Repository: incubator-ranger Updated Branches: refs/heads/master b64218a34 -> 3595251bc
RANGER-965: Validate Audit DB to Solr Migration script from any previous version to 0.6 upgrade Signed-off-by: Gautam Borad <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/3595251b Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/3595251b Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/3595251b Branch: refs/heads/master Commit: 3595251bcbf82ab704914822695a9265d0158c17 Parents: b64218a Author: pradeep agrawal <[email protected]> Authored: Fri May 13 18:47:07 2016 +0530 Committer: Gautam Borad <[email protected]> Committed: Mon May 16 10:01:37 2016 +0530 ---------------------------------------------------------------------- .../ranger/biz/RangerPolicyRetriever.java | 2 +- .../org/apache/ranger/common/AppConstants.java | 29 +- .../org/apache/ranger/db/XXAccessAuditDao.java | 56 +- .../org/apache/ranger/entity/XXAccessAudit.java | 618 +---------------- .../apache/ranger/entity/XXAccessAuditBase.java | 660 +++++++++++++++++++ .../apache/ranger/entity/XXAccessAuditV4.java | 39 ++ .../apache/ranger/entity/XXAccessAuditV5.java | 86 +++ .../patch/cliutil/DbToSolrMigrationUtil.java | 161 ++++- .../resources/META-INF/jpa_named_queries.xml | 8 +- .../conf.dist/ranger-admin-default-site.xml | 9 - .../main/webapp/META-INF/applicationContext.xml | 4 +- .../ranger/tagsync/process/TagSyncConfig.java | 4 + 12 files changed, 1025 insertions(+), 651 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3595251b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java index ec4f165..6b4b149 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java @@ -490,7 +490,7 @@ public class RangerPolicyRetriever { ret.setVersion(xPolicy.getVersion()); ret.setService(service == null ? null : service.getName()); ret.setName(xPolicy.getName()); - ret.setPolicyType(xPolicy.getPolicyType()); + ret.setPolicyType(xPolicy.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS : xPolicy.getPolicyType()); ret.setDescription(xPolicy.getDescription()); ret.setResourceSignature(xPolicy.getResourceSignature()); ret.setIsAuditEnabled(xPolicy.getIsAuditEnabled()); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3595251b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java index e9c7ac0..23d3dbd 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java +++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java @@ -592,11 +592,12 @@ public class AppConstants extends RangerCommonEnums { * CLASS_TYPE_XA_SERVICE_VERSION_INFO is an element of enum ClassTypes. Its value is "CLASS_TYPE_XA_SERVICE_VERSION_INFO". */ public static final int CLASS_TYPE_XA_SERVICE_VERSION_INFO = 1052; - + public static final int CLASS_TYPE_XA_ACCESS_AUDIT_V4 = 1053; + public static final int CLASS_TYPE_XA_ACCESS_AUDIT_V5 = 1054; /** * Max value for enum ClassTypes_MAX */ - public static final int ClassTypes_MAX = 1052; + public static final int ClassTypes_MAX = 1054; /*************************************************************** * Enum values for Default SortOrder @@ -961,6 +962,12 @@ public class AppConstants extends RangerCommonEnums { if( elementValue == 1052 ) { return "XA Service Version Info"; //CLASS_TYPE_XA_SERVICE_VERSION_INFO } + if( elementValue == 1053 ) { + return "Access Audit V4"; //CLASS_TYPE_XA_ACCESS_AUDIT_V4 + } + if( elementValue == 1054 ) { + return "Access Audit V5"; //CLASS_TYPE_XA_ACCESS_AUDIT_V5 + } return null; } @@ -1173,6 +1180,15 @@ public class AppConstants extends RangerCommonEnums { if ("ORACLE".equalsIgnoreCase(label)) { return DB_FLAVOR_ORACLE; // DB_FLAVOR_ORACLE } + if ("POSTGRES".equalsIgnoreCase(label)) { + return DB_FLAVOR_POSTGRES; // DB_FLAVOR_POSTGRES + } + if ("MSSQL".equalsIgnoreCase(label)) { + return DB_FLAVOR_SQLSERVER; // DB_FLAVOR_MSSQL + } + if ("SQLA".equalsIgnoreCase(label)) { + return DB_FLAVOR_SQLANYWHERE; // DB_FLAVOR_SQLANYWHERE + } return DB_FLAVOR_UNKNOWN; } @@ -1186,6 +1202,15 @@ public class AppConstants extends RangerCommonEnums { if (elementValue == DB_FLAVOR_ORACLE) { return "ORACLE"; // ORACLE } + if (elementValue == DB_FLAVOR_POSTGRES) { + return "POSTGRES"; // POSTGRES + } + if (elementValue == DB_FLAVOR_SQLSERVER) { + return "MSSQL"; // MSSQL + } + if (elementValue == DB_FLAVOR_SQLANYWHERE) { + return "SQLA"; // SQLA + } return null; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3595251b/security-admin/src/main/java/org/apache/ranger/db/XXAccessAuditDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXAccessAuditDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXAccessAuditDao.java index 432dfa9..7bd6a3e 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXAccessAuditDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXAccessAuditDao.java @@ -25,6 +25,8 @@ import javax.persistence.NoResultException; import org.apache.log4j.Logger; import org.apache.ranger.common.db.BaseDao; import org.apache.ranger.entity.XXAccessAudit; +import org.apache.ranger.entity.XXAccessAuditV4; +import org.apache.ranger.entity.XXAccessAuditV5; public class XXAccessAuditDao extends BaseDao<XXAccessAudit> { private static Logger logger = Logger.getLogger(XXAccessAuditDao.class); @@ -46,11 +48,61 @@ public class XXAccessAuditDao extends BaseDao<XXAccessAudit> { } return maxXXAccessAuditID; } - public List<XXAccessAudit> getByIdRange(long idFrom,long idTo){ + + @SuppressWarnings("unchecked") + public List<String> getColumnNames(String db_flavor){ + List<String> columnList=new ArrayList<String>(); + String sqlStr=null; + if("MYSQL".equalsIgnoreCase(db_flavor)){ + sqlStr="SELECT lower(column_name) FROM information_schema.columns WHERE table_schema=database() AND table_name = 'xa_access_audit'"; + }else if("ORACLE".equalsIgnoreCase(db_flavor)){ + sqlStr="SELECT lower(column_name) FROM user_tab_cols WHERE table_name = upper('XA_ACCESS_AUDIT')"; + }else if("POSTGRES".equalsIgnoreCase(db_flavor)){ + sqlStr="SELECT lower(attname) FROM pg_attribute WHERE attrelid IN(SELECT oid FROM pg_class WHERE relname='xa_access_audit')"; + }else if("MSSQL".equalsIgnoreCase(db_flavor)){ + sqlStr="SELECT lower(column_name) FROM INFORMATION_SCHEMA.columns WHERE table_name = 'xa_access_audit'"; + }else if("SQLA".equalsIgnoreCase(db_flavor)){ + sqlStr="SELECT lower(cname) FROM SYS.SYSCOLUMNS WHERE tname = 'xa_access_audit'"; + }else{ + return columnList; + } + try { + columnList=getEntityManager().createNativeQuery(sqlStr).getResultList(); + } catch (NoResultException e) { + } + return columnList; + } + public List<XXAccessAuditV4> getByIdRangeV4(long idFrom,long idTo){ + //idFrom and idTo both exclusive + List<XXAccessAuditV4> xXAccessAuditList = new ArrayList<XXAccessAuditV4>(); + try { + xXAccessAuditList= getEntityManager().createNamedQuery("XXAccessAuditV4.getByIdRangeV4", XXAccessAuditV4.class) + .setParameter("idFrom", idFrom) + .setParameter("idTo", idTo) + .getResultList(); + } catch (NoResultException e) { + logger.debug(e.getMessage()); + } + return xXAccessAuditList; + } + public List<XXAccessAuditV5> getByIdRangeV5(long idFrom,long idTo){ + //idFrom and idTo both exclusive + List<XXAccessAuditV5> xXAccessAuditList = new ArrayList<XXAccessAuditV5>(); + try { + xXAccessAuditList= getEntityManager().createNamedQuery("XXAccessAuditV5.getByIdRangeV5", XXAccessAuditV5.class) + .setParameter("idFrom", idFrom) + .setParameter("idTo", idTo) + .getResultList(); + } catch (NoResultException e) { + logger.debug(e.getMessage()); + } + return xXAccessAuditList; + } + public List<XXAccessAudit> getByIdRangeV6(long idFrom,long idTo){ //idFrom and idTo both exclusive List<XXAccessAudit> xXAccessAuditList = new ArrayList<XXAccessAudit>(); try { - xXAccessAuditList= getEntityManager().createNamedQuery("XXAccessAudit.getByIdRange", tClass) + xXAccessAuditList= getEntityManager().createNamedQuery("XXAccessAudit.getByIdRangeV6", XXAccessAudit.class) .setParameter("idFrom", idFrom) .setParameter("idTo", idTo) .getResultList(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3595251b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAudit.