Merge branch 'master' into tag-policy
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/5b5e0120 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/5b5e0120 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/5b5e0120 Branch: refs/heads/master Commit: 5b5e0120fa8dfb3427885b34607a6508e10798d5 Parents: f17ed11 bc4ee64 Author: Madhan Neethiraj <[email protected]> Authored: Mon Oct 26 18:07:49 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Mon Oct 26 18:07:49 2015 -0700 ---------------------------------------------------------------------- .../audit/destination/HDFSAuditDestination.java | 37 +- .../ranger/audit/provider/BaseAuditHandler.java | 19 +- .../audit/provider/hdfs/HdfsAuditProvider.java | 3 + .../audit/provider/hdfs/HdfsLogDestination.java | 26 +- agents-common/scripts/enable-agent.sh | 28 +- .../admin/client/RangerAdminRESTClient.java | 25 +- .../plugin/store/file/ServiceFileStore.java | 2 + .../ranger/plugin/util/RangerRESTClient.java | 40 +- .../ranger/utils/install/XmlConfigChanger.java | 47 +- docs/pom.xml | 49 +- hbase-agent/conf/ranger-hbase-audit-changes.cfg | 5 + hbase-agent/conf/ranger-hbase-audit.xml | 40 +- .../conf/ranger-hbase-security-changes.cfg | 3 + hbase-agent/conf/ranger-hbase-security.xml | 16 + hbase-agent/scripts/install.properties | 24 + hdfs-agent/conf/ranger-hdfs-audit-changes.cfg | 5 + hdfs-agent/conf/ranger-hdfs-audit.xml | 36 + .../conf/ranger-hdfs-security-changes.cfg | 2 + hdfs-agent/conf/ranger-hdfs-security.xml | 16 + hdfs-agent/scripts/install.properties | 24 + hive-agent/conf/ranger-hive-audit-changes.cfg | 5 + hive-agent/conf/ranger-hive-audit.xml | 36 + .../conf/ranger-hive-security-changes.cfg | 2 + hive-agent/conf/ranger-hive-security.xml | 16 + hive-agent/scripts/install.properties | 24 + kms/scripts/db_setup.py | 14 +- kms/scripts/dba_script.py | 58 +- kms/scripts/install.properties | 11 + kms/scripts/setup.sh | 155 +- knox-agent/conf/ranger-knox-audit-changes.cfg | 5 + knox-agent/conf/ranger-knox-audit.xml | 36 + .../conf/ranger-knox-security-changes.cfg | 2 + knox-agent/conf/ranger-knox-security.xml | 16 + knox-agent/scripts/install.properties | 25 + .../client/RangerAdminJersey2RESTClient.java | 9 +- .../conf/ranger-kafka-audit-changes.cfg | 5 + plugin-kafka/conf/ranger-kafka-audit.xml | 36 + .../conf/ranger-kafka-security-changes.cfg | 4 +- plugin-kafka/conf/ranger-kafka-security.xml | 16 + plugin-kafka/scripts/install.properties | 25 + plugin-kms/conf/ranger-kms-audit-changes.cfg | 5 + plugin-kms/conf/ranger-kms-audit.xml | 36 + plugin-kms/conf/ranger-kms-security-changes.cfg | 4 +- plugin-kms/conf/ranger-kms-security.xml | 16 + plugin-kms/scripts/enable-kms-plugin.sh | 28 +- plugin-solr/conf/ranger-solr-audit-changes.cfg | 5 + plugin-solr/conf/ranger-solr-audit.xml | 36 + .../conf/ranger-solr-security-changes.cfg | 4 +- plugin-solr/conf/ranger-solr-security.xml | 16 + plugin-solr/scripts/install.properties | 25 + plugin-yarn/conf/ranger-yarn-audit-changes.cfg | 5 + plugin-yarn/conf/ranger-yarn-audit.xml | 36 + .../conf/ranger-yarn-security-changes.cfg | 2 + plugin-yarn/conf/ranger-yarn-security.xml | 16 + plugin-yarn/scripts/install.properties | 24 + pom.xml | 1 + .../create_hdfs_folders_for_audit_non_secure.sh | 78 + .../create_hdfs_folders_for_audit_secure.sh | 79 + .../contrib/solr_for_audit_setup/README.txt | 25 + .../solr_for_audit_setup/conf/admin-extra.html | 24 + .../conf/admin-extra.menu-bottom.html | 25 + .../conf/admin-extra.menu-top.html | 25 + .../solr_for_audit_setup/conf/elevate.xml | 38 + .../solr_for_audit_setup/conf/schema.xml | 118 ++ .../solr_for_audit_setup/conf/solrconfig.xml | 