You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2018/03/05 06:27:11 UTC
[2/4] ranger git commit: RANGER-2000: Policy effective dates to
support time-bound and temporary authorization
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/agents-common/src/test/resources/policyengine/validityscheduler/test-validity-schedules-invalid.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/validityscheduler/test-validity-schedules-invalid.json b/agents-common/src/test/resources/policyengine/validityscheduler/test-validity-schedules-invalid.json
new file mode 100644
index 0000000..ed62828
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/validityscheduler/test-validity-schedules-invalid.json
@@ -0,0 +1,146 @@
+[
+ {
+ "name": "Empty validity-schedule",
+ "validitySchedules": [
+ {}
+ ],
+ "accessTime": "20180112-14:32:27.000-0800",
+ "result": {
+ "isValid": false,
+ "isApplicable": false,
+ "validationFailureCount": 1
+ }
+ },
+ {
+ "name": "Invalid characters in validity-schedule",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/12 17:19:00",
+ "recurrences": [
+ {
+ "schedule": {"minute": "MINUTE", "hour": "HOUR", "dayOfMonth": "DAYOFMONTH", "dayOfWeek": "DAYOFWEEK", "month": "MONTH", "year": "YEAR"},
+ "interval": {"days": 10, "hours": 5, "minutes": 5}
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180112-14:32:27.000-0800",
+ "result": {
+ "isValid": false,
+ "isApplicable": false,
+ "validationFailureCount": 6
+ }
+ },
+ {
+ "name": "Invalid characters in fields in validity-schedule",
+
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/23 06:30:00",
+ "recurrences": [
+ {
+ "schedule": {"minute": "*", "hour": "@", "dayOfMonth": "!", "dayOfWeek": "#", "month": "%", "year": "^&()"},
+ "interval": {"minutes": 10 }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180112-14:32:27.000-0800",
+ "result": {
+ "isValid": false,
+ "isApplicable": false,
+ "validationFailureCount": 6
+ }
+ },
+ {
+ "name": "Incorrect validityInterval",
+
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/23 06:30:00",
+ "timeZone":"",
+ "recurrences": [
+ {
+ "schedule": {"minute": "10", "hour": "*", "dayOfMonth": "*", "dayOfWeek": "*", "month": "*", "year": "2018"},
+ "interval": {"days": -1, "hours": 24, "minutes": 60}
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180112-14:32:27.000-0800",
+ "result": {
+ "isValid": false,
+ "isApplicable": false,
+ "validationFailureCount": 1
+ }
+ },
+ {
+ "name": "endTime earlier than startTime",
+
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2018/01/02 22:30:00",
+ "recurrences": [
+ {
+ "schedule": {"minute": "45, 30, 1, 14", "hour": "*, 0,20, 21", "dayOfMonth": "1-14, 15,31", "dayOfWeek": "0,4, 6", "month": "11, 0-1", "year": "2018"}
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180112-14:32:27.000-0800",
+ "result": {
+ "isValid": false,
+ "isApplicable": false,
+ "validationFailureCount": 1
+ }
+ },
+ {
+ "name": "Overlapping ranges, incorrect range, invalid field value in validity-schedule",
+
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/22 22:30:00",
+ "timeZone":"",
+ "recurrences": [
+ {
+ "schedule": {"minute": "1,10,5", "hour": "0-3, 1-4, 9-8,20, 21", "dayOfMonth": "1-14, 15,31", "dayOfWeek": "0,4, 6", "month": "12, 1-2", "year": "2018"},
+ "interval": {"minutes": 10 }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180112-14:32:27.000-0800",
+ "result": {
+ "isValid": false,
+ "isApplicable": false,
+ "validationFailureCount": 3
+ }
+ },
+ {
+ "name": "Both dayOfWeek and dayOfMonth blank",
+
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/23 06:30:00",
+ "recurrences": [
+ {
+ "schedule": {"minute": "45, 30, 1, 14", "hour": "*, 0,20, 21", "dayOfMonth": "", "dayOfWeek": "", "month": "12, 1-2", "year": "2018"},
+ "interval": {"minutes": 10 }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180112-14:32:27.000-0800",
+ "result": {
+ "isValid": false,
+ "isApplicable": false,
+ "validationFailureCount": 1
+ }
+ }
+]
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/agents-common/src/test/resources/policyengine/validityscheduler/test-validity-schedules-valid-and-applicable.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/validityscheduler/test-validity-schedules-valid-and-applicable.json b/agents-common/src/test/resources/policyengine/validityscheduler/test-validity-schedules-valid-and-applicable.json
new file mode 100644
index 0000000..38921d7
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/validityscheduler/test-validity-schedules-valid-and-applicable.json
@@ -0,0 +1,507 @@
+[
+ {
+ "name": "Non-repeating validity-schedule",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2018/02/03 12:16:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "60",
+ "hour": "*",
+ "dayOfMonth": "*",
+ "dayOfWeek": "5, 7",
+ "month": "*",
+ "year": "2018"
+ },
+ "interval": {
+ "minutes": 0
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180113-14:32:27.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": true,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "Applicable for 9 minutes in a 10 minute interval",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2018/02/03 12:16:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "0, 10, 20, 30, 40, 50",
+ "hour": "*",
+ "dayOfMonth": "*",
+ "dayOfWeek": "5, 7",
+ "month": "*",
+ "year": "2018"
+ },
+ "inteval": {
+ "minutes": 9
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180112-14:32:27.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": true,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "Applicable every Wednesday or Saturday or 1st of month starting at 10 past noon hour PST for 2 days and 10 hours",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2018/02/03 12:16:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "10",
+ "hour": "12",
+ "dayOfMonth": "1",
+ "dayOfWeek": "4, 7",
+ "month": "*",
+ "year": "2018"
+ },
+ "interval": {
+ "days": 2,
+ "hours": 10
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180115-19:32:27.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": true,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "Applicable every Wednesday or Saturday or 1st of month starting at 59 minutes past midnight PST for 1 day and 2 minutes",
+ "validitySchedules": [
+ {
+ "startTime": "2017/01/12 14:32:00",
+ "endTime": "2018/02/03 12:16:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "59",
+ "hour": "0",
+ "dayOfMonth": "1",
+ "dayOfWeek": "4, 7",
+ "month": "*",
