride=true";
+ }else{
+ url =
"service/plugins/policies/importPoliciesFromFile?isOverride=false";
+ }
+ var compString = ''
+ if(!_.isUndefined(that.serviceType)){
+ compString=that.serviceType
+ }else{
+ var selectedZoneServices = [], selectedZone;
+ if(!_.isUndefined(
that.ui.zoneDestination.val()) && !_.isEmpty( that.ui.zoneDestination.val())){
+ selectedZone =
this.rangerZoneList.find(function(m) {
+ return
that.ui.zoneDestination.val() === m.get('name');
+ });
+ _.each(selectedZone.get('services'),
function(value, key) {
+ var model =
that.services.find(function(m) {
+ return m.get('name') ==
key
+ })
+ if (model) {
+
selectedZoneServices.push(model);
+ }
+ })
+ }else{
+ selectedZoneServices =
this.serviceNames;
+ }
+ compString =
_.map(_.groupBy(selectedZoneServices, function(m){return m.get('type')}),
function(m, key){return key}).toString();
+ }
+ XAUtil.blockUI();
+ $.ajax({
+ type: 'POST',
+ url: url+"&serviceType="+compString,
+ enctype: 'multipart/form-data',
+ data: this.formData,
+ cache: false,
+ dataType:'Json',
+ contentType: false,
+ processData: false,
+ success: function () {
+ XAUtil.blockUI('unblock');
+ var msg = 'File import successfully.' ;
XAUtil.notifySuccess('Success', msg);
- },
- error : function(response,model){
- XAUtil.blockUI('unblock');
- if ( response && response.responseJSON &&
response.responseJSON.msgDesc){
- if(response.status == '419'){
-
XAUtil.defaultErrorHandler(model,response);
- }else{
- XAUtil.notifyError('Error',
response.responseJSON.msgDesc);
+ },
+ error : function(response,model){
+ XAUtil.blockUI('unblock');
+ if ( response && response.responseJSON
&& response.responseJSON.msgDesc){
+ if(response.status == '419'){
+
XAUtil.defaultErrorHandler(model,response);
+ }else{
+
XAUtil.notifyError('Error', response.responseJSON.msgDesc);
+ }
+ } else {
+ XAUtil.notifyError('Error',
'File import failed.');
}
- } else {
- XAUtil.notifyError('Error', 'File import
failed.');
}
- }
- });
- },
- onAddClick : function(){
- this.collection.add(new Backbone.Model());
- },
- onRender: function() {
- this.$el.find('.fileValidation').hide();
- this.$el.find('.selectFileValidationMsg').hide();
- if(this.serviceType==undefined){
- this.$el.find('.seviceFiled').show();
- this.renderComponentSelect();
- }else{
- this.$el.find('.seviceFiled').hide();
- }
+ });
},
- /* add 'component' and 'policy type' select */
- renderComponentSelect: function(){
- var that = this;
- if(!_.isEmpty(this.zoneServiceDefList) &&
!_.isUndefined(this.zoneServiceDefList)){
- var options =
this.zoneServiceDefList.map(function(m){ return { 'id' : m.get('name'), 'text'
: m.get('name')}});
- }else{
- var options =
this.serviceDefList.map(function(m){ return { 'id' : m.get('name'), 'text' :
m.get('name')}});
- }
- var optionVal = options.map(function(m){return m.text})
- this.ui.componentType.val(optionVal);
- this.ui.componentType.select2({
- multiple: true,
- closeOnSelect: true,
- placeholder: 'Select Component',
- width: '530px',
- allowClear: true,
- data: options
- }).on('change', function(e){
- var selectedComp = e.currentTarget.value,
componentServices = [];
- _.each(selectedComp.split(","), function(type){
- if(!_.isEmpty(that.zoneServices) &&
!_.isUndefined(that.zoneServices)){
- _.each(that.zoneServices,
function(value, key){
- if(key === type){
-
componentServices = componentServices.concat(value);
- }
- });
- }else{
- that.serviceNam =
that.services.where({'type' : type });
- componentServices =
componentServices.concat(that.serviceNam);
- }
- });
- var names = componentServices.map(function(m){
return { 'name' : m.get('name') } });
- that.serviceNames = names;
- if(!_.isUndefined(e.removed)){
- _.each(that.collection.models ,
function(m){
- if(m.get('serviceType') ==
e.removed.id){
- var mapModels =
that.collection.filter(function(m){
- return
m.get('serviceType') == e.removed.id;
- })
-
if(!_.isUndefined(mapModels)){
-
that.collection.remove(mapModels);
- }
- }
- });
- }
