RANGER-417 : Add support for KMS UI in Ranger Admin Signed-off-by: Velmurugan Periasamy <[email protected]>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2f8bcd23 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2f8bcd23 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2f8bcd23 Branch: refs/heads/master Commit: 2f8bcd23477a651cc4d70467045765109286b8fa Parents: 94bf590 Author: Gautam Borad <[email protected]> Authored: Wed Apr 22 18:37:06 2015 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Wed Apr 22 10:45:46 2015 -0400 ---------------------------------------------------------------------- .../ranger/plugin/util/KeySearchFilter.java | 116 +++++++ kms/config/kms-webapp/dbks-site.xml | 2 +- .../db/postgres/kms_core_db_postgres.sql | 12 +- kms/scripts/install.properties | 2 +- kms/scripts/setup.sh | 12 + .../crypto/key/RangerKeyStoreProvider.java | 6 - .../hadoop/crypto/key/kms/server/KMSACLs.java | 12 +- .../hadoop/crypto/key/kms/server/KMSWebApp.java | 13 +- .../kms/server/KeyAuthorizationKeyProvider.java | 4 +- .../apache/ranger/entity/XXRangerKeyStore.java | 4 +- .../apache/ranger/entity/XXRangerMasterKey.java | 4 +- .../kms/authorizer/RangerKmsAuthorizer.java | 15 +- .../ranger/services/kms/client/KMSClient.java | 156 ++++----- .../services/kms/client/KMSResourceMgr.java | 27 +- .../java/org/apache/ranger/biz/KmsKeyMgr.java | 317 +++++++++++++++++ .../org/apache/ranger/common/AppConstants.java | 6 +- .../java/org/apache/ranger/rest/XKeyREST.java | 169 +++++++++ .../java/org/apache/ranger/view/VXKmsKey.java | 239 +++++++++++++ .../org/apache/ranger/view/VXKmsKeyList.java | 84 +++++ .../collection_bases/VXKmsKeyListBase.js | 68 ++++ .../webapp/scripts/collections/VXKmsKeyList.js | 36 ++ .../webapp/scripts/controllers/Controller.js | 37 ++ .../webapp/scripts/model_bases/VXKmsKeyBase.js | 103 ++++++ .../src/main/webapp/scripts/models/VXKmsKey.js | 54 +++ .../src/main/webapp/scripts/modules/XALinks.js | 34 +- .../scripts/modules/globalize/message/en.js | 17 +- .../src/main/webapp/scripts/routers/Router.js | 12 +- .../src/main/webapp/scripts/utils/XAGlobals.js | 12 +- .../webapp/scripts/views/kms/KMSTableLayout.js | 345 +++++++++++++++++++ .../webapp/scripts/views/kms/KmsKeyCreate.js | 186 ++++++++++ .../main/webapp/scripts/views/kms/KmsKeyForm.js | 107 ++++++ .../webapp/templates/common/TopNav_tmpl.html | 12 +- .../webapp/templates/kms/KmsKeyCreate_tmpl.html | 30 ++ .../webapp/templates/kms/KmsKeyForm_tmpl.html | 19 + .../templates/kms/KmsTableLayout_tmpl.html | 46 +++ 35 files changed, 2139 insertions(+), 179 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/agents-common/src/main/java/org/apache/ranger/plugin/util/KeySearchFilter.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/KeySearchFilter.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/KeySearchFilter.java new file mode 100644 index 0000000..f28a46b --- /dev/null +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/KeySearchFilter.java @@ -0,0 +1,116 @@ +package org.apache.ranger.plugin.util; + +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +import org.apache.commons.collections.MapUtils; +import org.apache.commons.lang.StringUtils; + +public class KeySearchFilter { + public static final String KEY_NAME = "name";// search, sort + + public static final String START_INDEX = "startIndex"; + public static final String PAGE_SIZE = "pageSize"; + public static final String SORT_BY = "sortBy"; + + private Map<String, String> params = null; + private int startIndex = 0; + private int maxRows = Integer.MAX_VALUE; + private boolean getCount = true; + private String sortBy = null; + private String sortType = null; + + public KeySearchFilter() { + this(null); + } + + public KeySearchFilter(String name, String value) { + setParam(name, value); + } + + public KeySearchFilter(Map<String, String> values) { + setParams(values); + } + + public Map<String, String> getParams() { + return params; + } + + public void setParams(Map<String, String> params) { + this.params = params; + } + + public String getParam(String name) { + return params == null ? null : params.get(name); + } + + public void setParam(String name, String value) { + if(StringUtils.isEmpty(name) || StringUtils.isEmpty(value)) { + return; + } + + if(params == null) { + params = new HashMap<String, String>(); + } + + params.put(name, value); + } + public boolean isEmpty() { + return MapUtils.isEmpty(params); + } + + public int getStartIndex() { + return startIndex; + } + + public void setStartIndex(int startIndex) { + this.startIndex = startIndex; + } + + public int getMaxRows() { + return maxRows; + } + + public void setMaxRows(int maxRows) { + this.maxRows = maxRows; + } + + public boolean isGetCount() { + return getCount; + } + + public void setGetCount(boolean getCount) { + this.getCount = getCount; + } + + public String getSortBy() { + return sortBy; + } + + public void setSortBy(String sortBy) { + this.sortBy = sortBy; + } + + public String getSortType() { + return sortType; + } + + public void setSortType(String sortType) { + this.sortType = sortType; + } + + @Override + public boolean equals(Object object) { + if (object == null || !(object instanceof KeySearchFilter)) { + return false; + } + KeySearchFilter that = (KeySearchFilter)object; + return Objects.equals(params, that.params); + } + + @Override + public int hashCode() { + return Objects.hash(params); + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/config/kms-webapp/dbks-site.xml ---------------------------------------------------------------------- diff --git a/kms/config/kms-webapp/dbks-site.xml b/kms/config/kms-webapp/dbks-site.xml old mode 100644 new mode 100755 index f29f0e4..734d537 --- a/kms/config/kms-webapp/dbks-site.xml +++ b/kms/config/kms-webapp/dbks-site.xml @@ -44,7 +44,7 @@ <name>ranger.ks.jpa.jdbc.url</name> <value>jdbc:log4jdbc:mysql://localhost:3306/rangerkms</value> <description> - ULR for Database + URL for Database </description> </property> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/scripts/db/postgres/kms_core_db_postgres.sql ---------------------------------------------------------------------- diff --git a/kms/scripts/db/postgres/kms_core_db_postgres.sql b/kms/scripts/db/postgres/kms_core_db_postgres.sql old mode 100644 new mode 100755 index 829ab84..19c8369 --- a/kms/scripts/db/postgres/kms_core_db_postgres.sql +++ b/kms/scripts/db/postgres/kms_core_db_postgres.sql @@ -1,8 +1,8 @@ DROP TABLE IF EXISTS ranger_masterkey CASCADE; -DROP SEQUENCE IF EXISTS ranger_masterkey_seq; -CREATE SEQUENCE ranger_masterkey_seq; +DROP SEQUENCE IF EXISTS RANGER_MASTERKEY_SEQ; +CREATE SEQUENCE RANGER_MASTERKEY_SEQ; CREATE TABLE ranger_masterkey( -id BIGINT DEFAULT nextval('ranger_masterkey_seq'::regclass), +id BIGINT DEFAULT nextval('RANGER_MASTERKEY_SEQ'::regclass), create_time TIMESTAMP DEFAULT NULL NULL, update_time TIMESTAMP DEFAULT NULL NULL, added_by_id BIGINT DEFAULT NULL NULL, @@ -14,10 +14,10 @@ PRIMARY KEY (id) ); DROP TABLE IF EXISTS ranger_keystore CASCADE; -DROP SEQUENCE IF EXISTS ranger_keystore_seq; -CREATE SEQUENCE ranger_keystore_seq; +DROP SEQUENCE IF EXISTS RANGER_KEYSTORE_SEQ; +CREATE SEQUENCE RANGER_KEYSTORE_SEQ; CREATE TABLE ranger_keystore( -id BIGINT DEFAULT nextval('ranger_keystore_seq'::regclass), +id BIGINT DEFAULT nextval('RANGER_KEYSTORE_SEQ'::regclass), create_time TIMESTAMP DEFAULT NULL NULL, update_time TIMESTAMP DEFAULT NULL NULL, added_by_id BIGINT DEFAULT NULL NULL, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/scripts/install.properties ---------------------------------------------------------------------- diff --git a/kms/scripts/install.properties b/kms/scripts/install.properties index 1a77976..b54f30f 100644 --- a/kms/scripts/install.properties +++ b/kms/scripts/install.properties @@ -92,7 +92,7 @@ POLICY_MGR_URL= # Example: # REPOSITORY_NAME=kmsdev # -REPOSITORY_NAME=kms +REPOSITORY_NAME=kmsdev # # AUDIT DB Configuration http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/kms/scripts/setup.sh