You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/10/31 00:21:32 UTC
[1/7] incubator-ranger git commit: RANGER-700:Provide a wrapper shell
script to run the FileSourceUserGroupBuilder process
Repository: incubator-ranger
Updated Branches:
refs/heads/tag-policy 21204fe62 -> 6b79130d9
RANGER-700:Provide a wrapper shell script to run the FileSourceUserGroupBuilder process
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d60c4df2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/d60c4df2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/d60c4df2
Branch: refs/heads/tag-policy
Commit: d60c4df2af863e38a4253ced8e510b36d5e606a1
Parents: 21204fe
Author: rmani <rm...@hortonworks.com>
Authored: Wed Oct 28 16:18:35 2015 -0700
Committer: rmani <rm...@hortonworks.com>
Committed: Wed Oct 28 16:18:35 2015 -0700
----------------------------------------------------------------------
src/main/assembly/usersync.xml | 9 +++
.../run-filesource-usersync.sh | 72 ++++++++++++++++++++
2 files changed, 81 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d60c4df2/src/main/assembly/usersync.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/usersync.xml b/src/main/assembly/usersync.xml
index 161a443..211db7c 100644
--- a/src/main/assembly/usersync.xml
+++ b/src/main/assembly/usersync.xml
@@ -134,6 +134,15 @@
</includes>
<fileMode>544</fileMode>
</fileSet>
+ <fileSet>
+ <directoryMode>755</directoryMode>
+ <fileMode>755</fileMode>
+ <outputDirectory>/usersync_tool</outputDirectory>
+ <directory>ugsync/filesourceusersynctool</directory>
+ <includes>
+ <include>run-filesource-usersync.sh</include>
+ </includes>
+ </fileSet>
<fileSet>
<directoryMode>755</directoryMode>
<fileMode>755</fileMode>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d60c4df2/ugsync/filesourceusersynctool/run-filesource-usersync.sh
----------------------------------------------------------------------
diff --git a/ugsync/filesourceusersynctool/run-filesource-usersync.sh b/ugsync/filesourceusersynctool/run-filesource-usersync.sh
new file mode 100644
index 0000000..6badfa1
--- /dev/null
+++ b/ugsync/filesourceusersynctool/run-filesource-usersync.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+usage() {
+ echo "usage: run-filesource-usergroupsync.sh
+ -h show help.
+ -i <arg> Input file name ( csv or json file )
+ JSON FILE FORMAT
+ {
+ "user1":["group-1", "group-2", "group-3"],
+ "user2":["group-x","group-y","group-z"]
+ }
+
+ CSV FILE FORMAT
+ user-1,group-1,group-2,group-3
+ user-2,group-x,group-y,group-z"
+ exit 1
+}
+
+logdir="/var/log/ranger/usersync"
+scriptPath=$(cd "$(dirname "$0")"; pwd)
+ugsync_home="${scriptPath}/.."
+cp="${ugsync_home}/dist/*:${ugsync_home}/lib/*:${ugsync_home}/conf"
+
+JAVA_CMD="java -Dlogdir=${logdir} -cp ${cp} org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder"
+
+while getopts "i:h" opt; do
+ case $opt in
+ i) JAVA_CMD="$JAVA_CMD $OPTARG"
+ fileName=$OPTARG
+ ;;
+ h) usage
+ ;;
+ \?) echo -e \\n"Option -$OPTARG not allowed."
+ usage
+ ;;
+ esac
+done
+
+if [ $OPTIND -eq 1 ];
+then
+ usage;
+fi
+
+echo "JAVA commnad = $JAVA_CMD"
+
+if [ "${JAVA_HOME}" != "" ]
+then
+ export JAVA_HOME
+ PATH="${JAVA_HOME}/bin:${PATH}"
+ export PATH
+fi
+$JAVA_CMD
+errorCode=$?
+if [ ${errorCode} -eq 0 ]; then
+ echo "Successfully loaded users/groups from file ${fileName}"
+else
+ echo "Failed to load users/groups from file ${fileName}: error code=${errorCode}"
+fi
[7/7] incubator-ranger git commit: RANGER-711: Fix for issues
reported by static code analysis
Posted by ma...@apache.org.