- that.collection.trigger('reset');
- }).trigger('change');
+ onAddClick : function(){
+ this.collection.add(new Backbone.Model());
+ },
+ onRender: function() {
+ this.$el.find('.fileValidation').hide();
+ this.ui.selectFileValidationMsg.hide();
+ this.ui.selectZoneMapping.hide();
+ this.ui.selectServicesMapping.hide();
},
importPolicy : function(e){
var that =this;
console.log("uploading....");
this.$el.find('.selectFile').hide();
- this.$el.find('.selectFileValidationMsg').hide();
+ this.ui.selectFileValidationMsg.hide();
this.$el.find('.fileValidation').hide();
+ this.selectedFileValidation(e)
this.targetFileObj = e.target.files[0];
if(!_.isUndefined(this.targetFileObj)){
-
this.$el.find('.selectFile').html('<i>'+this.targetFileObj.name+
- '</i><label class="icon icon-remove
icon-1x icon-remove-btn" data-id="fileNameClosebtn"></label>').show();
- }else{
+
this.$el.find('.selectFile').html('<i>'+this.targetFileObj.name+
+ '</i><label class="icon icon-remove
icon-1x icon-remove-btn"
data-id="fileNameClosebtn"></label>').removeClass('text-color-red').show();
+ } else {
this.$el.find('.selectFile').html("No file
chosen").show();
}
},
+ selectedFileValidation : function(file){
+ var that = this,
+ fileReader = new FileReader();
+ fileReader.onload = function(e){
+ try {
+ that.importFileData =
JSON.parse(e.target.result);
+ } catch(e) {
+ // error in the above string (in this
case, yes)!
+
that.$el.find(that.ui.selectFileValidationMsg).html(e).show();
+ return
+ }
+ var sourceZonePolicy =
_.filter(that.importFileData.policies, function(m){
+ if(m.zoneName){ return m.zoneName }
+ });
+
that.selectZoneMappingData(_.groupBy(sourceZonePolicy, function(m){ return
m.zoneName }));
+ }
+ fileReader.readAsText(file.target.files[0]);
+ },
+ selectZoneMappingData: function(sourceZoneName){
+ var that = this;
+ //souece zone value
+ this.ui.selectZoneMapping.show();
+ this.ui.selectServicesMapping.show();
+ if(sourceZoneName){
+
this.ui.zoneSource.val(_.escape(_.keys(sourceZoneName)[0]));
+ }else{
+ this.ui.zoneSource.val('');
+ }
+ //Destination zone value
+ this.setServiceDestination();
+ //Destination service values
+ if(this.serviceType && ! _.isEmpty(this.serviceType)){
+ this.serviceNames =
this.services.models.filter(function(m){return that.serviceType ==
m.get('type')});
+ }else{
+ this.serviceNames = this.services.models
+ }
+ this.setServiceSourceData();
+ },
+
+ setServiceSourceData: function(){
+ var that = this,
+ serviceSources = _.groupBy(that.importFileData.policies
, function(m){
+ return m.service
+ })
+ _.map(serviceSources, function(m , key){
+ var sourceServiceDef =
that.serviceDefList.find(function(model){
+ return model.get('id') ==
m[0].serviceType
+ });
+ if(sourceServiceDef){
+ that.collection.add(new
Backbone.Model({'source' : key, 'sourceServiceType' :
sourceServiceDef.get('name')}));
+ }else{
+ that.collection.add(new
Backbone.Model({'source' : key}));
+ }
+ })
+ },
+ setServiceDestination : function(){
+ var that =this,
+ zoneNameOption = _.map(this.rangerZoneList.models,
function(m){
+ return { 'id':m.get('name'),
'text':m.get('name')}
+ });
+ this.ui.zoneDestination.attr('disabled',false);
+ this.ui.zoneDestination.select2({
+ closeOnSelect: true,
+ placeholder: 'Select service name',
+ width: '220px',
+ allowClear: true,
+ data:zoneNameOption,
+ }).on('change', function(e){
+ that.collection.reset();
+ if(e.added && !_.isEmpty(e.val)){
+ var zoneServiceList = [];
+ that.ui.selectServicesMapping.show();
+ that.serviceNames =
that.services.models;
+ var selectedZone =
that.rangerZoneList.find(function(m) {return e.val === m.get('name')});
+ _.filter(selectedZone.get('services'),
function(m, key){
+ var zoneServiceModel =
that.serviceNames.find(function(serviceModel){
+ return
serviceModel.get('name') === key
+ })
+ if(zoneServiceModel){
+
zoneServiceList.push(zoneServiceModel);
+ }
+ });
+ that.serviceNames = zoneServiceList;
+ that.setServiceSourceData();
+ }else{
+ if(that.serviceType && !
