Repository: incubator-ranger Updated Branches: refs/heads/tag-policy c8ab096cf -> 2b3482600
RANGER-274: Added audit support. Tested audit with hive on vagrant. Refactored Default, Hdfs and Hive auditHandlers for creation and initialization of auditEvent. Incorporated review comments. Fixed unit test. Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2b348260 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2b348260 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2b348260 Branch: refs/heads/tag-policy Commit: 2b348260097c87455a04df8aa46897fbb6ff51cd Parents: c8ab096 Author: Abhay Kulkarni <[email protected]> Authored: Tue Jun 9 08:38:03 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Sat Jun 20 10:35:41 2015 -0400 ---------------------------------------------------------------------- .../audit/destination/SolrAuditDestination.java | 1 + .../audit/entity/AuthzAuditEventDbObj.java | 15 ++++ .../ranger/audit/model/AuthzAuditEvent.java | 21 +++++- .../audit/provider/solr/SolrAuditProvider.java | 1 + agents-common/pom.xml | 6 ++ .../plugin/audit/RangerDefaultAuditHandler.java | 39 ++++++++--- .../plugin/policyengine/RangerAccessResult.java | 4 ++ .../policyengine/RangerPolicyEngineImpl.java | 8 ++- .../plugin/store/EmbeddedServiceDefsUtil.java | 2 +- .../service-defs/ranger-servicedef-_tag_.json | 73 -------------------- .../service-defs/ranger-servicedef-tag.json | 73 ++++++++++++++++++++ .../plugin/policyengine/TestPolicyEngine.java | 49 ++++++++++++- .../test_policyengine_tag_hdfs.json | 10 +-- .../test_policyengine_tag_hive.json | 2 +- .../hadoop/RangerHdfsAuthorizer.java | 20 ++---- .../hive/authorizer/RangerHiveAuditHandler.java | 26 ++----- pom.xml | 6 ++ security-admin/db/mysql/init/schema_mysql.sql | 1 + security-admin/db/mysql/xa_audit_db.sql | 2 + security-admin/db/mysql/xa_core_db.sql | 1 + security-admin/db/mysql/xa_db.sql | 1 + security-admin/db/oracle/xa_audit_db_oracle.sql | 1 + security-admin/db/oracle/xa_core_db_oracle.sql | 1 + .../db/postgres/xa_audit_db_postgres.sql | 1 + .../db/postgres/xa_core_db_postgres.sql | 1 + .../db/sqlserver/xa_audit_db_sqlserver.sql | 1 + .../db/sqlserver/xa_core_db_sqlserver.sql | 3 +- .../webapp/scripts/models/RangerServiceDef.js | 2 +- .../src/main/webapp/scripts/utils/XAEnums.js | 2 +- 29 files changed, 244 insertions(+), 129 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java index 213e4b2..4acca92 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java @@ -181,6 +181,7 @@ public class SolrAuditDestination extends AuditDestination { doc.addField("seq_num", auditEvent.getSeqNum()); doc.setField("event_count", auditEvent.getEventCount()); doc.setField("event_dur_ms", auditEvent.getEventDurationMS()); + doc.setField("tags", auditEvent.getTags()); return doc; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-audit/src/main/java/org/apache/ranger/audit/entity/AuthzAuditEventDbObj.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/entity/AuthzAuditEventDbObj.java b/agents-audit/src/main/java/org/apache/ranger/audit/entity/AuthzAuditEventDbObj.java index 435393e..c63aa62 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/entity/AuthzAuditEventDbObj.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/entity/AuthzAuditEventDbObj.java @@ -21,6 +21,7 @@ import java.io.Serializable; import java.util.Date; +import java.util.Set; import javax.persistence.Column; import javax.persistence.Entity; @@ -32,6 +33,8 @@ import javax.persistence.Temporal; import javax.persistence.TemporalType; import javax.persistence.SequenceGenerator; +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang.StringUtils; import org.apache.ranger.audit.model.EnumRepositoryType; import org.apache.ranger.audit.model.AuthzAuditEvent; @@ -62,6 +65,7 @@ public class AuthzAuditEventDbObj implements Serializable { private String clientType; private String clientIP; private String requestData; + private String tags; public AuthzAuditEventDbObj() { @@ -88,6 +92,7 @@ public class AuthzAuditEventDbObj implements Serializable { this.clientType = event.getClientType(); this.clientIP = event.getClientIP(); this.requestData = event.getRequestData(); + this.tags = StringUtils.join(event.getTags(), ", "); } @Id @@ -255,4 +260,14 @@ public class AuthzAuditEventDbObj implements Serializable { public void setRequestData(String requestData) { this.requestData = requestData; } + + @Column(name = "tags") + public String getTags() { + return this.tags; + } + + public void