+ "year": "2017-2018"
+ },
+ "interval": {
+ "days": 1,
+ "minutes": 2
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180102-01:00:00.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": true,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "Applicable every 31st of month starting at noon Zulu for 1 day, starting from 1/1/18",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/01 00:00:00",
+ "endTime": "2050/02/03 12:16:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "0",
+ "hour": "12",
+ "dayOfMonth": "31",
+ "dayOfWeek": "*",
+ "month": "*",
+ "year": "2017-2018"
+ },
+ "interval": {
+ "days": 1
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180301-00:00:00.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": true,
+ "validationFailureCount": 0
+ }
+ }
+ ,
+ {
+ "name": "validity-interval longer than minimum diff in - still not applicable",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/23 06:30:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "0",
+ "hour": "12",
+ "dayOfMonth": "1",
+ "dayOfWeek": "2, 3",
+ "month": "*",
+ "year": "*"
+ },
+ "interval": {
+ "days": 1,
+ "hours": 23,
+ "minutes": 59
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180304-14:40:00.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": false,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "validity-interval longer than minimum diff in schedule - applicable",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/23 06:30:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "0",
+ "hour": "12",
+ "dayOfMonth": "1",
+ "dayOfWeek": "2, 3",
+ "month": "*",
+ "year": "*"
+ },
+ "interval": {
+ "days": 1,
+ "hours": 23,
+ "minutes": 59
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180303-10:40:00.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": true,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "dayOfWeek non blank and dayOfMonth blank - applicable",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/23 06:30:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "45, 30, 1, 14",
+ "hour": "0,20, 21",
+ "dayOfMonth": "",
+ "dayOfWeek": "1",
+ "month": "12, 1-2",
+ "year": "2018"
+ },
+ "interval": {
+ "hours": 5
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180114-04:32:27.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": true,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "dayOfWeek non blank and dayOfMonth blank - not applicable",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/23 06:30:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "45, 30, 1, 14",
+ "hour": "0,20, 21",
+ "dayOfMonth": "",
+ "dayOfWeek": "1",
+ "month": "12, 1-2",
+ "year": "2018"
+ },
+ "interval": {
+ "hours": 5
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180119-04:32:27.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": false,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "dayOfWeek blank and dayOfMonth not blank - applicable",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/23 06:30:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "45, 30, 1, 14",
+ "hour": "0,20, 21",
+ "dayOfMonth": "15, 20",
+ "dayOfWeek": "",
+ "month": "12, 1-2",
+ "year": "2018"
+ },
+ "interval": {
+ "days": 5
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180119-04:32:27.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": true,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "dayOfWeek blank and dayOfMonth not blank - not applicable",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/23 06:30:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "45, 30, 1, 14",
+ "hour": "0,20, 21",
+ "dayOfMonth": "15, 20",
+ "dayOfWeek": "",
+ "month": "12, 1-2",
+ "year": "2018"
+ },
+ "interval": {
+ "days": 3
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180119-04:32:27.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": false,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "Applicable every 31st of month or every Thursday starting at noon Zulu for 1 day, starting from 1/1/18 - not applicable",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/01 00:00:00",
+ "endTime": "2050/02/03 12:16:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "0",
+ "hour": "12",
+ "dayOfMonth": "31",
+ "dayOfWeek": "5",
+ "month": "*",
+ "year": "2017-2018"
+ },
+ "interval": {
+ "days": 1
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180301-00:00:00.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": false,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "Applicable every 31st of month or every Thursday starting at noon Zulu for 1 day, starting from 1/1/18 - applicable",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/01 00:00:00",
+ "endTime": "2050/02/03 12:16:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "0",
+ "hour": "12",
+ "dayOfMonth": "31",
+ "dayOfWeek": "5",
+ "month": "*",
+ "year": "2017-2018"
+ },
+ "interval": {
+ "days": 1
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180216-00:00:00.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": true,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "Applicable on Feb 29",
+ "validitySchedules": [
+ {
+ "startTime": "2020/01/01 00:00:00",
+ "endTime": "2050/02/03 12:16:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "0",
+ "hour": "*",
+ "dayOfMonth": "29",
+ "dayOfWeek": "",
+ "month": "2",
+ "year": "2020-2026"
+ },
+ "interval": {
+ "days": 1
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20200301-00:00:00.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": true,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "Not Applicable on Mar 29",
+ "validitySchedules": [
+ {
+ "startTime": "2020/01/01 00:00:00",
+ "endTime": "2050/02/03 12:16:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "0",
+ "hour": "*",
+ "dayOfMonth": "29",
+ "dayOfWeek": "",
+ "month": "3",
+ "year": "2020-2026"
+ },
+ "interval": {
+ "days": 1
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20200301-00:00:00.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": false,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "Applicable on Feb 29 with a timezone specified in the schedule",
+ "validitySchedules": [
+ {
+ "startTime": "2020/01/01 00:00:00",
+ "endTime": "2050/02/03 12:16:00",
+ "timeZone": "IST",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "0",
+ "hour": "*",
+ "dayOfMonth": "29",
+ "dayOfWeek": "",
+ "month": "2",
+ "year": "2020-2026"
+ },
+ "interval": {
+ "days": 1