_.isEmpty(that.serviceType)){
+ that.serviceNames =
that.services.models.filter(function(m){return that.serviceType ==
m.get('type')});
+ }else{
+ that.serviceNames =
that.services.models;
+ }
+ that.setServiceSourceData();
+ }
+ });
+ },
fileNameClosebtn : function(){
- this.$el.find('.selectFile').hide()
- this.$el.find('.selectFile').html("No file chosen").show()
+ this.$el.find('.selectFile').hide()
+ this.$el.find('.selectFile').html("No file
chosen").removeClass('text-color-red').show()
this.$el.find('.fileValidation').hide();
- this.$el.find('.selectFileValidationMsg').hide();
+ this.ui.selectFileValidationMsg.hide();
this.targetFileObj = undefined;
this.ui.importFilePolicy.val('');
- }
+ this.ui.selectServicesMapping.hide();
+ this.ui.selectZoneMapping.hide();
+ this.collection.reset();
+ this.ui.zoneDestination.val('');
+ }
});
return UploadServicePolicy;
diff --git
a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js
b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js
index fd3bb4e..767f278 100644
---
a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js
+++
b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js
@@ -230,17 +230,16 @@ define(function(require){
}
var view = new vUploadServicePolicy({
- serviceType : serviceType,
- collection : new
Backbone.Collection([""]),
+ serviceType : serviceType,
+ collection : new
Backbone.Collection(),
serviceDefList : this.collection,
- services : this.services,
- zoneServiceDefList :
this.componentCollectionModels(this.ui.selectZoneName.val()),
- zoneServices :
this.componentServicesModels(this.ui.selectZoneName.val()),
+ services : this.services,
+ rangerZoneList : this.rangerZoneList,
});
var modal = new Backbone.BootstrapModal({
content : view,
okText :"Import",
- title : 'Import Policy',
+ title : App.vZone && App.vZone.vZoneName &&
!_.isEmpty(App.vZone.vZoneName) ? 'Import Policy For Zone' : 'Import Policy',
animate : true
}).open();
diff --git
a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
index 7589bfa..5ae06d5 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
@@ -950,7 +950,11 @@ define(function(require) {
html = '<label
class="label label-yellow capitalize">'+rawValue+'</label>';
}else if(rawValue ==
'delete'){
html = '<label
class="label label-important capitalize">'+rawValue+'</label>';
- } else {
+ }else if(rawValue
=='IMPORT START'){
+ html = '<label
class="label label-info capitalize">'+rawValue+'</label>';
+ }else if(rawValue
=='IMPORT END'){
+ html = '<label
class="label label-info capitalize">'+rawValue+'</label>';
+ }
else {
rawValue =
rawValue.toLowerCase()
html = '<label
class="label capitalize ">'+rawValue+'</label>';
}
diff --git
a/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js
b/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js
index 3df0ec4..cc9ee8d 100644
---
a/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js
+++
b/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js
@@ -100,7 +100,7 @@ define(function(require){
},
initializeServiceDef : function(){
var url, policyName =
this.collection.findWhere({'attributeName':'Policy Name'});
- if(this.action == 'create'){
+ if(this.action == 'create' || this.action == 'Import
Create'){
