Skip to content

Commit

Permalink
RANGER-5061: checkstyle compliance updates - security-admin modules (#…
Browse files Browse the repository at this point in the history 
…495)

- org.apache.ranger.view
- org.apache.ranger.validation
- org.apache.ranger.solr
- org.apache.ranger.json
- org.apache.ranger.metrics
- org.apache.ranger.patch
- org.apache.ranger.security
  • Loading branch information
@pradeepagrawal8184
pradeepagrawal8184 authored Jan 7, 2025
1 parent a2236c9 commit 23cb503
Show file tree
Hide file tree
Showing 195 changed files with 26,299 additions and 25,088 deletions.
49 changes: 49 additions & 0 deletions dev-support/checkstyle-suppressions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,53 @@
<suppress files="SortField.java" checks="TypeName"/>
<suppress files="SPOOL_FILE_STATUS.java" checks="TypeName"/>
<suppress files="TimedEventUtil.java" checks="HideUtilityClassConstructor"/>
<suppress files="PatchAssignSecurityZonePersmissionToAdmin_J10026.java" checks="TypeName"/>
<suppress files="PatchAtlasForClassificationResource_J10047" checks="TypeName"/>
<suppress files="PatchForAllServiceDefForPolicyConditionUpdate_J10060" checks="TypeName"/>
<suppress files="PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049" checks="TypeName"/>
<suppress files="PatchForAllServiceDefUpdateForResourceSpecificAccesses_J10012" checks="TypeName"/>
<suppress files="PatchForAtlasAdminAudits_J10043" checks="TypeName"/>
<suppress files="PatchForAtlasResourceAndAccessTypeUpdate_J10016" checks="TypeName"/>
<suppress files="PatchForAtlasServiceDefUpdate_J10013" checks="TypeName"/>
<suppress files="PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034" checks="TypeName"/>
<suppress files="PatchForAtlasToAddTypeRead_J10040" checks="TypeName"/>
<suppress files="PatchForDefaultAuidtFilters_J10050" checks="TypeName"/>
<suppress files="PatchForExternalUserStatusUpdate_J10056" checks="TypeName"/>
<suppress files="PatchForHBaseDefaultPolicyUpdate_J10045" checks="TypeName"/>
<suppress files="PatchForHBaseServiceDefUpdate_J10035" checks="TypeName"/>
<suppress files="PatchForHiveServiceDefUpdate_J10006" checks="TypeName"/>
<suppress files="PatchForHiveServiceDefUpdate_J10007" checks="TypeName"/>
<suppress files="PatchForHiveServiceDefUpdate_J10009" checks="TypeName"/>
<suppress files="PatchForHiveServiceDefUpdate_J10010" checks="TypeName"/>
<suppress files="PatchForHiveServiceDefUpdate_J10017" checks="TypeName"/>
<suppress files="PatchForHiveServiceDefUpdate_J10027" checks="TypeName"/>
<suppress files="PatchForHiveServiceDefUpdate_J10030" checks="TypeName"/>
<suppress files="PatchForKafkaServiceDefUpdate_J10015" checks="TypeName"/>
<suppress files="PatchForKafkaServiceDefUpdate_J10025" checks="TypeName"/>
<suppress files="PatchForKafkaServiceDefUpdate_J10033" checks="TypeName"/>
<suppress files="PatchForMigratingOldRegimePolicyJson_J10046" checks="TypeName"/>
<suppress files="PatchForMigratingRangerServiceResource_J10037" checks="TypeName"/>
<suppress files="PatchForNifiResourceUpdateExclude_J10011" checks="TypeName"/>
<suppress files="PatchForOzoneDefaultPoliciesUpdate_J10044" checks="TypeName"/>
<suppress files="PatchForOzoneServiceDefConfigUpdate_J10051" checks="TypeName"/>
<suppress files="PatchForOzoneServiceDefUpdate_J10041" checks="TypeName"/>
<suppress files="PatchForPrestoToSupportPresto333_J10038" checks="TypeName"/>
<suppress files="PatchForServiceVersionInfo_J10004" checks="TypeName"/>
<suppress files="PatchForSolrSvcDefAndPoliciesUpdate_J10055" checks="TypeName"/>
<suppress files="PatchForSyncSourceUpdate_J10054" checks="TypeName"/>
<suppress files="PatchForTagServiceDefUpdate_J10008" checks="TypeName"/>
<suppress files="PatchForTagServiceDefUpdate_J10028" checks="TypeName"/>
<suppress files="PatchForTrinoSvcDefUpdate_J10062" checks="TypeName"/>
<suppress files="PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063" checks="TypeName"/>
<suppress files="PatchForUpdatingPolicyJson_J10019" checks="TypeName"/>
<suppress files="PatchForUpdatingTagsJson_J10020" checks="TypeName"/>
<suppress files="PatchForXGlobalState_J10036" checks="TypeName"/>
<suppress files="PatchGrantAuditPermissionToKeyRoleUser_J10014" checks="TypeName"/>
<suppress files="PatchMigration_J10002" checks="TypeName"/>
<suppress files="PatchPasswordEncryption_J10001" checks="TypeName"/>
<suppress files="PatchPermissionModel_J10003" checks="TypeName"/>
<suppress files="PatchPreSql_057_ForUpdateToUniqueGUID_J10052" checks="TypeName"/>
<suppress files="PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053" checks="TypeName"/>
<suppress files="PatchSetAccessTypeCategory_J10061" checks="TypeName"/>
<suppress files="PatchTagModulePermission_J10005" checks="TypeName"/>
</suppressions>
7 changes: 3 additions & 4 deletions security-admin/src/main/java/javax/ws/rs/core/NoContentException.java
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@

