This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 06694866098bc0b14cf800a9e167ab4e866a0113
Merge: f7a8dabb7 4c68c8549
Author: Madhan Neethiraj <mad...@apache.org>
AuthorDate: Mon May 29 23:16:34 2023 -0700
Merge branch 'master' into RANGER-3923
.../RangerDefaultPolicyEvaluator.java | 31 +-
.../apache/ranger/plugin/util/ServiceDefUtil.java | 16 +
.../ranger/plugin/util/ServiceDefUtilTest.java | 28 +
.../server/tomcat/SolrCollectionBootstrapper.java | 8 +
pom.xml | 6 +-
...n-x_rms_service_resource-resource_signature.sql | 3 +-
.../main/java/org/apache/ranger/biz/XUserMgr.java | 14 +-
.../org/apache/ranger/db/XXAuthSessionDao.java | 13 +
.../java/org/apache/ranger/rest/PublicAPIsv2.java | 8 +
.../org/apache/ranger/rest/SecurityZoneREST.java | 18 +
.../main/resources/META-INF/jpa_named_queries.xml | 8 +
.../src/main/webapp/react-webapp/src/App.jsx | 1 +
.../src/components/CommonComponents.jsx | 12 +-
.../react-webapp/src/components/XATableLayout.jsx | 6 +-
.../structured-filter/react-datepicker/calendar.js | 33 +
.../react-datepicker/date_input.js | 6 +-
.../react-datepicker/datepicker.js | 4 +
.../react-typeahead/tokenizer/index.js | 114 +-
.../react-typeahead/tokenizer/token.js | 75 +-
.../react-typeahead/typeahead/index.js | 65 +-
.../webapp/react-webapp/src/hooks/usePrompt.js | 1 -
.../main/webapp/react-webapp/src/styles/style.css | 325 +--
.../main/webapp/react-webapp/src/utils/XAEnums.js | 69 +-
.../main/webapp/react-webapp/src/utils/XAUtils.js | 109 +-
.../src/views/AuditEvent/AccessLogs.jsx | 46 +-
.../src/views/AuditEvent/AccessLogsTable.jsx | 2 +-
.../src/views/AuditEvent/AdminLogs.jsx | 30 +-
.../src/views/AuditEvent/AdminLogs/PolicyLogs.jsx | 2430 ++++++++++----------
.../AuditEvent/AdminLogs/SecurityZonelogs.jsx | 236 +-
.../src/views/AuditEvent/LoginSessionsLogs.jsx | 30 +-
.../src/views/AuditEvent/PluginStatusLogs.jsx | 31 +-
.../src/views/AuditEvent/PluginsLog.jsx | 30 +-
.../react-webapp/src/views/AuditEvent/UserSync.jsx | 36 +-
.../src/views/Encryption/KeyManager.jsx | 29 +-
.../webapp/react-webapp/src/views/ErrorPage.jsx | 21 +-
.../main/webapp/react-webapp/src/views/Header.jsx | 62 +-
.../main/webapp/react-webapp/src/views/Layout.jsx | 42 +-
.../src/views/PermissionsModule/Permissions.jsx | 35 +-
.../src/views/PolicyListing/PolicyListing.jsx | 75 +-
.../src/views/Reports/SearchPolicyTable.jsx | 4 +-
.../src/views/ServiceManager/ServiceDefinition.jsx | 4 +
.../src/views/ServiceManager/ServiceForm.jsx | 8 +-
.../groups_details/GroupListing.jsx | 37 +-
.../UserGroupRoleListing/role_details/RoleForm.jsx | 10 +-
.../role_details/RoleListing.jsx | 42 +-
.../users_details/UserListing.jsx | 60 +-
.../java/org/apache/ranger/biz/TestXUserMgr.java | 4 -
47 files changed, 2229 insertions(+), 2048 deletions(-)
diff --cc
agents-common/src/test/java/org/apache/ranger/plugin/util/ServiceDefUtilTest.java
index 147cdaf2b,03aebb220..36f0b6af6
---
a/agents-common/src/test/java/org/apache/ranger/plugin/util/ServiceDefUtilTest.java
+++
b/agents-common/src/test/java/org/apache/ranger/plugin/util/ServiceDefUtilTest.java
@@@ -274,131 -253,34 +274,159 @@@ public class ServiceDefUtilTest
}
@Test
+ public void testNormalizeAccessTypeDefs() throws Exception {
+ try (InputStream inStream =
this.getClass().getResourceAsStream("/test_servicedef-normalize.json")) {
+ InputStreamReader reader = new
InputStreamReader(inStream);
+ ServicePolicies policies =
gsonBuilder.fromJson(reader, ServicePolicies.class);
+
+ RangerAccessTypeDef serviceMarkerAll =
getAccessType(policies.getServiceDef().getMarkerAccessTypes(),
ACCESS_TYPE_MARKER_ALL);
+ RangerAccessTypeDef tagMarkerAll =
