You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2023/04/02 15:37:49 UTC
[ranger] branch ranger-2.4 updated (83d720a9c -> 9ee4b02cc)
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a change to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
from 83d720a9c RANGER-4161: modified pom.xml using mvn versions:set to set version as 2.4.1-SNAPSHOT
new 2dbac18e0 RANGER-4157: fixed handling of implicit addition of expression condition
new 9ee4b02cc RANGER-4124: value of -Dlogback.configurationFile in ranger-tagsync-services.sh is not configurable
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../ranger/service/RangerServiceDefService.java | 64 ----------------------
.../service/RangerServiceDefServiceBase.java | 63 +++++++++++++++++++++
tagsync/scripts/ranger-tagsync-services.sh | 6 +-
tagsync/scripts/setup.py | 4 ++
4 files changed, 72 insertions(+), 65 deletions(-)
[ranger] 02/02: RANGER-4124: value of -Dlogback.configurationFile in ranger-tagsync-services.sh is not configurable
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 9ee4b02ccf2a96ec4a7981b01c0c4e5c9d311a3b
Author: Yao Lei <le...@163.com>
AuthorDate: Wed Mar 8 10:53:18 2023 +0800
RANGER-4124: value of -Dlogback.configurationFile in ranger-tagsync-services.sh is not configurable
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
(cherry picked from commit cdc873177c4a0289826eff0b74df72d0d04b6d27)
---
tagsync/scripts/ranger-tagsync-services.sh | 6 +++++-
tagsync/scripts/setup.py | 4 ++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/tagsync/scripts/ranger-tagsync-services.sh b/tagsync/scripts/ranger-tagsync-services.sh
index 46f4428e3..460c4a130 100755
--- a/tagsync/scripts/ranger-tagsync-services.sh
+++ b/tagsync/scripts/ranger-tagsync-services.sh
@@ -92,8 +92,12 @@ if [ "${action}" == "START" ]; then
cd ${cdir}
+ if [ -z "${TAGSYNC_CONF_DIR}" ]; then
+ TAGSYNC_CONF_DIR=${cdir}/conf
+ fi
+
SLEEP_TIME_AFTER_START=5
- nohup java -Dproc_rangertagsync ${JAVA_OPTS} -Dlogdir="${RANGER_TAGSYNC_LOG_DIR}" -Dlogback.configurationFile=file:/etc/ranger/tagsync/conf/logback.xml -cp "${cp}" org.apache.ranger.tagsync.process.TagSynchronizer > ${RANGER_TAGSYNC_LOG_DIR}/tagsync.out 2>&1 &
+ nohup java -Dproc_rangertagsync ${JAVA_OPTS} -Dlogdir="${RANGER_TAGSYNC_LOG_DIR}" -Dlogback.configurationFile=file:${TAGSYNC_CONF_DIR}/logback.xml -cp "${cp}" org.apache.ranger.tagsync.process.TagSynchronizer > ${RANGER_TAGSYNC_LOG_DIR}/tagsync.out 2>&1 &
VALUE_OF_PID=$!
echo "Starting Apache Ranger Tagsync Service"
sleep $SLEEP_TIME_AFTER_START
diff --git a/tagsync/scripts/setup.py b/tagsync/scripts/setup.py
index 6ac30565f..fb6d69c33 100755
--- a/tagsync/scripts/setup.py
+++ b/tagsync/scripts/setup.py
@@ -101,6 +101,7 @@ TAG_SOURCE_FILE_ENABLED = 'ranger.tagsync.source.file'
hadoopConfFileName = 'core-site.xml'
ENV_HADOOP_CONF_FILE = "ranger-tagsync-env-hadoopconfdir.sh"
ENV_PID_FILE = 'ranger-tagsync-env-piddir.sh'
+ENV_CONF_FILE = 'ranger-tagsync-env-confdir.sh'
globalDict = {}
configure_security = False
@@ -488,10 +489,13 @@ def main():
write_env_files("RANGER_TAGSYNC_HADOOP_CONF_DIR", hadoop_conf, ENV_HADOOP_CONF_FILE)
write_env_files("TAGSYNC_PID_DIR_PATH", pid_dir_path, ENV_PID_FILE);
+ write_env_files("TAGSYNC_CONF_DIR", os.path.join(tagsyncBaseDirFullName,confBaseDirName), ENV_CONF_FILE)
os.chown(os.path.join(confBaseDirName, ENV_HADOOP_CONF_FILE),ownerId,groupId)
os.chmod(os.path.join(confBaseDirName, ENV_HADOOP_CONF_FILE),0o755)
os.chown(os.path.join(confBaseDirName, ENV_PID_FILE),ownerId,groupId)
os.chmod(os.path.join(confBaseDirName, ENV_PID_FILE),0o755)
+ os.chown(os.path.join(confBaseDirName, ENV_CONF_FILE),ownerId,groupId)
+ os.chmod(os.path.join(confBaseDirName, ENV_CONF_FILE),0o755)
f = open(os.path.join(confBaseDirName, ENV_PID_FILE), "a+")
f.write("\nexport {0}={1}".format("UNIX_TAGSYNC_USER",unix_user))
