Repository: incubator-ranger Updated Branches: refs/heads/master c7727f571 -> 80c289370
RANGER-407: Policy Creation should set both Delegate Admin and Admin permission for Hbase when Admin Permission is true during policy creation Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/80c28937 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/80c28937 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/80c28937 Branch: refs/heads/master Commit: 80c28937043f5b7a5ca26c9d168fb07a7c0ea5df Parents: c7727f5 Author: rmani <[email protected]> Authored: Fri Apr 17 20:24:26 2015 -0700 Committer: rmani <[email protected]> Committed: Fri Apr 17 20:24:26 2015 -0700 ---------------------------------------------------------------------- .../org/apache/ranger/common/ServiceUtil.java | 81 ++++++++++++++------ 1 file changed, 56 insertions(+), 25 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/80c28937/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java index e883e1d..3c48e4c 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java @@ -68,6 +68,7 @@ public class ServiceUtil { static Map<String, Integer> mapAccessTypeToPermType = new HashMap<String, Integer>(); static String version; static String uniqueKeySeparator; + static int assetType; @Autowired JSONUtil jsonUtil; @@ -90,22 +91,22 @@ public class ServiceUtil { mapAccessTypeToPermType.put("Unknown", 0); mapAccessTypeToPermType.put("Reset", 1); - mapAccessTypeToPermType.put("Read", 2); - mapAccessTypeToPermType.put("Write", 3); - mapAccessTypeToPermType.put("Create", 4); - mapAccessTypeToPermType.put("Delete", 5); - mapAccessTypeToPermType.put("Admin", 6); + mapAccessTypeToPermType.put("read", 2); + mapAccessTypeToPermType.put("write", 3); + mapAccessTypeToPermType.put("create", 4); + mapAccessTypeToPermType.put("delete", 5); + mapAccessTypeToPermType.put("admin", 6); mapAccessTypeToPermType.put("Obfuscate", 7); mapAccessTypeToPermType.put("Mask", 8); - mapAccessTypeToPermType.put("Execute", 9); - mapAccessTypeToPermType.put("Select", 10); - mapAccessTypeToPermType.put("Update", 11); - mapAccessTypeToPermType.put("Drop", 12); - mapAccessTypeToPermType.put("Alter", 13); - mapAccessTypeToPermType.put("Index", 14); - mapAccessTypeToPermType.put("Lock", 15); - mapAccessTypeToPermType.put("All", 16); - mapAccessTypeToPermType.put("Allow", 17); + mapAccessTypeToPermType.put("execute", 9); + mapAccessTypeToPermType.put("select", 10); + mapAccessTypeToPermType.put("update", 11); + mapAccessTypeToPermType.put("drop", 12); + mapAccessTypeToPermType.put("alter", 13); + mapAccessTypeToPermType.put("index", 14); + mapAccessTypeToPermType.put("lock", 15); + mapAccessTypeToPermType.put("all", 16); + mapAccessTypeToPermType.put("allow", 17); mapAccessTypeToPermType.put("submitTopology", 18); mapAccessTypeToPermType.put("fileUpload", 19); mapAccessTypeToPermType.put("getNimbusConf", 20); @@ -218,6 +219,8 @@ public class ServiceUtil { } } + assetType = getAssetType(service,ret.getService()); + for (Entry<String, List<VXPermMap>> entry : sortedPermMap.entrySet()) { List<String> userList = new ArrayList<String>(); List<String> groupList = new ArrayList<String>(); @@ -245,6 +248,9 @@ public class ServiceUtil { if(StringUtils.equalsIgnoreCase(accessType, "Admin")) { policyItem.setDelegateAdmin(Boolean.TRUE); + if ( assetType == RangerCommonEnums.ASSET_HBASE) { + accessList.add(new RangerPolicyItemAccess(accessType)); + } } else { accessList.add(new RangerPolicyItemAccess(accessType)); } @@ -368,12 +374,15 @@ public class ServiceUtil { } public static Integer toAssetType(String serviceType) { - - if(serviceType == null) { - return null; + Integer ret = null; + + if(serviceType != null) { + ret = mapServiceTypeToAssetType.get(serviceType.toLowerCase()); + } + + if(ret == null) { + ret = new Integer(-1); } - - Integer ret = mapServiceTypeToAssetType.get(serviceType.toLowerCase()); return ret; } @@ -1026,7 +1035,8 @@ public class ServiceUtil { if (vXPolicy.getServices() != null) { toRangerResourceList(vXPolicy.getServices(), "service", Boolean.FALSE, isRecursive, ret.getResources()); } - + + assetType = getAssetType(service,ret.getService()); if ( vXPolicy.getPermMapList() != null) { List<VXPermObj> vXPermObjList = vXPolicy.getPermMapList(); @@ -1059,7 +1069,9 @@ public class ServiceUtil { if ( AppConstants.getEnumFor_XAPermType(perm) != 0 ) { if (perm.equalsIgnoreCase("Admin")) { delegatedAdmin=true; - continue; + if ( assetType != RangerCommonEnums.ASSET_HBASE) { + continue; + } } accessList.add(new RangerPolicyItemAccess(perm)); } @@ -1181,9 +1193,9 @@ public class ServiceUtil { ret.setReplaceExistingPermissions(toBooleanReplacePerm(vXPolicy.isReplacePerm())); - int assertType = toAssetType(serviceType); + int assetType = toAssetType(serviceType); - if (assertType == RangerCommonEnums.ASSET_HIVE) { + if (assetType == RangerCommonEnums.ASSET_HIVE) { String database = StringUtils.isEmpty(vXPolicy.getDatabases()) ? "*" : vXPolicy.getDatabases(); String table = getTableOrUdf(vXPolicy); @@ -1195,7 +1207,7 @@ public class ServiceUtil { mapResource.put("column", column); ret.setResource(mapResource); } - else if ( assertType == RangerCommonEnums.ASSET_HBASE) { + else if ( assetType == RangerCommonEnums.ASSET_HBASE) { String tableName = vXPolicy.getTables(); tableName = StringUtil.isEmpty(tableName) ? "*" : tableName; @@ -1241,7 +1253,9 @@ public class ServiceUtil { if ( AppConstants.getEnumFor_XAPermType(perm) != 0 ) { if (perm.equalsIgnoreCase("Admin")) { delegatedAdmin=true; - continue; + if ( assetType != RangerCommonEnums.ASSET_HBASE) { + continue; + } } ret.getAccessTypes().add(perm); } @@ -1378,5 +1392,22 @@ public class ServiceUtil { } return ret; } + + private Integer getAssetType(RangerService service, String serviceName) { + if(service == null || StringUtils.isEmpty(service.getType())) { + try { + service = svcStore.getServiceByName(serviceName); + } catch (Exception e) { + LOG.info( HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName:" + serviceName ); + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, e.getMessage() + serviceName, true); + } + } + + String serviceType = service != null ? service.getType() : null; + + Integer assetType = toAssetType(serviceType); + + return assetType; + } }
