This is an automated email from the ASF dual-hosted git repository.

mehul pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit ff0682b35dd6008627c87695b19d607e57548f62
Author: Dineshkumar Yadav <[email protected]>
AuthorDate: Wed Apr 14 13:49:16 2021 +0530

    RANGER-3214 : Configure default audit filters when ranger repo is created
    
    Signed-off-by: Mehul Parikh <[email protected]>
---
 .../service-defs/ranger-servicedef-atlas.json      |  13 ++
 .../service-defs/ranger-servicedef-hbase.json      |  13 ++
 .../service-defs/ranger-servicedef-hdfs.json       |  13 ++
 .../service-defs/ranger-servicedef-hive.json       |  13 ++
 .../service-defs/ranger-servicedef-kafka.json      |  13 ++
 .../service-defs/ranger-servicedef-knox.json       |  13 ++
 .../service-defs/ranger-servicedef-ozone.json      |  13 ++
 .../service-defs/ranger-servicedef-solr.json       |  13 ++
 .../optimized/current/ranger_core_db_mysql.sql     |   2 +
 .../optimized/current/ranger_core_db_oracle.sql    |   2 +
 .../optimized/current/ranger_core_db_postgres.sql  |   2 +
 .../current/ranger_core_db_sqlanywhere.sql         |   4 +
 .../optimized/current/ranger_core_db_sqlserver.sql |   2 +
 .../java/org/apache/ranger/biz/ServiceDBStore.java |   7 +
 ...viceDefUpdateForDefaultAuditFilters_J10049.java | 186 +++++++++++++++++++++
 .../patch/PatchForDefaultAuidtFilters_J10050.java  | 159 ++++++++++++++++++
 .../views/service/RangerServiceViewDetail.js       |   9 +-
 .../webapp/scripts/views/service/ServiceForm.js    |   9 +
 18 files changed, 482 insertions(+), 4 deletions(-)

diff --git 
a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 
b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
index 4ce7ec9..d8331db 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
@@ -441,6 +441,19 @@
                        "type": "string",
                        "mandatory": false,
                        "label": "Common Name for Certificate"
+               },
+
+               {
+                       "itemId": 5,
+                       "name": "ranger.plugin.audit.filters",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": false,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Ranger Default Audit Filters",
+                       "defaultValue": "[ {'accessResult': 'DENIED', 
'isAudited': true}, {'users':['atlas'] ,'isAudited':false} ]"
                }
        ],
        "options": {
diff --git 
a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json 
b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
index 594e175..791b5bc 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
@@ -208,6 +208,19 @@
                        "validationMessage": "",
                        "uiHint":"",
                        "label": "Common Name for Certificate"
+               },
+
+               {
+                       "itemId": 10,
+                       "name": "ranger.plugin.audit.filters",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": false,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Ranger Default Audit Filters",
+                       "defaultValue": "[{'accessResult': 'DENIED', 
'isAudited': true},{'resources':{'table':{'values':['*-ROOT-*','*.META.*', 
'*_acl_*', 'hbase:meta', 'hbase:acl']}}, 'users':['hbase'], 'isAudited': false 
}, 
{'resources':{'table':{'values':['atlas_janus','ATLAS_ENTITY_AUDIT_EVENTS']},'column-family':{'values':['*']},'column':{'values':['*']}},'users':['atlas'],'isAudited':false},{'users':['hbase'],
 'actions':['balance'],'isAudited':false}]"
                }
        ],
 
diff --git 
a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json 
b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
index fbb16d7..b04b906 100755
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
@@ -180,6 +180,19 @@
                        "validationMessage": "",
                        "uiHint":"",
                        "label": "Common Name for Certificate"
+               },
+
+               {
+                       "itemId": 12,
+                       "name": "ranger.plugin.audit.filters",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": false,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Ranger Default Audit Filters",
+                       "defaultValue": "[{'accessResult': 'DENIED', 
'isAudited': true}, {'actions':['delete','rename'],'isAudited':true}, 
{'users':['hdfs'], 'actions': ['listStatus', 'getfileinfo', 
'listCachePools','listCacheDirectives'], 'isAudited': false}, {'actions': 
['getfileinfo'], 'isAudited':false} ]"
                }
        ],
 
