RANGER-178 - Updated code based on testing with latest Solr patch Signed-off-by: sneethiraj <[email protected]>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/68d01056 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/68d01056 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/68d01056 Branch: refs/heads/ranger-0.5 Commit: 68d01056ca4386c541dfc4cde9fc974391d12749 Parents: 1859579 Author: Don Bosco Durai <[email protected]> Authored: Tue May 19 10:25:26 2015 -0700 Committer: sneethiraj <[email protected]> Committed: Tue May 19 13:56:26 2015 -0400 ---------------------------------------------------------------------- .../audit/destination/SolrAuditDestination.java | 4 + .../apache/ranger/audit/provider/MiscUtil.java | 2 +- agents-common/scripts/enable-agent.sh | 26 +- .../audit/RangerMultiResourceAuditHandler.java | 2 - plugin-solr/scripts/install.properties | 3 + .../scripts/solr-plugin-install.properties | 6 +- .../solr/authorizer/RangerSolrAuthorizer.java | 2 +- src/main/assembly/plugin-solr.xml | 302 ++++++++++--------- 8 files changed, 194 insertions(+), 153 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java index 06ce4d7..ac522cd 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java @@ -61,9 +61,13 @@ public class SolrAuditDestination extends AuditDestination { if (solrClient == null) { String urls = MiscUtil.getStringProperty(props, propPrefix + "." + PROP_SOLR_URLS); + if( urls != null) { + urls = urls.trim(); + } if (urls != null && urls.equalsIgnoreCase("NONE")) { urls = null; } + List<String> solrURLs = new ArrayList<String>(); String zkHosts = null; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java index f5b07be..fe6b0e9 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java @@ -370,7 +370,7 @@ public class MiscUtil { public static List<String> toArray(String destListStr, String delim) { List<String> list = new ArrayList<String>(); if (destListStr != null && !destListStr.isEmpty()) { - StringTokenizer tokenizer = new StringTokenizer(destListStr, delim); + StringTokenizer tokenizer = new StringTokenizer(destListStr, delim.trim()); while (tokenizer.hasMoreTokens()) { list.add(tokenizer.nextToken()); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/agents-common/scripts/enable-agent.sh ---------------------------------------------------------------------- diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh index 4e873b8..3550e16 100755 --- a/agents-common/scripts/enable-agent.sh +++ b/agents-common/scripts/enable-agent.sh @@ -128,7 +128,12 @@ then HCOMPONENT_INSTALL_DIR_NAME=${HCOMPONENT_NAME} fi -hdir=${PROJ_INSTALL_DIR}/../${HCOMPONENT_INSTALL_DIR_NAME} +firstletter=${HCOMPONENT_INSTALL_DIR_NAME:0:1} +if [ "$firstletter" = "/" ]; then + hdir=${HCOMPONENT_INSTALL_DIR_NAME} +else + hdir=${PROJ_INSTALL_DIR}/../${HCOMPONENT_INSTALL_DIR_NAME} +fi # # TEST - START @@ -142,11 +147,24 @@ fi # HCOMPONENT_INSTALL_DIR=`(cd ${hdir} ; pwd)` HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/lib -if [ "${HCOMPONENT_NAME}" = "knox" ] -then +if [ "${HCOMPONENT_NAME}" = "knox" ]; then HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/ext +elif [ "${HCOMPONENT_NAME}" = "solr" ]; then + HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/solr-webapp/webapp/WEB-INF/lib fi + HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf +if [ "${HCOMPONENT_NAME}" = "solr" ]; then + HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/solr-webapp/webapp/WEB-INF/classes + if [ ! -d $HCOMPONENT_CONF_DIR ]; then + install_owner=`ls -ld | cut -f 3 -d " "` + echo "INFO: Creating $HCOMPONENT_CONF_DIR" + mkdir -p $HCOMPONENT_CONF_DIR + echo "INFO: Changing ownership of $HCOMPONENT_CONF_DIR to $install_owner" + chown $install_owner:$install_owner $HCOMPONENT_CONF_DIR + fi +fi + HCOMPONENT_ARCHIVE_CONF_DIR=${HCOMPONENT_CONF_DIR}/.archive SET_ENV_SCRIPT=${HCOMPONENT_CONF_DIR}/${SET_ENV_SCRIPT_NAME} @@ -221,6 +239,8 @@ create_jceks() { rm -f ${tempFile} } +log "${HCOMPONENT_NAME}: lib folder=$HCOMPONENT_LIB_DIR conf folder=$HCOMPONENT_CONF_DIR" + # # If there is a set-ranger-${COMPONENT}-env.sh, install it # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java index f40d39f..17dcfdc 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerMultiResourceAuditHandler.java @@ -23,7 +23,6 @@ import java.util.ArrayList; import java.util.Collection; import org.apache.ranger.audit.model.AuthzAuditEvent; -import