[ranger] 01/02: RANGER-4157: fixed handling of implicit addition of expression condition
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 2dbac18e01f83830558eccb18500f3c57923ae3d
Author: Madhan Neethiraj <ma...@apache.org>
AuthorDate: Tue Mar 28 12:47:49 2023 -0700
RANGER-4157: fixed handling of implicit addition of expression condition
(cherry picked from commit e89016cc581379b5c98f99de202c967f503dcfe3)
---
.../ranger/service/RangerServiceDefService.java | 64 ----------------------
.../service/RangerServiceDefServiceBase.java | 63 +++++++++++++++++++++
2 files changed, 63 insertions(+), 64 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
index 328d8baa6..7d363c4c7 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
@@ -18,19 +18,14 @@
package org.apache.ranger.service;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
-import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.entity.XXServiceDef;
-import org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator;
import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
-import org.apache.ranger.plugin.util.ServiceDefUtil;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Service;
@@ -38,12 +33,6 @@ import org.springframework.stereotype.Service;
@Service
@Scope("singleton")
public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServiceDef, RangerServiceDef> {
- public static final String PROP_ENABLE_IMPLICIT_CONDITION_EXPRESSION = "ranger.servicedef.enableImplicitConditionExpression";
- public static final String IMPLICIT_CONDITION_EXPRESSION_EVALUATOR = RangerScriptConditionEvaluator.class.getCanonicalName();
- public static final String IMPLICIT_CONDITION_EXPRESSION_NAME = "_expression";
- public static final String IMPLICIT_CONDITION_EXPRESSION_LABEL = "Enter boolean expression";
- public static final String IMPLICIT_CONDITION_EXPRESSION_DESC = "Boolean expression";
-
private final RangerAdminConfig config;
public RangerServiceDefService() {
@@ -83,8 +72,6 @@ public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServi
ret.setOptions(serviceDefOptions);
}
- addImplicitConditionExpressionIfNeeded(ret);
-
return ret;
}
@@ -102,55 +89,4 @@ public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServi
public RangerServiceDef getPopulatedViewObject(XXServiceDef xServiceDef) {
return this.populateViewBean(xServiceDef);
}
-
-
- boolean addImplicitConditionExpressionIfNeeded(RangerServiceDef serviceDef) {
- boolean ret = false;
- boolean implicitConditionDefault = PropertiesUtil.getBooleanProperty(PROP_ENABLE_IMPLICIT_CONDITION_EXPRESSION, true);
- boolean implicitConditionEnabled = ServiceDefUtil.getBooleanValue(serviceDef.getOptions(), RangerServiceDef.OPTION_ENABLE_IMPLICIT_CONDITION_EXPRESSION, implicitConditionDefault);
-
- if (implicitConditionEnabled) {
- boolean exists = false;
- Long maxItemId = 0L;
- List<RangerPolicyConditionDef> conditionDefs = serviceDef.getPolicyConditions();
-
- if (conditionDefs == null) {
- conditionDefs = new ArrayList<>();
- }
-
- for (RangerPolicyConditionDef conditionDef : conditionDefs) {
- if (StringUtils.equalsIgnoreCase(conditionDef.getEvaluator(), IMPLICIT_CONDITION_EXPRESSION_EVALUATOR)) {
- exists = true;
-
- break;
- }
-
- if (conditionDef.getItemId() != null && maxItemId < conditionDef.getItemId()) {
- maxItemId = conditionDef.getItemId();
- }
- }
-
- if (!exists) {
- RangerPolicyConditionDef conditionDef = new RangerPolicyConditionDef();
- Map<String, String> options = new HashMap<>();
-
- options.put("ui.isMultiline", "true");
-
- conditionDef.setItemId(maxItemId + 1);
- conditionDef.setName(IMPLICIT_CONDITION_EXPRESSION_NAME);
- conditionDef.setLabel(IMPLICIT_CONDITION_EXPRESSION_LABEL);
- conditionDef.setDescription(IMPLICIT_CONDITION_EXPRESSION_DESC);
- conditionDef.setEvaluator(IMPLICIT_CONDITION_EXPRESSION_EVALUATOR);
- conditionDef.setEvaluatorOptions(options);