diff --git 
a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json 
b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
index 42df0a8..ab8ca5c 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
@@ -302,6 +302,19 @@
                        "validationMessage": "",
                        "uiHint":"",
                        "label": "Common Name for Certificate"
+               },
+
+               {
+                       "itemId": 6,
+                       "name": "ranger.plugin.audit.filters",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": false,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Ranger Default Audit Filters",
+                       "defaultValue": "[ {'accessResult': 'DENIED', 
'isAudited': true}, {'actions':['METADATA OPERATION'], 'isAudited': false}, 
{'users':['hive','hue'],'actions':['SHOW_ROLES'],'isAudited':false} ]"
                }
        ],
 
diff --git 
a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json 
b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
index 6ea52f7..1deb969 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
@@ -211,6 +211,19 @@
                        "type":"string",
                        "mandatory":false,
                        "label":"Ranger Plugin SSL CName"
+               },
+
+               {
+                       "itemId": 5,
+                       "name": "ranger.plugin.audit.filters",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": false,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Ranger Default Audit Filters",
+                       "defaultValue": "[{'accessResult': 'DENIED', 
'isAudited': 
true},{'resources':{'topic':{'values':['ATLAS_ENTITIES']}},'users':['atlas'],'actions':['publish'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_HOOK']}},'users':['atlas'],'actions':['consume'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_HOOK']}},'users':['hive','hbase','impala','nifi'],'actions':['publish'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_ENTITIES']}},'users':['rangertagsy
 [...]
                }
        ],
        "enums":[
diff --git 
a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json 
b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
index aa0f672..410b9ef 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
@@ -100,6 +100,19 @@
                        "validationMessage": "",
                        "uiHint":"",
                        "label": "Common Name for Certificate"
+               },
+
+               {
+                       "itemId":5,
+                       "name": "ranger.plugin.audit.filters",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": false,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Ranger Default Audit Filters",
+                       "defaultValue": "[ {'accessResult': 'DENIED', 
'isAudited': true}, {'users':['knox'] ,'isAudited':false} ]"
                }
        ],
 
diff --git 
a/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json 
b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
index b9a0275..a009ab2 100755
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
@@ -199,6 +199,19 @@
                        "validationRegEx":"",
                        "validationMessage": "",
                        "uiHint":""
+               },
+
+               {
+                       "itemId": 7,
+                       "name": "ranger.plugin.audit.filters",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": false,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Ranger Default Audit Filters",
+                       "defaultValue": "[ {'accessResult': 'DENIED', 
'isAudited': true}, {'users':['om'] ,'isAudited':false} ]"
                }
        ],
 
diff --git 
a/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json 
b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
index ec2ebcf..dfaa2f7 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
@@ -95,6 +95,19 @@
                        "validationMessage":"",
                        "uiHint":"",
                        "label":"Ranger Plugin SSL CName"
+               },
+
+               {
+                       "itemId":600,
+                       "name": "ranger.plugin.audit.filters",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": false,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Ranger Default Audit Filters",
+                       "defaultValue": "[ {'accessResult': 'DENIED', 
'isAudited': true}, 
{'users':['hive','hdfs','kafka','hbase','solr','rangerraz','knox','atlas'] 
,'isAudited':false} ]"
                }
                
        ],
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 7179dc9..9d0cd9d 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1834,4 +1834,6 @@ INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10044',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10045',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10046',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10049',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10050',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git 
a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 40917cd..1904c68 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -2048,5 +2048,7 @@ INSERT INTO x_db_version_h 
(id,version,inst_at,inst_by,updated_at,updated_by,act
 INSERT INTO x_db_version_h 
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
(X_DB_VERSION_H_SEQ.nextval,'J10044',sys_extract_utc(systimestamp),'Ranger 
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h 
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
(X_DB_VERSION_H_SEQ.nextval,'J10045',sys_extract_utc(systimestamp),'Ranger 
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h 
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
(X_DB_VERSION_H_SEQ.nextval,'J10046',sys_extract_utc(systimestamp),'Ranger 
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h 
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
(X_DB_VERSION_H_SEQ.nextval,'J10049',sys_extract_utc(systimestamp),'Ranger 
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h 
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
(X_DB_VERSION_H_SEQ.nextval,'J10050',sys_extract_utc(systimestamp),'Ranger 
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h 
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
(X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger
 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 commit;
diff --git 
a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index ba9eb01..51ef67b 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1972,6 +1972,8 @@ INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10044',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10045',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10046',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10049',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10050',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('JAVA_PATCHES',current_timestamp,'Ranger 
1.0.0',current_timestamp,'localhost','Y');
 