b/kms/scripts/setup.sh old mode 100644 new mode 100755 index 295a71d..a3680b7 --- a/kms/scripts/setup.sh +++ b/kms/scripts/setup.sh @@ -390,6 +390,14 @@ update_properties() { propertyName=ranger.ks.jpa.jdbc.password newPropertyValue="_" updatePropertyToFilePy $propertyName $newPropertyValue $to_file + + propertyName=ranger.ks.masterkey.credential.alias + newPropertyValue="${MK_CREDENTIAL_ALIAS}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file + + propertyName=ranger.db.encrypt.key.password + newPropertyValue="_" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file else propertyName="${DB_CREDENTIAL_ATTR}" newPropertyValue="${db_password}" @@ -416,6 +424,10 @@ update_properties() { updatePropertyToFilePy $propertyName $newPropertyValue $to_file fi + propertyName=hadoop.kms.blacklist.CREATE + newPropertyValue="BlacklistUser" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file + ########### } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java index a0a082f..db0dc38 100755 --- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java @@ -77,7 +77,6 @@ public class RangerKeyStoreProvider extends KeyProvider{ RangerMasterKey rangerMasterKey = new RangerMasterKey(daoManager); dbStore = new RangerKeyStore(daoManager); String password = conf.get(ENCRYPTION_KEY); - // System.out.println("RKSP Password = "+password); if(password == null || password.trim().equals("") || password.trim().equals("_") || password.trim().equals("crypted")){ throw new IOException("Master Key Jceks does not exists"); } @@ -318,18 +317,13 @@ public class RangerKeyStoreProvider extends KeyProvider{ private void getFromJceks(Configuration conf, String path, String alias, String key){ //update credential from keystore - // System.out.println("getFromJCEKS path = "+path+" alias = "+alias+" key = "+key); if(conf!=null){ String pathValue=conf.get(path); - // System.out.println("path Value = "+pathValue); String aliasValue=conf.get(alias); - // System.out.println("alias Value = "+aliasValue); if(pathValue!=null && aliasValue!=null){ String xaDBPassword=CredentialReader.getDecryptedString(pathValue.trim(),aliasValue.trim()); - // System.out.println("xaDBPassword = "+xaDBPassword); if(xaDBPassword!=null&& !xaDBPassword.trim().isEmpty() && !xaDBPassword.trim().equalsIgnoreCase("none")){ - // System.out.println("inside key = "+key+" xaDBaswword "+xaDBPassword); conf.set(key, xaDBPassword); }else{ logger.info("Credential keystore password not applied for KMS; clear text password shall be applicable"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java old mode 100644 new mode 100755 index f2298c0..92d3470 --- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java @@ -160,6 +160,7 @@ public class KMSACLs implements Runnable, KeyACLs { } } + @Override public synchronized void startReloader() { if (executorService == null) { executorService = Executors.newScheduledThreadPool(1); @@ -168,6 +169,7 @@ public class KMSACLs implements Runnable, KeyACLs { } } + @Override public synchronized void stopReloader() { if (executorService != null) { executorService.shutdownNow(); @@ -240,14 +242,4 @@ public class KMSACLs implements Runnable, KeyACLs { public boolean isACLPresent(String keyName, KeyOpType opType) { return (keyAcls.containsKey(keyName) || defaultKeyAcls.containsKey(opType)); } - - @Override - public void startACLReloader() { - this.startReloader(); - } - - @Override - public void stopACLReloader() { - this.stopReloader(); - } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java old mode 100644 new mode 100755 index 67b9f88..403c310 --- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java @@ -132,9 +132,7 @@ public class KMSWebApp implements ServletContextListener { kmsAcls = getAcls(kmsConf.get(KMSConfiguration.KMS_SECURITY_AUTHORIZER)); - - //kmsAcls = new KMSACLs(); - kmsAcls.startACLReloader(); + kmsAcls.startReloader(); metricRegistry = new MetricRegistry(); jmxReporter = JmxReporter.forRegistry(metricRegistry).build(); @@ -225,6 +223,7 @@ public class KMSWebApp implements ServletContextListener { } } + @SuppressWarnings("unchecked") private KeyACLs getAcls(String clsStr) throws IOException { KeyACLs keyAcl = null; try { @@ -232,13 +231,9 @@ public class KMSWebApp implements ServletContextListener { if (clsStr == null || clsStr.trim().equals("")) { cls = KMSACLs.class; } else { - //Class<?> configClass = Class.forName(clsStr, true, JavaUtils.getClassLoader()); Class<?> configClass = Class.forName(clsStr); - //Class<?> configClass = Class.forName(clsStr, true, JavaUtils.getClassLoader()); if(!KeyACLs.class.isAssignableFrom(configClass) ){ - //if it's not of type KeyACLs - //we can have default also "cls = KMSACLs.class;" - return null; + throw new RuntimeException(clsStr+" should implement KeyACLs"); } cls = (Class<? extends KeyACLs>)configClass; } @@ -254,7 +249,7 @@ public class KMSWebApp implements ServletContextListener { @Override public void contextDestroyed(ServletContextEvent sce) { kmsAudit.shutdown(); - kmsAcls.stopACLReloader(); + kmsAcls.stopReloader(); jmxReporter.stop(); jmxReporter.close(); metricRegistry = null; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java old mode 100644 new mode 100755 index 5099daf..1e43dac --- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java @@ -82,9 +82,9 @@ public class KeyAuthorizationKeyProvider extends KeyProviderCryptoExtension { */ public boolean isACLPresent(String aclName, KeyOpType opType); - public void startACLReloader(); + public void startReloader(); - public void stopACLReloader(); + public void stopReloader(); public boolean hasAccess(KMSACLsType.Type aclType, UserGroupInformation ugi); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/src/main/java/org/apache/ranger/entity/XXRangerKeyStore.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/ranger/entity/XXRangerKeyStore.java b/kms/src/main/java/org/apache/ranger/entity/XXRangerKeyStore.java old mode 100644 new mode 100755 index f29341a..9bc53c2 --- a/kms/src/main/java/org/apache/ranger/entity/XXRangerKeyStore.java +++ b/kms/src/main/java/org/apache/ranger/entity/XXRangerKeyStore.java @@ -34,8 +34,8 @@ public class XXRangerKeyStore extends XXDBBase implements java.io.Serializable { private static final long serialVersionUID = 1L; @Id - @SequenceGenerator(name="kmskeys",sequenceName="kmskeys",allocationSize=1) - @GeneratedValue(strategy=GenerationType.AUTO,generator="kmskeys") + @SequenceGenerator(name="RANGER_KEYSTORE_SEQ",sequenceName="RANGER_KEYSTORE_SEQ",allocationSize=1) + @GeneratedValue(strategy=GenerationType.AUTO,generator="RANGER_KEYSTORE_SEQ") @Column(name="ID") protected Long id; @Override http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/kms/src/main/java/org/apache/ranger/entity/XXRangerMasterKey.