You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2014/12/20 02:27:27 UTC
[1/4] incubator-ranger git commit: RANGER-203: Framework to extend
Ranger security to new components in a pluggable way
Repository: incubator-ranger
Updated Branches:
refs/heads/stack 06ca85385 -> 2242c4418
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
new file mode 100644
index 0000000..da20ba2
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
@@ -0,0 +1,354 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store.file;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.UUID;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.FSDataInputStream;
+import org.apache.hadoop.fs.FSDataOutputStream;
+import org.apache.hadoop.fs.FileStatus;
+import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.fs.PathFilter;
+import org.apache.ranger.plugin.model.RangerBaseModelObject;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+
+public class BaseFileStore {
+ private static final Log LOG = LogFactory.getLog(BaseFileStore.class);
+
+ private Gson gsonBuilder = null;
+ private String dataDir = null;
+
+ protected static String FILE_PREFIX_SERVICE_DEF = "ranger-servicedef-";
+ protected static String FILE_PREFIX_SERVICE = "ranger-service-";
+ protected static String FILE_PREFIX_POLICY = "ranger-policy-";
+ protected static String FILE_SUFFIX_JSON = ".json";
+
+
+ protected void init() {
+ dataDir = System.getProperty("org.apache.ranger.datastore.dir", "/etc/ranger/data"); // TODO: read from configuration
+
+ try {
+ gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
+ } catch(Throwable excp) {
+ LOG.fatal("BaseFileStore.init(): failed to create GsonBuilder object", excp);
+ }
+ }
+
+ protected String getDataDir() {
+ return dataDir;
+ }
+
+ protected String getServiceDefFile(Long id) {
+ String filePath = dataDir + Path.SEPARATOR + FILE_PREFIX_SERVICE_DEF + id + FILE_SUFFIX_JSON;
+
+ return filePath;
+ }
+
+ protected String getServiceFile(Long id) {
+ String filePath = dataDir + Path.SEPARATOR + FILE_PREFIX_SERVICE + id + FILE_SUFFIX_JSON;
+
+ return filePath;
+ }
+
+ protected String getPolicyFile(Long serviceId, Long policyId) {
+ String filePath = dataDir + Path.SEPARATOR + FILE_PREFIX_POLICY + serviceId + "-" + policyId + FILE_SUFFIX_JSON;
+
+ return filePath;
+ }
+
+ protected <T> T loadFromResource(String resource, Class<T> cls) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> BaseFileStore.loadFromResource(" + resource + ")");
+ }
+
+ InputStream inStream = this.getClass().getResourceAsStream(resource);
+
+ T ret = loadFromStream(inStream, cls);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== BaseFileStore.loadFromResource(" + resource + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected <T> T loadFromStream(InputStream inStream, Class<T> cls) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> BaseFileStore.loadFromStream()");
+ }
+
+ InputStreamReader reader = new InputStreamReader(inStream);
+
+ T ret = gsonBuilder.fromJson(reader, cls);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== BaseFileStore.loadFromStream(): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected <T> T loadFromFile(Path filePath, Class<T> cls) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> BaseFileStore.loadFromFile(" + filePath + ")");
+ }
+
+ T ret = null;
+ InputStreamReader reader = null;
+
+ try {
+ FileSystem fileSystem = getFileSystem(filePath);
+ FSDataInputStream inStream = fileSystem.open(filePath);
+
+ ret = loadFromStream(inStream, cls);
+ } finally {
+ close(reader);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== BaseFileStore.loadFromFile(" + filePath + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected <T> List<T> loadFromDir(Path dirPath, final String filePrefix, Class<T> cls) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> BaseFileStore.loadFromDir()");
+ }
+
+ List<T> ret = new ArrayList<T>();
+
+ try {
+ FileSystem fileSystem = getFileSystem(dirPath);
+
+ if(fileSystem.exists(dirPath) && fileSystem.isDirectory(dirPath)) {
+ PathFilter filter = new PathFilter() {
+ @Override
+ public boolean accept(Path path) {
+ return path.getName().startsWith(filePrefix) &&
+ path.getName().endsWith(FILE_SUFFIX_JSON);
+ }
+ };
+
+ FileStatus[] sdFiles = fileSystem.listStatus(dirPath, filter);
+
+ if(sdFiles != null) {
+ for(FileStatus sdFile : sdFiles) {
+ T obj = loadFromFile(sdFile.getPath(), cls);
+
+ if(obj != null) {
+ ret.add(obj);
+ }
+ }
+ }
+ } else {
+ LOG.error(dirPath + ": does not exists or not a directory");
+ }
+ } catch(IOException excp) {
+ LOG.warn("error loading service-def in directory " + dirPath, excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== BaseFileStore.loadFromDir(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ protected <T> T saveToFile(T obj, Path filePath, boolean overWrite) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> BaseFileStore.saveToFile(" + filePath + ")");
+ }
+
+ OutputStreamWriter writer = null;
+
+ try {
+ FileSystem fileSystem = getFileSystem(filePath);
+ FSDataOutputStream outStream = fileSystem.create(filePath, overWrite);
+
+ writer = new OutputStreamWriter(outStream);
+
+ gsonBuilder.toJson(obj, writer);
+ } finally {
+ close(writer);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== BaseFileStore.saveToFile(" + filePath + "): " + obj);
+ }
+
+ return obj;
+ }
+
+ protected boolean deleteFile(Path filePath) throws Exception {
+ LOG.debug("==> BaseFileStore.deleteFile(" + filePath + ")");
+
+ FileSystem fileSystem = getFileSystem(filePath);
+
+ boolean ret = false;
+
+ if(fileSystem.exists(filePath)) {
+ ret = fileSystem.delete(filePath, false);
+ } else {
+ ret = true; // nothing to delete
+ }
+
+ LOG.debug("<== BaseFileStore.deleteFile(" + filePath + "): " + ret);
+
+ return ret;
+ }
+
+ protected boolean renamePath(Path oldPath, Path newPath) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> BaseFileStore.renamePath(" + oldPath + "," + newPath + ")");
+ }
+
+ FileSystem fileSystem = getFileSystem(oldPath);
+
+ boolean ret = false;
+
+ if(fileSystem.exists(oldPath)) {
+ if(! fileSystem.exists(newPath)) {
+ ret = fileSystem.rename(oldPath, newPath);
+ } else {
+ LOG.warn("target of rename '" + newPath + "' already exists");
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== BaseFileStore.renamePath(" + oldPath + "," + newPath + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected long getMaxId(List<? extends RangerBaseModelObject> objs) {
+ long ret = -1;
+
+ if(objs != null) {
+ for(RangerBaseModelObject obj : objs) {
+ if(obj.getId() > ret) {
+ ret = obj.getId();
+ }
+ }
+ }
+
+ return ret;
+ }
+ protected FileSystem getFileSystem(Path filePath) throws Exception {
+ Configuration conf = new Configuration();
+ FileSystem fileSystem = filePath.getFileSystem(conf);
+
+ return fileSystem;
+ }
+
+ protected void close(FileSystem fs) {
+ if(fs != null) {
+ try {
+ fs.close();
+ } catch(IOException excp) {
+ // ignore
+ }
+ }
+ }
+
+ protected void close(InputStreamReader reader) {
+ if(reader != null) {
+ try {
+ reader.close();
+ } catch(IOException excp) {
+ // ignore
+ }
+ }
+ }
+
+ protected void close(OutputStreamWriter writer) {
+ if(writer != null) {
+ try {
+ writer.close();
+ } catch(IOException excp) {
+ // ignore
+ }
+ }
+ }
+
+ protected void preCreate(RangerBaseModelObject obj) {
+ obj.setId(new Long(0));
+ obj.setGuid(UUID.randomUUID().toString());
+ obj.setCreateTime(new Date());
+ obj.setUpdateTime(obj.getCreateTime());
+ obj.setVersion(new Long(1));
+ }
+
+ protected void postCreate(RangerBaseModelObject obj) {
+ // TODO:
+ }
+
+ protected void preUpdate(RangerBaseModelObject obj) {
+ if(obj.getId() == null) {
+ obj.setId(new Long(0));
+ }
+
+ if(obj.getGuid() == null) {
+ obj.setGuid(UUID.randomUUID().toString());
+ }
+
+ if(obj.getCreateTime() == null) {
+ obj.setCreateTime(new Date());
+ }
+
+ Long version = obj.getVersion();
+
+ if(version == null) {
+ version = new Long(1);
+ } else {
+ version = new Long(version.longValue() + 1);
+ }
+
+ obj.setVersion(version);
+ obj.setUpdateTime(new Date());
+ }
+
+ protected void postUpdate(RangerBaseModelObject obj) {
+ // TODO:
+ }
+
+ protected void preDelete(RangerBaseModelObject obj) {
+ // TODO:
+ }
+
+ protected void postDelete(RangerBaseModelObject obj) {
+ // TODO:
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceDefFileStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceDefFileStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceDefFileStore.java
new file mode 100644
index 0000000..08c253f
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceDefFileStore.java
@@ -0,0 +1,357 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store.file;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.fs.Path;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.store.ServiceDefStore;
+
+
+public class ServiceDefFileStore extends BaseFileStore implements ServiceDefStore {
+ private static final Log LOG = LogFactory.getLog(ServiceDefFileStore.class);
+
+ private List<RangerServiceDef> serviceDefs = null;
+ private long nextServiceDefId = 0;
+
+ static Map<String, Long> legacyServiceTypes = new HashMap<String, Long>();
+
+ static {
+ legacyServiceTypes.put("hdfs", new Long(1));
+ legacyServiceTypes.put("hbase", new Long(2));
+ legacyServiceTypes.put("hive", new Long(3));
+ legacyServiceTypes.put("knox", new Long(5));
+ legacyServiceTypes.put("storm", new Long(6));
+ }
+
+ public ServiceDefFileStore() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.ServiceDefManagerFile()");
+ }
+
+ init();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.ServiceDefManagerFile()");
+ }
+ }
+
+ @Override
+ public RangerServiceDef create(RangerServiceDef serviceDef) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.create(" + serviceDef + ")");
+ }
+
+ RangerServiceDef existing = findServiceDefByName(serviceDef.getName());
+
+ if(existing != null) {
+ throw new Exception(serviceDef.getName() + ": service-def already exists (id=" + existing.getId() + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ try {
+ preCreate(serviceDef);
+
+ serviceDef.setId(nextServiceDefId++);
+
+ Path filePath = new Path(getServiceDefFile(serviceDef.getId()));
+
+ ret = saveToFile(serviceDef, filePath, false);
+
+ addServiceDef(ret);
+
+ postCreate(ret);
+ } catch(Exception excp) {
+ LOG.warn("ServiceDefFileStore.create(): failed to save service-def '" + serviceDef.getName() + "'", excp);
+
+ throw new Exception("failed to save service-def '" + serviceDef.getName() + "'", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.create(" + serviceDef + ")");
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerServiceDef update(RangerServiceDef serviceDef) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.update(" + serviceDef + ")");
+ }
+
+ RangerServiceDef existing = findServiceDefById(serviceDef.getId());
+
+ if(existing == null) {
+ throw new Exception(serviceDef.getId() + ": service-def does not exist");
+ }
+
+ if(isLegacyServiceType(existing)) {
+ String msg = existing.getName() + ": is an in-built service-def. Update not allowed";
+
+ LOG.warn(msg);
+
+ throw new Exception(msg);
+ }
+
+ String existingName = existing.getName();
+
+ boolean renamed = !serviceDef.getName().equalsIgnoreCase(existingName);
+
+ // renaming service-def would require updating services that refer to this service-def
+ if(renamed) {
+ LOG.warn("ServiceDefFileStore.update(): service-def renaming not supported. " + existingName + " ==> " + serviceDef.getName());
+
+ throw new Exception("service-def renaming not supported. " + existingName + " ==> " + serviceDef.getName());
+ }
+
+ RangerServiceDef ret = null;
+
+ try {
+ existing.updateFrom(serviceDef);
+
+ preUpdate(existing);
+
+ Path filePath = new Path(getServiceDefFile(existing.getId()));
+
+ ret = saveToFile(existing, filePath, true);
+
+ postUpdate(ret);
+ } catch(Exception excp) {
+ LOG.warn("ServiceDefFileStore.update(): failed to save service-def '" + existing.getName() + "'", excp);
+
+ throw new Exception("failed to save service-def '" + existing.getName() + "'", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.update(" + serviceDef + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void delete(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.delete(" + id + ")");
+ }
+
+ RangerServiceDef existing = findServiceDefById(id);
+
+ if(existing == null) {
+ throw new Exception("service-def does not exist. id=" + id);
+ }
+
+ if(isLegacyServiceType(existing)) {
+ String msg = existing.getName() + ": is an in-built service-def. Update not allowed";
+
+ LOG.warn(msg);
+
+ throw new Exception(msg);
+ }
+
+ // TODO: deleting service-def would require deleting services that refer to this service-def
+
+ try {
+ preDelete(existing);
+
+ Path filePath = new Path(getServiceDefFile(id));
+
+ deleteFile(filePath);
+
+ removeServiceDef(existing);
+
+ postDelete(existing);
+ } catch(Exception excp) {
+ throw new Exception("failed to delete service-def. id=" + id + "; name=" + existing.getName(), excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.delete(" + id + ")");
+ }
+ }
+
+ @Override
+ public RangerServiceDef get(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.get(" + id + ")");
+ }
+
+ RangerServiceDef ret = findServiceDefById(id);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.get(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerServiceDef getByName(String name) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.getByName(" + name + ")");
+ }
+
+ RangerServiceDef ret = findServiceDefByName(name);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.getByName(" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerServiceDef> getAll() throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.getAll()");
+ }
+
+ List<RangerServiceDef> ret = serviceDefs;
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.getAll(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ @Override
+ protected void init() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.init()");
+ }
+
+ super.init();
+
+ try {
+ serviceDefs = new ArrayList<RangerServiceDef>();
+
+ // load definitions for legacy services from embedded resources
+ String[] legacyServiceDefResources = {
+ "/service-defs/ranger-servicedef-hdfs.json",
+ "/service-defs/ranger-servicedef-hive.json",
+ "/service-defs/ranger-servicedef-hbase.json",
+ "/service-defs/ranger-servicedef-knox.json",
+ "/service-defs/ranger-servicedef-storm.json",
+ };
+
+ for(String resource : legacyServiceDefResources) {
+ RangerServiceDef sd = loadFromResource(resource, RangerServiceDef.class);
+
+ if(sd != null) {
+ serviceDefs.add(sd);
+ }
+ }
+ nextServiceDefId = getMaxId(serviceDefs) + 1;
+
+ // load service definitions from file system
+ List<RangerServiceDef> sds = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE_DEF, RangerServiceDef.class);
+
+ if(sds != null) {
+ for(RangerServiceDef sd : sds) {
+ if(sd != null) {
+ if(isLegacyServiceType(sd)) {
+ LOG.warn("Found in-built service-def '" + sd.getName() + "' under " + getDataDir() + ". Ignorning");
+
+ continue;
+ }
+
+ RangerServiceDef existingSd = findServiceDefByName(sd.getName());
+
+ if(existingSd != null) {
+ removeServiceDef(existingSd);
+ }
+
+ existingSd = findServiceDefById(sd.getId());
+
+ if(existingSd != null) {
+ removeServiceDef(existingSd);
+ }
+
+ serviceDefs.add(sd);
+ }
+ }
+ }
+ nextServiceDefId = getMaxId(serviceDefs) + 1;
+ } catch(Exception excp) {
+ LOG.error("ServiceDefFileStore.init(): failed to read service-defs", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.init()");
+ }
+ }
+
+ private RangerServiceDef findServiceDefById(long id) {
+ RangerServiceDef ret = null;
+
+ for(RangerServiceDef sd : serviceDefs) {
+ if(sd != null && sd.getId() != null && sd.getId().longValue() == id) {
+ ret = sd;
+
+ break;
+ }
+ }
+
+ return ret;
+ }
+
