You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/03/20 08:27:34 UTC
incubator-ranger git commit: RANGER-322: renamed RangerResource class
and added utility methods
Repository: incubator-ranger
Updated Branches:
refs/heads/master cf05516bf -> 4bf8a3fae
RANGER-322: renamed RangerResource class and added utility methods
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/4bf8a3fa
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/4bf8a3fa
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/4bf8a3fa
Branch: refs/heads/master
Commit: 4bf8a3fae805e1175ba62588ea578abb4a9d9880
Parents: cf05516
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Thu Mar 19 23:35:11 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Fri Mar 20 00:25:14 2015 -0700
----------------------------------------------------------------------
.../plugin/audit/RangerDefaultAuditHandler.java | 60 +----
.../ranger/plugin/policyengine/CacheMap.java | 2 +
.../plugin/policyengine/RangerAccessData.java | 39 ----
.../policyengine/RangerAccessRequest.java | 2 +-
.../policyengine/RangerAccessRequestImpl.java | 28 +--
.../policyengine/RangerAccessResource.java | 44 ++++
.../policyengine/RangerAccessResourceImpl.java | 222 +++++++++++++++++++
.../policyengine/RangerMutableResource.java | 2 +-
.../policyengine/RangerPolicyEngineImpl.java | 8 +-
.../RangerPolicyEvaluatorFacade.java | 24 +-
.../policyengine/RangerPolicyRepository.java | 43 ++--
.../plugin/policyengine/RangerResource.java | 33 ---
.../plugin/policyengine/RangerResourceImpl.java | 126 -----------
.../RangerDefaultPolicyEvaluator.java | 8 +-
.../policyevaluator/RangerPolicyEvaluator.java | 6 +-
.../ranger/plugin/service/RangerBasePlugin.java | 4 +-
.../plugin/policyengine/TestPolicyEngine.java | 8 +-
.../hbase/AuthorizationSession.java | 4 +-
.../authorization/hbase/TestPolicyEngine.java | 12 +-
.../namenode/RangerFSPermissionChecker.java | 41 +---
.../hive/authorizer/RangerHiveAuditHandler.java | 9 +-
.../hive/authorizer/RangerHiveAuthorizer.java | 6 +-
.../hive/authorizer/RangerHiveResource.java | 125 ++---------
.../authorization/knox/KnoxRangerPlugin.java | 4 +-
.../yarn/authorizer/RangerYarnAuthorizer.java | 46 +---
.../apache/ranger/common/RangerSearchUtil.java | 23 +-
.../org/apache/ranger/rest/ServiceREST.java | 24 +-
.../authorization/storm/StormRangerPlugin.java | 4 +-
28 files changed, 420 insertions(+), 537 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
index feb6e98..28796dd 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
@@ -28,17 +28,14 @@ import org.apache.commons.logging.LogFactory;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.audit.provider.AuditProviderFactory;
import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResource;
public class RangerDefaultAuditHandler implements RangerAuditHandler {
private static final Log LOG = LogFactory.getLog(RangerDefaultAuditHandler.class);
- private static final String RESOURCE_SEP = "/";
-
public RangerDefaultAuditHandler() {
}
@@ -84,9 +81,10 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler {
RangerAccessRequest request = result != null ? result.getAccessRequest() : null;
if(request != null && result != null && result.getIsAudited()) {
- RangerServiceDef serviceDef = result.getServiceDef();
- String resourceType = getResourceName(request.getResource(), serviceDef);
- String resourcePath = getResourceValueAsString(request.getResource(), serviceDef);
+ RangerServiceDef serviceDef = result.getServiceDef();
+ RangerAccessResource resource = request.getResource();
+ String resourceType = resource == null ? null : resource.getLeafName(serviceDef);
+ String resourcePath = resource == null ? null : resource.getAsString(serviceDef);
ret = createAuthzAuditEvent();
@@ -180,52 +178,4 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler {
public AuthzAuditEvent createAuthzAuditEvent() {
return new AuthzAuditEvent();
}
-
- public String getResourceName(RangerResource resource, RangerServiceDef serviceDef) {
- String ret = null;
-
- if(resource != null && serviceDef != null && serviceDef.getResources() != null) {
- List<RangerResourceDef> resourceDefs = serviceDef.getResources();
-
- for(int idx = resourceDefs.size() - 1; idx >= 0; idx--) {
- RangerResourceDef resourceDef = resourceDefs.get(idx);
-
- if(resourceDef == null || !resource.exists(resourceDef.getName())) {
- continue;
- }
-
- ret = resourceDef.getName();
-
- break;
- }
- }
-
- return ret;
- }
-
- public String getResourceValueAsString(RangerResource resource, RangerServiceDef serviceDef) {
- String ret = null;
-
- if(resource != null && serviceDef != null && serviceDef.getResources() != null) {
- StringBuilder sb = new StringBuilder();
-
- for(RangerResourceDef resourceDef : serviceDef.getResources()) {
- if(resourceDef == null || !resource.exists(resourceDef.getName())) {
- continue;
- }
-
- if(sb.length() > 0) {
- sb.append(RESOURCE_SEP);
- }
-
- sb.append(resource.getValue(resourceDef.getName()));
- }
-
- if(sb.length() > 0) {
- ret = sb.toString();
- }
- }
-
- return ret;
- }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/CacheMap.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/CacheMap.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/CacheMap.java
index 382577e..c5f2fc0 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/CacheMap.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/CacheMap.java
@@ -22,6 +22,8 @@ import java.util.LinkedHashMap;
import java.util.Map;
public class CacheMap<K, V> extends LinkedHashMap<K, V> {
+ private static final long serialVersionUID = 1L;
+
private static final float RANGER_CACHE_DEFAULT_LOAD_FACTOR = 0.75f;
protected int maxCapacity;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessData.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessData.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessData.java
deleted file mode 100644
index 34f7428..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessData.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-
-public class RangerAccessData<T> {
- private String accessFDN = null;
- private T accessDetails = null;
-
- public RangerAccessData(String accessFDN) {
- this.accessFDN = accessFDN;
- }
- public String getAccessFDN() {
- return accessFDN;
- }
- public T getAccessDetails() {
- return accessDetails;
- }
- public void setAccessDetails(T accessDetails) {
- this.accessDetails = accessDetails;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
