You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2019/05/02 14:56:38 UTC
[ranger] branch master updated: RANGER-2412:Policy Condition
Evaluators existing and newly created should work in both policy level and
policy item level
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 2c71271 RANGER-2412:Policy Condition Evaluators existing and newly created should work in both policy level and policy item level
2c71271 is described below
commit 2c71271223176413f95a9adb82ee72ea82f83881
Author: rmani <rm...@hortonworks.com>
AuthorDate: Wed May 1 13:33:56 2019 -0700
RANGER-2412:Policy Condition Evaluators existing and newly created should work in both policy level and policy item level
---
.../RangerAbstractConditionEvaluator.java | 9 ------
.../RangerConditionEvaluator.java | 3 --
.../apache/ranger/plugin/model/RangerPolicy.java | 34 ++++++----------------
.../model/RangerPolicyResourceSignature.java | 8 ++---
.../RangerCustomConditionEvaluator.java | 4 +--
.../RangerDefaultPolicyEvaluator.java | 2 +-
.../RangerPolicyConditionSampleSimpleMatcher.java | 10 +++----
.../org/apache/ranger/biz/PolicyRefUpdater.java | 4 +--
8 files changed, 23 insertions(+), 51 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java
index 51691ad..ddd1a54 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java
@@ -18,7 +18,6 @@
*/
package org.apache.ranger.plugin.conditionevaluator;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyCondition;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
@@ -27,7 +26,6 @@ public abstract class RangerAbstractConditionEvaluator implements RangerConditio
protected RangerServiceDef serviceDef;
protected RangerPolicyConditionDef conditionDef;
protected RangerPolicyItemCondition condition;
- protected RangerPolicyCondition policyCondition;
@Override
public void setServiceDef(RangerServiceDef serviceDef) {
@@ -50,11 +48,4 @@ public abstract class RangerAbstractConditionEvaluator implements RangerConditio
public RangerPolicyItemCondition getPolicyItemCondition() { return condition; }
- @Override
- public void setPolicyCondition(RangerPolicyCondition policyCondition) {
- this.policyCondition = policyCondition;
- }
-
- public RangerPolicyCondition getPolicyCondition() { return policyCondition; }
-
}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java
index 54c0b40..16f9a3c 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java
@@ -19,7 +19,6 @@
package org.apache.ranger.plugin.conditionevaluator;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyCondition;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
@@ -30,8 +29,6 @@ public interface RangerConditionEvaluator {
void setPolicyItemCondition(RangerPolicyItemCondition condition);
- void setPolicyCondition(RangerPolicyCondition policyCondition);
-
void setServiceDef(RangerServiceDef serviceDef);
void init();
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
index 9146a88..3cf509d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
@@ -75,7 +75,7 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
private String resourceSignature;
private Boolean isAuditEnabled;
private Map<String, RangerPolicyResource> resources;
- private List<RangerPolicyCondition> conditions;
+ private List<RangerPolicyItemCondition> conditions;
private List<RangerPolicyItem> policyItems;
private List<RangerPolicyItem> denyPolicyItems;
private List<RangerPolicyItem> allowExceptions;
@@ -109,7 +109,7 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
* @param policyItems
* @param resourceSignature TODO
*/
- public RangerPolicy(String service, String name, Integer policyType, Integer policyPriority, String description, Map<String, RangerPolicyResource> resources, List<RangerPolicyItem> policyItems, String resourceSignature, Map<String, Object> options, List<RangerValiditySchedule> validitySchedules, List<String> policyLables, String zoneName, List<RangerPolicyCondition> conditions) {
+ public RangerPolicy(String service, String name, Integer policyType, Integer policyPriority, String description, Map<String, RangerPolicyResource> resources, List<RangerPolicyItem> policyItems, String resourceSignature, Map<String, Object> options, List<RangerValiditySchedule> validitySchedules, List<String> policyLables, String zoneName, List<RangerPolicyItemCondition> conditions) {