 DROP VIEW IF EXISTS vx_trx_log;
diff --git 
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
 
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 371846f..97ddb5d 100644
--- 
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ 
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -2393,6 +2393,10 @@ INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active
 GO
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10046',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
+INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10049',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
+INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10050',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
 exit
diff --git 
a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 90004ec..d150150 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -4169,6 +4169,8 @@ INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10044',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10045',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10046',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10049',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('J10050',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h 
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES 
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
 CREATE VIEW [dbo].[vx_trx_log] AS
diff --git 
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index a7871ed..4fb71f0 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -246,6 +246,7 @@ public class ServiceDBStore extends AbstractServiceStore {
        public static Integer TAG_RETENTION_PERIOD_IN_DAYS = 3;
 
        private static final String RANGER_PLUGIN_CONFIG_PREFIX = 
"ranger.plugin.";
+       public static final String RANGER_PLUGIN_AUDIT_FILTERS  = 
"ranger.plugin.audit.filters";
 
        static {
                try {
@@ -3451,6 +3452,12 @@ public class ServiceDBStore extends AbstractServiceStore 
{
                                                "Please provide value of 
mandatory: "+ svcConfDef.getName(),
                                                
MessageEnums.INVALID_INPUT_DATA);
                        }
+
+                       if (StringUtils.equals(svcConfDef.getName(), 
RANGER_PLUGIN_AUDIT_FILTERS) && 
!configs.containsKey(RANGER_PLUGIN_AUDIT_FILTERS)) {
+                               if (svcConfDef.getDefaultvalue() != null) {
+                                       
configs.put(RANGER_PLUGIN_AUDIT_FILTERS, svcConfDef.getDefaultvalue());
+                               }
+                       }
                }
                Map<String, String> validConfigs = new HashMap<String, 
String>();
                for(Entry<String, String> config : configs.entrySet()) {
diff --git 
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.java
 
