You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/01/27 02:58:09 UTC
[2/6] incubator-ranger git commit: RANGER-203: Resource to policy
match updated to use all all the keys in a resource (ex: database, table/udf,
[column]).
RANGER-203: Resource to policy match updated to use all all the keys in
a resource (ex: database, table/udf, [column]).
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/57ded063
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/57ded063
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/57ded063
Branch: refs/heads/stack
Commit: 57ded063dee603767d06af2e9d6bcd442af564a2
Parents: ce1808a
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Mon Jan 26 16:07:31 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Mon Jan 26 16:07:31 2015 -0800
----------------------------------------------------------------------
.../audit/provider/MultiDestAuditProvider.java | 2 +-
.../plugin/policyengine/RangerResource.java | 4 +++
.../plugin/policyengine/RangerResourceImpl.java | 12 ++++++++
.../RangerDefaultPolicyEvaluator.java | 31 ++++++++++++--------
4 files changed, 36 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/57ded063/agents-audit/src/main/java/org/apache/ranger/audit/provider/MultiDestAuditProvider.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MultiDestAuditProvider.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MultiDestAuditProvider.java
index 0f429ea..1eec345 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MultiDestAuditProvider.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MultiDestAuditProvider.java
@@ -51,7 +51,7 @@ public class MultiDestAuditProvider extends BaseAuditProvider {
try {
provider.init(props);
} catch(Throwable excp) {
- LOG.info("MultiDestAuditProvider.init(): failed" + provider.getClass().getCanonicalName() + ")");
+ LOG.info("MultiDestAuditProvider.init(): failed " + provider.getClass().getCanonicalName() + ")", excp);
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/57ded063/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
index f79aba8..6941bc3 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
@@ -19,6 +19,8 @@
package org.apache.ranger.plugin.policyengine;
+import java.util.Set;
+
public interface RangerResource {
public abstract String getOwnerUser();
@@ -26,4 +28,6 @@ public interface RangerResource {
public abstract boolean exists(String name);
public abstract String getValue(String name);
+
+ public Set<String> getKeys();
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/57ded063/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
index 529ac5f..86f7ea4 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
@@ -21,6 +21,7 @@ package org.apache.ranger.plugin.policyengine;
import java.util.HashMap;
import java.util.Map;
+import java.util.Set;
public class RangerResourceImpl implements RangerMutableResource {
@@ -53,6 +54,17 @@ public class RangerResourceImpl implements RangerMutableResource {
}
@Override
+ public Set<String> getKeys() {
+ Set<String> ret = null;
+
+ if(elements != null) {
+ ret = elements.keySet();
+ }
+
+ return ret;
+ }
+
+ @Override
public void setOwnerUser(String ownerUser) {
this.ownerUser = ownerUser;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/57ded063/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index 0160347..7fea4b6 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -178,20 +178,27 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
RangerServiceDef serviceDef = getServiceDef();
if(serviceDef != null && serviceDef.getResources() != null) {
- for(RangerResourceDef resourceDef : serviceDef.getResources()) {
- String resourceName = resourceDef.getName();
- String resourceValue = resource == null ? null : resource.getValue(resourceName);
- RangerResourceMatcher matcher = matchers == null ? null : matchers.get(resourceName);
+ Collection<String> resourceKeys = resource == null ? null : resource.getKeys();
+ Collection<String> policyKeys = matchers == null ? null : matchers.keySet();
+
+ boolean keysMatch = (resourceKeys == null) || (policyKeys != null && policyKeys.containsAll(resourceKeys));
- // when no value exists for a resourceName, consider it a match only if (policy doesn't have a matcher OR matcher allows no-value resource)
- if(StringUtils.isEmpty(resourceValue)) {
- ret = matcher == null || matcher.isMatch(resourceValue);
- } else {
- ret = matcher != null && matcher.isMatch(resourceValue);
- }
+ if(keysMatch) {
+ for(RangerResourceDef resourceDef : serviceDef.getResources()) {
+ String resourceName = resourceDef.getName();
+ String resourceValue = resource == null ? null : resource.getValue(resourceName);
+ RangerResourceMatcher matcher = matchers == null ? null : matchers.get(resourceName);
- if(! ret) {
- break;
+ // when no value exists for a resourceName, consider it a match only if (policy doesn't have a matcher OR matcher allows no-value resource)
+ if(StringUtils.isEmpty(resourceValue)) {
+ ret = matcher == null || matcher.isMatch(resourceValue);
+ } else {
+ ret = matcher != null && matcher.isMatch(resourceValue);
+ }
+
+ if(! ret) {
+ break;
+ }
}
}
}