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20200229-23:30:00.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": true,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "Not applicable with a timezone specified in the schedule; no recurrences",
+ "validitySchedules": [
+ {
+ "startTime": "2020/01/01 00:00:00",
+ "endTime": "2050/02/03 12:16:00",
+ "timeZone": "GMT"
+ }
+ ],
+ "accessTime": "20191231-16:00:00.000-0700",
+ "result": {
+ "isValid": true,
+ "isApplicable": false,
+ "validationFailureCount": 0
+ }
+ }
+
+]
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/agents-common/src/test/resources/policyengine/validityscheduler/test-validity-schedules-valid.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/validityscheduler/test-validity-schedules-valid.json b/agents-common/src/test/resources/policyengine/validityscheduler/test-validity-schedules-valid.json
new file mode 100644
index 0000000..d42d3e6
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/validityscheduler/test-validity-schedules-valid.json
@@ -0,0 +1,152 @@
+[
+ {
+ "name": "AccessTime before startTime",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/12 14:32:00"
+ }
+ ],
+ "accessTime": "20170112-14:32:27.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": false,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "AccessTime after endTime",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2018/02/12 14:32:00"
+ }
+ ],
+ "accessTime": "20180312-14:32:27.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": false,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "Not applicable for minute field",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/12 14:32:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "59, 15, 30",
+ "hour": "*",
+ "dayOfMonth": "*",
+ "dayOfWeek": "*",
+ "month": "*",
+ "year": "2018-2020"
+ },
+ "interval": {
+ "minutes": 10
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180212-14:26:00.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": false,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "Not applicable as accessTime earlier than startTime",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/12 14:32:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "3",
+ "hour": "10, 21",
+ "dayOfMonth": "*",
+ "dayOfWeek": "*",
+ "month": "*",
+ "year": "2018-2020"
+ },
+ "interval": {
+ "hours": 2
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20170112-14:26:27.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": false,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "dayOfWeek blank and dayOfMonth not blank",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/23 06:30:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "45, 30, 1, 14",
+ "hour": "0,20, 21",
+ "dayOfMonth": "12",
+ "dayOfWeek": "",
+ "month": "12, 1-2",
+ "year": "2018"
+ },
+ "interval": {
+ "minutes": 10
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180112-18:32:27.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": false,
+ "validationFailureCount": 0
+ }
+ },
+ {
+ "name": "dayOfWeek non blank and dayOfMonth blank",
+ "validitySchedules": [
+ {
+ "startTime": "2018/01/12 14:32:00",
+ "endTime": "2020/01/23 06:30:00",
+ "recurrences": [
+ {
+ "schedule": {
+ "minute": "45, 30, 1, 14",
+ "hour": "0,20, 21",
+ "dayOfMonth": "",
+ "dayOfWeek": "1",
+ "month": "12, 1-2",
+ "year": "2018"
+ },
+ "interval": {
+ "minutes": 10
+ }
+ }
+ ]
+ }
+ ],
+ "accessTime": "20180112-18:32:27.000-0800",
+ "result": {
+ "isValid": true,
+ "isApplicable": false,
+ "validationFailureCount": 0
+ }
+ }
+]
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index d516d64..9e8fcad 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -551,6 +551,8 @@ CREATE TABLE `x_policy` (
`resource_signature` varchar(128) DEFAULT NULL,
`is_enabled` tinyint(1) NOT NULL DEFAULT '0',
`is_audit_enabled` tinyint(1) NOT NULL DEFAULT '0',
+`options` varchar(4000) NULL DEFAULT NULL,
+`policy_priority` int NOT NULL DEFAULT '0',
primary key (`id`),
KEY `x_policy_added_by_id` (`added_by_id`),
KEY `x_policy_upd_by_id` (`upd_by_id`),
@@ -983,6 +985,7 @@ CREATE TABLE IF NOT EXISTS `x_tag` (
`version` BIGINT(20) NULL DEFAULT NULL,
`type` BIGINT(20) NOT NULL,
`owned_by` SMALLINT DEFAULT 0 NOT NULL,
+`options` varchar(4000) NULL DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `x_tag_UK_guid` (`guid`),
KEY `x_tag_IDX_type` (`type`),
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/db/mysql/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql b/security-admin/db/mysql/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
new file mode 100644
index 0000000..f8bedc4
--- /dev/null
+++ b/security-admin/db/mysql/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
@@ -0,0 +1,44 @@
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+drop procedure if exists add_x_policy_columns_for_time_based_classification;
+delimiter ;;
+
+create procedure add_x_policy_columns_for_time_based_classification() begin
+if not exists (select * from information_schema.columns where table_schema=database() and table_name = 'x_policy' and column_name='options') then
+ ALTER TABLE x_policy ADD options varchar(4000) NULL DEFAULT NULL;
+end if;
+if not exists (select * from information_schema.columns where table_schema=database() and table_name = 'x_policy' and column_name='policy_priority') then
+ ALTER TABLE x_policy ADD policy_priority int NOT NULL DEFAULT '0';
+end if;
+end;;
+delimiter ;
+call add_x_policy_columns_for_time_based_classification();
+
+drop procedure if exists add_x_policy_columns_for_time_based_classification;
+
+drop procedure if exists add_x_policy_columns_for_time_based_classification;
+delimiter ;;
+
+create procedure add_x_tag_columns_for_time_based_classification() begin
+if not exists (select * from information_schema.columns where table_schema=database() and table_name = 'x_tag' and column_name='options') then
+ ALTER TABLE x_tag ADD options varchar(4000) NULL DEFAULT NULL;
+end if;
+end;;
+delimiter ;
+call add_x_tag_columns_for_time_based_classification();
+
+drop procedure if exists add_x_tag_columns_for_time_based_classification;
+
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index abc7d59..55d44a1 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -455,6 +455,8 @@ description VARCHAR(1024) DEFAULT NULL NULL,
resource_signature VARCHAR(128) DEFAULT NULL NULL,
is_enabled NUMBER(1) DEFAULT '0' NOT NULL,
is_audit_enabled NUMBER(1) DEFAULT '0' NOT NULL,