+ private RangerServiceDef findServiceDefByName(String sdName) {
+ RangerServiceDef ret = null;
+
+ for(RangerServiceDef sd : serviceDefs) {
+ if(sd != null && sd.getName() != null && sd.getName().equalsIgnoreCase(sdName)) {
+ ret = sd;
+
+ break;
+ }
+ }
+
+ return ret;
+ }
+
+ private void addServiceDef(RangerServiceDef sd) {
+ serviceDefs.add(sd);
+ }
+
+ private void removeServiceDef(RangerServiceDef sd) {
+ serviceDefs.remove(sd);
+ }
+
+ private boolean isLegacyServiceType(RangerServiceDef sd) {
+ return sd == null ? false : (isLegacyServiceType(sd.getName()) || isLegacyServiceType(sd.getId()));
+ }
+
+ private boolean isLegacyServiceType(String name) {
+ return name == null ? false : legacyServiceTypes.containsKey(name);
+ }
+
+ private boolean isLegacyServiceType(Long id) {
+ return id == null ? false : legacyServiceTypes.containsValue(id);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
new file mode 100644
index 0000000..789cc3a
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
@@ -0,0 +1,577 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store.file;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.fs.Path;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.store.ServiceStore;
+
+
+public class ServiceFileStore extends BaseFileStore implements ServiceStore {
+ private static final Log LOG = LogFactory.getLog(ServiceFileStore.class);
+
+ private long nextServiceId = 0;
+ private long nextPolicyId = 0;
+
+ public ServiceFileStore() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.ServiceManagerFile()");
+ }
+
+ init();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.ServiceManagerFile()");
+ }
+ }
+
+ @Override
+ public RangerService create(RangerService service) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.create(" + service + ")");
+ }
+
+ RangerService existing = getByName(service.getName());
+
+ if(existing != null) {
+ throw new Exception("service already exists - '" + service.getName() + "'. ID=" + existing.getId());
+ }
+
+ RangerService ret = null;
+
+ try {
+ preCreate(service);
+
+ service.setId(nextServiceId++);
+
+ Path filePath = new Path(getServiceFile(service.getId()));
+
+ ret = saveToFile(service, filePath, false);
+
+ postCreate(service);
+ } catch(Exception excp) {
+ throw new Exception("failed to save service '" + service.getName() + "'", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.create(" + service + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerService update(RangerService service) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.update(" + service + ")");
+ }
+
+ RangerService existing = get(service.getId());
+
+ if(existing == null) {
+ throw new Exception("no service exists with ID=" + service.getId());
+ }
+
+ String existingName = existing.getName();
+
+ boolean renamed = !service.getName().equalsIgnoreCase(existingName);
+
+ if(renamed) {
+ RangerService newNameService = getByName(service.getName());
+
+ if(newNameService != null) {
+ throw new Exception("another service already exists with name '" + service.getName() + "'. ID=" + newNameService.getId());
+ }
+ }
+
+ RangerService ret = null;
+
+ try {
+ existing.updateFrom(service);
+
+ preUpdate(existing);
+
+ Path filePath = new Path(getServiceFile(existing.getId()));
+
+ ret = saveToFile(existing, filePath, true);
+
+ postUpdate(ret);
+
+ if(renamed) {
+ handleServiceRename(ret, existingName);
+ }
+ } catch(Exception excp) {
+ throw new Exception("failed to update service '" + existing.getName() + "'", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.update(" + service + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void delete(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.delete(" + id + ")");
+ }
+
+ RangerService existing = get(id);
+
+ if(existing == null) {
+ throw new Exception("no service exists with ID=" + id);
+ }
+
+ try {
+ Path filePath = new Path(getServiceFile(id));
+
+ preDelete(existing);
+
+ handleServiceDelete(existing);
+
+ deleteFile(filePath);
+
+ postDelete(existing);
+ } catch(Exception excp) {
+ throw new Exception("failed to delete service with ID=" + id, excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.delete(" + id + ")");
+ }
+ }
+
+ @Override
+ public RangerService get(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.get(" + id + ")");
+ }
+
+ RangerService ret = null;
+
+ try {
+ Path filePath = new Path(getServiceFile(id));
+
+ ret = loadFromFile(filePath, RangerService.class);
+ } catch(Exception excp) {
+ LOG.error("ServiceFileStore.get(" + id + "): failed to read service", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.get(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerService getByName(String name) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getByName(" + name + ")");
+ }
+
+ RangerService ret = null;
+
+ try {
+ List<RangerService> services = getAll();
+
+ if(services != null) {
+ for(RangerService service : services) {
+ if(service.getName().equalsIgnoreCase(name)) {
+ ret = service;
+
+ break;
+ }
+ }
+ }
+ } catch(Exception excp) {
+ LOG.error("ServiceFileStore.getByName(" + name + "): failed to read service", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getByName(" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerService> getAll() throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getAll()");
+ }
+
+ List<RangerService> ret = null;
+
+ try {
+ ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE, RangerService.class);
+ } catch(Exception excp) {
+ LOG.error("ServiceFileStore.getAll(): failed to read services", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getAll(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerPolicy createPolicy(RangerPolicy policy) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.createPolicy(" + policy + ")");
+ }
+
+ RangerService service = getByName(policy.getService());
+
+ if(service == null) {
+ throw new Exception("service does not exist - name=" + policy.getService());
+ }
+
+ RangerPolicy existing = getPolicyByName(policy.getService(), policy.getName());
+
+ if(existing != null) {
+ throw new Exception("policy already exists: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName() + ". ID=" + existing.getId());
+ }
+
+ RangerPolicy ret = null;
+
+ try {
+ preCreate(policy);
+
+ policy.setId(nextPolicyId++);
+
+ Path filePath = new Path(getPolicyFile(service.getId(), policy.getId()));
+
+ ret = saveToFile(policy, filePath, false);
+
+ postCreate(ret);
+ } catch(Exception excp) {
+ throw new Exception("failed to save policy: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName(), excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.createPolicy(" + policy + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerPolicy updatePolicy(RangerPolicy policy) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.updatePolicy(" + policy + ")");
+ }
+
+ RangerPolicy existing = getPolicy(policy.getId());
+
+ if(existing == null) {
+ throw new Exception("no policy exists with ID=" + policy.getId());
+ }
+
+ RangerService service = getByName(policy.getService());
+
+ if(service == null) {
+ throw new Exception("service does not exist - name=" + policy.getService());
+ }
+
+ if(! existing.getService().equalsIgnoreCase(policy.getService())) {
+ throw new Exception("policy id=" + policy.getId() + " already exists in service " + existing.getService() + ". It can not be moved to service " + policy.getService());
+ }
+
+ boolean renamed = !policy.getName().equalsIgnoreCase(existing.getName());
+
+ if(renamed) {
+ RangerPolicy newNamePolicy = getPolicyByName(service.getName(), policy.getName());
+
+ if(newNamePolicy != null) {
+ throw new Exception("another policy already exists with name '" + policy.getName() + "'. ID=" + newNamePolicy.getId());
+ }
+ }
+
+ RangerPolicy ret = null;
+
+ try {
+ existing.updateFrom(policy);
+
+ preUpdate(existing);
+
+ Path filePath = new Path(getPolicyFile(service.getId(), existing.getId()));
+
+ ret = saveToFile(existing, filePath, true);
+
+ postUpdate(ret);
+ } catch(Exception excp) {
+ throw new Exception("failed to update policy - ID=" + existing.getId(), excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.updatePolicy(" + policy + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void deletePolicy(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.deletePolicy(" + id + ")");
+ }
+
+ RangerPolicy existing = getPolicy(id);
+
+ if(existing == null) {
+ throw new Exception("no policy exists with ID=" + id);
+ }
+
+ RangerService service = getByName(existing.getService());
+
+ if(service == null) {
+ throw new Exception("service does not exist - name='" + existing.getService());
+ }
+
+ try {
+ preDelete(existing);
+
+ Path filePath = new Path(getPolicyFile(service.getId(), existing.getId()));
+
+ deleteFile(filePath);
+
+ postDelete(existing);
+ } catch(Exception excp) {
+ throw new Exception(existing.getId() + ": failed to delete policy", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.deletePolicy(" + id + ")");
+ }
+ }
+
+ @Override
+ public RangerPolicy getPolicy(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getPolicy(" + id + ")");
+ }
+
+ RangerPolicy ret = null;
+
+ try {
+ List<RangerPolicy> policies = getAllPolicies();
+
+ if(policies != null) {
+ for(RangerPolicy policy : policies) {
+ if(policy.getId().equals(id)) {
+ ret = policy;
+
+ break;
+ }
+ }
+ }
+ } catch(Exception excp) {
+ throw new Exception(id + ": failed to read policy", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getPolicy(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerPolicy getPolicyByName(String serviceName, String policyName) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getPolicyByName(" + serviceName + ", " + policyName + ")");
+ }
+
+ RangerService service = getByName(serviceName);
+
+ if(service == null) {
+ throw new Exception("service does not exist - name='" + serviceName);
+ }
+
+ RangerPolicy ret = null;
+
+ try {
+ List<RangerPolicy> policies = getServicePolicies(service.getId());
+
+ if(policies != null) {
+ for(RangerPolicy policy : policies) {
+ if(policy.getName().equals(policyName)) {
+ ret = policy;
+
+ break;
+ }
+ }
+ }
+ } catch(Exception excp) {
+ LOG.error("ServiceFileStore.getPolicyByName(" + serviceName + ", " + policyName + "): failed to read policies", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getPolicyByName(" + serviceName + ", " + policyName + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getServicePolicies(String serviceName) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getPolicies(" + serviceName + ")");
+ }
+
+ RangerService service = getByName(serviceName);
+
+ if(service == null) {
+ throw new Exception("service does not exist - name='" + serviceName);
+ }
+
+ List<RangerPolicy> ret = new ArrayList<RangerPolicy>();
+
+ try {
+ List<RangerPolicy> policies = getAllPolicies();
+
+ if(policies != null) {
+ for(RangerPolicy policy : policies) {
+ if(policy.getService().equals(serviceName)) {
+ ret.add(policy);
+ }
+ }
+ }
+ } catch(Exception excp) {
+ LOG.error("ServiceFileStore.getPolicies(" + serviceName + "): failed to read policies", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getPolicies(" + serviceName + "): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getServicePolicies(Long serviceId) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getPolicies(" + serviceId + ")");
+ }
+
+ RangerService service = get(serviceId);
+
+ if(service == null) {
+ throw new Exception("service does not exist - id='" + serviceId);
+ }
+
+ List<RangerPolicy> ret = getServicePolicies(service.getName());
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getPolicies(" + serviceId + "): " + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getAllPolicies() throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getAllPolicies()");
+ }
+
+ List<RangerPolicy> ret = null;
+
+ try {
+ ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_POLICY, RangerPolicy.class);
+ } catch(Exception excp) {
+ LOG.error("ServiceFileStore.getAllPolicies(): failed to read policies", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getAllPolicies(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ @Override
+ protected void init() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.init()");
+ }
+
+ super.init();
+
+ try {
+ List<RangerService> services = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE, RangerService.class);
+ List<RangerPolicy> policies = loadFromDir(new Path(getDataDir()), FILE_PREFIX_POLICY, RangerPolicy.class);
+
+ nextServiceId = getMaxId(services) + 1;
+ nextPolicyId = getMaxId(policies) + 1;
+ } catch(Exception excp) {
+ LOG.error("ServiceDefFileStore.init() failed", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.init()");
+ }
+ }
+
+ private void handleServiceRename(RangerService service, String oldName) throws Exception {
+ List<RangerPolicy> policies = getAllPolicies();
+
+ if(policies != null) {
+ for(RangerPolicy policy : policies) {
+ if(policy.getService().equalsIgnoreCase(oldName)) {
+ policy.setService(service.getName());
+
+ preUpdate(policy);
+
+ Path filePath = new Path(getPolicyFile(service.getId(), policy.getId()));
+
+ saveToFile(policy, filePath, true);
+
+ postUpdate(policy);
+ }
+ }
+ }
+ }
+
+ private void handleServiceDelete(RangerService service) throws Exception {
+ List<RangerPolicy> policies = getServicePolicies(service.getName());
+
+ if(policies != null) {
+ for(RangerPolicy policy : policies) {
+ preDelete(policy);
+
+ Path filePath = new Path(getPolicyFile(service.getId(), policy.getId()));
+
+ deleteFile(filePath);
+
+ postDelete(policy);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
new file mode 100644
index 0000000..10b84bb
--- /dev/null
+++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
@@ -0,0 +1,51 @@
+{
+ "id":2,
+ "name":"hbase",
+ "implClass":"org.apache.ranger.services.hbase.RangerServiceHBase",
+ "label":"HBase",
+ "description":"HBase",
+ "guid":"d6cea1f0-2509-4791-8fc1-7b092399ba3b",
+ "createTime":"20141208-22:50:22.426--0800",
+ "updateTime":"20141208-22:50:22.426--0800",
+ "version":1,
+ "enums":
+ [
+ {
+ "name":"authnType",
+ "elements":
+ [
+ {"name":"simple","label":"Simple"},
+ {"name":"kerberos","label":"Kerberos"},
+ ],
+ "defaultIndex":0
+ }
+ ],
+ "configs":
+ [
+ {"name":"username","type":"string","mandatory":true,"label":"Username"},
+ {"name":"password","type":"password","mandatory":true,"label":"Password"},
+ {"name":"hadoop.security.authentication","type":"enum","subtype":"authnType","mandatory":true,"defaultValue":"simple"},
+ {"name":"hbase.master.kerberos.principal","type":"string","mandatory":false,"defaultValue":""},
+ {"name":"hbase.security.authentication","type":"enum","subtype":"authnType","mandatory":true,"defaultValue":"simple"},
+ {"name":"hbase.zookeeper.property.clientPort","type":"int","mandatory":true,"defaultValue":"2181"},
+ {"name":"hbase.zookeeper.quorum","type":"string","mandatory":true,"defaultValue":""},
+ {"name":"zookeeper.znode.parent","type":"string","mandatory":true,"defaultValue":"/hbase"}
+ ],
+ "resources":
+ [
+ {"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"label":"HBase Table","description":"HBase Table"},
+ {"name":"column-family","level":2,"parent":"table","mandatory":true,"lookupSupported":true,"label":"HBase Column-family","description":"HBase Column-family"},
+ {"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":false,"label":"HBase Column","description":"HBase Column"}
+ ],
+ "accessTypes":
+ [
+ {"name":"read","label":"Read"},
+ {"name":"write","label":"Write"},
+ {"name":"create","label":"Create"}
+ ],
+ "policyConditions":
+ [
+ {
+ }
+ ]
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
new file mode 100644
index 0000000..f8a90a2
--- /dev/null
+++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
@@ -0,0 +1,61 @@
+{
+ "id":1,
