This is an automated email from the ASF dual-hosted git repository.

mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 63a125c  RANGER-3075: Add new authorization privilege - admin-audits 
in Ranger-Atlas service.
63a125c is described below

commit 63a125c0f4bccc88e5dc4e58759c18880aefb3c1
Author: nixonrodrigues <[email protected]>
AuthorDate: Mon Nov 9 18:37:46 2020 +0530

    RANGER-3075: Add new authorization privilege - admin-audits in Ranger-Atlas 
service.
    
    Signed-off-by: Mehul Parikh <[email protected]>
---
 .../service-defs/ranger-servicedef-atlas.json      |   7 +-
 .../optimized/current/ranger_core_db_mysql.sql     |   1 +
 .../optimized/current/ranger_core_db_oracle.sql    |   1 +
 .../optimized/current/ranger_core_db_postgres.sql  |   1 +
 .../current/ranger_core_db_sqlanywhere.sql         |   2 +
 .../optimized/current/ranger_core_db_sqlserver.sql |   1 +
 .../patch/PatchForAtlasAdminAudits_J10042.java     | 160 +++++++++++++++++++++
 7 files changed, 172 insertions(+), 1 deletion(-)

diff --git 
a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 
b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
index 68a3d36..4ce7ec9 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
@@ -115,7 +115,7 @@
                        },
                        "label": "Atlas Service",
                        "description": "Atlas Service",
-                       "accessTypeRestrictions": ["admin-import", 
"admin-export", "admin-purge"]
+                       "accessTypeRestrictions": ["admin-import", 
"admin-export", "admin-purge", "admin-audits"]
                },
                {
                        "itemId": 7,
@@ -406,6 +406,11 @@
                        "itemId": 20,
                        "name": "type-read",
                        "label": "Read Type"
+               },
+               {
+                       "itemId": 21,
+                       "name": "admin-audits",
+                       "label": "Admin Audits"
                }
        ],
        "configs": [
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index b3a219b..fd4916d 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1830,4 +1830,5 @@ INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10038',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10040',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10041',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10042',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git 
a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index b72f233..c58a84f 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -2044,5 +2044,6 @@ INSERT INTO x_db_version_h 
(id,version,inst_at,inst_by,updated_at,updated_by,act
 INSERT INTO x_db_version_h 
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
(X_DB_VERSION_H_SEQ.nextval,'J10038',sys_extract_utc(systimestamp),'Ranger 
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h 
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
(X_DB_VERSION_H_SEQ.nextval,'J10040',sys_extract_utc(systimestamp),'Ranger 
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h 
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
(X_DB_VERSION_H_SEQ.nextval,'J10041',sys_extract_utc(systimestamp),'Ranger 
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h 
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
(X_DB_VERSION_H_SEQ.nextval,'J10042',sys_extract_utc(systimestamp),'Ranger 
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h 
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
(X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger
 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 commit;
diff --git 
a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index b2f1409..b641a91 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1968,6 +1968,7 @@ INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10038',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10040',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10041',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10042',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('JAVA_PATCHES',current_timestamp,'Ranger 
1.0.0',current_timestamp,'localhost','Y');
 
 DROP VIEW IF EXISTS vx_trx_log;
diff --git 
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
 
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 030ea48..ebfea2c 100644
--- 
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ 
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -2385,6 +2385,8 @@ INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active
 GO
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10041',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
+INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10042',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
 exit
diff --git 
a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 04cd470..97625b4 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -4165,6 +4165,7 @@ INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10038',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10040',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10041',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10042',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
 CREATE VIEW [dbo].[vx_trx_log] AS
diff --git 
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasAdminAudits_J10042.java
 
