You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/05/15 06:23:37 UTC
incubator-ranger git commit: RANGER-479: ServiceStore class hierarchy
refactoring;
added filtering based on Policy.ResourceSignature. PolicyEngine interface
update to remove few methods.
Repository: incubator-ranger
Updated Branches:
refs/heads/master be2c12ff8 -> 362acbcbe
RANGER-479: ServiceStore class hierarchy refactoring; added filtering based on Policy.ResourceSignature. PolicyEngine interface update to remove few methods.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/362acbcb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/362acbcb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/362acbcb
Branch: refs/heads/master
Commit: 362acbcbe8f95643a6b47784388b38085d38d750
Parents: be2c12f
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Thu May 14 16:12:08 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu May 14 21:17:14 2015 -0700
----------------------------------------------------------------------
.../plugin/policyengine/RangerPolicyEngine.java | 12 +-
.../policyengine/RangerPolicyEngineImpl.java | 48 +-
.../ranger/plugin/service/RangerBasePlugin.java | 34 +-
.../plugin/store/AbstractPredicateUtil.java | 627 ++++++++++++++++
.../plugin/store/AbstractServiceStore.java | 742 -------------------
.../plugin/store/ServicePredicateUtil.java | 156 ++++
.../ranger/plugin/store/file/BaseFileStore.java | 4 +-
.../plugin/store/file/ServiceFileStore.java | 32 +-
.../org/apache/ranger/biz/ServiceDBStore.java | 40 +-
.../apache/ranger/common/RangerSearchUtil.java | 1 +
10 files changed, 873 insertions(+), 823 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/362acbcb/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
index 8ff71ef..0a0b210 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
@@ -24,11 +24,9 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
-import org.apache.ranger.plugin.contextenricher.RangerContextEnricher;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
public interface RangerPolicyEngine {
public static final String GROUP_PUBLIC = "public";
@@ -40,17 +38,13 @@ public interface RangerPolicyEngine {
RangerServiceDef getServiceDef();
- List<RangerPolicy> getPolicies();
-
long getPolicyVersion();
- List<RangerPolicyEvaluator> getPolicyEvaluators();
-
- List<RangerContextEnricher> getContextEnrichers();
-
-
RangerAccessResult createAccessResult(RangerAccessRequest request);
+ void enrichContext(RangerAccessRequest request);
+
+ void enrichContext(Collection<RangerAccessRequest> requests);
RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAccessResultProcessor resultProcessor);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/362acbcb/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index 80c5d58..4219875 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -19,6 +19,7 @@
package org.apache.ranger.plugin.policyengine;
+import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.contextenricher.RangerContextEnricher;
@@ -72,28 +73,53 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
}
@Override
- public List<RangerPolicy> getPolicies() {
- return policyRepository.getPolicies();
- }
-
- @Override
public long getPolicyVersion() {
return policyRepository.getPolicyVersion();
}
@Override
- public List<RangerPolicyEvaluator> getPolicyEvaluators() {
- return policyRepository.getPolicyEvaluators();
+ public RangerAccessResult createAccessResult(RangerAccessRequest request) {
+ return new RangerAccessResult(this.getServiceName(), policyRepository.getServiceDef(), request);
}
@Override
- public List<RangerContextEnricher> getContextEnrichers() {
- return policyRepository.getContextEnrichers();
+ public void enrichContext(RangerAccessRequest request) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPolicyEngineImpl.enrichContext(" + request + ")");
+ }
+
+ List<RangerContextEnricher> enrichers = policyRepository.getContextEnrichers();
+
+ if(request != null && !CollectionUtils.isEmpty(enrichers)) {
+ for(RangerContextEnricher enricher : enrichers) {
+ enricher.enrich(request);
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPolicyEngineImpl.enrichContext(" + request + ")");
+ }
}
@Override
- public RangerAccessResult createAccessResult(RangerAccessRequest request) {
- return new RangerAccessResult(this.getServiceName(), policyRepository.getServiceDef(), request);
+ public void enrichContext(Collection<RangerAccessRequest> requests) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPolicyEngineImpl.enrichContext(" + requests + ")");
+ }
+
+ List<RangerContextEnricher> enrichers = policyRepository.getContextEnrichers();
+
+ if(!CollectionUtils.isEmpty(requests) && !CollectionUtils.isEmpty(enrichers)) {
+ for(RangerContextEnricher enricher : enrichers) {
+ for(RangerAccessRequest request : requests) {
+ enricher.enrich(request);
+ }
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPolicyEngineImpl.enrichContext(" + requests + ")");
+ }
}
@Override
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/362acbcb/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index 2a50082..a347f75 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -148,7 +148,7 @@ public class RangerBasePlugin {
RangerPolicyEngine policyEngine = this.policyEngine;
if(policyEngine != null) {
- enrichRequest(request, policyEngine);
+ policyEngine.enrichContext(request);
return policyEngine.isAccessAllowed(request, resultProcessor);
}
@@ -160,7 +160,7 @@ public class RangerBasePlugin {
RangerPolicyEngine policyEngine = this.policyEngine;