index 56a55ae..511896e 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
@@ -24,7 +24,7 @@ import java.util.Map;
import java.util.Set;
public interface RangerAccessRequest {
- RangerResource getResource();
+ RangerAccessResource getResource();
String getAccessType();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
index bc23763..48e5cf8 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
@@ -27,23 +27,23 @@ import java.util.Set;
public class RangerAccessRequestImpl implements RangerAccessRequest {
- private RangerResource resource = null;
- private String accessType = null;
- private String user = null;
- private Set<String> userGroups = null;
- private Date accessTime = null;
- private String clientIPAddress = null;
- private String clientType = null;
- private String action = null;
- private String requestData = null;
- private String sessionId = null;
- private Map<String, Object> context = null;
+ private RangerAccessResource resource = null;
+ private String accessType = null;
+ private String user = null;
+ private Set<String> userGroups = null;
+ private Date accessTime = null;
+ private String clientIPAddress = null;
+ private String clientType = null;
+ private String action = null;
+ private String requestData = null;
+ private String sessionId = null;
+ private Map<String, Object> context = null;
public RangerAccessRequestImpl() {
this(null, null, null, null);
}
- public RangerAccessRequestImpl(RangerResource resource, String accessType, String user, Set<String> userGroups) {
+ public RangerAccessRequestImpl(RangerAccessResource resource, String accessType, String user, Set<String> userGroups) {
setResource(resource);
setAccessType(accessType);
setUser(user);
@@ -60,7 +60,7 @@ public class RangerAccessRequestImpl implements RangerAccessRequest {
}
@Override
- public RangerResource getResource() {
+ public RangerAccessResource getResource() {
return resource;
}
@@ -114,7 +114,7 @@ public class RangerAccessRequestImpl implements RangerAccessRequest {
return context;
}
- public void setResource(RangerResource resource) {
+ public void setResource(RangerAccessResource resource) {
this.resource = resource;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java
new file mode 100644
index 0000000..82c0248
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.ranger.plugin.model.RangerServiceDef;
+
+
+public interface RangerAccessResource {
+ public static final String RESOURCE_SEP = "/";
+
+ public abstract String getOwnerUser();
+
+ public abstract boolean exists(String name);
+
+ public abstract String getValue(String name);
+
+ public Set<String> getKeys();
+
+ public String getLeafName(RangerServiceDef serviceDef);
+
+ public String getAsString(RangerServiceDef serviceDef);
+
+ public Map<String, String> getAsMap();
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java
new file mode 100644
index 0000000..7c26f90
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java
@@ -0,0 +1,222 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.commons.lang.ObjectUtils;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
+
+
+public class RangerAccessResourceImpl implements RangerMutableResource {
+ private String ownerUser = null;
+ private Map<String, String> elements = null;
+ private String stringifiedValue = null;
+ private String leafName = null;
+
+
+ public RangerAccessResourceImpl() {
+ this(null, null);
+ }
+
+ public RangerAccessResourceImpl(Map<String, String> elements) {
+ this(elements, null);
+ }
+
+ public RangerAccessResourceImpl(Map<String, String> elements, String ownerUser) {
+ this.elements = elements;
+ this.ownerUser = ownerUser;
+ }
+
+ @Override
+ public String getOwnerUser() {
+ return ownerUser;
+ }
+
+ @Override
+ public boolean exists(String name) {
+ return elements != null && elements.containsKey(name);
+ }
+
+ @Override
+ public String getValue(String name) {
+ String ret = null;
+
+ if(elements != null && elements.containsKey(name)) {
+ ret = elements.get(name);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public Set<String> getKeys() {
+ Set<String> ret = null;
+
+ if(elements != null) {
+ ret = elements.keySet();
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void setOwnerUser(String ownerUser) {
+ this.ownerUser = ownerUser;
+ }
+
+ @Override
+ public void setValue(String name, String value) {
+ if(value == null) {
+ if(elements != null) {
+ elements.remove(name);
+
+ if(elements.isEmpty()) {
+ elements = null;
+ }
+ }
+ } else {
+ if(elements == null) {
+ elements = new HashMap<String, String>();
+ }
+ elements.put(name, value);
+ }
+
+ // reset, so that these will be computed again with updated elements
+ stringifiedValue = leafName = null;
+ }
+
+ @Override
+ public String getLeafName(RangerServiceDef serviceDef) {
+ String ret = leafName;
+
+ if(ret == null) {
+ if(serviceDef != null && serviceDef.getResources() != null) {
+ List<RangerResourceDef> resourceDefs = serviceDef.getResources();
+
+ for(int idx = resourceDefs.size() - 1; idx >= 0; idx--) {
+ RangerResourceDef resourceDef = resourceDefs.get(idx);
+
+ if(resourceDef == null || !exists(resourceDef.getName())) {
+ continue;
+ }
+
+ ret = leafName = resourceDef.getName();
+
+ break;
+ }
+ }
+ }
+
+ return ret;
+ }
+
+ @Override
+ public String getAsString(RangerServiceDef serviceDef) {
+ String ret = stringifiedValue;
+
+ if(ret == null) {
+ if(serviceDef != null && serviceDef.getResources() != null) {
+ StringBuilder sb = new StringBuilder();
+
+ for(RangerResourceDef resourceDef : serviceDef.getResources()) {
+ if(resourceDef == null || !exists(resourceDef.getName())) {
+ continue;
+ }
+
+ if(sb.length() > 0) {
+ sb.append(RESOURCE_SEP);
+ }
+
+ sb.append(getValue(resourceDef.getName()));
+ }
+
+ if(sb.length() > 0) {
+ ret = stringifiedValue = sb.toString();
+ }
+ }
+ }
+
+ return ret;
+ }
+
+ @Override
+ public Map<String, String> getAsMap() {
+ return Collections.unmodifiableMap(elements);
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if(obj == null || !(obj instanceof RangerAccessResourceImpl)) {
+ return false;
+ }
+
+ if(this == obj) {
+ return true;
+ }
+
+ RangerAccessResourceImpl other = (RangerAccessResourceImpl) obj;
+
+ return ObjectUtils.equals(ownerUser, other.ownerUser) &&
+ ObjectUtils.equals(elements, other.elements);
+ }
+
+ @Override
+ public int hashCode() {
+ int ret = 7;
+
+ ret = 31 * ret + ObjectUtils.hashCode(ownerUser);
+ ret = 31 * ret + ObjectUtils.hashCode(elements);
+