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasAdminAudits_J10042.java
new file mode 100644
index 0000000..892e6c1
--- /dev/null
+++ 
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasAdminAudits_J10042.java
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.RangerValidatorFactory;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef;
+import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
+import org.apache.ranger.plugin.model.validation.RangerValidator.Action;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PatchForAtlasAdminAudits_J10042 extends BaseLoader {
+    private static final Logger logger = 
Logger.getLogger(PatchForAtlasAdminAudits_J10042.class);
+
+    private static final List<String> ATLAS_RESOURCES = new ArrayList<>(
+            Arrays.asList("atlas-service"));
+    private static final List<String> ATLAS_ACCESS_TYPES = new ArrayList<>(
+            Arrays.asList("admin-audits"));
+
+    @Autowired
+    RangerDaoManager daoMgr;
+
+    @Autowired
+    ServiceDBStore svcDBStore;
+
+    @Autowired
+    RangerValidatorFactory validatorFactory;
+
+    @Autowired
+    ServiceDBStore svcStore;
+
+    public static void main(String[] args) {
+        logger.info("main()");
+        try {
+            PatchForAtlasAdminAudits_J10042 loader = 
(PatchForAtlasAdminAudits_J10042) CLIUtil
+                    .getBean(PatchForAtlasAdminAudits_J10042.class);
+            loader.init();
+            while (loader.isMoreToProcess()) {
+                loader.load();
+            }
+            logger.info("Load complete. Exiting!!!");
+            System.exit(0);
+        } catch (Exception e) {
+            logger.error("Error loading", e);
+            System.exit(1);
+        }
+    }
+
+    @Override
+    public void init() throws Exception {
+        // Do Nothing
+    }
+
+    @Override
+    public void execLoad() {
+        logger.info("==> PatchForAtlasAdminAudits_J10042.execLoad()");
+        try {
+            addAdminAuditsPermissionInServiceDef();
+        } catch (Exception e) {
+            throw new RuntimeException(
+                    "Error while updating " + 
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def");
+        }
+        logger.info("<== PatchForAtlasAdminAudits_J10042.execLoad()");
+    }
+
+    @Override
+    public void printStats() {
+        logger.info("PatchForAtlasAdminAudits_J10042 Logs");
+    }
+
+    private void addAdminAuditsPermissionInServiceDef() throws Exception {
+        RangerServiceDef ret = null;
+        RangerServiceDef embeddedAtlasServiceDef = null;
+        XXServiceDef xXServiceDefObj = null;
+        RangerServiceDef dbAtlasServiceDef = null;
+        List<RangerServiceDef.RangerResourceDef> embeddedAtlasResourceDefs = 
null;
+        List<RangerServiceDef.RangerAccessTypeDef> embeddedAtlasAccessTypes = 
null;
+
+        embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance()
+                
.getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
+        if (embeddedAtlasServiceDef != null) {
+            xXServiceDefObj = daoMgr.getXXServiceDef()
+                    
.findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
+            if (xXServiceDefObj == null) {
+                logger.info(xXServiceDefObj + ": service-def not found. No 
patching is needed");
+                return;
+            }
+
+            dbAtlasServiceDef = 
svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
+
+            embeddedAtlasResourceDefs = embeddedAtlasServiceDef.getResources();
+            embeddedAtlasAccessTypes = 
embeddedAtlasServiceDef.getAccessTypes();
+
+            if (checkResourcePresent(embeddedAtlasResourceDefs)) {
+                dbAtlasServiceDef.setResources(embeddedAtlasResourceDefs);
+                if (checkAccessPresent(embeddedAtlasAccessTypes)) {
+                    dbAtlasServiceDef.setAccessTypes(embeddedAtlasAccessTypes);
+                }
+            }
+
+            RangerServiceDefValidator validator = 
validatorFactory.getServiceDefValidator(svcStore);
+            validator.validate(dbAtlasServiceDef, Action.UPDATE);
+            ret = svcStore.updateServiceDef(dbAtlasServiceDef);
+            if (ret == null) {
+                logger.error("Error while updating " + 
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME
+                        + " service-def");
+                throw new RuntimeException("Error while updating "
+                        + 
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def");
+            }
+        }
+    }
+
+    private boolean 
checkResourcePresent(List<RangerServiceDef.RangerResourceDef> resourceDefs) {
+        boolean ret = false;
+        for (RangerServiceDef.RangerResourceDef resourceDef : resourceDefs) {
+            if (ATLAS_RESOURCES.contains(resourceDef.getName())) {
+                ret = true;
+                break;
+            }
+        }
+        return ret;
+    }
+
+    private boolean checkAccessPresent(List<RangerAccessTypeDef> 
embeddedAtlasAccessTypes) {
+        boolean ret = false;
+        for (RangerServiceDef.RangerAccessTypeDef accessDef : 
embeddedAtlasAccessTypes) {
+            if (ATLAS_ACCESS_TYPES.contains(accessDef.getName())) {
+                ret = true;
+                break;
+            }
+        }
+        return ret;
+    }
+}
\ No newline at end of file

Reply via email to