+options varchar(4000) DEFAULT NULL NULL,
+policy_priority NUMBER(11) DEFAULT 0 NOT NULL,
primary key (id),
CONSTRAINT x_policy_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
CONSTRAINT x_policy_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id),
@@ -873,6 +875,7 @@ upd_by_id NUMBER(20) DEFAULT NULL NULL,
version NUMBER(20) DEFAULT NULL NULL,
type NUMBER(20) NOT NULL,
owned_by NUMBER(6) DEFAULT 0 NOT NULL,
+options varchar(4000) DEFAULT NULL NULL,
primary key (id),
CONSTRAINT x_tag_UK_guid UNIQUE (guid),
CONSTRAINT x_tag_FK_type FOREIGN KEY (type) REFERENCES x_tag_def (id),
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/db/oracle/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql b/security-admin/db/oracle/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
new file mode 100644
index 0000000..4183572
--- /dev/null
+++ b/security-admin/db/oracle/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
@@ -0,0 +1,34 @@
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+DECLARE
+ v_count number:=0;
+BEGIN
+ select count(*) into v_count from user_tab_cols where table_name='X_POLICY' and column_name='OPTIONS';
+ if (v_count = 0) then
+ execute immediate 'ALTER TABLE x_policy ADD options varchar(4000) DEFAULT NULL NULL';
+ end if;
+
+ select count(*) into v_count from user_tab_cols where table_name='X_POLICY' and column_name='POLICY_PRIORITY';
+ if (v_count = 0) then
+ execute immediate 'ALTER TABLE x_policy ADD policy_priority NUMBER(11) DEFAULT 0 NOT NULL';
+ end if;
+
+ select count(*) into v_count from user_tab_cols where table_name='X_TAG' and column_name='OPTIONS';
+ if (v_count = 0) then
+ execute immediate 'ALTER TABLE x_tag ADD options varchar(4000) DEFAULT NULL NULL';
+ end if;
+ commit;
+END;/
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index 8862946..ef9ece7 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -463,6 +463,8 @@ description VARCHAR(1024) DEFAULT NULL NULL,
resource_signature VARCHAR(128) DEFAULT NULL NULL,
is_enabled BOOLEAN DEFAULT '0' NOT NULL,
is_audit_enabled BOOLEAN DEFAULT '0' NOT NULL,
+options VARCHAR(4000) DEFAULT NULL NULL,
+policy_priority INT DEFAULT 0 NOT NULL,
primary key(id),
CONSTRAINT x_policy_FK_added_by_id FOREIGN KEY(added_by_id) REFERENCES x_portal_user(id),
CONSTRAINT x_policy_FK_upd_by_id FOREIGN KEY(upd_by_id) REFERENCES x_portal_user(id),
@@ -951,6 +953,7 @@ upd_by_id BIGINT DEFAULT NULL NULL,
version BIGINT DEFAULT NULL NULL,
type BIGINT NOT NULL,
owned_by SMALLINT DEFAULT 0 NOT NULL,
+options VARCHAR(4000) DEFAULT NULL NULL,
primary key (id),
CONSTRAINT x_tag_UK_guid UNIQUE (guid),
CONSTRAINT x_tag_FK_type FOREIGN KEY (type) REFERENCES x_tag_def (id),
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/db/postgres/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/postgres/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql b/security-admin/db/postgres/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
new file mode 100644
index 0000000..53ddacc
--- /dev/null
+++ b/security-admin/db/postgres/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
@@ -0,0 +1,53 @@
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+-- function add_x_policy_columns_for_time_based_classification
+select 'delimiter start';
+CREATE OR REPLACE FUNCTION add_x_policy_columns_for_time_based_classification()
+RETURNS void AS $$
+DECLARE
+ v_column_exists integer := 0;
+BEGIN
+ select count(*) into v_column_exists from pg_attribute where attrelid in(select oid from pg_class where relname='x_policy') and attname='options';
+ IF v_column_exists = 0 THEN
+ ALTER TABLE x_policy ADD COLUMN options VARCHAR(4000) DEFAULT NULL NULL;
+ END IF;
+ select count(*) into v_column_exists from pg_attribute where attrelid in(select oid from pg_class where relname='x_policy') and attname='policy_priority';
+ IF v_column_exists = 0 THEN
+ ALTER TABLE x_policy ADD COLUMN policy_priority INT DEFAULT 0 NOT NULL;
+ END IF;
+END;
+$$ LANGUAGE plpgsql;
+select 'delimiter end';
+
+select add_x_policy_columns_for_time_based_classification();
+select 'delimiter end';
+
+select 'delimiter start';
+CREATE OR REPLACE FUNCTION add_x_tag_columns_for_time_based_classification()
+RETURNS void AS $$
+DECLARE
+ v_column_exists integer := 0;
+BEGIN
+ select count(*) into v_column_exists from pg_attribute where attrelid in(select oid from pg_class where relname='x_tag') and attname='options';
+ IF v_column_exists = 0 THEN
+ ALTER TABLE x_tag ADD COLUMN options VARCHAR(4000) DEFAULT NULL NULL;
+ END IF;
+END;
+$$ LANGUAGE plpgsql;
+select 'delimiter end';
+
+select add_x_tag_columns_for_time_based_classification();
+select 'delimiter end';
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index bf3d954..c98d362 100644
--- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -341,6 +341,8 @@ create table dbo.x_policy (
resource_signature varchar(128) DEFAULT NULL NULL,
is_enabled tinyint DEFAULT 0 NOT NULL,
is_audit_enabled tinyint DEFAULT 0 NOT NULL,
+ options varchar(4000) DEFAULT NULL NULL,
+ policy_priority int DEFAULT 0 NOT NULL,
CONSTRAINT x_policy_PK_id PRIMARY KEY CLUSTERED(id)
)
GO
@@ -690,6 +692,7 @@ CREATE TABLE dbo.x_tag(
version bigint DEFAULT NULL NULL,
type bigint NOT NULL,
owned_by smallint DEFAULT 0 NOT NULL,
+ options varchar(4000) DEFAULT NULL NULL,
CONSTRAINT x_tag_PK_id PRIMARY KEY CLUSTERED(id),
CONSTRAINT x_tag_UK_guid UNIQUE NONCLUSTERED (guid)
)
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/db/sqlanywhere/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlanywhere/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql b/security-admin/db/sqlanywhere/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
new file mode 100644
index 0000000..1314ecb
--- /dev/null
+++ b/security-admin/db/sqlanywhere/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
@@ -0,0 +1,29 @@
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+IF NOT EXISTS(select * from SYS.SYSCOLUMNS where tname = 'x_policy' and cname = 'options') THEN
+ ALTER TABLE dbo.x_policy ADD options varchar(4000) DEFAULT NULL NULL;
+END IF;
+GO
+IF NOT EXISTS(select * from SYS.SYSCOLUMNS where tname = 'x_policy' and cname = 'policy_priority') THEN
+ ALTER TABLE dbo.x_policy ADD policy_priority int DEFAULT 0 NOT NULL;
+END IF;
+GO
+IF NOT EXISTS(select * from SYS.SYSCOLUMNS where tname = 'x_tag' and cname = 'options') THEN
+ ALTER TABLE dbo.x_tag ADD options varchar(4000) DEFAULT NULL NULL;
+END IF;
+GO
+
+exit
