Repository: incubator-ranger Updated Branches: refs/heads/master 39136c5d6 -> 376b0ea65
RANGER-429 : Enhancements to Ranger KMS Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/376b0ea6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/376b0ea6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/376b0ea6 Branch: refs/heads/master Commit: 376b0ea65919176dcdc194da5f9559a66f80bd8c Parents: 39136c5 Author: Gautam Borad <[email protected]> Authored: Tue May 5 22:20:23 2015 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Wed May 6 08:31:15 2015 -0400 ---------------------------------------------------------------------- kms/config/kms-webapp/dbks-site.xml | 9 ++-- kms/scripts/install.properties | 2 + kms/scripts/setup.sh | 4 +- .../org/apache/ranger/biz/ServiceDBStore.java | 25 ++++++++++- .../java/org/apache/ranger/biz/XUserMgr.java | 10 +++++ .../apache/ranger/common/UserSessionBase.java | 3 ++ .../java/org/apache/ranger/rest/XKeyREST.java | 38 ++++++++++++---- .../ranger/service/RangerServiceDefService.java | 29 ++++++++++++ .../service/RangerServiceServiceBase.java | 1 + .../webapp/scripts/controllers/Controller.js | 34 +++++++------- .../src/main/webapp/scripts/modules/XALinks.js | 13 +++++- .../scripts/modules/globalize/message/en.js | 6 ++- .../src/main/webapp/scripts/routers/Router.js | 2 +- .../src/main/webapp/scripts/utils/XAGlobals.js | 9 ++-- .../webapp/scripts/views/kms/KMSTableLayout.js | 47 ++++++++++++++++---- .../webapp/scripts/views/kms/KmsKeyCreate.js | 3 +- .../main/webapp/scripts/views/kms/KmsKeyForm.js | 44 +++++++++--------- .../scripts/views/policies/RangerPolicyForm.js | 2 + .../views/policymanager/ServiceLayout.js | 2 +- .../scripts/views/service/ConfigurationList.js | 3 +- .../webapp/scripts/views/service/ServiceForm.js | 1 + .../common/ServiceManagerLayout_tmpl.html | 2 +- .../webapp/templates/common/TopNav_tmpl.html | 3 +- .../main/webapp/templates/helpers/XAHelpers.js | 2 +- .../webapp/templates/kms/KmsKeyForm_tmpl.html | 1 + .../service/ConfigurationList_tmpl.html | 2 +- 26 files changed, 219 insertions(+), 78 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/kms/config/kms-webapp/dbks-site.xml ---------------------------------------------------------------------- diff --git a/kms/config/kms-webapp/dbks-site.xml b/kms/config/kms-webapp/dbks-site.xml index 734d537..edaff93 100755 --- a/kms/config/kms-webapp/dbks-site.xml +++ b/kms/config/kms-webapp/dbks-site.xml @@ -20,13 +20,14 @@ <!-- Blacklist for authorization --> - <!--<property> - <name>hadoop.kms.blacklist.CREATE</name> + <property> + <name>hadoop.kms.blacklist.DECRYPT_EEK</name> <value>hdfs</value> <description> - Blacklist for create-key operations. + Blacklist for decrypt EncryptedKey + CryptoExtension operations </description> - </property>--> + </property> <!-- Encryption key Password --> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/kms/scripts/install.properties ---------------------------------------------------------------------- diff --git a/kms/scripts/install.properties b/kms/scripts/install.properties old mode 100644 new mode 100755 index 0059787..cfe9adf --- a/kms/scripts/install.properties +++ b/kms/scripts/install.properties @@ -225,3 +225,5 @@ postgres_core_file=db/postgres/kms_core_db_postgres.sql sqlserver_core_file=db/sqlserver/kms_core_db_sqlserver.sql cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangerkms.jceks + +KMS_BLACKLIST_DECRYPT_EEK=hdfs http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/kms/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/kms/scripts/setup.sh b/kms/scripts/setup.sh index 63237d5..3071fe2 100755 --- a/kms/scripts/setup.sh +++ b/kms/scripts/setup.sh @@ -460,8 +460,8 @@ update_properties() { updatePropertyToFilePy $propertyName $newPropertyValue $to_file fi - propertyName=hadoop.kms.blacklist.CREATE - newPropertyValue="BlacklistUser" + propertyName=hadoop.kms.blacklist.DECRYPT_EEK + newPropertyValue="${KMS_BLACKLIST_DECRYPT_EEK}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file ########### http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index d217f61..84991c2 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -28,6 +28,7 @@ import java.util.Map; import java.util.Map.Entry; import javax.annotation.PostConstruct; +import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; @@ -115,6 +116,7 @@ import org.apache.ranger.service.XUserService; import org.apache.ranger.view.RangerPolicyList; import org.apache.ranger.view.RangerServiceDefList; import org.apache.ranger.view.RangerServiceList; +import org.apache.ranger.view.VXResponse; import org.apache.ranger.view.VXString; import org.apache.ranger.view.VXUser; import org.springframework.beans.factory.annotation.Autowired; @@ -890,7 +892,18 @@ public class ServiceDBStore extends AbstractServiceStore { RangerServiceDef ret = null; ret = serviceDefService.read(id); - + List<String> userRoleList = ContextUtil.getCurrentUserSession().getUserRoleList(); + if(userRoleList != null && !userRoleList.contains(RangerConstants.ROLE_KEY_ADMIN)){ + if(ret!=null && "KMS".equalsIgnoreCase(ret.getName())){ + ret=null; + } + }else{ + if(ret!=null && !"KMS".equalsIgnoreCase(ret.getName())){ + ret=null; + } + } + + if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceDefDBStore.getServiceDef(" + id + "): " + ret); } @@ -962,7 +975,17 @@ public class ServiceDBStore extends AbstractServiceStore { boolean createDefaultPolicy = true; UserSessionBase usb = ContextUtil.getCurrentUserSession(); + List<String> userRoleList=usb.getUserRoleList(); + boolean isAllowed=false; + if (userRoleList != null && userRoleList.contains(RangerConstants.ROLE_KEY_ADMIN)) { + if(service!=null && "KMS".equalsIgnoreCase(service.getType())){ + isAllowed=true; + } + } if (usb != null && usb.isUserAdmin() || populateExistingBaseFields) { + isAllowed=true; + } + if (isAllowed) { Map<String, String> configs = service.getConfigs(); Map<String, String> validConfigs = validateRequiredConfigParams( service, configs); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index e676bf6..49be508 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -296,6 +296,16 @@ public class XUserMgr extends XUserMgrBase { } else if (role.equals(RangerConstants.ROLE_KEY_ADMIN)) { insertMappingUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_KMS), isCreate); + insertMappingUserPermisson(vXPortalUser.getId(), + moduleNameId.get(RangerConstants.MODULE_ANALYTICS), + isCreate); + insertMappingUserPermisson( + vXPortalUser.getId(), + moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER), + isCreate); + insertMappingUserPermisson(vXPortalUser.getId(), + moduleNameId.get(RangerConstants.MODULE_AUDIT), + isCreate); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java b/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java index 842015b..20894dc 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java +++ b/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java @@ -96,6 +96,9 @@ public class UserSessionBase implements Serializable { public void setUserRoleList(List<String> strRoleList) { this.userRoleList = strRoleList; } + public List<String> getUserRoleList() { + return this.userRoleList; + } public int getAuthProvider() { return this.authProvider; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java index baab333..47ec0c1 100755 --- a/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/XKeyREST.java @@ -1,7 +1,6 @@ package org.apache.ranger.rest; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import javax.ws.rs.DELETE; import javax.ws.rs.GET; import javax.ws.rs.POST; @@ -20,12 +19,16 @@ import org.apache.ranger.common.SearchUtil; import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName; import org.apache.ranger.view.VXKmsKey; import org.apache.ranger.view.VXKmsKeyList; +import org.codehaus.jettison.json.JSONException; +import org.codehaus.jettison.json.JSONObject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Propagation; import