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.java
new file mode 100644
index 0000000..d8abc0a
--- /dev/null
+++ 
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.java
@@ -0,0 +1,186 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.List;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXServiceConfigDefDao;
+import org.apache.ranger.entity.XXServiceConfigDef;
+import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.service.RangerServiceDefService;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049 extends 
BaseLoader {
+       private static final Logger logger = Logger
+                       
.getLogger(PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.class);
+
+       @Autowired
+       RangerDaoManager daoMgr;
+
+       @Autowired
+       ServiceDBStore svcDBStore;
+
+       @Autowired
+       RangerServiceDefService serviceDefService;
+
+       @Autowired
+       StringUtil stringUtil;
+
+       public static void main(String[] args) {
+               try {
+                       
PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049 loader = 
(PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049) CLIUtil
+                                       
.getBean(PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.class);
+                       loader.init();
+                       while (loader.isMoreToProcess()) {
+                               loader.load();
+                       }
+                       logger.info("Load complete. Exiting!!!");
+                       System.exit(0);
+               } catch (Exception e) {
+                       logger.error("Error loading", e);
+                       System.exit(1);
+               }
+       }
+
+       @Override
+       public void init() throws Exception {
+               // Do Nothing
+       }
+
+       @Override
+       public void execLoad() {
+               logger.info("==> 
PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.execLoad()");
+               try {
+                       updateAllServiceDef();
+               } catch (Exception e) {
+                       logger.error("Error in 
PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.execLoad()", e);
+               }
+               logger.info("<== 
PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.execLoad()");
+       }
+
+       @Override
+       public void printStats() {
+               logger.info("adding default audit-filters to all service-defs");
+       }
+
+       private void updateAllServiceDef() throws Exception {
+               if(logger.isDebugEnabled()) {
+                       logger.debug("==> 
PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.updateAllServiceDef()");
+               }
+               List<XXServiceDef> allXXServiceDefs;
+               allXXServiceDefs = daoMgr.getXXServiceDef().getAll();
+
+               if (CollectionUtils.isNotEmpty(allXXServiceDefs)) {
+                       logger.info("Found " + allXXServiceDefs.size() + " 
services-defs");
+                       for (XXServiceDef xxServiceDef : allXXServiceDefs) {
+
+                               String serviceDefName = xxServiceDef.getName();
+
+                               try {
+                                       RangerServiceConfigDef 
defualtAuditFiltersSvcConfDef = 
getDefaultAuditFiltersByServiceDef(serviceDefName);
+
+                                       if (defualtAuditFiltersSvcConfDef == 
null) {
+                                               logger.info("No default 
audit-filter available for service-def " + serviceDefName + ". Skipped");
+                                               continue;
+                                       }
+
+                                       RangerServiceDef serviceDef = 
svcDBStore.getServiceDefByName(serviceDefName);
+
+                                       if (serviceDef != null) {
+                                               List<RangerServiceConfigDef> 
svcConfDefList = serviceDef.getConfigs();
+                                               boolean 
defaultAuditFiltresFound = false;
+                                               for (RangerServiceConfigDef 
svcConfDef : svcConfDefList) {
+                                                       if 
(StringUtils.equals(svcConfDef.getName(), 
ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) {
+                                                               
defaultAuditFiltresFound = true;
+                                                               break;
+                                                       }
+                                               }
+                                               if (!defaultAuditFiltresFound) {
+                                                       logger.info("adding 
default audit-filter for service-def:[" + serviceDefName + "]");
+                                                       int sortOrder = 
serviceDef.getConfigs().size() - 1;
+                                                       
addDefaultAuditFilterConfig(defualtAuditFiltersSvcConfDef, xxServiceDef, 
sortOrder);
+                                                       logger.info("Completed 
adding default audit-filter for service-def:[" + serviceDefName + "]");
+                                               }else {
+                                                       logger.info("default 
audit-filter already available for service-def " + serviceDefName + ". 
Skipped");
+                                               }
+
+                                       }else {
+                                               logger.info("No service-def:[" 
+ serviceDefName + "] found");
+                                       }
+                                       
+                               } catch (Exception e) {
+                                       logger.error("Error while adding 
default audit-filter service-def:[" + serviceDefName + "]", e);
+                               }
+                       }
+               }else {
+                       logger.info("No service-def found");
+               }
+               if(logger.isDebugEnabled()) {
+                       logger.debug("<== 
PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.updateAllServiceDef()");
+               }
+       }
+
+       private RangerServiceConfigDef 
getDefaultAuditFiltersByServiceDef(String serviceDefName) throws Exception {
+               if(logger.isDebugEnabled()) {
+                       logger.debug("==> 
PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.getDefaultAuditFiltersByServiceDef()
 for serviceDefName:["+serviceDefName+ "]");
+               }
+               RangerServiceConfigDef ret = null;
+               RangerServiceDef embeddedAtlasServiceDef = null;
+               embeddedAtlasServiceDef = 
EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(serviceDefName);
+
+               List<RangerServiceConfigDef> svcConfDefList = 
embeddedAtlasServiceDef.getConfigs();
+               for (RangerServiceConfigDef svcConfDef : svcConfDefList) {
+                       if (StringUtils.equals(svcConfDef.getName(), 
ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) {
+                               ret = svcConfDef;
+                               break;
+                       }
+               }
+
+               if(logger.isDebugEnabled()) {
+                       logger.debug("<== 
PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.getDefaultAuditFiltersByServiceDef()
 for serviceDefName:["+serviceDefName+"] ret : "+ret);
+               }
+               return ret;
+       }
+
+       private void addDefaultAuditFilterConfig(RangerServiceConfigDef config, 
XXServiceDef createdSvcDef, int sortOrder) {
+               if(logger.isDebugEnabled()) {
+                       logger.debug("==> 
PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.addDefaultAuditFilterConfig()
 for config:["+config+"] sortOrder: "+sortOrder );
+               }
+               XXServiceConfigDefDao xxServiceConfigDao = 
daoMgr.getXXServiceConfigDef();
+               XXServiceConfigDef xConfig = new XXServiceConfigDef();
+               xConfig = 
serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, 
createdSvcDef,
+                               
RangerServiceDefService.OPERATION_CREATE_CONTEXT);
+               xConfig.setOrder(sortOrder);
+               xConfig = xxServiceConfigDao.create(xConfig);
+               if(logger.isDebugEnabled()) {
+                       logger.debug("<== 
PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049.addDefaultAuditFilterConfig()
 for config:["+config+"] sortOrder: "+sortOrder);
+               }
+       }
+}
\ No newline at end of file
diff --git 
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForDefaultAuidtFilters_J10050.java
 