+ return ret;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerResourceImpl={");
+
+ sb.append("ownerUser={").append(ownerUser).append("} ");
+
+ sb.append("elements={");
+ if(elements != null) {
+ for(Map.Entry<String, String> e : elements.entrySet()) {
+ sb.append(e.getKey()).append("=").append(e.getValue()).append("; ");
+ }
+ }
+ sb.append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
index f49bf8c..16ab725 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
@@ -20,7 +20,7 @@
package org.apache.ranger.plugin.policyengine;
-public interface RangerMutableResource extends RangerResource {
+public interface RangerMutableResource extends RangerAccessResource {
void setOwnerUser(String ownerUser);
void setValue(String type, String value);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index d590548..7227e9e 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -166,7 +166,8 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
List<RangerPolicyEvaluatorFacade> evaluators = policyRepository.getPolicyEvaluators();
if(evaluators != null) {
- policyRepository.retrieveAuditEnabled(request, ret);
+ boolean foundInCache = policyRepository.setAuditEnabledFromCache(request, ret);
+
for(RangerPolicyEvaluator evaluator : evaluators) {
evaluator.evaluate(request, ret);
@@ -175,7 +176,10 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
break;
}
}
- policyRepository.storeAuditEnabled(request, ret);
+
+ if(! foundInCache) {
+ policyRepository.storeAuditEnabledInCache(request, ret);
+ }
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEvaluatorFacade.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEvaluatorFacade.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEvaluatorFacade.java
index b95b053..92dedba 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEvaluatorFacade.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEvaluatorFacade.java
@@ -35,11 +35,10 @@ public class RangerPolicyEvaluatorFacade implements RangerPolicyEvaluator, Compa
RangerDefaultPolicyEvaluator delegate = null;
int computedPolicyEvalOrder = 0;
- boolean useCachePolicyEngine = false;
RangerPolicyEvaluatorFacade(boolean useCachePolicyEngine) {
super();
- this.useCachePolicyEngine = useCachePolicyEngine;
+
delegate = new RangerOptimizedPolicyEvaluator();
}
@@ -50,12 +49,15 @@ public class RangerPolicyEvaluatorFacade implements RangerPolicyEvaluator, Compa
@Override
public void init(RangerPolicy policy, RangerServiceDef serviceDef) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPolicyEvaluatorFacade.init(), useCachePolicyEngine:" + useCachePolicyEngine);
+ LOG.debug("==> RangerPolicyEvaluatorFacade.init()");
}
+
delegate.init(policy, serviceDef);
+
computedPolicyEvalOrder = computePolicyEvalOrder();
+
if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPolicyEvaluatorFacade.init(), useCachePolicyEngine:" + useCachePolicyEngine);
+ LOG.debug("<== RangerPolicyEvaluatorFacade.init()");
}
}
@@ -75,12 +77,12 @@ public class RangerPolicyEvaluatorFacade implements RangerPolicyEvaluator, Compa
}
@Override
- public boolean isMatch(RangerResource resource) {
+ public boolean isMatch(RangerAccessResource resource) {
return false;
}
@Override
- public boolean isSingleAndExactMatch(RangerResource resource) {
+ public boolean isSingleAndExactMatch(RangerAccessResource resource) {
return false;
}
@@ -89,21 +91,21 @@ public class RangerPolicyEvaluatorFacade implements RangerPolicyEvaluator, Compa
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerPolicyEvaluatorFacade.compareTo()");
}
+
int result;
if (this.getComputedPolicyEvalOrder() == other.getComputedPolicyEvalOrder()) {
- Map<String, RangerConditionEvaluator> myConditionEvaluators = this.delegate.getConditionEvaluators();
+ Map<String, RangerConditionEvaluator> myConditionEvaluators = this.delegate.getConditionEvaluators();
Map<String, RangerConditionEvaluator> otherConditionEvaluators = other.delegate.getConditionEvaluators();
- int myConditionEvaluatorCount = myConditionEvaluators == null ? 0 : myConditionEvaluators.size();
+ int myConditionEvaluatorCount = myConditionEvaluators == null ? 0 : myConditionEvaluators.size();
int otherConditionEvaluatorCount = otherConditionEvaluators == null ? 0 : otherConditionEvaluators.size();
result = Integer.compare(myConditionEvaluatorCount, otherConditionEvaluatorCount);
} else {
- int myComputedPriority = this.getComputedPolicyEvalOrder();
- int otherComputedPriority = other.getComputedPolicyEvalOrder();
- result = Integer.compare(myComputedPriority, otherComputedPriority);
+ result = Integer.compare(computedPolicyEvalOrder, other.computedPolicyEvalOrder);
}
+
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerPolicyEvaluatorFacade.compareTo(), result:" + result);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index ff55990..4ed11c1 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -43,7 +43,7 @@ public class RangerPolicyRepository {
private RangerServiceDef serviceDef = null;
// Not used at this time
private boolean useCachePolicyEngine = false;
- private Map<String, RangerAccessData<Boolean>> accessAuditCache = null;
+ private Map<String, Boolean> accessAuditCache = null;
private static int RANGER_POLICYENGINE_AUDITRESULT_CACHE_SIZE = 64*1024;
@@ -65,7 +65,6 @@ public class RangerPolicyRepository {
}
void init(RangerServiceDef serviceDef, List<RangerPolicy> policies) {
-
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerPolicyRepository.init(" + serviceDef + ", policies.count=" + (policies == null ? 0 : policies.size()) + ")");
}
@@ -105,7 +104,7 @@ public class RangerPolicyRepository {
int auditResultCacheSize = RangerConfiguration.getInstance().getInt(propertyName, RANGER_POLICYENGINE_AUDITRESULT_CACHE_SIZE);
- accessAuditCache = new CacheMap<String, RangerAccessData<Boolean>>(auditResultCacheSize);
+ accessAuditCache = new CacheMap<String, Boolean>(auditResultCacheSize);
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerPolicyRepository.init(" + serviceDef + ", policies.count=" + (policies == null ? 0 : policies.size()) + ")");
@@ -159,33 +158,45 @@ public class RangerPolicyRepository {
return ret;
}
- synchronized void retrieveAuditEnabled(RangerAccessRequest request, RangerAccessResult ret) {
+ boolean setAuditEnabledFromCache(RangerAccessRequest request, RangerAccessResult result) {
if (LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPolicyRepository.retrieveAuditEnabled()");
+ LOG.debug("==> RangerPolicyRepository.setAuditEnabledFromCache()");
}
