This is an automated email from the ASF dual-hosted git repository. mehul pushed a commit to branch ranger-2.2 in repository https://gitbox.apache.org/repos/asf/ranger.git
commit ff0682b35dd6008627c87695b19d607e57548f62 Author: Dineshkumar Yadav <[email protected]> AuthorDate: Wed Apr 14 13:49:16 2021 +0530 RANGER-3214 : Configure default audit filters when ranger repo is created Signed-off-by: Mehul Parikh <[email protected]> --- .../service-defs/ranger-servicedef-atlas.json | 13 ++ .../service-defs/ranger-servicedef-hbase.json | 13 ++ .../service-defs/ranger-servicedef-hdfs.json | 13 ++ .../service-defs/ranger-servicedef-hive.json | 13 ++ .../service-defs/ranger-servicedef-kafka.json | 13 ++ .../service-defs/ranger-servicedef-knox.json | 13 ++ .../service-defs/ranger-servicedef-ozone.json | 13 ++ .../service-defs/ranger-servicedef-solr.json | 13 ++ .../optimized/current/ranger_core_db_mysql.sql | 2 + .../optimized/current/ranger_core_db_oracle.sql | 2 + .../optimized/current/ranger_core_db_postgres.sql | 2 + .../current/ranger_core_db_sqlanywhere.sql | 4 + .../optimized/current/ranger_core_db_sqlserver.sql | 2 + .../java/org/apache/ranger/biz/ServiceDBStore.java | 7 + ...viceDefUpdateForDefaultAuditFilters_J10049.java | 186 +++++++++++++++++++++ .../patch/PatchForDefaultAuidtFilters_J10050.java | 159 ++++++++++++++++++ .../views/service/RangerServiceViewDetail.js | 9 +- .../webapp/scripts/views/service/ServiceForm.js | 9 + 18 files changed, 482 insertions(+), 4 deletions(-) diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json index 4ce7ec9..d8331db 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json @@ -441,6 +441,19 @@ "type": "string", "mandatory": false, "label": "Common Name for Certificate" + }, + + { + "itemId": 5, + "name": "ranger.plugin.audit.filters", + "type": "string", + "subType": "", + "mandatory": false, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Ranger Default Audit Filters", + "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['atlas'] ,'isAudited':false} ]" } ], "options": { diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json index 594e175..791b5bc 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json @@ -208,6 +208,19 @@ "validationMessage": "", "uiHint":"", "label": "Common Name for Certificate" + }, + + { + "itemId": 10, + "name": "ranger.plugin.audit.filters", + "type": "string", + "subType": "", + "mandatory": false, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Ranger Default Audit Filters", + "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'table':{'values':['*-ROOT-*','*.META.*', '*_acl_*', 'hbase:meta', 'hbase:acl']}}, 'users':['hbase'], 'isAudited': false }, {'resources':{'table':{'values':['atlas_janus','ATLAS_ENTITY_AUDIT_EVENTS']},'column-family':{'values':['*']},'column':{'values':['*']}},'users':['atlas'],'isAudited':false},{'users':['hbase'], 'actions':['balance'],'isAudited':false}]" } ], diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json index fbb16d7..b04b906 100755 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json @@ -180,6 +180,19 @@ "validationMessage": "", "uiHint":"", "label": "Common Name for Certificate" + }, + + { + "itemId": 12, + "name": "ranger.plugin.audit.filters", + "type": "string", + "subType": "", + "mandatory": false, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Ranger Default Audit Filters", + "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true}, {'actions':['delete','rename'],'isAudited':true}, {'users':['hdfs'], 'actions': ['listStatus', 'getfileinfo', 'listCachePools','listCacheDirectives'], 'isAudited': false}, {'actions': ['getfileinfo'], 'isAudited':false} ]" } ], diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json index 42df0a8..ab8ca5c 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json @@ -302,6 +302,19 @@ "validationMessage": "", "uiHint":"", "label": "Common Name for Certificate" + }, + + { + "itemId": 6, + "name": "ranger.plugin.audit.filters", + "type": "string", + "subType": "", + "mandatory": false, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Ranger Default Audit Filters", + "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'actions':['METADATA OPERATION'], 'isAudited': false}, {'users':['hive','hue'],'actions':['SHOW_ROLES'],'isAudited':false} ]" } ], diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json index 6ea52f7..1deb969 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json @@ -211,6 +211,19 @@ "type":"string", "mandatory":false, "label":"Ranger Plugin SSL CName" + }, + + { + "itemId": 5, + "name": "ranger.plugin.audit.filters", + "type": "string", + "subType": "", + "mandatory": false, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Ranger Default Audit