this.policyName = policyName.get('newValue');
} else if(this.action == 'delete'){
this.policyName =
policyName.get('previousValue');
@@ -177,7 +177,7 @@ define(function(require){
return difference;
},
getTemplateForView : function(){
- if(this.action == 'create'){
+ if(this.action == 'create' || this.action == 'Import
Create'){
this.template = PolicyOperationDiff_tmpl;
}else if(this.action == 'update'){
this.template = PolicyUpdateOperationDiff_tmpl;
@@ -320,7 +320,7 @@ define(function(require){
if(val != oldResources[key])
this.collection.add({'attributeName':key,
'newValue':val.toString(),'previousValue': oldResources[key],type : "Policy
Resources"});
}, this);
- } else if(this.action == "create"){
+ } else if(this.action == "create" || this.action ==
"Import Create"){
_.each(resources,function(val, key){
this.collection.add({'attributeName':key, 'newValue':val.toString()}); }, this);
} else{
_.each(oldResources,function(val, key){
this.collection.add({'attributeName':key, 'previousValue':val.toString()}); },
this);
diff --git
a/security-admin/src/main/webapp/templates/common/uploadservicepolicy_tmpl.html
b/security-admin/src/main/webapp/templates/common/uploadservicepolicy_tmpl.html
index 150a885..1e4621a 100644
---
a/security-admin/src/main/webapp/templates/common/uploadservicepolicy_tmpl.html
+++
b/security-admin/src/main/webapp/templates/common/uploadservicepolicy_tmpl.html
@@ -12,13 +12,6 @@ KIND, either express or implied. See the License for the
specific
language governing permissions and limitations under the License. --}}
<div>
- <div class="seviceFiled">
- <label><b>Service Type : </b></label>
- <div class="form-inline">
- <input type="text" data-id="componentType" />
- <span class="seviceFiledValidationFile hide
text-color-red"> Required</span>
- </div>
- </div>
<div>
<div>
<b>Select File : </b>
@@ -27,32 +20,47 @@ language governing permissions and limitations under the
License. --}}
file <i class="icon-upload-alt"> </i> <input
type="file" name="image"
data-id="uploadPolicyFile" style="display: none;"
accept=" .json " />
- </label> <span class="selectFileValidationMsg
text-color-red">Please
- select json file </span> <label class="float-right"
for="override">
- Override Policy : <input id="override" type="checkbox"
- data-id="source" data-name="override"
class="margin-left12">
+ </label>
+ <span class="text-color-red"
data-id="selectFileValidationMsg">Please select json file </span>
+ <label class="float-right" for="override">
+ Override Policy : <input id="override" type="checkbox"
data-id="source" data-name="override" class="margin-left12">
</label>
<div class="selectFile margin-left6">No file chosen</div>
- <div class="fileValidation text-color-red margin-left6">Please
- Select Json file format</div>
- <hr>
- <div class="uploadSet">
+ <div class="fileValidation text-color-red margin-left6">Please
Select Json file format</div>
+ <div data-id="selectZoneMapping">
+ <hr>
+ <div class="alert alert-warning show"
data-id="policyInfoAlert"><i class="icon-info-sign searchInfo m-r-xs"></i>
+ All services gets listed on service destination
when Zone destination is blank. When zone is selected at destination, then only
services associated with that zone will be listed.