- RangerAccessData<Boolean> value = accessAuditCache.get(request.getResource().toString());
+
+ Boolean value = null;
+
+ synchronized (accessAuditCache) {
+ value = accessAuditCache.get(request.getResource().getAsString(getServiceDef()));
+ }
+
if ((value != null)) {
- ret.setIsAudited(value.getAccessDetails());
+ result.setIsAudited(value);
}
if (LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPolicyRepository.retrieveAuditEnabled()");
+ LOG.debug("<== RangerPolicyRepository.setAuditEnabledFromCache()");
}
+
+ return value != null;
}
- synchronized void storeAuditEnabled(RangerAccessRequest request, RangerAccessResult ret) {
+ void storeAuditEnabledInCache(RangerAccessRequest request, RangerAccessResult ret) {
if (LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPolicyRepository.storeAuditEnabled()");
+ LOG.debug("==> RangerPolicyRepository.storeAuditEnabledInCache()");
}
- RangerAccessData<Boolean> lookup = accessAuditCache.get(request.getResource().toString());
- if ((lookup == null && ret.getIsAuditedDetermined() == true)) {
- RangerAccessData<Boolean> value = new RangerAccessData<Boolean>(request.toString());
- value.setAccessDetails(ret.getIsAudited());
- accessAuditCache.put(request.getResource().toString(), value);
+
+ if ((ret.getIsAuditedDetermined() == true)) {
+ String strResource = request.getResource().getAsString(getServiceDef());
+
+ Boolean value = ret.getIsAudited() ? Boolean.TRUE : Boolean.FALSE;
+
+ synchronized(accessAuditCache) {
+ accessAuditCache.put(strResource, value);
+ }
}
if (LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPolicyRepository.storeAuditEnabled()");
+ LOG.debug("<== RangerPolicyRepository.storeAuditEnabledInCache()");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
deleted file mode 100644
index 6941bc3..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-import java.util.Set;
-
-
-public interface RangerResource {
- public abstract String getOwnerUser();
-
- public abstract boolean exists(String name);
-
- public abstract String getValue(String name);
-
- public Set<String> getKeys();
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
deleted file mode 100644
index da82cc3..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-
-public class RangerResourceImpl implements RangerMutableResource {
- private String ownerUser = null;
- private Map<String, String> elements = null;
-
-
- public RangerResourceImpl() {
- this(null, null);
- }
-
- public RangerResourceImpl(Map<String, String> elements) {
- this(elements, null);
- }
-
- public RangerResourceImpl(Map<String, String> elements, String ownerUser) {
- this.elements = elements;
- this.ownerUser = ownerUser;
- }
-
- @Override
- public String getOwnerUser() {
- return ownerUser;
- }
-
- @Override
- public boolean exists(String name) {
- return elements != null && elements.containsKey(name);
- }
-
- @Override
- public String getValue(String name) {
- String ret = null;
-
- if(elements != null && elements.containsKey(name)) {
- ret = elements.get(name);
- }
-
- return ret;
- }
-
- @Override
- public Set<String> getKeys() {
- Set<String> ret = null;
-
- if(elements != null) {
- ret = elements.keySet();
- }
-
- return ret;
- }
-
- @Override
- public void setOwnerUser(String ownerUser) {
- this.ownerUser = ownerUser;
- }
-
- @Override
- public void setValue(String name, String value) {
- if(value == null) {
- if(elements != null) {
- elements.remove(name);
-
- if(elements.isEmpty()) {
- elements = null;
- }
- }
- } else {
- if(elements == null) {
- elements = new HashMap<String, String>();
- }
- elements.put(name, value);
- }
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerResourceImpl={");
-
- sb.append("ownerUser={").append(ownerUser).append("} ");
-
- sb.append("elements={");
- if(elements != null) {
- for(Map.Entry<String, String> e : elements.entrySet()) {
- sb.append(e.getKey()).append("=").append(e.getValue()).append("; ");
- }
- }
- sb.append("} ");
-
- sb.append("}");
-
- return sb;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index b264664..d5332b2 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -37,7 +37,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
-import org.apache.ranger.plugin.policyengine.RangerResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher;
import org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher;
@@ -324,7 +324,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
}
@Override
- public boolean isMatch(RangerResource resource) {
+ public boolean isMatch(RangerAccessResource resource) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultPolicyEvaluator.isMatch(" + resource + ")");
}
@@ -370,7 +370,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
return ret;
}
- public boolean isSingleAndExactMatch(RangerResource resource) {
+ public boolean isSingleAndExactMatch(RangerAccessResource resource) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultPolicyEvaluator.isSingleAndExactMatch(" + resource + ")");
}
@@ -415,7 +415,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
return ret;
}
- protected boolean matchResourceHead(RangerResource resource) {
+ protected boolean matchResourceHead(RangerAccessResource resource) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultPolicyEvaluator.matchResourceHead(" + resource + ")");
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
index cfe53a8..35164b2 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
@@ -24,7 +24,7 @@ import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResource;
public interface RangerPolicyEvaluator {
void init(RangerPolicy policy, RangerServiceDef serviceDef);
@@ -35,7 +35,7 @@ public interface RangerPolicyEvaluator {
void evaluate(RangerAccessRequest request, RangerAccessResult result);
- boolean isMatch(RangerResource resource);
+ boolean isMatch(RangerAccessResource resource);
- boolean isSingleAndExactMatch(RangerResource resource);
+ boolean isSingleAndExactMatch(RangerAccessResource resource);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index 33060e4..b1a1b16 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -37,7 +37,7 @@ import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl;
-import org.apache.ranger.plugin.policyengine.RangerResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.PolicyRefresher;
@@ -328,7 +328,7 @@ public class RangerBasePlugin {
if(request != null && auditHandler != null && policyEngine != null) {
RangerAccessRequestImpl accessRequest = new RangerAccessRequestImpl();