if(policyEngine != null) {
- enrichRequests(requests, policyEngine);
+ policyEngine.enrichContext(requests);
return policyEngine.isAccessAllowed(requests, resultProcessor);
}
@@ -271,36 +271,6 @@ public class RangerBasePlugin {
return ret;
}
- private void enrichRequest(RangerAccessRequest request, RangerPolicyEngine policyEngine) {
- if(request == null || policyEngine == null) {
- return;
- }
-
- List<RangerContextEnricher> enrichers = policyEngine.getContextEnrichers();
-
- if(! CollectionUtils.isEmpty(enrichers)) {
- for(RangerContextEnricher enricher : enrichers) {
- enricher.enrich(request);
- }
- }
- }
-
- private void enrichRequests(Collection<RangerAccessRequest> requests, RangerPolicyEngine policyEngine) {
- if(CollectionUtils.isEmpty(requests) || policyEngine == null) {
- return;
- }
-
- List<RangerContextEnricher> enrichers = policyEngine.getContextEnrichers();
-
- if(! CollectionUtils.isEmpty(enrichers)) {
- for(RangerContextEnricher enricher : enrichers) {
- for(RangerAccessRequest request : requests) {
- enricher.enrich(request);
- }
- }
- }
- }
-
private void auditGrantRevoke(GrantRevokeRequest request, String action, boolean isSuccess, RangerAccessResultProcessor resultProcessor) {
RangerPolicyEngine policyEngine = this.policyEngine;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/362acbcb/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
new file mode 100644
index 0000000..772c2d7
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
@@ -0,0 +1,627 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.collections.Predicate;
+import org.apache.commons.collections.PredicateUtils;
+import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.lang.ObjectUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.plugin.model.RangerBaseModelObject;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
+import org.apache.ranger.plugin.util.SearchFilter;
+
+public class AbstractPredicateUtil {
+ private static Map<String, Comparator<RangerBaseModelObject>> sorterMap = new HashMap<String, Comparator<RangerBaseModelObject>>();
+
+ public void applyFilter(List<? extends RangerBaseModelObject> objList, SearchFilter filter) {
+ if(CollectionUtils.isEmpty(objList)) {
+ return;
+ }
+
+ Predicate pred = getPredicate(filter);
+
+ if(pred != null) {
+ CollectionUtils.filter(objList, pred);
+ }
+
+ Comparator<RangerBaseModelObject> sorter = getSorter(filter);
+
+ if(sorter != null) {
+ Collections.sort(objList, sorter);
+ }
+ }
+
+ public Predicate getPredicate(SearchFilter filter) {
+ if(filter == null || filter.isEmpty()) {
+ return null;
+ }
+
+ List<Predicate> predicates = new ArrayList<Predicate>();
+
+ addPredicates(filter, predicates);
+
+ Predicate ret = CollectionUtils.isEmpty(predicates) ? null : PredicateUtils.allPredicate(predicates);
+
+ return ret;
+ }
+
+ public void addPredicates(SearchFilter filter, List<Predicate> predicates) {
+ addPredicateForServiceTypeId(filter.getParam(SearchFilter.SERVICE_TYPE_ID), predicates);
+ addPredicateForServiceName(filter.getParam(SearchFilter.SERVICE_NAME), predicates);
+ addPredicateForPolicyName(filter.getParam(SearchFilter.POLICY_NAME), predicates);
+ addPredicateForPolicyId(filter.getParam(SearchFilter.POLICY_ID), predicates);
+ addPredicateForIsEnabled(filter.getParam(SearchFilter.IS_ENABLED), predicates);
+ addPredicateForIsRecursive(filter.getParam(SearchFilter.IS_RECURSIVE), predicates);
+ addPredicateForUserName(filter.getParam(SearchFilter.USER), predicates);
+ addPredicateForGroupName(filter.getParam(SearchFilter.GROUP), predicates);
+ addPredicateForResourceSignature(filter.getParam(SearchFilter.RESOURCE_SIGNATURE), predicates);
+ addPredicateForResources(filter.getParamsWithPrefix(SearchFilter.RESOURCE_PREFIX, true), predicates);
+ }
+
+ public Comparator<RangerBaseModelObject> getSorter(SearchFilter filter) {
+ String sortBy = filter == null ? null : filter.getParam(SearchFilter.SORT_BY);
+
+ if(StringUtils.isEmpty(sortBy)) {
+ return null;
+ }
+
+ Comparator<RangerBaseModelObject> ret = sorterMap.get(sortBy);
+
+ return ret;
+ }
+
+ public final static Comparator<RangerBaseModelObject> idComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ Long val1 = (o1 != null) ? o1.getId() : null;
+ Long val2 = (o2 != null) ? o2.getId() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ protected final static Comparator<RangerBaseModelObject> createTimeComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ Date val1 = (o1 != null) ? o1.getCreateTime() : null;
+ Date val2 = (o2 != null) ? o2.getCreateTime() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ protected final static Comparator<RangerBaseModelObject> updateTimeComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ Date val1 = (o1 != null) ? o1.getUpdateTime() : null;
+ Date val2 = (o2 != null) ? o2.getUpdateTime() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ protected final static Comparator<RangerBaseModelObject> serviceDefNameComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ String val1 = null;
+ String val2 = null;
+
+ if(o1 != null) {
+ if(o1 instanceof RangerServiceDef) {
+ val1 = ((RangerServiceDef)o1).getName();
+ } else if(o1 instanceof RangerService) {
+ val1 = ((RangerService)o1).getType();
+ }
+ }
+
+ if(o2 != null) {
+ if(o2 instanceof RangerServiceDef) {
+ val2 = ((RangerServiceDef)o2).getName();
+ } else if(o2 instanceof RangerService) {
+ val2 = ((RangerService)o2).getType();
+ }
+ }