super();
setService(service);
@@ -501,11 +501,11 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
/**
* @return the conditions
*/
- public List<RangerPolicyCondition> getConditions() { return conditions; }
+ public List<RangerPolicyItemCondition> getConditions() { return conditions; }
/**
* @param conditions the conditions to set
*/
- public void setConditions(List<RangerPolicyCondition> conditions) {
+ public void setConditions(List<RangerPolicyItemCondition> conditions) {
this.conditions = conditions;
}
@@ -553,7 +553,7 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
sb.append("policyConditions={");
if(conditions != null) {
- for(RangerPolicyCondition condition : conditions) {
+ for(RangerPolicyItemCondition condition : conditions) {
if(condition != null) {
condition.toString(sb);
}
@@ -1351,38 +1351,22 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
}
- // Shell class for backward compatibility
@JsonAutoDetect(fieldVisibility=Visibility.ANY)
@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL)
@JsonIgnoreProperties(ignoreUnknown=true)
@XmlRootElement
@XmlAccessorType(XmlAccessType.FIELD)
- public static class RangerPolicyItemCondition extends RangerPolicyCondition implements java.io.Serializable {
- public RangerPolicyItemCondition() {
- this(null, null);
- }
-
- public RangerPolicyItemCondition(String type, List<String> values) {
- super(type,values);
- }
- }
-
- @JsonAutoDetect(fieldVisibility=Visibility.ANY)
- @JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL)
- @JsonIgnoreProperties(ignoreUnknown=true)
- @XmlRootElement
- @XmlAccessorType(XmlAccessType.FIELD)
- public static class RangerPolicyCondition implements java.io.Serializable {
+ public static class RangerPolicyItemCondition implements java.io.Serializable {
private static final long serialVersionUID = 1L;
private String type;
private List<String> values;
- public RangerPolicyCondition() {
+ public RangerPolicyItemCondition() {
this(null, null);
}
- public RangerPolicyCondition(String type, List<String> values) {
+ public RangerPolicyItemCondition(String type, List<String> values) {
setType(type);
setValues(values);
}
@@ -1469,7 +1453,7 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
return false;
if (getClass() != obj.getClass())
return false;
- RangerPolicyCondition other = (RangerPolicyCondition) obj;
+ RangerPolicyItemCondition other = (RangerPolicyItemCondition) obj;
if (type == null) {
if (other.type != null)
return false;
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
index 40b5ddd..2bb6589 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
@@ -32,7 +32,7 @@ import org.apache.commons.collections.MapUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyCondition;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
import org.apache.solr.common.StringUtils;
public class RangerPolicyResourceSignature {
@@ -198,9 +198,9 @@ public class RangerPolicyResourceSignature {
}
static class CustomConditionSerialiser {
- final List<RangerPolicyCondition> rangerPolicyConditions;
+ final List<RangerPolicy.RangerPolicyItemCondition> rangerPolicyConditions;
- CustomConditionSerialiser(List<RangerPolicyCondition> rangerPolicyConditions) {
+ CustomConditionSerialiser(List<RangerPolicyItemCondition> rangerPolicyConditions) {
this.rangerPolicyConditions = rangerPolicyConditions;
}
@@ -209,7 +209,7 @@ public class RangerPolicyResourceSignature {
StringBuilder builder = new StringBuilder();
Map<String, List<String>> conditionMap = new TreeMap<>();
- for(RangerPolicyCondition rangerPolicyCondition : rangerPolicyConditions) {
+ for(RangerPolicyItemCondition rangerPolicyCondition : rangerPolicyConditions) {
if (rangerPolicyCondition.getType() != null) {
String type = rangerPolicyCondition.getType();
List<String> values = new ArrayList<>();
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerCustomConditionEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerCustomConditionEvaluator.java
index 1d08718..cc250b5 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerCustomConditionEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerCustomConditionEvaluator.java