+ "name":"hdfs",
+ "implClass":"org.apache.ranger.services.hdfs.RangerServiceHdfs",
+ "label":"HDFS Repository",
+ "description":"HDFS Repository",
+ "guid":"0d047247-bafe-4cf8-8e9b-d5d377284b2d",
+ "createTime":"20141208-22:04:25.233--0800",
+ "updateTime":"20141208-22:04:25.233--0800",
+ "version":1,
+ "enums":
+ [
+ {
+ "name":"authnType",
+ "elements":
+ [
+ {"name":"simple","label":"Simple"},
+ {"name":"kerberos","label":"Kerberos"}
+ ],
+ "defaultIndex":0
+ },
+ {
+ "name":"rpcProtection",
+ "elements":
+ [
+ {"name":"authentication","label":"Authentication"},
+ {"name":"integrity","label":"Integrity"},
+ {"name":"privacy","label":"Privacy"}
+ ],
+ "defaultIndex":0
+ },
+ ],
+ "configs":
+ [
+ {"name":"username","type":"string","mandatory":true,"label":"Username"},
+ {"name":"password","type":"password","mandatory":true,"label":"Password"},
+ {"name":"hadoop.security.authorization","type":"bool","mandatory":true,"defaultValue":"false"},
+ {"name":"hadoop.security.authentication","type":"enum","subtype":"authnType","mandatory":true,"defaultValue":"simple"},
+ {"name":"hadoop.security.auth_to_local","type":"string","mandatory":false},
+ {"name":"dfs.datanode.kerberos.principal","type":"string","mandatory":false},
+ {"name":"dfs.namenode.kerberos.principal","type":"string","mandatory":false},
+ {"name":"dfs.secondary.namenode.kerberos.principal","type":"string","mandatory":false},
+ {"name":"hadoop.rpc.protection","type":"rpcProtection","mandatory":false,"defaultValue":"authentication"},
+ {"name":"certificate.cn","type":"string","mandatory":false,"label":"Common Name for Certificate"}
+ ],
+ "resources":
+ [
+ {"name":"path","level":1,"mandatory":true,"lookupSupported":true,"label":"Resource Path","description":"HDFS file or directory path"}
+ ],
+ "accessTypes":
+ [
+ {"name":"read","label":"Read"},
+ {"name":"write","label":"Write"},
+ {"name":"execute","label":"Execute"}
+ ],
+ "policyConditions":
+ [
+ {
+ }
+ ]
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json
new file mode 100644
index 0000000..c6df80c
--- /dev/null
+++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json
@@ -0,0 +1,45 @@
+{
+ "id":3,
+ "name":"hive",
+ "implClass":"org.apache.ranger.services.hive.RangerServiceHive",
+ "label":"Hive Server2",
+ "description":"Hive Server2",
+ "guid":"3e1afb5a-184a-4e82-9d9c-87a5cacc243c",
+ "createTime":"20141208-22:51:20.732--0800",
+ "updateTime":"20141208-22:51:20.732--0800",
+ "version":1,
+ "enums":
+ [
+ ],
+ "configs":
+ [
+ {"name":"username","type":"string","mandatory":true,"label":"Username"},
+ {"name":"password","type":"password","mandatory":true,"label":"Password"},
+ {"name":"jdbc.driverClassName","type":"string","mandatory":true,"defaultValue":"org.apache.hive.jdbc.HiveDriver"},
+ {"name":"jdbc.url","type":"string","mandatory":true,"defaultValue":""},
+ {"name":"certificate.cn","type":"string","mandatory":false,"label":"Common Name for Certificate"}
+ ],
+ "resources":
+ [
+ {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"label":"Hive Database","description":"Hive Database"},
+ {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"label":"Hive Table","description":"Hive Table"},
+ {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"label":"Hive UDF","description":"Hive UDF"},
+ {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"label":"Hive Column","description":"Hive Column"}
+ ],
+ "accessTypes":
+ [
+ {"name":"select","label":"select"},
+ {"name":"update","label":"update"},
+ {"name":"create","label":"Create"},
+ {"name":"drop","label":"Drop"},
+ {"name":"alter","label":"Alter"},
+ {"name":"index","label":"Index"},
+ {"name":"lock","label":"Lock"},
+ {"name":"all","label":"All"}
+ ],
+ "policyConditions":
+ [
+ {
+ }
+ ]
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json
new file mode 100644
index 0000000..81621e6
--- /dev/null
+++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json
@@ -0,0 +1,34 @@
+{
+ "id":5,
+ "name":"knox",
+ "implClass":"org.apache.ranger.services.knox.RangerServiceKnox",
+ "label":"Knox Gateway",
+ "description":"Knox Gateway",
+ "guid":"84b481b5-f23b-4f71-b8b6-ab33977149ca",
+ "createTime":"20141208-22:48:42.238--0800",
+ "updateTime":"20141208-22:48:42.238--0800",
+ "version":1,
+ "enums":
+ [
+ ],
+ "configs":
+ [
+ {"name":"username","type":"string","mandatory":true,"label":"Username"},
+ {"name":"password","type":"password","mandatory":true,"label":"Password"},
+ {"name":"knox.url","type":"string","mandatory":true,"defaultValue":""},
+ {"name":"certificate.cn","type":"string","mandatory":false,"label":"Common Name for Certificate"}
+ ],
+ "resources":
+ [
+ {"name":"topology","level":1,"mandatory":true,"lookupSupported":true,"label":"Knox Topology","description":"Knox Topology"},
+ {"name":"service","level":2,"parent":"topology","mandatory":true,"lookupSupported":true,"label":"Knox Service","description":"Knox Service"}
+ ],
+ "accessTypes":
+ [
+ {"name":"allow","label":"Allow"}
+ ],
+ "policyConditions":
+ [
+ {"name":"ip-range","evalClass":"org.apache.ranger.knox.IpRangeCondition","label":"IP Address Range","description":"IP Address Range"}
+ ]
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json
new file mode 100644
index 0000000..ed10459
--- /dev/null
+++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json
@@ -0,0 +1,46 @@
+{
+ "id":6,
+ "name":"storm",
+ "implClass":"org.apache.ranger.services.storm.RangerServiceStorm",
+ "label":"Storm",
+ "description":"Storm",
+ "guid":"2a60f427-edcf-4e20-834c-a9a267b5b963",
+ "createTime":"20141208-22:55:47.095--0800",
+ "updateTime":"20141208-22:55:47.095--0800",
+ "version":1,
+ "enums":
+ [
+ ],
+ "configs":
+ [
+ {"name":"username","type":"string","mandatory":true,"label":"Username"},
+ {"name":"password","type":"password","mandatory":true,"label":"Password"},
+ {"name":"nimbus.url","type":"string","mandatory":true,"defaultValue":"","label":"Nimbus URL"},
+ {"name":"certificate.cn","type":"string","mandatory":false,"label":"Common Name for Certificate"}
+ ],
+ "resources":
+ [
+ {"name":"topology","level":1,"mandatory":true,"lookupSupported":true,"label":"Storm Topology","description":"Storm Topology"}
+ ],
+ "accessTypes":
+ [
+ {"name":"topology-submit","label":"Submit Topology"},
+ {"name":"file-upload","label":"File Upload"},
+ {"name":"nimbus-conf-get","label":"Get Nimbus Conf"},
+ {"name":"cluster-conf-get","label":"Get Cluster Conf"},
+ {"name":"cluster-info-get","label":"Get Cluster Info"},
+ {"name":"file-download","label":"File Download"},
+ {"name":"topology-kill","label":"Kill Topology"},
+ {"name":"rebalance","label":"Rebalance"},
+ {"name":"activate","label":"Activate"},
+ {"name":"deactivate","label":"Deactivate"},
+ {"name":"topology-conf-get","label":"Get Topology Conf"},
+ {"name":"topology-get","label":"Get Topology"},
+ {"name":"topology-user-get","label":"Get User Topology"},
+ {"name":"topology-info-get","label":"Get Topology Info"},
+ {"name":"new-credential-upload","label":"Upload New Credential"}
+ ],
+ "policyConditions":
+ [
+ ]
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java b/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java
new file mode 100644
index 0000000..b2e12a1
--- /dev/null
+++ b/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java
@@ -0,0 +1,203 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.manager;
+
+import static org.junit.Assert.*;
+
+import java.util.List;
+
+import org.apache.ranger.plugin.manager.ServiceDefManager;
+import org.apache.ranger.plugin.manager.ServiceManager;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class TestServiceManager {
+ static ServiceDefManager sdMgr = null;
+ static ServiceManager svcMgr = null;
+
+ static String sdName = "HdfsTest";
+ static String serviceName = "HdfsTest-dev";
+ static String policyName = "testPolicy-1";
+
+ @BeforeClass
+ public static void setupTest() {
+ sdMgr = new ServiceDefManager();
+ svcMgr = new ServiceManager();
+ }
+
+ @Test
+ public void testServiceManager() throws Exception {
+ List<RangerServiceDef> sds = sdMgr.getAll();
+
+ int initSdCount = sds == null ? 0 : sds.size();
+
+ RangerServiceDef sd = new RangerServiceDef(sdName, "org.apache.ranger.services.TestService", "TestService", "test servicedef description", null, null, null, null, null);
+
+ RangerServiceDef createdSd = sdMgr.create(sd);
+ assertNotNull("createServiceDef() failed", createdSd != null);
+
+ sds = sdMgr.getAll();
+ assertEquals("createServiceDef() failed", initSdCount + 1, sds == null ? 0 : sds.size());
+
+ String updatedDescription = sd.getDescription() + ": updated";
+ createdSd.setDescription(updatedDescription);
+ RangerServiceDef updatedSd = sdMgr.update(createdSd);
+ assertNotNull("updateServiceDef(updatedDescription) failed", updatedSd);
+ assertEquals("updateServiceDef(updatedDescription) failed", updatedDescription, updatedSd.getDescription());
+
+ sds = sdMgr.getAll();
+ assertEquals("updateServiceDef(updatedDescription) failed", initSdCount + 1, sds == null ? 0 : sds.size());
+
+ String updatedName = sd.getName() + "-Renamed";
+ /*
+ updatedSd.setName(updatedName);
+ updatedSd = sdMgr.update(updatedSd);
+ assertNotNull("updateServiceDef(updatedName) failed", updatedSd);
+ assertEquals("updateServiceDef(updatedName) failed", updatedName, updatedSd.getName());
+
+ sds = getAllServiceDef();
+ assertEquals("updateServiceDef(updatedName) failed", initSdCount + 1, sds == null ? 0 : sds.size());
+ */
+
+ List<RangerService> services = svcMgr.getAll();
+
+ int initServiceCount = services == null ? 0 : services.size();
+
+ RangerService svc = new RangerService(sdName, serviceName, "test service description", Boolean.TRUE, null);
+
+ RangerService createdSvc = svcMgr.create(svc);
+ assertNotNull("createService() failed", createdSvc);
+
+ services = svcMgr.getAll();
+ assertEquals("createServiceDef() failed", initServiceCount + 1, services == null ? 0 : services.size());
+
+ updatedDescription = createdSvc.getDescription() + ": updated";
+ createdSvc.setDescription(updatedDescription);
+ RangerService updatedSvc = svcMgr.update(createdSvc);
+ assertNotNull("updateService(updatedDescription) failed", updatedSvc);
+ assertEquals("updateService(updatedDescription) failed", updatedDescription, updatedSvc.getDescription());
+
+ services = svcMgr.getAll();
+ assertEquals("updateService(updatedDescription) failed", initServiceCount + 1, services == null ? 0 : services.size());
+
+ updatedName = serviceName + "-Renamed";
+ updatedSvc.setName(updatedName);
+ updatedSvc = svcMgr.update(updatedSvc);
+ assertNotNull("updateService(updatedName) failed", updatedSvc);
+ assertEquals("updateService(updatedName) failed", updatedName, updatedSvc.getName());
+
+ services = svcMgr.getAll();
+ assertEquals("updateService(updatedName) failed", initServiceCount + 1, services == null ? 0 : services.size());
+
+ List<RangerPolicy> policies = svcMgr.getAllPolicies();
+
+ int initPolicyCount = policies == null ? 0 : policies.size();
+
+ RangerPolicy policy = new RangerPolicy(updatedSvc.getName(), policyName, "test policy description", Boolean.TRUE, null, null);
+ policy.getResources().add(new RangerPolicyResource("path", "/demo/test/finance", Boolean.FALSE, Boolean.TRUE));
+
+ RangerPolicyItem item1 = new RangerPolicyItem();
+ item1.getAccesses().add(new RangerPolicyItemAccess("read", Boolean.TRUE));
+ item1.getAccesses().add(new RangerPolicyItemAccess("write", Boolean.TRUE));
+ item1.getAccesses().add(new RangerPolicyItemAccess("execute", Boolean.TRUE));
+ item1.getUsers().add("admin");
+ item1.getGroups().add("finance");
+
+ RangerPolicyItem item2 = new RangerPolicyItem();
+ item2.getAccesses().add(new RangerPolicyItemAccess("read", Boolean.TRUE));
+ item2.getGroups().add("public");
+
+ policy.getPolicyItems().add(item1);
+ policy.getPolicyItems().add(item2);
+
+ RangerPolicy createdPolicy = svcMgr.createPolicy(policy);
+ assertNotNull(createdPolicy);
+ assertNotNull(createdPolicy.getPolicyItems());
+ assertEquals(createdPolicy.getPolicyItems().size(), 2);
+
+ RangerPolicyItem createItem1 = createdPolicy.getPolicyItems().get(0);
+ RangerPolicyItem createItem2 = createdPolicy.getPolicyItems().get(1);
+
+ assertNotNull(createItem1.getAccesses());
+ assertEquals(createItem1.getAccesses().size(), 3);
+ assertNotNull(createItem1.getUsers());
+ assertEquals(createItem1.getUsers().size(), 1);
+ assertNotNull(createItem1.getGroups());
+ assertEquals(createItem1.getGroups().size(), 1);
+
+ assertNotNull(createItem2.getAccesses());
+ assertEquals(createItem2.getAccesses().size(), 1);
+ assertNotNull(createItem2.getUsers());
+ assertEquals(createItem2.getUsers().size(), 0);
+ assertNotNull(createItem2.getGroups());
+ assertEquals(createItem2.getGroups().size(), 1);
+
+ policies = svcMgr.getAllPolicies();
+ assertEquals("createPolicy() failed", initPolicyCount + 1, policies == null ? 0 : policies.size());
+
+ updatedDescription = policy.getDescription() + ":updated";
+ createdPolicy.setDescription(updatedDescription);
+ RangerPolicy updatedPolicy = svcMgr.updatePolicy(createdPolicy);
+ assertNotNull("updatePolicy(updatedDescription) failed", updatedPolicy != null);
+
+ policies = svcMgr.getAllPolicies();
+ assertEquals("updatePolicy(updatedDescription) failed", initPolicyCount + 1, policies == null ? 0 : policies.size());
+
+ updatedName = policyName + "-Renamed";
+ updatedPolicy.setName(updatedName);
+ updatedPolicy = svcMgr.updatePolicy(updatedPolicy);
+ assertNotNull("updatePolicy(updatedName) failed", updatedPolicy);
+
+ policies = svcMgr.getAllPolicies();
+ assertEquals("updatePolicy(updatedName) failed", initPolicyCount + 1, policies == null ? 0 : policies.size());
+
+ // rename the service; all the policies for this service should reflect the new service name
+ updatedName = serviceName + "-Renamed2";
+ updatedSvc.setName(updatedName);
+ updatedSvc = svcMgr.update(updatedSvc);
+ assertNotNull("updateService(updatedName2) failed", updatedSvc);
+ assertEquals("updateService(updatedName2) failed", updatedName, updatedSvc.getName());
+
+ services = svcMgr.getAll();
+ assertEquals("updateService(updatedName2) failed", initServiceCount + 1, services == null ? 0 : services.size());
+
+ updatedPolicy = svcMgr.getPolicy(createdPolicy.getId());
+ assertNotNull("updateService(updatedName2) failed", updatedPolicy);
+ assertEquals("updateService(updatedName2) failed", updatedPolicy.getService(), updatedSvc.getName());
+
+ svcMgr.deletePolicy(policy.getId());
+ policies = svcMgr.getAllPolicies();
+ assertEquals("deletePolicy() failed", initPolicyCount, policies == null ? 0 : policies.size());
+
+ svcMgr.delete(svc.getId());
+ services = svcMgr.getAll();
+ assertEquals("deleteService() failed", initServiceCount, services == null ? 0 : services.size());
+
+ sdMgr.delete(sd.getId());
+ sds = sdMgr.getAll();
+ assertEquals("deleteServiceDef() failed", initSdCount, sds == null ? 0 : sds.size());
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 38590d5..6dc5247 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,6 +49,7 @@
<module>ugsync</module>
<module>unixauthclient</module>
<module>unixauthservice</module>
+ <module>plugin-common</module>
</modules>
<properties>
<antlr.version>3.5.2</antlr.version>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/security-admin/pom.xml
----------------------------------------------------------------------
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
index ba0e68b..264c53d 100644
--- a/security-admin/pom.xml
+++ b/security-admin/pom.xml
@@ -417,6 +417,11 @@
<artifactId>oracle-ojdbc6</artifactId>
<version>11.2.0.3.0</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>plugin-common</artifactId>
+ <version>0.4.0</version>
+ </dependency>
</dependencies>
<build>
<pluginManagement>
[2/4] incubator-ranger git commit: RANGER-203: Framework to extend
Ranger security to new components in a pluggable way
Posted by ma...@apache.org.