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/ranger/entity/XXRangerMasterKey.java b/kms/src/main/java/org/apache/ranger/entity/XXRangerMasterKey.java old mode 100644 new mode 100755 index 6c1c119..c6c9703 --- a/kms/src/main/java/org/apache/ranger/entity/XXRangerMasterKey.java +++ b/kms/src/main/java/org/apache/ranger/entity/XXRangerMasterKey.java @@ -34,8 +34,8 @@ public class XXRangerMasterKey extends XXDBBase implements java.io.Serializable private static final long serialVersionUID = 1L; @Id - @SequenceGenerator(name="rangermasterkey",sequenceName="rangermasterkey",allocationSize=1) - @GeneratedValue(strategy=GenerationType.AUTO,generator="rangermasterkey") + @SequenceGenerator(name="RANGER_MASTERKEY_SEQ",sequenceName="RANGER_MASTERKEY_SEQ",allocationSize=1) + @GeneratedValue(strategy=GenerationType.AUTO,generator="RANGER_MASTERKEY_SEQ") @Column(name="ID") protected Long id; @Override http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java ---------------------------------------------------------------------- diff --git a/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java b/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java index 96fcf31..d945201 100755 --- a/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java +++ b/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java @@ -113,6 +113,7 @@ public class RangerKmsAuthorizer implements Runnable, KeyACLs { return conf; } + @Override public synchronized void startReloader() { if (executorService == null) { executorService = Executors.newScheduledThreadPool(1); @@ -120,7 +121,7 @@ public class RangerKmsAuthorizer implements Runnable, KeyACLs { RELOADER_SLEEP_MILLIS, TimeUnit.MILLISECONDS); } } - + @Override public synchronized void stopReloader() { if (executorService != null) { executorService.shutdownNow(); @@ -194,17 +195,7 @@ public class RangerKmsAuthorizer implements Runnable, KeyACLs { return true; } - @Override - public void startACLReloader() { - this.startReloader(); - } - - @Override - public void stopACLReloader() { - this.stopReloader(); - } - - public void init(Configuration conf) { + public void init(Configuration conf) { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerKmsAuthorizer.init()"); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java ---------------------------------------------------------------------- diff --git a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java index c956914..6c69196 100755 --- a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java +++ b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java @@ -25,12 +25,12 @@ import java.util.List; import java.util.Map; import java.util.concurrent.Callable; import java.util.concurrent.TimeUnit; +import java.util.regex.Pattern; import org.apache.log4j.Logger; import org.apache.ranger.plugin.client.BaseClient; import org.apache.ranger.plugin.client.HadoopException; import org.apache.ranger.services.kms.client.KMSClient; -import org.apache.ranger.services.kms.client.json.model.KMSSchedulerResponse; import com.google.gson.Gson; import com.google.gson.GsonBuilder; @@ -44,45 +44,42 @@ public class KMSClient { private static final String EXPECTED_MIME_TYPE = "application/json"; - private static final String KMS_LIST_API_ENDPOINT = "/ws/v1/cluster/scheduler" ; + private static final String KMS_LIST_API_ENDPOINT = "v1/keys/names?user.name=${userName}"; //GET private static final String errMessage = " You can still save the repository and start creating " + "policies, but you would not be able to use autocomplete for " + "resource names. Check xa_portal.log for more info."; - - String kmsQUrl; - String userName; + String provider; + String username; String password; - public KMSClient(String kmsQueueUrl, String kmsUserName, String kmsPassWord) { - - this.kmsQUrl = kmsQueueUrl; - this.userName = kmsUserName ; - this.password = kmsPassWord; + public KMSClient(String provider, String username, String password) { + provider = provider.replaceAll("kms://",""); + provider = provider.replaceAll("http@","http://";); + this.provider = provider; + this.username = username ; + this.password = password; if (LOG.isDebugEnabled()) { - LOG.debug("Kms Client is build with url [" + kmsQueueUrl + "] user: [" + kmsPassWord + "], password: [" + "" + "]"); - } - + LOG.debug("Kms Client is build with url [" + provider + "] user: [" + username + "]"); + } } - public List<String> getQueueList(final String queueNameMatching, final List<String> existingQueueList) { + public List<String> getKeyList(final String keyNameMatching, final List<String> existingKeyList) { if (LOG.isDebugEnabled()) { - LOG.debug("Getting Kms queue list for queueNameMatching : " + queueNameMatching); + LOG.debug("Getting Kms Key list for keyNameMatching : " + keyNameMatching); } - final String errMsg = errMessage; - - List<String> ret = new ArrayList<String>(); + final String errMsg = errMessage; - Callable<List<String>> kmsQueueListGetter = new Callable<List<String>>() { + Callable<List<String>> kmsKeyListGetter = new Callable<List<String>>() { @Override public List<String> call() { - List<String> lret = new ArrayList<String>(); - - String url = kmsQUrl + KMS_LIST_API_ENDPOINT ; + List<String> lret = new ArrayList<String>(); + String keyLists = KMS_LIST_API_ENDPOINT.replaceAll(Pattern.quote("${userName}"), username); + String uri = provider + (provider.endsWith("/") ? keyLists : ("/" + keyLists)); Client client = null ; ClientResponse response = null ; @@ -90,70 +87,65 @@ public class KMSClient { try { client = Client.create() ; - WebResource webResource = client.resource(url); + WebResource webResource = client.resource(uri); - response = webResource.accept(EXPECTED_MIME_TYPE) - .get(ClientResponse.class); + response = webResource.accept(EXPECTED_MIME_TYPE).get(ClientResponse.class); if (LOG.isDebugEnabled()) { - LOG.debug("getQueueList():calling " + url); + LOG.debug("getKeyList():calling " + uri); } if (response != null) { if (LOG.isDebugEnabled()) { - LOG.debug("getQueueList():response.getStatus()= " + response.getStatus()); + LOG.debug("getKeyList():response.getStatus()= " + response.getStatus()); } if (response.getStatus() == 200) { String jsonString = response.getEntity(String.class); Gson gson = new GsonBuilder().setPrettyPrinting().create(); - KMSSchedulerResponse kmsQResponse = gson.fromJson(jsonString, KMSSchedulerResponse.class); - if (kmsQResponse != null) { - List<String> kmsQueueList = kmsQResponse.getQueueNames(); - if (kmsQueueList != null) { - for ( String kmsQueueName : kmsQueueList) { - if ( existingQueueList != null && existingQueueList.contains(kmsQueueName)) { + @SuppressWarnings("unchecked") + List<String> keys = gson.fromJson(jsonString, List.class) ; + if (keys != null) { + for ( String key : keys) { + if ( existingKeyList != null && existingKeyList.contains(key)) { continue; } - if (queueNameMatching == null || queueNameMatching.isEmpty() - || kmsQueueName.startsWith(queueNameMatching)) { + if (keyNameMatching == null || keyNameMatching.isEmpty() || key.startsWith(keyNameMatching)) { if (LOG.isDebugEnabled()) { - LOG.debug("getQueueList():Adding kmsQueue " + kmsQueueName); + LOG.debug("getKeyList():Adding kmsKey " + key); } - lret.add(kmsQueueName) ; + lret.add(key) ; } - } } - } - } else{ - LOG.info("getQueueList():response.getStatus()= " + response.getStatus() + " for URL " + url + ", so returning null list"); - String jsonString = response.getEntity(String.class); - LOG.info(jsonString); - lret = null; + } + }else if (response.getStatus() == 401) { + LOG.info("getKeyList():response.getStatus()= " + response.getStatus() + " for URL " + uri + ", so returning null list"); + return lret; + }else if (response.getStatus() == 403) { + LOG.info("getKeyList():response.getStatus()= " + response.getStatus() + " for URL " + uri + ", so returning null list"); + return lret; + }else { + LOG.info("getKeyList():response.getStatus()= " + response.getStatus() + " for URL " + uri + ", so returning null list"); + String jsonString = response.getEntity(String.class); + LOG.info(jsonString); + lret = null; } - } else { + }else { String msgDesc = "Unable to get a valid response for " + "expected mime type : [" + EXPECTED_MIME_TYPE - + "] URL : " + url + " - got null response."; + + "] URL : " + uri + " - got null response."; LOG.error(msgDesc); HadoopException hdpException = new HadoopException(msgDesc); - hdpException.generateResponseDataMap(false, msgDesc, - msgDesc + errMsg, null, null); + hdpException.generateResponseDataMap(false, msgDesc, msgDesc + errMsg, null, null); throw hdpException; } } catch (HadoopException he) { throw he; - } catch (Throwable t) { - String msgDesc = "Exception while getting Kms Queue List." - + " URL : " + url; - HadoopException hdpException = new HadoopException(msgDesc, - t); + }catch (Throwable t) { + String msgDesc = "Exception while getting Kms Key List. URL : " + uri; + HadoopException hdpException = new HadoopException(msgDesc, t); LOG.error(msgDesc, t); - - hdpException.generateResponseDataMap(false, - BaseClient.getMessage(t), msgDesc + errMsg, null, - null); - throw hdpException; - + hdpException.generateResponseDataMap(false, BaseClient.getMessage(t), msgDesc + errMsg, null, null); + throw hdpException; } finally { if (response != null) { response.close(); @@ -161,34 +153,24 @@ public class KMSClient { if (client != null) { client.destroy(); - } - + } } return lret ; } } ; - - try { - ret = timedTask(kmsQueueListGetter, 5, TimeUnit.SECONDS); - } catch ( Exception e) { - LOG.error("Unable to get Kms Queue list from [" + kmsQUrl + "]", e) ; - } - - return ret; + return null; } - public static HashMap<String, Object> testConnection(String serviceName, - Map<String, String> configs) { + public static HashMap<String, Object> testConnection(String serviceName, Map<String, String> configs) { List<String> strList = new ArrayList<String>(); String errMsg = errMessage; boolean connectivityStatus = false; HashMap<String, Object> responseData = new HashMap<String, Object>(); - KMSClient kmsClient = getKmsClient(serviceName, - configs); - strList = getKmsResource(kmsClient, "",null); - + KMSClient kmsClient = getKmsClient(serviceName, configs); + strList = getKmsKey(kmsClient, "", null); + if (strList != null) { connectivityStatus = true; } @@ -198,7 +180,7 @@ public class KMSClient { BaseClient.generateResponseDataMap(connectivityStatus, successMsg, successMsg, null, null, responseData); } else { - String failureMsg = "Unable to retrieve any Kms Queues using given parameters."; + String failureMsg = "Unable to retrieve any Kms Key using given parameters."; BaseClient.generateResponseDataMap(connectivityStatus, failureMsg, failureMsg + errMsg, null, null, responseData); } @@ -232,15 +214,14 @@ public class KMSClient { return kmsClient; } - public static List<String> getKmsResource (final KMSClient kmsClient, - String yanrQname, List<String> existingQueueName) { + public static List<String> getKmsKey (final KMSClient kmsClient, String keyName, List<String> existingKeyName) { List<String> resultList = new ArrayList<String>(); String errMsg = errMessage; try { if (kmsClient == null) { - String msgDesc = "Unable to get Kms Queue : KmsClient is null."; + String msgDesc = "Unable to get Kms Key : KmsClient is null."; LOG.error(msgDesc); HadoopException hdpException = new HadoopException(msgDesc); hdpException.generateResponseDataMap(false, msgDesc, msgDesc @@ -248,26 +229,22 @@ public class KMSClient { throw hdpException; } - if (yanrQname != null) { - String finalkmsQueueName = (yanrQname == null) ? "" - : yanrQname.trim(); - resultList = kmsClient - .getQueueList(finalkmsQueueName,existingQueueName); + if (keyName != null) { + String finalkmsKeyName = (keyName == null) ? "": keyName.trim(); + resultList = kmsClient.getKeyList(finalkmsKeyName,existingKeyName); if (resultList != null) { if (LOG.isDebugEnabled()) { - LOG.debug("Returning list of " + resultList.size() + " Kms Queues"); + LOG.debug("Returning list of " + resultList.size() + " Kms Keys"); } } } } catch (HadoopException he) { throw he; } catch (Exception e) { - String msgDesc = "getKmsResource: Unable to get Kms resources."; + String msgDesc = "Unable to get a valid response from the provider"; LOG.error(msgDesc, e); HadoopException hdpException = new HadoopException(msgDesc); - - hdpException.generateResponseDataMap(false, - BaseClient.getMessage(e), msgDesc + errMsg, null, null); + hdpException.generateResponseDataMap(false, msgDesc, msgDesc + errMsg, null, null); throw hdpException; } return resultList; @@ -277,5 +254,4 @@ public class KMSClient { TimeUnit timeUnit) throws Exception { return callableObj.call(); } - } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java ---------------------------------------------------------------------- diff --git a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java index 36a4840..94ca822 100755 --- a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java +++ b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java @@ -28,7 +28,7 @@ import org.apache.ranger.plugin.service.ResourceLookupContext; public class KMSResourceMgr { public static final Logger LOG = Logger.getLogger(KMSResourceMgr.class); - private static final String KMSQUEUE = "queue"; + private static final String KMSKEY = "keyname"; public static HashMap<String, Object> validateConfig(String serviceName, Map<String, String> configs) throws Exception { HashMap<String, Object> ret = null; @@ -54,35 +54,32 @@ public class KMSResourceMgr { String userInput = context.getUserInput(); Map<String, List<String>> resourceMap = context.getResources(); List<String> resultList = null; - List<String> kmsQueueList = null; - String kmsQueueName = null; + List<String> kmsKeyList = null; + String kmsKeyName = null; - if ( resourceMap != null && !resourceMap.isEmpty() && - resourceMap.get(KMSQUEUE) != null ) { - kmsQueueName = userInput; - kmsQueueList = resourceMap.get(KMSQUEUE); + if ( resourceMap != null && !resourceMap.isEmpty() && resourceMap.get(KMSKEY) != null ) { + kmsKeyName = userInput; + kmsKeyList = resourceMap.get(KMSKEY); } else { - kmsQueueName = userInput; + kmsKeyName = userInput; } if (configs == null || configs.isEmpty()) { LOG.error("Connection Config is empty"); - } else { - String url = configs.get("kms.url"); + String url = configs.get("provider"); String username = configs.get("username"); String password = configs.get("password"); - resultList = getKMSResource(url, username, password,kmsQueueName,kmsQueueList) ; + resultList = getKMSResource(url, username, password,kmsKeyName,kmsKeyList) ; } return resultList ; } - public static List<String> getKMSResource(String url, String username, String password,String kmsQueueName, List<String> kmsQueueList) { + public static List<String> getKMSResource(String url, String username, String password,String kmsKeyName, List<String> kmsKeyList) { final KMSClient KMSClient = KMSConnectionMgr.getKMSClient(url, username, password); - List<String> topologyList = KMSClient.getQueueList(kmsQueueName, kmsQueueList); + List<String> topologyList = KMSClient.getKeyList(kmsKeyName, kmsKeyList); return topologyList; - } - + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java new file mode 100755 index 0000000..fd2dd3b --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java @@ -0,0 +1,317 @@ +package org.apache.ranger.biz; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.regex.Pattern; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.core.MediaType; + +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections.MapUtils; +import org.apache.commons.collections.Predicate; +import org.apache.commons.collections.PredicateUtils; +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; +import org.apache.ranger.common.ContextUtil; +import org.apache.ranger.common.MessageEnums; +import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.RangerConfigUtil; +import org.apache.ranger.common.SortField; +import org.apache.ranger.common.StringUtil; +import org.apache.ranger.plugin.model.RangerService; +import org.apache.ranger.plugin.util.KeySearchFilter; +import org.apache.ranger.view.VXKmsKey; +import org.apache.ranger.view.VXKmsKeyList; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; +import com.sun.jersey.api.client.Client; +import com.sun.jersey.api.client.ClientResponse; +import com.sun.jersey.api.client.WebResource; +import com.sun.jersey.api.client.config.ClientConfig; +import com.sun.jersey.api.client.config.DefaultClientConfig; + +@Component +public class KmsKeyMgr { + + static final Logger logger = Logger.getLogger(KmsKeyMgr.class); + + private static final String KMS_KEY_LIST_URI = "v1/keys/names?user.name=${userName}"; //GET + private static final String KMS_ADD_KEY_URI = "v1/keys?user.name=${userName}"; //POST + private static final String KMS_ROLL_KEY_URI = "v1/key/${alias}?user.name=${userName}"; //POST + private static final String KMS_DELETE_KEY_URI = "v1/key/${alias}?user.name=${userName}"; //DELETE + private static final String KMS_KEY_METADATA_URI = "v1/key/${alias}/_metadata?user.name=${userName}"; //GET + private static final String