getAccessType(policies.getTagPolicies().getServiceDef().getMarkerAccessTypes(),
ACCESS_TYPE_MARKER_ALL);
+
+ assertNotEquals("accessType count",
policies.getServiceDef().getAccessTypes().size(),
policies.getTagPolicies().getServiceDef().getAccessTypes().size());
+ assertNotEquals("impliedGrants: _ALL", new
HashSet<>(serviceMarkerAll.getImpliedGrants()), new
HashSet<>(tagMarkerAll.getImpliedGrants()));
+ assertNotEquals("dataMask.accessType count",
policies.getServiceDef().getDataMaskDef().getAccessTypes().size(),
policies.getTagPolicies().getServiceDef().getDataMaskDef().getAccessTypes().size());
+ assertNotEquals("rowFilter.accessType count",
policies.getServiceDef().getRowFilterDef().getAccessTypes().size(),
policies.getTagPolicies().getServiceDef().getRowFilterDef().getAccessTypes().size());
+
+
ServiceDefUtil.normalizeAccessTypeDefs(policies.getTagPolicies().getServiceDef(),
policies.getServiceDef().getName());
+
+ serviceMarkerAll =
getAccessType(policies.getServiceDef().getMarkerAccessTypes(),
ACCESS_TYPE_MARKER_ALL);
+ tagMarkerAll =
getAccessType(policies.getTagPolicies().getServiceDef().getMarkerAccessTypes(),
ACCESS_TYPE_MARKER_ALL);
+
+ assertEquals("accessType count",
policies.getServiceDef().getAccessTypes().size(),
policies.getTagPolicies().getServiceDef().getAccessTypes().size());
+ assertEquals("impliedGrants: _ALL", new
HashSet<>(serviceMarkerAll.getImpliedGrants()), new
HashSet<>(tagMarkerAll.getImpliedGrants()));
+ assertEquals("dataMask.accessType count",
policies.getServiceDef().getDataMaskDef().getAccessTypes().size(),
policies.getTagPolicies().getServiceDef().getDataMaskDef().getAccessTypes().size());
+ assertEquals("rowFilter.accessType count", 0,
policies.getTagPolicies().getServiceDef().getRowFilterDef().getAccessTypes().size());
+ }
+ }
+
+ private RangerAccessTypeDef getAccessType(List<RangerAccessTypeDef>
accessTypeDefs, String accessType) {
+ RangerAccessTypeDef ret = null;
+
+ if (accessTypeDefs != null) {
+ for (RangerAccessTypeDef accessTypeDef :
accessTypeDefs) {
+ if (StringUtils.equals(accessTypeDef.getName(),
accessType)) {
+ ret = accessTypeDef;
+
+ break;
+ }
+ }
+ }
+
+ return ret;
+ }
+
+ @Test
+ public void testAccessTypeMarkers() {
+ RangerAccessTypeDef create = new RangerAccessTypeDef(1L,
"create", "create", null, null, AccessTypeCategory.CREATE);
+ RangerAccessTypeDef select = new RangerAccessTypeDef(2L,
"select", "select", null, null, AccessTypeCategory.READ);
+ RangerAccessTypeDef update = new RangerAccessTypeDef(3L,
"update", "update", null, null, AccessTypeCategory.UPDATE);
+ RangerAccessTypeDef delete = new RangerAccessTypeDef(4L,
"delete", "delete", null, null, AccessTypeCategory.DELETE);
+ RangerAccessTypeDef manage = new RangerAccessTypeDef(5L,
"manage", "manage", null, null, AccessTypeCategory.MANAGE);
+ RangerAccessTypeDef read = new RangerAccessTypeDef(6L,
"read", "read", null, null, AccessTypeCategory.READ);
+ RangerAccessTypeDef write = new RangerAccessTypeDef(7L,
"write", "write", null, null, AccessTypeCategory.UPDATE);
+ RangerAccessTypeDef execute = new RangerAccessTypeDef(8L,
"execute", "execute", null, null, null);
+ Set<String> allNames = toSet(create.getName(),
select.getName(), update.getName(), delete.getName(), manage.getName(),
read.getName(), write.getName(), execute.getName());
+
+ // 6 marker access-types should be populated with impliedGrants
+ List<RangerAccessTypeDef> accessTypeDefs =
Arrays.asList(create, select, update, delete, manage, read, write, execute);
+ List<RangerAccessTypeDef> markerTypeDefs =
ServiceDefUtil.getMarkerAccessTypes(accessTypeDefs);