+ </div>
+ <div class="control-group">
+ <span><b>Specify Zone Mapping : </b></span>
+ <div>
+ <span
class="margin-left-75">Source</span>
+ <span
class="margin-left-213">Destination</span>
+ </div>
+ </div>
+ <div class="form-horizontal">
+ <input type="text" data-id="zoneSource"
readOnly>
+ To
+ <input type="text" data-id="zoneDestination"
placeholder="No zone selected">
+ </div>
+ </div>
+ <div class="uploadSet" data-id="selectServicesMapping">
+ <hr>
<span><b>Specify Service Mapping : </b></span>
<div>
<span class="margin-left-75">Source</span>
<span class="margin-left-213">Destination</span>
</div>
- <div class="serviceMapErrorMsg text-color-red hide
margin-bottom-11">Please
- select/enter service name.</div>
- <div class="serviceMapTextError text-color-red hide
margin-bottom-11" >Source
- service name should not be same.</div>
+ <div class="serviceMapErrorMsg text-color-red hide
margin-bottom-11">Please select/enter service name.</div>
+ <div class="serviceMapTextError text-color-red hide
margin-bottom-11" >Source service name should not be same.</div>
</div>
</div>
- <div class="js-serviceMappingItems"></div>
- <button type="button" class="btn btn-small" data-id="addServiceMaping"
- title="Add">
- <i class="icon-plus"></i>
- </button>
-</div>
-
-
+ <div data-id="selectServicesMapping">
+ <div class="js-serviceMappingItems "></div>
+ <button type="button" class="btn btn-small"
data-id="addServiceMaping"
+ title="Add">
+ <i class="icon-plus"></i>
+ </button>
+ </div>
+</div>
\ No newline at end of file
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index 8f39607..0d75192 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -33,6 +33,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.WebApplicationException;
+import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.admin.client.datatype.RESTResponse;
import org.apache.ranger.biz.AssetMgr;
@@ -52,9 +53,13 @@ import org.apache.ranger.common.ServiceUtil;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXSecurityZoneDao;
+import org.apache.ranger.db.XXSecurityZoneRefServiceDao;
import org.apache.ranger.db.XXServiceDao;
import org.apache.ranger.db.XXServiceDefDao;
import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.entity.XXSecurityZone;
+import org.apache.ranger.entity.XXSecurityZoneRefService;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.plugin.model.RangerPluginInfo;
@@ -1536,7 +1541,7 @@ public class TestServiceREST {
request.setAttribute("serviceType",
"hdfs,hbase,hive,yarn,knox,storm,solr,kafka,nifi,atlas,sqoop");
HttpServletResponse response =
Mockito.mock(HttpServletResponse.class);
SearchFilter filter = new SearchFilter();
-
+ filter.setParam("zoneName", "zone1");
Mockito.when(searchUtil.getSearchFilter(request,
policyService.sortFields)).thenReturn(filter);
Mockito.when(svcStore.getPolicies(filter)).thenReturn(rangerPolicyList);
Mockito.when(bizUtil.isAdmin()).thenReturn(true);
@@ -1547,7 +1552,6 @@ public class TestServiceREST {
Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
Mockito.when(daoManager.getXXServiceDef()).thenReturn(xServiceDefDao);
-
Mockito.when(daoManager.getXXService().findByName("HDFS_1-1-20150316062453")).thenReturn(xService);
Mockito.when(daoManager.getXXServiceDef().getById(xService.getType())).thenReturn(xServiceDef);
serviceREST.getPoliciesInJson(request, response, false);
@@ -1644,36 +1648,45 @@ public class TestServiceREST {
Mockito.verify(svcStore).getPoliciesInExcel(rangerPolicyList,
response);
}
+
@SuppressWarnings("unchecked")
@Test
public void test49importPoliciesFromFileAllowingOverride() throws
Exception {
HttpServletRequest request =
Mockito.mock(HttpServletRequest.class);
-
+ RangerPolicyValidator policyValidator =
Mockito.mock(RangerPolicyValidator.class) ;