RANGER-711: Fix for issues reported by static code analysis
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/6b79130d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/6b79130d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/6b79130d
Branch: refs/heads/tag-policy
Commit: 6b79130d9b7076b7ce796b7acef29544be2d82b0
Parents: fab2a10
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Thu Oct 29 14:46:42 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Fri Oct 30 15:54:20 2015 -0700
----------------------------------------------------------------------
.../plugin/geo/RangerGeolocationData.java | 69 ++++++++++++++------
.../apache/ranger/plugin/geo/ValuePrinter.java | 4 +-
.../ranger/plugin/model/RangerPolicy.java | 2 +-
.../plugin/model/RangerServiceResource.java | 4 +-
.../ranger/plugin/model/RangerTagDef.java | 8 +--
.../plugin/model/RangerTagResourceMap.java | 4 +-
.../policyengine/RangerPolicyRepository.java | 2 +-
.../RangerOptimizedPolicyEvaluator.java | 16 ++++-
.../RangerDefaultPolicyResourceMatcher.java | 5 +-
.../store/RangerServiceResourceSignature.java | 26 ++++----
.../ranger/plugin/store/file/TagFileStore.java | 9 ++-
.../ranger/plugin/util/ServicePolicies.java | 2 +-
.../tagsync/source/atlas/TagAtlasSource.java | 10 ++-
.../tagsync/source/file/TagFileSource.java | 6 +-
14 files changed, 112 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/agents-common/src/main/java/org/apache/ranger/plugin/geo/RangerGeolocationData.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/geo/RangerGeolocationData.java b/agents-common/src/main/java/org/apache/ranger/plugin/geo/RangerGeolocationData.java
index 6f1f3f3..72e23c7 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/geo/RangerGeolocationData.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/geo/RangerGeolocationData.java
@@ -25,15 +25,17 @@ import org.apache.commons.logging.LogFactory;
import java.net.InetAddress;
import java.net.UnknownHostException;
+import java.util.Objects;
public class RangerGeolocationData implements Comparable<RangerGeolocationData>, RangeChecker<Long> {
private static final Log LOG = LogFactory.getLog(RangerGeolocationData.class);
private static final Character IPSegmentsSeparator = '.';
- private long fromIPAddress;
- private long toIPAddress;
- private String[] locationData = new String[0];
+ private final long fromIPAddress;
+ private final long toIPAddress;
+ private final String[] locationData;
+ private int hash = 0;
public static RangerGeolocationData create(String fields[], int index, boolean useDotFormat) {
@@ -69,7 +71,7 @@ public class RangerGeolocationData implements Comparable<RangerGeolocationData>,
return data;
}
- public RangerGeolocationData(final long fromIPAddress, final long toIPAddress, final String[] locationData) {
+ private RangerGeolocationData(final long fromIPAddress, final long toIPAddress, final String[] locationData) {
this.fromIPAddress = fromIPAddress;
this.toIPAddress = toIPAddress;
this.locationData = locationData;
@@ -81,14 +83,40 @@ public class RangerGeolocationData implements Comparable<RangerGeolocationData>,
@Override
public int compareTo(final RangerGeolocationData other) {
- int ret = Long.compare(fromIPAddress, other.fromIPAddress);
+ int ret = (other == null) ? 1 : 0;
if (ret == 0) {
- ret = Long.compare(toIPAddress, other.toIPAddress);
+ ret = Long.compare(fromIPAddress, other.fromIPAddress);
+ if (ret == 0) {
+ ret = Long.compare(toIPAddress, other.toIPAddress);
+ if (ret == 0) {
+ ret = Integer.compare(locationData.length, other.locationData.length);
+ for (int i = 0; ret == 0 && i < locationData.length; i++) {
+ ret = stringCompareTo(locationData[i], other.locationData[i]);
+ }
+ }
+ }
}
return ret;
}
@Override
+ public boolean equals(Object other) {
+ boolean ret = false;
+ if (other != null && (other instanceof RangerGeolocationData)) {
+ ret = this == other || compareTo((RangerGeolocationData) other) == 0;
+ }
+ return ret;
+ }
+
+ @Override
+ public int hashCode() {
+ if (hash == 0) {
+ hash = Objects.hash(fromIPAddress, toIPAddress, locationData);