Filters", + "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'topic':{'values':['ATLAS_ENTITIES']}},'users':['atlas'],'actions':['publish'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_HOOK']}},'users':['atlas'],'actions':['consume'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_HOOK']}},'users':['hive','hbase','impala','nifi'],'actions':['publish'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_ENTITIES']}},'users':['rangertagsy [...] } ], "enums":[ diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json index aa0f672..410b9ef 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json @@ -100,6 +100,19 @@ "validationMessage": "", "uiHint":"", "label": "Common Name for Certificate" + }, + + { + "itemId":5, + "name": "ranger.plugin.audit.filters", + "type": "string", + "subType": "", + "mandatory": false, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Ranger Default Audit Filters", + "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['knox'] ,'isAudited':false} ]" } ], diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json index b9a0275..a009ab2 100755 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json @@ -199,6 +199,19 @@ "validationRegEx":"", "validationMessage": "", "uiHint":"" + }, + + { + "itemId": 7, + "name": "ranger.plugin.audit.filters", + "type": "string", + "subType": "", + "mandatory": false, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Ranger Default Audit Filters", + "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['om'] ,'isAudited':false} ]" } ], diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json index ec2ebcf..dfaa2f7 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json @@ -95,6 +95,19 @@ "validationMessage":"", "uiHint":"", "label":"Ranger Plugin SSL CName" + }, + + { + "itemId":600, + "name": "ranger.plugin.audit.filters", + "type": "string", + "subType": "", + "mandatory": false, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Ranger Default Audit Filters", + "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['hive','hdfs','kafka','hbase','solr','rangerraz','knox','atlas'] ,'isAudited':false} ]" } ], diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql index 7179dc9..9d0cd9d 100644 --- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql +++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql @@ -1834,4 +1834,6 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10044',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10045',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10046',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql index 40917cd..1904c68 100644 --- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql +++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql @@ -2048,5 +2048,7 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10044',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10045',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10046',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); +INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10049',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); +INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10050',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); commit; diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql index ba9eb01..51ef67b 100644 --- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql +++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql @@ -1972,6 +1972,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10044',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10045',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10046',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); DROP VIEW IF EXISTS vx_trx_log; diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql index 371846f..97ddb5d 100644 --- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql +++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql @@ -2393,6 +2393,10 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active GO INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10046',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); GO +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); +GO +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); +GO INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); GO exit diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql index 90004ec..d150150 100644 --- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql +++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql @@ -4169,6 +4169,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10044',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10045',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10046',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); GO CREATE VIEW [dbo].