Map<String, RangerPolicy> policiesMap = new
LinkedHashMap<String, RangerPolicy>();
-
RangerPolicy rangerPolicy = rangerPolicy();
-
XXService xService = xService();
policiesMap.put("Name", rangerPolicy);
XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
XXServiceDef xServiceDef = serviceDef();
XXServiceDefDao xServiceDefDao =
Mockito.mock(XXServiceDefDao.class);
+ XXSecurityZoneRefServiceDao xSecZoneRefServiceDao =
Mockito.mock(XXSecurityZoneRefServiceDao.class);
+ XXSecurityZoneRefService xSecZoneRefService =
Mockito.mock(XXSecurityZoneRefService.class);
+ XXSecurityZoneDao xSecZoneDao =
Mockito.mock(XXSecurityZoneDao.class);
+ XXSecurityZone xSecZone = Mockito.mock(XXSecurityZone.class);
+ List<XXSecurityZoneRefService> zoneServiceList = new
ArrayList<>();
+ zoneServiceList.add(xSecZoneRefService);
+ Map<String, String> zoneMappingMap = new LinkedHashMap<String,
String>();
+ zoneMappingMap.put("ZoneSource", "ZoneDestination");
String PARAM_SERVICE_TYPE = "serviceType";
String serviceTypeList =
"hdfs,hbase,hive,yarn,knox,storm,solr,kafka,nifi,atlas,sqoop";
request.setAttribute("serviceType",
"hdfs,hbase,hive,yarn,knox,storm,solr,kafka,nifi,atlas,sqoop");
SearchFilter filter = new SearchFilter();
filter.setParam("serviceType", "value");
- Mockito.when(searchUtil.getSearchFilter(request,
policyService.sortFields)).thenReturn(filter);
-
Mockito.when(request.getParameter(PARAM_SERVICE_TYPE)).thenReturn(serviceTypeList);
File jsonPolicyFile = new File(importPoliceTestFilePath);
InputStream uploadedInputStream = new
FileInputStream(jsonPolicyFile);
FormDataContentDisposition fileDetail =
FormDataContentDisposition.name("file")
.fileName(jsonPolicyFile.getName()).size(uploadedInputStream.toString().length()).build();
boolean isOverride = true;
- Mockito.when(svcStore.createPolicyMap(Mockito.any(Map.class),
Mockito.any(List.class), Mockito.any(List.class),
+ InputStream zoneInputStream
=IOUtils.toInputStream("ZoneSource=ZoneDestination", "UTF-8");
+
+ Mockito.when(searchUtil.getSearchFilter(request,
policyService.sortFields)).thenReturn(filter);
+
Mockito.when(request.getParameter(PARAM_SERVICE_TYPE)).thenReturn(serviceTypeList);
+ Mockito.when(svcStore.createPolicyMap(Mockito.any(Map.class),
Mockito.any(List.class),Mockito.anyString(),Mockito.any(Map.class),
Mockito.any(List.class), Mockito.any(List.class),
Mockito.any(RangerPolicy.class),
Mockito.any(Map.class))).thenReturn(policiesMap);
Mockito.when(validatorFactory.getPolicyValidator(svcStore)).thenReturn(policyValidator);
Mockito.when(bizUtil.isAdmin()).thenReturn(true);
@@ -1683,8 +1696,15 @@ public class TestServiceREST {
Mockito.when(daoManager.getXXService().findByName("HDFS_1-1-20150316062453")).thenReturn(xService);
Mockito.when(daoManager.getXXServiceDef().getById(xService.getType())).thenReturn(xServiceDef);
+
Mockito.when(validatorFactory.getPolicyValidator(svcStore)).thenReturn(policyValidator);
+
Mockito.when(svcStore.getMapFromInputStream(zoneInputStream)).thenReturn(zoneMappingMap);
+
Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xSecZoneDao);
+
Mockito.when(xSecZoneDao.findByZoneName(Mockito.anyString())).thenReturn(xSecZone);
+
Mockito.when(daoManager.getXXSecurityZoneRefService()).thenReturn(xSecZoneRefServiceDao);
+
Mockito.when(xSecZoneRefServiceDao.findByServiceNameAndZoneId(Mockito.anyString(),Mockito.anyLong())).thenReturn(zoneServiceList);
+
+ serviceREST.importPoliciesFromFile(request, null,
zoneInputStream, uploadedInputStream, fileDetail, isOverride , "unzoneToZone");
- serviceREST.importPoliciesFromFile(request, null,
uploadedInputStream, fileDetail, isOverride);
Mockito.verify(svcStore).createPolicy(rangerPolicy);
}
@@ -1693,32 +1713,39 @@ public class TestServiceREST {