KMS_URL_CONFIG = "provider"; + + @Autowired + ServiceDBStore svcStore; + + @Autowired + RESTErrorUtil restErrorUtil; + + @Autowired + RangerConfigUtil configUtil; + + public VXKmsKeyList searchKeys(String repoName){ + String provider = null; + try { + provider = getKMSURL(repoName); + } catch (Exception e) { + logger.error("getKey(" + repoName + ") failed", e); + } + Client c = getClient() ; + String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); + String keyLists = KMS_KEY_LIST_URI.replaceAll(Pattern.quote("${userName}"), currentUserLoginId); + String uri = provider + (provider.endsWith("/") ? keyLists : ("/" + keyLists)); + VXKmsKeyList vxKmsKeyList = new VXKmsKeyList(); + WebResource r = c.resource(uri) ; + String response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class); + Gson gson = new GsonBuilder().create() ; + logger.debug(" Search Key RESPONSE: [" + response + "]") ; + List<VXKmsKey> vXKeys = new ArrayList<VXKmsKey>(); + @SuppressWarnings("unchecked") + List<String> keys = gson.fromJson(response, List.class) ; + if(keys != null && keys.size() > 0){ + for(String name : keys){ + VXKmsKey key = getKey(repoName, name); + vXKeys.add(key); + } + vxKmsKeyList.setResultSize(vXKeys.size()); + vxKmsKeyList.setTotalCount(vXKeys.size()); + vxKmsKeyList.setStartIndex(0); + vxKmsKeyList.setPageSize(vXKeys.size()); + } + vxKmsKeyList.setVXKeys(vXKeys); + return vxKmsKeyList; + } + + public VXKmsKey rolloverKey(String provider, VXKmsKey vXKey){ + try { + provider = getKMSURL(provider); + } catch (Exception e) { + logger.error("rolloverKey(" + provider + ", "+ vXKey.getName() +") failed", e); + } + VXKmsKey ret = null ; + Client c = getClient() ; + String rollRest = KMS_ROLL_KEY_URI.replaceAll(Pattern.quote("${alias}"), vXKey.getName()); + String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); + rollRest = rollRest.replaceAll(Pattern.quote("${userName}"), currentUserLoginId); + String uri = provider + (provider.endsWith("/") ? rollRest : ("/" + rollRest)); + WebResource r = c.resource(uri) ; + Gson gson = new GsonBuilder().create() ; + String jsonString = gson.toJson(vXKey) ; + String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString) ; + logger.debug("Roll RESPONSE: [" + response + "]") ; + ret = gson.fromJson(response, VXKmsKey.class) ; + return ret ; + } + + public void deleteKey(String provider, String name){ + try { + provider = getKMSURL(provider); + } catch (Exception e) { + logger.error("deleteKey(" + provider + ", "+ name +") failed", e); + } + Client c = getClient() ; + String deleteRest = KMS_DELETE_KEY_URI.replaceAll(Pattern.quote("${alias}"), name); + String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); + deleteRest = deleteRest.replaceAll(Pattern.quote("${userName}"), currentUserLoginId); + String uri = provider + (provider.endsWith("/") ? deleteRest : ("/" + deleteRest)); + WebResource r = c.resource(uri) ; + ClientResponse response = r.delete(ClientResponse.class) ; + logger.debug("delete RESPONSE: [" + response.toString() + "]") ; + if (response.getStatus() == 200) { + logger.debug("Alias "+name+" deleted successfully"); + } + } + + public VXKmsKey createKey(String provider, VXKmsKey vXKey){ + try { + provider = getKMSURL(provider); + } catch (Exception e) { + logger.error("createKey(" + provider + ", "+ vXKey.getName() +") failed", e); + } + VXKmsKey ret = null ; + Client c = getClient() ; + String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); + String createRest = KMS_ADD_KEY_URI.replaceAll(Pattern.quote("${userName}"), currentUserLoginId); + String uri = provider + (provider.endsWith("/") ? createRest : ("/" + createRest)); + WebResource r = c.resource(uri) ; + Gson gson = new GsonBuilder().create() ; + String jsonString = gson.toJson(vXKey) ; + String response = r.accept(MediaType.APPLICATION_JSON_TYPE).type(MediaType.APPLICATION_JSON_TYPE).post(String.class, jsonString) ; + logger.debug("Create RESPONSE: [" + response + "]") ; + ret = gson.fromJson(response, VXKmsKey.class) ; + return ret ; + } + + public VXKmsKey getKey(String provider, String name){ + try { + provider = getKMSURL(provider); + } catch (Exception e) { + logger.error("getKey(" + provider + ", "+ name +") failed", e); + } + Client c = getClient() ; + String keyRest = KMS_KEY_METADATA_URI.replaceAll(Pattern.quote("${alias}"), name); + String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); + keyRest = keyRest.replaceAll(Pattern.quote("${userName}"), currentUserLoginId); + String uri = provider + (provider.endsWith("/") ? keyRest : ("/" + keyRest)); + WebResource r = c.resource(uri) ; + String response = r.accept(MediaType.APPLICATION_JSON_TYPE).get(String.class); + Gson gson = new GsonBuilder().create() ; + logger.debug("RESPONSE: [" + response + "]") ; + VXKmsKey key = gson.fromJson(response, VXKmsKey.class) ; + return key; + } + + private String getKMSURL(String name) throws Exception{ + String provider = null; + RangerService rangerService = null; + try { + rangerService = svcStore.getServiceByName(name); + provider = rangerService.getConfigs().get(KMS_URL_CONFIG); + provider = provider.replaceAll("kms://",""); + provider = provider.replaceAll("http@","http://";); + } catch(Exception excp) { + logger.error("getServiceByName(" + name + ") failed", excp); + throw new Exception("getServiceByName(" + name + ") failed", excp); + } + + if(rangerService == null || provider == null) { + throw new Exception("Provider "+provider+" not found"); + } + return provider; + } + + private synchronized Client getClient() { + Client ret = null; + ClientConfig cc = new DefaultClientConfig(); + cc.getProperties().put(ClientConfig.PROPERTY_FOLLOW_REDIRECTS, true); + ret = Client.create(cc); + return ret ; + } + + public VXKmsKeyList getFilteredKeyList(HttpServletRequest request, VXKmsKeyList vXKmsKeyList){ + List<SortField> sortFields = new ArrayList<SortField>(); + sortFields.add(new SortField(KeySearchFilter.KEY_NAME, KeySearchFilter.KEY_NAME)); + + KeySearchFilter filter = getKeySearchFilter(request, sortFields); + + Predicate pred = getPredicate(filter); + + if(pred != null) { + CollectionUtils.filter(vXKmsKeyList.getVXKeys(), pred); + } + return vXKmsKeyList; + } + + private Predicate getPredicate(KeySearchFilter filter) { + if(filter == null || filter.isEmpty()) { + return null; + } + + List<Predicate> predicates = new ArrayList<Predicate>(); + + addPredicateForKeyName(filter.getParam(KeySearchFilter.KEY_NAME), predicates); + + Predicate ret = CollectionUtils.isEmpty(predicates) ? null : PredicateUtils.allPredicate(predicates); + + return ret; + } + + private Predicate addPredicateForKeyName(final String name, List<Predicate> predicates) { + if(StringUtils.isEmpty(name)) { + return null; + } + + Predicate ret = new Predicate() { + @Override + public boolean evaluate(Object object) { + if(object == null) { + return false; + } + + boolean ret = false; + + if(object instanceof VXKmsKey) { + VXKmsKey vXKmsKey = (VXKmsKey)object; + if(StringUtils.isEmpty(vXKmsKey.getName())) { + ret = true; + }else{ + ret = vXKmsKey.getName().contains(name); + } + } else { + ret = true; + } + + return ret; + } + }; + + if(predicates != null) { + predicates.add(ret); + } + + return ret; + } + + private KeySearchFilter getKeySearchFilter(HttpServletRequest request, List<SortField> sortFields) { + if (request == null) { + return null; + } + KeySearchFilter ret = new KeySearchFilter(); + + if (MapUtils.isEmpty(request.getParameterMap())) { + ret.setParams(new HashMap<String, String>()); + } + + ret.setParam(KeySearchFilter.KEY_NAME, request.getParameter(KeySearchFilter.KEY_NAME)); + extractCommonCriteriasForFilter(request, ret, sortFields); + return ret; + } + + private KeySearchFilter extractCommonCriteriasForFilter(HttpServletRequest request, KeySearchFilter ret, List<SortField> sortFields) { + int startIndex = restErrorUtil.parseInt(request.getParameter(KeySearchFilter.START_INDEX), 0, + "Invalid value for parameter