+ assertEquals("markerTypeDefs count", 6, markerTypeDefs.size());
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_CREATE,
toSet(create.getName()), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_CREATE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_READ,
toSet(select.getName(), read.getName()), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_READ));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_UPDATE,
toSet(update.getName(), write.getName()), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_UPDATE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_DELETE,
toSet(delete.getName()), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_DELETE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_MANAGE,
toSet(manage.getName()), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_MANAGE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_ALL,
allNames, getImpliedGrants(markerTypeDefs, ACCESS_TYPE_MARKER_ALL));
+
+ // 2 marker access-types should be populated with
impliedGrants: _CREATE, _ALL
+ accessTypeDefs = new ArrayList<>(Collections.singleton(create));
+ markerTypeDefs =
ServiceDefUtil.getMarkerAccessTypes(accessTypeDefs);
+ assertEquals("markerTypeDefs count", 6, markerTypeDefs.size());
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_CREATE,
toSet(create.getName()), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_CREATE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_READ,
Collections.emptySet(), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_READ));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_UPDATE,
Collections.emptySet(), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_UPDATE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_DELETE,
Collections.emptySet(), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_DELETE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_MANAGE,
Collections.emptySet(), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_MANAGE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_ALL,
toSet(create.getName()), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_ALL));
+
+ // 2 marker access-types should be populated with
impliedGrants: _READ, _ALL
+ accessTypeDefs = new ArrayList<>(Arrays.asList(select, read));
+ markerTypeDefs =
ServiceDefUtil.getMarkerAccessTypes(accessTypeDefs);
+ assertEquals("markerTypeDefs count", 6, markerTypeDefs.size());
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_CREATE,
Collections.emptySet(), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_CREATE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_READ,
toSet(select.getName(), read.getName()), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_READ));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_UPDATE,
Collections.emptySet(), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_UPDATE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_DELETE,
Collections.emptySet(), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_DELETE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_MANAGE,
Collections.emptySet(), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_MANAGE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_ALL,
toSet(select.getName(), read.getName()), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_ALL));
+
+ // accessTypes with no category should be added to _ALL
+ accessTypeDefs = new
ArrayList<>(Collections.singleton(execute));
+ markerTypeDefs =
ServiceDefUtil.getMarkerAccessTypes(accessTypeDefs);
+ assertEquals("markerTypeDefs count", 6, markerTypeDefs.size());
// 1 marker access-types should be added: _ALL