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAudit.java b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAudit.java index 96859a7..3043931 100644 --- a/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAudit.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAudit.java @@ -24,222 +24,17 @@ * */ -import java.util.Date; - import javax.persistence.Column; import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.SequenceGenerator; import javax.persistence.Table; -import javax.persistence.Temporal; -import javax.persistence.TemporalType; import javax.xml.bind.annotation.XmlRootElement; -import org.apache.ranger.common.AppConstants; -import org.apache.ranger.common.DateUtil; -import org.apache.ranger.common.RangerConstants; - - @Entity @Table(name="xa_access_audit") @XmlRootElement -public class XXAccessAudit extends XXDBBase implements java.io.Serializable { +public class XXAccessAudit extends XXAccessAuditBase implements java.io.Serializable { private static final long serialVersionUID = 1L; - @Id - @SequenceGenerator(name="XA_ACCESS_AUDIT_SEQ",sequenceName="XA_ACCESS_AUDIT_SEQ",allocationSize=1) - @GeneratedValue(strategy=GenerationType.AUTO,generator="XA_ACCESS_AUDIT_SEQ") - @Column(name="ID") - protected Long id; - - @Override - public void setId(Long id) { - this.id=id; - } - @Override - public Long getId() { - return id; - } - /** - * Repository Type - * <ul> - * <li>This attribute is of type enum CommonEnums::AssetType - * </ul> - * - */ - @Column(name="AUDIT_TYPE" , nullable=false ) - protected int auditType = AppConstants.ASSET_UNKNOWN; - - /** - * Access Result - * <ul> - * <li>This attribute is of type enum CommonEnums::AccessResult - * </ul> - * - */ - @Column(name="ACCESS_RESULT" ) - protected int accessResult = RangerConstants.ACCESS_RESULT_DENIED; - - /** - * Access Type - * <ul> - * <li>The maximum length for this attribute is <b>255</b>. - * </ul> - * - */ - @Column(name="ACCESS_TYPE" , length=255) - protected String accessType; - - /** - * Acl Enforcer - * <ul> - * <li>The maximum length for this attribute is <b>255</b>. - * </ul> - * - */ - @Column(name="ACL_ENFORCER" , length=255) - protected String aclEnforcer; - - /** - * Agent Id - * <ul> - * <li>The maximum length for this attribute is <b>255</b>. - * </ul> - * - */ - @Column(name="AGENT_ID" , length=255) - protected String agentId; - - /** - * Client Ip - * <ul> - * <li>The maximum length for this attribute is <b>255</b>. - * </ul> - * - */ - @Column(name="CLIENT_IP" , length=255) - protected String clientIP; - - /** - * Client Type - * <ul> - * <li>The maximum length for this attribute is <b>255</b>. - * </ul> - * - */ - @Column(name="CLIENT_TYPE" , length=255) - protected String clientType; - - /** - * Policy Id - * <ul> - * </ul> - * - */ - @Column(name="POLICY_ID" ) - protected long policyId; - - /** - * Repository Name - * <ul> - * <li>The maximum length for this attribute is <b>255</b>. - * </ul> - * - */ - @Column(name="REPO_NAME" , length=255) - protected String repoName; - - /** - * Repository Type - * <ul> - * </ul> - * - */ - @Column(name="REPO_TYPE" ) - protected int repoType; - - /** - * Reason of result - * <ul> - * <li>The maximum length for this attribute is <b>255</b>. - * </ul> - * - */ - @Column(name="RESULT_REASON" , length=255) - protected String resultReason; - - /** - * Session Id - * <ul> - * <li>The maximum length for this attribute is <b>255</b>. - * </ul> - * - */ - @Column(name="SESSION_ID" , length=255) - protected String sessionId; - - /** - * Event Time - * <ul> - * </ul> - * - */ - @Temporal(TemporalType.TIMESTAMP) - @Column(name="EVENT_TIME" ) - protected Date eventTime = DateUtil.getUTCDate(); - - /** - * Requesting User - * <ul> - * <li>The maximum length for this attribute is <b>255</b>. - * </ul> - * - */ - @Column(name="REQUEST_USER" , length=255) - protected String requestUser; - - /** - * Action - * <ul> - * <li>The maximum length for this attribute is <b>2000</b>. - * </ul> - * - */ - @Column(name="ACTION" , length=2000) - protected String action; - - /** - * Requesting Data - * <ul> - * <li>The maximum length for this attribute is <b>2000</b>. - * </ul> - * - */ - @Column(name="REQUEST_DATA" , length=2000) - protected String requestData; - - /** - * Resource Path - * <ul> - * <li>The maximum length for this attribute is <b>2000</b>. - * </ul> - * - */ - @Column(name="RESOURCE_PATH" , length=2000) - protected String resourcePath; - - /** - * Resource Type - * <ul> - * <li>The maximum length for this attribute is <b>255</b>. - * </ul> - * - */ - @Column(name="RESOURCE_TYPE" , length=255) - protected String resourceType; - @Column(name="SEQ_NUM") protected long sequenceNumber; @@ -250,329 +45,6 @@ public class XXAccessAudit extends XXDBBase implements java.io.Serializable { @Column(name="EVENT_DUR_MS") protected long eventDuration; - @Column(name="tags") - protected String tags; - - /** - * Default constructor. This will set all the attributes to default value. - */ - public XXAccessAudit ( ) { - auditType = AppConstants.ASSET_UNKNOWN; - accessResult = RangerConstants.ACCESS_RESULT_DENIED; - } - - @Override - public int getMyClassType( ) { - return AppConstants.CLASS_TYPE_XA_ACCESS_AUDIT; - } - - /** - * This method sets the value to the member attribute <b>auditType</b>. - * You cannot set null to the attribute. - * @param auditType Value to set member attribute <b>auditType</b> - */ - public void setAuditType( int auditType ) { - this.auditType = auditType; - } - - /** - * Returns the value for the member attribute <b>auditType</b> - * @return int - value of member attribute <b>auditType</b>. - */ - public int getAuditType( ) { - return this.auditType; - } - - /** - * This method sets the value to the member attribute <b>accessResult</b>. - * You cannot set null to the attribute. - * @param accessResult Value to set member attribute <b>accessResult</b> - */ - public void setAccessResult( int accessResult ) { - this.accessResult = accessResult; - } - - /** - * Returns the value for the member attribute <b>accessResult</b> - * @return int - value of member attribute <b>accessResult</b>. - */ - public int getAccessResult( ) { - return this.accessResult; - } - - /** - * This method sets the value to the member attribute <b>accessType</b>. - * You cannot set null to the attribute. - * @param accessType Value to set member attribute <b>accessType</b> - */ - public void setAccessType( String accessType ) { - this.accessType = accessType; - } - - /** - * Returns the value for the member attribute <b>accessType</b> - * @return String - value of member attribute <b>accessType</b>. - */ - public String getAccessType( ) { - return this.accessType; - } - - /** - * This method sets the value to the member attribute <b>aclEnforcer</b>. - * You cannot set null to the attribute. - * @param aclEnforcer Value to set member attribute <b>aclEnforcer</b> - */ - public void setAclEnforcer( String aclEnforcer ) { - this.aclEnforcer = aclEnforcer; - } - - /** - * Returns the value for the member attribute <b>aclEnforcer</b> - * @return String - value of member attribute <b>aclEnforcer</b>. - */ - public String getAclEnforcer( ) { - return this.aclEnforcer; - } - - /** - * This method sets the value to the member attribute <b>agentId</b>. - * You cannot set null to the attribute. - * @param agentId Value to set member attribute <b>agentId</b> - */ - public void setAgentId( String agentId ) { - this.agentId = agentId; - } - - /** - * Returns the value for the member attribute <b>agentId</b> - * @return String - value of member attribute <b>agentId</b>. - */ - public String getAgentId( ) { - return this.agentId; - } - - /** - * This method sets the value to the member attribute <b>clientIP</b>. - * You cannot set null to the attribute. - * @param clientIP Value to set member attribute <b>clientIP</b> - */ - public void setClientIP( String clientIP ) { - this.clientIP = clientIP; - } - - /** - * Returns the value for the member attribute <b>clientIP</b> - * @return String - value of member attribute <b>clientIP</b>. - */ - public String getClientIP( ) { - return this.clientIP; - } - - /** - * This method sets the value to the member attribute <b>clientType</b>. - * You cannot set null to the attribute. - * @param clientType Value to set member attribute <b>clientType</b> - */ - public void setClientType( String clientType ) { - this.clientType = clientType; - } - - /** - * Returns the value for the member attribute <b>clientType</b> - * @return String - value of member attribute <b>clientType</b>. - */ - public String getClientType( ) { - return this.clientType; - } - - /** - * This method sets the value to the member attribute <b>policyId</b>. - * You cannot set null to the attribute. - * @param policyId Value to set member attribute <b>policyId</b> - */ - public void setPolicyId( long policyId ) { - this.policyId = policyId; - } - - /** - * Returns the value for the member attribute <b>policyId</b> - * @return long - value of member attribute <b>policyId</b>. - */ - public long getPolicyId( ) { - return this.policyId; - } - - /** - * This method sets the value to the member attribute <b>repoName</b>. - * You cannot set null to the attribute. - * @param repoName Value to set member attribute <b>repoName</b> - */ - public void setRepoName( String repoName ) { - this.repoName = repoName; - } - - /** - * Returns the value for the member attribute <b>repoName</b> - * @return String - value of member attribute <b>repoName</b>. - */ - public String getRepoName( ) { - return this.repoName; - } - - /** - * This method sets the value to the member attribute <b>repoType</b>. - * You cannot set null to the attribute. - * @param repoType Value to set member attribute <b>repoType</b> - */ - public void setRepoType( int repoType ) { - this.repoType = repoType; - } - - /** - * Returns the value for the member attribute <b>repoType</b> - * @return int - value of member attribute <b>repoType</b>. - */ - public int getRepoType( ) { - return this.repoType; - } - - /** - * This method sets the value to the member attribute <b>resultReason</b>. - * You cannot set null to the attribute. - * @param resultReason Value to set member attribute <b>resultReason</b> - */ - public void setResultReason( String resultReason ) { - this.resultReason = resultReason; - } - - /** - * Returns the value for the member attribute <b>resultReason</b> - * @return String - value of member attribute <b>resultReason</b>. - */ - public String getResultReason( ) { - return this.resultReason; - } - - /** - * This method sets the value to the member attribute <b>sessionId</b>. - * You cannot set null to the attribute. - * @param sessionId Value to set member attribute <b>sessionId</b> - */ - public void setSessionId( String sessionId ) { - this.sessionId = sessionId; - } - - /** - * Returns the value for the member attribute <b>sessionId</b> - * @return String - value of member attribute <b>sessionId</b>. - */ - public String getSessionId( ) { - return this.sessionId; - } - - /** - * This method sets the value to the member attribute <b>eventTime</b>. - * You cannot set null to the attribute. - * @param eventTime Value to set member attribute <b>eventTime</b> - */ - public void setEventTime( Date eventTime ) { - this.eventTime = eventTime; - } - - /** - * Returns the value for the member attribute <b>eventTime</b> - * @return Date - value of member attribute <b>eventTime</b>. - */ - public Date getEventTime( ) { - return this.eventTime; - } - - /** - * This method sets the value to the member attribute <b>requestUser</b>. - * You cannot set null to the attribute. - * @param requestUser Value to set member attribute <b>requestUser</b> - */ - public void setRequestUser( String requestUser ) { - this.requestUser = requestUser; - } - - /** - * Returns the value for the member attribute <b>requestUser</b> - * @return String - value of member attribute <b>requestUser</b>. - */ - public String getRequestUser( ) { - return this.requestUser; - } - - /** - * This method sets the value to the member attribute <b>action</b>. - * You cannot set null to the attribute. - * @param action Value to set member attribute <b>action</b> - */ - public void setAction( String action ) { - this.action = action; - } - - /** - * Returns the value for the member attribute <b>action</b> - * @return String - value of member attribute <b>action</b>. - */ - public String getAction( ) { - return this.action; - } - - /** - * This method sets the value to the member attribute <b>requestData</b>. - * You cannot set null to the attribute. - * @param requestData Value to set member attribute <b>requestData</b> - */ - public void setRequestData( String requestData ) { - this.requestData = requestData; - } - - /** - * Returns the value for the member attribute <b>requestData</b> - * @return String - value of member attribute <b>requestData</b>. - */ - public String getRequestData( ) { - return this.requestData; - } - - /** - * This method sets the value to the member attribute <b>resourcePath</b>. - * You cannot set null to the attribute. - * @param resourcePath Value to set member attribute <b>resourcePath</b> - */ - public void setResourcePath( String resourcePath ) { - this.resourcePath = resourcePath; - } - - /** - * Returns the value for the member attribute <b>resourcePath</b> - * @return String - value of member attribute <b>resourcePath</b>. - */ - public String getResourcePath( ) { - return this.resourcePath; - } - - /** - * This method sets the value to the member attribute <b>resourceType</b>. - * You cannot set null to the attribute. - * @param resourceType Value to set member attribute <b>resourceType</b> - */ - public void setResourceType( String resourceType ) { - this.resourceType = resourceType; - } - - /** - * Returns the value for the member attribute <b>resourceType</b> - * @return String - value of member attribute <b>resourceType</b>. - */ - public String getResourceType( ) { - return this.resourceType; - } - - public long getSequenceNumber() { return sequenceNumber; } @@ -591,6 +63,9 @@ public class XXAccessAudit extends XXDBBase implements java.io.Serializable { public void setEventDuration(long eventDuration) { this.eventDuration = eventDuration; } + + @Column(name="tags") + protected String tags; /** * @return the tags @@ -610,31 +85,11 @@ public class XXAccessAudit extends XXDBBase implements java.io.Serializable { */ @Override public String toString( ) { - String str = "XXAccessAudit={"; - str += super.toString(); - str += "auditType={" + auditType + "} "; - str += "accessResult={" + accessResult + "} "; - str += "accessType={" + accessType + "} "; - str += "aclEnforcer={" + aclEnforcer + "} "; - str += "agentId={" + agentId + "} "; - str += "clientIP={" + clientIP + "} "; - str += "clientType={" + clientType + "} "; - str += "policyId={" + policyId + "} "; - str += "repoName={" + repoName + "} "; - str += "repoType={" + repoType + "} "; - str += "resultReason={" + resultReason + "} "; - str += "sessionId={" + sessionId + "} "; - str += "eventTime={" + eventTime + "} "; - str += "requestUser={" + requestUser + "} "; - str += "action={" + action + "} "; - str += "requestData={" + requestData + "} "; - str += "resourcePath={" + resourcePath + "} "; - str += "resourceType={" + resourceType + "} "; + String str = super.toString(); str += "sequenceNumber={" + sequenceNumber + "}"; str += "eventCount={" + eventCount + "}"; str += "eventDuration={" + eventDuration + "}"; str += "tags={" + tags + "}"; - str += "}"; return str; } @@ -648,67 +103,10 @@ public class XXAccessAudit extends XXDBBase implements java.io.Serializable { return false; } XXAccessAudit other = (XXAccessAudit) obj; - if( this.auditType != other.auditType ) return false; - if( this.accessResult != other.accessResult ) return false; - if ((this.accessType == null && other.accessType != null) || (this.accessType != null && !this.accessType.equals(other.accessType))) { - return false; - } - if ((this.aclEnforcer == null && other.aclEnforcer != null) || (this.aclEnforcer != null && !this.aclEnforcer.equals(other.aclEnforcer))) { - return false; - } - if ((this.agentId == null && other.agentId != null) || (this.agentId != null && !this.agentId.equals(other.agentId))) { - return false; - } - if ((this.clientIP == null && other.clientIP != null) || (this.clientIP != null && !this.clientIP.equals(other.clientIP))) { - return false; - } - if ((this.clientType == null && other.clientType != null) || (this.clientType != null && !this.clientType.equals(other.clientType))) { - return false; - } - if( this.policyId != other.policyId ) return false; - if ((this.repoName == null && other.repoName != null) || (this.repoName != null && !this.repoName.equals(other.repoName))) { - return false; - } - if( this.repoType != other.repoType ) return false; - if ((this.resultReason == null && other.resultReason != null) || (this.resultReason != null && !this.resultReason.equals(other.resultReason))) { - return false; - } - if ((this.sessionId == null && other.sessionId != null) || (this.sessionId != null && !this.sessionId.equals(other.sessionId))) { - return false; - } - if ((this.eventTime == null && other.eventTime != null) || (this.eventTime != null && !this.eventTime.equals(other.eventTime))) { - return false; - } - if ((this.requestUser == null && other.requestUser != null) || (this.requestUser != null && !this.requestUser.equals(other.requestUser))) { - return false; - } - if ((this.action == null && other.action != null) || (this.action != null && !this.action.equals(other.action))) { - return false; - } - if ((this.requestData == null && other.requestData != null) || (this.requestData != null && !this.requestData.equals(other.requestData))) { - return false; - } - if ((this.resourcePath == null && other.resourcePath != null) || (this.resourcePath != null && !this.resourcePath.equals(other.resourcePath))) { - return false; - } - if ((this.resourceType == null && other.resourceType != null) || (this.resourceType != null && !this.resourceType.equals(other.resourceType))) { - return false; - } - if ((this.tags == null && other.tags != null) || (this.tags != null && !this.tags.equals(other.tags))) { - return false; - } - return true; - } - public static String getEnumName(String fieldName ) { - if( fieldName.equals("auditType") ) { - return "CommonEnums.AssetType"; - } - if( fieldName.equals("accessResult") ) { - return "CommonEnums.AccessResult"; + if ((this.tags == null && other.tags != null) || (this.tags != null && !this.tags.equals(other.tags))) { + return false; } - //Later TODO - //return super.getEnumName(fieldName); - return null; + return true; } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3595251b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditBase.java b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditBase.java new file mode 100644 index 0000000..8287d31 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditBase.java @@ -0,0 +1,660 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.entity; + +/** + * Access Audit + * + */ + +import java.util.Date; + +import javax.persistence.Column; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.MappedSuperclass; +import javax.persistence.SequenceGenerator; +import javax.persistence.Temporal; +import javax.persistence.TemporalType; +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.ranger.common.AppConstants; +import org.apache.ranger.common.DateUtil; +import org.apache.ranger.common.RangerConstants; + +@MappedSuperclass +@XmlRootElement +public class XXAccessAuditBase extends XXDBBase implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + @Id + @SequenceGenerator(name="XA_ACCESS_AUDIT_SEQ",sequenceName="XA_ACCESS_AUDIT_SEQ",allocationSize=1) + @GeneratedValue(strategy=GenerationType.AUTO,generator="XA_ACCESS_AUDIT_SEQ") + @Column(name="ID") + protected Long id; + + @Override + public void setId(Long id) { + this.id=id; + } + @Override + public Long getId() { + return id; + } + + /** + * Repository Type + * <ul> + * <li>This attribute is of type enum CommonEnums::AssetType + * </ul> + * + */ + @Column(name="AUDIT_TYPE" , nullable=false ) + protected int auditType = AppConstants.ASSET_UNKNOWN; + + /** + * Access Result + * <ul> + * <li>This attribute is of type enum CommonEnums::AccessResult + * </ul> + * + */ + @Column(name="ACCESS_RESULT" ) + protected int accessResult = RangerConstants.ACCESS_RESULT_DENIED; + + /** + * Access Type + * <ul> + * <li>The maximum length for this attribute is <b>255</b>. + * </ul> + * + */ + @Column(name="ACCESS_TYPE" , length=255) + protected String accessType; + + /** + * Acl Enforcer + * <ul> + * <li>The maximum length for this attribute is <b>255</b>. + * </ul> + * + */ + @Column(name="ACL_ENFORCER" , length=255) + protected String aclEnforcer; + + /** + * Agent Id + * <ul> + * <li>The maximum length for this attribute is <b>255</b>. + * </ul> + * + */ + @Column(name="AGENT_ID" , length=255) + protected String agentId; + + /** + * Client Ip + * <ul> + * <li>The maximum length for this attribute is <b>255</b>. + * </ul> + * + */ + @Column(name="CLIENT_IP" , length=255) + protected String clientIP; + + /** + * Client Type + * <ul> + * <li>The maximum length for this attribute is <b>255</b>. + * </ul> + * + */ + @Column(name="CLIENT_TYPE" , length=255) + protected String clientType; + + /** + * Policy Id + * <ul> + * </ul> + * + */ + @Column(name="POLICY_ID" ) + protected long policyId; + + /** + * Repository Name + * <ul> + * <li>The maximum length for this attribute is <b>255</b>. + * </ul> + * + */ + @Column(name="REPO_NAME" , length=255) + protected String repoName; + + /** + * Repository Type + * <ul> + * </ul> + * + */ + @Column(name="REPO_TYPE" ) + protected int repoType; + + /** + * Reason of result + * <ul> + * <li>The maximum length for this attribute is <b>255</b>. + * </ul> + * + */ + @Column(name="RESULT_REASON" , length=255) + protected String resultReason; + + /** + * Session Id + * <ul> + * <li>The maximum length for this attribute is <b>255</b>. + * </ul> + * + */ + @Column(name="SESSION_ID" , length=255) + protected String sessionId; + + /** + * Event Time + * <ul> + * </ul> + * + */ + @Temporal(TemporalType.TIMESTAMP) + @Column(name="EVENT_TIME" ) + protected Date eventTime = DateUtil.getUTCDate(); + + /** + * Requesting User + * <ul> + * <li>The maximum length for this attribute is <b>255</b>. + * </ul> + * + */ + @Column(name="REQUEST_USER" , length=255) + protected String requestUser; + + /** + * Action + * <ul> + * <li>The maximum length for this attribute is <b>2000</b>. + * </ul> + * + */ + @Column(name="ACTION" , length=2000) + protected String action; + + /** + * Requesting Data + * <ul> + * <li>The maximum length for this attribute is <b>2000</b>. + * </ul> + * + */ + @Column(name="REQUEST_DATA" , length=2000) + protected String requestData; + + /** + * Resource Path + * <ul> + * <li>The maximum length for this attribute is <b>2000</b>. + * </ul> + * + */ + @Column(name="RESOURCE_PATH" , length=2000) + protected String resourcePath; + + /** + * Resource Type + * <ul> + * <li>The maximum length for this attribute is <b>255</b>. + * </ul> + * + */ + @Column(name="RESOURCE_TYPE" , length=255) + protected String resourceType; + + + + /** + * Default constructor. This will set all the attributes to default value. + */ + public XXAccessAuditBase ( ) { + auditType = AppConstants.ASSET_UNKNOWN; + accessResult = RangerConstants.ACCESS_RESULT_DENIED; + } + + @Override + public int getMyClassType( ) { + return AppConstants.CLASS_TYPE_XA_ACCESS_AUDIT; + } + + /** + * This method sets the value to the member attribute <b>auditType</b>. + * You cannot set null to the attribute. + * @param auditType Value to set member attribute <b>auditType</b> + */ + public void setAuditType( int auditType ) { + this.auditType = auditType; + } + + /** + * Returns the value for the member attribute <b>auditType</b> + * @return int - value of member attribute <b>auditType</b>. + */ + public int getAuditType( ) { + return this.auditType; + } + + /** + * This method sets the value to the member attribute <b>accessResult</b>. + * You cannot set null to the attribute. + * @param accessResult Value to set member attribute <b>accessResult</b> + */ + public void setAccessResult( int accessResult ) { + this.accessResult = accessResult; + } + + /** + * Returns the value for the member attribute <b>accessResult</b> + * @return int - value of member attribute <b>accessResult</b>. + */ + public int getAccessResult( ) { + return this.accessResult; + } + + /** + * This method sets the value to the member attribute <b>accessType</b>. + * You cannot set null to the attribute. + * @param accessType Value to set member attribute <b>accessType</b> + */ + public void setAccessType( String accessType ) { + this.accessType = accessType; + } + + /** + * Returns the value for the member attribute <b>accessType</b> + * @return String - value of member attribute <b>accessType</b>. + */ + public String getAccessType( ) { + return this.accessType; + } + + /** + * This method sets the value to the member attribute <b>aclEnforcer</b>. + * You cannot set null to the attribute. + * @param aclEnforcer Value to set member attribute <b>aclEnforcer</b> + */ + public void setAclEnforcer( String aclEnforcer ) { + this.aclEnforcer = aclEnforcer; + } + + /** + * Returns the value for the member attribute <b>aclEnforcer</b> + * @return String - value of member attribute <b>aclEnforcer</b>. + */ + public String getAclEnforcer( ) { + return this.aclEnforcer; + } + + /** + * This method sets the value to the member attribute <b>agentId</b>. + * You cannot set null to the attribute. + * @param agentId Value to set member attribute <b>agentId</b> + */ + public void setAgentId( String agentId ) { + this.agentId = agentId; + } + + /** + * Returns the value for the member attribute <b>agentId</b> + * @return String - value of member attribute <b>agentId</b>. + */ + public String getAgentId( ) { + return this.agentId; + } + + /** + * This method sets the value to the member attribute <b>clientIP</b>. + * You cannot set null to the attribute. + * @param clientIP Value to set member attribute <b>clientIP</b> + */ + public void setClientIP( String clientIP ) { + this.clientIP = clientIP; + } + + /** + * Returns the value for the member attribute <b>clientIP</b> + * @return String - value of member attribute <b>clientIP</b>. + */ + public String getClientIP( ) { + return this.clientIP; + } + + /** + * This method sets the value to the member attribute <b>clientType</b>. + * You cannot set null to the attribute. + * @param clientType Value to set member attribute <b>clientType</b> + */ + public void setClientType( String clientType ) { + this.clientType = clientType; + } + + /** + * Returns the value for the member attribute <b>clientType</b> + * @return String - value of member attribute <b>clientType</b>. + */ + public String getClientType( ) { + return this.clientType; + } + + /** + * This method sets the value to the member attribute <b>policyId</b>. + * You cannot set null to the attribute. + * @param policyId Value to set member attribute <b>policyId</b> + */ + public void setPolicyId( long policyId ) { + this.policyId = policyId; + } + + /** + * Returns the value for the member attribute <b>policyId</b> + * @return long - value of member attribute <b>policyId</b>. + */ + public long getPolicyId( ) { + return this.policyId; + } + + /** + * This method sets the value to the member attribute <b>repoName</b>. + * You cannot set null to the attribute. + * @param repoName Value to set member attribute <b>repoName</b> + */ + public void setRepoName( String repoName ) { + this.repoName = repoName; + } + + /** + * Returns the value for the member attribute <b>repoName</b> + * @return String - value of member attribute <b>repoName</b>. + */ + public String getRepoName( ) { + return this.repoName; + } + + /** + * This method sets the value to the member attribute <b>repoType</b>. + * You cannot set null to the attribute. + * @param repoType Value to set member attribute <b>repoType</b> + */ + public void setRepoType( int repoType ) { + this.repoType = repoType; + } + + /** + * Returns the value for the member attribute <b>repoType</b> + * @return int - value of member attribute <b>repoType</b>. + */ + public int getRepoType( ) { + return this.repoType; + } + + /** + * This method sets the value to the member attribute <b>resultReason</b>. + * You cannot set null to the attribute. + * @param resultReason Value to set member attribute <b>resultReason</b> + */ + public void setResultReason( String resultReason ) { + this.resultReason = resultReason; + } + + /** + * Returns the value for the member attribute <b>resultReason</b> + * @return String - value of member attribute <b>resultReason</b>. + */ + public String getResultReason( ) { + return this.resultReason; + } + + /** + * This method sets the value to the member attribute <b>sessionId</b>. + * You cannot set null to the attribute. + * @param sessionId Value to set member attribute <b>sessionId</b> + */ + public void setSessionId( String sessionId ) { + this.sessionId = sessionId; + } + + /** + * Returns the value for the member attribute <b>sessionId</b> + * @return String - value of member attribute <b>sessionId</b>. + */ + public String getSessionId( ) { + return this.sessionId; + } + + /** + * This method sets the value to the member attribute <b>eventTime</b>. + * You cannot set null to the attribute. + * @param eventTime Value to set member attribute <b>eventTime</b> + */ + public void setEventTime( Date eventTime ) { + this.eventTime = eventTime; + } + + /** + * Returns the value for the member attribute <b>eventTime</b> + * @return Date - value of member attribute <b>eventTime</b>. + */ + public Date getEventTime( ) { + return this.eventTime; + } + + /** + * This method sets the value to the member attribute <b>requestUser</b>. + * You cannot set null to the attribute. + * @param requestUser Value to set member attribute <b>requestUser</b> + */ + public void setRequestUser( String requestUser ) { + this.requestUser = requestUser; + } + + /** + * Returns the value for the member attribute <b>requestUser</b> + * @return String - value of member attribute <b>requestUser</b>. + */ + public String getRequestUser( ) { + return this.requestUser; + } + + /** + * This method sets the value to the member attribute <b>action</b>. + * You cannot set null to