org.apache.ranger.plugin.policyengine.RangerAccessResult; /** * This class should be generated per request and flushed at the end of the @@ -32,7 +31,6 @@ import org.apache.ranger.plugin.policyengine.RangerAccessResult; public class RangerMultiResourceAuditHandler extends RangerDefaultAuditHandler { Collection<AuthzAuditEvent> auditEvents = new ArrayList<AuthzAuditEvent>(); - boolean deniedExists = false; public RangerMultiResourceAuditHandler() { } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/plugin-solr/scripts/install.properties ---------------------------------------------------------------------- diff --git a/plugin-solr/scripts/install.properties b/plugin-solr/scripts/install.properties index 6070968..1f3852e 100644 --- a/plugin-solr/scripts/install.properties +++ b/plugin-solr/scripts/install.properties @@ -13,6 +13,9 @@ # See the License for the specific language governing permissions and # limitations under the License. +#Location of the solr server folder. +COMPONENT_INSTALL_DIR_NAME=/opt/solr/server + # # Location of Policy Manager URL # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/plugin-solr/scripts/solr-plugin-install.properties ---------------------------------------------------------------------- diff --git a/plugin-solr/scripts/solr-plugin-install.properties b/plugin-solr/scripts/solr-plugin-install.properties index a360906..c040949 100644 --- a/plugin-solr/scripts/solr-plugin-install.properties +++ b/plugin-solr/scripts/solr-plugin-install.properties @@ -19,5 +19,7 @@ # Name of the directory where the component's lib and conf directory exist. # This location should be relative to the parent of the directory containing # the plugin installation files. -# -COMPONENT_INSTALL_DIR_NAME=solr +# + +#In the case of Solr, the component might be installed anywhere. So update install.properties +#COMPONENT_INSTALL_DIR_NAME=solr http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java ---------------------------------------------------------------------- diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java index de786d7..673f652 100644 --- a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java +++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java @@ -57,7 +57,7 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin { public static final String ACCESS_TYPE_UPDATE = "update"; public static final String ACCESS_TYPE_QUERY = "query"; public static final String ACCESS_TYPE_OTHER = "other"; - public static final String ACCESS_TYPE_ADMIN = "admin"; + public static final String ACCESS_TYPE_ADMIN = "solr_admin"; private static volatile RangerBasePlugin solrPlugin = null; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68d01056/src/main/assembly/plugin-solr.xml ---------------------------------------------------------------------- diff --git a/src/main/assembly/plugin-solr.xml b/src/main/assembly/plugin-solr.xml index 06844ae..5276cc4 100644 --- a/src/main/assembly/plugin-solr.xml +++ b/src/main/assembly/plugin-solr.xml @@ -1,148 +1,162 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at +<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor + license agreements. See the NOTICE file distributed with this work for additional + information regarding copyright ownership. The ASF licenses this file to + You under the Apache License, Version 2.0 (the "License"); you may not use + this file except in compliance with the License. You may obtain a copy of + the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required + by applicable law or agreed to in writing, software distributed under the + License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS + OF ANY KIND, either express or implied. See the License for the specific + language governing permissions and limitations under the License. --> +<assembly> + <id>solr-plugin</id> + <formats> + <format>tar.gz</format> + <format>zip</format> + </formats> + <baseDirectory>${project.name}-${project.version}-solr-plugin + </baseDirectory> + <includeBaseDirectory>true</includeBaseDirectory> + <moduleSets> + <moduleSet> + <binaries> + <includeDependencies>false</includeDependencies> + <unpack>false</unpack> + <directoryMode>755</directoryMode> + <fileMode>644</fileMode> + <dependencySets> + <dependencySet> + <outputDirectory>/lib</outputDirectory> + <unpack>false</unpack> + <includes> + <include>com.google.code.gson:gson</include> + <include>org.eclipse.persistence:eclipselink</include> + <include>org.eclipse.persistence:javax.persistence</include> + <include>com.sun.jersey:jersey-bundle</include> + <include>com.google.guava:guava:jar:${guava.version}</include> + <include>org.codehaus.jackson:jackson-core-asl</include> + <include>org.codehaus.jackson:jackson-jaxrs</include> + <include>org.codehaus.jackson:jackson-mapper-asl</include> + <include>org.codehaus.jackson:jackson-xc</include> - http://www.apache.org/licenses/LICENSE-2.0 + </includes> + </dependencySet> + <dependencySet> + <outputDirectory>/install/lib</outputDirectory> + <unpack>false</unpack> + <directoryMode>755</directoryMode> + <fileMode>644</fileMode> + <includes> + <include>commons-cli:commons-cli</include> + <include>commons-collections:commons-collections</include> + <include>commons-configuration:commons-configuration:jar:${commons.configuration.version} + </include> + <include>commons-io:commons-io:jar:${commons.io.version} + </include> + <include>commons-lang:commons-lang:jar:${commons.lang.version} + </include> + <include>commons-logging:commons-logging</include> + <include>com.google.guava:guava:jar:${guava.version}</include> + <include>org.hamcrest:hamcrest-all</include> + <include>junit:junit</include> + <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include> + <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version} + </include> + <include>org.apache.hadoop:hadoop-auth:jar:${hadoop-common.version} + </include> + <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred + </include> + <include>org.apache.ranger:credentialbuilder</include> + <include>security_plugins.ranger-solr-plugin:ranger-solr-plugin + </include> - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<assembly> - <id>solr-plugin</id> - <formats> - <format>tar.gz</format> - <format>zip</format> - </formats> - <baseDirectory>${project.name}-${project.version}-solr-plugin</baseDirectory> - <includeBaseDirectory>true</includeBaseDirectory> - <moduleSets> - <moduleSet> - <binaries> - <includeDependencies>false</includeDependencies> - <unpack>false</unpack> - <directoryMode>755</directoryMode> - <fileMode>644</fileMode> - <dependencySets> - <dependencySet> - <outputDirectory>/lib</outputDirectory> - <unpack>false</unpack> - <includes> - <include>com.google.code.gson:gson</include> - <include>org.eclipse.persistence:eclipselink</include> - <include>org.eclipse.persistence:javax.persistence</include> - <include>com.sun.jersey:jersey-bundle</include> - <include>com.google.guava:guava:jar:${guava.version}</include> - </includes> - </dependencySet> - <dependencySet> - <outputDirectory>/install/lib</outputDirectory> - <unpack>false</unpack> - <directoryMode>755</directoryMode> - <fileMode>644</fileMode> - <includes> - <include>commons-cli:commons-cli</include> - <include>commons-collections:commons-collections</include> - <include>commons-configuration:commons-configuration:jar:${commons.configuration.version}</include> - <include>commons-io:commons-io:jar:${commons.io.version}</include> - <include>commons-lang:commons-lang:jar:${commons.lang.version}</include> - <include>commons-logging:commons-logging</include> - <include>com.google.guava:guava:jar:${guava.version}</include> - <include>org.hamcrest:hamcrest-all</include> - <include>junit:junit</include> - <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include> - <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include> - <include>org.apache.hadoop:hadoop-auth:jar:${hadoop-common.version}</include> - <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred</include> - <include>org.apache.ranger:credentialbuilder</include> - </includes> - </dependencySet> - </dependencySets> - <outputDirectory>/lib</outputDirectory> - </binaries> - <includes> - <include>org.apache.ranger:ranger_solrj</include> - <include>security_plugins.ranger-plugins-audit:ranger-plugins-audit</include> - <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred</include> - <include>security_plugins.ranger-plugins-impl:ranger-plugins-impl</include> - <include>security_plugins.ranger-plugins-common:ranger-plugins-common</include> - <include>security_plugins.ranger-solr-plugin:ranger-solr-plugin</include> - </includes> - </moduleSet> - <moduleSet> - <binaries> - <includeDependencies>false</includeDependencies> - <outputDirectory>/install/lib</outputDirectory> - <unpack>false</unpack> - </binaries> - <includes> - <include>security_plugins.ranger-plugins-installer:ranger-plugins-installer</include> - <include>org.apache.ranger:credentialbuilder</include> - </includes> - </moduleSet> - </moduleSets> - <fileSets> - <!