RANGER-203: Framework to extend Ranger security to new components in a pluggable way
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/e99d911d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/e99d911d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/e99d911d
Branch: refs/heads/stack
Commit: e99d911dc94fd70ad46e6c2e5568aa64d9eb1bab
Parents: 06ca853
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Thu Dec 18 14:47:56 2014 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu Dec 18 14:47:56 2014 -0800
----------------------------------------------------------------------
plugin-common/pom.xml | 42 +
.../plugin/manager/ServiceDefManager.java | 141 +++
.../ranger/plugin/manager/ServiceManager.java | 250 ++++
.../plugin/model/RangerBaseModelObject.java | 166 +++
.../ranger/plugin/model/RangerPolicy.java | 633 ++++++++++
.../ranger/plugin/model/RangerService.java | 190 +++
.../ranger/plugin/model/RangerServiceDef.java | 1146 ++++++++++++++++++
.../policyengine/RangerAccessRequest.java | 42 +
.../policyengine/RangerAccessRequestImpl.java | 98 ++
.../plugin/policyengine/RangerPolicyEngine.java | 32 +
.../policyengine/RangerPolicyEngineImpl.java | 114 ++
.../plugin/policyengine/RangerResource.java | 31 +
.../plugin/policyengine/RangerResourceImpl.java | 137 +++
.../ranger/plugin/store/ServiceDefStore.java | 38 +
.../ranger/plugin/store/ServiceStore.java | 56 +
.../ranger/plugin/store/file/BaseFileStore.java | 354 ++++++
.../plugin/store/file/ServiceDefFileStore.java | 357 ++++++
.../plugin/store/file/ServiceFileStore.java | 577 +++++++++
.../service-defs/ranger-servicedef-hbase.json | 51 +
.../service-defs/ranger-servicedef-hdfs.json | 61 +
.../service-defs/ranger-servicedef-hive.json | 45 +
.../service-defs/ranger-servicedef-knox.json | 34 +
.../service-defs/ranger-servicedef-storm.json | 46 +
.../plugin/manager/TestServiceManager.java | 203 ++++
pom.xml | 1 +
security-admin/pom.xml | 5 +
26 files changed, 4850 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/pom.xml
----------------------------------------------------------------------
diff --git a/plugin-common/pom.xml b/plugin-common/pom.xml
new file mode 100644
index 0000000..f0d4efe
--- /dev/null
+++ b/plugin-common/pom.xml
@@ -0,0 +1,42 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger</artifactId>
+ <version>0.4.0</version>
+ </parent>
+ <artifactId>plugin-common</artifactId>
+ <name>ranger-plugin-common</name>
+ <description>Ranger Plugin Common Library</description>
+ <dependencies>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-core-asl</artifactId>
+ <version>${codehaus.jackson.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-mapper-asl</artifactId>
+ <version>${codehaus.jackson.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>${log4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <version>${commons.logging.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-common</artifactId>
+ <version>${hadoop-common.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ </dependencies>
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceDefManager.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceDefManager.java b/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceDefManager.java
new file mode 100644
index 0000000..ce7dbf0
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceDefManager.java
@@ -0,0 +1,141 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.manager;
+
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.store.ServiceDefStore;
+import org.apache.ranger.plugin.store.file.ServiceDefFileStore;
+
+
+public class ServiceDefManager {
+ private static final Log LOG = LogFactory.getLog(ServiceDefManager.class);
+
+ private ServiceDefStore sdStore = null;
+
+ public ServiceDefManager() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefManager.ServiceDefManager()");
+ }
+
+ init();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefManager.ServiceDefManager()");
+ }
+ }
+
+ public RangerServiceDef create(RangerServiceDef serviceDef) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefManager.create(" + serviceDef + ")");
+ }
+
+ RangerServiceDef ret = sdStore.create(serviceDef);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefManager.create(" + serviceDef + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public RangerServiceDef update(RangerServiceDef serviceDef) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefManager.update(" + serviceDef + ")");
+ }
+
+ RangerServiceDef ret = sdStore.update(serviceDef);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefManager.update(" + serviceDef + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public void delete(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefManager.delete(" + id + ")");
+ }
+
+ sdStore.delete(id);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefManager.delete(" + id + ")");
+ }
+ }
+
+ public RangerServiceDef get(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefManager.get(" + id + ")");
+ }
+
+ RangerServiceDef ret = sdStore.get(id);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefManager.get(" + id + ")");
+ }
+
+ return ret;
+ }
+
+ public RangerServiceDef getByName(String name) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefManager.getByName(" + name + ")");
+ }
+
+ RangerServiceDef ret = sdStore.getByName(name);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefManager.getByName(" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public List<RangerServiceDef> getAll() throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefManager.getAll()");
+ }
+
+ List<RangerServiceDef> ret = sdStore.getAll();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefManager.getAll(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ private void init() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefManager.init()");
+ }
+
+ sdStore = new ServiceDefFileStore(); // TODO: store type should be configurable
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefManager.init()");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceManager.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceManager.java b/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceManager.java
new file mode 100644
index 0000000..7b947ea
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceManager.java
@@ -0,0 +1,250 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.manager;
+
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.store.ServiceStore;
+import org.apache.ranger.plugin.store.file.ServiceFileStore;
+
+
+public class ServiceManager {
+ private static final Log LOG = LogFactory.getLog(ServiceManager.class);
+
+ private ServiceStore svcStore = null;
+
+ public ServiceManager() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.ServiceManager()");
+ }
+
+ init();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.ServiceManager()");
+ }
+ }
+
+ public RangerService create(RangerService service) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.create(" + service + ")");
+ }
+
+ RangerService ret = svcStore.create(service);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.create(" + service + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public RangerService update(RangerService service) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.update(" + service + ")");
+ }
+
+ RangerService ret = svcStore.update(service);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.update(" + service + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public void delete(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.delete(" + id + ")");
+ }
+
+ svcStore.delete(id);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.delete(" + id + ")");
+ }
+ }
+
+ public RangerService get(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.get(" + id + ")");
+ }
+
+ RangerService ret = svcStore.get(id);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.get(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public RangerService getByName(String name) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.getByName(" + name + ")");
+ }
+
+ RangerService ret = svcStore.getByName(name);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.getByName(" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public List<RangerService> getAll() throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.getAll()");
+ }
+
+ List<RangerService> ret = svcStore.getAll();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.getAll(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ public void validateConfig(RangerService service) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.validateConfig(" + service + ")");
+ }
+
+ // TODO: call validateConfig() on the implClass
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.validateConfig(" + service + ")");
+ }
+ }
+
+ public RangerPolicy createPolicy(RangerPolicy policy) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.createPolicy(" + policy + ")");
+ }
+
+ RangerPolicy ret = svcStore.createPolicy(policy);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.createPolicy(" + policy + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public RangerPolicy updatePolicy(RangerPolicy policy) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.updatePolicy(" + policy + ")");
+ }
+
+ RangerPolicy ret = svcStore.updatePolicy(policy);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.updatePolicy(" + policy + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public void deletePolicy(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.deletePolicy(" + id + ")");
+ }
+
+ svcStore.deletePolicy(id);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.deletePolicy(" + id + ")");
+ }
+ }
+
+ public RangerPolicy getPolicy(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.getPolicy(" + id + ")");
+ }
+
+ RangerPolicy ret = svcStore.getPolicy(id);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.getPolicy(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public List<RangerPolicy> getPolicies(Long svcId) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.getPolicies(" + svcId + ")");
+ }
+
+ List<RangerPolicy> ret = svcStore.getServicePolicies(svcId);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.getPolicies(" + svcId + "): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ public RangerPolicy getPolicyByName(String svcName, String policyName) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.getPolicyByName(" + svcName + "," + policyName + ")");
+ }
+
+ RangerPolicy ret = svcStore.getPolicyByName(svcName, policyName);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.getPolicyByName(" + svcName + "," + policyName + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public List<RangerPolicy> getAllPolicies() throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.getAllPolicies()");
+ }
+
+ List<RangerPolicy> ret = svcStore.getAllPolicies();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== getAllPolicies.getAll(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ private void init() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceManager.init()");
+ }
+
+ svcStore = new ServiceFileStore(); // TODO: store type should be configurable
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceManager.init()");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java
new file mode 100644
index 0000000..85bbb3e
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java
@@ -0,0 +1,166 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.model;
+
+import java.util.Date;
+import java.util.Map;
+import java.util.UUID;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class RangerBaseModelObject implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private Long id = null;
+ private String guid = null;
+ private String createdBy = null;
+ private String updatedBy = null;
+ private Date createTime = null;
+ private Date updateTime = null;
+ private Long version = null;
+
+ /**
+ *
+ */
+ public RangerBaseModelObject() {
+ }
+
+ public void updateFrom(RangerBaseModelObject other) {
+ // Nothing to copy
+ }
+
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+ /**
+ * @param id the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+ /**
+ * @return the guid
+ */
+ public String getGuid() {
+ return guid;
+ }
+ /**
+ * @param guid the guid to set
+ */
+ public void setGuid(String guid) {
+ this.guid = guid;
+ }
+ /**
+ * @return the createdBy
+ */
+ public String getCreatedBy() {
+ return createdBy;
+ }
+ /**
+ * @param createdBy the createdBy to set
+ */
+ public void setCreatedBy(String createdBy) {
+ this.createdBy = createdBy;
+ }
+ /**
+ * @return the updatedBy
+ */
+ public String getUpdatedBy() {
+ return updatedBy;
+ }
+ /**
+ * @param updatedBy the updatedBy to set
+ */
+ public void setUpdatedBy(String updatedBy) {
+ this.updatedBy = updatedBy;
+ }
+ /**
+ * @return the createTime
+ */
+ public Date getCreateTime() {
+ return createTime;
+ }
+ /**
+ * @param createTime the createTime to set
+ */
+ public void setCreateTime(Date createTime) {
+ this.createTime = createTime;
+ }
+ /**
+ * @return the updateTime
+ */
+ public Date getUpdateTime() {
+ return updateTime;
+ }
+ /**
+ * @param updateTime the updateTime to set
+ */
+ public void setUpdateTime(Date updateTime) {
+ this.updateTime = updateTime;
+ }
+ /**
+ * @return the version
+ */
+ public Long getVersion() {
+ return version;
+ }
+ /**
+ * @param version the version to set
+ */
+ public void setVersion(Long version) {
+ this.version = version;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("id={").append(id).append("} ");
+ sb.append("guid={").append(guid).append("} ");
+ sb.append("createdBy={").append(createdBy).append("} ");
+ sb.append("updatedBy={").append(updatedBy).append("} ");
+ sb.append("createTime={").append(createTime).append("} ");
+ sb.append("updateTime={").append(updateTime).append("} ");
+ sb.append("version={").append(version).append("} ");
+
+ return sb;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
new file mode 100644
index 0000000..13a9c4d
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
@@ -0,0 +1,633 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.model;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class RangerPolicy extends RangerBaseModelObject implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String service = null;
+ private String name = null;
+ private String description = null;
+ private Boolean isEnabled = null;
+ private Boolean isAuditEnabled = null;
+ private List<RangerPolicyResource> resources = null;
+ private List<RangerPolicyItem> policyItems = null;
+
+
+ /**
+ * @param type
+ */
+ public RangerPolicy() {
+ this(null, null, null, null, null, null);
+ }
+
+ /**
+ * @param type
+ * @param name
+ * @param description
+ * @param isEnabled
+ * @param configs
+ */
+ public RangerPolicy(String service, String name, String description, Boolean isEnabled, List<RangerPolicyResource> resources, List<RangerPolicyItem> policyItems) {
+ super();
+
+ setService(service);
+ setName(name);
+ setDescription(description);
+ setIsEnabled(isEnabled);
+ setIsAuditEnabled(null);
+ setResources(resources);
+ setPolicyItems(policyItems);
+ }
+
+ public void updateFrom(RangerPolicy other) {
+ super.updateFrom(other);
+
+ setService(other.getService());
+ setName(other.getName());
+ setDescription(other.getDescription());
+ setIsEnabled(other.getIsEnabled());
+ setIsAuditEnabled(other.getIsAuditEnabled());
+ setResources(other.getResources());
+ setPolicyItems(other.getPolicyItems());
+ }
+
+ /**
+ * @return the type
+ */
+ public String getService() {
+ return service;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setService(String service) {
+ this.service = service;
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * @param description the description to set
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * @return the isEnabled
+ */
+ public Boolean getIsEnabled() {
+ return isEnabled;
+ }
+
+ /**
+ * @param isEnabled the isEnabled to set
+ */
+ public void setIsEnabled(Boolean isEnabled) {
+ this.isEnabled = isEnabled == null ? Boolean.TRUE : isEnabled;
+ }
+
+ /**
+ * @return the isAuditEnabled
+ */
+ public Boolean getIsAuditEnabled() {
+ return isAuditEnabled;
+ }
+
+ /**
+ * @param isEnabled the isEnabled to set
+ */
+ public void setIsAuditEnabled(Boolean isAuditEnabled) {
+ this.isAuditEnabled = isAuditEnabled == null ? Boolean.TRUE : isAuditEnabled;
+ }
+
+ /**
+ * @return the resources
+ */
+ public List<RangerPolicyResource> getResources() {
+ return resources;
+ }
+
+ /**
+ * @param configs the resources to set
+ */
+ public void setResources(List<RangerPolicyResource> resources) {
+ this.resources = new ArrayList<RangerPolicyResource>();
+
+ if(resources != null) {
+ for(RangerPolicyResource resource : resources) {
+ this.resources.add(resource);
+ }
+ }
+ }
+
+ /**
+ * @return the policyItems
+ */
+ public List<RangerPolicyItem> getPolicyItems() {
+ return policyItems;
+ }
+
+ /**
+ * @param policyItems the policyItems to set
+ */
+ public void setPolicyItems(List<RangerPolicyItem> policyItems) {
+ this.policyItems = new ArrayList<RangerPolicyItem>();
+
+ if(policyItems != null) {
+ for(RangerPolicyItem policyItem : policyItems) {
+ this.policyItems.add(policyItem);
+ }
+ }
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPolicy={");
+
+ super.toString(sb);
+
+ sb.append("service={").append(service).append("} ");
+ sb.append("name={").append(name).append("} ");
+ sb.append("description={").append(description).append("} ");
+ sb.append("isEnabled={").append(isEnabled).append("} ");
+ sb.append("isAuditEnabled={").append(isAuditEnabled).append("} ");
+
+ sb.append("resources={");
+ if(resources != null) {
+ for(RangerPolicyResource resource : resources) {
+ if(resource != null) {
+ resource.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("policyItems={");
+ if(policyItems != null) {
+ for(RangerPolicyItem policyItem : policyItems) {
+ if(policyItem != null) {
+ policyItem.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+
+
+ public static class RangerPolicyResource implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String type = null;
+ private String value = null;
+ private Boolean isExcludes = null;
+ private Boolean isRecursive = null;
+
+
+ public RangerPolicyResource() {
+ this(null, null, null, null);
+ }
+
+ public RangerPolicyResource(String type, String value, Boolean isExcludes, Boolean isRecursive) {
+ setType(type);
+ setValue(value);
+ setIsExcludes(isExcludes);
+ setIsRecursive(isRecursive);
+ }
+
+ /**
+ * @return the type
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ /**
+ * @return the value
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * @param value the value to set
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ /**
+ * @return the isExcludes
+ */
+ public Boolean getIsExcludes() {
+ return isExcludes;
+ }
+
+ /**
+ * @param isExcludes the isExcludes to set
+ */
+ public void setIsExcludes(Boolean isExcludes) {
+ this.isExcludes = isExcludes == null ? Boolean.FALSE : isExcludes;
+ }
+
+ /**
+ * @return the isRecursive
+ */
+ public Boolean getIsRecursive() {
+ return isRecursive;
+ }
+
+ /**
+ * @param isRecursive the isRecursive to set
+ */
+ public void setIsRecursive(Boolean isRecursive) {