- accessRequest.setResource(new RangerResourceImpl(request.getResource()));
+ accessRequest.setResource(new RangerAccessResourceImpl(request.getResource()));
accessRequest.setUser(request.getGrantor());
accessRequest.setAccessType(RangerPolicyEngine.ADMIN_ACCESS);
accessRequest.setAction(action);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
index f940c30..b4175e2 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
@@ -52,7 +52,7 @@ public class TestPolicyEngine {
gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z")
.setPrettyPrinting()
.registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer())
- .registerTypeAdapter(RangerResource.class, new RangerResourceDeserializer())
+ .registerTypeAdapter(RangerAccessResource.class, new RangerResourceDeserializer())
.create();
}
@@ -134,11 +134,11 @@ public class TestPolicyEngine {
}
}
- static class RangerResourceDeserializer implements JsonDeserializer<RangerResource> {
+ static class RangerResourceDeserializer implements JsonDeserializer<RangerAccessResource> {
@Override
- public RangerResource deserialize(JsonElement jsonObj, Type type,
+ public RangerAccessResource deserialize(JsonElement jsonObj, Type type,
JsonDeserializationContext context) throws JsonParseException {
- return gsonBuilder.fromJson(jsonObj, RangerResourceImpl.class);
+ return gsonBuilder.fromJson(jsonObj, RangerAccessResourceImpl.class);
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
index bf3048e..3513bcb 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
@@ -30,7 +30,7 @@ import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import com.google.common.base.Objects;
@@ -156,7 +156,7 @@ public class AuthorizationSession {
// session can be reused so reset its state
zapAuthorizationState();
// TODO get this via a factory instead
- RangerResourceImpl resource = new RangerResourceImpl();
+ RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
// policy engine should deal sensibly with null/empty values, if any
resource.setValue("table", _table);
resource.setValue("column-family", _columnFamily);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
index 9ed627d..59e79d0 100644
--- a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
+++ b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
@@ -36,8 +36,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerResource;
-import org.apache.ranger.plugin.policyengine.RangerResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.junit.AfterClass;
import org.junit.BeforeClass;
@@ -62,7 +62,7 @@ public class TestPolicyEngine {
gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z")
.setPrettyPrinting()
.registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer())
- .registerTypeAdapter(RangerResource.class, new RangerResourceDeserializer())
+ .registerTypeAdapter(RangerAccessResource.class, new RangerResourceDeserializer())
.create();
}
@@ -165,11 +165,11 @@ public class TestPolicyEngine {
}
}
- static class RangerResourceDeserializer implements JsonDeserializer<RangerResource> {
+ static class RangerResourceDeserializer implements JsonDeserializer<RangerAccessResource> {
@Override
- public RangerResource deserialize(JsonElement jsonObj, Type type,
+ public RangerAccessResource deserialize(JsonElement jsonObj, Type type,
JsonDeserializationContext context) throws JsonParseException {
- return gsonBuilder.fromJson(jsonObj, RangerResourceImpl.class);
+ return gsonBuilder.fromJson(jsonObj, RangerAccessResourceImpl.class);
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java b/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
index adf2680..592e77f 100644
--- a/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
+++ b/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
@@ -42,7 +42,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import com.google.common.collect.Sets;
@@ -216,40 +217,13 @@ class RangerHdfsPlugin extends RangerBasePlugin {
}
}
-class RangerHdfsResource implements RangerResource {
+class RangerHdfsResource extends RangerAccessResourceImpl {
private static final String KEY_PATH = "path";
- private static final Set<String> KEYS_PATH = Sets.newHashSet(KEY_PATH);
-
- private String path = null;
- private String owner = null;
public RangerHdfsResource(String path, String owner) {
- this.path = path;
- this.owner = owner;
- }
-
- @Override
- public String getOwnerUser() {
- return owner;
- }
-
- @Override
- public boolean exists(String name) {
- return StringUtils.equalsIgnoreCase(name, KEY_PATH);
- }
-
- @Override
- public String getValue(String name) {
- if(StringUtils.equalsIgnoreCase(name, KEY_PATH)) {
- return path;
- }
-
- return null;
- }
-
- public Set<String> getKeys() {
- return KEYS_PATH;
+ super.setValue(KEY_PATH, path);
+ super.setOwnerUser(owner);
}
}
@@ -313,8 +287,9 @@ class RangerHdfsAuditHandler extends RangerDefaultAuditHandler {
RangerAccessRequest request = result.getAccessRequest();
RangerServiceDef serviceDef = result.getServiceDef();
- String resourceType = getResourceName(request.getResource(), serviceDef);
- String resourcePath = getResourceValueAsString(request.getResource(), serviceDef);
+ RangerAccessResource resource = request.getResource();
+ String resourceType = resource != null ? resource.getLeafName(serviceDef) : null;
+ String resourcePath = resource != null ? resource.getAsString(serviceDef) : null;
auditEvent.setUser(request.getUser());
auditEvent.setResourcePath(pathToBeValidated);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
index ac8113b..7110861 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
@@ -66,7 +66,7 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler {
auditEvent.setRepositoryType(result.getServiceType());
auditEvent.setRepositoryName(result.getServiceName()) ;
auditEvent.setRequestData(request.getRequestData());
- auditEvent.setResourcePath(getResourceValueAsString(resource, result.getServiceDef()));
+ auditEvent.setResourcePath(resource != null ? resource.getAsString(result.getServiceDef()) : null);
addAuthzAuditEvent(auditEvent);
}
@@ -106,15 +106,16 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler {
auditEvent.setRepositoryType(result.getServiceType());
auditEvent.setRepositoryName(result.getServiceName()) ;
auditEvent.setRequestData(request.getRequestData());
- auditEvent.setResourcePath(getResourceValueAsString(resource, result.getServiceDef()));
+
+ auditEvent.setResourcePath(resource != null ? resource.getAsString(result.getServiceDef()) : null);