org.springframework.transaction.annotation.Transactional; +import com.sun.jersey.api.client.UniformInterfaceException; + @Path("keys") @Component @@ -61,8 +64,7 @@ public class XKeyREST { vxKmsKeyList = keyMgr.searchKeys(provider); vxKmsKeyList = keyMgr.getFilteredKeyList(request, vxKmsKeyList); }catch(Exception e){ - e.printStackTrace(); - handleError(e.getMessage()); + handleError(e); } return vxKmsKeyList; } @@ -83,9 +85,12 @@ public class XKeyREST { throw restErrorUtil.createRESTException("Please provide a valid " + "alias.", MessageEnums.INVALID_INPUT_DATA); } + if(vXKey.getCipher() == null || vXKey.getCipher().trim().isEmpty()){ + vXKey.setCipher(null); + } vxKmsKey = keyMgr.rolloverKey(provider, vXKey); }catch(Exception e){ - handleError(e.getMessage()); + handleError(e); } return vxKmsKey; } @@ -106,7 +111,7 @@ public class XKeyREST { } keyMgr.deleteKey(provider, name); }catch(Exception e){ - handleError(e.getMessage()); + handleError(e); } } @@ -126,9 +131,12 @@ public class XKeyREST { throw restErrorUtil.createRESTException("Please provide a valid " + "alias.", MessageEnums.INVALID_INPUT_DATA); } + if(vXKey.getCipher() == null || vXKey.getCipher().trim().isEmpty()){ + vXKey.setCipher(null); + } vxKmsKey = keyMgr.createKey(provider, vXKey); }catch(Exception e){ - handleError(e.getMessage()); + handleError(e); } return vxKmsKey; } @@ -151,12 +159,26 @@ public class XKeyREST { } vxKmsKey = keyMgr.getKey(provider, name); }catch(Exception e){ - handleError(e.getMessage()); + handleError(e); } return vxKmsKey; } - private void handleError(String message) { + private void handleError(Exception e) { + String message = e.getMessage(); + if (e instanceof UniformInterfaceException){ + UniformInterfaceException uie=(UniformInterfaceException)e; + message = uie.getResponse().getEntity(String.class); + logger.error(message); + try { + JSONObject objRE = new JSONObject(message); + message = objRE.getString("RemoteException"); + JSONObject obj = new JSONObject(message); + message = obj.getString("message"); + } catch (JSONException e1) { + message = e1.getMessage(); + } + } if(!(message==null) && !(message.isEmpty()) && message.contains("Connection refused")){ message = "Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running"; }else if(!(message==null) && !(message.isEmpty()) && message.contains("response status of 403")){ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java index 98d10d8..ecf0b16 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java @@ -20,6 +20,8 @@ package org.apache.ranger.service; import java.util.ArrayList; import java.util.List; +import org.apache.ranger.common.ContextUtil; +import org.apache.ranger.common.RangerConstants; import org.apache.ranger.common.SearchField; import org.apache.ranger.common.SortField; import org.apache.ranger.common.SearchField.DATA_TYPE; @@ -39,6 +41,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; import org.apache.ranger.plugin.util.SearchFilter; +import org.apache.ranger.view.RangerServiceDefList; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Service; @@ -154,5 +157,31 @@ public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServi public RangerServiceDef getPopulatedViewObject(XXServiceDef xServiceDef) { return this.populateViewBean(xServiceDef); } + @Override + @SuppressWarnings("unchecked") + public RangerServiceDefList searchRangerServiceDefs(SearchFilter searchFilter) { + List<RangerServiceDef> serviceDefList = new ArrayList<RangerServiceDef>(); + RangerServiceDefList retList = new RangerServiceDefList(); + + List<XXServiceDef> xSvcDefList = (List<XXServiceDef>) searchResources(searchFilter, searchFields, sortFields, retList); + List<String> userRoleList = ContextUtil.getCurrentUserSession().getUserRoleList(); + for (XXServiceDef xSvcDef : xSvcDefList) { + if(userRoleList != null && !userRoleList.contains(RangerConstants.ROLE_KEY_ADMIN)){ + if(xSvcDef!=null && !"KMS".equalsIgnoreCase(xSvcDef.getName())){ + serviceDefList.add(populateViewBean(xSvcDef)); + } + } + else if(userRoleList != null && userRoleList.contains(RangerConstants.ROLE_KEY_ADMIN)){ + if(xSvcDef!