+ }
+ return hash;
+ }
+
+ @Override
public int compareToRange(final Long ip) {
int ret = Long.compare(fromIPAddress, ip.longValue());
@@ -145,7 +173,8 @@ public class RangerGeolocationData implements Comparable<RangerGeolocationData>,
boolean ret = false;
try {
- byte[] bytes = InetAddress.getByName(ipAddress).getAddress();
+ // Only to validate to see if ipAddress is in correct format
+ InetAddress.getByName(ipAddress).getAddress();
ret = true;
}
catch(UnknownHostException exception) {
@@ -155,11 +184,23 @@ public class RangerGeolocationData implements Comparable<RangerGeolocationData>,
return ret;
}
+ private static int stringCompareTo(String str1, String str2) {
+ if(str1 == str2) {
+ return 0;
+ } else if(str1 == null) {
+ return -1;
+ } else if(str2 == null) {
+ return 1;
+ } else {
+ return str1.compareTo(str2);
+ }
+ }
+
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
- toStringDump(sb);
+ toString(sb);
return sb.toString();
}
@@ -178,16 +219,4 @@ public class RangerGeolocationData implements Comparable<RangerGeolocationData>,
sb.append("}");
return sb;
}
-
- private StringBuilder toStringDump(StringBuilder sb) {
- sb.append(RangerGeolocationData.unsignedIntToIPAddress(fromIPAddress))
- .append(",")
- .append(RangerGeolocationData.unsignedIntToIPAddress(toIPAddress))
- .append(",");
- for (int i = 0; i < locationData.length; i++) {
- sb.append(locationData[i]).append(", ");
- }
- return sb;
- }
-
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/agents-common/src/main/java/org/apache/ranger/plugin/geo/ValuePrinter.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/geo/ValuePrinter.java b/agents-common/src/main/java/org/apache/ranger/plugin/geo/ValuePrinter.java
index c353a6f..62d6891 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/geo/ValuePrinter.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/geo/ValuePrinter.java
@@ -30,11 +30,9 @@ class ValuePrinter<T> implements ValueProcessor<T> {
private Writer writer;
private String fileName;
- private boolean pretty;
- ValuePrinter(String fileName, boolean pretty) {
+ ValuePrinter(String fileName) {
this.fileName = fileName;
- this.pretty = pretty;
}
public T process(T value) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
index a813a6e..fb5383c 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
@@ -384,7 +384,7 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
sb.append("} ");
sb.append("allowExceptions={");
- if(denyExceptions != null) {
+ if(allowExceptions != null) {
for(RangerPolicyItem policyItem : allowExceptions) {
if(policyItem != null) {
policyItem.toString(sb);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java
index 6acb2b6..867920f 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java
@@ -92,7 +92,9 @@ public class RangerServiceResource extends RangerBaseModelObject {
public StringBuilder toString(StringBuilder sb) {
- sb.append("{ ");
+ sb.append("RangerServiceResource={ ");
+
+ super.toString(sb);
sb.append("guid={").append(getGuid()).append("} ");
sb.append("serviceName={").append(serviceName).append("} ");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagDef.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagDef.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagDef.java
index bd9bbfa..ba2a5d7 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagDef.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagDef.java
@@ -69,7 +69,7 @@ public class RangerTagDef extends RangerBaseModelObject {
public void setName(String name) {
- this.name = name == null ? new String() : name;
+ this.name = name == null ? "" : name;
}
public String getSource() {
@@ -77,7 +77,7 @@ public class RangerTagDef extends RangerBaseModelObject {
}
public void setSource(String source) {
- this.source = source == null ? new String() : source;
+ this.source = source == null ? "" : source;
}
public List<RangerTagAttributeDef> getAttributeDefs() {
@@ -125,10 +125,10 @@ public class RangerTagDef extends RangerBaseModelObject {
}
public void setName(String name) {
- this.name = name == null ? new String() : name;