[vx_trx_log] AS diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index a7871ed..4fb71f0 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -246,6 +246,7 @@ public class ServiceDBStore extends AbstractServiceStore { public static Integer TAG_RETENTION_PERIOD_IN_DAYS = 3; private static final String RANGER_PLUGIN_CONFIG_PREFIX = "ranger.plugin."; + public static final String RANGER_PLUGIN_AUDIT_FILTERS = "ranger.plugin.audit.filters"; static { try { @@ -3451,6 +3452,12 @@ public class ServiceDBStore extends AbstractServiceStore { "Please provide value of mandatory: "+ svcConfDef.getName(), MessageEnums.INVALID_INPUT_DATA); } + + if (StringUtils.equals(svcConfDef.getName(), RANGER_PLUGIN_AUDIT_FILTERS) && !configs.containsKey(RANGER_PLUGIN_AUDIT_FILTERS)) { + if (svcConfDef.getDefaultvalue() != null) { + configs.put(RANGER_PLUGIN_AUDIT_FILTERS, svcConfDef.getDefaultvalue()); + } + } } Map<String, String> validConfigs = new HashMap<String, String>(); for(Entry<String, String> config : configs.entrySet()) { diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.java new file mode 100644 index 0000000..d8abc0a --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.java @@ -0,0 +1,186 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.patch; + +import java.util.List; + +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; +import org.apache.ranger.biz.ServiceDBStore; +import org.apache.ranger.common.StringUtil; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.db.XXServiceConfigDefDao; +import org.apache.ranger.entity.XXServiceConfigDef; +import org.apache.ranger.entity.XXServiceDef; +import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; +import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; +import org.apache.ranger.service.RangerServiceDefService; +import org.apache.ranger.util.CLIUtil; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +@Component +public class PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049 extends BaseLoader { + private static final Logger logger = Logger + .getLogger(PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.class); + + @Autowired + RangerDaoManager daoMgr; + + @Autowired + ServiceDBStore svcDBStore; + + @Autowired + RangerServiceDefService serviceDefService; + + @Autowired + StringUtil stringUtil; + + public static void main(String[] args) { + try { + PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049 loader = (PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049) CLIUtil + .getBean(PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.class); + loader.init(); + while (loader.isMoreToProcess()) { + loader.load(); + } + logger.info("Load complete. Exiting!!!"); + System.exit(0); + } catch (Exception e) { + logger.error("Error loading", e); + System.exit(1); + } + } + + @Override + public void init() throws Exception { + // Do Nothing + } + + @Override + public void execLoad() { + logger.info("==> PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.execLoad()"); + try { + updateAllServiceDef(); + } catch (Exception e) { + logger.error("Error in PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.execLoad()", e); + } + logger.info("<== PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.execLoad()"); + } + + @Override + public void printStats() { + logger.info("adding default audit-filters to all service-defs"); + } + + private void updateAllServiceDef() throws Exception { + if(logger.isDebugEnabled()) { + logger.debug("==> PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.updateAllServiceDef()"); + } + List<XXServiceDef> allXXServiceDefs; + allXXServiceDefs = daoMgr.getXXServiceDef().getAll(); + + if (CollectionUtils.isNotEmpty(allXXServiceDefs)) { + logger.info("Found " + allXXServiceDefs.size() + " services-defs"); + for (XXServiceDef xxServiceDef : allXXServiceDefs) { + + String serviceDefName = xxServiceDef.getName(); + + try { + RangerServiceConfigDef defualtAuditFiltersSvcConfDef = getDefaultAuditFiltersByServiceDef(serviceDefName); + + if (defualtAuditFiltersSvcConfDef == null) { + logger.info("No default audit-filter available for service-def " + serviceDefName + ". Skipped"); + continue; + } + + RangerServiceDef serviceDef = svcDBStore.getServiceDefByName(serviceDefName); + + if (serviceDef != null) { + List<RangerServiceConfigDef> svcConfDefList = serviceDef.getConfigs(); + boolean defaultAuditFiltresFound = false; + for (RangerServiceConfigDef svcConfDef : svcConfDefList) { + if (StringUtils.equals(svcConfDef.getName(), ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) { + defaultAuditFiltresFound = true; + break; + } + } + if (!defaultAuditFiltresFound) { + logger.info("adding default audit-filter for service-def:[" + serviceDefName + "]"); + int sortOrder = serviceDef.getConfigs().size() - 1; + addDefaultAuditFilterConfig(defualtAuditFiltersSvcConfDef, xxServiceDef, sortOrder); + logger.info("Completed adding default audit-filter for service-def:[" + serviceDefName + "]"); + }else { + logger.info("default