=null && "KMS".equalsIgnoreCase(xSvcDef.getName())){ + serviceDefList.add(populateViewBean(xSvcDef)); + break; + } + } + } + retList.setServiceDefs(serviceDefList); + + return retList; + } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java old mode 100644 new mode 100755 index 6883d98..66f02fe --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java @@ -92,6 +92,7 @@ public abstract class RangerServiceServiceBase<T extends XXServiceBase, V extend vObj.setDescription(xObj.getDescription()); vObj.setPolicyVersion(xObj.getPolicyVersion()); vObj.setPolicyUpdateTime(xObj.getPolicyUpdateTime()); + vObj.setIsEnabled(xObj.getIsenabled()); return vObj; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/scripts/controllers/Controller.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/controllers/Controller.js b/security-admin/src/main/webapp/scripts/controllers/Controller.js old mode 100644 new mode 100755 index df820e5..96a458d --- a/security-admin/src/main/webapp/scripts/controllers/Controller.js +++ b/security-admin/src/main/webapp/scripts/controllers/Controller.js @@ -408,26 +408,26 @@ define(function(require) { var KmsKey = require('models/VXKmsKey'); App.rContent.show(new view({ - model : new KmsKey(), + model : new KmsKey({'length' : 128, 'cipher' : 'AES' }), kmsServiceName : kmsServiceName })); }, - kmsKeyEditAction : function(kmsServiceName, keyName){ - MAppState.set({ 'currentTab' : XAGlobals.AppTabs.KMS.value }); - var view = require('views/kms/KmsKeyCreate'); - var VXKmsKey = require('models/VXKmsKey'); - var kmsKeyModel = new VXKmsKey({'name' : keyName}); - var data = {'provider': kmsServiceName} - kmsKeyModel.fetch({ - cache : true, - data : data - }).done(function(){ - App.rContent.show(new view({ - model : kmsKeyModel, - kmsServiceName : kmsServiceName - })); - }); - }, +// kmsKeyEditAction : function(kmsServiceName, keyName){ +// MAppState.set({ 'currentTab' : XAGlobals.AppTabs.KMS.value }); +// var view = require('views/kms/KmsKeyCreate'); +// var VXKmsKey = require('models/VXKmsKey'); +// var kmsKeyModel = new VXKmsKey({'name' : keyName}); +// var data = {'provider': kmsServiceName} +// kmsKeyModel.fetch({ +// cache : true, +// data : data +// }).done(function(){ +// App.rContent.show(new view({ +// model : kmsKeyModel, +// kmsServiceName : kmsServiceName +// })); +// }); +// }, /**************** ERROR PAGE ******************************/ pageNotFoundAction : function() { var XAUtils = require('utils/XAUtils'); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/scripts/modules/XALinks.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/modules/XALinks.js b/security-admin/src/main/webapp/scripts/modules/XALinks.js old mode 100644 new mode 100755 index 747b6e6..b4d4483 --- a/security-admin/src/main/webapp/scripts/modules/XALinks.js +++ b/security-admin/src/main/webapp/scripts/modules/XALinks.js @@ -65,7 +65,7 @@ define(function(require) { title: 'h.usersOrGroups' }, Kms : { - href : '#!/kms/keys', + href : '#!/kms/keys/new/manage/service', text : 'h.kms', title: 'h.kms' }, @@ -309,6 +309,17 @@ define(function(require) { text : options.kmsService.get('name'), title: options.kmsService.get('name') }; + }, + KmsManage : function(options) { + var href = "javascript:void(0);"; + if(_.has(options,'kmsService')){ + href = '#!/kms/keys/edit/manage/'+options.kmsService; + } + return { + href : href, + text : 'h.kms', + title: 'h.kms' + }; } }; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js index 48cb766..30450e2 100644 --- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js +++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js @@ -222,7 +222,8 @@ define(function(require) { length : 'Length', version : 'Version', attributes : 'Attributes', - material : 'Material' + material : 'Material', + addNewConfig : 'Add New Configurations' }, btn : { add : 'Add', @@ -316,7 +317,8 @@ define(function(require) { repoDoesNotExistAnymore : 'Repository does not exist anymore..', policyDisabledMsg : 'This policy is currently in disabled state.', noRecordsFound : 'No Records Found', - keyDeleteMsg : 'Key deleted successfully' + keyDeleteMsg : 'Key deleted successfully', + rolloverSuccessfully : 'Key rollover successfully' http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/scripts/routers/Router.