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ protected final static Comparator<RangerBaseModelObject> serviceNameComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ String val1 = null;
+ String val2 = null;
+
+ if(o1 != null) {
+ if(o1 instanceof RangerPolicy) {
+ val1 = ((RangerPolicy)o1).getService();
+ } else if(o1 instanceof RangerService) {
+ val1 = ((RangerService)o1).getType();
+ }
+ }
+
+ if(o2 != null) {
+ if(o2 instanceof RangerPolicy) {
+ val2 = ((RangerPolicy)o2).getService();
+ } else if(o2 instanceof RangerService) {
+ val2 = ((RangerService)o2).getType();
+ }
+ }
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ protected final static Comparator<RangerBaseModelObject> policyNameComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ String val1 = (o1 != null && o1 instanceof RangerPolicy) ? ((RangerPolicy)o1).getName() : null;
+ String val2 = (o2 != null && o2 instanceof RangerPolicy) ? ((RangerPolicy)o2).getName() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ public final static Comparator<RangerResourceDef> resourceLevelComparator = new Comparator<RangerResourceDef>() {
+ @Override
+ public int compare(RangerResourceDef o1, RangerResourceDef o2) {
+ Integer val1 = (o1 != null) ? o1.getLevel() : null;
+ Integer val2 = (o2 != null) ? o2.getLevel() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ static {
+ sorterMap.put(SearchFilter.SERVICE_TYPE, serviceDefNameComparator);
+ sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
+ sorterMap.put(SearchFilter.SERVICE_NAME, serviceNameComparator);
+ sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
+ sorterMap.put(SearchFilter.POLICY_NAME, policyNameComparator);
+ sorterMap.put(SearchFilter.POLICY_ID, idComparator);
+ sorterMap.put(SearchFilter.CREATE_TIME, createTimeComparator);
+ sorterMap.put(SearchFilter.UPDATE_TIME, updateTimeComparator);
+ }
+
+ private Predicate addPredicateForServiceTypeId(final String serviceTypeId, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(serviceTypeId)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerServiceDef) {
+ RangerServiceDef serviceDef = (RangerServiceDef)object;
+ Long svcDefId = serviceDef.getId();
+
+ if(svcDefId != null) {
+ ret = StringUtils.equals(serviceTypeId, svcDefId.toString());
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForServiceName(final String serviceName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(serviceName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ ret = StringUtils.equals(serviceName, policy.getService());
+ } else if(object instanceof RangerService) {
+ RangerService service = (RangerService)object;
+
+ ret = StringUtils.equals(serviceName, service.getName());
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(ret != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForPolicyName(final String policyName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(policyName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ ret = StringUtils.equals(policyName, policy.getName());
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForPolicyId(final String policyId, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(policyId)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ if(policy.getId() != null) {
+ ret = StringUtils.equals(policyId, policy.getId().toString());
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForUserName(final String userName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(userName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
+ if(policyItem.getUsers().contains(userName)) {
+ ret = true;
+
+ break;
+ }
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForGroupName(final String groupName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(groupName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
+ if(policyItem.getGroups().contains(groupName)) {
+ ret = true;
+
+ break;
+ }
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForIsEnabled(final String status, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(status)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerBaseModelObject) {
+ RangerBaseModelObject obj = (RangerBaseModelObject)object;
+
+ if(Boolean.parseBoolean(status)) {
+ ret = obj.getIsEnabled();
+ } else {
+ ret = !obj.getIsEnabled();
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForResources(final Map<String, String> resources, List<Predicate> predicates) {
+ if(MapUtils.isEmpty(resources)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ if(! MapUtils.isEmpty(policy.getResources())) {
+ int numFound = 0;
+ for(String name : resources.keySet()) {
+ boolean isMatch = false;
+
+ RangerPolicyResource policyResource = policy.getResources().get(name);
+
+ if(policyResource != null && !CollectionUtils.isEmpty(policyResource.getValues())) {
+ String val = resources.get(name);
+
+ if(policyResource.getValues().contains(val)) {
+ isMatch = true;
+ } else {
+ for(String policyResourceValue : policyResource.getValues()) {
+ if(FilenameUtils.wildcardMatch(val, policyResourceValue)) {
+ isMatch = true;
+ break;
+ }
+ }
+ }
+ }
+
+ if(isMatch) {
+ numFound++;
+ } else {
+ break;
+ }
+ }
+
+ ret = numFound == resources.size();
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForIsRecursive(final String isRecursiveStr, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(isRecursiveStr)) {
+ return null;
+ }
+
+ final boolean isRecursive = Boolean.parseBoolean(isRecursiveStr);
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = true;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ if(! MapUtils.isEmpty(policy.getResources())) {