-- conf.templates for enable --> - <fileSet> - <outputDirectory>/install/conf.templates/enable</outputDirectory> - <directory>plugin-solr/conf</directory> - <excludes> - <exclude>*.sh</exclude> - </excludes> - <fileMode>700</fileMode> - </fileSet> - <fileSet> - <outputDirectory>/install/conf.templates/disable</outputDirectory> - <directory>plugin-solr/disable-conf</directory> - <fileMode>700</fileMode> - </fileSet> - <fileSet> - <outputDirectory>/install/conf.templates/default</outputDirectory> - <directory>plugin-solr/template</directory> - <fileMode>700</fileMode> - </fileSet> - <!-- version file --> - <fileSet> - <outputDirectory>/</outputDirectory> - <directory>${project.build.outputDirectory}</directory> - <includes> - <include>version</include> - </includes> - <fileMode>444</fileMode> - </fileSet> - </fileSets> - <!-- enable/disable script for Plugin --> - <files> - <file> - <source>agents-common/scripts/enable-agent.sh</source> - <outputDirectory>/</outputDirectory> - <destName>enable-solr-plugin.sh</destName> - <fileMode>755</fileMode> - </file> - <file> - <source>agents-common/scripts/enable-agent.sh</source> - <outputDirectory>/</outputDirectory> - <destName>disable-solr-plugin.sh</destName> - <fileMode>755</fileMode> - </file> - <file> - <source>plugin-solr/scripts/install.properties</source> - <outputDirectory>/</outputDirectory> - <destName>install.properties</destName> - <fileMode>755</fileMode> - </file> - <file> - <source>plugin-solr/scripts/solr-plugin-install.properties</source> - <outputDirectory>/</outputDirectory> - <destName>solr-plugin-install.properties</destName> - <fileMode>755</fileMode> - </file> - </files> + </includes> + </dependencySet> + </dependencySets> + <outputDirectory>/lib</outputDirectory> + </binaries> + <includes> + <include>security_plugins.ranger-plugins-audit:ranger-plugins-audit + </include> + <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred + </include> + <include>security_plugins.ranger-plugins-impl:ranger-plugins-impl + </include> + <include>security_plugins.ranger-plugins-common:ranger-plugins-common + </include> + <include>security_plugins.ranger-solr-plugin:ranger-solr-plugin + </include> + </includes> + </moduleSet> + <moduleSet> + <binaries> + <includeDependencies>false</includeDependencies> + <outputDirectory>/install/lib</outputDirectory> + <unpack>false</unpack> + </binaries> + <includes> + <include>security_plugins.ranger-plugins-installer:ranger-plugins-installer + </include> + <include>org.apache.ranger:credentialbuilder</include> + </includes> + </moduleSet> + </moduleSets> + <fileSets> + <!-- conf.templates for enable --> + <fileSet> + <outputDirectory>/install/conf.templates/enable</outputDirectory> + <directory>plugin-solr/conf</directory> + <excludes> + <exclude>*.sh</exclude> + </excludes> + <fileMode>700</fileMode> + </fileSet> + <fileSet> + <outputDirectory>/install/conf.templates/disable</outputDirectory> + <directory>plugin-solr/disable-conf</directory> + <fileMode>700</fileMode> + </fileSet> + <fileSet> + <outputDirectory>/install/conf.templates/default</outputDirectory> + <directory>plugin-solr/template</directory> + <fileMode>700</fileMode> + </fileSet> + <!-- version file --> + <fileSet> + <outputDirectory>/</outputDirectory> + <directory>${project.build.outputDirectory}</directory> + <includes> + <include>version</include> + </includes> + <fileMode>444</fileMode> + </fileSet> + </fileSets> + <!-- enable/disable script for Plugin --> + <files> + <file> + <source>agents-common/scripts/enable-agent.sh</source> + <outputDirectory>/</outputDirectory> + <destName>enable-solr-plugin.sh</destName> + <fileMode>755</fileMode> + </file> + <file> + <source>agents-common/scripts/enable-agent.sh</source> + <outputDirectory>/</outputDirectory> + <destName>disable-solr-plugin.sh</destName> + <fileMode>755</fileMode> + </file> + <file> + <source>plugin-solr/scripts/install.properties</source> + <outputDirectory>/</outputDirectory> + <destName>install.properties</destName> + <fileMode>755</fileMode> + </file> + <file> + <source>plugin-solr/scripts/solr-plugin-install.properties</source> + <outputDirectory>/</outputDirectory> + <destName>solr-plugin-install.properties</destName> + <fileMode>755</fileMode> + </file> + </files> </assembly>