startIndex", MessageEnums.INVALID_INPUT_DATA, null, + KeySearchFilter.START_INDEX); + ret.setStartIndex(startIndex); + + int pageSize = restErrorUtil.parseInt(request.getParameter(KeySearchFilter.PAGE_SIZE), + configUtil.getDefaultMaxRows(), "Invalid value for parameter pageSize", + MessageEnums.INVALID_INPUT_DATA, null, KeySearchFilter.PAGE_SIZE); + ret.setMaxRows(pageSize); + + ret.setGetCount(restErrorUtil.parseBoolean(request.getParameter("getCount"), true)); + String sortBy = restErrorUtil.validateString(request.getParameter(KeySearchFilter.SORT_BY), + StringUtil.VALIDATION_ALPHA, "Invalid value for parameter sortBy", MessageEnums.INVALID_INPUT_DATA, + null, KeySearchFilter.SORT_BY); + + boolean sortSet = false; + if (!StringUtils.isEmpty(sortBy)) { + for (SortField sortField : sortFields) { + if (sortField.getParamName().equalsIgnoreCase(sortBy)) { + ret.setSortBy(sortField.getParamName()); + String sortType = restErrorUtil.validateString(request.getParameter("sortType"), + StringUtil.VALIDATION_ALPHA, "Invalid value for parameter sortType", + MessageEnums.INVALID_INPUT_DATA, null, "sortType"); + ret.setSortType(sortType); + sortSet = true; + break; + } + } + } + + if (!sortSet && !StringUtils.isEmpty(sortBy)) { + logger.info("Invalid or unsupported sortBy field passed. sortBy=" + sortBy, new Throwable()); + } + + if(ret.getParams() == null) { + ret.setParams(new HashMap<String, String>()); + } + return ret; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java index f9eb61b..b97f666 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java +++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java @@ -526,11 +526,15 @@ public class AppConstants extends RangerCommonEnums { * CLASS_TYPE_RANGER_GROUP_PERMISSION is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_GROUP_PERMISSION". */ public static final int CLASS_TYPE_RANGER_GROUP_PERMISSION = 1036; + /** + * CLASS_TYPE_XA_KMS_KEY is an element of enum ClassTypes. Its value is "CLASS_TYPE_XA_KMS_KEY". + */ + public static final int CLASS_TYPE_XA_KMS_KEY = 1037; /** * Max value for enum ClassTypes_MAX */ - public static final int ClassTypes_MAX = 1036; + public static final int ClassTypes_MAX = 1037; /*************************************************************** * Enum values for Default SortOrder http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java new file mode 100755 index 0000000..baab333 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java @@ -0,0 +1,169 @@ +package org.apache.ranger.rest; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.Context; + +import org.apache.log4j.Logger; +import org.apache.ranger.biz.KmsKeyMgr; +import org.apache.ranger.common.MessageEnums; +import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.SearchUtil; +import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName; +import org.apache.ranger.view.VXKmsKey; +import org.apache.ranger.view.VXKmsKeyList; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Component; +import org.springframework.transaction.annotation.Propagation; +import org.springframework.transaction.annotation.Transactional; + + +@Path("keys") +@Component +@Scope("request") +@RangerAnnotationJSMgrName("KeyMgr") +@Transactional(propagation = Propagation.REQUIRES_NEW) +public class XKeyREST { + static Logger logger = Logger.getLogger(XKeyREST.class); + + private static String UNAUTHENTICATED_MSG = "Unauthenticated : Please check the premission in the policy for the user"; + + @Autowired + KmsKeyMgr keyMgr; + + @Autowired + SearchUtil searchUtil; + + @Autowired + RESTErrorUtil restErrorUtil; + + /** + * Implements the traditional search functionalities for Keys + * + * @param request + * @return + */ + @GET + @Path("/keys") + @Produces({ "application/xml", "application/json" }) + public VXKmsKeyList searchKeys(@Context HttpServletRequest request, @QueryParam("provider") String provider) { + VXKmsKeyList vxKmsKeyList = new VXKmsKeyList(); + try{ + vxKmsKeyList = keyMgr.searchKeys(provider); + vxKmsKeyList = keyMgr.getFilteredKeyList(request, vxKmsKeyList); + }catch(Exception e){ + e.printStackTrace(); + handleError(e.getMessage()); + } + return vxKmsKeyList; + } + + /** + * Implements the Rollover key functionality + * @param vXKey + * @return + */ + @PUT + @Path("/key") + @Produces({ "application/xml", "application/json" }) + public VXKmsKey rolloverKey(@QueryParam("provider") String provider, VXKmsKey vXKey) { + VXKmsKey vxKmsKey = new VXKmsKey(); + try{ + String name = vXKey.getName(); + if (name == null || name.isEmpty()) { + throw restErrorUtil.createRESTException("Please provide a valid " + + "alias.", MessageEnums.INVALID_INPUT_DATA); + } + vxKmsKey = keyMgr.rolloverKey(provider, vXKey); + }catch(Exception e){ + handleError(e.getMessage()); + } + return vxKmsKey; + } + + /** + * Implements the delete key functionality + * @param name + * @param request + */ + @DELETE + @Path("/key/{alias}") + @Produces({ "application/xml", "application/json" }) + public void deleteKey(@PathParam("alias") String name, @QueryParam("provider") String provider, @Context HttpServletRequest request) { + try{ + if (name == null || name.isEmpty()) { + throw restErrorUtil.createRESTException("Please provide a valid " + + "alias.", MessageEnums.INVALID_INPUT_DATA); + } + keyMgr.deleteKey(provider, name); + }catch(Exception e){ + handleError(e.getMessage()); + } + } + + /** + * Implements the create key functionality + * @param vXKey + * @return + */ + @POST + @Path("/key") + @Produces({ "application/xml", "application/json" }) + public VXKmsKey createKey(@QueryParam("provider") String provider, VXKmsKey vXKey) { + VXKmsKey vxKmsKey = new VXKmsKey(); + try{ + String name = vXKey.getName(); + if (name == null || name.isEmpty()) { + throw restErrorUtil.createRESTException("Please provide a valid " + + "alias.", MessageEnums.INVALID_INPUT_DATA); + } + vxKmsKey = keyMgr.createKey(provider, vXKey); + }catch(Exception e){ + handleError(e.getMessage()); + } + return vxKmsKey; + } + + /** + * + * @param name + * @param provider + * @return + */ + @GET + @Path("/key/{alias}") + @Produces({ "application/xml", "application/json" }) + public VXKmsKey getKey(@PathParam("alias") String name,@QueryParam("provider") String provider){ + VXKmsKey vxKmsKey = new VXKmsKey(); + try{ + if (name == null || name.isEmpty()) { + throw restErrorUtil.createRESTException("Please provide a valid " + + "alias.", MessageEnums.INVALID_INPUT_DATA); + } + vxKmsKey = keyMgr.getKey(provider, name); + }catch(Exception e){ + handleError(e.getMessage()); + } + return vxKmsKey; + } + + private void handleError(String message) { + if(!(message==null) && !(message.isEmpty()) && message.contains("Connection refused")){ + message = "Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running"; + }else if(!(message==null) && !(message.isEmpty()) && message.contains("response status of 403")){ + message = UNAUTHENTICATED_MSG; + }else if(!(message==null) && !(message.isEmpty()) && message.contains("response status of 401")){ + message = UNAUTHENTICATED_MSG; + } + throw restErrorUtil.createRESTException(message, MessageEnums.ERROR_SYSTEM); + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/java/org/apache/ranger/view/VXKmsKey.