+ for(Map.Entry<String, RangerPolicyResource> e : policy.getResources().entrySet()) {
+ RangerPolicyResource resValue = e.getValue();
+
+ if(resValue.getIsRecursive() == null) {
+ ret = !isRecursive;
+ } else {
+ ret = resValue.getIsRecursive().booleanValue() == isRecursive;
+ }
+
+ if(ret) {
+ break;
+ }
+ }
+ }
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForResourceSignature(String signature, List<Predicate> predicates) {
+
+ Predicate ret = createPredicateForResourceSignature(signature);
+
+ if(predicates != null && ret != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ /**
+ * @param policySignature
+ * @return
+ */
+ public Predicate createPredicateForResourceSignature(final String policySignature) {
+
+ if (StringUtils.isEmpty(policySignature)) {
+ return null;
+ }
+
+ return new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if (object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ ret = StringUtils.equals(policy.getResourceSignature(), policySignature);
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/362acbcb/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
deleted file mode 100644
index 9bba5e3..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
+++ /dev/null
@@ -1,742 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.store;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.collections.MapUtils;
-import org.apache.commons.collections.Predicate;
-import org.apache.commons.collections.PredicateUtils;
-import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.lang.ObjectUtils;
-import org.apache.commons.lang.StringUtils;
-import org.apache.ranger.plugin.model.RangerBaseModelObject;
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
-import org.apache.ranger.plugin.util.SearchFilter;
-
-public abstract class AbstractServiceStore implements ServiceStore {
- private static Map<String, Comparator<RangerBaseModelObject>> sorterMap = new HashMap<String, Comparator<RangerBaseModelObject>>();
-
- public void applyFilter(List<? extends RangerBaseModelObject> objList, SearchFilter filter) {
- if(CollectionUtils.isEmpty(objList)) {
- return;
- }
-
- Predicate pred = getPredicate(filter);
-
- if(pred != null) {
- CollectionUtils.filter(objList, pred);
- }
-
- Comparator<RangerBaseModelObject> sorter = getSorter(filter);
-
- if(sorter != null) {
- Collections.sort(objList, sorter);
- }
- }
-
- public Predicate getPredicate(SearchFilter filter) {
- if(filter == null || filter.isEmpty()) {
- return null;
- }
-
- List<Predicate> predicates = new ArrayList<Predicate>();
-
- addPredicateForServiceType(filter.getParam(SearchFilter.SERVICE_TYPE), predicates);
- addPredicateForServiceTypeId(filter.getParam(SearchFilter.SERVICE_TYPE_ID), predicates);
- addPredicateForServiceName(filter.getParam(SearchFilter.SERVICE_NAME), predicates);
- addPredicateForServiceId(filter.getParam(SearchFilter.SERVICE_ID), predicates);
- addPredicateForPolicyName(filter.getParam(SearchFilter.POLICY_NAME), predicates);
- addPredicateForPolicyId(filter.getParam(SearchFilter.POLICY_ID), predicates);
- addPredicateForIsEnabled(filter.getParam(SearchFilter.IS_ENABLED), predicates);
- addPredicateForIsRecursive(filter.getParam(SearchFilter.IS_RECURSIVE), predicates);
- addPredicateForUserName(filter.getParam(SearchFilter.USER), predicates);
- addPredicateForGroupName(filter.getParam(SearchFilter.GROUP), predicates);
- addPredicateForResourceSignature(
- filter.getParam(SearchFilter.SERVICE_NAME),
- filter.getParam(SearchFilter.RESOURCE_SIGNATURE),
- filter.getParam(SearchFilter.IS_ENABLED), predicates);
- addPredicateForResources(filter.getParamsWithPrefix(SearchFilter.RESOURCE_PREFIX, true), predicates);
-
- Predicate ret = CollectionUtils.isEmpty(predicates) ? null : PredicateUtils.allPredicate(predicates);
-
- return ret;
- }
-
- public Comparator<RangerBaseModelObject> getSorter(SearchFilter filter) {
- String sortBy = filter == null ? null : filter.getParam(SearchFilter.SORT_BY);
-
- if(StringUtils.isEmpty(sortBy)) {
- return null;
- }
-
- Comparator<RangerBaseModelObject> ret = sorterMap.get(sortBy);
-
- return ret;
- }
-
- protected final static Comparator<RangerBaseModelObject> idComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- Long val1 = (o1 != null) ? o1.getId() : null;
- Long val2 = (o2 != null) ? o2.getId() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- protected final static Comparator<RangerBaseModelObject> createTimeComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- Date val1 = (o1 != null) ? o1.getCreateTime() : null;
- Date val2 = (o2 != null) ? o2.getCreateTime() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- protected final static Comparator<RangerBaseModelObject> updateTimeComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- Date val1 = (o1 != null) ? o1.getUpdateTime() : null;
- Date val2 = (o2 != null) ? o2.getUpdateTime() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- protected final static Comparator<RangerBaseModelObject> serviceDefNameComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- String val1 = null;
- String val2 = null;
-
- if(o1 != null) {
- if(o1 instanceof RangerServiceDef) {
- val1 = ((RangerServiceDef)o1).getName();
- } else if(o1 instanceof RangerService) {
- val1 = ((RangerService)o1).getType();
- }
- }
-
- if(o2 != null) {
- if(o2 instanceof RangerServiceDef) {
- val2 = ((RangerServiceDef)o2).getName();
- } else if(o2 instanceof RangerService) {
- val2 = ((RangerService)o2).getType();
- }