+ this.isRecursive = isRecursive == null ? Boolean.FALSE : isRecursive;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPolicyResource={");
+ sb.append("type={").append(type).append("} ");
+ sb.append("value={").append(value).append("} ");
+ sb.append("isExcludes={").append(isExcludes).append("} ");
+ sb.append("isRecursive={").append(isRecursive).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+ public static class RangerPolicyItem implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private List<RangerPolicyItemAccess> accesses = null;
+ private List<String> users = null;
+ private List<String> groups = null;
+ private List<RangerPolicyItemCondition> conditions = null;
+ private Boolean delegateAdmin = null;
+
+ public RangerPolicyItem() {
+ this(null, null, null, null, null);
+ }
+
+ public RangerPolicyItem(List<RangerPolicyItemAccess> accessTypes, List<String> users, List<String> groups, List<RangerPolicyItemCondition> conditions, Boolean delegateAdmin) {
+ setAccesses(accessTypes);
+ setUsers(users);
+ setGroups(groups);
+ setConditions(conditions);
+ setDelegateAdmin(delegateAdmin);
+ }
+
+ /**
+ * @return the accesses
+ */
+ public List<RangerPolicyItemAccess> getAccesses() {
+ return accesses;
+ }
+ /**
+ * @param accesses the accesses to set
+ */
+ public void setAccesses(List<RangerPolicyItemAccess> accesses) {
+ this.accesses = new ArrayList<RangerPolicyItemAccess>();
+
+ if(accesses != null) {
+ for(RangerPolicyItemAccess access : accesses) {
+ this.accesses.add(access);
+ }
+ }
+ }
+ /**
+ * @return the users
+ */
+ public List<String> getUsers() {
+ return users;
+ }
+ /**
+ * @param users the users to set
+ */
+ public void setUsers(List<String> users) {
+ this.users = new ArrayList<String>();
+
+ if(users != null) {
+ for(String user : users) {
+ this.users.add(user);
+ }
+ }
+ }
+ /**
+ * @return the groups
+ */
+ public List<String> getGroups() {
+ return groups;
+ }
+ /**
+ * @param groups the groups to set
+ */
+ public void setGroups(List<String> groups) {
+ this.groups = new ArrayList<String>();
+
+ if(groups != null) {
+ for(String group : groups) {
+ this.groups.add(group);
+ }
+ }
+ }
+ /**
+ * @return the conditions
+ */
+ public List<RangerPolicyItemCondition> getConditions() {
+ return conditions;
+ }
+ /**
+ * @param conditions the conditions to set
+ */
+ public void setConditions(List<RangerPolicyItemCondition> conditions) {
+ this.conditions = new ArrayList<RangerPolicyItemCondition>();
+
+ if(conditions != null) {
+ for(RangerPolicyItemCondition condition : conditions) {
+ this.conditions.add(condition);
+ }
+ }
+ }
+
+ /**
+ * @return the delegateAdmin
+ */
+ public Boolean getDelegateAdmin() {
+ return delegateAdmin;
+ }
+
+ /**
+ * @param delegateAdmin the delegateAdmin to set
+ */
+ public void setDelegateAdmin(Boolean delegateAdmin) {
+ this.delegateAdmin = delegateAdmin == null ? Boolean.FALSE : delegateAdmin;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPolicyItem={");
+
+ sb.append("accessTypes={");
+ if(accesses != null) {
+ for(RangerPolicyItemAccess access : accesses) {
+ if(access != null) {
+ access.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("users={");
+ if(users != null) {
+ for(String user : users) {
+ if(user != null) {
+ sb.append(user).append(" ");
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("groups={");
+ if(groups != null) {
+ for(String group : groups) {
+ if(group != null) {
+ sb.append(group).append(" ");
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("conditions={");
+ if(conditions != null) {
+ for(RangerPolicyItemCondition condition : conditions) {
+ if(condition != null) {
+ condition.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("delegateAdmin={").append(delegateAdmin).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+ public static class RangerPolicyItemAccess implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String type = null;
+ private Boolean isAllowed = null;
+
+ public RangerPolicyItemAccess() {
+ this(null, null);
+ }
+
+ public RangerPolicyItemAccess(String type, Boolean value) {
+ setType(type);
+ setValue(value);
+ }
+
+ /**
+ * @return the type
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ /**
+ * @return the value
+ */
+ public Boolean getValue() {
+ return isAllowed;
+ }
+
+ /**
+ * @param value the value to set
+ */
+ public void setValue(Boolean isAllowed) {
+ this.isAllowed = isAllowed == null ? Boolean.FALSE : isAllowed;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPolicyItemAccess={");
+ sb.append("type={").append(type).append("} ");
+ sb.append("isAllowed={").append(isAllowed).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+ public static class RangerPolicyItemCondition implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String type = null;
+ private String value = null;
+
+ public RangerPolicyItemCondition() {
+ this(null, null);
+ }
+
+ public RangerPolicyItemCondition(String type, String value) {
+ setType(type);
+ setValue(value);
+ }
+
+ /**
+ * @return the type
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ /**
+ * @return the value
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * @param value the value to set
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPolicyItemCondition={");
+ sb.append("type={").append(type).append("} ");
+ sb.append("value={").append(value).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
new file mode 100644
index 0000000..9bdb086
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
@@ -0,0 +1,190 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.model;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class RangerService extends RangerBaseModelObject implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String type = null;
+ private String name = null;
+ private String description = null;
+ private Boolean isEnabled = null;
+ private Map<String, String> configs = null;
+
+
+ /**
+ * @param type
+ */
+ public RangerService() {
+ this(null, null, null, null, null);
+ }
+
+ /**
+ * @param type
+ * @param name
+ * @param description
+ * @param isEnabled
+ * @param configs
+ */
+ public RangerService(String type, String name, String description, Boolean isEnabled, Map<String, String> configs) {
+ super();
+
+ setType(type);
+ setName(name);
+ setDescription(description);
+ setIsEnabled(isEnabled);
+ setConfigs(configs);
+ }
+
+ public void updateFrom(RangerService other) {
+ super.updateFrom(other);
+
+ setType(other.getType());
+ setName(other.getName());
+ setDescription(other.getDescription());
+ setIsEnabled(other.getIsEnabled());
+ setConfigs(other.getConfigs());
+ }
+
+ /**
+ * @return the type
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * @param description the description to set
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * @return the isEnabled
+ */
+ public Boolean getIsEnabled() {
+ return isEnabled;
+ }
+
+ /**
+ * @param isEnabled the isEnabled to set
+ */
+ public void setIsEnabled(Boolean isEnabled) {
+ this.isEnabled = isEnabled == null ? Boolean.TRUE : isEnabled;
+ }
+
+ /**
+ * @return the configs
+ */
+ public Map<String, String> getConfigs() {
+ return configs;
+ }
+
+ /**
+ * @param configs the configs to set
+ */
+ public void setConfigs(Map<String, String> configs) {
+ this.configs = new HashMap<String, String>();
+
+ if(configs != null) {
+ for(Map.Entry<String, String> e : configs.entrySet()) {
+ this.configs.put(e.getKey(), e.getValue());
+ }
+ }
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerService={");
+
+ super.toString(sb);
+ sb.append("name={").append(name).append("} ");
+ sb.append("type={").append(type).append("} ");
+ sb.append("description={").append(description).append("} ");
+ sb.append("isEnabled={").append(isEnabled).append("} ");
+
+ sb.append("configs={");
+ if(configs != null) {
+ for(Map.Entry<String, String> e : configs.entrySet()) {
+ sb.append(e.getKey()).append("={").append(e.getValue()).append("} ");
+ }
+ }
+ sb.append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
new file mode 100644
index 0000000..524abea
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
@@ -0,0 +1,1146 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.model;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class RangerServiceDef extends RangerBaseModelObject implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private String implClass = null;
+ private String label = null;
+ private String description = null;
+ private String rbKeyLabel = null;
+ private String rbKeyDescription = null;
+ private List<RangerServiceConfigDef> configs = null;
+ private List<RangerResourceDef> resources = null;
+ private List<RangerAccessTypeDef> accessTypes = null;
+ private List<RangerPolicyConditionDef> policyConditions = null;
+ private List<RangerEnumDef> enums = null;
+
+
+ public RangerServiceDef() {
+ this(null, null, null, null, null, null, null, null, null);
+ }
+
+ public RangerServiceDef(String name, String implClass, String label, String description, List<RangerServiceConfigDef> configs, List<RangerResourceDef> resources, List<RangerAccessTypeDef> accessTypes, List<RangerPolicyConditionDef> policyConditions, List<RangerEnumDef> enums) {
+ super();
+
+ setName(name);
+ setImplClass(implClass);
+ setLabel(label);
+ setDescription(description);
+ setConfigs(configs);
+ setResources(resources);
+ setAccessTypes(accessTypes);
+ setPolicyConditions(policyConditions);
+ setEnums(enums);
+ }
+
+ public void updateFrom(RangerServiceDef other) {
+ setName(other.getName());
+ setImplClass(other.getImplClass());
+ setLabel(other.getLabel());
+ setDescription(other.getDescription());
+ setConfigs(other.getConfigs());
+ setResources(other.getResources());
+ setAccessTypes(other.getAccessTypes());
+ setPolicyConditions(other.getPolicyConditions());
+ setEnums(other.getEnums());
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the implClass
+ */
+ public String getImplClass() {
+ return implClass;
+ }
+
+ /**
+ * @param implClass the implClass to set
+ */
+ public void setImplClass(String implClass) {
+ this.implClass = implClass;
+ }
+
+ /**
+ * @return the label
+ */
+ public String getLabel() {
+ return label;
+ }
+
+ /**
+ * @param label the label to set
+ */
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ /**
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * @param description the description to set
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * @return the rbKeyLabel
+ */
+ public String getRbKeyLabel() {
+ return rbKeyLabel;
+ }
+
+ /**
+ * @param rbKeyLabel the rbKeyLabel to set
+ */
+ public void setRbKeyLabel(String rbKeyLabel) {
+ this.rbKeyLabel = rbKeyLabel;
+ }
+
+ /**
+ * @return the rbKeyDescription
+ */
+ public String getRbKeyDescription() {
+ return rbKeyDescription;
+ }
+
+ /**
+ * @param rbKeyDescription the rbKeyDescription to set
+ */
+ public void setRbKeyDescription(String rbKeyDescription) {
+ this.rbKeyDescription = rbKeyDescription;
+ }
+
+ /**
+ * @return the configs
+ */
+ public List<RangerServiceConfigDef> getConfigs() {
+ return configs;
+ }
+
+ /**
+ * @param configs the configs to set
+ */
+ public void setConfigs(List<RangerServiceConfigDef> configs) {
+ this.configs = new ArrayList<RangerServiceConfigDef>();
+
+ if(configs != null) {
+ for(RangerServiceConfigDef config : configs) {
+ this.configs.add(config);
+ }
+ }
+ }
+
+ /**
+ * @return the resources
+ */
+ public List<RangerResourceDef> getResources() {
+ return resources;
+ }
+
+ /**
+ * @param resources the resources to set
+ */
+ public void setResources(List<RangerResourceDef> resources) {
+ this.resources = new ArrayList<RangerResourceDef>();
+
+ if(resources != null) {
+ for(RangerResourceDef resource : resources) {
+ this.resources.add(resource);
+ }
+ }
+ }
+
+ /**
+ * @return the accessTypes
+ */
+ public List<RangerAccessTypeDef> getAccessTypes() {
+ return accessTypes;
+ }
+
+ /**
+ * @param accessTypes the accessTypes to set
+ */
+ public void setAccessTypes(List<RangerAccessTypeDef> accessTypes) {
+ this.accessTypes = new ArrayList<RangerAccessTypeDef>();
+
+ if(accessTypes != null) {
+ for(RangerAccessTypeDef accessType : accessTypes) {
+ this.accessTypes.add(accessType);
+ }
+ }
+ }
+
+ /**
+ * @return the policyConditions
+ */
+ public List<RangerPolicyConditionDef> getPolicyConditions() {
+ return policyConditions;
+ }
+
+ /**
+ * @param policyConditions the policyConditions to set
+ */
+ public void setPolicyConditions(List<RangerPolicyConditionDef> policyConditions) {
+ this.policyConditions = new ArrayList<RangerPolicyConditionDef>();
+
+ if(policyConditions != null) {
+ for(RangerPolicyConditionDef policyCondition : policyConditions) {
+ this.policyConditions.add(policyCondition);
+ }
+ }
+ }
+
+ /**
+ * @return the enums
+ */
+ public List<RangerEnumDef> getEnums() {
+ return enums;
+ }
+
+ /**
+ * @param enums the enums to set
+ */
+ public void setEnums(List<RangerEnumDef> enums) {
+ this.enums = new ArrayList<RangerEnumDef>();
+
+ if(enums != null) {
+ for(RangerEnumDef enum1 : enums) {
+ this.enums.add(enum1);
+ }
+ }
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerServiceDef={");
+
+ super.toString(sb);
+
+ sb.append("name={").append(name).append("} ");
+ sb.append("implClass={").append(implClass).append("} ");
+ sb.append("label={").append(label).append("} ");
+ sb.append("description={").append(description).append("} ");
+ sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
+ sb.append("rbKeyDescription={").append(rbKeyDescription).append("} ");
+
+ sb.append("configs={");
+ if(configs != null) {
+ for(RangerServiceConfigDef config : configs) {
+ if(config != null) {
+ config.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("resources={");
+ if(resources != null) {
+ for(RangerResourceDef resource : resources) {
+ if(resource != null) {
+ resource.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("accessTypes={");
+ if(accessTypes != null) {
+ for(RangerAccessTypeDef accessType : accessTypes) {
+ if(accessType != null) {
+ accessType.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("policyConditions={");
+ if(policyConditions != null) {
+ for(RangerPolicyConditionDef policyCondition : policyConditions) {
+ if(policyCondition != null) {
+ policyCondition.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("enums={");
+ if(enums != null) {
+ for(RangerEnumDef e : enums) {
+ if(e != null) {
+ e.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+
+
+ public static class RangerEnumDef implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private List<RangerEnumElementDef> elements = null;
+ private Integer defaultIndex = null;
+
+
+ public RangerEnumDef() {
+ this(null, null, null);
+ }
+
+ public RangerEnumDef(String name, List<RangerEnumElementDef> elements, Integer defaultIndex) {
+ setName(name);
+ setElements(elements);
+ setDefaultIndex(defaultIndex);
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the elements
+ */
+ public List<RangerEnumElementDef> getElements() {
+ return elements;
+ }
+
+ /**
+ * @param elements the elements to set
+ */
+ public void setElements(List<RangerEnumElementDef> elements) {
+ this.elements = new ArrayList<RangerEnumElementDef>();
+
+ if(elements != null) {
+ for(RangerEnumElementDef element : elements) {
+ this.elements.add(element);
+ }
+ }
+ }
+
+ /**
+ * @return the defaultIndex
+ */
+ public Integer getDefaultIndex() {
+ return defaultIndex;
+ }
+
+ /**
+ * @param defaultIndex the defaultIndex to set
+ */
+ public void setDefaultIndex(Integer defaultIndex) {
+ this.defaultIndex = (defaultIndex != null && this.elements.size() > defaultIndex) ? defaultIndex : 0;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerEnumDef={");
+ sb.append("name={").append(name).append("} ");
+ sb.append("elements={");
+ if(elements != null) {
+ for(RangerEnumElementDef element : elements) {
+ if(element != null) {
+ element.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+ sb.append("defaultIndex={").append(defaultIndex).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+
+ public static class RangerEnumElementDef implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private String label = null;
+ private String rbKeyLabel = null;
+
+
+ public RangerEnumElementDef() {
+ this(null, null, null);
+ }
+
+ public RangerEnumElementDef(String name, String label, String rbKeyLabel) {
+ setName(name);
+ setLabel(label);
+ setRbKeyLabel(rbKeyLabel);
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the label
+ */
+ public String getLabel() {
+ return label;
+ }
+
+ /**
+ * @param label the label to set
+ */
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ /**
+ * @return the rbKeyLabel
+ */
+ public String getRbKeyLabel() {
+ return rbKeyLabel;
+ }
+
+ /**
+ * @param rbKeyLabel the rbKeyLabel to set
+ */
+ public void setRbKeyLabel(String rbKeyLabel) {
+ this.rbKeyLabel = rbKeyLabel;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerEnumElementDef={");
+ sb.append("name={").append(name).append("} ");
+ sb.append("label={").append(label).append("} ");
+ sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+
+ public static class RangerServiceConfigDef implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private String type = null;
+ private String subType = null;
+ private Boolean mandatory = null;
+ private String defaultValue = null;
+ private String label = null;
+ private String description = null;
+ private String rbKeyLabel = null;
+ private String rbKeyDescription = null;
+
+
+ public RangerServiceConfigDef() {
+ this(null, null, null, null, null, null, null, null, null);
+ }
+
+ public RangerServiceConfigDef(String name, String type, String subType, Boolean mandatory, String defaultValue, String label, String description, String rbKeyLabel, String rbKeyDescription) {
+ setName(name);
+ setType(type);
+ setSubType(subType);
+ setMandatory(mandatory);
+ setDefaultValue(defaultValue);
+ setLabel(label);
+ setDescription(description);
+ setRbKeyLabel(rbKeyLabel);
+ setRbKeyDescription(rbKeyDescription);
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the type
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ /**
+ * @return the type
+ */
+ public String getSubType() {
+ return subType;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setSubType(String subType) {
+ this.subType = subType;
+ }
+
+ /**
+ * @return the mandatory
+ */
+ public Boolean getMandatory() {
+ return mandatory;
+ }
+
+ /**
+ * @param mandatory the mandatory to set
+ */
+ public void setMandatory(Boolean mandatory) {
+ this.mandatory = mandatory == null ? Boolean.FALSE : mandatory;
+ }
+
+ /**
+ * @return the defaultValue
+ */
+ public String getDefaultValue() {
+ return defaultValue;
+ }
+
+ /**
+ * @param defaultValue the defaultValue to set
+ */
+ public void setDefaultValue(String defaultValue) {
+ this.defaultValue = defaultValue;
+ }
+
+ /**
+ * @return the label
+ */
+ public String getLabel() {
+ return label;
+ }
+
+ /**
+ * @param label the label to set
+ */
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ /**
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * @param description the description to set
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * @return the rbKeyLabel
+ */
+ public String getRbKeyLabel() {
+ return rbKeyLabel;
+ }
+
+ /**
+ * @param rbKeyLabel the rbKeyLabel to set
+ */
+ public void setRbKeyLabel(String rbKeyLabel) {