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXKmsKey.java b/security-admin/src/main/java/org/apache/ranger/view/VXKmsKey.java new file mode 100755 index 0000000..dc71f13 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/view/VXKmsKey.java @@ -0,0 +1,239 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.view; + +/** + * Key + * + */ + +import java.util.Map; + +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.ranger.common.AppConstants; +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.annotate.JsonIgnoreProperties; +import org.codehaus.jackson.map.annotate.JsonSerialize; + +@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY) +@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL ) +@JsonIgnoreProperties(ignoreUnknown=true) +@XmlRootElement +public class VXKmsKey extends VXDataObject implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + /** + * Name + */ + protected String name; + /** + * Cipher + */ + protected String cipher; + /** + * Length + */ + protected int length; + /** + * Description + */ + protected String description; + /** + * Version + */ + protected int versions; + /** + * Material + */ + protected String material; + /** + * Version Name + */ + protected String versionName; + + /** + * Key Created Date + */ + protected Long created; + + /** + * Attributes + */ + protected Map<String, String> attributes; + + /** + * Default constructor. This will set all the attributes to default value. + */ + public VXKmsKey ( ) { + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the cipher + */ + public String getCipher() { + return cipher; + } + + /** + * @param cipher the cipher to set + */ + public void setCipher(String cipher) { + this.cipher = cipher; + } + + /** + * @return the length + */ + public int getLength() { + return length; + } + + /** + * @param length the length to set + */ + public void setLength(int length) { + this.length = length; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the version + */ + public int getVersions() { + return versions; + } + + /** + * @param version the version to set + */ + public void setVersions(int versions) { + this.versions = versions; + } + + /** + * @return the material + */ + public String getMaterial() { + return material; + } + + /** + * @param material the material to set + */ + public void setMaterial(String material) { + this.material = material; + } + + /** + * @return the versionName + */ + public String getVersionName() { + return versionName; + } + + /** + * @param versionName the versionName to set + */ + public void setVersionName(String versionName) { + this.versionName = versionName; + } + + /** + * @return the created + */ + public Long getCreated() { + return created; + } + + /** + * @param created the created to set + */ + public void setCreated(Long created) { + this.created = created; + } + + /** + * @return the attributes + */ + public Map<String, String> getAttributes() { + return attributes; + } + + /** + * @param attributes the attributes to set + */ + public void setAttributes(Map<String, String> attributes) { + this.attributes = attributes; + } + + @Override + public int getMyClassType( ) { + return AppConstants.CLASS_TYPE_XA_KMS_KEY; + } + + /** + * This return the bean content in string format + * @return formatedStr + */ + public String toString( ) { + String str = "VXUser={"; + str += super.toString(); + str += "name={" + name + "} "; + str += "cipher={" + cipher + "} "; + str += "length={" + length + "} "; + str += "description={" + description + "} "; + str += "atrribute={" + attributes + "} "; + str += "created={" + created.toString() + "} "; + str += "version={" + versions + "} "; + str += "material={" + material + "} "; + str += "versionName={" + versionName + "} "; + str += "}"; + return str; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/java/org/apache/ranger/view/VXKmsKeyList.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXKmsKeyList.java b/security-admin/src/main/java/org/apache/ranger/view/VXKmsKeyList.java new file mode 100644 index 0000000..05e96f5 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/view/VXKmsKeyList.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.view; + +/** + * List wrapper class for VXKey + * + */ + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.ranger.common.view.VList; +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.map.annotate.JsonSerialize; + +@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY) +@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL ) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class VXKmsKeyList extends VList { + private static final long serialVersionUID = 1L; + List<VXKmsKey> vXKeys = new ArrayList<VXKmsKey>(); + + public VXKmsKeyList() { + super(); + } + + public VXKmsKeyList(List<VXKmsKey> objList) { + super(objList); + this.vXKeys = objList; + } + + /** + * @return the vXKeys + */ + public List<VXKmsKey> getVXKeys() { + return vXKeys; + } + + /** + * @param vXKeys + * the vXKeys to set + */ + public void setVXKeys(List<VXKmsKey> vXKeys) { + this.vXKeys = vXKeys; + } + + @Override + public int getListSize() { + if (vXKeys != null) { + return vXKeys.size(); + } + return 0; + } + + @Override + public List<VXKmsKey> getList() { + return vXKeys; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/collection_bases/VXKmsKeyListBase.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/collection_bases/VXKmsKeyListBase.js b/security-admin/src/main/webapp/scripts/collection_bases/VXKmsKeyListBase.js new file mode 100644 index 0000000..46feaf3 --- /dev/null +++ b/security-admin/src/main/webapp/scripts/collection_bases/VXKmsKeyListBase.js @@ -0,0 +1,68 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +define(function(require){ + 'use strict'; + + var XABaseCollection = require('collections/XABaseCollection'); + var XAGlobals = require('utils/XAGlobals'); + var VXKmsKey = require('models/VXKmsKey'); + + var VXKmsKeyListBase = XABaseCollection.extend( + /** @lends VXKmsKeyListBase.prototype */ + { + url: XAGlobals.baseURL + 'keys/keys', + + model : VXKmsKey, + + /** + * VXKmsKeyListBase initialize method + * @augments XABaseCollection + * @constructs + */ + initialize : function() { + this.modelName = 'VXKmsKey'; + this.modelAttrName = 'vXKeys'; + this.bindErrorEvents(); + }, + + + /************************* + * Non - CRUD operations + *************************/ + + + + },{ + // static class members + /** + * Table Cols to be passed to Backgrid + * UI has to use this as base and extend this. + * + */ + + tableCols : {} + + }); + + return VXKmsKeyListBase; +}); + + http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/collections/VXKmsKeyList.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/collections/VXKmsKeyList.js b/security-admin/src/main/webapp/scripts/collections/VXKmsKeyList.js new file mode 100644 index 0000000..7b4e59d --- /dev/null +++ b/security-admin/src/main/webapp/scripts/collections/VXKmsKeyList.js @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +define(function(require){ + 'use strict'; + + var VXKmsKeyListBase = require('collection_bases/VXKmsKeyListBase'); + + var VXKmsKeyList = VXKmsKeyListBase.extend( + /** @lends VXKmsKeyList.prototype */ + { + },{ + // static class members + }); + + return VXKmsKeyList; +}); + + http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/controllers/Controller.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/controllers/Controller.js b/security-admin/src/main/webapp/scripts/controllers/Controller.js index a329dad..df820e5 100644 --- a/security-admin/src/main/webapp/scripts/controllers/Controller.js +++ b/security-admin/src/main/webapp/scripts/controllers/Controller.js @@ -391,6 +391,43 @@ define(function(require) { location.hash = XALinks.get('UserProfile').href; } }, + /************** KMS *********************/ + kmsManagerAction :function(kmsManagePage, kmsServiceName){ + MAppState.set({ 'currentTab' : XAGlobals.AppTabs.KMS.value }); + var view = require('views/kms/KMSTableLayout'); + var KmsKeyList = require('collections/VXKmsKeyList'); + App.rContent.show(new view({ + collection : new KmsKeyList(), + kmsServiceName : kmsServiceName, + kmsManagePage : kmsManagePage + })); + }, + kmsKeyCreateAction : function(kmsServiceName){ + MAppState.set({ 'currentTab' : XAGlobals.AppTabs.KMS.value }); + var view = require('views/kms/KmsKeyCreate'); + var KmsKey = require('models/VXKmsKey'); + + App.rContent.show(new view({ + model : new KmsKey(), + kmsServiceName : kmsServiceName + })); + }, + kmsKeyEditAction : function(kmsServiceName, keyName){ + MAppState.set({ 'currentTab' : XAGlobals.AppTabs.KMS.value }); + var view = require('views/kms/KmsKeyCreate'); + var VXKmsKey = require('models/VXKmsKey'); + var kmsKeyModel = new VXKmsKey({'name' : keyName}); + var data = {'provider': kmsServiceName} + kmsKeyModel.fetch({ + cache : true, + data : data + }).done(function(){ + App.rContent.show(new view({ + model : kmsKeyModel, + kmsServiceName : kmsServiceName + })); + }); + }, /**************** ERROR PAGE ******************************/ pageNotFoundAction : function() { var XAUtils = require('utils/XAUtils'); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/model_bases/VXKmsKeyBase.