You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2020/02/20 00:37:10 UTC
[ranger] branch master updated: RANGER-2734: updated Atlas plugin
for new operations in Atlas - add/remove label, update-namespace,
admin-purge
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new f909896 RANGER-2734: updated Atlas plugin for new operations in Atlas - add/remove label, update-namespace, admin-purge
f909896 is described below
commit f909896df1310cf198509e5eac474402c9473b47
Author: Madhan Neethiraj <ma...@apache.org>
AuthorDate: Tue Feb 18 14:12:52 2020 -0800
RANGER-2734: updated Atlas plugin for new operations in Atlas - add/remove label, update-namespace, admin-purge
---
.../service-defs/ranger-servicedef-atlas.json | 389 ++++++++++++---------
.../atlas/authorizer/RangerAtlasAuthorizer.java | 12 +
.../ranger/services/atlas/RangerServiceAtlas.java | 2 +
3 files changed, 245 insertions(+), 158 deletions(-)
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
index 7a6f0b9..9355b71 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
@@ -1,17 +1,18 @@
{
- "id": 15,
+ "id": 15,
"name": "atlas",
"displayName": "atlas",
"implClass": "org.apache.ranger.services.atlas.RangerServiceAtlas",
"label": "Atlas Metadata Server",
"description": "Atlas Metadata Server",
"guid": "311a79b7-16f5-46f4-9829-a0224b9999c5",
- "resources": [{
+ "resources": [
+ {
"itemId": 1,
"name": "type-category",
"type": "string",
"level": 10,
- "mandatory": true,
+ "mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
@@ -28,8 +29,9 @@
"name": "type",
"type": "string",
"level": 20,
- "mandatory": true,
+ "mandatory": true,
"parent": "type-category",
+ "isValidLeaf": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
@@ -40,14 +42,14 @@
},
"label": "Type Name",
"description": "Type Name",
- "accessTypeRestrictions": ["type-create", "type-update", "type-delete"]
+ "accessTypeRestrictions": ["type-create", "type-update", "type-delete"]
},
{
"itemId": 3,
"name": "entity-type",
"type": "string",
"level": 10,
- "mandatory": true,
+ "mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
@@ -64,7 +66,7 @@
"name": "entity-classification",
"type": "string",
"level": 20,
- "mandatory": true,
+ "mandatory": true,
"parent": "entity-type",
"lookupSupported": true,
"recursiveSupported": false,
@@ -82,8 +84,9 @@
"name": "entity",
"type": "string",
"level": 30,
- "mandatory": true,
+ "mandatory": true,
"parent": "entity-classification",
+ "isValidLeaf": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
@@ -94,14 +97,14 @@
},
"label": "Entity ID",
"description": "Entity ID",
- "accessTypeRestrictions": ["entity-read", "entity-create", "entity-update", "entity-delete", "entity-add-classification", "entity-update-classification", "entity-remove-classification"]
+ "accessTypeRestrictions": ["entity-read", "entity-create", "entity-update", "entity-delete", "entity-add-classification", "entity-update-classification", "entity-remove-classification"]
},
{
"itemId": 6,
"name": "atlas-service",
"type": "string",
"level": 10,
- "mandatory": true,
+ "mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
@@ -112,138 +115,187 @@
},
"label": "Atlas Service",
"description": "Atlas Service",
- "accessTypeRestrictions": ["admin-import", "admin-export"]
- }, {
- "itemId": 7,
- "name": "relationship-type",
- "type": "string",
- "level": 10,
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "Relationship Type",
- "description": "Relationship Type"
- }, {
- "itemId": 8,
- "name": "end-one-entity-type",
- "type": "string",
- "level": 20,
- "mandatory": true,
- "parent": "relationship-type",
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "End1 Entity Type",
- "description": "End1 Entity Type"
- },
- {
- "itemId": 9,
- "name": "end-one-entity-classification",
- "type": "string",
- "level": 30,
- "mandatory": true,
- "parent": "end-one-entity-type",
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "End1 Entity Classification",
- "description": "End1 Entity Classification"
- },
- {
- "itemId": 10,
- "name": "end-one-entity",
- "type": "string",
- "level": 40,
- "mandatory": true,
- "parent": "end-one-entity-classification",