/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
Expand All @@ -7,9 +6,9 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Expand Down
136 changes: 61 additions & 75 deletions security-admin/src/main/java/org/apache/ranger/AccessAuditsService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,83 +30,60 @@
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;

public class AccessAuditsService {
protected List<SortField> sortFields = new ArrayList<SortField>();
protected List<SearchField> searchFields;
protected List<SortField> sortFields = new ArrayList<>();
protected List<SearchField> searchFields = new ArrayList<>();

@Autowired
protected
RESTErrorUtil restErrorUtil;
protected RESTErrorUtil restErrorUtil;

@Autowired
protected
RangerDaoManager daoManager;
protected RangerDaoManager daoManager;

public AccessAuditsService() {
searchFields = new ArrayList<SearchField>();
searchFields.add(new SearchField("id", "id",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("accessType", "access",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("aclEnforcer", "enforcer",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("agentId", "agent",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("repoName", "repo",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("sessionId", "sess",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("requestUser", "reqUser",
SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("excludeUser", "exlUser",
SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("requestData", "reqData", SearchField.DATA_TYPE.STRING,
SearchField.SEARCH_TYPE.PARTIAL));
searchFields.add(new SearchField("resourcePath", "resource", SearchField.DATA_TYPE.STRING,
SearchField.SEARCH_TYPE.PARTIAL));
searchFields.add(new SearchField("clientIP", "cliIP",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));

searchFields.add(new SearchField("auditType", "logType",
SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("accessResult", "result",
SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("id", "id", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("accessType", "access", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("aclEnforcer", "enforcer", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("agentId", "agent", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("repoName", "repo", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("sessionId", "sess", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("requestUser", "reqUser", SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("excludeUser", "exlUser", SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("requestData", "reqData", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
searchFields.add(new SearchField("resourcePath", "resource", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
searchFields.add(new SearchField("clientIP", "cliIP", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));

searchFields.add(new SearchField("auditType", "logType", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("accessResult", "result", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
// searchFields.add(new SearchField("assetId", "obj.assetId",
// SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("policyId", "policy",
SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("repoType", "repoType",
SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("policyId", "policy", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("repoType", "repoType", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
/* Note; search fields starting with '-' denotes exclude conditions,
* it should be handled manually if audit destination does not support the same.
* solr support this way while cloudwatch does not.
*/
searchFields.add(new SearchField("-repoType", "-repoType",
SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("-requestUser", "-reqUser",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("resourceType", "resType",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("reason", "reason",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("action", "action",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));

searchFields.add(new SearchField("startDate", "evtTime",
SearchField.DATA_TYPE.DATE, SearchField.SEARCH_TYPE.GREATER_EQUAL_THAN));
searchFields.add(new SearchField("endDate", "evtTime", SearchField.DATA_TYPE.DATE,
SearchField.SEARCH_TYPE.LESS_EQUAL_THAN));
searchFields.add(new SearchField("-repoType", "-repoType", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("-requestUser", "-reqUser", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("resourceType", "resType", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("reason", "reason", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("action", "action", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));

searchFields.add(new SearchField("startDate", "evtTime", SearchField.DATA_TYPE.DATE, SearchField.SEARCH_TYPE.GREATER_EQUAL_THAN));
searchFields.add(new SearchField("endDate", "evtTime", SearchField.DATA_TYPE.DATE, SearchField.SEARCH_TYPE.LESS_EQUAL_THAN));

searchFields.add(new SearchField("tags", "tags", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
searchFields.add(new SearchField("cluster", "cluster",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("zoneName", "zoneName",
SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("agentHost", "agentHost",
SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));

sortFields.add(new SortField("eventTime", "evtTime", true,
SortField.SORT_ORDER.DESC));
searchFields.add(new SearchField("cluster", "cluster", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("zoneName", "zoneName", SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
searchFields.add(new SearchField("agentHost", "agentHost", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));

sortFields.add(new SortField("eventTime", "evtTime", true, SortField.SORT_ORDER.DESC));
sortFields.add(new SortField("policyId", "policy", false, SORT_ORDER.ASC));
sortFields.add(new SortField("requestUser", "reqUser", false, SORT_ORDER.ASC));
sortFields.add(new SortField("resourceType", "resType", false, SORT_ORDER.ASC));
Expand All @@ -120,13 +97,16 @@ public AccessAuditsService() {
protected void updateUserExclusion(Map<String, Object> paramList) {
String val = (String) paramList.get("excludeServiceUser");

