You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/01/27 02:58:10 UTC

[3/6] incubator-ranger git commit: RANGER-203: HDFS plugin updated for recent change in RangerResource.

RANGER-203: HDFS plugin updated for recent change in RangerResource.

Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/5a50f5fb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/5a50f5fb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/5a50f5fb

Branch: refs/heads/stack
Commit: 5a50f5fb03581fa99577076c60ae9edadc9ef476
Parents: 57ded06
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Mon Jan 26 16:08:54 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Mon Jan 26 16:08:54 2015 -0800

----------------------------------------------------------------------
 .../namenode/RangerFSPermissionChecker.java     | 50 +++++++++-----------
 1 file changed, 23 insertions(+), 27 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a50f5fb/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java b/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
index fcf710c..f4e6dc7 100644
--- a/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
+++ b/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
@@ -21,16 +21,10 @@ package org.apache.hadoop.hdfs.server.namenode;
 import static org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants.*;
 
 import java.net.InetAddress;
-import java.util.Arrays;
-import java.util.Calendar;
-import java.util.Collections;
-import java.util.Date;
-import java.util.GregorianCalendar;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
-import java.util.TimeZone;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
@@ -42,6 +36,7 @@ import org.apache.ranger.audit.model.AuthzAuditEvent;
 import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
 import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
 import org.apache.ranger.authorization.hadoop.exceptions.RangerAccessControlException;
+import org.apache.ranger.authorization.utils.StringUtil;
 import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
 import org.apache.ranger.plugin.model.RangerServiceDef;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
@@ -50,11 +45,13 @@ import org.apache.ranger.plugin.policyengine.RangerAccessResult;
 import org.apache.ranger.plugin.policyengine.RangerResource;
 import org.apache.ranger.plugin.service.RangerBasePlugin;
 
+import com.google.common.collect.Sets;
+
 
 public class RangerFSPermissionChecker {
 	private static final Log LOG = LogFactory.getLog(RangerFSPermissionChecker.class);
 
-	private static final boolean addHadoopAuth 	  = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT) ;
+	private static final boolean addHadoopAuth = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT) ;
 
 
 	private static RangerHdfsPlugin                    rangerPlugin        = null;
@@ -69,7 +66,7 @@ public class RangerFSPermissionChecker {
 		String      path      = inode.getFullPathName();
 		String      pathOwner = inode.getUserName();
 		String      user      = ugi.getShortUserName();
-		Set<String> groups    = Collections.unmodifiableSet(new HashSet<String>(Arrays.asList(ugi.getGroupNames())));
+		Set<String> groups    = Sets.newHashSet(ugi.getGroupNames());
 
 		boolean accessGranted =  AuthorizeAccessForUser(path, pathOwner, access, user, groups);
 
@@ -162,6 +159,10 @@ class RangerHdfsPlugin extends RangerBasePlugin {
 }
 
 class RangerHdfsResource implements RangerResource {
+	private static final String KEY_PATH = "path";
+
+	private static final Set<String> KEYS_PATH = Sets.newHashSet(KEY_PATH);
+
 	private String path  = null;
 	private String owner = null;
 
@@ -177,17 +178,21 @@ class RangerHdfsResource implements RangerResource {
 
 	@Override
 	public boolean exists(String name) {
-		return StringUtils.equalsIgnoreCase(name, "path");
+		return StringUtils.equalsIgnoreCase(name, KEY_PATH);
 	}
 