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "End1 Entity ID",
- "description": "End1 Entity ID"
- },
- {
- "itemId": 11,
- "name": "end-two-entity-type",
- "type": "string",
- "level": 50,
- "mandatory": true,
- "parent": "end-one-entity",
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "End2 Entity Type",
- "description": "End2 Entity Type"
- },
- {
- "itemId": 12,
- "name": "end-two-entity-classification",
- "type": "string",
- "level": 60,
- "mandatory": true,
- "parent": "end-two-entity-type",
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "End2 Entity Classification",
- "description": "End2 Entity Classification"
- },
- {
- "itemId": 13,
- "name": "end-two-entity",
- "type": "string",
- "level": 70,
- "mandatory": true,
- "parent": "end-two-entity-classification",
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "End2 Entity ID",
- "description": "End2 Entity ID",
- "accessTypeRestrictions": [
- "add-relationship",
- "update-relationship",
- "remove-relationship"
- ]
+ "accessTypeRestrictions": ["admin-import", "admin-export"]
+ },
+ {
+ "itemId": 7,
+ "name": "relationship-type",
+ "type": "string",
+ "level": 10,
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": {
+ "wildCard": "true",
+ "ignoreCase": "true"
+ },
+ "label": "Relationship Type",
+ "description": "Relationship Type"
+ },
+ {
+ "itemId": 8,
+ "name": "end-one-entity-type",
+ "type": "string",
+ "level": 20,
+ "mandatory": true,
+ "parent": "relationship-type",
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": {
+ "wildCard": "true",
+ "ignoreCase": "true"
+ },
+ "label": "End1 Entity Type",
+ "description": "End1 Entity Type"
+ },
+ {
+ "itemId": 9,
+ "name": "end-one-entity-classification",
+ "type": "string",
+ "level": 30,
+ "mandatory": true,
+ "parent": "end-one-entity-type",
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": {
+ "wildCard": "true",
+ "ignoreCase": "true"
+ },
+ "label": "End1 Entity Classification",
+ "description": "End1 Entity Classification"
+ },
+ {
+ "itemId": 10,
+ "name": "end-one-entity",
+ "type": "string",
+ "level": 40,
+ "mandatory": true,
+ "parent": "end-one-entity-classification",
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": {
+ "wildCard": "true",
+ "ignoreCase": "true"
+ },
+ "label": "End1 Entity ID",
+ "description": "End1 Entity ID"
+ },
+ {
+ "itemId": 11,
+ "name": "end-two-entity-type",
+ "type": "string",
+ "level": 50,
+ "mandatory": true,
+ "parent": "end-one-entity",
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": {
+ "wildCard": "true",
+ "ignoreCase": "true"
+ },
+ "label": "End2 Entity Type",
+ "description": "End2 Entity Type"
+ },
+ {
+ "itemId": 12,
+ "name": "end-two-entity-classification",
+ "type": "string",
+ "level": 60,
+ "mandatory": true,
+ "parent": "end-two-entity-type",
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": {
+ "wildCard": "true",
+ "ignoreCase": "true"
+ },
+ "label": "End2 Entity Classification",
+ "description": "End2 Entity Classification"
+ },
+ {
+ "itemId": 13,
+ "name": "end-two-entity",
+ "type": "string",
+ "level": 70,
+ "mandatory": true,
+ "parent": "end-two-entity-classification",
+ "isValidLeaf": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": {
+ "wildCard": "true",
+ "ignoreCase": "true"
+ },
+ "label": "End2 Entity ID",
+ "description": "End2 Entity ID",
+ "accessTypeRestrictions": [
+ "add-relationship",
+ "update-relationship",
+ "remove-relationship"
+ ]
+ },
+ {
+ "itemId": 14,
+ "name": "entity-label",
+ "type": "string",
+ "level": 40,
+ "mandatory": true,
+ "parent": "entity",
+ "isValidLeaf": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": {
+ "wildCard": "true",
+ "ignoreCase": "true"
+ },
+ "label": "Label",
+ "description": "Label",
+ "accessTypeRestrictions": [
+ "entity-add-label",
+ "entity-remove-label"
+ ]
+ },
+ {
+ "itemId": 15,
+ "name": "entity-namespace",
+ "type": "string",
+ "level": 40,
+ "mandatory": true,
+ "parent": "entity",
+ "isValidLeaf": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": {
+ "wildCard": "true",
+ "ignoreCase": "true"
+ },
+ "label": "Namespace",
+ "description": "Namespace",