} else if(result.getIsAllowed()){
auditEvent.setResourcePath(auditEvent.getResourcePath() + "," + resource.getColumn());
} else {
- auditEvent.setResourcePath(getResourceValueAsString(resource, result.getServiceDef()));
+ auditEvent.setResourcePath(resource != null ? resource.getAsString(result.getServiceDef()) : null);
}
if(!result.getIsAllowed()) {
- auditEvent.setResourcePath(getResourceValueAsString(resource, result.getServiceDef()));
+ auditEvent.setResourcePath(resource != null ? resource.getAsString(result.getServiceDef()) : null);
break;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index cc56bb9..72e6652 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -299,7 +299,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
continue;
}
- RangerHiveResource colResource = new RangerHiveResource(HiveObjectType.COLUMN, resource.getDatabase(), resource.getTableOrUdf(), column);
+ RangerHiveResource colResource = new RangerHiveResource(HiveObjectType.COLUMN, resource.getDatabase(), resource.getTable(), column);
RangerHiveAccessRequest colRequest = request.copy();
colRequest.setResource(colResource);
@@ -323,7 +323,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
}
if(result != null && !result.getIsAllowed()) {
- String path = auditHandler.getResourceValueAsString(request.getResource(), result.getServiceDef());
+ String path = resource != null ? resource.getAsString(result.getServiceDef()) : null;
throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]",
user, request.getHiveAccessType().name(), path));
@@ -710,7 +710,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
ret.setReplaceExistingPermissions(Boolean.FALSE);
String database = StringUtils.isEmpty(resource.getDatabase()) ? "*" : resource.getDatabase();
- String table = StringUtils.isEmpty(resource.getTableOrUdf()) ? "*" : resource.getTableOrUdf();
+ String table = StringUtils.isEmpty(resource.getTable()) ? "*" : resource.getTable();
String column = StringUtils.isEmpty(resource.getColumn()) ? "*" : resource.getColumn();
Map<String, String> mapResource = new HashMap<String, String>();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
index d49bd66..a29acea 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
@@ -19,32 +19,18 @@
package org.apache.ranger.authorization.hive.authorizer;
-import java.util.Set;
-import org.apache.commons.lang.ObjectUtils;
-import org.apache.commons.lang.StringUtils;
-import org.apache.ranger.plugin.policyengine.RangerResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
-import com.google.common.collect.Sets;
-public class RangerHiveResource implements RangerResource {
+public class RangerHiveResource extends RangerAccessResourceImpl {
public static final String KEY_DATABASE = "database";
public static final String KEY_TABLE = "table";
public static final String KEY_UDF = "udf";
public static final String KEY_COLUMN = "column";
- public static final Set<String> KEYS_DATABASE = Sets.newHashSet(KEY_DATABASE);
- public static final Set<String> KEYS_TABLE = Sets.newHashSet(KEY_DATABASE, KEY_TABLE);
- public static final Set<String> KEYS_UDF = Sets.newHashSet(KEY_DATABASE, KEY_UDF);
- public static final Set<String> KEYS_COLUMN = Sets.newHashSet(KEY_DATABASE, KEY_TABLE, KEY_COLUMN);
-
private HiveObjectType objectType = null;
- private String database = null;
- private String tableOrUdf = null;
- private String column = null;
- private Set<String> keys = null;
-
public RangerHiveResource(HiveObjectType objectType, String database) {
this(objectType, database, null, null);
@@ -56,130 +42,55 @@ public class RangerHiveResource implements RangerResource {
public RangerHiveResource(HiveObjectType objectType, String database, String tableOrUdf, String column) {
this.objectType = objectType;
- this.database = database;
- this.tableOrUdf = tableOrUdf;
- this.column = column;
switch(objectType) {
case DATABASE:
- keys = KEYS_DATABASE;
+ setValue(KEY_DATABASE, database);
break;
case FUNCTION:
- keys = KEYS_UDF;
+ setValue(KEY_DATABASE, database);
+ setValue(KEY_UDF, tableOrUdf);
break;
case COLUMN:
- keys = KEYS_COLUMN;
+ setValue(KEY_DATABASE, database);
+ setValue(KEY_TABLE, tableOrUdf);
+ setValue(KEY_COLUMN, column);
break;
case TABLE:
case VIEW:
case INDEX:
case PARTITION:
- keys = KEYS_TABLE;
+ setValue(KEY_DATABASE, database);
+ setValue(KEY_TABLE, tableOrUdf);
break;
case NONE:
case URI:
default:
- keys = null;
break;
}
}
- @Override
- public String getOwnerUser() {
- return null; // no owner information available
- }
-
- @Override
- public boolean exists(String name) {
- return !StringUtils.isEmpty(getValue(name));
- }
-
- @Override
- public String getValue(String name) {
- if(StringUtils.equalsIgnoreCase(name, KEY_DATABASE)) {
- return database;
- } else if(objectType == HiveObjectType.FUNCTION) {
- if(StringUtils.equalsIgnoreCase(name, KEY_UDF)) {
- return tableOrUdf;
- }
- } else if(StringUtils.equalsIgnoreCase(name, KEY_TABLE)) {
- return tableOrUdf;
- } else if(StringUtils.equalsIgnoreCase(name, KEY_COLUMN)) {
- return column;
- }
-
- return null;
- }
-
- public Set<String> getKeys() {
- return keys;
- }
-
- @Override
- public boolean equals(Object obj) {
- if(obj == null || !(obj instanceof RangerHiveResource)) {
- return false;
- }
-
- if(this == obj) {
- return true;
- }
-
- RangerHiveResource other = (RangerHiveResource) obj;
-
- return ObjectUtils.equals(objectType, other.objectType) &&
- ObjectUtils.equals(database, other.database) &&
- ObjectUtils.equals(tableOrUdf, other.tableOrUdf) &&
- ObjectUtils.equals(column, other.column);
- }
-
- @Override
- public int hashCode() {
- int ret = 7;
-
- ret = 31 * ret + ObjectUtils.hashCode(objectType);
- ret = 31 * ret + ObjectUtils.hashCode(database);
- ret = 31 * ret + ObjectUtils.hashCode(tableOrUdf);
- ret = 31 * ret + ObjectUtils.hashCode(column);
-
- return ret;
- }
-
- @Override
- public String toString() {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("objectType={").append(objectType).append("} ");
- sb.append("database={").append(database).append("} ");
- sb.append("tableOrUdf={").append(tableOrUdf).append("} ");
- sb.append("column={").append(column).append("} ");
-
- return sb;
- }
-
public HiveObjectType getObjectType() {
return objectType;
}
public String getDatabase() {
- return database;
+ return getValue(KEY_DATABASE);
+ }
+
+ public String getTable() {
+ return getValue(KEY_TABLE);
}
- public String getTableOrUdf() {
- return tableOrUdf;
+ public String getUdf() {
+ return getValue(KEY_UDF);