+ this.rbKeyLabel = rbKeyLabel;
+ }
+
+ /**
+ * @return the rbKeyDescription
+ */
+ public String getRbKeyDescription() {
+ return rbKeyDescription;
+ }
+
+ /**
+ * @param rbKeyDescription the rbKeyDescription to set
+ */
+ public void setRbKeyDescription(String rbKeyDescription) {
+ this.rbKeyDescription = rbKeyDescription;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerServiceConfigDef={");
+ sb.append("name={").append(name).append("} ");
+ sb.append("type={").append(type).append("} ");
+ sb.append("subType={").append(subType).append("} ");
+ sb.append("mandatory={").append(mandatory).append("} ");
+ sb.append("defaultValue={").append(defaultValue).append("} ");
+ sb.append("label={").append(label).append("} ");
+ sb.append("description={").append(description).append("} ");
+ sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
+ sb.append("rbKeyDescription={").append(rbKeyDescription).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+
+ public static class RangerResourceDef implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private Integer level = null;
+ private String parent = null;
+ private Boolean mandatory = null;
+ private Boolean lookupSupported = null;
+ private Boolean recursiveSupported = null;
+ private Boolean excludesSupported = null;
+ private String label = null;
+ private String description = null;
+ private String rbKeyLabel = null;
+ private String rbKeyDescription = null;
+
+
+ public RangerResourceDef() {
+ this(null, null, null, null, null, null, null, null, null, null, null);
+ }
+
+ public RangerResourceDef(String name, Integer level, String parent, Boolean mandatory, Boolean lookupSupported, Boolean recursiveSupported, Boolean excludesSupported, String label, String description, String rbKeyLabel, String rbKeyDescription) {
+ setName(name);
+ setLevel(level);
+ setParent(parent);
+ setMandatory(mandatory);
+ setLookupSupported(lookupSupported);
+ setRecursiveSupported(recursiveSupported);
+ setExcludesSupported(excludesSupported);
+ setLabel(label);
+ setDescription(description);
+ setRbKeyLabel(rbKeyLabel);
+ setRbKeyDescription(rbKeyDescription);
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the level
+ */
+ public Integer getLevel() {
+ return level;
+ }
+
+ /**
+ * @param level the level to set
+ */
+ public void setLevel(Integer level) {
+ this.level = level == null ? 1 : level;
+ }
+
+ /**
+ * @return the parent
+ */
+ public String getParent() {
+ return parent;
+ }
+
+ /**
+ * @param parent the parent to set
+ */
+ public void setParent(String parent) {
+ this.parent = parent;
+ }
+
+ /**
+ * @return the mandatory
+ */
+ public Boolean getMandatory() {
+ return mandatory;
+ }
+
+ /**
+ * @param mandatory the mandatory to set
+ */
+ public void setMandatory(Boolean mandatory) {
+ this.mandatory = mandatory == null ? Boolean.FALSE : mandatory;
+ }
+
+ /**
+ * @return the lookupSupported
+ */
+ public Boolean getLookupSupported() {
+ return lookupSupported;
+ }
+
+ /**
+ * @param lookupSupported the lookupSupported to set
+ */
+ public void setLookupSupported(Boolean lookupSupported) {
+ this.lookupSupported = lookupSupported == null ? Boolean.FALSE : lookupSupported;
+ }
+
+ /**
+ * @return the recursiveSupported
+ */
+ public Boolean getRecursiveSupported() {
+ return recursiveSupported;
+ }
+
+ /**
+ * @param recursiveSupported the recursiveSupported to set
+ */
+ public void setRecursiveSupported(Boolean recursiveSupported) {
+ this.recursiveSupported = recursiveSupported == null ? Boolean.FALSE : recursiveSupported;
+ }
+
+ /**
+ * @return the excludesSupported
+ */
+ public Boolean getExcludesSupported() {
+ return excludesSupported;
+ }
+
+ /**
+ * @param excludesSupported the excludesSupported to set
+ */
+ public void setExcludesSupported(Boolean excludesSupported) {
+ this.excludesSupported = excludesSupported == null ? Boolean.FALSE : excludesSupported;
+ }
+
+ /**
+ * @return the label
+ */
+ public String getLabel() {
+ return label;
+ }
+
+ /**
+ * @param label the label to set
+ */
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ /**
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * @param description the description to set
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * @return the rbKeyLabel
+ */
+ public String getRbKeyLabel() {
+ return rbKeyLabel;
+ }
+
+ /**
+ * @param rbKeyLabel the rbKeyLabel to set
+ */
+ public void setRbKeyLabel(String rbKeyLabel) {
+ this.rbKeyLabel = rbKeyLabel;
+ }
+
+ /**
+ * @return the rbKeyDescription
+ */
+ public String getRbKeyDescription() {
+ return rbKeyDescription;
+ }
+
+ /**
+ * @param rbKeyDescription the rbKeyDescription to set
+ */
+ public void setRbKeyDescription(String rbKeyDescription) {
+ this.rbKeyDescription = rbKeyDescription;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerResourceDef={");
+ sb.append("name={").append(name).append("} ");
+ sb.append("level={").append(level).append("} ");
+ sb.append("parent={").append(parent).append("} ");
+ sb.append("mandatory={").append(mandatory).append("} ");
+ sb.append("lookupSupported={").append(lookupSupported).append("} ");
+ sb.append("recursiveSupported={").append(recursiveSupported).append("} ");
+ sb.append("excludesSupported={").append(excludesSupported).append("} ");
+ sb.append("label={").append(label).append("} ");
+ sb.append("description={").append(description).append("} ");
+ sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
+ sb.append("rbKeyDescription={").append(rbKeyDescription).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+
+ public static class RangerAccessTypeDef implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private String label = null;
+ private String rbKeyLabel = null;
+
+
+ public RangerAccessTypeDef() {
+ this(null, null, null);
+ }
+
+ public RangerAccessTypeDef(String name, String label, String rbKeyLabel) {
+ setName(name);
+ setLabel(label);
+ setRbKeyLabel(rbKeyLabel);
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the label
+ */
+ public String getLabel() {
+ return label;
+ }
+
+ /**
+ * @param label the label to set
+ */
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ /**
+ * @return the rbKeyLabel
+ */
+ public String getRbKeyLabel() {
+ return rbKeyLabel;
+ }
+
+ /**
+ * @param rbKeyLabel the rbKeyLabel to set
+ */
+ public void setRbKeyLabel(String rbKeyLabel) {
+ this.rbKeyLabel = rbKeyLabel;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerAccessTypeDef={");
+ sb.append("name={").append(name).append("} ");
+ sb.append("label={").append(label).append("} ");
+ sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+
+ public static class RangerPolicyConditionDef implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private String evalClass = null;
+ private String label = null;
+ private String description = null;
+ private String rbKeyLabel = null;
+ private String rbKeyDescription = null;
+
+
+ public RangerPolicyConditionDef() {
+ this(null, null, null, null, null, null);
+ }
+
+ public RangerPolicyConditionDef(String name, String evalClass) {
+ this(name, evalClass, null, null, null, null);
+ }
+
+ public RangerPolicyConditionDef(String name, String evalClass, String label) {
+ this(name, evalClass, label, null, null, null);
+ }
+
+ public RangerPolicyConditionDef(String name, String evalClass, String label, String description) {
+ this(name, evalClass, label, description, null, null);
+ }
+
+ public RangerPolicyConditionDef(String name, String evalClass, String label, String description, String rbKeyLabel, String rbKeyDescription) {
+ setName(name);
+ setEvalClass(evalClass);
+ setLabel(label);
+ setDescription(description);
+ setRbKeyLabel(rbKeyLabel);
+ setRbKeyDescription(rbKeyDescription);
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the evalClass
+ */
+ public String getEvalClass() {
+ return evalClass;
+ }
+
+ /**
+ * @param evalClass the evalClass to set
+ */
+ public void setEvalClass(String evalClass) {
+ this.evalClass = evalClass;
+ }
+
+ /**
+ * @return the label
+ */
+ public String getLabel() {
+ return label;
+ }
+
+ /**
+ * @param label the label to set
+ */
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ /**
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * @param description the description to set
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * @return the rbKeyLabel
+ */
+ public String getRbKeyLabel() {
+ return rbKeyLabel;
+ }
+
+ /**
+ * @param rbKeyLabel the rbKeyLabel to set
+ */
+ public void setRbKeyLabel(String rbKeyLabel) {
+ this.rbKeyLabel = rbKeyLabel;
+ }
+
+ /**
+ * @return the rbKeyDescription
+ */
+ public String getRbKeyDescription() {
+ return rbKeyDescription;
+ }
+
+ /**
+ * @param rbKeyDescription the rbKeyDescription to set
+ */
+ public void setRbKeyDescription(String rbKeyDescription) {
+ this.rbKeyDescription = rbKeyDescription;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPolicyConditionDef={");
+ sb.append("name={").append(name).append("} ");
+ sb.append("evalClass={").append(evalClass).append("} ");
+ sb.append("label={").append(label).append("} ");
+ sb.append("description={").append(description).append("} ");
+ sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
+ sb.append("rbKeyDescription={").append(rbKeyDescription).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
new file mode 100644
index 0000000..1abc3f2
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.Collection;
+
+public interface RangerAccessRequest {
+ RangerResource getResource();
+
+ Collection<String> getAccessTypes();
+
+ String getRequestUser();
+
+ Collection<String> getRequestUserGroups();
+
+ String getClientIPAddress();
+
+ String getClientType();
+
+ String getAction();
+
+ String getRequestData();
+
+ String getSessionId();
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
new file mode 100644
index 0000000..5867e67
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
@@ -0,0 +1,98 @@
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.Collection;
+
+
+public class RangerAccessRequestImpl implements RangerAccessRequest {
+ private RangerResource resource = null;
+ private Collection<String> accessTypes = null;
+ private String requestUser = null;
+ private Collection<String> requestUserGroups = null;
+ private String clientIPAddress = null;
+ private String clientType = null;
+ private String action = null;
+ private String requestData = null;
+ private String sessionId = null;
+
+ @Override
+ public RangerResource getResource() {
+ return resource;
+ }
+
+ @Override
+ public Collection<String> getAccessTypes() {
+ return accessTypes;
+ }
+
+ @Override
+ public String getRequestUser() {
+ return requestUser;
+ }
+
+ @Override
+ public Collection<String> getRequestUserGroups() {
+ return requestUserGroups;
+ }
+
+ @Override
+ public String getClientIPAddress() {
+ return clientIPAddress;
+ }
+
+ @Override
+ public String getClientType() {
+ return clientType;
+ }
+
+ @Override
+ public String getAction() {
+ return action;
+ }
+
+ @Override
+ public String getRequestData() {
+ return requestData;
+ }
+
+ @Override
+ public String getSessionId() {
+ return sessionId;
+ }
+
+
+ public void setResource(RangerResource resource) {
+ this.resource = resource;
+ }
+
+ public void setAccessTypes(Collection<String> accessTypes) {
+ this.accessTypes = accessTypes;
+ }
+
+ public void setRequestUser(String requestUser) {
+ this.requestUser = requestUser;
+ }
+
+ public void setRequestUserGroups(Collection<String> requestUserGroups) {
+ this.requestUserGroups = requestUserGroups;
+ }
+
+ public void setClientIPAddress(String clientIPAddress) {
+ this.clientIPAddress = clientIPAddress;
+ }
+
+ public void setClientType(String clientType) {
+ this.clientType = clientType;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public void setRequestData(String requestData) {
+ this.requestData = requestData;
+ }
+
+ public void setSessionId(String sessionId) {
+ this.sessionId = sessionId;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
new file mode 100644
index 0000000..aee6716
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.List;
+
+public interface RangerPolicyEngine {
+ boolean isAccessAllowed(RangerAccessRequest request);
+
+ boolean isAccessAllowed(List<RangerAccessRequest> requests, List<Boolean> results);
+
+ void auditAccess(RangerAccessRequest request);
+
+ void auditAccess(List<RangerAccessRequest> requests, List<Boolean> results);
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
new file mode 100644
index 0000000..71274f3
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.manager.ServiceDefManager;
+import org.apache.ranger.plugin.manager.ServiceManager;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+
+
+public class RangerPolicyEngineImpl implements RangerPolicyEngine {
+ private static final Log LOG = LogFactory.getLog(RangerPolicyEngineImpl.class);
+
+ private String svcName = null;
+ private ServiceDefManager sdMgr = null;
+ private ServiceManager svcMgr = null;
+ private RangerService service = null;
+ private RangerServiceDef serviceDef = null;
+ private List<RangerPolicy> policies = null;
+
+ public RangerPolicyEngineImpl() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPolicyEngine()");
+ }
+
+ sdMgr = new ServiceDefManager();
+ svcMgr = new ServiceManager();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPolicyEngine()");
+ }
+ }
+
+ public void init(String serviceName) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPolicyEngine.init(" + serviceName + ")");
+ }
+
+ svcName = serviceName;
+ service = svcMgr.getByName(svcName);
+
+ if(service == null) {
+ LOG.error(svcName + ": service not found");
+ } else {
+ serviceDef = sdMgr.getByName(service.getType());
+
+ if(serviceDef == null) {
+ String msg = service.getType() + ": service-def not found";
+
+ LOG.error(msg);
+
+ throw new Exception(msg);
+ }
+
+ policies = svcMgr.getPolicies(service.getId());
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("found " + (policies == null ? 0 : policies.size()) + " policies in service '" + svcName + "'");
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPolicyEngine.init(" + serviceName + ")");
+ }
+ }
+
+ @Override
+ public boolean isAccessAllowed(RangerAccessRequest request) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isAccessAllowed(List<RangerAccessRequest> requests,
+ List<Boolean> results) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public void auditAccess(RangerAccessRequest request) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void auditAccess(List<RangerAccessRequest> requests,
+ List<Boolean> results) {
+ // TODO Auto-generated method stub
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
new file mode 100644
index 0000000..b07f42a
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.List;
+
+public interface RangerResource {
+ public abstract String getOwnerUser();
+
+ public abstract String getElementValue(String type);
+
+ public abstract List<String> getElementValues(String type);
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
new file mode 100644
index 0000000..5d5a81d
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+
+public class RangerResourceImpl implements RangerResource {
+ private String ownerUser = null;
+ private Map<String, Object> elements = null;
+
+
+ public RangerResourceImpl() {
+ }
+
+ @Override
+ public String getOwnerUser() {
+ return ownerUser;
+ }
+
+ @Override
+ public String getElementValue(String type) {
+ String ret = null;
+
+ if(elements != null) {
+ Object value = elements.get(type);
+
+ if(value != null) {
+ if(value instanceof String) {
+ ret = (String)value;
+ } else { // value must be a List<String>
+ @SuppressWarnings("unchecked")
+ List<String> list = (List<String>)value;
+
+ if(list != null && list.size() > 0) {
+ ret = list.get(0);
+ }
+ }
+ }
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<String> getElementValues(String type) {
+ List<String> ret = null;
+
+ if(elements != null) {
+ Object value = elements.get(type);
+
+ if(value != null) {
+ if(value instanceof String) {
+ ret = new ArrayList<String>();
+ ret.add((String)value);
+ } else { // value must be a List<String>
+ @SuppressWarnings("unchecked")
+ List<String> tmpList = (List<String>)value;
+
+ ret = tmpList;
+ }
+ }
+ }
+
+ return ret;
+ }
+
+ public void setOwnerUser(String ownerUser) {
+ this.ownerUser = ownerUser;
+ }
+
+ public void setElement(String type, String value) {
+ if(elements == null) {
+ elements = new HashMap<String, Object>();
+ }
+
+ elements.put(type, value);
+ }
+
+ public void setElement(String type, List<String> value) {
+ if(elements == null) {
+ elements = new HashMap<String, Object>();
+ }
+
+ elements.put(type, value);
+ }
+
+ public void addElement(String type, String value) {
+ if(elements == null) {
+ elements = new HashMap<String, Object>();
+ }
+
+ Object val = elements.get(type);
+
+ if(val == null) {
+ elements.put(type, value);
+ } else {
+ List<String> list = null;
+
+ if(val instanceof String) { // convert to a list-value
+ list = new ArrayList<String>();
+
+ elements.put(type, list);
+
+ list.add((String)val);
+ } else { // value must be a List<String>
+ @SuppressWarnings("unchecked")
+ List<String> tmpList = (List<String>)val;
+
+ list = tmpList;
+ }
+
+ list.add(value);
+ }
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceDefStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceDefStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceDefStore.java
new file mode 100644
index 0000000..5489031
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceDefStore.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store;
+
+import java.util.List;
+
+import org.apache.ranger.plugin.model.RangerServiceDef;
+
+public interface ServiceDefStore {
+ RangerServiceDef create(RangerServiceDef serviceDef) throws Exception;
+
+ RangerServiceDef update(RangerServiceDef serviceDef) throws Exception;
+
+ void delete(Long id) throws Exception;
+
+ RangerServiceDef get(Long id) throws Exception;
+
+ RangerServiceDef getByName(String name) throws Exception;
+
+ List<RangerServiceDef> getAll() throws Exception;
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
new file mode 100644
index 0000000..c5b0724
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store;
+
+import java.util.List;
+
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+
+public interface ServiceStore {
+ RangerService create(RangerService service) throws Exception;
+
+ RangerService update(RangerService service) throws Exception;
+
+ void delete(Long id) throws Exception;
+
+ RangerService get(Long id) throws Exception;
+
+ RangerService getByName(String name) throws Exception;
+
+ List<RangerService> getAll() throws Exception;
+
+
+ RangerPolicy createPolicy(RangerPolicy policy) throws Exception;
+
+ RangerPolicy updatePolicy(RangerPolicy policy) throws Exception;
+
+ void deletePolicy(Long id) throws Exception;
+
+ RangerPolicy getPolicy(Long id) throws Exception;
+
+ RangerPolicy getPolicyByName(String serviceName, String policyName) throws Exception;
+
+ List<RangerPolicy> getServicePolicies(String serviceName) throws Exception;
+
+ List<RangerPolicy> getServicePolicies(Long serviceId) throws Exception;
+
+ List<RangerPolicy> getAllPolicies() throws Exception;
+}
[3/4] incubator-ranger git commit: RANGER-203: added ServiceREST
implementation
Posted by ma...@apache.org.