audit-filter already available for service-def " + serviceDefName + ". Skipped"); + } + + }else { + logger.info("No service-def:[" + serviceDefName + "] found"); + } + + } catch (Exception e) { + logger.error("Error while adding default audit-filter service-def:[" + serviceDefName + "]", e); + } + } + }else { + logger.info("No service-def found"); + } + if(logger.isDebugEnabled()) { + logger.debug("<== PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.updateAllServiceDef()"); + } + } + + private RangerServiceConfigDef getDefaultAuditFiltersByServiceDef(String serviceDefName) throws Exception { + if(logger.isDebugEnabled()) { + logger.debug("==> PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.getDefaultAuditFiltersByServiceDef() for serviceDefName:["+serviceDefName+ "]"); + } + RangerServiceConfigDef ret = null; + RangerServiceDef embeddedAtlasServiceDef = null; + embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(serviceDefName); + + List<RangerServiceConfigDef> svcConfDefList = embeddedAtlasServiceDef.getConfigs(); + for (RangerServiceConfigDef svcConfDef : svcConfDefList) { + if (StringUtils.equals(svcConfDef.getName(), ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) { + ret = svcConfDef; + break; + } + } + + if(logger.isDebugEnabled()) { + logger.debug("<== PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.getDefaultAuditFiltersByServiceDef() for serviceDefName:["+serviceDefName+"] ret : "+ret); + } + return ret; + } + + private void addDefaultAuditFilterConfig(RangerServiceConfigDef config, XXServiceDef createdSvcDef, int sortOrder) { + if(logger.isDebugEnabled()) { + logger.debug("==> PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.addDefaultAuditFilterConfig() for config:["+config+"] sortOrder: "+sortOrder ); + } + XXServiceConfigDefDao xxServiceConfigDao = daoMgr.getXXServiceConfigDef(); + XXServiceConfigDef xConfig = new XXServiceConfigDef(); + xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef, + RangerServiceDefService.OPERATION_CREATE_CONTEXT); + xConfig.setOrder(sortOrder); + xConfig = xxServiceConfigDao.create(xConfig); + if(logger.isDebugEnabled()) { + logger.debug("<== PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.addDefaultAuditFilterConfig() for config:["+config+"] sortOrder: "+sortOrder); + } + } +} \ No newline at end of file diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForDefaultAuidtFilters_J10050.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForDefaultAuidtFilters_J10050.java new file mode 100644 index 0000000..542f395 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForDefaultAuidtFilters_J10050.java @@ -0,0 +1,159 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.patch; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; +import org.apache.ranger.biz.ServiceDBStore; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.db.XXServiceConfigMapDao; +import org.apache.ranger.entity.XXService; +import org.apache.ranger.entity.XXServiceConfigDef; +import org.apache.ranger.entity.XXServiceConfigMap; +import org.apache.ranger.plugin.model.RangerService; +import org.apache.ranger.service.RangerAuditFields; +import org.apache.ranger.util.CLIUtil; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +@Component +public class PatchForDefaultAuidtFilters_J10050 extends BaseLoader { + + private static final Logger logger = Logger.getLogger(PatchForDefaultAuidtFilters_J10050.class); + + @Autowired + RangerDaoManager daoMgr; + + @Autowired + ServiceDBStore svcStore; + + @Autowired + RangerAuditFields<?> rangerAuditFields; + + public static void main(String[] args) { + + logger.info("main()"); + try { + PatchForDefaultAuidtFilters_J10050 loader = (PatchForDefaultAuidtFilters_J10050) CLIUtil + .getBean(PatchForDefaultAuidtFilters_J10050.class); + loader.init(); + while (loader.isMoreToProcess()) { + loader.load(); + } + logger.info("Load complete. Exiting!!!"); + System.exit(0); + } catch (Exception e) { + logger.error("Error loading", e); + System.exit(1); + } + } + + @Override + public void init() throws Exception { + // Do Nothing + } + + @Override + public void printStats() { + logger.info("adding default audit-filters to all services"); + + } + + @Override + public void execLoad() { + logger.info("==> PatchForDefaultAuidtFilters.execLoad()"); + + try { + addDefaultAuditFilters(); + } catch (Exception e) { + logger.error("Error while PatchForDefaultAuidtFilters", e); + System.exit(1); + } + logger.info("<== PatchForDefaultAuidtFilters.execLoad()"); + } + + private void addDefaultAuditFilters() throws Exception { + logger.debug("==> PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilters()"); + + Map<String, String> defaultAuditFiltersMap = null; + + List<XXService> xxServiceList = daoMgr.getXXService().getAll(); + + if (CollectionUtils.isNotEmpty(xxServiceList)) { + logger.info("Found " + xxServiceList.size() + " services"); + defaultAuditFiltersMap = new HashMap<String, String>(); + + for (XXService xservice : xxServiceList) { + RangerService rangerService = svcStore.getServiceByName(xservice.getName()); + if (rangerService != null && !rangerService.getConfigs().containsKey(ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) { + + if (!defaultAuditFiltersMap.containsKey(rangerService.getType())) { + List<XXServiceConfigDef> svcConfDefList = daoMgr.getXXServiceConfigDef() + .findByServiceDefName(rangerService.getType()); + for(XXServiceConfigDef svcConfDef : svcConfDefList) { + if(StringUtils.equals(svcConfDef.getName(),ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) { + defaultAuditFiltersMap.put(rangerService.getType(), svcConfDef.getDefaultvalue()); + continue; + } + } + } + + if (defaultAuditFiltersMap.get(rangerService.getType()) != null) { + Map<String, String> configs = rangerService.getConfigs(); + if (!configs.containsKey(ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) { + logger.info("adding default audit-filter to service " + rangerService.getName()); + addDefaultAuditFilterConfig(xservice, defaultAuditFiltersMap.get(rangerService.getType())); + } + }else { + logger.info("No default audit-filter available for service " + rangerService.getName() + ". Skipped"); + } + } + } + } + + logger.info("<== PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilters()"); + } + + private void addDefaultAuditFilterConfig(XXService xservice, String defaultValue) { + if (logger.isDebugEnabled()) { + logger.debug("==> PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilterConfig() for service (id=" + + xservice.getId() + ")"); + } + try { + XXServiceConfigMapDao xConfMapDao = daoMgr.getXXServiceConfigMap(); + XXServiceConfigMap xConfMap = new XXServiceConfigMap(); + xConfMap = (XXServiceConfigMap) rangerAuditFields.populateAuditFields(xConfMap, xservice); + xConfMap.setServiceId(xservice.getId()); + xConfMap.setConfigkey(ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS); + xConfMap.setConfigvalue(defaultValue); + xConfMapDao.create(xConfMap); + } catch (Exception e) { + logger.error("default audit filters addition for service (id=" + xservice.getId() + ") failed!!"); + throw e; + } + if (logger.isDebugEnabled()) { + logger.debug("<== PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilterConfig()"); + } + } + +} \ No newline at end of file diff --git a/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js b/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js index c8a47a4..e057cb1 100644 --- a/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js +++ b/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js @@ -89,10 +89,11 @@ define(function(require) { customConfigs = _.omit(customConfigs , m.name); }) this.conf = configs; - this.auditFilters = (_.isEmpty(customConfigs) && _.isUndefined(customConfigs['ranger.plugin.audit.filters'])) ? - false : customConfigs['ranger.plugin.audit.filters']; - this.customConfigs = _.isEmpty(_.omit(customConfigs, 'ranger.plugin.audit.filters')) ? - false : _.omit(customConfigs, 'ranger.plugin.audit.filters'); + this.auditFilters = (_.isEmpty(this.conf) && _.isUndefined(this.conf['Ranger Default Audit Filters'])) ? + false : this.conf['Ranger Default Audit Filters']; + this.conf = _.omit(this.conf, 'Ranger Default Audit Filters') + this.customConfigs = _.isEmpty(_.omit(customConfigs, 'Ranger Default Audit Filters')) ? + false : _.omit(customConfigs, 'Ranger Default Audit Filters'); if(this.auditFilters){ this.auditFilters = JSON.parse((this.auditFilters).replace(/'/g, '"')); } diff --git a/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js b/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js index 983f65b..41872af 100644 --- a/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js +++ b/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js @@ -110,6 +110,13 @@ define(function(require){ var auditFilterCollValue = this.model.get('configs')['ranger.plugin.audit.filters']; delete this.model.get('configs')['ranger.plugin.audit.filters'] } + var configs = this.rangerServiceDefModel.get('configs'); + var auditFilterCollValueIndex = _.findIndex(configs,function(m){ + return m.name == 'ranger.plugin.audit.filters' + }) + if(auditFilterCollValueIndex != -1) { + configs.splice(auditFilterCollValueIndex, 1); + } _.each(this.model.get('configs'),function(value, name){ var configObj = _.findWhere(this.rangerServiceDefModel.get('configs'),{'name' : name }); if(!_.isUndefined(configObj) && configObj.type == 'bool'){ @@ -231,6 +238,8 @@ define(function(require){ auditFiltter.push(e.attributes); }) config['ranger.plugin.audit.filters'] = (JSON.stringify(auditFiltter)).replace(/"/g, "'"); + } else { + config['ranger.plugin.audit.filters'] = ""; } this.model.set('configs',config);