setTags(String tags) { + this.tags = tags; + } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java b/agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java index d648de3..35d6afa 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java @@ -20,7 +20,10 @@ package org.apache.ranger.audit.model; import java.util.Date; +import java.util.HashSet; +import java.util.Set; +import org.apache.commons.lang.StringUtils; import org.apache.ranger.audit.dao.DaoManager; import org.apache.ranger.audit.entity.AuthzAuditEventDbObj; @@ -106,6 +109,9 @@ public class AuthzAuditEvent extends AuditEventBase { @SerializedName("event_dur_ms") protected long eventDurationMS = 0; + @SerializedName("tags") + protected Set<String> tags = new HashSet<>(); + public AuthzAuditEvent() { super(); @@ -190,7 +196,7 @@ public class AuthzAuditEvent extends AuditEventBase { } /** - * @param timeStamp + * @param eventTime * the timeStamp to set */ public void setEventTime(Date eventTime) { @@ -436,10 +442,18 @@ public class AuthzAuditEvent extends AuditEventBase { return eventDurationMS; } + public Set<String> getTags() { + return tags; + } + public void setEventDurationMS(long frequencyDurationMS) { this.eventDurationMS = frequencyDurationMS; } + public void setTags(Set<String> tags) { + this.tags = tags; + } + @Override public String getEventKey() { String key = user + "^" + accessType + "^" + resourcePath + "^" @@ -489,7 +503,12 @@ public class AuthzAuditEvent extends AuditEventBase { .append(FIELD_SEPARATOR).append("event_count=") .append(eventCount).append(FIELD_SEPARATOR) .append("event_dur_ms=").append(eventDurationMS) + .append(FIELD_SEPARATOR) + .append("tags=").append("[") + .append(StringUtils.join(tags, ", ")) + .append("]") .append(FIELD_SEPARATOR); + return sb; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java index 53e4348..9388914 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java @@ -268,6 +268,7 @@ public class SolrAuditProvider extends AuditDestination { doc.addField("reason", auditEvent.getResultReason()); doc.addField("action", auditEvent.getAction()); doc.addField("evtTime", auditEvent.getEventTime()); + doc.addField("tags", auditEvent.getTags()); return doc; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-common/pom.xml ---------------------------------------------------------------------- diff --git a/agents-common/pom.xml b/agents-common/pom.xml index 8acdf80..9a5206e 100644 --- a/agents-common/pom.xml +++ b/agents-common/pom.xml @@ -70,5 +70,11 @@ <artifactId>ranger-plugins-audit</artifactId> <version>${project.version}</version> </dependency> + + <dependency> + <groupId>mysql</groupId> + <artifactId>mysql-connector-java</artifactId> + </dependency> + </dependencies> </project> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java index c553618..b5df54c 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java @@ -19,22 +19,23 @@ package org.apache.ranger.plugin.audit; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; +import java.util.*; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.audit.model.AuthzAuditEvent; import org.apache.ranger.audit.provider.AuditProviderFactory; import org.apache.ranger.audit.provider.MiscUtil; -import org.apache.ranger.plugin.policyengine.RangerAccessRequest; -import org.apache.ranger.plugin.policyengine.RangerAccessResult; -import org.apache.ranger.plugin.policyengine.RangerAccessResource; -import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor; +import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; +import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants; +import org.apache.ranger.plugin.model.RangerResource; +import org.apache.ranger.plugin.policyengine.*; public class RangerDefaultAuditHandler implements RangerAccessResultProcessor { + protected static final String RangerModuleName = RangerConfiguration.getInstance().get(RangerHadoopConstants.AUDITLOG_RANGER_MODULE_ACL_NAME_PROP , RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME) ; + private static final Log LOG = LogFactory.getLog(RangerDefaultAuditHandler.class); static long sequenceNumber = 0; @@ -96,12 +97,15 @@ public class RangerDefaultAuditHandler implements RangerAccessResultProcessor { ret.setRequestData(request.getRequestData()); ret.setEventTime(request.getAccessTime()); ret.setUser(request.getUser()); - ret.setAccessType(request.getAction()); + ret.setAction(request.getAccessType()); ret.setAccessResult((short)(result.getIsAllowed() ? 