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 56e2e99..61e81a0 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -1151,6 +1151,8 @@ CREATE TABLE [dbo].[x_policy] (
[resource_signature] [varchar](128) DEFAULT NULL NULL,
[is_enabled] [tinyint] DEFAULT 0 NOT NULL,
[is_audit_enabled] [tinyint] DEFAULT 0 NOT NULL,
+ [options] [varchar](4000) DEFAULT NULL NULL,
+ [policy_priority] [int] DEFAULT 0 NOT NULL,
PRIMARY KEY CLUSTERED
(
[id] ASC
@@ -1613,6 +1615,7 @@ CREATE TABLE [dbo].[x_tag](
[version] [bigint] DEFAULT NULL NULL,
[type] [bigint] NOT NULL,
[owned_by] [smallint] DEFAULT 0 NOT NULL,
+ [options] [varchar](4000) DEFAULT NULL NULL,
PRIMARY KEY CLUSTERED
(
[id] ASC
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/db/sqlserver/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlserver/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql b/security-admin/db/sqlserver/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
new file mode 100644
index 0000000..932861c
--- /dev/null
+++ b/security-admin/db/sqlserver/patches/032-add-options-to-policy-and-tag-for-time-based-processing.sql
@@ -0,0 +1,35 @@
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+GO
+IF NOT EXISTS(select * from INFORMATION_SCHEMA.columns where table_name = 'x_policy' and column_name = 'options')
+BEGIN
+ ALTER TABLE [dbo].[x_policy] ADD [options] [varchar](4000) DEFAULT NULL NULL;
+END
+GO
+GO
+IF NOT EXISTS(select * from INFORMATION_SCHEMA.columns where table_name = 'x_policy' and column_name = 'policy_priority')
+BEGIN
+ ALTER TABLE [dbo].[x_policy] ADD [policy_priority] [int] DEFAULT 0 NOT NULL;
+END
+GO
+GO
+IF NOT EXISTS(select * from INFORMATION_SCHEMA.columns where table_name = 'x_tag' and column_name = 'options')
+BEGIN
+ ALTER TABLE [dbo].[x_tag] ADD [options] [varchar](4000) DEFAULT NULL NULL;
+END
+GO
+
+exit
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
index 2c4241d..463957c 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
@@ -26,9 +26,11 @@ import java.util.ListIterator;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.authorization.utils.JsonUtils;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.*;
@@ -41,9 +43,10 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemRowFilterInfo;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem;
+import org.apache.ranger.plugin.model.RangerValiditySchedule;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator;
import org.apache.ranger.plugin.util.RangerPerfTracer;
-
+import org.apache.ranger.service.RangerPolicyService;
public class RangerPolicyRetriever {
static final Log LOG = LogFactory.getLog(RangerPolicyRetriever.class);
@@ -235,7 +238,7 @@ public class RangerPolicyRetriever {
final Map<Long, String> conditions = new HashMap<Long, String>();
final Map<Long, String> resourceDefs = new HashMap<Long, String>();
final Map<Long, String> dataMasks = new HashMap<Long, String>();
- final Map<Long, String> policyLabels = new HashMap<Long, String>();
+ final Map<Long, String> policyLabels = new HashMap<Long, String>();
String getUserName(Long userId) {
String ret = null;
@@ -257,25 +260,25 @@ public class RangerPolicyRetriever {
return ret;
}
- String getPolicyLabelName(Long policyLabelId) {
- String ret = null;
+ String getPolicyLabelName(Long policyLabelId) {
+ String ret = null;
- if(policyLabelId != null) {
- ret = policyLabels.get(policyLabelId);
+ if (policyLabelId != null) {
+ ret = policyLabels.get(policyLabelId);
- if(ret == null) {
- XXPolicyLabel xxPolicyLabel = daoMgr.getXXPolicyLabels().getById(policyLabelId);
+ if (ret == null) {
+ XXPolicyLabel xxPolicyLabel = daoMgr.getXXPolicyLabels().getById(policyLabelId);
- if(xxPolicyLabel != null) {
- ret = xxPolicyLabel.getPolicyLabel();
+ if (xxPolicyLabel != null) {
+ ret = xxPolicyLabel.getPolicyLabel();
- policyLabels.put(policyLabelId, ret);
- }
- }
- }
+ policyLabels.put(policyLabelId, ret);
+ }
+ }
+ }
- return ret;
- }
+ return ret;
+ }
String getUserScreenName(Long userId) {
String ret = null;
@@ -449,7 +452,7 @@ public class RangerPolicyRetriever {
List<XXPolicyItemCondition> xConditions = daoMgr.getXXPolicyItemCondition().findByServiceId(serviceId);
List<XXPolicyItemDataMaskInfo> xDataMaskInfos = daoMgr.getXXPolicyItemDataMaskInfo().findByServiceId(serviceId);
List<XXPolicyItemRowFilterInfo> xRowFilterInfos = daoMgr.getXXPolicyItemRowFilterInfo().findByServiceId(serviceId);
- List<XXPolicyLabelMap> xxPolicyLabelMap = daoMgr.getXXPolicyLabelMap().findByServiceId(serviceId);
+ List<XXPolicyLabelMap> xxPolicyLabelMap = daoMgr.getXXPolicyLabelMap().findByServiceId(serviceId);
this.service = xService;
this.iterPolicy = xPolicies.listIterator();
@@ -482,7 +485,7 @@ public class RangerPolicyRetriever {
List<XXPolicyItemCondition> xConditions = daoMgr.getXXPolicyItemCondition().findByPolicyId(policyId);
List<XXPolicyItemDataMaskInfo> xDataMaskInfos = daoMgr.getXXPolicyItemDataMaskInfo().findByPolicyId(policyId);
List<XXPolicyItemRowFilterInfo> xRowFilterInfos = daoMgr.getXXPolicyItemRowFilterInfo().findByPolicyId(policyId);
- List<XXPolicyLabelMap> xPolicyLabelMap = daoMgr.getXXPolicyLabelMap().findByPolicyId(policyId);
+ List<XXPolicyLabelMap> xPolicyLabelMap = daoMgr.getXXPolicyLabelMap().findByPolicyId(policyId);
this.service = xService;
this.iterPolicy = xPolicies.listIterator();
@@ -495,7 +498,7 @@ public class RangerPolicyRetriever {
this.iterConditions = xConditions.listIterator();
this.iterDataMaskInfos = xDataMaskInfos.listIterator();
this.iterRowFilterInfos = xRowFilterInfos.listIterator();
- this.iterPolicyLabels = xPolicyLabelMap.listIterator();
+ this.iterPolicyLabels = xPolicyLabelMap.listIterator();
}
RangerPolicy getNextPolicy() {
@@ -518,11 +521,24 @@ public class RangerPolicyRetriever {
ret.setService(service == null ? null : service.getName());
ret.setName(StringUtils.trim(xPolicy.getName()));
ret.setPolicyType(xPolicy.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS : xPolicy.getPolicyType());
+ ret.setPolicyPriority(xPolicy.getPolicyPriority() == null ? RangerPolicy.POLICY_PRIORITY_NORMAL : xPolicy.getPolicyPriority());
ret.setDescription(xPolicy.getDescription());
ret.setResourceSignature(xPolicy.getResourceSignature());
ret.setIsAuditEnabled(xPolicy.getIsAuditEnabled());
- getPolicyLabels(ret);
+ Map<String, String> mapOfOptions = JsonUtils.jsonToMapStringString(xPolicy.getOptions());
+
+ if (MapUtils.isNotEmpty(mapOfOptions)) {
+ String validitySchedulesStr = mapOfOptions.get(RangerPolicyService.OPTION_POLICY_VALIDITY_SCHEDULES);
+
+ if (StringUtils.isNotEmpty(validitySchedulesStr)) {