- }
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- protected final static Comparator<RangerBaseModelObject> serviceNameComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- String val1 = null;
- String val2 = null;
-
- if(o1 != null) {
- if(o1 instanceof RangerPolicy) {
- val1 = ((RangerPolicy)o1).getService();
- } else if(o1 instanceof RangerService) {
- val1 = ((RangerService)o1).getType();
- }
- }
-
- if(o2 != null) {
- if(o2 instanceof RangerPolicy) {
- val2 = ((RangerPolicy)o2).getService();
- } else if(o2 instanceof RangerService) {
- val2 = ((RangerService)o2).getType();
- }
- }
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- protected final static Comparator<RangerBaseModelObject> policyNameComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- String val1 = (o1 != null && o1 instanceof RangerPolicy) ? ((RangerPolicy)o1).getName() : null;
- String val2 = (o2 != null && o2 instanceof RangerPolicy) ? ((RangerPolicy)o2).getName() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- protected final static Comparator<RangerResourceDef> resourceLevelComparator = new Comparator<RangerResourceDef>() {
- @Override
- public int compare(RangerResourceDef o1, RangerResourceDef o2) {
- Integer val1 = (o1 != null) ? o1.getLevel() : null;
- Integer val2 = (o2 != null) ? o2.getLevel() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- static {
- sorterMap.put(SearchFilter.SERVICE_TYPE, serviceDefNameComparator);
- sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
- sorterMap.put(SearchFilter.SERVICE_NAME, serviceNameComparator);
- sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
- sorterMap.put(SearchFilter.POLICY_NAME, policyNameComparator);
- sorterMap.put(SearchFilter.POLICY_ID, idComparator);
- sorterMap.put(SearchFilter.CREATE_TIME, createTimeComparator);
- sorterMap.put(SearchFilter.UPDATE_TIME, updateTimeComparator);
- }
-
- private String getServiceType(String serviceName) {
- RangerService service = null;
-
- try {
- service = getServiceByName(serviceName);
- } catch(Exception excp) {
- // ignore
- }
-
- return service != null ? service.getType() : null;
- }
-
- private Long getServiceId(String serviceName) {
- RangerService service = null;
-
- try {
- service = getServiceByName(serviceName);
- } catch(Exception excp) {
- // ignore
- }
-
- return service != null ? service.getId() : null;
- }
-
- private Predicate addPredicateForServiceType(final String serviceType, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceType)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- ret = StringUtils.equals(serviceType, getServiceType(policy.getService()));
- } else if(object instanceof RangerService) {
- RangerService service = (RangerService)object;
-
- ret = StringUtils.equals(serviceType, service.getType());
- } else if(object instanceof RangerServiceDef) {
- RangerServiceDef serviceDef = (RangerServiceDef)object;
-
- ret = StringUtils.equals(serviceType, serviceDef.getName());
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceTypeId(final String serviceTypeId, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceTypeId)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerServiceDef) {
- RangerServiceDef serviceDef = (RangerServiceDef)object;
- Long svcDefId = serviceDef.getId();
-
- if(svcDefId != null) {
- ret = StringUtils.equals(serviceTypeId, svcDefId.toString());
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceName(final String serviceName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- ret = StringUtils.equals(serviceName, policy.getService());
- } else if(object instanceof RangerService) {
- RangerService service = (RangerService)object;
-
- ret = StringUtils.equals(serviceName, service.getName());
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(ret != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceId(final String serviceId, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceId)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
- Long svcId = getServiceId(policy.getService());
-
- if(svcId != null) {
- ret = StringUtils.equals(serviceId, svcId.toString());
- }
- } else if(object instanceof RangerService) {
- RangerService service = (RangerService)object;
-
- if(service.getId() != null) {
- ret = StringUtils.equals(serviceId, service.getId().toString());
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForPolicyName(final String policyName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(policyName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- ret = StringUtils.equals(policyName, policy.getName());
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForPolicyId(final String policyId, List<Predicate> predicates) {
- if(StringUtils.isEmpty(policyId)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- if(policy.getId() != null) {
- ret = StringUtils.equals(policyId, policy.getId().toString());
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForUserName(final String userName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(userName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
- if(policyItem.getUsers().contains(userName)) {
- ret = true;
-
- break;
- }
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForGroupName(final String groupName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(groupName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
- if(policyItem.getGroups().contains(groupName)) {
- ret = true;
-
- break;
- }
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForIsEnabled(final String status, List<Predicate> predicates) {