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/routers/Router.js b/security-admin/src/main/webapp/scripts/routers/Router.js index e706cdf..127b418 100644 --- a/security-admin/src/main/webapp/scripts/routers/Router.js +++ b/security-admin/src/main/webapp/scripts/routers/Router.js @@ -65,7 +65,7 @@ function(Backbone, Marionette, localization, MAppState, XAUtil){ /************ KMS ***************************/ "!/kms/keys/:isService/manage/:serviceName" : "kmsManagerAction", "!/kms/keys/:serviceName/create" : "kmsKeyCreateAction", - "!/kms/keys/:serviceName/edit/:id" : "kmsKeyEditAction", +// "!/kms/keys/:serviceName/edit/:id" : "kmsKeyEditAction", /*************** ERROR PAGE ***********************/ "*actions" : "pageNotFoundAction" http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/scripts/utils/XAGlobals.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js index f772e3c..1de57bc 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js +++ b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js @@ -67,9 +67,10 @@ define(function(require){ XAGlobals.ListOfModuleActions = { 'Policy Manager':['serviceManagerAction','serviceCreateAction','serviceEditAction', 'policyManageAction','RangerPolicyCreateAction','RangerPolicyEditAction'], 'Users/Groups' : ['userManagerAction','userCreateAction','userEditAction','groupCreateAction','groupEditAction'], - 'Analytics' : ['userAccessReportAction'], - 'Audit' : ['auditReportAction','loginSessionDetail'], - 'Permissions' : ['modulePermissionsAction','modulePermissionEditAction'] - }; + 'Analytics' : ['userAccessReportAction'], + 'Audit' : ['auditReportAction','loginSessionDetail'], + 'Permissions' : ['modulePermissionsAction','modulePermissionEditAction'], + 'KMS' : ['kmsManagerAction','kmsKeyCreateAction'] + }; return XAGlobals; }); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js b/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js old mode 100644 new mode 100755 index c3e8f4a..467a318 --- a/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js +++ b/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js @@ -42,7 +42,7 @@ define(function(require){ templateHelpers : function(){ // return { kmsServiceName : this.kmsServiceName }; }, - breadCrumbs :[XALinks.get('Kms')], + breadCrumbs :[XALinks.get('KmsManage')], /** Layout sub regions */ regions: { 'rTableList' :'div[data-id="r_tableList"]', @@ -54,7 +54,8 @@ define(function(require){ addNewKey : '[data-id="addNewKey"]', deleteKeyBtn : '[data-name="deleteKey"]', visualSearch: '.visual_search', - selectServiceName : '[data-js="serviceName"]' + selectServiceName : '[data-js="serviceName"]', + rolloverBtn : '[data-name="rolloverKey"]', }, /** ui events hash */ @@ -62,6 +63,7 @@ define(function(require){ var events = {}; events['click '+this.ui.tab+' li a'] = 'onTabChange'; events['click '+this.ui.deleteKeyBtn] = 'onDelete'; + events['click '+this.ui.rolloverBtn] = 'onRollover'; return events; }, @@ -117,7 +119,7 @@ define(function(require){ this.renderKeyTab(); } if(this.isKnownKmsServicePage){ - this.ui.selectServiceName.val(this.ksmServiceName); + this.ui.selectServiceName.val(this.kmsServiceName); this.ui.addNewKey.attr('disabled',false); this.ui.addNewKey.attr('href','#!/kms/keys/'+ this.kmsServiceName +'/create') @@ -159,12 +161,10 @@ define(function(require){ name : { label : localization.tt("lbl.keyName"), - href: function(model){ - return '#!/kms/keys/'+that.kmsServiceName+'/edit/'+model.get('name'); - }, + cell :'string', editable:false, sortable:false, - cell :'uri' + }, cipher : { label : localization.tt("lbl.cipher"), @@ -220,7 +220,7 @@ define(function(require){ label : localization.tt("lbl.action"), formatter: _.extend({}, Backgrid.CellFormatter.prototype, { fromRaw: function (rawValue,model) { - return '<a href="#!