}
public String getColumn() {
- return column;
+ return getValue(KEY_COLUMN);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java
----------------------------------------------------------------------
diff --git a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java
index 354d2f0..643450c 100644
--- a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java
+++ b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java
@@ -27,7 +27,7 @@ import org.apache.ranger.authorization.knox.KnoxRangerPlugin.KnoxConstants.Resou
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
-import org.apache.ranger.plugin.policyengine.RangerResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.service.RangerBasePlugin;
public class KnoxRangerPlugin extends RangerBasePlugin {
@@ -85,7 +85,7 @@ public class KnoxRangerPlugin extends RangerBasePlugin {
RangerAccessRequest build() {
// build resource
- RangerResourceImpl resource = new RangerResourceImpl();
+ RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
resource.setValue(ResourceName.Service, _service);
resource.setValue(ResourceName.Topology, _topology);
// build request
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java b/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
index cc82c81..ff20097 100644
--- a/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
+++ b/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
@@ -22,15 +22,12 @@ package org.apache.ranger.authorization.yarn.authorizer;
import java.net.InetAddress;
import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
-import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
@@ -43,7 +40,7 @@ import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
-import org.apache.ranger.plugin.policyengine.RangerResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
@@ -155,7 +152,7 @@ public class RangerYarnAuthorizer extends YarnAuthorizationProvider {
RangerYarnResource resource = new RangerYarnResource(entity);
GrantRevokeRequest request = new GrantRevokeRequest();
- request.setResource(resource.getResourceAsMap());
+ request.setResource(resource.getAsMap());
request.setGrantor(ugi.getShortUserName());
request.setDelegateAdmin(Boolean.FALSE);
request.setEnableAudit(Boolean.TRUE);
@@ -249,44 +246,11 @@ class RangerYarnPlugin extends RangerBasePlugin {
}
}
-class RangerYarnResource implements RangerResource {
- private static final String KEY_QUEUE = "queue";
- private static final Set<String> KEYS_QUEUE = Sets.newHashSet(KEY_QUEUE);
-
- private String queue = null;
+class RangerYarnResource extends RangerAccessResourceImpl {
+ private static final String KEY_QUEUE = "queue";
public RangerYarnResource(PrivilegedEntity entity) {
- this.queue = entity != null ? entity.getName() : null;
- }
-
- @Override
- public String getOwnerUser() {
- return null;
- }
-
- @Override
- public boolean exists(String name) {
- return !StringUtils.isEmpty(queue) && StringUtils.equals(name, KEY_QUEUE);
- }
-
- @Override
- public String getValue(String name) {
- return StringUtils.equals(name, KEY_QUEUE) ? queue : null;
- }
-
- @Override
- public Set<String> getKeys() {
- return StringUtils.isEmpty(queue) ? Collections.<String>emptySet() : KEYS_QUEUE;
- }
-
- public Map<String, String> getResourceAsMap() {
- Map<String, String> ret = new HashMap<String, String>();
-
- if(!StringUtils.isEmpty(queue)) {
- ret.put(KEY_QUEUE, queue);
- }
-
- return ret;
+ setValue(KEY_QUEUE, entity != null ? entity.getName() : null);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
index e5ad26c..192734e 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
@@ -22,7 +22,6 @@
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
-import java.util.Map;
import javax.persistence.EntityManager;
import javax.persistence.Query;
@@ -64,13 +63,11 @@ public class RangerSearchUtil extends SearchUtil {
private StringBuilder buildWhereClause(SearchFilter searchCriteria, List<SearchField> searchFields) {
return buildWhereClause(searchCriteria, searchFields, false, false);
}
-
+
private StringBuilder buildWhereClause(SearchFilter searchCriteria,
List<SearchField> searchFields, boolean isNativeQuery,
boolean excludeWhereKeyword) {
- Map<String, String> paramList = searchCriteria.getParams();
-
StringBuilder whereClause = new StringBuilder(excludeWhereKeyword ? "" : "WHERE 1 = 1 ");
List<String> joinTableList = new ArrayList<String>();
@@ -83,7 +80,7 @@ public class RangerSearchUtil extends SearchUtil {
}
if (searchField.getDataType() == SearchField.DATA_TYPE.INTEGER) {
- Integer paramVal = restErrorUtil.parseInt(paramList.get(searchField.getClientFieldName()),
+ Integer paramVal = restErrorUtil.parseInt(searchCriteria.getParam(searchField.getClientFieldName()),
"Invalid value for " + searchField.getClientFieldName(),
MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName());
@@ -99,7 +96,7 @@ public class RangerSearchUtil extends SearchUtil {
}
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.STRING) {
- String strFieldValue = paramList.get(searchField.getClientFieldName());
+ String strFieldValue = searchCriteria.getParam(searchField.getClientFieldName());
if (strFieldValue != null) {
if (searchField.getCustomCondition() == null) {
whereClause.append(" and ").append("LOWER(").append(searchField.getFieldName()).append(")");
@@ -113,7 +110,7 @@ public class RangerSearchUtil extends SearchUtil {
}
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.BOOLEAN) {
- Boolean boolFieldValue = restErrorUtil.parseBoolean(paramList.get(searchField.getClientFieldName()),
+ Boolean boolFieldValue = restErrorUtil.parseBoolean(searchCriteria.getParam(searchField.getClientFieldName()),
"Invalid value for " + searchField.getClientFieldName(),
MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName());
@@ -128,7 +125,7 @@ public class RangerSearchUtil extends SearchUtil {
}
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.DATE) {
- Date fieldValue = restErrorUtil.parseDate(paramList.get(searchField.getClientFieldName()),
+ Date fieldValue = restErrorUtil.parseDate(searchCriteria.getParam(searchField.getClientFieldName()),
"Invalid value for " + searchField.getClientFieldName(), MessageEnums.INVALID_INPUT_DATA,
null, searchField.getClientFieldName(), null);
if (fieldValue != null) {
@@ -168,12 +165,10 @@ public class RangerSearchUtil extends SearchUtil {
protected void resolveQueryParams(Query query, SearchFilter searchCriteria, List<SearchField> searchFields) {
