You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2017/07/28 21:06:57 UTC
ranger git commit: RANGER-1714:Disable dynamic sorting of policies
when trie pre-filter is enabled
Repository: ranger
Updated Branches:
refs/heads/master 7d5d00c15 -> 7c401b3e3
RANGER-1714:Disable dynamic sorting of policies when trie pre-filter is enabled
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/7c401b3e
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/7c401b3e
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/7c401b3e
Branch: refs/heads/master
Commit: 7c401b3e305c3ec7de47105a2980a9152ae04ce4
Parents: 7d5d00c
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Fri Jul 28 12:20:18 2017 -0700
Committer: Abhay Kulkarni <ak...@hortonworks.com>
Committed: Fri Jul 28 12:20:18 2017 -0700
----------------------------------------------------------------------
.../RangerServiceResourceMatcher.java | 11 ++++
.../policyengine/RangerPolicyRepository.java | 26 ++------
.../policyevaluator/RangerPolicyEvaluator.java | 5 ++
.../RangerPolicyResourceEvaluator.java | 9 ---
.../ranger/plugin/service/RangerBasePlugin.java | 5 +-
.../ranger/plugin/util/RangerResourceTrie.java | 67 +++++---------------
6 files changed, 38 insertions(+), 85 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/7c401b3e/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerServiceResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerServiceResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerServiceResourceMatcher.java
index ecddf75..f9bbb12 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerServiceResourceMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerServiceResourceMatcher.java
@@ -28,9 +28,13 @@ import org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceEvalua
import org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher;
import org.apache.ranger.plugin.util.ServiceDefUtil;
+import java.io.Serializable;
+import java.util.Comparator;
import java.util.Map;
public class RangerServiceResourceMatcher implements RangerPolicyResourceEvaluator {
+ public static final Comparator<RangerServiceResourceMatcher> ID_COMPARATOR = new IdComparator();
+
private final RangerServiceResource serviceResource;
private final RangerPolicyResourceMatcher policyResourceMatcher;
private final Integer leafResourceLevel;
@@ -74,4 +78,11 @@ public class RangerServiceResourceMatcher implements RangerPolicyResourceEvaluat
RangerServiceDef getServiceDef() {
return policyResourceMatcher != null ? policyResourceMatcher.getServiceDef() : null;
}
+
+ static class IdComparator implements Comparator<RangerServiceResourceMatcher>, Serializable {
+ @Override
+ public int compare(RangerServiceResourceMatcher me, RangerServiceResourceMatcher other) {
+ return Long.compare(me.getId(), other.getId());
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/7c401b3e/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index 1ce2386..a1002e8 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -793,21 +793,15 @@ class RangerPolicyRepository {
LOG.debug("==> reorderEvaluators()");
}
- if(policyResourceTrie != null) {
- reorderPolicyEvaluators(policyResourceTrie);
- } else {
+ if(policyResourceTrie == null) {
policyEvaluators = getReorderedPolicyEvaluators(policyEvaluators);
}
- if(dataMaskResourceTrie != null) {
- reorderPolicyEvaluators(dataMaskResourceTrie);
- } else {
+ if(dataMaskResourceTrie == null) {
dataMaskPolicyEvaluators = getReorderedPolicyEvaluators(dataMaskPolicyEvaluators);
}
- if(rowFilterResourceTrie != null) {
- reorderPolicyEvaluators(rowFilterResourceTrie);
- } else {
+ if(rowFilterResourceTrie == null) {
rowFilterPolicyEvaluators = getReorderedPolicyEvaluators(rowFilterPolicyEvaluators);
}
@@ -816,18 +810,6 @@ class RangerPolicyRepository {
}
}
- private void reorderPolicyEvaluators(Map<String, RangerResourceTrie> trieMap) {
- if(trieMap != null) {
- for(Map.Entry<String, RangerResourceTrie> entry : trieMap.entrySet()) {
- RangerResourceTrie trie = entry.getValue();
-