- if(StringUtils.isEmpty(status)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerBaseModelObject) {
- RangerBaseModelObject obj = (RangerBaseModelObject)object;
-
- if(Boolean.parseBoolean(status)) {
- ret = obj.getIsEnabled();
- } else {
- ret = !obj.getIsEnabled();
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForResources(final Map<String, String> resources, List<Predicate> predicates) {
- if(MapUtils.isEmpty(resources)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- if(! MapUtils.isEmpty(policy.getResources())) {
- int numFound = 0;
- for(String name : resources.keySet()) {
- boolean isMatch = false;
-
- RangerPolicyResource policyResource = policy.getResources().get(name);
-
- if(policyResource != null && !CollectionUtils.isEmpty(policyResource.getValues())) {
- String val = resources.get(name);
-
- if(policyResource.getValues().contains(val)) {
- isMatch = true;
- } else {
- for(String policyResourceValue : policyResource.getValues()) {
- if(FilenameUtils.wildcardMatch(val, policyResourceValue)) {
- isMatch = true;
- break;
- }
- }
- }
- }
-
- if(isMatch) {
- numFound++;
- } else {
- break;
- }
- }
-
- ret = numFound == resources.size();
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForIsRecursive(final String isRecursiveStr, List<Predicate> predicates) {
- if(StringUtils.isEmpty(isRecursiveStr)) {
- return null;
- }
-
- final boolean isRecursive = Boolean.parseBoolean(isRecursiveStr);
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = true;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- if(! MapUtils.isEmpty(policy.getResources())) {
- for(Map.Entry<String, RangerPolicyResource> e : policy.getResources().entrySet()) {
- RangerPolicyResource resValue = e.getValue();
-
- if(resValue.getIsRecursive() == null) {
- ret = !isRecursive;
- } else {
- ret = resValue.getIsRecursive().booleanValue() == isRecursive;
- }
-
- if(ret) {
- break;
- }
- }
- }
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForResourceSignature(final String serviceName, String signature, String isPolicyEnabled, List<Predicate> predicates) {
-
- boolean enabled = false;
- if ("1".equals(isPolicyEnabled)) {
- enabled = true;
- }
- Predicate ret = createPredicateForResourceSignature(serviceName, signature, enabled);
-
- if(predicates != null && ret != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- /**
- * @param serviceName
- * @param policySignature
- * @param isPolicyEnabled
- * @return
- */
- public Predicate createPredicateForResourceSignature(final String serviceName, final String policySignature, final Boolean isPolicyEnabled) {
-
- if (StringUtils.isEmpty(policySignature) || StringUtils.isEmpty(serviceName) || isPolicyEnabled == null) {
- return null;
- }
-
- return new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if (object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- ret = StringUtils.equals(policy.getResourceSignature(), policySignature) &&
- Objects.equals(policy.getService(), serviceName) &&
- Objects.equals(policy.getIsEnabled(), isPolicyEnabled);
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/362acbcb/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java
new file mode 100644
index 0000000..69560e2
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java
@@ -0,0 +1,156 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store;
+
+import org.apache.commons.collections.Predicate;
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.util.SearchFilter;
+
+import java.util.List;
+
+public class ServicePredicateUtil extends AbstractPredicateUtil {
+ private ServiceStore serviceStore = null;
+
+ public ServicePredicateUtil(ServiceStore serviceStore) {
+ super();
+ this.serviceStore = serviceStore;
+ }
+
+ @Override
+ public void addPredicates(SearchFilter filter, List<Predicate> predicates) {
+ super.addPredicates(filter, predicates);
+
+ addPredicateForServiceType(filter.getParam(SearchFilter.SERVICE_TYPE), predicates);
+ addPredicateForServiceId(filter.getParam(SearchFilter.SERVICE_ID), predicates);
+ }
+
+ private String getServiceType(String serviceName) {
+ RangerService service = null;
+
+ try {
+ if (serviceStore != null) {
+ service = serviceStore.getServiceByName(serviceName);
+ }
+ } catch(Exception excp) {
+ // ignore
+ }
+
+ return service != null ? service.getType() : null;
+ }
+
+ private Long getServiceId(String serviceName) {
+ RangerService service = null;
+
+ try {
+ if (serviceStore != null) {
+ service = serviceStore.getServiceByName(serviceName);
+ }
+ } catch(Exception excp) {
+ // ignore
+ }
+
+ return service != null ? service.getId() : null;
+ }
+
+
+ private Predicate addPredicateForServiceType(final String serviceType, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(serviceType)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ ret = StringUtils.equals(serviceType, getServiceType(policy.getService()));
+ } else if(object instanceof RangerService) {
+ RangerService service = (RangerService)object;
+
+ ret = StringUtils.equals(serviceType, service.getType());
+ } else if(object instanceof RangerServiceDef) {
+ RangerServiceDef serviceDef = (RangerServiceDef)object;
+
+ ret = StringUtils.equals(serviceType, serviceDef.getName());
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForServiceId(final String serviceId, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(serviceId)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+ Long svcId = getServiceId(policy.getService());
+