RANGER-203: added ServiceREST implementation
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/941ae692
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/941ae692
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/941ae692
Branch: refs/heads/stack
Commit: 941ae6924e610bf44d9ccddca52e3f21f82310e1
Parents: e99d911
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Thu Dec 18 14:51:10 2014 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu Dec 18 14:51:10 2014 -0800
----------------------------------------------------------------------
.../org/apache/ranger/common/ServiceUtil.java | 463 +++++++++++++++
.../org/apache/ranger/rest/ServiceREST.java | 573 +++++++++++++++++++
2 files changed, 1036 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/941ae692/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
new file mode 100644
index 0000000..8a990da
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
@@ -0,0 +1,463 @@
+package org.apache.ranger.common;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXGroup;
+import org.apache.ranger.entity.XXUser;
+import org.apache.ranger.plugin.model.RangerBaseModelObject;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.view.VXAsset;
+import org.apache.ranger.view.VXAuditMap;
+import org.apache.ranger.view.VXDataObject;
+import org.apache.ranger.view.VXPermMap;
+import org.apache.ranger.view.VXResource;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class ServiceUtil {
+
+ static Map<String, Integer> mapServiceTypeToAssetType = new HashMap<String, Integer>();
+ static Map<String, Integer> mapAccessTypeToPermType = new HashMap<String, Integer>();
+
+ @Autowired
+ JSONUtil jsonUtil;
+
+ @Autowired
+ RangerDaoManager xaDaoMgr;
+
+ static {
+ mapServiceTypeToAssetType.put("hdfs", new Integer(RangerCommonEnums.ASSET_HDFS));
+ mapServiceTypeToAssetType.put("hbase", new Integer(RangerCommonEnums.ASSET_HBASE));
+ mapServiceTypeToAssetType.put("hive", new Integer(RangerCommonEnums.ASSET_HIVE));
+ mapServiceTypeToAssetType.put("knox", new Integer(RangerCommonEnums.ASSET_KNOX));
+ mapServiceTypeToAssetType.put("storm", new Integer(RangerCommonEnums.ASSET_STORM));
+
+ mapAccessTypeToPermType.put("Unknown", 0);
+ mapAccessTypeToPermType.put("Reset", 1);
+ mapAccessTypeToPermType.put("Read", 2);
+ mapAccessTypeToPermType.put("Write", 3);
+ mapAccessTypeToPermType.put("Create", 4);
+ mapAccessTypeToPermType.put("Delete", 5);
+ mapAccessTypeToPermType.put("Admin", 6);
+ mapAccessTypeToPermType.put("Obfuscate", 7);
+ mapAccessTypeToPermType.put("Mask", 8);
+ mapAccessTypeToPermType.put("Execute", 9);
+ mapAccessTypeToPermType.put("Select", 10);
+ mapAccessTypeToPermType.put("Update", 11);
+ mapAccessTypeToPermType.put("Drop", 12);
+ mapAccessTypeToPermType.put("Alter", 13);
+ mapAccessTypeToPermType.put("Index", 14);
+ mapAccessTypeToPermType.put("Lock", 15);
+ mapAccessTypeToPermType.put("All", 16);
+ mapAccessTypeToPermType.put("Allow", 17);
+ mapAccessTypeToPermType.put("submitTopology", 18);
+ mapAccessTypeToPermType.put("fileUpload", 19);
+ mapAccessTypeToPermType.put("getNimbusConf", 20);
+ mapAccessTypeToPermType.put("getClusterInfo", 21);
+ mapAccessTypeToPermType.put("fileDownload", 22);
+ mapAccessTypeToPermType.put("killTopology", 23);
+ mapAccessTypeToPermType.put("rebalance", 24);
+ mapAccessTypeToPermType.put("activate", 25);
+ mapAccessTypeToPermType.put("deactivate", 26);
+ mapAccessTypeToPermType.put("getTopologyConf", 27);
+ mapAccessTypeToPermType.put("getTopology", 28);
+ mapAccessTypeToPermType.put("getUserTopology", 29);
+ mapAccessTypeToPermType.put("getTopologyInfo", 30);
+ mapAccessTypeToPermType.put("uploadNewCredentials", 31);
+ }
+
+ public RangerService toRangerService(VXAsset asset) {
+ if(asset == null) {
+ return null;
+ }
+
+ RangerService ret = new RangerService();
+
+ dataObjectToRangerObject(asset, ret);
+
+ ret.setType(toServiceType(asset.getAssetType()));
+ ret.setName(asset.getName());
+ ret.setDescription(asset.getDescription());
+ ret.setIsEnabled(asset.getActiveStatus() == RangerCommonEnums.STATUS_ENABLED);
+ ret.setConfigs(jsonUtil.jsonToMap(asset.getConfig()));
+
+ return ret;
+ }
+
+ public VXAsset toVXAsset(RangerService service) {
+ if(service == null) {
+ return null;
+ }
+
+ VXAsset ret = new VXAsset();
+
+ rangerObjectToDataObject(service, ret);
+
+ ret.setAssetType(toAssetType(service.getType()));
+ ret.setName(service.getName());
+ ret.setDescription(service.getDescription());
+ ret.setActiveStatus(service.getIsEnabled() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED);
+ ret.setConfig(jsonUtil.readMapToString(service.getConfigs()));
+
+ return ret;
+ }
+
+ public RangerPolicy toRangerPolicy(VXResource resource, RangerService service) {
+ if(resource == null) {
+ return null;
+ }
+
+ RangerPolicy ret = new RangerPolicy();
+
+ dataObjectToRangerObject(resource, ret);
+
+ if(service != null) {
+ ret.setService(service.getName());
+ } else {
+ ret.setService(resource.getAssetName());
+ }
+
+ ret.setName(resource.getPolicyName());
+ ret.setDescription(resource.getDescription());
+ ret.setIsEnabled(resource.getResourceStatus() == RangerCommonEnums.STATUS_ENABLED);
+ ret.setIsAuditEnabled(resource.getAuditList() != null && resource.getAuditList().size() > 0);
+
+ Boolean isRecursive = resource.getIsRecursive() == RangerCommonEnums.BOOL_TRUE;
+ Boolean isTableExcludes = resource.getTableType() == RangerCommonEnums.POLICY_EXCLUSION;
+ Boolean isColumnExcludes = resource.getColumnType() == RangerCommonEnums.POLICY_EXCLUSION;
+
+ toRangerResourceList(resource.getName(), "path", Boolean.FALSE, isRecursive, ret.getResources());
+ toRangerResourceList(resource.getTables(), "table", isTableExcludes, isRecursive, ret.getResources());
+ toRangerResourceList(resource.getColumnFamilies(), "column-family", Boolean.FALSE, isRecursive, ret.getResources());
+ toRangerResourceList(resource.getColumns(), "column", isColumnExcludes, isRecursive, ret.getResources());
+ toRangerResourceList(resource.getDatabases(), "database", Boolean.FALSE, isRecursive, ret.getResources());
+ toRangerResourceList(resource.getUdfs(), "udf", Boolean.FALSE, isRecursive, ret.getResources());
+ toRangerResourceList(resource.getTopologies(), "topology", Boolean.FALSE, isRecursive, ret.getResources());
+ toRangerResourceList(resource.getServices(), "service", Boolean.FALSE, isRecursive, ret.getResources());
+
+ HashMap<String, List<VXPermMap>> sortedPermMap = new HashMap<String, List<VXPermMap>>();
+
+ // re-group the list with permGroup as the key
+ if (resource.getPermMapList() != null) {
+ for(VXPermMap permMap : resource.getPermMapList()) {
+ String permGrp = permMap.getPermGroup();
+ List<VXPermMap> sortedList = sortedPermMap.get(permGrp);
+
+ if(sortedList == null) {
+ sortedList = new ArrayList<VXPermMap>();
+ sortedPermMap.put(permGrp, sortedList);
+ }
+
+ sortedList.add(permMap);
+ }
+ }
+
+ for (Entry<String, List<VXPermMap>> entry : sortedPermMap.entrySet()) {
+ List<String> userList = new ArrayList<String>();
+ List<String> groupList = new ArrayList<String>();
+ List<RangerPolicyItemAccess> accessList = new ArrayList<RangerPolicyItemAccess>();
+ String ipAddress = null;
+
+ for(VXPermMap permMap : entry.getValue()) {
+ if(permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
+ String userName = getUserName(permMap);
+
+ if (! userList.contains(userName)) {
+ userList.add(userName);
+ }
+ } else if(permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
+ String groupName = getGroupName(permMap);
+
+ if (! groupList.contains(groupName)) {
+ groupList.add(groupName);
+ }
+ }
+
+ accessList.add(new RangerPolicyItemAccess(toAccessType(permMap.getPermType()), Boolean.TRUE));
+
+ ipAddress = permMap.getIpAddress();
+ }
+
+ RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
+
+ policyItem.setUsers(userList);
+ policyItem.setGroups(groupList);
+ policyItem.setAccesses(accessList);
+
+ if(ipAddress != null && !ipAddress.isEmpty()) {
+ RangerPolicy.RangerPolicyItemCondition ipCondition = new RangerPolicy.RangerPolicyItemCondition("ipaddress", ipAddress);
+
+ policyItem.getConditions().add(ipCondition);
+ }
+
+ ret.getPolicyItems().add(policyItem);
+ }
+
+ return ret;
+ }
+
+ public VXResource toVXResource(RangerPolicy policy, RangerService service) {
+ if(policy == null || service == null) {
+ return null;
+ }
+
+ VXResource ret = new VXResource();
+
+ rangerObjectToDataObject(policy, ret);
+
+ ret.setAssetName(policy.getService());
+ ret.setAssetId(service.getId());
+ ret.setAssetType(toAssetType(service.getType()));
+ ret.setPolicyName(policy.getName());
+ ret.setDescription(policy.getDescription());
+ ret.setResourceStatus(policy.getIsEnabled() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED);
+
+ List<VXAuditMap> auditList = null;
+ if(policy.getIsAuditEnabled()) {
+ VXAuditMap auditMap = new VXAuditMap();
+
+ auditMap.setResourceId(policy.getId());
+ auditMap.setAuditType(1);
+
+ auditList = new ArrayList<VXAuditMap>();
+ auditList.add(auditMap);
+ }
+ ret.setAuditList(auditList);
+
+ for(RangerPolicy.RangerPolicyResource res : policy.getResources()) {
+ if(res.getType().equalsIgnoreCase("path")) {
+ ret.setName(addResource(ret.getName(), res.getValue()));
+ ret.setIsRecursive(Boolean.TRUE.equals(res.getIsRecursive()) ? RangerCommonEnums.BOOL_TRUE : RangerCommonEnums.BOOL_FALSE);
+ } else if(res.getType().equalsIgnoreCase("table")) {
+ ret.setTables(addResource(ret.getTables(), res.getValue()));
+ ret.setTableType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION : RangerCommonEnums.POLICY_INCLUSION);
+ } else if(res.getType().equalsIgnoreCase("column-family")) {
+ ret.setColumnFamilies(addResource(ret.getColumnFamilies(), res.getValue()));
+ } else if(res.getType().equalsIgnoreCase("column")) {
+ ret.setColumns(addResource(ret.getColumns(), res.getValue()));
+ ret.setColumnType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION : RangerCommonEnums.POLICY_INCLUSION);
+ } else if(res.getType().equalsIgnoreCase("database")) {
+ ret.setDatabases(addResource(ret.getDatabases(), res.getValue()));
+ } else if(res.getType().equalsIgnoreCase("udf")) {
+ ret.setUdfs(addResource(ret.getUdfs(), res.getValue()));
+ } else if(res.getType().equalsIgnoreCase("topology")) {
+ ret.setTopologies(addResource(ret.getTopologies(), res.getValue()));
+ } else if(res.getType().equalsIgnoreCase("service")) {
+ ret.setServices(addResource(ret.getServices(), res.getValue()));
+ }
+ }
+
+ List<VXPermMap> permMapList = new ArrayList<VXPermMap>();
+
+ int permGroup = 0;
+ for(RangerPolicy.RangerPolicyItem policyItem : policy.getPolicyItems()) {
+ String ipAddress = null;
+
+ for(RangerPolicy.RangerPolicyItemCondition condition : policyItem.getConditions()) {
+ if(condition.getType() == "ipaddress") {
+ ipAddress = condition.getValue();
+ }
+
+ if(ipAddress != null && !ipAddress.isEmpty()) {
+ break; // only 1 IP-address per permMap
+ }
+ }
+
+ for(String userName : policyItem.getUsers()) {
+ for(RangerPolicyItemAccess access : policyItem.getAccesses()) {
+ VXPermMap permMap = new VXPermMap();
+
+ permMap.setPermFor(AppConstants.XA_PERM_FOR_USER);
+ permMap.setPermGroup(new Integer(permGroup).toString());
+ permMap.setUserName(userName);
+ permMap.setUserId(getUserId(userName));
+ permMap.setPermType(toPermType(access.getType()));
+ permMap.setIpAddress(ipAddress);
+
+ permMapList.add(permMap);
+ }
+ }
+ permGroup++;
+
+ for(String groupName : policyItem.getGroups()) {
+ for(RangerPolicyItemAccess access : policyItem.getAccesses()) {
+ VXPermMap permMap = new VXPermMap();
+
+ permMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP);
+ permMap.setPermGroup(new Integer(permGroup).toString());
+ permMap.setGroupName(groupName);
+ permMap.setGroupId(getGroupId(groupName));
+ permMap.setPermType(toPermType(access.getType()));
+ permMap.setIpAddress(ipAddress);
+
+ permMapList.add(permMap);
+ }
+ }
+ permGroup++;
+ }
+ ret.setPermMapList(permMapList);
+
+ return ret;
+ }
+
+ private List<RangerPolicy.RangerPolicyResource> toRangerResourceList(String resourceString, String resourceType, Boolean isExcludes, Boolean isRecursive, List<RangerPolicy.RangerPolicyResource> resList) {
+ List<RangerPolicy.RangerPolicyResource> ret = resList == null ? new ArrayList<RangerPolicy.RangerPolicyResource>() : resList;
+
+ if(resourceString != null) {
+ for(String resource : resourceString.split(",")) {
+ ret.add(new RangerPolicy.RangerPolicyResource(resourceType, resource, isExcludes, isRecursive));
+ }
+ }
+
+ return ret;
+ }
+
+ public static String toServiceType(int assetType) {
+ String ret = null;
+
+ for(Map.Entry<String, Integer> e : mapServiceTypeToAssetType.entrySet()) {
+ if(e.getValue().intValue() == assetType) {
+ ret = e.getKey();
+
+ break;
+ }
+ }
+
+ return ret;
+ }
+
+ public static Integer toAssetType(String serviceType) {
+ Integer ret = mapServiceTypeToAssetType.get(serviceType);
+
+ return ret;
+ }
+
+ public static String toAccessType(int permType) {
+ String ret = null;
+
+ for(Map.Entry<String, Integer> e : mapAccessTypeToPermType.entrySet()) {
+ if(e.getValue().intValue() == permType) {
+ ret = e.getKey();
+
+ break;
+ }
+ }
+
+ return ret;
+ }
+
+ public static Integer toPermType(String accessType) {
+ Integer ret = null;
+
+ for(Map.Entry<String, Integer> e : mapAccessTypeToPermType.entrySet()) {
+ if(e.getKey().equalsIgnoreCase(accessType)) {
+ ret = e.getValue();
+
+ break;
+ }
+ }
+
+ return ret;
+ }
+
+ private RangerBaseModelObject dataObjectToRangerObject(VXDataObject dataObject, RangerBaseModelObject rangerObject) {
+ RangerBaseModelObject ret = rangerObject;
+
+ ret.setId(dataObject.getId());
+ ret.setCreateTime(dataObject.getCreateDate());
+ ret.setUpdateTime(dataObject.getUpdateDate());
+ ret.setCreatedBy(dataObject.getOwner());
+ ret.setUpdatedBy(dataObject.getUpdatedBy());
+
+ return ret;
+ }
+
+ private VXDataObject rangerObjectToDataObject(RangerBaseModelObject rangerObject, VXDataObject dataObject) {
+ VXDataObject ret = dataObject;
+
+ ret.setId(rangerObject.getId());
+ ret.setCreateDate(rangerObject.getCreateTime());
+ ret.setUpdateDate(rangerObject.getUpdateTime());
+ ret.setOwner(rangerObject.getCreatedBy());
+ ret.setUpdatedBy(rangerObject.getUpdatedBy());
+
+ return ret;
+ }
+
+ private String addResource(String currentVal, String valToAdd) {
+ return (currentVal == null || currentVal.isEmpty()) ? valToAdd : (currentVal + "," + valToAdd);
+ }
+
+ private String getUserName(VXPermMap permMap) {
+ String userName = permMap.getUserName();
+
+ if(userName == null || userName.isEmpty()) {
+ Long userId = permMap.getUserId();
+
+ if(userId != null) {
+ XXUser xxUser = xaDaoMgr.getXXUser().getById(userId);
+
+ if(xxUser != null) {
+ userName = xxUser.getName();
+ }
+ }
+ }
+
+ return userName;
+ }
+
+ private String getGroupName(VXPermMap permMap) {
+ String groupName = permMap.getGroupName();
+
+ if(groupName == null || groupName.isEmpty()) {
+ Long groupId = permMap.getGroupId();
+
+ if(groupId != null) {
+ XXGroup xxGroup = xaDaoMgr.getXXGroup().getById(groupId);
+
+ if(xxGroup != null) {
+ groupName = xxGroup.getName();
+ }
+ }
+ }
+
+ return groupName;
+
+ }
+
+ private Long getUserId(String userName) {
+ Long userId = null;
+
+ if(userName != null) {
+ XXUser xxUser = xaDaoMgr.getXXUser().findByUserName(userName);
+
+ if(xxUser != null) {
+ userId = xxUser.getId();
+ }
+ }
+
+ return userId;
+ }
+
+ private Long getGroupId(String groupName) {
+ Long groupId = null;
+
+ if(groupName != null) {
+ XXGroup xxGroup = xaDaoMgr.getXXGroup().findByGroupName(groupName);
+
+ if(xxGroup != null) {
+ groupId = xxGroup.getId();
+ }
+ }
+
+ return groupId;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/941ae692/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
new file mode 100644
index 0000000..cc3161a
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -0,0 +1,573 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.rest;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.manager.ServiceDefManager;
+import org.apache.ranger.plugin.manager.ServiceManager;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.view.VXResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Component;
+import org.apache.ranger.common.RESTErrorUtil;
+
+
+@Path("plugins")
+@Component
+@Scope("request")
+public class ServiceREST {
+ private static final Log LOG = LogFactory.getLog(ServiceREST.class);
+
+ @Autowired
+ RESTErrorUtil restErrorUtil;
+
+ private ServiceDefManager sdMgr = null;
+ private ServiceManager svcMgr = null;
+
+ public ServiceREST() {
+ sdMgr = new ServiceDefManager();
+ svcMgr = new ServiceManager();
+ }
+
+ @GET
+ @Path("/definitions/{id}")
+ @Produces({ "application/json", "application/xml" })
+ public RangerServiceDef getServiceDef(@PathParam("id") Long id) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getServiceDef(" + id + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ try {
+ ret = sdMgr.get(id);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(ret == null) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.getServiceDef(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @GET
+ @Path("/definitions/name/{name}")
+ @Produces({ "application/json", "application/xml" })
+ public RangerServiceDef getServiceDefByName(@PathParam("name") String name) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getServiceDefByName(" + name + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ try {
+ ret = sdMgr.getByName(name);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(ret == null) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.getServiceDefByName(" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @GET
+ @Path("/definitions")
+ @Produces({ "application/json", "application/xml" })
+ public List<RangerServiceDef> getServiceDefs(@Context HttpServletRequest request) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getServiceDefs()");
+ }
+
+ List<RangerServiceDef> ret = null;
+
+ try {
+ ret = sdMgr.getAll();
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.getServiceDefs(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ @POST
+ @Path("/definitions")
+ @Produces({ "application/json", "application/xml" })
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.createServiceDef(" + serviceDef + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ try {
+ ret = sdMgr.create(serviceDef);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.createServiceDef(" + serviceDef + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @PUT
+ @Path("/definitions")
+ @Produces({ "application/json", "application/xml" })
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.updateServiceDef(" + serviceDef + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ try {
+ ret = sdMgr.update(serviceDef);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.updateServiceDef(" + serviceDef + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @DELETE
+ @Path("/definitions/{id}")
+ @Produces({ "application/json", "application/xml" })
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deleteServiceDef(@PathParam("id") Long id) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.deleteServiceDef(" + id + ")");
+ }
+
+ try {
+ sdMgr.delete(id);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.deleteServiceDef(" + id + ")");
+ }
+ }
+
+
+ @GET
+ @Path("/services/{id}")
+ @Produces({ "application/json", "application/xml" })
+ public RangerService getService(@PathParam("id") Long id) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getService(" + id + ")");
+ }
+
+ RangerService ret = null;
+
+ try {
+ ret = svcMgr.get(id);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(ret == null) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.getService(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @GET
+ @Path("/services/name/{name}")
+ @Produces({ "application/json", "application/xml" })
+ public RangerService getServiceByName(@PathParam("name") String name) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getServiceByName(" + name + ")");
+ }
+
+ RangerService ret = null;
+
+ try {
+ ret = svcMgr.getByName(name);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(ret == null) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.getServiceByName(" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @GET
+ @Path("/services")
+ @Produces({ "application/json", "application/xml" })
+ public List<RangerService> getServices(@Context HttpServletRequest request) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getServices():");
+ }
+
+ List<RangerService> ret = null;
+
+ try {
+ ret = svcMgr.getAll();
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.getServices(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ @GET
+ @Path("/services/count")
+ @Produces({ "application/json", "application/xml" })
+ public Long countServices(@Context HttpServletRequest request) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.countServices():");
+ }
+
+ Long ret = null;
+
+ try {
+ List<RangerService> services = getServices(request);
+
+ ret = new Long(services == null ? 0 : services.size());
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.countServices(): " + ret);
+ }
+
+ return ret;
+ }
+
+ @POST
+ @Path("/services")
+ @Produces({ "application/json", "application/xml" })
+ public RangerService createService(RangerService service) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.createService(" + service + ")");
+ }
+
+ RangerService ret = null;
+
+ try {
+ ret = svcMgr.create(service);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.createService(" + service + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @PUT
+ @Path("/services")
+ @Produces({ "application/json", "application/xml" })
+ public RangerService updateService(RangerService service) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.updateService(): " + service);
+ }
+
+ RangerService ret = null;
+
+ try {
+ ret = svcMgr.update(service);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.updateService(" + service + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @DELETE
+ @Path("/services/{id}")
+ @Produces({ "application/json", "application/xml" })
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deleteService(@PathParam("id") Long id) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.deleteService(" + id + ")");
+ }
+
+ try {
+ svcMgr.delete(id);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.deleteService(" + id + ")");
+ }
+ }
+
+ @POST
+ @Path("/services/validateConfig")
+ @Produces({ "application/json", "application/xml" })
+ public VXResponse validateConfig(RangerService service) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.validateConfig(" + service + ")");
+ }
+
+ VXResponse ret = new VXResponse();
+
+ try {
+ svcMgr.validateConfig(service);
+ } catch(Exception excp) {
+ ret.setStatusCode(VXResponse.STATUS_ERROR);
+ // TODO: message
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.validateConfig(" + service + "): " + ret);
+ }
+
+ return ret;
+ }
+
+
+ @GET
+ @Path("/policies/{id}")
+ @Produces({ "application/json", "application/xml" })
+ public RangerPolicy getPolicy(@PathParam("id") Long id) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getPolicy(" + id + ")");
+ }
+
+ RangerPolicy ret = null;
+
+ try {
+ ret = svcMgr.getPolicy(id);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(ret == null) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.getPolicy(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @GET
+ @Path("/policies")
+ @Produces({ "application/json", "application/xml" })
+ public List<RangerPolicy> getPolicies(@Context HttpServletRequest request) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getPolicies()");
+ }
+
+ List<RangerPolicy> ret = null;
+
+ try {
+ ret = svcMgr.getAllPolicies();
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.getPolicies(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ @GET
+ @Path("/policies/count")
+ @Produces({ "application/json", "application/xml" })
+ public Long countPolicies(@Context HttpServletRequest request) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.countPolicies():");
+ }
+
+ Long ret = null;
+
+ try {
+ List<RangerPolicy> services = getPolicies(request);
+
+ ret = new Long(services == null ? 0 : services.size());
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.countPolicies(): " + ret);
+ }
+
+ return ret;
+ }
+
+ @GET
+ @Path("/services/{id}/policies")
+ @Produces({ "application/json", "application/xml" })
+ public List<RangerPolicy> getServicePolicies(@PathParam("id") Long serviceId, @Context HttpServletRequest request) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getServicePolicies(" + serviceId + ")");
+ }
+
+ List<RangerPolicy> ret = null;
+
+ try {
+ ret = svcMgr.getPolicies(serviceId);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(ret == null) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.getServicePolicies(" + serviceId + "): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ @POST
+ @Path("/policies")
+ @Produces({ "application/json", "application/xml" })
+ public RangerPolicy createPolicy(RangerPolicy policy) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.createPolicy(" + policy + ")");
+ }
+
+ RangerPolicy ret = null;
+
+ try {
+ ret = svcMgr.createPolicy(policy);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.createPolicy(" + policy + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @PUT
+ @Path("/policies")
+ @Produces({ "application/json", "application/xml" })
+ public RangerPolicy updatePolicy(RangerPolicy policy) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.updatePolicy(" + policy + ")");
+ }
+
+ RangerPolicy ret = null;
+
+ try {
+ ret = svcMgr.updatePolicy(policy);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.updatePolicy(" + policy + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @DELETE
+ @Path("/policies/{id}")
+ @Produces({ "application/json", "application/xml" })
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deletePolicy(@PathParam("id") Long id) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.deletePolicy(" + id + ")");
+ }
+
+ try {
+ svcMgr.deletePolicy(id);
+ } catch(Exception excp) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.deletePolicy(" + id + ")");
+ }
+ }
+}
[4/4] incubator-ranger git commit: RANGER-203: updates to
RangerPolicyResource per comments from Alok. PolicyEngine updated to return
the result in RangerAccessResult, instead of Boolean.