1 : 0)); ret.setPolicyId(result.getPolicyId()); - ret.setAction(request.getAccessType()); + ret.setAccessType(request.getAction()); ret.setClientIP(request.getClientIPAddress()); ret.setClientType(request.getClientType()); + ret.setSessionId(request.getSessionId()); + ret.setAclEnforcer(RangerModuleName); + ret.setTags(getTags(request)); populateDefaults(ret); @@ -198,4 +202,21 @@ public class RangerDefaultAuditHandler implements RangerAccessResultProcessor { public AuthzAuditEvent createAuthzAuditEvent() { return new AuthzAuditEvent(); } + + protected final Set<String> getTags(RangerAccessRequest request) { + Object contextObj = request.getContext().get(RangerPolicyEngine.KEY_CONTEXT_TAGS); + Set<String> tags = new HashSet<String>(); + + if (contextObj != null) { + @SuppressWarnings("unchecked") + List<RangerResource.RangerResourceTag> resourceTags = (List<RangerResource.RangerResourceTag>) contextObj; + + if (CollectionUtils.isNotEmpty(resourceTags)) { + for (RangerResource.RangerResourceTag resourceTag : resourceTags) { + tags.add(resourceTag.getName()); + } + } + } + return tags; + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java index 934f502..9bc43c7 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java @@ -53,6 +53,10 @@ public class RangerAccessResult { this.reason = other.getReason(); } + public void setAuditResultFrom(final RangerAccessResult other) { + this.isAuditedDetermined = other.getIsAuditedDetermined(); + this.isAudited = other.getIsAudited(); + } /** * @return the serviceName http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java index 389c264..30eb135 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java @@ -317,16 +317,20 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { RangerAccessResult tagAccessResult = isAccessAllowedForTagPolicies(request); - if (tagAccessResult.getIsAccessDetermined()) { + if (tagAccessResult.getIsAccessDetermined() && tagAccessResult.getIsAuditedDetermined()) { if (LOG.isDebugEnabled()) { - LOG.debug("RangerPolicyEngineImpl.isAccessAllowedNoAudit() - access determined by tag policy. No resource policies will be evaluated, request=" + request + ", result=" + tagAccessResult); + LOG.debug("RangerPolicyEngineImpl.isAccessAllowedNoAudit() - access and audit determined by tag policy. No resource policies will be evaluated, request=" + request + ", result=" + tagAccessResult); LOG.debug("<== RangerPolicyEngineImpl.isAccessAllowedNoAudit(" + request + "): " + tagAccessResult); } return tagAccessResult; } + + ret.setAccessResultFrom(tagAccessResult); + ret.setAuditResultFrom(tagAccessResult); + } List<RangerPolicyEvaluator> evaluators = policyRepository.getPolicyEvaluators(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java index 29e5096..b67c52d 100755 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java @@ -43,7 +43,7 @@ public class EmbeddedServiceDefsUtil { private static final Log LOG = LogFactory.getLog(EmbeddedServiceDefsUtil.class); - public static final String EMBEDDED_SERVICEDEF_TAG_NAME = "_tag_"; + public static final String EMBEDDED_SERVICEDEF_TAG_NAME = "tag"; public static final String EMBEDDED_SERVICEDEF_HDFS_NAME = "hdfs"; public static final String EMBEDDED_SERVICEDEF_HBASE_NAME = "hbase"; public static final String EMBEDDED_SERVICEDEF_HIVE_NAME = "hive"; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-common/src/main/resources/service-defs/ranger-servicedef-_tag_.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-_tag_.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-_tag_.json deleted file mode 100644 index b590108..0000000 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-_tag_.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "id":100, - "name": "_tag_", - "implClass": "org.apache.ranger.services.tag.RangerServiceTag", - "label": "TAG", - "description": "TAG Service Definition", - "guid": "0d047248-baff-4cf9-8e9e-d5d377284b2e", - "options": - { - "ui.pages":"tag-based-policies" - }, - "resources": - [ - { - "itemId":1, - "name": "tag", - "type": "string", - "level": 1, - "parent": "", - "mandatory": true, - "lookupSupported": true, - "recursiveSupported": false, - "excludesSupported": false, - "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions": { "wildCard":true, "ignoreCase":false }, - "validationRegEx":"", - "validationMessage": "", - "uiHint":"", - "label": "TAG", - "description": "TAG" - } - ], - - "accessTypes": - [ - - ], - - "configs": - [ - - ], - - "enums": - [ - - ], - - "contextEnrichers": - [ - { - "itemId":1, - "name" : "TagEnricher", - "enricher" : "org.apache.ranger.plugin.contextenricher.RangerTagProvider", - "enricherOptions" : { - "TagProviderType":"FILESTORE_BASED_TAG_PROVIDER", - "pollingInterval":60000 - } - } - ], - - "policyConditions": - [ - { - "itemId":1, - "name":"ScriptConditionEvaluator", - "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator", - "evaluatorOptions" : {"engineName":"JavaScript"}, - "label":"Script", - "description": "Script to execute" - } - ] -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json new file mode 100644 index 0000000..c095279 --- /dev/null +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json @@ -0,0 +1,73 @@ +{ + "id":100, + "name": "tag", + "implClass": "org.apache.ranger.services.tag.RangerServiceTag", + "label": "TAG", + "description": "TAG Service Definition", + "guid": "0d047248-baff-4cf9-8e9e-d5d377284b2e", + "options": + { + "ui.pages":"tag-based-policies" + }, + "resources": + [ + { + "itemId":1, + "name": "tag", + "type": "string", + "level": 1, + "parent": "", + "mandatory": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": false, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { "wildCard":true, "ignoreCase":false }, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "TAG", + "description": "TAG" + } + ], + + "accessTypes": + [ + + ], + + "configs": + [ + + ], + + "enums": + [ + + ], + + "contextEnrichers": + [ + { + "itemId":1, + "name" : "TagEnricher", + "enricher" : "org.apache.ranger.plugin.contextenricher.RangerTagProvider", + "enricherOptions" : { + "TagProviderType":"FILESTORE_BASED_TAG_PROVIDER", + "pollingInterval":60000 + } + } + ], + + "policyConditions": + [ + { + "itemId":1, + "name":"ScriptConditionEvaluator", + "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator", + "evaluatorOptions" : {"engineName":"JavaScript"}, + "label":"Script", + "description": "Script to execute" + } + ] +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java index 86357d7..ab2583e 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java @@ -22,6 +22,9 @@ package org.apache.ranger.plugin.policyengine; import com.google.gson.*; import com.google.gson.reflect.TypeToken; import org.apache.commons.lang.StringUtils; +import org.apache.ranger.audit.provider.AuditHandler; +import org.apache.ranger.audit.provider.AuditProviderFactory; +import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerResource; import org.apache.ranger.plugin.model.RangerServiceDef; @@ -31,11 +34,14 @@ import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; +import java.io.File; +import java.io.FileInputStream; import java.io.InputStream; import java.io.InputStreamReader; import java.lang.reflect.Type; import java.util.List; import java.util.Map; +import java.util.Properties; import static org.junit.Assert.*; @@ -52,6 +58,45 @@ public class TestPolicyEngine { .registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer()) .registerTypeAdapter(RangerAccessResource.class, new RangerResourceDeserializer()) .create(); + + // For setting up auditProvider + Properties auditProperties = new Properties(); + + String AUDIT_PROPERTIES_FILE = "xasecure-audit.properties"; + + File propFile = new File(AUDIT_PROPERTIES_FILE); + + if(propFile.exists()) { + System.out.println("Loading Audit properties file" + AUDIT_PROPERTIES_FILE); + + auditProperties.load(new FileInputStream(propFile)); + } else { + System.out.println("Audit properties file missing: " + AUDIT_PROPERTIES_FILE); + + auditProperties.setProperty("xasecure.audit.jpa.javax.persistence.jdbc.url", "jdbc:mysql://node-1:3306/xasecure_audit"); + auditProperties.setProperty("xasecure.audit.jpa.javax.persistence.jdbc.user", "xalogger"); + auditProperties.setProperty("xasecure.audit.jpa.javax.persistence.jdbc.password", "xalogger"); + auditProperties.setProperty("xasecure.audit.jpa.javax.persistence.jdbc.driver", "com.mysql.jdbc.Driver"); + + auditProperties.setProperty("xasecure.audit.is.enabled", "false"); // Set this to true to enable audit logging + auditProperties.setProperty("xasecure.audit.log4j.is.enabled", "false"); + auditProperties.setProperty("xasecure.audit.log4j.is.async", "false"); + auditProperties.setProperty("xasecure.audit.log4j.async.max.queue.size", "100000"); + auditProperties.setProperty("xasecure.audit.log4j.async.max.flush.interval.ms", "30000"); + auditProperties.setProperty("xasecure.audit.db.is.enabled", "true"); + auditProperties.setProperty("xasecure.audit.db.is.async", "false"); + auditProperties.setProperty("xasecure.audit.db.async.max.queue.size", "100000"); + auditProperties.setProperty("xasecure.audit.db.async.max.flush.interval.ms", "30000"); + auditProperties.setProperty("xasecure.audit.db.batch.size", "100"); + } + + AuditProviderFactory.getInstance().init(auditProperties, "hdfs"); // second