+ this.name = name == null ? "" : name;
}
public void setType(String type) {
- this.type = type == null ? new String() : type;
+ this.type = type == null ? "" : type;
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagResourceMap.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagResourceMap.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagResourceMap.java
index 3ee0b3e..ada2b8d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagResourceMap.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagResourceMap.java
@@ -69,7 +69,9 @@ public class RangerTagResourceMap extends RangerBaseModelObject {
public StringBuilder toString(StringBuilder sb) {
- sb.append("{ ");
+ sb.append("RangerTagResourceMap={ ");
+
+ super.toString(sb);
sb.append("resourceId=").append(resourceId).append(", ");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index 37b1ea6..57b1b7d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -250,7 +250,7 @@ public class RangerPolicyRepository {
}
if (policyItemAccesses.isEmpty() && !policyItem.getDelegateAdmin()) {
- if(itemsToPrune != null) {
+ if(itemsToPrune == null) {
itemsToPrune = new ArrayList< RangerPolicy.RangerPolicyItem>();
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java
index a3da6bb..e81280f 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java
@@ -92,7 +92,7 @@ public class RangerOptimizedPolicyEvaluator extends RangerDefaultPolicyEvaluator
}
}
- class LevelResourceNames implements Comparable<LevelResourceNames> {
+ static class LevelResourceNames implements Comparable<LevelResourceNames> {
final int level;
final RangerPolicy.RangerPolicyResource policyResource;
@@ -106,6 +106,20 @@ public class RangerOptimizedPolicyEvaluator extends RangerDefaultPolicyEvaluator
// Sort in ascending order of level numbers
return Integer.compare(this.level, other.level);
}
+
+ @Override
+ public boolean equals(Object other) {
+ boolean ret = false;
+ if (other != null && (other instanceof LevelResourceNames)) {
+ ret = this == other || compareTo((LevelResourceNames) other) == 0;
+ }
+ return ret;
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hashCode(this.level);
+ }
}
public int computeEvalOrder() {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
index 4d6a00a..e6f61d5 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
@@ -144,12 +144,13 @@ public class RangerDefaultPolicyResourceMatcher implements RangerPolicyResourceM
if(matchers == null) {
Set<String> policyResourceKeys = policyResources == null ? null : policyResources.keySet();
- String keysString = "";
+ StringBuffer sb = new StringBuffer();
if (CollectionUtils.isNotEmpty(policyResourceKeys)) {
for (String policyResourceKeyName : policyResourceKeys) {
- keysString += " " + policyResourceKeyName + " ";
+ sb.append(" ").append(policyResourceKeyName).append(" ");
}
}
+ String keysString = sb.toString();
String serviceDefName = serviceDef == null ? "" : serviceDef.getName();
String validHierarchy = "";
if (CollectionUtils.isNotEmpty(firstValidResourceDefHierarchy)) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java
index 1ff39b1..fca1c1d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java
@@ -78,18 +78,20 @@ public class RangerServiceResourceSignature {
Collections.sort(values);
builder.append(values);
}
- }
- builder.append(",excludes=");
- if (_policyResource.getIsExcludes() == null) { // null is same as false
- builder.append(Boolean.FALSE);
- } else {
- builder.append(_policyResource.getIsExcludes());
- }
- builder.append(",recursive=");
- if (_policyResource.getIsRecursive() == null) { // null is the same as false
- builder.append(Boolean.FALSE);
- } else {
- builder.append(_policyResource.getIsRecursive());
+
+ builder.append(",excludes=");
+ if (_policyResource.getIsExcludes() == null) { // null is same as false
+ builder.append(Boolean.FALSE);
+ } else {
+ builder.append(_policyResource.getIsExcludes());
+ }
+
+ builder.append(",recursive=");
+ if (_policyResource.getIsRecursive() == null) { // null is the same as false
+ builder.append(Boolean.FALSE);