- Map<String, String> paramList = searchCriteria.getParams();
-
for (SearchField searchField : searchFields) {
if (searchField.getDataType() == SearchField.DATA_TYPE.INTEGER) {
- Integer paramVal = restErrorUtil.parseInt(paramList.get(searchField.getClientFieldName()),
+ Integer paramVal = restErrorUtil.parseInt(searchCriteria.getParam(searchField.getClientFieldName()),
"Invalid value for " + searchField.getClientFieldName(),
MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName());
@@ -182,7 +177,7 @@ public class RangerSearchUtil extends SearchUtil {
query.setParameter(searchField.getClientFieldName(), intFieldValue);
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.STRING) {
- String strFieldValue = paramList.get(searchField.getClientFieldName());
+ String strFieldValue = searchCriteria.getParam(searchField.getClientFieldName());
if (strFieldValue != null) {
if (searchField.getSearchType() == SearchField.SEARCH_TYPE.FULL) {
query.setParameter(searchField.getClientFieldName(), strFieldValue.trim().toLowerCase());
@@ -191,7 +186,7 @@ public class RangerSearchUtil extends SearchUtil {
}
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.BOOLEAN) {
- Boolean boolFieldValue = restErrorUtil.parseBoolean(paramList.get(searchField.getClientFieldName()),
+ Boolean boolFieldValue = restErrorUtil.parseBoolean(searchCriteria.getParam(searchField.getClientFieldName()),
"Invalid value for " + searchField.getClientFieldName(),
MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName());
@@ -199,7 +194,7 @@ public class RangerSearchUtil extends SearchUtil {
query.setParameter(searchField.getClientFieldName(), boolFieldValue);
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.DATE) {
- Date fieldValue = restErrorUtil.parseDate(paramList.get(searchField.getClientFieldName()),
+ Date fieldValue = restErrorUtil.parseDate(searchCriteria.getParam(searchField.getClientFieldName()),
"Invalid value for " + searchField.getClientFieldName(), MessageEnums.INVALID_INPUT_DATA,
null, searchField.getClientFieldName(), null);
if (fieldValue != null) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 617a084..ec64e89 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -64,8 +64,8 @@ import org.apache.ranger.plugin.model.validation.RangerValidator.Action;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
-import org.apache.ranger.plugin.policyengine.RangerResource;
-import org.apache.ranger.plugin.policyengine.RangerResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyEvaluator;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
import org.apache.ranger.plugin.service.ResourceLookupContext;
@@ -533,9 +533,9 @@ public class ServiceREST {
if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) {
try {
- String userName = grantRequest.getGrantor();
- Set<String> userGroups = Collections.<String>emptySet(); // TODO: get groups for the grantor from Ranger database
- RangerResource resource = new RangerResourceImpl(grantRequest.getResource());
+ String userName = grantRequest.getGrantor();
+ Set<String> userGroups = Collections.<String>emptySet(); // TODO: get groups for the grantor from Ranger database
+ RangerAccessResource resource = new RangerAccessResourceImpl(grantRequest.getResource());
boolean isAdmin = isAdminForResource(userName, userGroups, serviceName, resource);
@@ -714,9 +714,9 @@ public class ServiceREST {
if (serviceUtil.isValidateHttpsAuthentication(serviceName,request)) {
try {
- String userName = revokeRequest.getGrantor();
- Set<String> userGroups = Collections.<String>emptySet(); // TODO: get groups for the grantor from Ranger databas
- RangerResource resource = new RangerResourceImpl(revokeRequest.getResource());
+ String userName = revokeRequest.getGrantor();
+ Set<String> userGroups = Collections.<String>emptySet(); // TODO: get groups for the grantor from Ranger databas
+ RangerAccessResource resource = new RangerAccessResourceImpl(revokeRequest.getResource());
boolean isAdmin = isAdminForResource(userName, userGroups, serviceName, resource);
@@ -1120,7 +1120,7 @@ public class ServiceREST {
}
}
- private boolean isAdminForResource(String userName, Set<String> userGroups, String serviceName, RangerResource resource) throws Exception {
+ private boolean isAdminForResource(String userName, Set<String> userGroups, String serviceName, RangerAccessResource resource) throws Exception {
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.isAdminForResource(" + userName + ", " + serviceName + ", " + resource + ")");
}
@@ -1165,7 +1165,7 @@ public class ServiceREST {
return ret;
}
- private RangerPolicy getExactMatchPolicyForResource(String serviceName, RangerResource resource) throws Exception {
+ private RangerPolicy getExactMatchPolicyForResource(String serviceName, RangerAccessResource resource) throws Exception {
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.getExactMatchPolicyForResource(" + serviceName + ", " + resource + ")");
}
@@ -1191,7 +1191,7 @@ public class ServiceREST {
return ret;
}
- private boolean isMatch(RangerPolicy policy, RangerResource resource) throws Exception {
+ private boolean isMatch(RangerPolicy policy, RangerAccessResource resource) throws Exception {
boolean ret = false;
String serviceName = policy.getService();
@@ -1216,7 +1216,7 @@ public class ServiceREST {
return ret;
}
- private boolean isSingleAndExactMatch(RangerPolicy policy, RangerResource resource) throws Exception {
+ private boolean isSingleAndExactMatch(RangerPolicy policy, RangerAccessResource resource) throws Exception {
boolean ret = false;
String serviceName = policy.getService();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
index db5e0af..b61e209 100644
--- a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
+++ b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
@@ -10,7 +10,7 @@ import org.apache.ranger.authorization.storm.StormRangerPlugin.StormConstants.Re
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
-import org.apache.ranger.plugin.policyengine.RangerResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import com.google.common.collect.Sets;
@@ -52,7 +52,7 @@ public class StormRangerPlugin extends RangerBasePlugin {
request.setAccessType(_operation);
request.setClientIPAddress(_clientIp);
// build resource and connect stuff into request
- RangerResourceImpl resource = new RangerResourceImpl();
+ RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
resource.setValue(ResourceName.Topology, _topology);
request.setResource(resource);