1865 ++++++++++++++++++ .../solr_for_audit_setup/install.properties | 96 + .../resources/log4j.properties.template | 39 + .../contrib/solr_for_audit_setup/setup.sh | 425 ++++ .../add_ranger_audits_conf_to_zk.sh.template | 63 + .../create_ranger_audits_collection.sh.template | 33 + .../solr_cloud/scripts/start_solr.sh.template | 39 + .../solr_cloud/scripts/stop_solr.sh.template | 35 + .../solr_cloud/solr.xml.template | 26 + .../ranger_audits/core.properties.template | 20 + .../scripts/start_solr.sh.template | 38 + .../scripts/stop_solr.sh.template | 35 + .../solr_standalone/solr.xml | 19 + .../db/mysql/patches/009-updated_schema.sql | 2 +- .../db/oracle/patches/009-updated_schema.sql | 2 +- .../db/postgres/xa_core_db_postgres.sql | 2 +- .../db/sqlanywhere/xa_core_db_sqlanywhere.sql | 2 +- .../db/sqlserver/xa_core_db_sqlserver.sql | 2 +- security-admin/scripts/db_setup.py | 16 +- security-admin/scripts/dba_script.py | 78 +- security-admin/scripts/set_globals.sh | 26 +- security-admin/scripts/setup.sh | 197 +- security-admin/src/bin/ranger_install.py | 2 +- .../java/org/apache/ranger/biz/SessionMgr.java | 102 + .../java/org/apache/ranger/biz/UserMgr.java | 9 +- .../java/org/apache/ranger/biz/XUserMgr.java | 509 +++-- .../org/apache/ranger/common/RESTErrorUtil.java | 26 + .../org/apache/ranger/common/ServiceUtil.java | 30 + .../org/apache/ranger/common/StringUtil.java | 1 - .../apache/ranger/common/UserSessionBase.java | 64 +- .../apache/ranger/db/XXGroupPermissionDao.java | 18 +- .../org/apache/ranger/db/XXGroupUserDao.java | 11 + .../org/apache/ranger/db/XXModuleDefDao.java | 10 - .../org/apache/ranger/db/XXPortalUserDao.java | 21 +- .../java/org/apache/ranger/db/XXUserDao.java | 12 + .../apache/ranger/db/XXUserPermissionDao.java | 10 +- .../patch/PatchPersmissionModel_J10003.java | 24 +- .../java/org/apache/ranger/rest/AssetREST.java | 16 +- .../java/org/apache/ranger/rest/XUserREST.java | 56 +- .../ranger/security/context/RangerAPIList.java | 4 + .../security/context/RangerAPIMapping.java | 4 + .../context/RangerPreAuthSecurityHandler.java | 25 +- .../listener/RangerHttpSessionListener.java | 48 + .../CustomLogoutSuccessHandler.java | 1 + .../RangerAuthFailureHandler.java | 1 + .../RangerAuthSuccessHandler.java | 2 +- .../RangerAuthenticationEntryPoint.java | 1 + .../security/web/filter/MyRememberMeFilter.java | 7 +- .../RangerSecurityContextFormationFilter.java | 5 +- .../service/AbstractBaseResourceService.java | 5 +- .../ranger/service/XGroupPermissionService.java | 13 +- .../ranger/service/XUserPermissionService.java | 18 +- .../service/XUserPermissionServiceBase.java | 65 +- .../resources/META-INF/jpa_named_queries.xml | 19 +- .../conf.dist/ranger-admin-default-site.xml | 2 +- .../src/main/webapp/META-INF/context.xml | 4 +- security-admin/src/main/webapp/WEB-INF/web.xml | 5 +- security-admin/src/main/webapp/login.jsp | 4 +- .../src/main/webapp/scripts/modules/XALinks.js | 42 +- .../webapp/scripts/views/kms/KmsKeyCreate.js | 9 +- .../views/permissions/ModulePermissionCreate.js | 1 - .../webapp/scripts/views/users/GroupCreate.js | 3 +- .../webapp/scripts/views/users/UserCreate.js | 2 - .../java/org/apache/ranger/biz/TestUserMgr.java | 187 +- .../org/apache/ranger/biz/TestXUserMgr.java | 562 +++++- src/main/assembly/admin-web.xml | 7 + src/main/assembly/usersync.xml | 44 + storm-agent/conf/ranger-storm-audit-changes.cfg | 5 + storm-agent/conf/ranger-storm-audit.xml | 36 + .../conf/ranger-storm-security-changes.cfg | 4 +- storm-agent/conf/ranger-storm-security.xml | 16 + storm-agent/scripts/install.properties | 24 + .../ldapconfigcheck/conf/input.properties | 63 + .../ldapconfigchecktool/ldapconfigcheck/pom.xml | 130 ++ .../ldapconfigcheck/scripts/run.sh | 72 + .../ldapconfigcheck/AuthenticationCheck.java | 208 ++ .../ldapconfigcheck/CommandLineOptions.java | 230 +++ .../ranger/ldapconfigcheck/LdapConfig.java | 436 ++++ .../ldapconfigcheck/LdapConfigCheckMain.java | 241 +++ .../apache/ranger/ldapconfigcheck/UserSync.java | 860 ++++++++ .../config/UserGroupSyncConfig.java | 21 +- unixauthservice/scripts/set_globals.sh | 30 +- unixauthservice/scripts/setup.py | 42 +- 147 files changed, 8503 insertions(+), 604 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5b5e0120/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5b5e0120/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5b5e0120/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java ---------------------------------------------------------------------- diff --cc knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java index e06f5a2,c087f25..4166786 --- a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java +++ b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java @@@ -34,8 -33,12 +34,9 @@@ import javax.ws.rs.core.Response import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.security.AccessControlException; - import org.apache.ranger.plugin.model.RangerTag; +import org.apache.ranger.plugin.util.*; + import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; -import org.apache.ranger.plugin.util.GrantRevokeRequest; -import org.apache.ranger.plugin.util.RangerRESTUtils; -import org.apache.ranger.plugin.util.RangerSslHelper; -import org.apache.ranger.plugin.util.ServicePolicies; + import org.glassfish.jersey.client.ClientProperties; import com.google.gson.Gson; import com.google.gson.GsonBuilder; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5b5e0120/pom.xml ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5b5e0120/security-admin/db/mysql/patches/009-updated_schema.sql ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5b5e0120/security-admin/db/oracle/patches/009-updated_schema.sql ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5b5e0120/security-admin/db/postgres/xa_core_db_postgres.sql ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5b5e0120/security-admin/db/sqlserver/xa_core_db_sqlserver.sql ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5b5e0120/security-admin/scripts/db_setup.py ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5b5e0120/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java ---------------------------------------------------------------------- diff --cc security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java index 7131903,775c647..de4d16c --- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java @@@ -645,8 -650,13 +650,15 @@@ public class AssetREST "startDate", "MM/dd/yyyy"); searchUtil.extractDate(request, searchCriteria, "endDate", "endDate", "MM/dd/yyyy"); + + searchUtil.extractString(request, searchCriteria, "tags", "tags", null); + + boolean isKeyAdmin = msBizUtil.isKeyAdmin(); + XXServiceDef xxServiceDef = daoManager.getXXServiceDef().findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_KMS_NAME); + if(isKeyAdmin && xxServiceDef != null){ + searchCriteria.getParamList().put("repoType", xxServiceDef.getId()); + } + return assetMgr.getAccessLogs(searchCriteria); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5b5e0120/security-admin/src/main/resources/META-INF/jpa_named_queries.xml ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5b5e0120/security-admin/src/main/webapp/scripts/modules/XALinks.js ----------------------------------------------------------------------