+ List<RangerValiditySchedule> validitySchedules = JsonUtils.jsonToRangerValiditySchedule(validitySchedulesStr);
+
+ ret.setValiditySchedules(validitySchedules);
+ }
+ }
+
+ getPolicyLabels(ret);
getResource(ret);
getPolicyItems(ret);
}
@@ -531,24 +547,24 @@ public class RangerPolicyRetriever {
return ret;
}
- private void getPolicyLabels(RangerPolicy ret) {
- List<String> xPolicyLabels = new ArrayList<String>();
- while(iterPolicyLabels.hasNext()) {
- XXPolicyLabelMap xPolicyLabel = iterPolicyLabels.next();
- if(xPolicyLabel.getPolicyId().equals(ret.getId())) {
- String policyLabel = lookupCache.getPolicyLabelName(xPolicyLabel.getPolicyLabelId());
- if (policyLabel != null) {
- xPolicyLabels.add(policyLabel);
- }
- ret.setPolicyLabels(xPolicyLabels);
- } else {
- if(iterPolicyLabels.hasPrevious()) {
- iterPolicyLabels.previous();
- }
- break;
- }
- }
- }
+ private void getPolicyLabels(RangerPolicy ret) {
+ List<String> xPolicyLabels = new ArrayList<String>();
+ while (iterPolicyLabels.hasNext()) {
+ XXPolicyLabelMap xPolicyLabel = iterPolicyLabels.next();
+ if (xPolicyLabel.getPolicyId().equals(ret.getId())) {
+ String policyLabel = lookupCache.getPolicyLabelName(xPolicyLabel.getPolicyLabelId());
+ if (policyLabel != null) {
+ xPolicyLabels.add(policyLabel);
+ }
+ ret.setPolicyLabels(xPolicyLabels);
+ } else {
+ if (iterPolicyLabels.hasPrevious()) {
+ iterPolicyLabels.previous();
+ }
+ break;
+ }
+ }
+ }
List<RangerPolicy> getAllPolicies() {
List<RangerPolicy> ret = new ArrayList<RangerPolicy>();
@@ -604,8 +620,8 @@ public class RangerPolicyRetriever {
|| iterAccesses.hasNext()
|| iterConditions.hasNext()
|| iterDataMaskInfos.hasNext()
- || iterRowFilterInfos.hasNext()
- || iterPolicyLabels.hasNext();
+ || iterRowFilterInfos.hasNext()
+ || iterPolicyLabels.hasNext();
return !moreToProcess;
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/src/main/java/org/apache/ranger/biz/RangerTagDBRetriever.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerTagDBRetriever.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerTagDBRetriever.java
index 52c1288..5550572 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerTagDBRetriever.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerTagDBRetriever.java
@@ -26,9 +26,12 @@ import java.util.ListIterator;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.utils.JsonUtils;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.*;
@@ -36,7 +39,6 @@ import org.apache.ranger.plugin.model.*;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.util.RangerPerfTracer;
-
public class RangerTagDBRetriever {
static final Log LOG = LogFactory.getLog(RangerTagDBRetriever.class);
static final Log PERF_LOG = RangerPerfTracer.getPerfLogger("db.RangerTagDBRetriever");
@@ -537,6 +539,18 @@ public class RangerTagDBRetriever {
ret.setUpdateTime(xTag.getUpdateTime());
ret.setVersion(xTag.getVersion());
+ Map<String, String> mapOfOptions = JsonUtils.jsonToMapStringString(xTag.getOptions());
+
+ if (MapUtils.isNotEmpty(mapOfOptions)) {
+ String validityPeriodsStr = mapOfOptions.get(RangerTag.OPTION_TAG_VALIDITY_PERIODS);
+
+ if (StringUtils.isNotEmpty(validityPeriodsStr)) {
+ List<RangerValiditySchedule> validityPeriods = JsonUtils.jsonToRangerValiditySchedule(validityPeriodsStr);
+
+ ret.setValidityPeriods(validityPeriods);
+ }
+ }
+
Map<Long, RangerTagDef> tagDefs = getTagDefs();
if (tagDefs != null) {
RangerTagDef tagDef = tagDefs.get(xTag.getType());
@@ -560,7 +574,6 @@ public class RangerTagDBRetriever {
String attributeName = xTagAttribute.getName();
String attributeValue = xTagAttribute.getValue();
-
tag.getAttributes().put(attributeName, attributeValue);
} else if (xTagAttribute.getTagId().compareTo(tag.getId()) > 0) {
if (iterTagAttribute.hasPrevious()) {
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
index 1583018..8341a73 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
@@ -20,6 +20,7 @@
package org.apache.ranger.biz;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -49,6 +50,8 @@ import org.apache.ranger.entity.XXTagResourceMap;
import org.apache.ranger.plugin.model.*;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerTagDef.RangerTagAttributeDef;
+import org.apache.ranger.plugin.model.validation.RangerValidityScheduleValidator;
+import org.apache.ranger.plugin.model.validation.ValidationFailureDetails;
import org.apache.ranger.plugin.store.AbstractTagStore;
import org.apache.ranger.plugin.store.PList;
import org.apache.ranger.plugin.store.RangerServiceResourceSignature;
@@ -298,6 +301,8 @@ public class TagDBStore extends AbstractTagStore {
LOG.debug("==> TagDBStore.createTag(" + tag + ")");
}
+ tag = validateTag(tag);
+
RangerTag ret = rangerTagService.create(tag);
createTagAttributes(ret.getId(), tag.getAttributes());
@@ -317,6 +322,8 @@ public class TagDBStore extends AbstractTagStore {
LOG.debug("==> TagDBStore.updateTag(" + tag + ")");
}
+ tag = validateTag(tag);
+
RangerTag existing = rangerTagService.read(tag.getId());
if (existing == null) {
@@ -1088,7 +1095,7 @@ public class TagDBStore extends AbstractTagStore {
}
}
- private List<XXTagAttribute> createTagAttributes(Long tagId, Map<String, String> attributes) {
+ private List<XXTagAttribute> createTagAttributes(Long tagId, Map<String, String> attributes) throws Exception {
List<XXTagAttribute> ret = new ArrayList<XXTagAttribute>();
if(MapUtils.isNotEmpty(attributes)) {
@@ -1281,4 +1288,36 @@ public class TagDBStore extends AbstractTagStore {
LOG.debug("<== TagDBStore.deleteAllTagObjectsForService(" + serviceName + ")");
}
}
+
+ private RangerTag validateTag(RangerTag tag) throws Exception {
+ List<RangerValiditySchedule> validityPeriods = tag.getValidityPeriods();
+
+ if (CollectionUtils.isNotEmpty(validityPeriods)) {
+ List<RangerValiditySchedule> normalizedValidityPeriods = new ArrayList<>();
+ List<ValidationFailureDetails> failures = new ArrayList<>();
+
+ for (RangerValiditySchedule validityPeriod : validityPeriods) {
+ RangerValidityScheduleValidator validator = new RangerValidityScheduleValidator(validityPeriod);
+ RangerValiditySchedule normalizedValidityPeriod = validator.validate(failures);
+
+ if (normalizedValidityPeriod != null && CollectionUtils.isEmpty(failures)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Normalized ValidityPeriod:[" + normalizedValidityPeriod + "]");
+ }
+
+ normalizedValidityPeriods.add(normalizedValidityPeriod);
+ } else {
+ String error = "Incorrect time-specification:[" + Arrays.asList(failures) + "]";
