You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2016/08/30 19:27:45 UTC
incubator-ranger git commit: RANGER-1162: updated to create
resource-trie only when needed
Repository: incubator-ranger
Updated Branches:
refs/heads/master ff4e2e7b6 -> 9918c8d25
RANGER-1162: updated to create resource-trie only when needed
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/9918c8d2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/9918c8d2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/9918c8d2
Branch: refs/heads/master
Commit: 9918c8d25c35633c86b2a641a29ff1a83dfe51a0
Parents: ff4e2e7
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Tue Aug 30 11:14:49 2016 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue Aug 30 11:26:06 2016 -0700
----------------------------------------------------------------------
.../policyengine/RangerPolicyRepository.java | 107 +++++++++----------
1 file changed, 52 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9918c8d2/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index d0b3f09..0fd8ed4 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -87,7 +87,6 @@ class RangerPolicyRepository {
private final String componentServiceName;
private final RangerServiceDef componentServiceDef;
- private final boolean disableTrieLookupPrefilter;
private final Map<String, RangerResourceTrie> policyResourceTrie;
private final Map<String, RangerResourceTrie> dataMaskResourceTrie;
private final Map<String, RangerResourceTrie> rowFilterResourceTrie;
@@ -132,24 +131,22 @@ class RangerPolicyRepository {
this.accessAuditCache = null;
}
- this.disableTrieLookupPrefilter = options.disableTrieLookupPrefilter;
-
- if(this.disableTrieLookupPrefilter) {
- policyResourceTrie = null;
- dataMaskResourceTrie = null;
- rowFilterResourceTrie = null;
- } else {
- policyResourceTrie = new HashMap<String, RangerResourceTrie>();
- dataMaskResourceTrie = new HashMap<String, RangerResourceTrie>();
- rowFilterResourceTrie = new HashMap<String, RangerResourceTrie>();
- }
-
if(LOG.isDebugEnabled()) {
LOG.debug("RangerPolicyRepository : building policy-repository for service[" + serviceName
+ "] with auditMode[" + auditModeEnum + "]");
}
init(options);
+
+ if(options.disableTrieLookupPrefilter) {
+ policyResourceTrie = null;
+ dataMaskResourceTrie = null;
+ rowFilterResourceTrie = null;
+ } else {
+ policyResourceTrie = createResourceTrieMap(policyEvaluators);
+ dataMaskResourceTrie = createResourceTrieMap(dataMaskPolicyEvaluators);
+ rowFilterResourceTrie = createResourceTrieMap(rowFilterPolicyEvaluators);
+ }
}
RangerPolicyRepository(String appId, ServicePolicies.TagPolicies tagPolicies, RangerPolicyEngineOptions options,
@@ -179,24 +176,22 @@ class RangerPolicyRepository {
this.accessAuditCache = null;
- this.disableTrieLookupPrefilter = options.disableTrieLookupPrefilter;
-
- if(this.disableTrieLookupPrefilter) {
- policyResourceTrie = null;
- dataMaskResourceTrie = null;
- rowFilterResourceTrie = null;
- } else {
- policyResourceTrie = new HashMap<String, RangerResourceTrie>();
- dataMaskResourceTrie = new HashMap<String, RangerResourceTrie>();
- rowFilterResourceTrie = new HashMap<String, RangerResourceTrie>();
- }
-
if(LOG.isDebugEnabled()) {
LOG.debug("RangerPolicyRepository : building tag-policy-repository for tag service[" + serviceName
+ "] with auditMode[" + auditModeEnum +"]");
}
init(options);
+
+ if(options.disableTrieLookupPrefilter) {
+ policyResourceTrie = null;
+ dataMaskResourceTrie = null;
+ rowFilterResourceTrie = null;
+ } else {
+ policyResourceTrie = createResourceTrieMap(policyEvaluators);
+ dataMaskResourceTrie = createResourceTrieMap(dataMaskPolicyEvaluators);
+ rowFilterResourceTrie = createResourceTrieMap(rowFilterPolicyEvaluators);
+ }
}
public String getServiceName() { return serviceName; }
@@ -220,7 +215,7 @@ class RangerPolicyRepository {
}
List<RangerPolicyEvaluator> getPolicyEvaluators(RangerAccessResource resource) {
- return disableTrieLookupPrefilter ? getPolicyEvaluators() : getPolicyEvaluators(policyResourceTrie, resource);