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_CREATE,
Collections.emptySet(), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_CREATE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_READ,
Collections.emptySet(), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_READ));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_UPDATE,
Collections.emptySet(), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_UPDATE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_DELETE,
Collections.emptySet(), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_DELETE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_MANAGE,
Collections.emptySet(), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_MANAGE));
+ assertEquals("impliedGrants in " + ACCESS_TYPE_MARKER_ALL,
toSet(execute.getName()), getImpliedGrants(markerTypeDefs,
ACCESS_TYPE_MARKER_ALL));
+ }
+
+ private Set<String> getImpliedGrants(List<RangerAccessTypeDef>
accessTypeDefs, String accessType) {
+ Set<String> ret = null;
+
+ if (accessTypeDefs != null) {
+ for (RangerAccessTypeDef accessTypeDef :
accessTypeDefs) {
+ if (StringUtils.equals(accessTypeDef.getName(),
accessType)) {
+ ret = new
HashSet<>(accessTypeDef.getImpliedGrants());
+
+ break;
+ }
+ }
+ }
+
+ return ret;
+ }
+
+ private Set<String> toSet(String...values) {
+ Set<String> ret = new HashSet<>();
+
+ if (values != null) {
+ for (String value : values) {
+ ret.add(value);
+ }
+ }
+
+ return ret;
+ }
+ public void testPolicyItemDataMaskExprUserGroupRef() {
+ for (String attrExpr : UGA_ATTR_EXPRESSIONS) {
+ String filterExpr = "${{" + attrExpr + "}}";
+ ServicePolicies svcPolicies = getServicePolicies();
+ RangerPolicy policy = getPolicy(svcPolicies);
+
+
policy.getDataMaskPolicyItems().get(0).setDataMaskInfo(new
RangerPolicyItemDataMaskInfo("CUSTOM", "", "CASE WHEN dept in (" + filterExpr +
")THEN {col} ELSE '0' END"));
+
+ svcPolicies.getPolicies().add(policy);
+ assertTrue("policy data-mask refers to user/group
attribute: " + filterExpr,
ServiceDefUtil.addUserStoreEnricherIfNeeded(svcPolicies,
RangerAdminUserStoreRetriever.class.getCanonicalName(), "60000"));
+
+
svcPolicies.getServiceDef().getContextEnrichers().clear();
+ svcPolicies.getPolicies().clear();
+ svcPolicies.getPolicyDeltas().add(new
RangerPolicyDelta(1L, RangerPolicyDelta.CHANGE_TYPE_POLICY_CREATE, 1L,
policy));
+ assertTrue("policy-delta data-mask refers to user/group
attribute: " + filterExpr,
ServiceDefUtil.addUserStoreEnricherIfNeeded(svcPolicies,
RangerAdminUserStoreRetriever.class.getCanonicalName(), "60000"));
+
+
svcPolicies.getServiceDef().getContextEnrichers().clear();
+ svcPolicies.getPolicyDeltas().clear();
+ svcPolicies.getSecurityZones().put("zone1",
getSecurityZoneInfo("zone1"));
+
svcPolicies.getSecurityZones().get("zone1").getPolicies().add(policy);
+ assertTrue("zone-policy data-mask refers to user/group
attribute: " + filterExpr,
ServiceDefUtil.addUserStoreEnricherIfNeeded(svcPolicies,
RangerAdminUserStoreRetriever.class.getCanonicalName(), "60000"));
+
+
svcPolicies.getServiceDef().getContextEnrichers().clear();
+
svcPolicies.getSecurityZones().get("zone1").getPolicies().clear();
+
svcPolicies.getSecurityZones().get("zone1").getPolicyDeltas().add(new
RangerPolicyDelta(1L, RangerPolicyDelta.CHANGE_TYPE_POLICY_CREATE, 1L,
policy));
+ assertTrue("zone-policy-delta data-mask refers to
user/group attribute: " + filterExpr,
ServiceDefUtil.addUserStoreEnricherIfNeeded(svcPolicies,
RangerAdminUserStoreRetriever.class.getCanonicalName(), "60000"));
+ }
+ }
private ServicePolicies getServicePolicies() {
ServicePolicies ret = new ServicePolicies();