- if(trie != null) {
- trie.reorderEvaluators();
- }
- }
- }
- }
-
private List<RangerPolicyEvaluator> getReorderedPolicyEvaluators(List<RangerPolicyEvaluator> evaluators) {
List<RangerPolicyEvaluator> ret = evaluators;
@@ -848,7 +830,7 @@ class RangerPolicyRepository {
ret = new HashMap<>();
for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
- ret.put(resourceDef.getName(), new RangerResourceTrie(resourceDef, evaluators));
+ ret.put(resourceDef.getName(), new RangerResourceTrie(resourceDef, evaluators, RangerPolicyEvaluator.EVAL_ORDER_COMPARATOR));
}
} else {
ret = null;
http://git-wip-us.apache.org/repos/asf/ranger/blob/7c401b3e/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
index 191ad98..7165594 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
@@ -39,6 +39,8 @@ import org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceEvalua
public interface RangerPolicyEvaluator extends RangerPolicyResourceEvaluator {
+ Comparator<RangerPolicyEvaluator> EVAL_ORDER_COMPARATOR = new RangerPolicyEvaluator.PolicyEvalOrderComparator();
+
String EVALUATOR_TYPE_AUTO = "auto";
String EVALUATOR_TYPE_OPTIMIZED = "optimized";
String EVALUATOR_TYPE_CACHED = "cached";
@@ -96,11 +98,14 @@ public interface RangerPolicyEvaluator extends RangerPolicyResourceEvaluator {
result = 1;
} else {
result = Long.compare(other.getUsageCount(), me.getUsageCount());
+
if (result == 0) {
result = Integer.compare(me.getEvalOrder(), other.getEvalOrder());
}
}
+
return result;
}
}
+
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/7c401b3e/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceEvaluator.java
index 181863c..7d43b4b 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceEvaluator.java
@@ -23,8 +23,6 @@ package org.apache.ranger.plugin.policyresourcematcher;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher;
-import java.io.Serializable;
-import java.util.Comparator;
import java.util.Map;
public interface RangerPolicyResourceEvaluator {
@@ -37,11 +35,4 @@ public interface RangerPolicyResourceEvaluator {
RangerResourceMatcher getResourceMatcher(String resourceName);
Integer getLeafResourceLevel();
-
- class IdComparator implements Comparator<RangerPolicyResourceEvaluator>, Serializable {
- @Override
- public int compare(RangerPolicyResourceEvaluator me, RangerPolicyResourceEvaluator other) {
- return Long.compare(me.getId(), other.getId());
- }
- }
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/7c401b3e/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index d5aa1ae..4d3731b 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -160,7 +160,7 @@ public class RangerBasePlugin {
LOG.debug(propertyPrefix + ".policy.policyReorderInterval:" + policyReorderIntervalMs);
}
- if (policyReorderIntervalMs > 0) {
+ if (policyEngineOptions.disableTrieLookupPrefilter && policyReorderIntervalMs > 0) {
policyEngineRefreshTimer = new Timer("PolicyEngineRefreshTimer", true);
try {
policyEngineRefreshTimer.schedule(new PolicyEngineRefresher(this), policyReorderIntervalMs, policyReorderIntervalMs);
@@ -173,8 +173,7 @@ public class RangerBasePlugin {
policyEngineRefreshTimer = null;
}
} else {
- LOG.info("Policies will NOT be reordered based on number of evaluations because "
- + propertyPrefix + ".policy.policyReorderInterval is set to a negative number[" + policyReorderIntervalMs +"]");
+ LOG.info("Policies will NOT be reordered based on number of evaluations");
}
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/7c401b3e/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java
index c22ecde..77808b8 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java
@@ -31,11 +31,11 @@ import org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher;
import java.util.ArrayList;
import java.util.Collections;
+import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-
public class RangerResourceTrie<T extends RangerPolicyResourceEvaluator> {
private static final Log LOG = LogFactory.getLog(RangerResourceTrie.class);
@@ -46,8 +46,13 @@ public class RangerResourceTrie<T extends RangerPolicyResourceEvaluator> {