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/model_bases/VXKmsKeyBase.js b/security-admin/src/main/webapp/scripts/model_bases/VXKmsKeyBase.js new file mode 100644 index 0000000..9e431a0 --- /dev/null +++ b/security-admin/src/main/webapp/scripts/model_bases/VXKmsKeyBase.js @@ -0,0 +1,103 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +define(function(require){ + 'use strict'; + + var XABaseModel = require('models/XABaseModel'); + var XAGlobals = require('utils/XAGlobals'); + + var VXKmsKeyBase = XABaseModel.extend( + /** @lends VXKmsKeyBase.prototype */ + { + urlRoot: XAGlobals.baseURL + 'keys/key', + + defaults: {}, + + serverSchema : { + "id" : { + "dataType" : "Long" + }, + "version" : { + "dataType" : "int" + }, + "createDate" : { + "dataType" : "Date" + }, + "updateDate" : { + "dataType" : "Date" + }, + "permList" : { + "dataType" : "list", + "listType" : "VNameValue" + }, + "forUserId" : { + "dataType" : "Long" + }, + "status" : { + "dataType" : "int" + }, + "priGrpId" : { + "dataType" : "Long" + }, + "updatedBy" : { + "dataType" : "String" + }, + "isSystem" : { + "dataType" : "boolean" + }, + "name" : { + "dataType" : "String" + }, + "description" : { + "dataType" : "String" + }, + "groupType" : { + "dataType" : "int" + }, + "credStoreId" : { + "dataType" : "Long" + } + }, + + + idAttribute: 'name', + + /** + * VXKmsKeyBase initialize method + * @augments XABaseModel + * @constructs + */ + initialize: function() { + this.modelName = 'VXKmsKeyBase'; + }, + getKmsKeyURL: function(keyName, serviceName) { + return this.urlRoot + "/"+keyName; + }, + + }, { + // static class members + }); + + return VXKmsKeyBase; + +}); + + http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/models/VXKmsKey.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/models/VXKmsKey.js b/security-admin/src/main/webapp/scripts/models/VXKmsKey.js new file mode 100644 index 0000000..d7a464c --- /dev/null +++ b/security-admin/src/main/webapp/scripts/models/VXKmsKey.js @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +define(function(require){ + 'use strict'; + + var VXKmsKeyBase = require('model_bases/VXKmsKeyBase'); + var localization = require('utils/XALangSupport'); + var XAEnums = require('utils/XAEnums'); + + var VXKmsKey = VXKmsKeyBase.extend( + /** @lends VXKmsKey.prototype */ + { + /** + * VXKmsKey initialize method + * @augments XABaseModel + * @constructs + */ + initialize: function() { + this.modelName = 'VXKmsKey'; + this.bindErrorEvents(); + }, + + /** This models toString() */ + toString : function(){ + return /*this.get('name')*/; + } + + }, { + // static class members + }); + + return VXKmsKey; + +}); + + http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/modules/XALinks.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/modules/XALinks.js b/security-admin/src/main/webapp/scripts/modules/XALinks.js index 1c8ec93..747b6e6 100644 --- a/security-admin/src/main/webapp/scripts/modules/XALinks.js +++ b/security-admin/src/main/webapp/scripts/modules/XALinks.js @@ -64,10 +64,25 @@ define(function(require) { text : 'h.usersOrGroups', title: 'h.usersOrGroups' }, - Configs: { - href : '#!/configs', - text : 'h.configs', - title: 'h.configs' + Kms : { + href : '#!/kms/keys', + text : 'h.kms', + title: 'h.kms' + }, + KmsKeyCreate : { + href : '#!/kms/keys/create', + text : 'h.keyCreate', + title: 'h.keyCreate' + }, + KmsKeyEdit : { + href : 'javascript:void(0);', + text : 'h.keyEdit', + title: 'h.keyEdit' + }, + KmsKeyForService : { + href : 'javascrit:;', + text : 'KMS_TEST1', + title: 'KMS_TEST1' }, ManageTables: { href : '#!/managetables', @@ -284,6 +299,17 @@ define(function(require) { title: options.model.get('module') }; }, + KmsServiceForKey : function(options) { + var href = "javascript:void(0);"; + if(_.has(options,'kmsServiceDefModel') && _.has(options,'kmsService')){ + href = '#!/service/'+options.kmsServiceDefModel.id+"/edit/"+options.kmsService.id; + } + return { + href : href, + text : options.kmsService.get('name'), + title: options.kmsService.get('name') + }; + } }; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js index fa475b3..9eae73c 100644 --- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js +++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js @@ -214,7 +214,15 @@ define(function(require) { isVisible : 'Visible', delegatedAdmin : 'Delegate Admin', policyId : 'Policy ID', - moduleName : 'Module Name' + moduleName : 'Module Name', + keyManagement : 'Key Management', + addNewKey : 'Add New Key', + keyName : 'Key Name', + cipher : 'Cipher', + length : 'Length', + version : 'Version', + attributes : 'Attributes', + material : 'Material' }, btn : { add : 'Add', @@ -274,7 +282,11 @@ define(function(require) { searchForYourGroup :"Search for your groups...", access : 'Access', policyCondition : 'Policy Condtions', - permissions : 'Permissions' + permissions : 'Permissions', + kms : 'KMS', + keyCreate : 'Key Create', + keyEdit : 'Key Edit', + searchForKeys :"Search for your keys...", }, @@ -303,6 +315,7 @@ define(function(require) { repoDoesNotExistAnymore : 'Repository does not exist anymore..', policyDisabledMsg : 'This policy is currently in disabled state.', noRecordsFound : 'No Records Found', + keyDeleteMsg : 'Key deleted successfully' http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/routers/Router.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/routers/Router.js b/security-admin/src/main/webapp/scripts/routers/Router.js index 70943a1..e706cdf 100644 --- a/security-admin/src/main/webapp/scripts/routers/Router.js +++ b/security-admin/src/main/webapp/scripts/routers/Router.js @@ -59,9 +59,15 @@ function(Backbone, Marionette, localization, MAppState, XAUtil){ "!/service/:serviceId/policies/:id/edit": "RangerPolicyEditAction", /************PERMISSIONS VIEWS *****************************************/ - "!/permissions": "modulePermissionsAction", - "!/permissions/:id/edit" : "modulePermissionEditAction", - /*************** ERROR PAGE ****************************************/ + "!/permissions" : "modulePermissionsAction", + "!/permissions/:id/edit" : "modulePermissionEditAction", + + /************ KMS ***************************/ + "!/kms/keys/:isService/manage/:serviceName" : "kmsManagerAction", + "!/kms/keys/:serviceName/create" : "kmsKeyCreateAction", + "!/kms/keys/:serviceName/edit/:id" : "kmsKeyEditAction", + + /*************** ERROR PAGE ***********************/ "*actions" : "pageNotFoundAction" }, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2f8bcd23/security-admin/src/main/webapp/scripts/utils/XAGlobals.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js index ee8c90d..f772e3c 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js +++ b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js @@ -46,13 +46,11 @@ define(function(require){ Dashboard : { value:1, valStr: 'Dashboard'}, PolicyManager : { value:2, valStr: 'Policy'}, Users : { value:3, valStr: 'Users'}, -// Reports : { value:4, valStr: 'Reports'}, - Config : { value:5, valStr: 'Config'}, - Assets : { value:6, valStr: 'Assets'}, - Analytics : { value:7, valStr: 'Analytics'}, - Audit : { value:8, valStr: 'Analytics'}, - Permissions : { value:9, valStr:'Permissions'}, - None : { value:10, valStr: 'None'} + Analytics : { value:4, valStr: 'Analytics'}, + Audit : { value:5, valStr: 'Audit'}, + Permissions : { value:6, valStr:'Permissions'}, + KMS : { value:7, valStr: 'KMS'}, + None : { value:8, valStr: 'None'} }; XAGlobals.BooleanValue = {