@Test
public void test50importPoliciesFromFileNotAllowingOverride() throws
Exception {
HttpServletRequest request =
Mockito.mock(HttpServletRequest.class);
-
Map<String, RangerPolicy> policiesMap = new
LinkedHashMap<String, RangerPolicy>();
-
RangerPolicy rangerPolicy = rangerPolicy();
-
XXService xService = xService();
policiesMap.put("Name", rangerPolicy);
XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
XXServiceDef xServiceDef = serviceDef();
XXServiceDefDao xServiceDefDao =
Mockito.mock(XXServiceDefDao.class);
+ XXSecurityZoneRefServiceDao xSecZoneRefServiceDao =
Mockito.mock(XXSecurityZoneRefServiceDao.class);
+ XXSecurityZoneRefService xSecZoneRefService =
Mockito.mock(XXSecurityZoneRefService.class);
+ XXSecurityZoneDao xSecZoneDao =
Mockito.mock(XXSecurityZoneDao.class);
+ XXSecurityZone xSecZone = Mockito.mock(XXSecurityZone.class);
+ List<XXSecurityZoneRefService> zoneServiceList = new
ArrayList<>();
+ zoneServiceList.add(xSecZoneRefService);
+ Map<String, String> zoneMappingMap = new LinkedHashMap<String,
String>();
+ zoneMappingMap.put("ZoneSource", "ZoneDestination");
String PARAM_SERVICE_TYPE = "serviceType";
String serviceTypeList =
"hdfs,hbase,hive,yarn,knox,storm,solr,kafka,nifi,atlas,sqoop";
request.setAttribute("serviceType",
"hdfs,hbase,hive,yarn,knox,storm,solr,kafka,nifi,atlas,sqoop");
SearchFilter filter = new SearchFilter();
filter.setParam("serviceType", "value");
- Mockito.when(searchUtil.getSearchFilter(request,
policyService.sortFields)).thenReturn(filter);
-
Mockito.when(request.getParameter(PARAM_SERVICE_TYPE)).thenReturn(serviceTypeList);
File jsonPolicyFile = new File(importPoliceTestFilePath);
InputStream uploadedInputStream = new
FileInputStream(jsonPolicyFile);
FormDataContentDisposition fileDetail =
FormDataContentDisposition.name("file")
.fileName(jsonPolicyFile.getName()).size(uploadedInputStream.toString().length()).build();
boolean isOverride = false;
- Mockito.when(svcStore.createPolicyMap(Mockito.any(Map.class),
Mockito.any(List.class), Mockito.any(List.class),
+ InputStream zoneInputStream =
IOUtils.toInputStream("ZoneSource=ZoneDestination", "UTF-8");
+
+ Mockito.when(searchUtil.getSearchFilter(request,
policyService.sortFields)).thenReturn(filter);
+
Mockito.when(request.getParameter(PARAM_SERVICE_TYPE)).thenReturn(serviceTypeList);
+ Mockito.when(svcStore.createPolicyMap(Mockito.any(Map.class),
Mockito.any(List.class),Mockito.anyString(),Mockito.any(Map.class),
Mockito.any(List.class), Mockito.any(List.class),
Mockito.any(RangerPolicy.class),
Mockito.any(Map.class))).thenReturn(policiesMap);
Mockito.when(validatorFactory.getPolicyValidator(svcStore)).thenReturn(policyValidator);
Mockito.when(bizUtil.isAdmin()).thenReturn(true);
@@ -1729,7 +1756,13 @@ public class TestServiceREST {
Mockito.when(daoManager.getXXService().findByName("HDFS_1-1-20150316062453")).thenReturn(xService);
Mockito.when(daoManager.getXXServiceDef().getById(xService.getType())).thenReturn(xServiceDef);
- serviceREST.importPoliciesFromFile(request, null,
uploadedInputStream, fileDetail, isOverride);
+
Mockito.when(svcStore.getMapFromInputStream(zoneInputStream)).thenReturn(zoneMappingMap);
+
Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xSecZoneDao);
+
Mockito.when(xSecZoneDao.findByZoneName(Mockito.anyString())).thenReturn(xSecZone);
+
Mockito.when(daoManager.getXXSecurityZoneRefService()).thenReturn(xSecZoneRefServiceDao);
+
Mockito.when(xSecZoneRefServiceDao.findByServiceNameAndZoneId(Mockito.anyString(),Mockito.anyLong())).thenReturn(zoneServiceList);
+
+ serviceREST.importPoliciesFromFile(request, null,
zoneInputStream, uploadedInputStream, fileDetail, isOverride, "unzoneToUnZone");
Mockito.verify(svcStore).createPolicy(rangerPolicy);
}