the attribute. + * @param action Value to set member attribute <b>action</b> + */ + public void setAction( String action ) { + this.action = action; + } + + /** + * Returns the value for the member attribute <b>action</b> + * @return String - value of member attribute <b>action</b>. + */ + public String getAction( ) { + return this.action; + } + + /** + * This method sets the value to the member attribute <b>requestData</b>. + * You cannot set null to the attribute. + * @param requestData Value to set member attribute <b>requestData</b> + */ + public void setRequestData( String requestData ) { + this.requestData = requestData; + } + + /** + * Returns the value for the member attribute <b>requestData</b> + * @return String - value of member attribute <b>requestData</b>. + */ + public String getRequestData( ) { + return this.requestData; + } + + /** + * This method sets the value to the member attribute <b>resourcePath</b>. + * You cannot set null to the attribute. + * @param resourcePath Value to set member attribute <b>resourcePath</b> + */ + public void setResourcePath( String resourcePath ) { + this.resourcePath = resourcePath; + } + + /** + * Returns the value for the member attribute <b>resourcePath</b> + * @return String - value of member attribute <b>resourcePath</b>. + */ + public String getResourcePath( ) { + return this.resourcePath; + } + + /** + * This method sets the value to the member attribute <b>resourceType</b>. + * You cannot set null to the attribute. + * @param resourceType Value to set member attribute <b>resourceType</b> + */ + public void setResourceType( String resourceType ) { + this.resourceType = resourceType; + } + + /** + * Returns the value for the member attribute <b>resourceType</b> + * @return String - value of member attribute <b>resourceType</b>. + */ + public String getResourceType( ) { + return this.resourceType; + } + + /** + * This return the bean content in string format + * @return formatedStr + */ + @Override + public String toString( ) { + String str = "XXAccessAudit="; + str += super.toString(); + str += "id={" + id + "} "; + str += "auditType={" + auditType + "} "; + str += "accessResult={" + accessResult + "} "; + str += "accessType={" + accessType + "} "; + str += "aclEnforcer={" + aclEnforcer + "} "; + str += "agentId={" + agentId + "} "; + str += "clientIP={" + clientIP + "} "; + str += "clientType={" + clientType + "} "; + str += "policyId={" + policyId + "} "; + str += "repoName={" + repoName + "} "; + str += "repoType={" + repoType + "} "; + str += "resultReason={" + resultReason + "} "; + str += "sessionId={" + sessionId + "} "; + str += "eventTime={" + eventTime + "} "; + str += "requestUser={" + requestUser + "} "; + str += "action={" + action + "} "; + str += "requestData={" + requestData + "} "; + str += "resourcePath={" + resourcePath + "} "; + str += "resourceType={" + resourceType + "} "; + return str; + } + + /** + * Checks for all attributes except referenced db objects + * @return true if all attributes match + */ + @Override + public boolean equals( Object obj) { + if ( !super.equals(obj) ) { + return false; + } + XXAccessAuditBase other = (XXAccessAuditBase) obj; + if( this.auditType != other.auditType ) return false; + if( this.accessResult != other.accessResult ) return false; + if ((this.accessType == null && other.accessType != null) || (this.accessType != null && !this.accessType.equals(other.accessType))) { + return false; + } + if ((this.aclEnforcer == null && other.aclEnforcer != null) || (this.aclEnforcer != null && !this.aclEnforcer.equals(other.aclEnforcer))) { + return false; + } + if ((this.agentId == null && other.agentId != null) || (this.agentId != null && !this.agentId.equals(other.agentId))) { + return false; + } + if ((this.clientIP == null && other.clientIP != null) || (this.clientIP != null && !this.clientIP.equals(other.clientIP))) { + return false; + } + if ((this.clientType == null && other.clientType != null) || (this.clientType != null && !this.clientType.equals(other.clientType))) { + return false; + } + if( this.policyId != other.policyId ) return false; + if ((this.repoName == null && other.repoName != null) || (this.repoName != null && !this.repoName.equals(other.repoName))) { + return false; + } + if( this.repoType != other.repoType ) return false; + if ((this.resultReason == null && other.resultReason != null) || (this.resultReason != null && !this.resultReason.equals(other.resultReason))) { + return false; + } + if ((this.sessionId == null && other.sessionId != null) || (this.sessionId != null && !this.sessionId.equals(other.sessionId))) { + return false; + } + if ((this.eventTime == null && other.eventTime != null) || (this.eventTime != null && !this.eventTime.equals(other.eventTime))) { + return false; + } + if ((this.requestUser == null && other.requestUser != null) || (this.requestUser != null && !this.requestUser.equals(other.requestUser))) { + return false; + } + if ((this.action == null && other.action != null) || (this.action != null && !this.action.equals(other.action))) { + return false; + } + if ((this.requestData == null && other.requestData != null) || (this.requestData != null && !this.requestData.equals(other.requestData))) { + return false; + } + if ((this.resourcePath == null && other.resourcePath != null) || (this.resourcePath != null && !this.resourcePath.equals(other.resourcePath))) { + return false; + } + if ((this.resourceType == null && other.resourceType != null) || (this.resourceType != null && !this.resourceType.equals(other.resourceType))) { + return false; + } + return true; + } + public static String getEnumName(String fieldName ) { + if( fieldName.equals("auditType") ) { + return "CommonEnums.AssetType"; + } + if( fieldName.equals("accessResult") ) { + return "CommonEnums.AccessResult"; + } + return null; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3595251b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditV4.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditV4.java b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditV4.java new file mode 100644 index 0000000..54e3cb3 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditV4.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.entity; + +import javax.persistence.Entity; +import javax.persistence.Table; +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.ranger.common.AppConstants; + +@Entity +@XmlRootElement +@Table(name = "xa_access_audit") +public class XXAccessAuditV4 extends XXAccessAuditBase implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + @Override + public int getMyClassType() { + return AppConstants.CLASS_TYPE_XA_ACCESS_AUDIT_V4; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3595251b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditV5.