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForDefaultAuidtFilters_J10050.java
new file mode 100644
index 0000000..542f395
--- /dev/null
+++ 
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForDefaultAuidtFilters_J10050.java
@@ -0,0 +1,159 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXServiceConfigMapDao;
+import org.apache.ranger.entity.XXService;
+import org.apache.ranger.entity.XXServiceConfigDef;
+import org.apache.ranger.entity.XXServiceConfigMap;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.service.RangerAuditFields;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PatchForDefaultAuidtFilters_J10050 extends BaseLoader {
+
+       private static final Logger logger = 
Logger.getLogger(PatchForDefaultAuidtFilters_J10050.class);
+
+       @Autowired
+       RangerDaoManager daoMgr;
+
+       @Autowired
+       ServiceDBStore svcStore;
+
+       @Autowired
+       RangerAuditFields<?> rangerAuditFields;
+
+       public static void main(String[] args) {
+
+               logger.info("main()");
+               try {
+                       PatchForDefaultAuidtFilters_J10050 loader = 
(PatchForDefaultAuidtFilters_J10050) CLIUtil
+                                       
.getBean(PatchForDefaultAuidtFilters_J10050.class);
+                       loader.init();
+                       while (loader.isMoreToProcess()) {
+                               loader.load();
+                       }
+                       logger.info("Load complete. Exiting!!!");
+                       System.exit(0);
+               } catch (Exception e) {
+                       logger.error("Error loading", e);
+                       System.exit(1);
+               }
+       }
+
+       @Override
+       public void init() throws Exception {
+               // Do Nothing
+       }
+
+       @Override
+       public void printStats() {
+               logger.info("adding default audit-filters to all services");
+
+       }
+
+       @Override
+       public void execLoad() {
+               logger.info("==> PatchForDefaultAuidtFilters.execLoad()");
+
+               try {
+                       addDefaultAuditFilters();
+               } catch (Exception e) {
+                       logger.error("Error while PatchForDefaultAuidtFilters", 
e);
+                       System.exit(1);
+               }
+               logger.info("<== PatchForDefaultAuidtFilters.execLoad()");
+       }
+
+       private void addDefaultAuditFilters() throws Exception {
+               logger.debug("==> 
PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilters()");
+
+               Map<String, String> defaultAuditFiltersMap = null;
+
+               List<XXService> xxServiceList = daoMgr.getXXService().getAll();
+
+               if (CollectionUtils.isNotEmpty(xxServiceList)) {
+                       logger.info("Found " + xxServiceList.size() + " 
services");
+                       defaultAuditFiltersMap = new HashMap<String, String>();
+
+                       for (XXService xservice : xxServiceList) {
+                               RangerService rangerService = 
svcStore.getServiceByName(xservice.getName());
+                               if (rangerService != null && 
!rangerService.getConfigs().containsKey(ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS))
 {
+
+                                       if 
(!defaultAuditFiltersMap.containsKey(rangerService.getType())) {
+                                               List<XXServiceConfigDef> 
svcConfDefList = daoMgr.getXXServiceConfigDef()
+                                                               
.findByServiceDefName(rangerService.getType());
+                                               for(XXServiceConfigDef 
svcConfDef : svcConfDefList) {
+                                                       
if(StringUtils.equals(svcConfDef.getName(),ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS))
 {
+                                                               
defaultAuditFiltersMap.put(rangerService.getType(), 
svcConfDef.getDefaultvalue());
+                                                               continue;
+                                                       }
+                                               }
+                                       }
+
+                                       if 
(defaultAuditFiltersMap.get(rangerService.getType()) != null) {
+                                               Map<String, String> configs = 
rangerService.getConfigs();
+                                               if 
(!configs.containsKey(ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS)) {
+                                                       logger.info("adding 
default audit-filter to service " + rangerService.getName());
+                                                       
addDefaultAuditFilterConfig(xservice, 
defaultAuditFiltersMap.get(rangerService.getType()));
+                                               }
+                                       }else {
+                                               logger.info("No default 
audit-filter available for service " + rangerService.getName() + ". Skipped");
+                                       }
+                               }
+                       }
+               }
+
+               logger.info("<== 
PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilters()");
+       }
+
+       private void addDefaultAuditFilterConfig(XXService xservice, String 
defaultValue) {
+               if (logger.isDebugEnabled()) {
+                       logger.debug("==> 
PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilterConfig() for service 
(id="
+                                       + xservice.getId() + ")");
+               }
+               try {
+                       XXServiceConfigMapDao xConfMapDao = 
daoMgr.getXXServiceConfigMap();
+                       XXServiceConfigMap xConfMap = new XXServiceConfigMap();
+                       xConfMap = (XXServiceConfigMap) 
rangerAuditFields.populateAuditFields(xConfMap, xservice);
+                       xConfMap.setServiceId(xservice.getId());
+                       
xConfMap.setConfigkey(ServiceDBStore.RANGER_PLUGIN_AUDIT_FILTERS);
+                       xConfMap.setConfigvalue(defaultValue);
+                       xConfMapDao.create(xConfMap);
+               } catch (Exception e) {
+                       logger.error("default audit filters addition for 
service (id=" + xservice.getId() + ") failed!!");
+                       throw e;
+               }
+               if (logger.isDebugEnabled()) {
+                       logger.debug("<== 
PatchForDefaultAuidtFilters_J10050.addDefaultAuditFilterConfig()");
+               }
+       }
+
+}
\ No newline at end of file
diff --git 
a/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
 