private final boolean optWildcard;
private final String wildcardChars;
private final TrieNode root;
+ private final Comparator<T> comparator;
public RangerResourceTrie(RangerServiceDef.RangerResourceDef resourceDef, List<T> evaluators) {
+ this(resourceDef, evaluators, null);
+ }
+
+ public RangerResourceTrie(RangerServiceDef.RangerResourceDef resourceDef, List<T> evaluators, Comparator<T> comparator) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerResourceTrie(" + resourceDef.getName() + ", evaluatorCount=" + evaluators.size() + ")");
}
@@ -73,6 +78,7 @@ public class RangerResourceTrie<T extends RangerPolicyResourceEvaluator> {
this.optWildcard = RangerAbstractResourceMatcher.getOptionWildCard(matcherOptions);
this.wildcardChars = optWildcard ? DEFAULT_WILDCARD_CHARS + tokenReplaceSpecialChars : "" + tokenReplaceSpecialChars;
this.root = new TrieNode(Character.valueOf((char)0));
+ this.comparator = comparator;
for(T evaluator : evaluators) {
Map<String, RangerPolicyResource> policyResources = evaluator.getPolicyResource();
@@ -103,7 +109,7 @@ public class RangerResourceTrie<T extends RangerPolicyResourceEvaluator> {
}
}
- root.postSetup(null);
+ root.postSetup(null, comparator);
LOG.info(toString());
@@ -165,10 +171,6 @@ public class RangerResourceTrie<T extends RangerPolicyResourceEvaluator> {
return root.getMaxDepth();
}
- public void reorderEvaluators() {
- root.reorderEvaluators(null);
- }
-
private final Character getLookupChar(char ch) {
if(optIgnoreCase) {
ch = Character.toLowerCase(ch);
@@ -356,7 +358,7 @@ class TrieNode<T extends RangerPolicyResourceEvaluator> {
}
}
- void postSetup(List<T> parentWildcardEvaluators) {
+ void postSetup(List<T> parentWildcardEvaluators, Comparator<T> comparator) {
// finalize wildcard-evaluators list by including parent's wildcard evaluators
if(parentWildcardEvaluators != null) {
if(CollectionUtils.isEmpty(this.wildcardEvaluators)) {
@@ -380,44 +382,21 @@ class TrieNode<T extends RangerPolicyResourceEvaluator> {
}
}
- RangerPolicyResourceEvaluator.IdComparator comparator = new RangerPolicyResourceEvaluator.IdComparator();
- if(!isSharingParentWildcardEvaluators && CollectionUtils.isNotEmpty(wildcardEvaluators)) {
- Collections.sort(wildcardEvaluators, comparator);
- }
-
- if(evaluators != wildcardEvaluators && CollectionUtils.isNotEmpty(evaluators)) {
- Collections.sort(evaluators, comparator);
- }
-
- if(children != null) {
- for(Map.Entry<Character, TrieNode> entry : children.entrySet()) {
- TrieNode child = entry.getValue();
-
- child.postSetup(wildcardEvaluators);
+ if (comparator != null) {
+ if (!isSharingParentWildcardEvaluators && CollectionUtils.isNotEmpty(wildcardEvaluators)) {
+ Collections.sort(wildcardEvaluators, comparator);
}
- }
- }
- void reorderEvaluators(List<T> parentWildcardEvaluators) {
- boolean isEvaluatorsSameAsWildcardEvaluators = evaluators == wildcardEvaluators;
-
- if(isSharingParentWildcardEvaluators) {
- wildcardEvaluators = parentWildcardEvaluators;
- } else {
- wildcardEvaluators = getSortedCopy(wildcardEvaluators);
- }
-
- if(isEvaluatorsSameAsWildcardEvaluators) {
- evaluators = wildcardEvaluators;
- } else {
- evaluators = getSortedCopy(evaluators);
+ if (evaluators != wildcardEvaluators && CollectionUtils.isNotEmpty(evaluators)) {
+ Collections.sort(evaluators, comparator);
+ }
}
if(children != null) {
for(Map.Entry<Character, TrieNode> entry : children.entrySet()) {
TrieNode child = entry.getValue();
- child.reorderEvaluators(wildcardEvaluators);
+ child.postSetup(wildcardEvaluators, comparator);
}
}
}
@@ -462,18 +441,4 @@ class TrieNode<T extends RangerPolicyResourceEvaluator> {
evaluators = null;
wildcardEvaluators = null;
}
-
- private List<T> getSortedCopy(List<T> evaluators) {
- final List<T> ret;
-
- if(CollectionUtils.isNotEmpty(evaluators)) {
- ret = new ArrayList<>(evaluators);
-
- Collections.sort(ret, new RangerPolicyResourceEvaluator.IdComparator());
- } else {
- ret = evaluators;
- }
-
- return ret;
- }
}