if (val != null && Boolean.valueOf(val.trim())) {
if (val != null && Boolean.parseBoolean(val.trim())) {
// add param to negate requestUsers which will be added as filter query
List<String> excludeUsersList = getExcludeUsersList();

if (CollectionUtils.isNotEmpty(excludeUsersList)) {
Object oldUserExclusions = paramList.get("-requestUser");
if (oldUserExclusions instanceof Collection && (!((Collection<?>)oldUserExclusions).isEmpty())) {
excludeUsersList.addAll((Collection<String>)oldUserExclusions);

if (oldUserExclusions instanceof Collection && (!((Collection<?>) oldUserExclusions).isEmpty())) {
excludeUsersList.addAll((Collection<String>) oldUserExclusions);

paramList.put("-requestUser", excludeUsersList);
} else {
paramList.put("-requestUser", excludeUsersList);
Expand All @@ -137,32 +117,38 @@ protected void updateUserExclusion(Map<String, Object> paramList) {

private List<String> getExcludeUsersList() {
//for excluding serviceUsers using existing property in ranger-admin-site
List<String> excludeUsersList = new ArrayList<String>(getServiceUserList());
List<String> excludeUsersList = new ArrayList<>(getServiceUserList());

//for excluding additional users using new property in ranger-admin-site
String additionalExcludeUsers = PropertiesUtil.getProperty("ranger.accesslogs.exclude.users.list");
List<String> additionalExcludeUsersList = null;
String additionalExcludeUsers = PropertiesUtil.getProperty("ranger.accesslogs.exclude.users.list");
List<String> additionalExcludeUsersList;

if (StringUtils.isNotBlank(additionalExcludeUsers)) {
additionalExcludeUsersList = new ArrayList<>(Arrays.asList(StringUtils.split(additionalExcludeUsers, ",")));

for (String serviceUser : additionalExcludeUsersList) {
if (StringUtils.isNotBlank(serviceUser) && !excludeUsersList.contains(serviceUser.trim())) {
excludeUsersList.add(serviceUser);
}
}
}

return excludeUsersList;
}

private List<String> getServiceUserList() {
String components = EmbeddedServiceDefsUtil.DEFAULT_BOOTSTRAP_SERVICEDEF_LIST;
List<String> serviceUsersList = new ArrayList<String>();
List<String> componentNames = Arrays.asList(StringUtils.split(components,","));
for(String componentName : componentNames) {
String serviceUser = PropertiesUtil.getProperty("ranger.plugins."+componentName+".serviceuser");
if(StringUtils.isNotBlank(serviceUser)) {
String components = EmbeddedServiceDefsUtil.DEFAULT_BOOTSTRAP_SERVICEDEF_LIST;
List<String> serviceUsersList = new ArrayList<>();
String[] componentNames = StringUtils.split(components, ",");

for (String componentName : componentNames) {
String serviceUser = PropertiesUtil.getProperty("ranger.plugins." + componentName + ".serviceuser");

if (StringUtils.isNotBlank(serviceUser)) {
serviceUsersList.add(serviceUser);
}
}

return serviceUsersList;
}
}
36 changes: 18 additions & 18 deletions security-admin/src/main/java/org/apache/ranger/json/Folder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,27 +17,27 @@
* under the License.
*/

package org.apache.ranger.json;
package org.apache.ranger.json;

import java.util.List;

public class Folder {
String name;
List<Folder> folders;

String name;
List<Folder> folders;


public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public List<Folder> getFolders() {
return folders;
}
public void setFolders(List<Folder> folders) {
this.folders = folders;
}

public String getName() {
return name;
}

public void setName(String name) {
this.name = name;
}

public List<Folder> getFolders() {
return folders;
}

public void setFolders(List<Folder> folders) {
this.folders = folders;
}
}
27 changes: 11 additions & 16 deletions security-admin/src/main/java/org/apache/ranger/json/JsonDateSerializer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,34 +17,29 @@
* under the License.
*/

package org.apache.ranger.json;

import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.Date;
package org.apache.ranger.json;

import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.SerializerProvider;
import org.springframework.stereotype.Component;

import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.Date;

/**
* Used to serialize Java.util.Date, which is not a common JSON type, so we have
* to create a custom serialize method;.
*
*/
@Component
public class JsonDateSerializer extends JsonSerializer<Date> {
private static final String DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";

private static final String DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
@Override
public void serialize(Date date, JsonGenerator gen,
SerializerProvider provider) throws IOException,
JsonProcessingException {

String formattedDate = new SimpleDateFormat(DATE_FORMAT).format(date);
gen.writeString(formattedDate);
}
@Override
public void serialize(Date date, JsonGenerator gen, SerializerProvider provider) throws IOException {
String formattedDate = new SimpleDateFormat(DATE_FORMAT).format(date);

gen.writeString(formattedDate);
}
}
Loading

0 comments on commit 23cb503

Please sign in to comment.