+ if(svcId != null) {
+ ret = StringUtils.equals(serviceId, svcId.toString());
+ }
+ } else if(object instanceof RangerService) {
+ RangerService service = (RangerService)object;
+
+ if(service.getId() != null) {
+ ret = StringUtils.equals(serviceId, service.getId().toString());
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/362acbcb/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
index 9785e77..6ce2589 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
@@ -41,12 +41,11 @@ import org.apache.ranger.plugin.model.RangerBaseModelObject;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.store.AbstractServiceStore;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
-public abstract class BaseFileStore extends AbstractServiceStore {
+public class BaseFileStore {
private static final Log LOG = LogFactory.getLog(BaseFileStore.class);
private Gson gsonBuilder = null;
@@ -57,7 +56,6 @@ public abstract class BaseFileStore extends AbstractServiceStore {
protected static final String FILE_PREFIX_POLICY = "ranger-policy-";
protected static final String FILE_SUFFIX_JSON = ".json";
-
protected void initStore(String dataDir) {
this.dataDir = dataDir;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/362acbcb/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
index 2c161a7..2e469cd 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
@@ -37,11 +37,13 @@ import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.plugin.store.ServicePredicateUtil;
+import org.apache.ranger.plugin.store.ServiceStore;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.plugin.util.ServicePolicies;
-public class ServiceFileStore extends BaseFileStore {
+public class ServiceFileStore extends BaseFileStore implements ServiceStore {
private static final Log LOG = LogFactory.getLog(ServiceFileStore.class);
public static final String PROPERTY_SERVICE_FILE_STORE_DIR = "ranger.service.store.file.dir";
@@ -51,12 +53,15 @@ public class ServiceFileStore extends BaseFileStore {
private long nextServiceId = 0;
private long nextPolicyId = 0;
+ private ServicePredicateUtil predicateUtil = null;
+
public ServiceFileStore() {
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceFileStore.ServiceFileStore()");
}
dataDir = RangerConfiguration.getInstance().get(PROPERTY_SERVICE_FILE_STORE_DIR, "file:///etc/ranger/data");
+ predicateUtil = new ServicePredicateUtil(this);
if(LOG.isDebugEnabled()) {
LOG.debug("<== ServiceFileStore.ServiceFileStore()");
@@ -69,6 +74,7 @@ public class ServiceFileStore extends BaseFileStore {
}
this.dataDir = dataDir;
+ predicateUtil = new ServicePredicateUtil(this);
if(LOG.isDebugEnabled()) {
LOG.debug("<== ServiceFileStore.ServiceFileStore()");
@@ -257,9 +263,9 @@ public class ServiceFileStore extends BaseFileStore {
List<RangerServiceDef> ret = getAllServiceDefs();
if(ret != null && filter != null && !filter.isEmpty()) {
- CollectionUtils.filter(ret, getPredicate(filter));
+ CollectionUtils.filter(ret, predicateUtil.getPredicate(filter));
- Comparator<RangerBaseModelObject> comparator = getSorter(filter);
+ Comparator<RangerBaseModelObject> comparator = predicateUtil.getSorter(filter);
if(comparator != null) {
Collections.sort(ret, comparator);
@@ -442,9 +448,9 @@ public class ServiceFileStore extends BaseFileStore {
List<RangerService> ret = getAllServices();
if(ret != null && filter != null && !filter.isEmpty()) {
- CollectionUtils.filter(ret, getPredicate(filter));
+ CollectionUtils.filter(ret, predicateUtil.getPredicate(filter));
- Comparator<RangerBaseModelObject> comparator = getSorter(filter);
+ Comparator<RangerBaseModelObject> comparator = predicateUtil.getSorter(filter);
if(comparator != null) {
Collections.sort(ret, comparator);
@@ -622,7 +628,7 @@ public class ServiceFileStore extends BaseFileStore {
List<RangerPolicy> ret = getAllPolicies();
- CollectionUtils.filter(ret, createPredicateForResourceSignature(serviceName, policySignature, isPolicyEnabled));
+ CollectionUtils.filter(ret, predicateUtil.createPredicateForResourceSignature(policySignature));
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== ServiceFileStore.getPoliciesByResourceSignature(%s, %s, %s): count[%d]: %s",
@@ -641,9 +647,9 @@ public class ServiceFileStore extends BaseFileStore {
List<RangerPolicy> ret = getAllPolicies();
if(ret != null && filter != null && !filter.isEmpty()) {
- CollectionUtils.filter(ret, getPredicate(filter));
+ CollectionUtils.filter(ret, predicateUtil.getPredicate(filter));
- Comparator<RangerBaseModelObject> comparator = getSorter(filter);
+ Comparator<RangerBaseModelObject> comparator = predicateUtil.getSorter(filter);
if(comparator != null) {
Collections.sort(ret, comparator);
@@ -745,7 +751,7 @@ public class ServiceFileStore extends BaseFileStore {
}
if(ret != null && ret.getPolicies() != null) {
- Collections.sort(ret.getPolicies(), idComparator);
+ Collections.sort(ret.getPolicies(), predicateUtil.idComparator);
}
return ret;
@@ -876,10 +882,10 @@ public class ServiceFileStore extends BaseFileStore {
}
if(ret != null) {
- Collections.sort(ret, idComparator);
+ Collections.sort(ret, predicateUtil.idComparator);
for(RangerServiceDef sd : ret) {
- Collections.sort(sd.getResources(), resourceLevelComparator);
+ Collections.sort(sd.getResources(), predicateUtil.resourceLevelComparator);
}
}
@@ -906,7 +912,7 @@ public class ServiceFileStore extends BaseFileStore {
}
if(ret != null) {
- Collections.sort(ret, idComparator);
+ Collections.sort(ret, predicateUtil.idComparator);
}
return ret;