+
+ LOG.error(error);
+
+ throw new Exception(error);
+ }
+ }
+
+ tag.setValidityPeriods(normalizedValidityPeriods);
+ }
+
+ return tag;
+ }
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
index a2250ec..c6686ff 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
@@ -64,8 +64,8 @@ public class RangerSearchUtil extends SearchUtil {
ret.setParam(SearchFilter.POL_RESOURCE, request.getParameter(SearchFilter.POL_RESOURCE));
ret.setParam(SearchFilter.RESOURCE_SIGNATURE, request.getParameter(SearchFilter.RESOURCE_SIGNATURE));
ret.setParam(SearchFilter.POLICY_TYPE, request.getParameter(SearchFilter.POLICY_TYPE));
- ret.setParam(SearchFilter.POLICY_LABEL, request.getParameter(SearchFilter.POLICY_LABEL));
- ret.setParam(SearchFilter.POLICY_LABELS_PARTIAL, request.getParameter(SearchFilter.POLICY_LABELS_PARTIAL));
+ ret.setParam(SearchFilter.POLICY_LABEL, request.getParameter(SearchFilter.POLICY_LABEL));
+ ret.setParam(SearchFilter.POLICY_LABELS_PARTIAL, request.getParameter(SearchFilter.POLICY_LABELS_PARTIAL));
ret.setParam(SearchFilter.PLUGIN_HOST_NAME, request.getParameter(SearchFilter.PLUGIN_HOST_NAME));
ret.setParam(SearchFilter.PLUGIN_APP_TYPE, request.getParameter(SearchFilter.PLUGIN_APP_TYPE));
ret.setParam(SearchFilter.PLUGIN_ENTITY_TYPE, request.getParameter(SearchFilter.PLUGIN_ENTITY_TYPE));
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java
index 69d28bb..2616594 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyBase.java
@@ -75,6 +75,14 @@ public abstract class XXPolicyBase extends XXDBBase {
protected Integer policyType;
/**
+ * policyPriority of the XXPolicy
+ * <ul>
+ * </ul>
+ *
+ */
+ @Column(name = "policy_priority")
+ protected Integer policyPriority;
+ /**
* description of the XXPolicy
* <ul>
* </ul>
@@ -110,6 +118,14 @@ public abstract class XXPolicyBase extends XXDBBase {
@Column(name = "is_audit_enabled")
protected boolean isAuditEnabled;
+ /**
+ * options of the XXPolicy
+ * <ul>
+ * </ul>
+ *
+ */
+ @Column(name = "options")
+ protected String options;
/**
* @return the gUID
*/
@@ -233,7 +249,7 @@ public abstract class XXPolicyBase extends XXDBBase {
/**
* Returns the value for the member attribute <b>isEnabled</b>
*
- * @return Date - value of member attribute <b>isEnabled</b> .
+ * @return Value of member attribute <b>isEnabled</b> .
*/
public boolean getIsEnabled() {
return this.isEnabled;
@@ -253,7 +269,7 @@ public abstract class XXPolicyBase extends XXDBBase {
/**
* Returns the value for the member attribute <b>isAuditEnabled</b>
*
- * @return Date - value of member attribute <b>isAuditEnabled</b> .
+ * @return Value of member attribute <b>isAuditEnabled</b> .
*/
public boolean getIsAuditEnabled() {
return this.isAuditEnabled;
@@ -267,6 +283,33 @@ public abstract class XXPolicyBase extends XXDBBase {
this.policyType = policyType;
}
+ public Integer getPolicyPriority() {
+ return policyPriority;
+ }
+
+ public void setPolicyPriority(Integer policyPriority) {
+ this.policyPriority = policyPriority;
+ }
+
+ /**
+ * This method sets the value to the member attribute <b> options</b> .
+ *
+ * @param options
+ * Value to set member attribute <b> options</b>
+ */
+ public void setOptions(String options) {
+ this.options = options;
+ }
+
+ /**
+ * Returns the value for the member attribute <b>options</b>
+ *
+ * @return Value of member attribute <b>options</b> .
+ */
+ public String getOptions() {
+ return this.options;
+ }
+
/*
* (non-Javadoc)
*
@@ -342,6 +385,21 @@ public abstract class XXPolicyBase extends XXDBBase {
} else if (!policyType.equals(other.policyType)) {
return false;
}
+ if (policyPriority == null) {
+ if (other.policyPriority != null) {
+ return false;
+ }
+ } else if (!policyPriority.equals(other.policyPriority)) {
+ return false;
+ }
+ if (options == null) {
+ if (other.options != null) {
+ return false;
+ }
+ } else if (!options.equals(other.options)) {
+ return false;
+ }
+
return true;
}
@@ -355,8 +413,9 @@ public abstract class XXPolicyBase extends XXDBBase {
String str = "XXPolicyBase={";
str += super.toString();
str += " [guid=" + guid + ", version=" + version + ", service=" + service + ", name=" + name
- + ", policyType=" + policyType + ", description=" + description + ", resourceSignature="
- + resourceSignature + ", isEnabled=" + isEnabled + ", isAuditEnabled=" + isAuditEnabled + "]";
+ + ", policyType=" + policyType + ", policyPriority=" + policyPriority + ", description=" + description + ", resourceSignature="
+ + resourceSignature + ", isEnabled=" + isEnabled + ", isAuditEnabled=" + isAuditEnabled
+ + ", options=" + options + "]";
str += "}";
return str;
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java b/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java
index 9155385..44d43ef 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java
@@ -60,6 +60,9 @@ public class XXTag extends XXDBBase implements Serializable {
@Column(name = "owned_by")
protected Short owner;
+ @Column(name = "options")
+ protected String options;
+
@Override
public void setId(Long id) {
this.id = id;
@@ -118,7 +121,15 @@ public class XXTag extends XXDBBase implements Serializable {
public Short getOwner() { return owner; }
public void setOwner(Short owner) { this.owner = owner; }
- @Override
+ public void setOptions(String options) {
+ this.options = options;
+ }
+
+ public String getOptions() {
+ return this.options;
+ }
+
+ @Override
public int getMyClassType() {
return AppConstants.CLASS_TYPE_XA_TAG;
}
@@ -137,6 +148,7 @@ public class XXTag extends XXDBBase implements Serializable {
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((type == null) ? 0 : type.hashCode());
result = prime * result + ((owner == null) ? 0 : owner.hashCode());
+ result = prime * result + ((options == null) ? 0 : options.hashCode());
return result;
}
@@ -179,6 +191,11 @@ public class XXTag extends XXDBBase implements Serializable {
return false;
} else if (!owner.equals(other.owner))
return false;
+ if (options == null) {
+ if (other.options != null)
+ return false;
+ } else if (!options.equals(other.options))
+ return false;
return true;
}
@@ -201,6 +218,7 @@ public class XXTag extends XXDBBase implements Serializable {
sb.append("guid={").append(guid).append("} ");
sb.append("type={").append(type).append("} ");
sb.append("owned_by={").append(owner).append("} ");
+ sb.append("options={").append(options).append("} ");
sb.append(" }");
return sb;
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