parameter does not matter for v2 + + AuditHandler provider = AuditProviderFactory.getAuditProvider(); + + System.out.println("provider=" + provider.toString()); + + } @AfterClass @@ -182,7 +227,9 @@ public class TestPolicyEngine { policyEngine.preProcess(request); RangerAccessResult expected = test.result; - RangerAccessResult result = policyEngine.isAccessAllowed(request, null); + RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler(); + + RangerAccessResult result = policyEngine.isAccessAllowed(request, auditHandler); assertNotNull("result was null! - " + test.name, result); assertEquals("isAllowed mismatched! - " + test.name, expected.getIsAllowed(), result.getIsAllowed()); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json index 55ae78c..0c14dfa 100644 --- a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json +++ b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json @@ -40,7 +40,7 @@ "serviceName":"tagdev", "serviceDef": { - "name": "_tag_", + "name": "tag", "id": 100, "resources": [ { @@ -120,11 +120,12 @@ ] }, "tagPolicies":[ - {"id":1,"name":"test_policy","isEnabled":true,"isAuditEnabled":true,"policyType":0, + {"id":101,"name":"test_policy","isEnabled":true,"isAuditEnabled":true,"policyType":1, "resources":{"tag":{"values":["PII"],"isRecursive":false}}, "policyItems":[ {"accesses":[{"type":"hdfs:read", "isAllowed":true}, {"type":"hive:grant", "isAllowed":true}, {"type":"delete", "isAllowed":true}, {"type":":write", "isAllowed":true}],"users":["user1"],"groups":["finance"],"delegateAdmin":false, "conditions" : [{"type":"ScriptConditionEvaluator", "values": [ + "ctx.result = true;", "importPackage(java.util); var accessDate = ctx.getAsDate(ctx.accessTime); var expiryDate =ctx.getTagAttributeAsDate('pii','expiry'); expiryDate.getTime() < accessDate.getTime();" ] }] @@ -137,9 +138,10 @@ {"name":"ALLOW 'read /finance/restricted/sales.db' for g=finance", "request":{ "resource":{"elements":{"path":"/finance/restricted/sales.db"}}, - "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/sales.db" + "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/sales.db", + "context": {"TAGS":"[{\"name\":\"PII\"}]"} }, - "result":{"isAudited":true,"isAllowed":true,"policyId":3} + "result":{"isAudited":true,"isAllowed":true,"policyId":101} } ] } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json index 8821a1c..d604c44 100644 --- a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json +++ b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json @@ -50,7 +50,7 @@ "serviceName":"tagdev", "serviceDef": { - "name": "_tag_", + "name": "tag", "id": 100, "resources": [ { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java ---------------------------------------------------------------------- diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java index fa2155c..244d0ae 100644 --- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java +++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java @@ -442,8 +442,8 @@ class RangerHdfsAuditHandler extends RangerDefaultAuditHandler { private boolean isAuditEnabled = false; private AuthzAuditEvent auditEvent = null; + private final String pathToBeValidated; - private static final String RangerModuleName = RangerConfiguration.getInstance().get(RangerHadoopConstants.AUDITLOG_RANGER_MODULE_ACL_NAME_PROP , RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME) ; private static final String HadoopModuleName = RangerConfiguration.getInstance().get(RangerHadoopConstants.AUDITLOG_HADOOP_MODULE_ACL_NAME_PROP , RangerHadoopConstants.DEFAULT_HADOOP_MODULE_ACL_NAME) ; private static final String excludeUserList = RangerConfiguration.getInstance().get(RangerHadoopConstants.AUDITLOG_HDFS_EXCLUDE_LIST_PROP, RangerHadoopConstants.AUDITLOG_EMPTY_STRING) ; private static HashSet<String> excludeUsers = null ; @@ -462,8 +462,7 @@ class RangerHdfsAuditHandler extends RangerDefaultAuditHandler { } public RangerHdfsAuditHandler(String pathToBeValidated) { - auditEvent = new AuthzAuditEvent(); - auditEvent.setResourcePath(pathToBeValidated); + this.pathToBeValidated = pathToBeValidated; } @Override @@ -476,22 +475,15 @@ class RangerHdfsAuditHandler extends RangerDefaultAuditHandler { isAuditEnabled = true; } + auditEvent = super.getAuthzEvents(result); + RangerAccessRequest request = result.getAccessRequest(); -// RangerServiceDef serviceDef = result.getServiceDef(); RangerAccessResource resource = request.getResource(); - String resourceType = resource != null ? resource.getLeafName() : null; String resourcePath = resource != null ? resource.getAsString() : null; - auditEvent.setUser(request.getUser()); - auditEvent.setResourceType(resourceType) ; - auditEvent.setAccessType(request.getAction()); - auditEvent.setAccessResult((short)(result.getIsAllowed() ? 1 : 0)); - auditEvent.setClientIP(request.getClientIPAddress()); auditEvent.setEventTime(request.getAccessTime()); - auditEvent.setAclEnforcer(RangerModuleName); - auditEvent.setPolicyId(result.getPolicyId()); - auditEvent.setRepositoryType(result.getServiceType()); - auditEvent.setRepositoryName(result.getServiceName()); + auditEvent.setAccessType(request.getAction()); + auditEvent.setResourcePath(this.pathToBeValidated); auditEvent.setResultReason(resourcePath); if(LOG.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java index 0f13577..852b98d 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java @@ -27,10 +27,7 @@ import java.util.List; import java.util.Map; import org.apache.commons.lang.StringUtils; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType; import org.apache.ranger.audit.model.AuthzAuditEvent; -import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; -import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants; import org.apache.ranger.authorization.utils.StringUtil; import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; @@ -40,7 +37,6 @@ import org.apache.ranger.plugin.policyengine.RangerAccessResult; import com.google.common.collect.Lists; public class RangerHiveAuditHandler extends RangerDefaultAuditHandler { - private static final String RangerModuleName = RangerConfiguration.getInstance().get(RangerHadoopConstants.AUDITLOG_RANGER_MODULE_ACL_NAME_PROP , RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME) ; Collection<AuthzAuditEvent> auditEvents = null; boolean deniedExists = false; @@ -54,22 +50,11 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler { RangerAccessResource resource = request.getResource(); String resourceType = resource != null ? resource.getLeafName() : null; - AuthzAuditEvent auditEvent = new AuthzAuditEvent(); - auditEvent.setAclEnforcer(RangerModuleName); - auditEvent.setSessionId(request.getSessionId()); - auditEvent.setResourceType("@" + resourceType); // to be consistent with earlier release + AuthzAuditEvent auditEvent = super.getAuthzEvents(result); + auditEvent.setAccessType(accessType); - auditEvent.setAction(request.getAction()); - auditEvent.setUser(request.getUser()); - auditEvent.setAccessResult((short)(result.getIsAllowed() ? 1 : 0)); - auditEvent.setPolicyId(result.getPolicyId()); - auditEvent.setClientIP(request.getClientIPAddress()); - auditEvent.setClientType(request.getClientType()); - auditEvent.setEventTime(request.getAccessTime()); - auditEvent.setRepositoryType(result.getServiceType()); - auditEvent.setRepositoryName(result.getServiceName()) ; - auditEvent.setRequestData(request.getRequestData()); auditEvent.setResourcePath(resourcePath); + auditEvent.setResourceType("@" + resourceType); // to be consistent with earlier release return auditEvent; } @@ -110,8 +95,9 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler { AuthzAuditEvent auditEvent = auditEvents.get(policyId); RangerHiveAccessRequest request = (RangerHiveAccessRequest)result.getAccessRequest(); RangerHiveResource resource = (RangerHiveResource)request.getResource(); - String resourcePath = auditEvent.getResourcePath() + "," + resource.getColumn(); + String resourcePath = auditEvent.getResourcePath() + "," + resource.getColumn(); auditEvent.setResourcePath(resourcePath); + auditEvent.getTags().addAll(getTags(request)); } else { // new event as this approval was due to a different policy. AuthzAuditEvent auditEvent = createAuditEvent(result); auditEvents.put(policyId, auditEvent); @@ -153,7 +139,7 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler { public void logAuditEventForDfs(String userName, String dfsCommand, boolean accessGranted, int repositoryType, String repositoryName) { AuthzAuditEvent auditEvent = new