/kms/keys/'+that.kmsServiceName+'/edit/'+model.get('name')+'" class="btn btn-mini" title="Rollover"><i class="icon-edit" /></a>\ + return '<a href="javascript:void(0);" data-name ="rolloverKey" data-id="'+model.get('name')+'" class="btn btn-mini" title="Rollover"><i class="icon-edit" /></a>\ <a href="javascript:void(0);" data-name ="deleteKey" data-id="'+model.get('name')+'" class="btn btn-mini btn-danger" title="Delete"><i class="icon-trash" /></a>'; //You can use rawValue to custom your html, you can change this value using the name parameter. } @@ -334,6 +334,35 @@ define(function(require){ } }); }, + onRollover :function(e){ + var that = this; + var obj = this.collection.get($(e.currentTarget).data('id')); + var model = new KmsKey({ 'name' : obj.attributes.name }); + model.collection = this.collection; + var url = model.urlRoot+"?provider="+ this.kmsServiceName; + XAUtil.confirmPopup({ + msg :'Are you sure want to rollover ?', + callback : function(){ + XAUtil.blockUI(); + + model.save({},{ + 'type' : 'PUT', + 'url' : url, + 'success': function(model, response) { + XAUtil.blockUI('unblock'); + that.collection.remove(model.get('id')); + XAUtil.notifySuccess('Success', localization.tt('msg.rolloverSuccessfully')); + that.renderKeyTab(); + that.collection.fetch(); + }, + 'error': function (model, response, options) { + XAUtil.blockUI('unblock'); + XAUtil.notifyError('Error', 'Error rollovering key!'); + } + }); + } + }); + }, /** on close */ onClose: function(){ XAUtil.allowNavigation(); @@ -342,4 +371,4 @@ define(function(require){ }); return KmsTableLayout; -}); +}); \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/scripts/views/kms/KmsKeyCreate.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/kms/KmsKeyCreate.js b/security-admin/src/main/webapp/scripts/views/kms/KmsKeyCreate.js index 4bf9bd1..1ee0b3d 100644 --- a/security-admin/src/main/webapp/scripts/views/kms/KmsKeyCreate.js +++ b/security-admin/src/main/webapp/scripts/views/kms/KmsKeyCreate.js @@ -50,8 +50,7 @@ define(function(require){ breadCrumbs :function(){ var opts = { 'kmsService' : this.kmsService, 'kmsServiceDefModel' : this.kmsServiceDefModel } if(this.model.isNew()) - return [XALinks.get('Kms'), XALinks.get('KmsServiceForKey', opts), XALinks.get('KmsKeyCreate')]; - return [XALinks.get('Kms'), XALinks.get('KmsServiceForKey', opts), XALinks.get('KmsKeyEdit')]; + return [XALinks.get('KmsManage',opts), XALinks.get('KmsServiceForKey', opts), XALinks.get('KmsKeyCreate')]; } , /** Layout sub regions */ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/scripts/views/kms/KmsKeyForm.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/kms/KmsKeyForm.js b/security-admin/src/main/webapp/scripts/views/kms/KmsKeyForm.js index 25b2691..7d7262a 100755 --- a/security-admin/src/main/webapp/scripts/views/kms/KmsKeyForm.js +++ b/security-admin/src/main/webapp/scripts/views/kms/KmsKeyForm.js @@ -24,6 +24,7 @@ define(function(require){ var Backbone = require('backbone'); var XAEnums = require('utils/XAEnums'); var localization = require('utils/XALangSupport'); + var KeyValuePairList= require('views/service/ConfigurationList') require('backbone-forms'); require('backbone-forms.templates'); @@ -39,8 +40,9 @@ define(function(require){ initialize: function(options) { console.log("initialized a KmsKeyForm Form View"); _.extend(this, _.pick(options,'')); - Backbone.Form.prototype.initialize.call(this, options); - + this.attributesColl = new Backbone.Collection(); + this.setupFormForEditMode(); + Backbone.Form.prototype.initialize.call(this, options); this.bindEvents(); }, /** all events binding here */ @@ -56,21 +58,16 @@ define(function(require){ cipher : { type : 'Text', title : localization.tt("lbl.cipher"), - fieldAttrs : {style : 'display:none;'}, - editorAttrs : {'disabled' : true} }, length : { type : 'Number', title : localization.tt("lbl.length"), - fieldAttrs : {style : 'display:none;'}, - editorAttrs : {'disabled' : true} + validators : [{type : 'regexp', regexp : /^\d+$/, message : 'Please enter valid integer value.'