+ } else {
+ builder.append(_policyResource.getIsRecursive());
+ }
}
builder.append("}");
return builder.toString();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java
index 6a94f04..14b0d73 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java
@@ -954,12 +954,15 @@ public class TagFileStore extends AbstractTagStore {
LOG.debug("==> TagFileStore.getTagResourceMapsForResourceGuid(" + resourceGuid + ")");
}
- SearchFilter filter = new SearchFilter();
+ List<RangerTagResourceMap> ret = null;
RangerServiceResource resource = getServiceResourceByGuid(resourceGuid);
- filter.setParam(SearchFilter.TAG_RESOURCE_ID, resource.getId().toString());
- List<RangerTagResourceMap> ret = getTagResourceMaps(filter);
+ if (resource != null) {
+ SearchFilter filter = new SearchFilter();
+ filter.setParam(SearchFilter.TAG_RESOURCE_ID, resource.getId().toString());
+ ret = getTagResourceMaps(filter);
+ }
if (LOG.isDebugEnabled()) {
LOG.debug("<== TagFileStore.getTagResourceMapsForResourceGuid(" + resourceGuid + "): " + ret);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
index a1c6397..af9f6d7 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
@@ -155,7 +155,7 @@ public class ServicePolicies implements java.io.Serializable {
@JsonIgnoreProperties(ignoreUnknown=true)
@XmlRootElement
@XmlAccessorType(XmlAccessType.FIELD)
- public static class TagPolicies {
+ public static class TagPolicies implements java.io.Serializable {
private String serviceName;
private Long serviceId;
private Long policyVersion;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/TagAtlasSource.java
----------------------------------------------------------------------
diff --git a/tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/TagAtlasSource.java b/tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/TagAtlasSource.java
index e5c91bd..2725b23 100644
--- a/tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/TagAtlasSource.java
+++ b/tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/TagAtlasSource.java
@@ -77,9 +77,15 @@ public class TagAtlasSource implements TagSource {
if (inputStream != null) {
try {
atlasProperties.load(inputStream);
- } catch (IOException ioException) {
+ } catch (Exception exception) {
ret = false;
- LOG.error("Cannot load Atlas application properties file, file-name:" + TAGSYNC_ATLAS_PROPERTIES_FILE_NAME);
+ LOG.error("Cannot load Atlas application properties file, file-name:" + TAGSYNC_ATLAS_PROPERTIES_FILE_NAME, exception);
+ } finally {
+ try {
+ inputStream.close();
+ } catch (IOException ioException) {
+ LOG.error("Cannot close Atlas application properties file, file-name:\" + TAGSYNC_ATLAS_PROPERTIES_FILE_NAME", ioException);
+ }
}
} else {
ret = false;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b79130d/tagsync/src/main/java/org/apache/ranger/tagsync/source/file/TagFileSource.java
----------------------------------------------------------------------
diff --git a/tagsync/src/main/java/org/apache/ranger/tagsync/source/file/TagFileSource.java b/tagsync/src/main/java/org/apache/ranger/tagsync/source/file/TagFileSource.java
index 03a3980..92f24b2 100644
--- a/tagsync/src/main/java/org/apache/ranger/tagsync/source/file/TagFileSource.java
+++ b/tagsync/src/main/java/org/apache/ranger/tagsync/source/file/TagFileSource.java
@@ -45,17 +45,17 @@ public class TagFileSource implements TagSource, Runnable {
private Properties properties;
@Override
- public boolean initialize(Properties properties) {
+ public boolean initialize(Properties props) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> TagFileSource.initialize()");
}
- if (properties == null || MapUtils.isEmpty(properties)) {
+ if (props == null || MapUtils.isEmpty(props)) {
LOG.error("No properties specified for TagFileSource initialization");
this.properties = new Properties();
} else {
- this.properties = properties;
+ this.properties = props;
}
boolean ret = true;
[2/7] incubator-ranger git commit: RANGER-657: Solr plugin doesn't
support for user principals with /$HOST in it
Posted by ma...@apache.org.