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditV5.java b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditV5.java new file mode 100644 index 0000000..ff0f4f1 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessAuditV5.java @@ -0,0 +1,86 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.entity; + +/** + * Access Audit + * + */ + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.Table; +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.ranger.common.AppConstants; + +@Entity +@XmlRootElement +@Table(name = "xa_access_audit") +public class XXAccessAuditV5 extends XXAccessAuditBase implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + @Override + public int getMyClassType() { + return AppConstants.CLASS_TYPE_XA_ACCESS_AUDIT_V5; + } + + @Column(name="SEQ_NUM") + protected long sequenceNumber; + + @Column(name="EVENT_COUNT") + protected long eventCount; + + //event duration in ms + @Column(name="EVENT_DUR_MS") + protected long eventDuration; + + public long getSequenceNumber() { + return sequenceNumber; + } + public void setSequenceNumber(long sequenceNumber) { + this.sequenceNumber = sequenceNumber; + } + public long getEventCount() { + return eventCount; + } + public void setEventCount(long eventCount) { + this.eventCount = eventCount; + } + public long getEventDuration() { + return eventDuration; + } + public void setEventDuration(long eventDuration) { + this.eventDuration = eventDuration; + } + + /** + * This return the bean content in string format + * @return formatedStr + */ + @Override + public String toString( ) { + String str = super.toString(); + str += "sequenceNumber={" + sequenceNumber + "}"; + str += "eventCount={" + eventCount + "}"; + str += "eventDuration={" + eventDuration + "}"; + return str; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3595251b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/DbToSolrMigrationUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/DbToSolrMigrationUtil.java b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/DbToSolrMigrationUtil.java index 9ce1a12..433f5c9 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/DbToSolrMigrationUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/DbToSolrMigrationUtil.java @@ -29,9 +29,14 @@ import java.util.UUID; import org.apache.log4j.Logger; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXAccessAudit; +import org.apache.ranger.entity.XXAccessAuditBase; +import org.apache.ranger.entity.XXAccessAuditV4; +import org.apache.ranger.entity.XXAccessAuditV5; import org.apache.ranger.patch.BaseLoader; import org.apache.ranger.solr.SolrAccessAuditsService; import org.apache.ranger.authorization.utils.StringUtil; +import org.apache.ranger.biz.RangerBizUtil; +import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.DateUtil; import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.util.CLIUtil; @@ -41,6 +46,7 @@ import org.apache.solr.common.SolrInputDocument; import org.apache.solr.common.SolrInputField; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import org.springframework.util.CollectionUtils; @Component public class DbToSolrMigrationUtil extends BaseLoader { @@ -86,9 +92,11 @@ public class DbToSolrMigrationUtil extends BaseLoader { } public void migrateAuditDbLogsToSolr() { + System.out.println("Migration process is started.."); long maxXXAccessAuditID = daoManager.getXXAccessAudit().getMaxIdOfXXAccessAudit(); if(maxXXAccessAuditID==0){ logger.info("Access Audit log does not exist."); + System.out.println("Access Audit log does not exist in db."); return; } long maxMigratedID=0; @@ -103,8 +111,21 @@ public class DbToSolrMigrationUtil extends BaseLoader { } if(maxMigratedID>=maxXXAccessAuditID){ logger.info("No more DB Audit logs to migrate. Last migrated audit log ID: " + maxMigratedID); + System.out.println("No more DB Audit logs to migrate. Last migrated audit log ID: " + maxMigratedID); return; } + String db_flavor=AppConstants.getLabelFor_DatabaseFlavor(RangerBizUtil.getDBFlavor()); + logger.info("DB flavor: " + db_flavor); + List<String> columnList=daoManager.getXXAccessAudit().getColumnNames(db_flavor); + int auditTableVersion=4; + if(columnList!=null){ + if(columnList.contains("tags")){ + auditTableVersion=6; + }else if(columnList.contains("seq_num") && columnList.contains("event_count") && columnList.contains("event_dur_ms")){ + auditTableVersion=5; + } + } + logger.info("Columns Name:"+columnList); long maxRowsPerBatch=10000; //To ceil the actual division result i.e noOfBatches=maxXXAccessAuditID/maxRowsPerBatch long noOfBatches=((maxXXAccessAuditID-maxMigratedID)+maxRowsPerBatch-1)/maxRowsPerBatch; @@ -112,21 +133,72 @@ public class DbToSolrMigrationUtil extends BaseLoader { long rangeEnd=maxXXAccessAuditID-maxMigratedID<=maxRowsPerBatch ? maxXXAccessAuditID : rangeStart+maxRowsPerBatch; long startTimeInMS=0; long timeTaken=0; - List<XXAccessAudit> xXAccessAuditList=null; + long lastMigratedID=0; + long totalMigratedLogs=0; for(long index=1;index<=noOfBatches;index++){ logger.info("Batch "+ index+" of total "+noOfBatches); + System.out.println("Processing batch "+ index+" of total "+noOfBatches); startTimeInMS=System.currentTimeMillis(); //rangeStart and rangeEnd both exclusive, if we add +1 in maxRange - xXAccessAuditList=daoManager.getXXAccessAudit().getByIdRange(rangeStart,rangeEnd+1); - for(XXAccessAudit xXAccessAudit:xXAccessAuditList){ - if(xXAccessAudit!=null){ - try { - send2solr(xXAccessAudit); - } catch (Throwable e) { - logger.error("Error while writing audit log id '"+xXAccessAudit.getId()+"' to Solr.", e); - writeMigrationStatusFile(xXAccessAudit.getId(),CHECK_FILE_NAME); - logger.info("Stopping migration process!"); - return; + if(auditTableVersion==4){ + List<XXAccessAuditV4> xXAccessAuditV4List=daoManager.getXXAccessAudit().getByIdRangeV4(rangeStart,rangeEnd+1); + if(!CollectionUtils.isEmpty(xXAccessAuditV4List)){ + for(XXAccessAuditV4 xXAccessAudit:xXAccessAuditV4List){ + if(xXAccessAudit!=null){ + try { + send2solr(xXAccessAudit); + lastMigratedID=xXAccessAudit.getId(); + totalMigratedLogs++; + } catch (Throwable e) { + logger.error("Error while writing audit log id '"+xXAccessAudit.getId()+"' to Solr.", e); + writeMigrationStatusFile(lastMigratedID,CHECK_FILE_NAME); + logger.info("Stopping migration process!"); + System.out.println("Error while writing audit log id '"+xXAccessAudit.getId()+"' to Solr."); + System.out.println("Migration process failed, Please refer ranger_db_patch.log file."); + return; + } + } + } + } + }else if(auditTableVersion==5){ + List<XXAccessAuditV5> xXAccessAuditV5List=daoManager.getXXAccessAudit().getByIdRangeV5(rangeStart,rangeEnd+1); + if(!CollectionUtils.isEmpty(xXAccessAuditV5List)){ + for(XXAccessAuditV5 xXAccessAudit:xXAccessAuditV5List){ + if(xXAccessAudit!=null){ + try { + send2solr(xXAccessAudit); + lastMigratedID=xXAccessAudit.getId(); + totalMigratedLogs++; + } catch (Throwable e) { + logger.error("Error while writing audit log id '"+xXAccessAudit.getId()+"' to Solr.", e); + writeMigrationStatusFile(lastMigratedID,CHECK_FILE_NAME); + logger.info("Stopping migration process!"); + System.out.println("Error while writing audit log id '"+xXAccessAudit.getId()+"' to Solr."); + System.out.println("Migration process failed, Please refer ranger_db_patch.log file."); + return; + } + } + } + } + } + else if(auditTableVersion==6){ + List<XXAccessAudit> xXAccessAuditV6List=daoManager.getXXAccessAudit().getByIdRangeV6(rangeStart,rangeEnd+1); + if(!CollectionUtils.isEmpty(xXAccessAuditV6List)){ + for(XXAccessAudit xXAccessAudit:xXAccessAuditV6List){ + if(xXAccessAudit!