}], }, - material : { + /*material : { type : 'Text', title : localization.tt("lbl.material"), - fieldAttrs : {style : 'display:none;'}, - editorAttrs : {'disabled' : true} - }, + },*/ description : { type : 'TextArea', title : localization.tt("lbl.description"), @@ -81,23 +78,28 @@ define(function(require){ render: function(options) { Backbone.Form.prototype.render.call(this, options); this.initializePlugins(); - if(this.model.has('versions')){ - this.fields.cipher.$el.show(); - this.fields.length.$el.show(); - this.fields.description.editor.$el.attr('disabled',true); + this.renderCustomFields(); + }, + /** all custom field rendering */ + renderCustomFields: function(){ + this.$('.attributes').html(new KeyValuePairList({ + collection : this.attributesColl, + model : this.model, + fieldLabel : localization.tt("lbl.attributes"), + }).render().el); + }, + setupFormForEditMode : function() { + if(!this.model.isNew() && !_.isUndefined(this.model.get('attributes'))){ + _.map(this.model.get('attributes'), function(value, key) { this.attributesColl.add({'name' : key, 'value' : value}) }, this) } }, /** all post render plugin initialization */ initializePlugins: function(){ }, beforeSave : function(){ - //to check model is new or not - if(this.model.has('versions')){ - this.model.attributes = { 'name' : this.model.get('name') }; - }else{ - this.model.attributes = { 'name' : this.model.get('name'), 'description' : this.model.get('description')}; - } - + var attributes = {}; + this.attributesColl.each(function(obj){ attributes[obj.get('name')] = obj.get('value'); }) + this.model.set('attributes',attributes); } }); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js index a6b6539..2396955 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js +++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js @@ -422,6 +422,8 @@ define(function(require){ }).length === 0) { if(!_.isUndefined(options.regExpValidation) && !options.regExpValidation.regexp.test(term)){ validRegExpString = false; + }else if($.inArray(term, this.val()) >= 0){ + return null; }else{ return { id : term, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js index 525418d..040cda7 100644 --- a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js +++ b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js @@ -41,7 +41,7 @@ define(function(require){ templateHelpers: function(){ var groupedServices = this.services.groupBy("type"); return { - isSysAdmin : SessionMgr.isSystemAdmin(), + operation : SessionMgr.isSystemAdmin() || SessionMgr.isKeyAdmin(), serviceDefs : this.collection.models, services : groupedServices }; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/scripts/views/service/ConfigurationList.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/service/ConfigurationList.js b/security-admin/src/main/webapp/scripts/views/service/ConfigurationList.js index 17ab912..598db83 100644 --- a/security-admin/src/main/webapp/scripts/views/service/ConfigurationList.js +++ b/security-admin/src/main/webapp/scripts/views/service/ConfigurationList.js @@ -72,6 +72,7 @@ define(function(require) { _msvName : 'ConfigurationList', template : require('hbs!tmpl/service/ConfigurationList_tmpl'), templateHelpers :function(){ + return { 'fieldLabel' : this.fieldLabel }; }, getItemView : function(item){ if(!item){ @@ -89,7 +90,7 @@ define(function(require) { 'click [data-action="addGroup"]' : 'addNew' }, initialize : function(options) { - _.extend(this, _.pick(options, '')); + _.extend(this, _.pick(options, 'fieldLabel')); // this.listenTo(this.groupList, 'sync', this.render, this); if(this.collection.length == 0) this.collection.add(new Backbone.Model()); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js b/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js index 9d4fddc..a3ac650 100644 --- a/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js +++ b/security-admin/src/main/webapp/scripts/views/service/ServiceForm.js @@ -133,6 +133,7 @@ define(function(require){ this.