+ "accessTypeRestrictions": [
+ "entity-update-namespace"
+ ]
}
],
- "accessTypes": [{
+ "accessTypes": [
+ {
"itemId": 1,
"name": "type-create",
"label": "Create Type"
@@ -251,7 +303,7 @@
{
"itemId": 2,
"name": "type-update",
- "label": "UpdateType"
+ "label": "Update Type"
},
{
"itemId": 3,
@@ -302,24 +354,45 @@
"itemId": 12,
"name": "admin-import",
"label": "Admin Import"
- },
- {
- "itemId": 13,
- "name": "add-relationship",
- "label": "Add Relationship"
- },
- {
- "itemId": 14,
- "name": "update-relationship",
- "label": "Update Relationship"
- },
- {
- "itemId": 15,
- "name": "remove-relationship",
- "label": "Remove Relationship"
+ },
+ {
+ "itemId": 13,
+ "name": "add-relationship",
+ "label": "Add Relationship"
+ },
+ {
+ "itemId": 14,
+ "name": "update-relationship",
+ "label": "Update Relationship"
+ },
+ {
+ "itemId": 15,
+ "name": "remove-relationship",
+ "label": "Remove Relationship"
+ },
+ {
+ "itemId": 16,
+ "name": "admin-purge",
+ "label": "Admin Purge"
+ },
+ {
+ "itemId": 17,
+ "name": "entity-add-label",
+ "label": "Add Label"
+ },
+ {
+ "itemId": 18,
+ "name": "entity-remove-label",
+ "label": "Remove Label"
+ },
+ {
+ "itemId": 19,
+ "name": "entity-update-namespace",
+ "label": "Update Namespace"
}
],
- "configs": [{
+ "configs": [
+ {
"itemId": 1,
"name": "username",
"type": "string",
@@ -351,4 +424,4 @@
"options": {
"enableDenyAndExceptionsInPolicies": "true"
}
-}
\ No newline at end of file
+}
diff --git a/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java b/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
index 7f841d4..ca06cf8 100644
--- a/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
+++ b/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
@@ -352,6 +352,12 @@ public class RangerAtlasAuthorizer implements AtlasAuthorizer {
rangerRequest.setForwardedAddresses(request.getForwardedAddresses());
rangerRequest.setRemoteIPAddress(request.getRemoteIPAddress());
+ if (AtlasPrivilege.ENTITY_ADD_LABEL.equals(request.getAction()) || AtlasPrivilege.ENTITY_REMOVE_LABEL.equals(request.getAction())) {
+ rangerResource.setValue(RESOURCE_ENTITY_LABEL, request.getLabel());
+ } else if (AtlasPrivilege.ENTITY_UPDATE_NAMESPACE.equals(request.getAction())) {
+ rangerResource.setValue(RESOURCE_ENTITY_NAMESPACE, request.getNamespaceName());
+ }
+
if (StringUtils.isNotEmpty(classification)) {
rangerResource.setValue(RESOURCE_ENTITY_CLASSIFICATION, request.getClassificationTypeAndAllSuperTypes(classification));
@@ -460,6 +466,12 @@ public class RangerAtlasAuthorizer implements AtlasAuthorizer {
rangerResource.setValue(RESOURCE_ENTITY_CLASSIFICATION, strClassifications);
rangerResource.setValue(RESOURCE_ENTITY_ID, request.getEntityId());
+ if (AtlasPrivilege.ENTITY_ADD_LABEL.equals(request.getAction()) || AtlasPrivilege.ENTITY_REMOVE_LABEL.equals(request.getAction())) {
+ rangerResource.setValue(RESOURCE_ENTITY_LABEL, "label=" + request.getLabel());
+ } else if (AtlasPrivilege.ENTITY_UPDATE_NAMESPACE.equals(request.getAction())) {
+ rangerResource.setValue(RESOURCE_ENTITY_NAMESPACE, "namespace=" + request.getNamespaceName());
+ }
+
auditEvents = new HashMap<>();
resourcePath = rangerResource.getAsString();
}
diff --git a/plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java b/plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
index e6b8456..d27cde3 100644
--- a/plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
+++ b/plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
@@ -63,6 +63,8 @@ public class RangerServiceAtlas extends RangerBaseService {
public static final String RESOURCE_ENTITY_TYPE = "entity-type";
public static final String RESOURCE_ENTITY_CLASSIFICATION = "entity-classification";
public static final String RESOURCE_ENTITY_ID = "entity";
+ public static final String RESOURCE_ENTITY_LABEL = "entity-label";
+ public static final String RESOURCE_ENTITY_NAMESPACE = "entity-namespace";
public static final String RESOURCE_ENTITY_OWNER = "owner";
public static final String RESOURCE_RELATIONSHIP_TYPE = "relationship-type";
public static final String RESOURCE_END_ONE_ENTITY_TYPE = "end-one-entity-type";