Merge branch 'master' into tag-policy
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/cc2b96ec Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/cc2b96ec Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/cc2b96ec Branch: refs/heads/tag-policy Commit: cc2b96ec808d0748049ecd57f8ef05052a6095e3 Parents: f29f4fc 13cdf4f Author: Madhan Neethiraj <[email protected]> Authored: Tue Aug 25 16:01:37 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Tue Aug 25 16:01:37 2015 -0700 ---------------------------------------------------------------------- .../audit/destination/DBAuditDestination.java | 5 +- .../audit/entity/AuthzAuditEventDbObj.java | 144 +++++++++++++++++-- .../ranger/audit/model/AuditEventBase.java | 14 +- .../ranger/audit/model/AuthzAuditEvent.java | 10 +- .../ranger/audit/provider/DbAuditProvider.java | 4 + agents-common/scripts/enable-agent.sh | 2 +- hbase-agent/scripts/install.sh | 2 +- hdfs-agent/scripts/install.sh | 2 +- hive-agent/scripts/install.sh | 2 +- .../main/java/org/apache/util/sql/Jisql.java | 1 + kms/scripts/db_setup.py | 2 +- kms/scripts/dba_script.py | 4 +- kms/scripts/install.properties | 2 +- kms/scripts/setup.sh | 4 +- knox-agent/scripts/install.sh | 2 +- security-admin/scripts/db_setup.py | 7 +- security-admin/scripts/dba_script.py | 10 +- security-admin/scripts/install.properties | 2 +- security-admin/scripts/setup.sh | 4 +- security-admin/src/bin/ranger_install.py | 4 +- .../org/apache/ranger/biz/RangerBizUtil.java | 6 +- .../webapp/scripts/models/RangerServiceDef.js | 4 +- .../views/policies/RangerPolicyTableLayout.js | 11 +- storm-agent/scripts/install.sh | 2 +- 24 files changed, 179 insertions(+), 71 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cc2b96ec/agents-audit/src/main/java/org/apache/ranger/audit/entity/AuthzAuditEventDbObj.java ---------------------------------------------------------------------- diff --cc agents-audit/src/main/java/org/apache/ranger/audit/entity/AuthzAuditEventDbObj.java index c63aa62,d52a60a..e917ea2 --- a/agents-audit/src/main/java/org/apache/ranger/audit/entity/AuthzAuditEventDbObj.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/entity/AuthzAuditEventDbObj.java @@@ -33,10 -33,11 +33,12 @@@ import javax.persistence.Temporal import javax.persistence.TemporalType; import javax.persistence.SequenceGenerator; - import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang.StringUtils; + import org.apache.commons.logging.Log; + import org.apache.commons.logging.LogFactory; import org.apache.ranger.audit.model.EnumRepositoryType; import org.apache.ranger.audit.model.AuthzAuditEvent; + import org.apache.ranger.audit.provider.MiscUtil; /** * Entity implementation class for Entity: AuthzAuditEventDbObj @@@ -65,8 -83,61 +84,62 @@@ public class AuthzAuditEventDbObj imple private String clientType; private String clientIP; private String requestData; + private String tags; + public static void init(Properties props) + { + LOG.info("AuthzAuditEventDbObj.init()"); + + final String AUDIT_DB_MAX_COLUMN_VALUE = "xasecure.audit.destination.db.max.column.length"; + MaxValueLengthAccessType = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "access_type", MaxValueLengthAccessType); + logMaxColumnValue("access_type", MaxValueLengthAccessType); + + MaxValueLengthAclEnforcer = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "acl_enforcer", MaxValueLengthAclEnforcer); + logMaxColumnValue("acl_enforcer", MaxValueLengthAclEnforcer); + + MaxValueLengthAction = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "action", MaxValueLengthAction); + logMaxColumnValue("action", MaxValueLengthAction); + + MaxValueLengthAgentId = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "agent_id", MaxValueLengthAgentId); + logMaxColumnValue("agent_id", MaxValueLengthAgentId); + + MaxValueLengthClientIp = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "client_id", MaxValueLengthClientIp); + logMaxColumnValue("client_id", MaxValueLengthClientIp); + + MaxValueLengthClientType = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "client_type", MaxValueLengthClientType); + logMaxColumnValue("client_type", MaxValueLengthClientType); + + MaxValueLengthRepoName = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "repo_name", MaxValueLengthRepoName); + logMaxColumnValue("repo_name", MaxValueLengthRepoName); + + MaxValueLengthResultReason = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "result_reason", MaxValueLengthResultReason); + logMaxColumnValue("result_reason", MaxValueLengthResultReason); + + MaxValueLengthSessionId = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "session_id", MaxValueLengthSessionId); + logMaxColumnValue("session_id", MaxValueLengthSessionId); + + MaxValueLengthRequestUser = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "request_user", MaxValueLengthRequestUser); + logMaxColumnValue("request_user", MaxValueLengthRequestUser); + + MaxValueLengthRequestData = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "request_data", MaxValueLengthRequestData); + logMaxColumnValue("request_data", MaxValueLengthRequestData); + + MaxValueLengthResourcePath = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "resource_path", MaxValueLengthResourcePath); + logMaxColumnValue("resource_path", MaxValueLengthResourcePath); + + MaxValueLengthResourceType = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "resource_type", MaxValueLengthResourceType); + logMaxColumnValue("resource_type", MaxValueLengthResourceType); + } + + public static void logMaxColumnValue(String columnName, int configuredMaxValueLength) { + LOG.info("Setting max column value for column[" + columnName + "] to [" + configuredMaxValueLength + "]."); + if (configuredMaxValueLength == 0) { + LOG.info("Max length of column[" + columnName + "] was 0! Column will NOT be emitted in the audit."); + } else if (configuredMaxValueLength < 0) { + LOG.info("Max length of column[" + columnName + "] was less than 0! Column value will never be truncated."); + } + } + public AuthzAuditEventDbObj() { super(); @@@ -260,14 -330,46 +333,55 @@@ public void setRequestData(String requestData) { this.requestData = requestData; } + + @Column(name = "tags") + public String getTags() { + return this.tags; + } + + public void setTags(String tags) { + this.tags = tags; + } + + static final String TruncationMarker = "..."; + static final int TruncationMarkerLength = TruncationMarker.length(); + + protected String truncate(String value, int limit, String columnName) { + if (LOG.isDebugEnabled()) { + LOG.debug(String.format("==> getTrunctedValue(%s, %d, %s)", value, limit, columnName)); + } + + String result = value; + if (value != null) { + if (limit < 0) { + if (LOG.isDebugEnabled()) { + LOG.debug(String.format("Truncation is suppressed for column[%s]: old value [%s], new value[%s]", columnName, value, result)); + } + } else if (limit == 0) { + if (LOG.isDebugEnabled()) { + LOG.debug(String.format("Column[%s] is to be excluded from audit: old value [%s], new value[%s]", columnName, value, result)); + } + result = null; + } else { + if (value.length() > limit) { + if (limit <= TruncationMarkerLength) { + // NOTE: If value is to be truncated to a size that is less than of equal to the Truncation Marker then we won't put the marker in!! + result = value.substring(0, limit); + } else { + StringBuilder sb = new StringBuilder(value.substring(0, limit - TruncationMarkerLength)); + sb.append(TruncationMarker); + result = sb.toString(); + } + if (LOG.isDebugEnabled()) { + LOG.debug(String.format("Truncating value for column[%s] to [%d] characters: old value [%s], new value[%s]", columnName, limit, value, result)); + } + } + } + } + + if (LOG.isDebugEnabled()) { + LOG.debug(String.format("<== getTrunctedValue(%s, %d, %s): %s", value, limit, columnName, result)); + } + return result; + } - } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cc2b96ec/agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cc2b96ec/security-admin/src/main/webapp/scripts/models/RangerServiceDef.js ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cc2b96ec/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js ---------------------------------------------------------------------- diff --cc security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js index 93cffce,c809294..f3f233d --- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js +++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js @@@ -383,11 -364,8 +382,11 @@@ define(function(require) if(obj.label != XAEnums.ActiveStatus.STATUS_DELETED.label) return obj; }); - return _.map(activeStatusList, function(status) { return { 'label': status.label, 'value': status.label.toLowerCase()}; }) + return _.map(activeStatusList, function(status) { return { 'label': status.label, 'value': status.label}; }) }, + getNameOfPolicyTypeNVList : function() { + return _.map(XAEnums.PolicyType, function(type) { return { 'label': type.label, 'value': type.label};}); + }, /** on close */ onClose: function(){ }
