You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/01/27 02:58:09 UTC

[2/6] incubator-ranger git commit: RANGER-203: Resource to policy match updated to use all all the keys in a resource (ex: database, table/udf, [column]).

RANGER-203: Resource to policy match updated to use all all the keys in
a resource (ex: database, table/udf, [column]).

Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/57ded063
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/57ded063
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/57ded063

Branch: refs/heads/stack
Commit: 57ded063dee603767d06af2e9d6bcd442af564a2
Parents: ce1808a
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Mon Jan 26 16:07:31 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Mon Jan 26 16:07:31 2015 -0800

----------------------------------------------------------------------
 .../audit/provider/MultiDestAuditProvider.java  |  2 +-
 .../plugin/policyengine/RangerResource.java     |  4 +++
 .../plugin/policyengine/RangerResourceImpl.java | 12 ++++++++
 .../RangerDefaultPolicyEvaluator.java           | 31 ++++++++++++--------
 4 files changed, 36 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/57ded063/agents-audit/src/main/java/org/apache/ranger/audit/provider/MultiDestAuditProvider.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MultiDestAuditProvider.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MultiDestAuditProvider.java
index 0f429ea..1eec345 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MultiDestAuditProvider.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MultiDestAuditProvider.java
@@ -51,7 +51,7 @@ public class MultiDestAuditProvider extends BaseAuditProvider {
     		try {
                 provider.init(props);
     		} catch(Throwable excp) {
-    			LOG.info("MultiDestAuditProvider.init(): failed" + provider.getClass().getCanonicalName() + ")");
+    			LOG.info("MultiDestAuditProvider.init(): failed " + provider.getClass().getCanonicalName() + ")", excp);
     		}
         }
 	}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/57ded063/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
index f79aba8..6941bc3 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
@@ -19,6 +19,8 @@
 
 package org.apache.ranger.plugin.policyengine;
 
+import java.util.Set;
+
 
 public interface RangerResource {
 	public abstract String getOwnerUser();
@@ -26,4 +28,6 @@ public interface RangerResource {
 	public abstract boolean exists(String name);
 
 	public abstract String getValue(String name);
+
+	public Set<String> getKeys();
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/57ded063/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
index 529ac5f..86f7ea4 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
@@ -21,6 +21,7 @@ package org.apache.ranger.plugin.policyengine;
 
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Set;
 
 
 public class RangerResourceImpl implements RangerMutableResource {
@@ -53,6 +54,17 @@ public class RangerResourceImpl implements RangerMutableResource {
 	}
 
 	@Override
+	public Set<String> getKeys() {
+		Set<String> ret = null;
+
+		if(elements != null) {
+			ret = elements.keySet();
+		}
+
+		return ret;
+	}
+
+	@Override
 	public void setOwnerUser(String ownerUser) {
 		this.ownerUser = ownerUser;
 	}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/57ded063/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index 0160347..7fea4b6 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -178,20 +178,27 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
 		RangerServiceDef serviceDef = getServiceDef();
 
 		if(serviceDef != null && serviceDef.getResources() != null) {
-			for(RangerResourceDef resourceDef : serviceDef.getResources()) {
-				String                resourceName  = resourceDef.getName();
-				String                resourceValue = resource == null ? null : resource.getValue(resourceName);
-				RangerResourceMatcher matcher       = matchers == null ? null : matchers.get(resourceName);
+			Collection<String> resourceKeys = resource == null ? null : resource.getKeys();
+			Collection<String> policyKeys   = matchers == null ? null : matchers.keySet();
+			
+			boolean keysMatch = (resourceKeys == null) || (policyKeys != null && policyKeys.containsAll(resourceKeys));
 
-				// when no value exists for a resourceName, consider it a match only if (policy doesn't have a matcher OR matcher allows no-value resource)
-				if(StringUtils.isEmpty(resourceValue)) {
-					ret = matcher == null || matcher.isMatch(resourceValue);
-				} else {
-					ret = matcher != null && matcher.isMatch(resourceValue);
-				}
+			if(keysMatch) {
+				for(RangerResourceDef resourceDef : serviceDef.getResources()) {
+					String                resourceName  = resourceDef.getName();
+					String                resourceValue = resource == null ? null : resource.getValue(resourceName);
+					RangerResourceMatcher matcher       = matchers == null ? null : matchers.get(resourceName);
 
-				if(! ret) {
-					break;
+					// when no value exists for a resourceName, consider it a match only if (policy doesn't have a matcher OR matcher allows no-value resource)
+					if(StringUtils.isEmpty(resourceValue)) {
+						ret = matcher == null || matcher.isMatch(resourceValue);
+					} else {
+						ret = matcher != null && matcher.isMatch(resourceValue);
+					}
+
+					if(! ret) {
+						break;
+					}
 				}
 			}
 		}