@@ -928,7 +934,7 @@ public class ServiceFileStore extends BaseFileStore {
}
if(ret != null) {
- Collections.sort(ret, idComparator);
+ Collections.sort(ret, predicateUtil.idComparator);
}
if(LOG.isDebugEnabled()) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/362acbcb/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 427b24b..009cbf8 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -99,8 +99,9 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef;
-import org.apache.ranger.plugin.store.AbstractServiceStore;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.plugin.store.ServicePredicateUtil;
+import org.apache.ranger.plugin.store.ServiceStore;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.service.RangerAuditFields;
@@ -127,7 +128,7 @@ import org.springframework.transaction.support.TransactionTemplate;
@Component
-public class ServiceDBStore extends AbstractServiceStore {
+public class ServiceDBStore implements ServiceStore {
private static final Log LOG = LogFactory.getLog(ServiceDBStore.class);
@Autowired
@@ -181,6 +182,8 @@ public class ServiceDBStore extends AbstractServiceStore {
public static final String HIDDEN_PASSWORD_STR = "*****";
public static final String CONFIG_KEY_PASSWORD = "password";
+
+ private ServicePredicateUtil predicateUtil = null;
@Override
public void init() throws Exception {
@@ -205,6 +208,8 @@ public class ServiceDBStore extends AbstractServiceStore {
TransactionTemplate txTemplate = new TransactionTemplate(txManager);
final ServiceDBStore dbStore = this;
+ predicateUtil = new ServicePredicateUtil(dbStore);
+
txTemplate.execute(new TransactionCallback<Object>() {
@Override
@@ -926,7 +931,7 @@ public class ServiceDBStore extends AbstractServiceStore {
RangerServiceDefList svcDefList = serviceDefService.searchRangerServiceDefs(filter);
- applyFilter(svcDefList.getServiceDefs(), filter);
+ predicateUtil.applyFilter(svcDefList.getServiceDefs(), filter);
List<RangerServiceDef> ret = svcDefList.getServiceDefs();
@@ -944,7 +949,7 @@ public class ServiceDBStore extends AbstractServiceStore {
RangerServiceDefList svcDefList = serviceDefService.searchRangerServiceDefs(filter);
- applyFilter(svcDefList.getServiceDefs(), filter);
+ predicateUtil.applyFilter(svcDefList.getServiceDefs(), filter);
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.getPaginatedServiceDefs(" + filter + ")");
@@ -959,18 +964,27 @@ public class ServiceDBStore extends AbstractServiceStore {
LOG.debug("==> ServiceDefDBStore.createService(" + service + ")");
}
+ if (service == null) {
+ throw restErrorUtil.createRESTException(
+ "Service object cannot be null.",
+ MessageEnums.ERROR_CREATING_OBJECT);
+ }
+
boolean createDefaultPolicy = true;
- UserSessionBase usb = ContextUtil.getCurrentUserSession();
- List<String> userRoleList=usb.getUserRoleList();
boolean isAllowed=false;
+
+ UserSessionBase usb = ContextUtil.getCurrentUserSession();
+
+ List<String> userRoleList = usb == null ? null : usb.getUserRoleList();
if (userRoleList != null && userRoleList.contains(RangerConstants.ROLE_KEY_ADMIN)) {
- if(service!=null && "KMS".equalsIgnoreCase(service.getType())){
- isAllowed=true;
+ if ("KMS".equalsIgnoreCase(service.getType())) {
+ isAllowed = true;
}
}
if (usb != null && usb.isUserAdmin() || populateExistingBaseFields) {
- isAllowed=true;
+ isAllowed = true;
}
+
if (isAllowed) {
Map<String, String> configs = service.getConfigs();
Map<String, String> validConfigs = validateRequiredConfigParams(
@@ -1246,7 +1260,7 @@ public class ServiceDBStore extends AbstractServiceStore {
RangerServiceList serviceList = svcService.searchRangerServices(filter);
- applyFilter(serviceList.getServices(), filter);
+ predicateUtil.applyFilter(serviceList.getServices(), filter);
List<RangerService> ret = serviceList.getServices();
@@ -1264,7 +1278,7 @@ public class ServiceDBStore extends AbstractServiceStore {
RangerServiceList serviceList = svcService.searchRangerServices(filter);
- applyFilter(serviceList.getServices(), filter);
+ predicateUtil.applyFilter(serviceList.getServices(), filter);
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.getPaginatedServices()");
@@ -1450,7 +1464,7 @@ public class ServiceDBStore extends AbstractServiceStore {
RangerPolicyList policyList = policyService.searchRangerPolicies(filter);
- applyFilter(policyList.getPolicies(), filter);
+ predicateUtil.applyFilter(policyList.getPolicies(), filter);
List<RangerPolicy> ret = policyList.getPolicies();
@@ -1471,7 +1485,7 @@ public class ServiceDBStore extends AbstractServiceStore {
if (LOG.isDebugEnabled()) {
LOG.debug("before filter: count=" + policyList.getListSize());
}
- applyFilter(policyList.getPolicies(), filter);
+ predicateUtil.applyFilter(policyList.getPolicies(), filter);
if (LOG.isDebugEnabled()) {
LOG.debug("after filter: count=" + policyList.getListSize());
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/362acbcb/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
index f2b89ba..8b276d5 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
@@ -63,6 +63,7 @@ public class RangerSearchUtil extends SearchUtil {
ret.setParam(SearchFilter.USER, request.getParameter(SearchFilter.USER));
ret.setParam(SearchFilter.GROUP, request.getParameter(SearchFilter.GROUP));
ret.setParam(SearchFilter.POL_RESOURCE, request.getParameter(SearchFilter.POL_RESOURCE));
+ ret.setParam(SearchFilter.RESOURCE_SIGNATURE, request.getParameter(SearchFilter.RESOURCE_SIGNATURE));
for (Map.Entry<String, String[]> e : request.getParameterMap().entrySet()) {
String name = e.getKey();