=null){ + try { + send2solr(xXAccessAudit); + lastMigratedID=xXAccessAudit.getId(); + totalMigratedLogs++; + } catch (Throwable e) { + logger.error("Error while writing audit log id '"+xXAccessAudit.getId()+"' to Solr.", e); + writeMigrationStatusFile(lastMigratedID,CHECK_FILE_NAME); + logger.info("Stopping migration process!"); + System.out.println("Error while writing audit log id '"+xXAccessAudit.getId()+"' to Solr."); + System.out.println("Migration process failed, Please refer ranger_db_patch.log file."); + return; + } + } } } } @@ -140,12 +212,48 @@ public class DbToSolrMigrationUtil extends BaseLoader { rangeStart=rangeEnd; rangeEnd=rangeEnd+maxRowsPerBatch; } - + if(totalMigratedLogs>0){ + System.out.println("Total Number of Migrated Audit logs:"+totalMigratedLogs); + logger.info("Total Number of Migrated Audit logs:"+totalMigratedLogs); + } + System.out.println("Migration process finished!!"); + } + + public void send2solr(XXAccessAuditV4 xXAccessAudit) throws Throwable { + SolrInputDocument document = new SolrInputDocument(); + toSolrDocument(xXAccessAudit,document); + UpdateResponse response = solrServer.add(document); + if (response.getStatus() != 0) { + logger.info("Response=" + response.toString() + ", status= " + + response.getStatus() + ", event=" + xXAccessAudit.toString()); + throw new Exception("Failed to send audit event ID=" + xXAccessAudit.getId()); + } + } + + public void send2solr(XXAccessAuditV5 xXAccessAudit) throws Throwable { + SolrInputDocument document = new SolrInputDocument(); + toSolrDocument(xXAccessAudit,document); + UpdateResponse response = solrServer.add(document); + if (response.getStatus() != 0) { + logger.info("Response=" + response.toString() + ", status= " + + response.getStatus() + ", event=" + xXAccessAudit.toString()); + throw new Exception("Failed to send audit event ID=" + xXAccessAudit.getId()); + } } public void send2solr(XXAccessAudit xXAccessAudit) throws Throwable { - boolean uidIsString = true; SolrInputDocument document = new SolrInputDocument(); + toSolrDocument(xXAccessAudit,document); + UpdateResponse response = solrServer.add(document); + if (response.getStatus() != 0) { + logger.info("Response=" + response.toString() + ", status= " + + response.getStatus() + ", event=" + xXAccessAudit.toString()); + throw new Exception("Failed to send audit event ID=" + xXAccessAudit.getId()); + } + } + + private void toSolrDocument(XXAccessAuditBase xXAccessAudit, SolrInputDocument document) { + // add v4 fields document.addField("id", xXAccessAudit.getId()); document.addField("access", xXAccessAudit.getAccessType()); document.addField("enforcer", xXAccessAudit.getAclEnforcer()); @@ -164,12 +272,8 @@ public class DbToSolrMigrationUtil extends BaseLoader { document.addField("reason", xXAccessAudit.getResultReason()); document.addField("action", xXAccessAudit.getAction()); document.addField("evtTime", DateUtil.getLocalDateForUTCDate(xXAccessAudit.getEventTime())); - document.addField("seq_num", xXAccessAudit.getSequenceNumber()); - document.addField("event_count", xXAccessAudit.getEventCount()); - document.addField("event_dur_ms", xXAccessAudit.getEventDuration()); - document.addField("tags", xXAccessAudit.getTags()); - //If ID is not set, then we should add it. SolrInputField idField = document.getField("id"); + boolean uidIsString = true; if( idField == null) { Object uid = null; if(uidIsString) { @@ -177,15 +281,24 @@ public class DbToSolrMigrationUtil extends BaseLoader { } document.setField("id", uid); } + } - UpdateResponse response = solrServer.add(document); - if (response.getStatus() != 0) { - logger.info("Response=" + response.toString() + ", status= " - + response.getStatus() + ", event=" + xXAccessAudit.toString()); - throw new Exception("Failed to send audit event ID=" + xXAccessAudit.getId()); - } + private void toSolrDocument(XXAccessAuditV5 xXAccessAudit, SolrInputDocument document) { + toSolrDocument((XXAccessAuditBase)xXAccessAudit, document); + // add v5 fields + document.addField("seq_num", xXAccessAudit.getSequenceNumber()); + document.addField("event_count", xXAccessAudit.getEventCount()); + document.addField("event_dur_ms", xXAccessAudit.getEventDuration()); } + private void toSolrDocument(XXAccessAudit xXAccessAudit,SolrInputDocument document) { + toSolrDocument((XXAccessAuditBase)xXAccessAudit, document); + // add v6 fields + document.addField("seq_num", xXAccessAudit.getSequenceNumber()); + document.addField("event_count", xXAccessAudit.getEventCount()); + document.addField("event_dur_ms", xXAccessAudit.getEventDuration()); + document.addField("tags", xXAccessAudit.getTags()); + } private Long readMigrationStatusFile(String aFileName) throws IOException { Long migratedDbID=0L; Path path = Paths.get(aFileName); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3595251b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index f209bc4..76d3f21 100644 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -1012,7 +1012,13 @@ <named-query name="XXAccessAudit.getMaxIdOfXXAccessAudit"> <query>select max(obj.id) from XXAccessAudit obj</query> </named-query> - <named-query name="XXAccessAudit.getByIdRange"> + <named-query name="XXAccessAuditV4.getByIdRangeV4"> + <query>select obj from XXAccessAuditV4 obj WHERE obj.id > :idFrom AND obj.id < :idTo</query> + </named-query> + <named-query name="XXAccessAuditV5.getByIdRangeV5"> + <query>select obj from XXAccessAuditV5 obj WHERE obj.id > :idFrom AND obj.id < :idTo</query> + </named-query> + <named-query name="XXAccessAudit.getByIdRangeV6"> <query>select obj from XXAccessAudit obj WHERE obj.id > :idFrom AND obj.id < :idTo</query> </named-query> <named-query name="XXDataHist.findLatestByObjectClassTypeAndObjectIdAndEventTime"> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3595251b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml index 0d6679c..aee1c82 100644 --- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml +++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml @@ -107,15 +107,6 @@ <name>ranger.mail.listener.enable</name> <value>false</value> </property> -<!-- #Hibernate/JPA settings --> - <property> - <name>ranger.jpa.showsql</name> - <value>false</value> - </property> - - - - <!-- #Second Level Cache --> <property> <name>ranger.second_level_cache</name> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3595251b/security-admin/src/main/webapp/META-INF/applicationContext.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/META-INF/applicationContext.xml b/security-admin/src/main/webapp/META-INF/applicationContext.xml index 17f35a2..0580154 100644 --- a/security-admin/src/main/webapp/META-INF/applicationContext.xml +++ b/security-admin/src/main/webapp/META-INF/applicationContext.xml @@ -66,7 +66,7 @@ http://www.springframework.org/schema/util/spring-util.xsd";> <property name="dataSource" ref="loggingDataSource" /> <property name="jpaVendorAdapter"> <bean class="org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter"> - <property name="databasePlatform" value="${ranger.jpa.audit.jdbc.dialect}" /> + <property name="databasePlatform" value="${ranger.jpa.jdbc.dialect}" /> <property name="showSql" value="${ranger.jpa.showsql}" /> <property name="generateDdl" value="false" /> </bean> @@ -174,7 +174,7 @@ http://www.springframework.org/schema/util/spring-util.xsd";> <bean id="loggingDataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close"> <property name="driverClass"> - <value>${ranger.jpa.audit.jdbc.driver}</value> + <value>${ranger.jpa.jdbc.driver}</value> </property> <property name="jdbcUrl"> <value>${ranger.jpa.audit.jdbc.url}</value> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3595251b/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java ---------------------------------------------------------------------- diff --git a/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java b/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java index e51d165..4cb8dea 100644 --- a/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java +++ b/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java @@ -72,6 +72,7 @@ public class TagSyncConfig extends Configuration { private static final String TAGSYNC_TAGADMIN_KEYSTORE_PROP = "ranger.tagsync.keystore.filename"; private static final String DEFAULT_TAGADMIN_USERNAME = "rangertagsync"; + private static final String DEFAULT_TAGADMIN_PASSWORD = "rangertagsync"; private static final int DEFAULT_TAGSYNC_TAGADMIN_CONNECTION_CHECK_INTERVAL = 15000; private static final long DEFAULT_TAGSYNC_REST_SOURCE_DOWNLOAD_INTERVAL = 900000; @@ -268,6 +269,9 @@ public class TagSyncConfig extends Configuration { } } } + if(StringUtils.isBlank(password)){ + return DEFAULT_TAGADMIN_PASSWORD; + } return null; }