AuthzAuditEvent(); - auditEvent.setAclEnforcer(RangerModuleName); + auditEvent.setAclEnforcer(RangerDefaultAuditHandler.RangerModuleName); auditEvent.setResourceType("@dfs"); // to be consistent with earlier release auditEvent.setAccessType("DFS"); auditEvent.setAction("DFS"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 0cd84f3..182ddef 100644 --- a/pom.xml +++ b/pom.xml @@ -263,6 +263,12 @@ <scope>test</scope> </dependency> <dependency> + <groupId>mysql</groupId> + <artifactId>mysql-connector-java</artifactId> + <version>${mysql-connector-java.version}</version> + <scope>test</scope> + </dependency> + <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> <version>${mockito.version}</version> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/security-admin/db/mysql/init/schema_mysql.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/mysql/init/schema_mysql.sql b/security-admin/db/mysql/init/schema_mysql.sql index 1dd7420..6df7195 100644 --- a/security-admin/db/mysql/init/schema_mysql.sql +++ b/security-admin/db/mysql/init/schema_mysql.sql @@ -289,6 +289,7 @@ create table xa_access_audit ( request_data VARCHAR (2000) , resource_path VARCHAR (2000) , resource_type VARCHAR (255) , + tags VARCHAR (2000) , PRIMARY KEY(id) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/security-admin/db/mysql/xa_audit_db.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/mysql/xa_audit_db.sql b/security-admin/db/mysql/xa_audit_db.sql index 163d7b6..29e4718 100644 --- a/security-admin/db/mysql/xa_audit_db.sql +++ b/security-admin/db/mysql/xa_audit_db.sql @@ -61,6 +61,8 @@ CREATE TABLE `xa_access_audit` ( `request_data` varchar(4000) DEFAULT NULL, `resource_path` varchar(4000) DEFAULT NULL, `resource_type` varchar(255) DEFAULT NULL, + `tags` varchar(4000) DEFAULT NULL, + PRIMARY KEY (`id`), KEY `xa_access_audit_added_by_id` (`added_by_id`), KEY `xa_access_audit_upd_by_id` (`upd_by_id`), http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/security-admin/db/mysql/xa_core_db.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/mysql/xa_core_db.sql b/security-admin/db/mysql/xa_core_db.sql index 9d889a0..e9de53d 100644 --- a/security-admin/db/mysql/xa_core_db.sql +++ b/security-admin/db/mysql/xa_core_db.sql @@ -706,6 +706,7 @@ CREATE TABLE `xa_access_audit` ( `request_data` varchar(2000) DEFAULT NULL, `resource_path` varchar(2000) DEFAULT NULL, `resource_type` varchar(255) DEFAULT NULL, + `tags` varchar(2000) DEFAULT NULL, PRIMARY KEY (`id`), KEY `xa_access_audit_added_by_id` (`added_by_id`), KEY `xa_access_audit_upd_by_id` (`upd_by_id`), http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/security-admin/db/mysql/xa_db.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/mysql/xa_db.sql b/security-admin/db/mysql/xa_db.sql index 4b2919f..9aba91f 100644 --- a/security-admin/db/mysql/xa_db.sql +++ b/security-admin/db/mysql/xa_db.sql @@ -722,6 +722,7 @@ CREATE TABLE `xa_access_audit` ( `request_data` varchar(2000) DEFAULT NULL, `resource_path` varchar(2000) DEFAULT NULL, `resource_type` varchar(255) DEFAULT NULL, + `tags` varchar(2000) DEFAULT NULL, PRIMARY KEY (`id`), KEY `xa_access_audit_FK_added_by_id` (`added_by_id`), KEY `xa_access_audit_FK_upd_by_id` (`upd_by_id`), http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/security-admin/db/oracle/xa_audit_db_oracle.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/oracle/xa_audit_db_oracle.sql b/security-admin/db/oracle/xa_audit_db_oracle.sql index 67a99be..607a8b2 100644 --- a/security-admin/db/oracle/xa_audit_db_oracle.sql +++ b/security-admin/db/oracle/xa_audit_db_oracle.sql @@ -39,6 +39,7 @@ CREATE TABLE xa_access_audit ( request_data VARCHAR(4000) DEFAULT NULL NULL , resource_path VARCHAR(4000) DEFAULT NULL NULL , resource_type VARCHAR(255) DEFAULT NULL NULL , + tags VARCHAR(4000) DEFAULT NULL NULL , PRIMARY KEY (id) ); CREATE INDEX xa_access_audit_added_by_id ON xa_access_audit(added_by_id); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/security-admin/db/oracle/xa_core_db_oracle.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/oracle/xa_core_db_oracle.sql b/security-admin/db/oracle/xa_core_db_oracle.sql index 9cc22ff..4ece22d 100644 --- a/security-admin/db/oracle/xa_core_db_oracle.sql +++ b/security-admin/db/oracle/xa_core_db_oracle.sql @@ -99,6 +99,7 @@ CREATE TABLE xa_access_audit ( request_data VARCHAR(2000) DEFAULT NULL NULL , resource_path VARCHAR(2000) DEFAULT NULL NULL , resource_type VARCHAR(255) DEFAULT NULL NULL , + tags VARCHAR(2000) DEFAULT NULL NULL , PRIMARY KEY (id) ); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/security-admin/db/postgres/xa_audit_db_postgres.