Posted by ma...@apache.org.
RANGER-203: updates to RangerPolicyResource per comments from Alok. PolicyEngine updated to return the result in RangerAccessResult, instead of Boolean.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2242c441
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2242c441
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2242c441
Branch: refs/heads/stack
Commit: 2242c44183f2ecb1a631db9d7b483119d59e7c3c
Parents: 941ae69
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Fri Dec 19 17:24:01 2014 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Fri Dec 19 17:24:01 2014 -0800
----------------------------------------------------------------------
.../ranger/plugin/model/RangerPolicy.java | 94 +++++++++++---------
.../plugin/policyengine/RangerAccessResult.java | 62 +++++++++++++
.../plugin/policyengine/RangerPolicyEngine.java | 8 +-
.../policyengine/RangerPolicyEngineImpl.java | 13 ++-
.../plugin/manager/TestServiceManager.java | 2 +-
.../org/apache/ranger/common/ServiceUtil.java | 72 ++++++++++-----
6 files changed, 171 insertions(+), 80 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2242c441/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
index 13a9c4d..57b52cc 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
@@ -21,6 +21,8 @@ package org.apache.ranger.plugin.model;
import java.util.ArrayList;
import java.util.List;
+import java.util.HashMap;
+import java.util.Map;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
@@ -40,13 +42,13 @@ import org.codehaus.jackson.map.annotate.JsonSerialize;
public class RangerPolicy extends RangerBaseModelObject implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- private String service = null;
- private String name = null;
- private String description = null;
- private Boolean isEnabled = null;
- private Boolean isAuditEnabled = null;
- private List<RangerPolicyResource> resources = null;
- private List<RangerPolicyItem> policyItems = null;
+ private String service = null;
+ private String name = null;
+ private String description = null;
+ private Boolean isEnabled = null;
+ private Boolean isAuditEnabled = null;
+ private Map<String, RangerPolicyResource> resources = null;
+ private List<RangerPolicyItem> policyItems = null;
/**
@@ -63,7 +65,7 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
* @param isEnabled
* @param configs
*/
- public RangerPolicy(String service, String name, String description, Boolean isEnabled, List<RangerPolicyResource> resources, List<RangerPolicyItem> policyItems) {
+ public RangerPolicy(String service, String name, String description, Boolean isEnabled, Map<String, RangerPolicyResource> resources, List<RangerPolicyItem> policyItems) {
super();
setService(service);
@@ -160,19 +162,19 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
/**
* @return the resources
*/
- public List<RangerPolicyResource> getResources() {
+ public Map<String, RangerPolicyResource> getResources() {
return resources;
}
/**
* @param configs the resources to set
*/
- public void setResources(List<RangerPolicyResource> resources) {
- this.resources = new ArrayList<RangerPolicyResource>();
+ public void setResources(Map<String, RangerPolicyResource> resources) {
+ this.resources = new HashMap<String, RangerPolicyResource>();
if(resources != null) {
- for(RangerPolicyResource resource : resources) {
- this.resources.add(resource);
+ for(Map.Entry<String, RangerPolicyResource> e : resources.entrySet()) {
+ this.resources.put(e.getKey(), e.getValue());
}
}
}
@@ -219,10 +221,10 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
sb.append("resources={");
if(resources != null) {
- for(RangerPolicyResource resource : resources) {
- if(resource != null) {
- resource.toString(sb);
- }
+ for(Map.Entry<String, RangerPolicyResource> e : resources.entrySet()) {
+ sb.append(e.getKey()).append("={");
+ e.getValue().toString(sb);
+ sb.append("} ");
}
}
sb.append("} ");
@@ -246,49 +248,48 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
public static class RangerPolicyResource implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- private String type = null;
- private String value = null;
- private Boolean isExcludes = null;
- private Boolean isRecursive = null;
+ private List<String> values = null;
+ private Boolean isExcludes = null;
+ private Boolean isRecursive = null;
public RangerPolicyResource() {
- this(null, null, null, null);
+ this((List<String>)null, null, null);
}
- public RangerPolicyResource(String type, String value, Boolean isExcludes, Boolean isRecursive) {
- setType(type);
- setValue(value);
+ public RangerPolicyResource(String value, Boolean isExcludes, Boolean isRecursive) {
+ List<String> values = new ArrayList<String>();
+ values.add(value);
+
+ setValues(values);
setIsExcludes(isExcludes);
setIsRecursive(isRecursive);
}
- /**
- * @return the type
- */
- public String getType() {
- return type;
+ public RangerPolicyResource(List<String> values, Boolean isExcludes, Boolean isRecursive) {
+ setValues(values);
+ setIsExcludes(isExcludes);
+ setIsRecursive(isRecursive);
}
/**
- * @param type the type to set
+ * @return the values
*/
- public void setType(String type) {
- this.type = type;
+ public List<String> getValues() {
+ return values;
}
/**
- * @return the value
+ * @param values the values to set
*/
- public String getValue() {
- return value;
- }
+ public void setValues(List<String> values) {
+ this.values = new ArrayList<String>();
- /**
- * @param value the value to set
- */
- public void setValue(String value) {
- this.value = value;
+ if(values != null) {
+ for(String value : values) {
+ this.values.add(value);
+ }
+ }
}
/**
@@ -330,8 +331,13 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
public StringBuilder toString(StringBuilder sb) {
sb.append("RangerPolicyResource={");
- sb.append("type={").append(type).append("} ");
- sb.append("value={").append(value).append("} ");
+ sb.append("values={");
+ if(values != null) {
+ for(String value : values) {
+ sb.append(value).append(" ");
+ }
+ }
+ sb.append("} ");
sb.append("isExcludes={").append(isExcludes).append("} ");
sb.append("isRecursive={").append(isRecursive).append("} ");
sb.append("}");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2242c441/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
new file mode 100644
index 0000000..bf17e86
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+
+public class RangerAccessResult {
+ private RangerAccessRequest request;
+ private boolean isAllowed;
+ private boolean auditAccess;
+ private long policyId;
+ private String reason;
+
+
+ public RangerAccessResult(RangerAccessRequest request, boolean isAllowed, boolean auditAccess) {
+ this(request, isAllowed, auditAccess, -1, null);
+ }
+
+ public RangerAccessResult(RangerAccessRequest request, boolean isAllowed, boolean auditAccess, long policyId, String reason) {
+ this.request = request;
+ this.isAllowed = isAllowed;
+ this.auditAccess = auditAccess;
+ this.policyId = policyId;
+ this.reason = reason;
+ }
+
+ public RangerAccessRequest getRequest() {
+ return request;
+ }
+
+ public boolean isAllowed() {
+ return isAllowed;
+ }
+
+ public boolean auditAccess() {
+ return auditAccess;
+ }
+
+ public long getPolicyId() {
+ return policyId;
+ }
+
+ public String getReason() {
+ return reason;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2242c441/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
index aee6716..cf2a5f3 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
@@ -22,11 +22,11 @@ package org.apache.ranger.plugin.policyengine;
import java.util.List;
public interface RangerPolicyEngine {
- boolean isAccessAllowed(RangerAccessRequest request);
+ RangerAccessResult isAccessAllowed(RangerAccessRequest request);
- boolean isAccessAllowed(List<RangerAccessRequest> requests, List<Boolean> results);
+ void isAccessAllowed(List<RangerAccessRequest> requests, List<RangerAccessResult> results);
- void auditAccess(RangerAccessRequest request);
+ void auditAccess(RangerAccessResult result);
- void auditAccess(List<RangerAccessRequest> requests, List<Boolean> results);
+ void auditAccess(List<RangerAccessResult> results);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2242c441/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index 71274f3..49cf364 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -87,27 +87,24 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
}
@Override
- public boolean isAccessAllowed(RangerAccessRequest request) {
+ public RangerAccessResult isAccessAllowed(RangerAccessRequest request) {
// TODO Auto-generated method stub
- return false;
+ return null;
}
@Override
- public boolean isAccessAllowed(List<RangerAccessRequest> requests,
- List<Boolean> results) {
+ public void isAccessAllowed(List<RangerAccessRequest> requests, List<RangerAccessResult> results) {
// TODO Auto-generated method stub
- return false;
}
@Override
- public void auditAccess(RangerAccessRequest request) {
+ public void auditAccess(RangerAccessResult result) {
// TODO Auto-generated method stub
}
@Override
- public void auditAccess(List<RangerAccessRequest> requests,
- List<Boolean> results) {
+ public void auditAccess(List<RangerAccessResult> results) {
// TODO Auto-generated method stub
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2242c441/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java b/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java
index b2e12a1..4263f59 100644
--- a/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java
+++ b/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java
@@ -117,7 +117,7 @@ public class TestServiceManager {
int initPolicyCount = policies == null ? 0 : policies.size();
RangerPolicy policy = new RangerPolicy(updatedSvc.getName(), policyName, "test policy description", Boolean.TRUE, null, null);
- policy.getResources().add(new RangerPolicyResource("path", "/demo/test/finance", Boolean.FALSE, Boolean.TRUE));
+ policy.getResources().put("path", new RangerPolicyResource("/demo/test/finance", Boolean.FALSE, Boolean.TRUE));
RangerPolicyItem item1 = new RangerPolicyItem();
item1.getAccesses().add(new RangerPolicyItemAccess("read", Boolean.TRUE));
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2242c441/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
index 8a990da..62a65c3 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
@@ -232,26 +232,30 @@ public class ServiceUtil {
}
ret.setAuditList(auditList);
- for(RangerPolicy.RangerPolicyResource res : policy.getResources()) {
- if(res.getType().equalsIgnoreCase("path")) {
- ret.setName(addResource(ret.getName(), res.getValue()));
+ for(Map.Entry<String, RangerPolicy.RangerPolicyResource> e : policy.getResources().entrySet()) {
+ RangerPolicy.RangerPolicyResource res = e.getValue();
+ String resType = e.getKey();
+ String resString = getResourceString(res.getValues());
+
+ if(resType.equalsIgnoreCase("path")) {
+ ret.setName(resString);
ret.setIsRecursive(Boolean.TRUE.equals(res.getIsRecursive()) ? RangerCommonEnums.BOOL_TRUE : RangerCommonEnums.BOOL_FALSE);
- } else if(res.getType().equalsIgnoreCase("table")) {
- ret.setTables(addResource(ret.getTables(), res.getValue()));
+ } else if(resType.equalsIgnoreCase("table")) {
+ ret.setTables(resString);
ret.setTableType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION : RangerCommonEnums.POLICY_INCLUSION);
- } else if(res.getType().equalsIgnoreCase("column-family")) {
- ret.setColumnFamilies(addResource(ret.getColumnFamilies(), res.getValue()));
- } else if(res.getType().equalsIgnoreCase("column")) {
- ret.setColumns(addResource(ret.getColumns(), res.getValue()));
+ } else if(resType.equalsIgnoreCase("column-family")) {
+ ret.setColumnFamilies(resString);
+ } else if(resType.equalsIgnoreCase("column")) {
+ ret.setColumns(resString);
ret.setColumnType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION : RangerCommonEnums.POLICY_INCLUSION);
- } else if(res.getType().equalsIgnoreCase("database")) {
- ret.setDatabases(addResource(ret.getDatabases(), res.getValue()));
- } else if(res.getType().equalsIgnoreCase("udf")) {
- ret.setUdfs(addResource(ret.getUdfs(), res.getValue()));
- } else if(res.getType().equalsIgnoreCase("topology")) {
- ret.setTopologies(addResource(ret.getTopologies(), res.getValue()));
- } else if(res.getType().equalsIgnoreCase("service")) {
- ret.setServices(addResource(ret.getServices(), res.getValue()));
+ } else if(resType.equalsIgnoreCase("database")) {
+ ret.setDatabases(resString);
+ } else if(resType.equalsIgnoreCase("udf")) {
+ ret.setUdfs(resString);
+ } else if(resType.equalsIgnoreCase("topology")) {
+ ret.setTopologies(resString);
+ } else if(resType.equalsIgnoreCase("service")) {
+ ret.setServices(resString);
}
}
@@ -308,12 +312,22 @@ public class ServiceUtil {
return ret;
}
- private List<RangerPolicy.RangerPolicyResource> toRangerResourceList(String resourceString, String resourceType, Boolean isExcludes, Boolean isRecursive, List<RangerPolicy.RangerPolicyResource> resList) {
- List<RangerPolicy.RangerPolicyResource> ret = resList == null ? new ArrayList<RangerPolicy.RangerPolicyResource>() : resList;
+ private Map<String, RangerPolicy.RangerPolicyResource> toRangerResourceList(String resourceString, String resourceType, Boolean isExcludes, Boolean isRecursive, Map<String, RangerPolicy.RangerPolicyResource> resources) {
+ Map<String, RangerPolicy.RangerPolicyResource> ret = resources == null ? new HashMap<String, RangerPolicy.RangerPolicyResource>() : resources;
if(resourceString != null) {
- for(String resource : resourceString.split(",")) {
- ret.add(new RangerPolicy.RangerPolicyResource(resourceType, resource, isExcludes, isRecursive));
+ RangerPolicy.RangerPolicyResource resource = ret.get(resourceType);
+
+ if(resource == null) {
+ resource = new RangerPolicy.RangerPolicyResource();
+ resource.setIsExcludes(isExcludes);
+ resource.setIsRecursive(isRecursive);
+
+ ret.put(resourceType, resource);
+ }
+
+ for(String res : resourceString.split(",")) {
+ resource.getValues().add(res);
}
}
@@ -392,8 +406,20 @@ public class ServiceUtil {
return ret;
}
- private String addResource(String currentVal, String valToAdd) {
- return (currentVal == null || currentVal.isEmpty()) ? valToAdd : (currentVal + "," + valToAdd);
+ private String getResourceString(List<String> values) {
+ String ret = null;
+
+ if(values != null) {
+ for(String value : values) {
+ if(ret == null) {
+ ret = value;
+ } else if(value != null) {
+ ret += ("," + value);
+ }
+ }
+ }
+
+ return ret;
}
private String getUserName(VXPermMap permMap) {