 	@Override
 	public String getValue(String name) {
-		if(StringUtils.equalsIgnoreCase(name, "path")) {
+		if(StringUtils.equalsIgnoreCase(name, KEY_PATH)) {
 			return path;
 		}
 
 		return null;
 	}
+
+	public Set<String> getKeys() {
+		return KEYS_PATH;
+	}
 }
 
 class RangerHdfsAccessRequest extends RangerAccessRequestImpl {
@@ -197,13 +202,13 @@ class RangerHdfsAccessRequest extends RangerAccessRequestImpl {
 		access2ActionListMapper = new HashMap<FsAction, Set<String>>();
 
 		access2ActionListMapper.put(FsAction.NONE,          new HashSet<String>());
-		access2ActionListMapper.put(FsAction.ALL,           new HashSet<String>(Arrays.asList(READ_ACCCESS_TYPE, WRITE_ACCCESS_TYPE, EXECUTE_ACCCESS_TYPE)));
-		access2ActionListMapper.put(FsAction.READ,          new HashSet<String>(Arrays.asList(READ_ACCCESS_TYPE)));
-		access2ActionListMapper.put(FsAction.READ_WRITE,    new HashSet<String>(Arrays.asList(READ_ACCCESS_TYPE, WRITE_ACCCESS_TYPE)));
-		access2ActionListMapper.put(FsAction.READ_EXECUTE,  new HashSet<String>(Arrays.asList(READ_ACCCESS_TYPE, EXECUTE_ACCCESS_TYPE)));
-		access2ActionListMapper.put(FsAction.WRITE,         new HashSet<String>(Arrays.asList(WRITE_ACCCESS_TYPE)));
-		access2ActionListMapper.put(FsAction.WRITE_EXECUTE, new HashSet<String>(Arrays.asList(WRITE_ACCCESS_TYPE, EXECUTE_ACCCESS_TYPE)));
-		access2ActionListMapper.put(FsAction.EXECUTE,       new HashSet<String>(Arrays.asList(EXECUTE_ACCCESS_TYPE)));
+		access2ActionListMapper.put(FsAction.ALL,           Sets.newHashSet(READ_ACCCESS_TYPE, WRITE_ACCCESS_TYPE, EXECUTE_ACCCESS_TYPE));
+		access2ActionListMapper.put(FsAction.READ,          Sets.newHashSet(READ_ACCCESS_TYPE));
+		access2ActionListMapper.put(FsAction.READ_WRITE,    Sets.newHashSet(READ_ACCCESS_TYPE, WRITE_ACCCESS_TYPE));
+		access2ActionListMapper.put(FsAction.READ_EXECUTE,  Sets.newHashSet(READ_ACCCESS_TYPE, EXECUTE_ACCCESS_TYPE));
+		access2ActionListMapper.put(FsAction.WRITE,         Sets.newHashSet(WRITE_ACCCESS_TYPE));
+		access2ActionListMapper.put(FsAction.WRITE_EXECUTE, Sets.newHashSet(WRITE_ACCCESS_TYPE, EXECUTE_ACCCESS_TYPE));
+		access2ActionListMapper.put(FsAction.EXECUTE,       Sets.newHashSet(EXECUTE_ACCCESS_TYPE));
 	}
 
 	public RangerHdfsAccessRequest(String path, String pathOwner, FsAction access, String user, Set<String> groups) {
@@ -211,19 +216,10 @@ class RangerHdfsAccessRequest extends RangerAccessRequestImpl {
 		super.setAccessTypes(access2ActionListMapper.get(access));
 		super.setUser(user);
 		super.setUserGroups(groups);
-		super.setAccessTime(getUTCDate());
+		super.setAccessTime(StringUtil.getUTCDate());
 		super.setClientIPAddress(getRemoteIp());
 		super.setAction(access.toString());
 	}
-
-	private static Date getUTCDate() {
-		Calendar local=Calendar.getInstance();
-	    int offset = local.getTimeZone().getOffset(local.getTimeInMillis());
-	    GregorianCalendar utc = new GregorianCalendar(TimeZone.getTimeZone("GMT+0"));
-	    utc.setTimeInMillis(local.getTimeInMillis());
-	    utc.add(Calendar.MILLISECOND, -offset);
-	    return utc.getTime();
-	}
 	
 	private static String getRemoteIp() {
 		String ret = null ;