$('.extraServiceConfigs').html(new ConfigurationList({ collection : this.extraConfigColl, model : this.model, + fieldLabel : localization.tt('lbl.addNewConfig') }).render().el); }, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/templates/common/ServiceManagerLayout_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/common/ServiceManagerLayout_tmpl.html b/security-admin/src/main/webapp/templates/common/ServiceManagerLayout_tmpl.html index 7d283a9..72ae4de 100644 --- a/security-admin/src/main/webapp/templates/common/ServiceManagerLayout_tmpl.html +++ b/security-admin/src/main/webapp/templates/common/ServiceManagerLayout_tmpl.html @@ -29,7 +29,7 @@ <span class="policy-title"> <img alt="HDFS" src="images/folder-grey.png"> {{./this.attributes.name}} - {{#if ../isSysAdmin}} + {{#if ../operation}} <a href="#!/service/{{./this.id}}/create"class="pull-right" title="Add"> <i class="icon-plus"></i></a> {{/if}} </span> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html b/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html index 148ff85..d59527c 100644 --- a/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html +++ b/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html @@ -44,9 +44,10 @@ <a href="#!/permissions" id="nav6"><i class=" icon-file-alt"></i> {{tt 'h.permissions'}} </a> </li> {{/isSystemAdmin}} - + {{#hasAccessToTab 'KMS'}} <li> <a href="#!/kms/keys/new/manage/service" id="nav7"><i class="icon-key"></i> {{tt 'h.kms'}} </a> </li> + {{/hasAccessToTab}} </ul> </div> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/templates/helpers/XAHelpers.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/helpers/XAHelpers.js b/security-admin/src/main/webapp/templates/helpers/XAHelpers.js index 2058b25..b140608 100644 --- a/security-admin/src/main/webapp/templates/helpers/XAHelpers.js +++ b/security-admin/src/main/webapp/templates/helpers/XAHelpers.js @@ -517,7 +517,7 @@ if(!_.isUndefined(services[serviceType])){ _.each(services[serviceType],function(serv){ serviceName = serv.get('name'); - if(SessionMgr.isSystemAdmin()){ + if(SessionMgr.isSystemAdmin() || SessionMgr.isKeyAdmin()){ serviceOperationDiv = '<div class="pull-right">\ <a data-id="'+serv.id+'" class="btn btn-mini" href="#!/service/'+serviceDef.id+'/edit/'+serv.id+'" title="Edit"><i class="icon-edit"></i></a>\ <a data-id="'+serv.id+'" class="deleteRepo btn btn-mini btn-danger" href="javascript:void(0);" title="Delete">\ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/templates/kms/KmsKeyForm_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/kms/KmsKeyForm_tmpl.html b/security-admin/src/main/webapp/templates/kms/KmsKeyForm_tmpl.html index 7a0d4c0..109db4e 100644 --- a/security-admin/src/main/webapp/templates/kms/KmsKeyForm_tmpl.html +++ b/security-admin/src/main/webapp/templates/kms/KmsKeyForm_tmpl.html @@ -16,4 +16,5 @@ --}} <form class="form-horizontal" > <div class="" data-fields="*"></div> + <div class="attributes" ></div> </form> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/376b0ea6/security-admin/src/main/webapp/templates/service/ConfigurationList_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/service/ConfigurationList_tmpl.html b/security-admin/src/main/webapp/templates/service/ConfigurationList_tmpl.html index dc68ef9..dbc0d65 100644 --- a/security-admin/src/main/webapp/templates/service/ConfigurationList_tmpl.html +++ b/security-admin/src/main/webapp/templates/service/ConfigurationList_tmpl.html @@ -15,7 +15,7 @@ limitations under the License. --}} <div class="control-group"> - <label class="control-label">Add New Configurations</label> + <label class="control-label">{{fieldLabel}}</label> <div class="controls"> <table class="table table-bordered table-condensed" style="width:30%"> <thead>
