You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2020/11/16 05:06:58 UTC
[ranger] 02/03: RANGER-3040: add read permission for lookupuser on
default policies of presto/storm/es
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 7849c658f7b5ca71d43ed3299fb36992c48b4b2c
Author: rujia1019 <82...@163.com>
AuthorDate: Thu Oct 15 11:16:01 2020 +0800
RANGER-3040: add read permission for lookupuser on default policies of presto/storm/es
Signed-off-by: pradeep <pr...@apache.org>
---
.../elasticsearch/RangerServiceElasticsearch.java | 31 ++++++++++++++++++
.../services/presto/RangerServicePresto.java | 32 +++++++++++++++++++
.../ranger/services/storm/RangerServiceStorm.java | 37 ++++++++++++++++++++++
3 files changed, 100 insertions(+)
diff --git a/plugin-elasticsearch/src/main/java/org/apache/ranger/services/elasticsearch/RangerServiceElasticsearch.java b/plugin-elasticsearch/src/main/java/org/apache/ranger/services/elasticsearch/RangerServiceElasticsearch.java
index 100851d..a8953e1 100644
--- a/plugin-elasticsearch/src/main/java/org/apache/ranger/services/elasticsearch/RangerServiceElasticsearch.java
+++ b/plugin-elasticsearch/src/main/java/org/apache/ranger/services/elasticsearch/RangerServiceElasticsearch.java
@@ -18,10 +18,15 @@
package org.apache.ranger.services.elasticsearch;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.slf4j.Logger;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
@@ -33,6 +38,7 @@ import org.slf4j.LoggerFactory;
public class RangerServiceElasticsearch extends RangerBaseService {
private static final Logger LOG = LoggerFactory.getLogger(RangerServiceElasticsearch.class);
+ public static final String ACCESS_TYPE_READ = "read";
public RangerServiceElasticsearch() {
super();
@@ -44,6 +50,31 @@ public class RangerServiceElasticsearch extends RangerBaseService {
}
@Override
+ public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerServiceElasticsearch.getDefaultRangerPolicies()");
+ }
+
+ List<RangerPolicy> ret = super.getDefaultRangerPolicies();
+ for (RangerPolicy defaultPolicy : ret) {
+ if (defaultPolicy.getName().contains("all") && StringUtils.isNotBlank(lookUpUser)) {
+ List<RangerPolicyItemAccess> accessListForLookupUser = new ArrayList<RangerPolicyItemAccess>();
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_READ));
+ RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
+ policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
+ policyItemForLookupUser.setAccesses(accessListForLookupUser);
+ policyItemForLookupUser.setDelegateAdmin(false);
+ defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerServiceElasticsearch.getDefaultRangerPolicies()");
+ }
+ return ret;
+ }
+
+ @Override
public Map<String, Object> validateConfig() throws Exception {
Map<String, Object> ret = new HashMap<String, Object>();
String serviceName = getServiceName();
diff --git a/plugin-presto/src/main/java/org/apache/ranger/services/presto/RangerServicePresto.java b/plugin-presto/src/main/java/org/apache/ranger/services/presto/RangerServicePresto.java
index 810fc3f..d95876a 100644
--- a/plugin-presto/src/main/java/org/apache/ranger/services/presto/RangerServicePresto.java
+++ b/plugin-presto/src/main/java/org/apache/ranger/services/presto/RangerServicePresto.java
@@ -18,15 +18,20 @@
*/
package org.apache.ranger.services.presto;
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.client.HadoopConfigHolder;
import org.apache.ranger.plugin.client.HadoopException;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.service.RangerBaseService;
import org.apache.ranger.plugin.service.ResourceLookupContext;
import org.apache.ranger.services.presto.client.PrestoResourceManager;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -34,6 +39,33 @@ import java.util.Map;
public class RangerServicePresto extends RangerBaseService {
private static final Log LOG = LogFactory.getLog(RangerServicePresto.class);
+ public static final String ACCESS_TYPE_SELECT = "select";
+
+ @Override
+ public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerServicePresto.getDefaultRangerPolicies()");
+ }
+
+ List<RangerPolicy> ret = super.getDefaultRangerPolicies();
+ for (RangerPolicy defaultPolicy : ret) {
+ if (defaultPolicy.getName().contains("all") && StringUtils.isNotBlank(lookUpUser)) {
+ List<RangerPolicyItemAccess> accessListForLookupUser = new ArrayList<RangerPolicyItemAccess>();
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_SELECT));
+ RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
+ policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
+ policyItemForLookupUser.setAccesses(accessListForLookupUser);
+ policyItemForLookupUser.setDelegateAdmin(false);
+ defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerServicePresto.getDefaultRangerPolicies()");
+ }
+ return ret;
+ }
+
@Override
public Map<String, Object> validateConfig() throws Exception {
Map<String, Object> ret = new HashMap<String, Object>();
diff --git a/storm-agent/src/main/java/org/apache/ranger/services/storm/RangerServiceStorm.java b/storm-agent/src/main/java/org/apache/ranger/services/storm/RangerServiceStorm.java
index 1b71cd7..ffe26b6 100644
--- a/storm-agent/src/main/java/org/apache/ranger/services/storm/RangerServiceStorm.java
+++ b/storm-agent/src/main/java/org/apache/ranger/services/storm/RangerServiceStorm.java
@@ -19,10 +19,15 @@
package org.apache.ranger.services.storm;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.service.RangerBaseService;
@@ -34,6 +39,10 @@ import org.apache.commons.logging.LogFactory;
public class RangerServiceStorm extends RangerBaseService {
private static final Log LOG = LogFactory.getLog(RangerServiceStorm.class);
+ public static final String ACCESS_TYPE_GET_TOPOLOGY = "getTopology";
+ public static final String ACCESS_TYPE_GET_TOPOLOGY_CONF = "getTopologyConf";
+ public static final String ACCESS_TYPE_GET_USER_TOPOLOGY = "getUserTopology";
+ public static final String ACCESS_TYPE_GET_TOPOLOGY_INFO = "getTopologyInfo";
public RangerServiceStorm() {
super();
@@ -45,6 +54,34 @@ public class RangerServiceStorm extends RangerBaseService {
}
@Override
+ public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerServiceStorm.getDefaultRangerPolicies()");
+ }
+
+ List<RangerPolicy> ret = super.getDefaultRangerPolicies();
+ for (RangerPolicy defaultPolicy : ret) {
+ if (defaultPolicy.getName().contains("all") && StringUtils.isNotBlank(lookUpUser)) {
+ List<RangerPolicyItemAccess> accessListForLookupUser = new ArrayList<RangerPolicyItemAccess>();
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_GET_TOPOLOGY));
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_GET_TOPOLOGY_CONF));
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_GET_USER_TOPOLOGY));
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_GET_TOPOLOGY_INFO));
+ RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
+ policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
+ policyItemForLookupUser.setAccesses(accessListForLookupUser);
+ policyItemForLookupUser.setDelegateAdmin(false);
+ defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerServiceStorm.getDefaultRangerPolicies()");
+ }
+ return ret;
+ }
+
+ @Override
public Map<String,Object> validateConfig() throws Exception {
Map<String, Object> ret = new HashMap<String, Object>();
String serviceName = getServiceName();