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/postgres/xa_audit_db_postgres.sql b/security-admin/db/postgres/xa_audit_db_postgres.sql index c12a854..cace5c5 100644 --- a/security-admin/db/postgres/xa_audit_db_postgres.sql +++ b/security-admin/db/postgres/xa_audit_db_postgres.sql @@ -40,6 +40,7 @@ action VARCHAR(2000) DEFAULT NULL NULL, request_data VARCHAR(4000) DEFAULT NULL NULL, resource_path VARCHAR(4000) DEFAULT NULL NULL, resource_type VARCHAR(255) DEFAULT NULL NULL, +tags VARCHAR(4000) DEFAULT NULL NULL, seq_num BIGINT DEFAULT '0' NULL, event_count BIGINT DEFAULT '1' NULL, event_dur_ms BIGINT DEFAULT '1' NULL, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/security-admin/db/postgres/xa_core_db_postgres.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/postgres/xa_core_db_postgres.sql b/security-admin/db/postgres/xa_core_db_postgres.sql index f995d56..123732e 100644 --- a/security-admin/db/postgres/xa_core_db_postgres.sql +++ b/security-admin/db/postgres/xa_core_db_postgres.sql @@ -372,6 +372,7 @@ action VARCHAR(2000) DEFAULT NULL NULL, request_data VARCHAR(4000) DEFAULT NULL NULL, resource_path VARCHAR(4000) DEFAULT NULL NULL, resource_type VARCHAR(255) DEFAULT NULL NULL, +tags VARCHAR(4000) DEFAULT NULL NULL, PRIMARY KEY(id) ); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/security-admin/db/sqlserver/xa_audit_db_sqlserver.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/sqlserver/xa_audit_db_sqlserver.sql b/security-admin/db/sqlserver/xa_audit_db_sqlserver.sql index effe509..783b968 100644 --- a/security-admin/db/sqlserver/xa_audit_db_sqlserver.sql +++ b/security-admin/db/sqlserver/xa_audit_db_sqlserver.sql @@ -43,6 +43,7 @@ CREATE TABLE [dbo].[xa_access_audit]( [request_data] [varchar](4000) DEFAULT NULL NULL, [resource_path] [varchar](4000) DEFAULT NULL NULL, [resource_type] [varchar](255) DEFAULT NULL NULL, + [tags] [varchar](4000) DEFAULT NULL NULL, [seq_num] [bigint] DEFAULT 0 NULL, [event_count] [bigint] DEFAULT 1 NULL, [event_dur_ms] [bigint] DEFAULT 1 NULL, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/security-admin/db/sqlserver/xa_core_db_sqlserver.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql index 7bf5b04..6e304d4 100644 --- a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql +++ b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql @@ -414,7 +414,8 @@ CREATE TABLE [dbo].[xa_access_audit]( [request_data] [varchar](4000) DEFAULT NULL NULL, [resource_path] [varchar](4000) DEFAULT NULL NULL, [resource_type] [varchar](255) DEFAULT NULL NULL, -PRIMARY KEY CLUSTERED + [tags] [varchar](4000) DEFAULT NULL NULL, +PRIMARY KEY CLUSTERED ( [id] ASC )WITH (PAD_INDEX = OFF,STATISTICS_NORECOMPUTE = OFF,IGNORE_DUP_KEY = OFF,ALLOW_ROW_LOCKS = ON,ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js b/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js index 8aa38f3..e4fa67f 100644 --- a/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js +++ b/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js @@ -101,7 +101,7 @@ define(function(require){ url: "service/plugins/services", dataType: 'json', data: function (term, page) { - return { name : term, serviceType : '_tag_' }; + return { name : term, serviceType : 'tag' }; }, results: function (data, page) { var results = []; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b348260/security-admin/src/main/webapp/scripts/utils/XAEnums.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/utils/XAEnums.js b/security-admin/src/main/webapp/scripts/utils/XAEnums.js index 51cf608..f94e200 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAEnums.js +++ b/security-admin/src/main/webapp/scripts/utils/XAEnums.js @@ -117,7 +117,7 @@ define(function(require) { Service_HBASE:{value:3, label:'hbase', rbkey:'xa.enum.AssetType.ASSET_HBASE', tt: 'lbl.AssetType_ASSET_HBASE'}, Service_KNOX:{value:4, label:'knox', rbkey:'xa.enum.AssetType.ASSET_KNOX', tt: 'lbl.AssetType_ASSET_KNOX'}, Service_STORM:{value:5, label:'storm', rbkey:'xa.enum.AssetType.ASSET_STORM', tt: 'lbl.AssetType_ASSET_STORM'}, - SERVICE_TAG:{value:6, label:'_tag_', rbkey:'xa.enum.ServiceType.SERVICE_TAG', tt: 'lbl.ServiceType_SERVICE_TAG'} + SERVICE_TAG:{value:6, label:'tag', rbkey:'xa.enum.ServiceType.SERVICE_TAG', tt: 'lbl.ServiceType_SERVICE_TAG'} }); XAEnums.AuthStatus = mergeParams(XAEnums.AuthStatus, {