index def5033..8d42165 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
@@ -17,7 +17,9 @@
package org.apache.ranger.service;
+import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.authorization.utils.JsonUtils;
import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.SearchField;
@@ -28,15 +30,22 @@ import org.apache.ranger.common.SortField.SORT_ORDER;
import org.apache.ranger.entity.XXPolicyBase;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerValiditySchedule;
import org.apache.ranger.plugin.util.SearchFilter;
import org.springframework.beans.factory.annotation.Autowired;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends RangerPolicy> extends
RangerBaseModelService<T, V> {
- @Autowired
+ public static final String OPTION_POLICY_VALIDITY_SCHEDULES = "POLICY_VALIDITY_SCHEDULES";
+
+ @Autowired
GUIDUtil guidUtil;
-
+
public RangerPolicyServiceBase() {
super();
searchFields.add(new SearchField(SearchFilter.SERVICE_TYPE, "xSvcDef.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL,
@@ -90,12 +99,28 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends
xObj.setService(xService.getId());
xObj.setName(StringUtils.trim(vObj.getName()));
xObj.setPolicyType(vObj.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS : vObj.getPolicyType());
+ xObj.setPolicyPriority(vObj.getPolicyPriority() == null ? RangerPolicy.POLICY_PRIORITY_NORMAL : vObj.getPolicyPriority());
xObj.setDescription(vObj.getDescription());
xObj.setResourceSignature(vObj.getResourceSignature());
xObj.setIsAuditEnabled(vObj.getIsAuditEnabled());
xObj.setIsEnabled(vObj.getIsEnabled());
- return xObj;
+ String validitySchedules = JsonUtils.listToJson(vObj.getValiditySchedules());
+ Map<String, Object> options = vObj.getOptions();
+
+ if (options == null) {
+ options = new HashMap<>();
+ }
+
+ if (StringUtils.isNotBlank(validitySchedules)) {
+ options.put(OPTION_POLICY_VALIDITY_SCHEDULES, validitySchedules);
+ } else {
+ options.remove(OPTION_POLICY_VALIDITY_SCHEDULES);
+ }
+
+ xObj.setOptions(JsonUtils.mapToJson(options));
+
+ return xObj;
}
@Override
@@ -106,10 +131,26 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends
vObj.setService(xService.getName());
vObj.setName(StringUtils.trim(xObj.getName()));
vObj.setPolicyType(xObj.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS : xObj.getPolicyType());
+ vObj.setPolicyPriority(xObj.getPolicyPriority() == null ? RangerPolicy.POLICY_PRIORITY_NORMAL : xObj.getPolicyPriority());
vObj.setDescription(xObj.getDescription());
vObj.setResourceSignature(xObj.getResourceSignature());
vObj.setIsEnabled(xObj.getIsEnabled());
vObj.setIsAuditEnabled(xObj.getIsAuditEnabled());
+
+ Map<String, Object> options = JsonUtils.jsonToObject(xObj.getOptions(), Map.class);
+
+ if (MapUtils.isNotEmpty(options)) {
+ String optionPolicyValiditySchedule = (String)options.remove(OPTION_POLICY_VALIDITY_SCHEDULES);
+
+ if (StringUtils.isNotBlank(optionPolicyValiditySchedule)) {
+ List<RangerValiditySchedule> validitySchedules = JsonUtils.jsonToRangerValiditySchedule(optionPolicyValiditySchedule);
+
+ vObj.setValiditySchedules(validitySchedules);
+ }
+ }
+
+ vObj.setOptions(options);
+
return vObj;
}
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/security-admin/src/main/java/org/apache/ranger/service/RangerTagServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerTagServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerTagServiceBase.java
index e68aa92..2e2c04f 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerTagServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerTagServiceBase.java
@@ -25,7 +25,9 @@ import java.util.List;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.authorization.utils.JsonUtils;
import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RangerConfigUtil;
@@ -33,6 +35,7 @@ import org.apache.ranger.entity.XXTagAttribute;
import org.apache.ranger.entity.XXTag;
import org.apache.ranger.entity.XXTagDef;
import org.apache.ranger.plugin.model.RangerTag;
+import org.apache.ranger.plugin.model.RangerValiditySchedule;
import org.apache.ranger.plugin.store.PList;
import org.apache.ranger.plugin.util.SearchFilter;
import org.springframework.beans.factory.annotation.Autowired;
@@ -63,6 +66,21 @@ public abstract class RangerTagServiceBase<T extends XXTag, V extends RangerTag>
xObj.setGuid(guid);
xObj.setType(xTagDef.getId());
xObj.setOwner(vObj.getOwner());
+
+ String validityPeriods = JsonUtils.listToJson(vObj.getValidityPeriods());
+ Map<String, Object> options = vObj.getOptions();
+
+ if (options == null) {
+ options = new HashMap<>();
+ }
+
+ if (StringUtils.isNotBlank(validityPeriods)) {
+ options.put(RangerTag.OPTION_TAG_VALIDITY_PERIODS, validityPeriods);
+ } else {
+ options.remove(RangerTag.OPTION_TAG_VALIDITY_PERIODS);
+ }
+
+ xObj.setOptions(JsonUtils.mapToJson(options));
return xObj;
}
@@ -79,6 +97,20 @@ public abstract class RangerTagServiceBase<T extends XXTag, V extends RangerTag>
vObj.setType(xTagDef.getName());
vObj.setOwner(xObj.getOwner());
+ Map<String, Object> options = JsonUtils.jsonToObject(xObj.getOptions(), Map.class);
+
+ if (MapUtils.isNotEmpty(options)) {
+ String optionTagValidityPeriod = (String)options.remove(RangerTag.OPTION_TAG_VALIDITY_PERIODS);
+
+ if (StringUtils.isNotBlank(optionTagValidityPeriod)) {
+ List<RangerValiditySchedule> validityPeriods = JsonUtils.jsonToRangerValiditySchedule(optionTagValidityPeriod);
+
+ vObj.setValidityPeriods(validityPeriods);
+ }
+ }
+
+ vObj.setOptions(options);
+
Map<String, String> attributes = getAttributesForTag(xObj);
vObj.setAttributes(attributes);
http://git-wip-us.apache.org/repos/asf/ranger/blob/844315cd/src/main/assembly/tagsync.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/tagsync.xml b/src/main/assembly/tagsync.xml
index c929395..0788ac1 100644
--- a/src/main/assembly/tagsync.xml
+++ b/src/main/assembly/tagsync.xml
@@ -60,6 +60,7 @@
<include>com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:${atlas.jackson.version}</include>
<include>com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:${atlas.jackson.version}</include>
<include>org.codehaus.jackson:jackson-core-asl:jar:${codehaus.jackson.version}</include>
+ <include>org.codehaus.jackson:jackson-mapper-asl:jar:${codehaus.jackson.version}</include>
<include>org.codehaus.jackson:jackson-jaxrs:jar:${codehaus.jackson.version}</include>
<include>org.codehaus.jettison:jettison:jar:${jettison.version}</include>
<include>org.scala-lang:scala-library:jar:${scala.version}</include>