-
- conditionDefs.add(conditionDef);
-
- serviceDef.setPolicyConditions(conditionDefs);
-
- ret = true;
- }
- }
-
- return ret;
- }
}
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
index 656bc0184..91d5f26bc 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
@@ -31,11 +31,13 @@ import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.JSONUtil;
import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.SearchField;
import org.apache.ranger.common.SortField;
import org.apache.ranger.common.SearchField.DATA_TYPE;
import org.apache.ranger.common.SearchField.SEARCH_TYPE;
import org.apache.ranger.entity.*;
+import org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
@@ -60,6 +62,11 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDefBase, V
private static final String OPTION_RESOURCE_ACCESS_TYPE_RESTRICTIONS = "__accessTypeRestrictions";
private static final String OPTION_RESOURCE_IS_VALID_LEAF = "__isValidLeaf";
+ public static final String PROP_ENABLE_IMPLICIT_CONDITION_EXPRESSION = "ranger.servicedef.enableImplicitConditionExpression";
+ public static final String IMPLICIT_CONDITION_EXPRESSION_EVALUATOR = RangerScriptConditionEvaluator.class.getCanonicalName();
+ public static final String IMPLICIT_CONDITION_EXPRESSION_NAME = "_expression";
+ public static final String IMPLICIT_CONDITION_EXPRESSION_LABEL = "Enter boolean expression";
+ public static final String IMPLICIT_CONDITION_EXPRESSION_DESC = "Boolean expression";
@Autowired
RangerAuditFields<?> rangerAuditFields;
@@ -201,6 +208,8 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDefBase, V
serviceDef.setDataMaskDef(dataMaskDef);
serviceDef.setRowFilterDef(rowFilterDef);
+ addImplicitConditionExpressionIfNeeded(serviceDef);
+
ServiceDefUtil.normalize(serviceDef);
return serviceDef;
@@ -707,4 +716,58 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDefBase, V
return ret;
}
+
+ boolean addImplicitConditionExpressionIfNeeded(RangerServiceDef serviceDef) {
+ boolean ret = false;
+ boolean implicitConditionDefault = PropertiesUtil.getBooleanProperty(PROP_ENABLE_IMPLICIT_CONDITION_EXPRESSION, true);
+ boolean implicitConditionEnabled = ServiceDefUtil.getBooleanValue(serviceDef.getOptions(), RangerServiceDef.OPTION_ENABLE_IMPLICIT_CONDITION_EXPRESSION, implicitConditionDefault);
+
+ if (implicitConditionEnabled) {
+ boolean exists = false;
+ Long maxItemId = 0L;
+ List<RangerPolicyConditionDef> conditionDefs = serviceDef.getPolicyConditions();
+
+ if (conditionDefs == null) {
+ conditionDefs = new ArrayList<>();
+ }
+
+ for (RangerPolicyConditionDef conditionDef : conditionDefs) {
+ if (StringUtils.equalsIgnoreCase(conditionDef.getEvaluator(), IMPLICIT_CONDITION_EXPRESSION_EVALUATOR)) {
+ exists = true;
+
+ break;
+ }
+
+ if (conditionDef.getItemId() != null && maxItemId < conditionDef.getItemId()) {
+ maxItemId = conditionDef.getItemId();
+ }
+ }
+
+ if (!exists) {
+ RangerPolicyConditionDef conditionDef = new RangerPolicyConditionDef();
+ Map<String, String> options = new HashMap<>();
+
+ options.put("ui.isMultiline", "true");
+
+ conditionDef.setItemId(maxItemId + 1);
+ conditionDef.setName(IMPLICIT_CONDITION_EXPRESSION_NAME);
+ conditionDef.setLabel(IMPLICIT_CONDITION_EXPRESSION_LABEL);
+ conditionDef.setDescription(IMPLICIT_CONDITION_EXPRESSION_DESC);
+ conditionDef.setEvaluator(IMPLICIT_CONDITION_EXPRESSION_EVALUATOR);
+ conditionDef.setEvaluatorOptions(options);
+
+ conditionDefs.add(conditionDef);
+
+ serviceDef.setPolicyConditions(conditionDefs);
+
+ ret = true;
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("addImplicitConditionExpressionIfNeeded(serviceType={}): implicitConditionDefault={}, implicitConditionEnabled={}, conditionDefs={}, ret={}", serviceDef.getName(), implicitConditionDefault, implicitConditionEnabled, serviceDef.getPolicyConditions(), ret);
+ }
+
+ return ret;
+ }
}