@@ -57,7 +57,7 @@ public class RangerCustomConditionEvaluator {
perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_INIT_LOG, "RangerCustomConditionEvaluator.init(policyId=" + policyId + ")");
}
- for (RangerPolicy.RangerPolicyCondition condition : policy.getConditions()) {
+ for (RangerPolicy.RangerPolicyItemCondition condition : policy.getConditions()) {
RangerServiceDef.RangerPolicyConditionDef conditionDef = getConditionDef(condition.getType(),serviceDef);
if (conditionDef == null) {
@@ -71,7 +71,7 @@ public class RangerCustomConditionEvaluator {
if (conditionEvaluator != null) {
conditionEvaluator.setServiceDef(serviceDef);
conditionEvaluator.setConditionDef(conditionDef);
- conditionEvaluator.setPolicyCondition(condition);
+ conditionEvaluator.setPolicyItemCondition(condition);
RangerPerfTracer perfConditionInit = null;
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index 580a32c..a57b398 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -1204,7 +1204,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
String conditionType = null;
if (conditionEvaluator instanceof RangerAbstractConditionEvaluator) {
- conditionType = ((RangerAbstractConditionEvaluator)conditionEvaluator).getPolicyCondition().getType();
+ conditionType = ((RangerAbstractConditionEvaluator)conditionEvaluator).getPolicyItemCondition().getType();
}
perf = RangerPerfTracer.getPerfTracer(PERF_POLICYCONDITION_REQUEST_LOG, "RangerConditionEvaluator.matchPolicyCustomConditions(policyId=" + getId() + ",policyConditionType=" + conditionType + ")");
diff --git a/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerPolicyConditionSampleSimpleMatcher.java b/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerPolicyConditionSampleSimpleMatcher.java
index f0df30d..6e5d90a 100644
--- a/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerPolicyConditionSampleSimpleMatcher.java
+++ b/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerPolicyConditionSampleSimpleMatcher.java
@@ -80,18 +80,18 @@ public class RangerPolicyConditionSampleSimpleMatcher extends RangerAbstractCond
@Override
public void init() {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPolicyConditionSampleSimpleMatcher.init(" + policyCondition + ")");
+ LOG.debug("==> RangerPolicyConditionSampleSimpleMatcher.init(" + condition + ")");
}
super.init();
- if (policyCondition == null) {
+ if (condition == null) {
LOG.debug("init: null policy condition! Will match always!");
_allowAny = true;
} else if (conditionDef == null) {
LOG.debug("init: null policy condition definition! Will match always!");
_allowAny = true;
- } else if (CollectionUtils.isEmpty(policyCondition.getValues())) {
+ } else if (CollectionUtils.isEmpty(condition.getValues())) {
LOG.debug("init: empty conditions collection on policy condition! Will match always!");
_allowAny = true;
} else if (MapUtils.isEmpty(conditionDef.getEvaluatorOptions())) {
@@ -102,13 +102,13 @@ public class RangerPolicyConditionSampleSimpleMatcher extends RangerAbstractCond
_allowAny = true;
} else {
_contextName = conditionDef.getEvaluatorOptions().get(CONTEXT_NAME);
- for (String value : policyCondition.getValues()) {
+ for (String value : condition.getValues()) {
_values.add(value);
}
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPolicyConditionSampleSimpleMatcher.init(" + policyCondition + "): values[" + _values + "]");
+ LOG.debug("<== RangerPolicyConditionSampleSimpleMatcher.init(" + condition + "): values[" + _values + "]");
}
}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
index 08963f0..921dc37 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
@@ -79,9 +79,9 @@ public class PolicyRefUpdater {
final Set<String> conditionTypes = new HashSet<>();
final Set<String> dataMaskTypes = new HashSet<>();
- List<RangerPolicy.RangerPolicyCondition> rangerPolicyConditions = policy.getConditions();
+ List<RangerPolicy.RangerPolicyItemCondition> rangerPolicyConditions = policy.getConditions();
if (CollectionUtils.isNotEmpty(rangerPolicyConditions)) {
- for (RangerPolicy.RangerPolicyCondition condition : rangerPolicyConditions) {
+ for (RangerPolicy.RangerPolicyItemCondition condition : rangerPolicyConditions) {
conditionTypes.add(condition.getType());
}
}