+ return policyResourceTrie == null ? getPolicyEvaluators() : getPolicyEvaluators(policyResourceTrie, resource);
}
List<RangerPolicyEvaluator> getDataMaskPolicyEvaluators() {
@@ -228,7 +223,7 @@ class RangerPolicyRepository {
}
List<RangerPolicyEvaluator> getDataMaskPolicyEvaluators(RangerAccessResource resource) {
- return disableTrieLookupPrefilter ? getDataMaskPolicyEvaluators() : getPolicyEvaluators(dataMaskResourceTrie, resource);
+ return dataMaskResourceTrie == null ? getDataMaskPolicyEvaluators() : getPolicyEvaluators(dataMaskResourceTrie, resource);
}
List<RangerPolicyEvaluator> getRowFilterPolicyEvaluators() {
@@ -236,7 +231,7 @@ class RangerPolicyRepository {
}
List<RangerPolicyEvaluator> getRowFilterPolicyEvaluators(RangerAccessResource resource) {
- return disableTrieLookupPrefilter ? getRowFilterPolicyEvaluators() : getPolicyEvaluators(rowFilterResourceTrie, resource);
+ return rowFilterResourceTrie == null ? getRowFilterPolicyEvaluators() : getPolicyEvaluators(rowFilterResourceTrie, resource);
}
private List<RangerPolicyEvaluator> getPolicyEvaluators(Map<String, RangerResourceTrie> resourceTrie, RangerAccessResource resource) {
@@ -529,8 +524,6 @@ class RangerPolicyRepository {
}
this.contextEnrichers = Collections.unmodifiableList(contextEnrichers);
- initResourceTries();
-
if(LOG.isDebugEnabled()) {
LOG.debug("policy evaluation order: " + this.policyEvaluators.size() + " policies");
@@ -556,26 +549,6 @@ class RangerPolicyRepository {
LOG.debug("rowFilter policy evaluation order: #" + (++order) + " - policy id=" + policy.getId() + "; name=" + policy.getName() + "; evalOrder=" + policyEvaluator.getEvalOrder());
}
-
- LOG.debug("policyResourceTrie: " + this.policyResourceTrie);
- LOG.debug("dataMaskResourceTrie: " + this.dataMaskResourceTrie);
- LOG.debug("rowFilterResourceTrie: " + this.rowFilterResourceTrie);
- }
- }
-
- private void initResourceTries() {
- if(! this.disableTrieLookupPrefilter) {
- policyResourceTrie.clear();
- dataMaskResourceTrie.clear();
- rowFilterResourceTrie.clear();
-
- if (serviceDef != null && serviceDef.getResources() != null) {
- for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
- policyResourceTrie.put(resourceDef.getName(), new RangerResourceTrie(resourceDef, policyEvaluators));
- dataMaskResourceTrie.put(resourceDef.getName(), new RangerResourceTrie(resourceDef, dataMaskPolicyEvaluators));
- rowFilterResourceTrie.put(resourceDef.getName(), new RangerResourceTrie(resourceDef, rowFilterPolicyEvaluators));
- }
- }
}
}
@@ -732,14 +705,22 @@ class RangerPolicyRepository {
LOG.debug("==> reorderEvaluators()");
}
- if(disableTrieLookupPrefilter) {
- policyEvaluators = getReorderedPolicyEvaluators(policyEvaluators);
- dataMaskPolicyEvaluators = getReorderedPolicyEvaluators(dataMaskPolicyEvaluators);
- rowFilterPolicyEvaluators = getReorderedPolicyEvaluators(rowFilterPolicyEvaluators);
- } else {
+ if(policyResourceTrie != null) {
reorderPolicyEvaluators(policyResourceTrie);
+ } else {
+ policyEvaluators = getReorderedPolicyEvaluators(policyEvaluators);
+ }
+
+ if(dataMaskResourceTrie != null) {
reorderPolicyEvaluators(dataMaskResourceTrie);
+ } else {
+ dataMaskPolicyEvaluators = getReorderedPolicyEvaluators(dataMaskPolicyEvaluators);
+ }
+
+ if(rowFilterResourceTrie != null) {
reorderPolicyEvaluators(rowFilterResourceTrie);
+ } else {
+ rowFilterPolicyEvaluators = getReorderedPolicyEvaluators(rowFilterPolicyEvaluators);
}
if (LOG.isDebugEnabled()) {
@@ -773,6 +754,22 @@ class RangerPolicyRepository {
return ret;
}
+ private Map<String, RangerResourceTrie> createResourceTrieMap(List<RangerPolicyEvaluator> evaluators) {
+ final Map<String, RangerResourceTrie> ret;
+
+ if (CollectionUtils.isNotEmpty(evaluators) && serviceDef != null && CollectionUtils.isNotEmpty(serviceDef.getResources())) {
+ ret = new HashMap<String, RangerResourceTrie>();
+
+ for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
+ ret.put(resourceDef.getName(), new RangerResourceTrie(resourceDef, evaluators));
+ }
+ } else {
+ ret = null;
+ }
+
+ return ret;
+ }
+
@Override
public String toString( ) {
StringBuilder sb = new StringBuilder();