[ranger] branch master updated: RANGER-3780: Upgrade tomcat to 8.5.79
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new ab096438c RANGER-3780: Upgrade tomcat to 8.5.79 ab096438c is described below commit ab096438cf44d1464f32081b4a087b365e57d6dd Author: pradeep AuthorDate: Thu Jun 2 20:57:13 2022 +0530 RANGER-3780: Upgrade tomcat to 8.5.79 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b0bdcc56f..043e2c2e9 100644 --- a/pom.xml +++ b/pom.xml @@ -202,7 +202,7 @@ 1.99.7 1.2.4 1.19 -8.5.78 +8.5.79 6.9.4 2.3 3.4.14
[ranger] 02/02: RANGER-3740: Ranger- Add an API to refresh tag cache -- follow-up patch
This is an automated email from the ASF dual-hosted git repository. mehul pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit 2a057768fc6a345fce013a89c72d5d67d0df666d Author: Kishor Gollapalliwar AuthorDate: Tue May 31 16:43:04 2022 +0530 RANGER-3740: Ranger- Add an API to refresh tag cache -- follow-up patch Signed-off-by: Mehul Parikh --- .../main/java/org/apache/ranger/rest/TagREST.java | 47 ++ 1 file changed, 40 insertions(+), 7 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java index 79dbdc76d..01df04e3f 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java @@ -602,6 +602,11 @@ public class TagREST { return ret; } +/** + * Resets/ removes tag policy cache for given service. + * @param serviceName non-empty service-name + * @return {@code true} if successfully reseted/ removed for given service, {@code false} otherwise. + */ @GET @Path(TagRESTConstants.TAGS_RESOURCE + "cache/reset") @Produces({ "application/json", "application/xml" }) @@ -610,18 +615,20 @@ public class TagREST { LOG.debug("==> TagREST.resetTagCache({})", serviceName); } +if (StringUtils.isEmpty(serviceName)) { +throw restErrorUtil.createRESTException("Required parameter [serviceName] is missing.", MessageEnums.INVALID_INPUT_DATA); +} + // check for ADMIN access if (!bizUtil.isAdmin()) { boolean isServiceAdmin = false; String loggedInUser = bizUtil.getCurrentUserLoginId(); -if (StringUtils.isNotEmpty(serviceName)) { -try { -RangerService rangerService = svcStore.getServiceByName(serviceName); -isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser); -} catch (Exception e) { -LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + serviceName + "]", e); -} +try { +RangerService rangerService = svcStore.getServiceByName(serviceName); +isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser); +} catch (Exception e) { +LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + serviceName + "]", e); } if (!isServiceAdmin) { @@ -638,6 +645,32 @@ public class TagREST { return ret; } +/** + * Resets/ removes tag policy cache for all. + * @return {@code true} if successfully reseted/ removed, {@code false} otherwise. + */ +@GET +@Path(TagRESTConstants.TAGS_RESOURCE + "cache/reset-all") +@Produces({ "application/json", "application/xml" }) +public boolean resetTagCacheAll() { +if (LOG.isDebugEnabled()) { +LOG.debug("==> TagREST.resetTagCacheAll()"); +} + +// check for ADMIN access +if (!bizUtil.isAdmin()) { +throw restErrorUtil.createRESTException("User cannot reset policy cache", MessageEnums.OPER_NO_PERMISSION); +} + +boolean ret = tagStore.resetTagCache(null); + +if (LOG.isDebugEnabled()) { +LOG.debug("<== TagREST.resetTagCacheAll(): ret={}", ret); +} + +return ret; +} + @POST @Path(TagRESTConstants.RESOURCES_RESOURCE) @Produces({ "application/json", "application/xml" })
[ranger] branch master updated (d0a6d3018 -> 2a057768f)
This is an automated email from the ASF dual-hosted git repository. mehul pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git from d0a6d3018 RANGER-3606: Addendum to: 'remove unnecessary static members from plugin class loaders' - Cannot find plugin-class-loader for TAG service-type in JDK11 new e182e5b6c RANGER-3767 : Add text message in HDFS and YARN policy pages to highlight the fallback ACL option. new 2a057768f RANGER-3740: Ranger- Add an API to refresh tag cache -- follow-up patch The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../main/java/org/apache/ranger/rest/TagREST.java | 47 ++ .../src/main/webapp/scripts/utils/XAEnums.js | 14 --- .../src/main/webapp/scripts/utils/XAUtils.js | 4 ++ .../views/policies/NRangerPolicyTableLayout.js | 10 - .../views/policies/RangerPolicyTableLayout.js | 9 + .../policies/RangerPolicyTableLayout_tmpl.html | 4 ++ 6 files changed, 75 insertions(+), 13 deletions(-)
[ranger] 01/02: RANGER-3767 : Add text message in HDFS and YARN policy pages to highlight the fallback ACL option.