b/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
index c8a47a4..e057cb1 100644
--- 
a/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
+++ 
b/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
@@ -89,10 +89,11 @@ define(function(require) {
                         customConfigs = _.omit(customConfigs , m.name);
                     })
                     this.conf = configs;
-                    this.auditFilters = (_.isEmpty(customConfigs) && 
_.isUndefined(customConfigs['ranger.plugin.audit.filters'])) ?
-                        false : customConfigs['ranger.plugin.audit.filters'];
-                    this.customConfigs = _.isEmpty(_.omit(customConfigs, 
'ranger.plugin.audit.filters')) ?
-                        false : _.omit(customConfigs, 
'ranger.plugin.audit.filters');
+                    this.auditFilters = (_.isEmpty(this.conf) && 
_.isUndefined(this.conf['Ranger Default Audit Filters'])) ?
+                        false : this.conf['Ranger Default Audit Filters'];
+                    this.conf = _.omit(this.conf, 'Ranger Default Audit 
Filters')
+                    this.customConfigs = _.isEmpty(_.omit(customConfigs, 
'Ranger Default Audit Filters')) ?
+                        false : _.omit(customConfigs, 'Ranger Default Audit 
Filters');
                     if(this.auditFilters){
                         this.auditFilters = 
JSON.parse((this.auditFilters).replace(/'/g, '"'));
                     }
diff --git 
a/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js 
b/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js
index 983f65b..41872af 100644
--- a/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js
+++ b/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js
@@ -110,6 +110,13 @@ define(function(require){
                                        var auditFilterCollValue = 
this.model.get('configs')['ranger.plugin.audit.filters'];
                                        delete 
this.model.get('configs')['ranger.plugin.audit.filters']
                                }
+                               var configs = 
this.rangerServiceDefModel.get('configs');
+                               var auditFilterCollValueIndex = 
_.findIndex(configs,function(m){
+                                       return m.name == 
'ranger.plugin.audit.filters'
+                               })
+                               if(auditFilterCollValueIndex != -1) {
+                                       
configs.splice(auditFilterCollValueIndex, 1);
+                               }
                                
_.each(this.model.get('configs'),function(value, name){
                                        var configObj = 
_.findWhere(this.rangerServiceDefModel.get('configs'),{'name' : name });
                                        if(!_.isUndefined(configObj) && 
configObj.type == 'bool'){
@@ -231,6 +238,8 @@ define(function(require){
                                        auditFiltter.push(e.attributes);
                                })
                                config['ranger.plugin.audit.filters'] = 
(JSON.stringify(auditFiltter)).replace(/"/g, "'");
+                       } else {
+                               config['ranger.plugin.audit.filters'] = "";
                        }
                        this.model.set('configs',config);
 

Reply via email to