This is an automated email from the ASF dual-hosted git repository. mehul pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit e182e5b6ca9bf625101f787b4d31e07387ba6a4f Author: Dhaval.Rajpara AuthorDate: Wed May 18 18:52:16 2022 +0530 RANGER-3767 : Add text message in HDFS and YARN policy pages to highlight the fallback ACL option. Signed-off-by: Mehul Parikh --- security-admin/src/main/webapp/scripts/utils/XAEnums.js| 14 +- security-admin/src/main/webapp/scripts/utils/XAUtils.js| 4 .../scripts/views/policies/NRangerPolicyTableLayout.js | 10 +- .../scripts/views/policies/RangerPolicyTableLayout.js | 9 + .../templates/policies/RangerPolicyTableLayout_tmpl.html | 4 5 files changed, 35 insertions(+), 6 deletions(-) diff --git a/security-admin/src/main/webapp/scripts/utils/XAEnums.js b/security-admin/src/main/webapp/scripts/utils/XAEnums.js index 6407b68f3..9041908c6 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAEnums.js +++ b/security-admin/src/main/webapp/scripts/utils/XAEnums.js @@ -133,8 +133,9 @@ define(function(require) { Service_KNOX:{value:4, label:'knox', rbkey:'xa.enum.AssetType.ASSET_KNOX', tt: 'lbl.AssetType_ASSET_KNOX'}, Service_STORM:{value:5, label:'storm', rbkey:'xa.enum.AssetType.ASSET_STORM', tt: 'lbl.AssetType_ASSET_STORM'}, Service_SOLR:{value:6, label:'solr', rbkey:'xa.enum.AssetType.ASSET_SOLR', tt: 'lbl.AssetType_ASSET_SOLR'}, -SERVICE_TAG:{value:7, label:'tag', rbkey:'xa.enum.ServiceType.SERVICE_TAG', tt: 'lbl.ServiceType_SERVICE_TAG'}, -Service_KMS:{value:8, label:'kms', rbkey:'xa.enum.ServiceType.SERVICE_KMS', tt: 'lbl.ServiceType_SERVICE_KMS'} + SERVICE_TAG:{value:7, label:'tag', rbkey:'xa.enum.ServiceType.SERVICE_TAG', tt: 'lbl.ServiceType_SERVICE_TAG'}, + Service_KMS:{value:8, label:'kms', rbkey:'xa.enum.ServiceType.SERVICE_KMS', tt: 'lbl.ServiceType_SERVICE_KMS'}, + Service_YARN:{value:8, label:'yarn', rbkey:'xa.enum.ServiceType.SERVICE_YARN', tt: 'lbl.ServiceType_SERVICE_YARN'} }); XAEnums.AuthStatus = mergeParams(XAEnums.AuthStatus, { @@ -371,10 +372,13 @@ define(function(require) { XA_PERM_TYPE_GET_USER_TOPOLOGY:{value:29, label:'Get User Topology', rbkey:'xa.enum.XAPermType.XA_PERM_TYPE_ALLOW', tt: 'lbl.XAPermType_XA_PERM_TYPE_ALLOW'}, XA_PERM_TYPE_GET_TOPOLOGY_INFO:{value:30, label:'Get Topology Info', rbkey:'xa.enum.XAPermType.XA_PERM_TYPE_ALLOW', tt: 'lbl.XAPermType_XA_PERM_TYPE_ALLOW'}, XA_PERM_TYPE_UPLOAD_NEW_CREDENTIAL:{value:31, label:'Upload New Credential', rbkey:'xa.enum.XAPermType.XA_PERM_TYPE_ALLOW', tt: 'lbl.XAPermType_XA_PERM_TYPE_ALLOW'}, - - }); - + + XAEnums.PluginConfig = mergeParams(XAEnums.PluginConfig, { + HDFS : {configName:"xasecure.add-hadoop-authorization"}, + YARN : {configName:"ranger.add-yarn-authorization"} + }) + XAEnums.MenuPermissions = mergeParams(XAEnums.MenuPermissions, { XA_RESOURCE_BASED_POLICIES:{value:1, label:'Resource Based Policies', rbkey:'xa.enum.MenuPermissions.XA_RESOURCE_BASED_POLICIES', tt: 'lbl.XAPermForType_XA_RESOURCE_BASED_POLICIES'}, XA_USER_GROUPS:{value:2, label:'Users/Groups', rbkey:'xa.enum.MenuPermissions.XA_USER_GROUP', tt: 'lbl.XAPermForType_XA_USER_GROUPS'}, diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js index 37b35d2dd..b49387817 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js +++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js @@ -2020,5 +2020,9 @@ define(function(require) { } }; +XAUtils.pluginConfigInfo = function (serviceName) { + return 'By default, fallback to '+ serviceName +' ACLs are enabled. If access cannot be determined by Ranger policies, authorization will fall back to '+ serviceName +' ACLs. If this behavior needs to be changed, modify '+serviceName+' plugin config - '+XAEnums.PluginConfig[serviceName].configName+'.' +}; + return XAUtils; }); \ No newline at end of file diff --git a/security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js b/security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js index d7ff26da1..64f975a99 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js +++ b/security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js @@ -51,6 +51,13 @@ define(function(require) { template: RangerPolicyTableLayoutTmpl, templateHelpers: function() { +var infoMsg ="", displayClass = "d-none"; +if(this.rangerService &&