RANGER-657: Solr plugin doesn't support for user principals with /$HOST
in it
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f1135ea2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f1135ea2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f1135ea2
Branch: refs/heads/tag-policy
Commit: f1135ea2ea6cd48209b73a25be77613c9d355abf
Parents: d60c4df
Author: Don Bosco Durai <bo...@apache.org>
Authored: Sun Oct 11 20:51:37 2015 -0700
Committer: Don Bosco Durai <bo...@apache.org>
Committed: Thu Oct 29 20:25:24 2015 -0700
----------------------------------------------------------------------
.../apache/ranger/audit/provider/MiscUtil.java | 79 +++++-
.../ranger/audit/queue/AuditFileSpool.java | 2 +-
.../solr/authorizer/RangerSolrAuthorizer.java | 257 +++++++++++--------
3 files changed, 236 insertions(+), 102 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f1135ea2/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
index a3a3a84..9586f73 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
@@ -37,6 +37,8 @@ import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
+
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.UserGroupInformation;
@@ -481,6 +483,33 @@ public class MiscUtil {
return subjectLoginUser;
}
+ public static String getKerberosNamesRules() {
+ return KerberosName.getRules();
+ }
+ /**
+ *
+ * @param principal
+ * This could be in the format abc/host@domain.com
+ * @return
+ */
+ static public String getShortNameFromPrincipalName(String principal) {
+ if (principal == null) {
+ return null;
+ }
+ try {
+ // Assuming it is kerberos name for now
+ KerberosName kerbrosName = new KerberosName(principal);
+ String userName = kerbrosName.getShortName();
+ userName = StringUtils.substringBefore(userName, "/");
+ userName = StringUtils.substringBefore(userName, "@");
+ return userName;
+ } catch (Throwable t) {
+ logger.error("Error converting kerberos name. principal="
+ + principal + ", KerberosName.rules=" + KerberosName.getRules());
+ }
+ return principal;
+ }
+
/**
* @param userName
* @return
@@ -492,7 +521,6 @@ public class MiscUtil {
try {
UserGroupInformation ugi = UserGroupInformation
.createRemoteUser(userName);
- // UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
String groups[] = ugi.getGroupNames();
if (groups != null && groups.length > 0) {
java.util.Set<String> groupsSet = new java.util.HashSet<String>();
@@ -545,6 +573,55 @@ public class MiscUtil {
}
+ public static void authWithConfig(String appName, Configuration config) {
+ try {
+ if (config != null) {
+ logger.info("Getting AppConfigrationEntry[] for appName="
+ + appName + ", config=" + config.toString());
+ AppConfigurationEntry[] entries = config
+ .getAppConfigurationEntry(appName);
+ if (entries != null) {
+ logger.info("Got " + entries.length
+ + " AppConfigrationEntry elements for appName="
+ + appName);
+ for (AppConfigurationEntry appEntry : entries) {
+ logger.info("APP_ENTRY:getLoginModuleName()="
+ + appEntry.getLoginModuleName());
+ logger.info("APP_ENTRY:getControlFlag()="
+ + appEntry.getControlFlag());
+ logger.info("APP_ENTRY.getOptions()="
+ + appEntry.getOptions());
+ }
+ }
+
+ LoginContext loginContext = new LoginContext(appName,
+ new Subject(), null, config);
+ logger.info("Login in for appName=" + appName);
+ loginContext.login();
+ logger.info("Principals after login="
+ + loginContext.getSubject().getPrincipals());
+ logger.info("UserGroupInformation.loginUserFromSubject(): appName="
+ + appName
+ + ", principals="
+ + loginContext.getSubject().getPrincipals());
+
+ UserGroupInformation ugi = MiscUtil
+ .createUGIFromSubject(loginContext.getSubject());
+ if (ugi != null) {
+ MiscUtil.setUGILoginUser(ugi, loginContext.getSubject());
+ }
+
+ // UserGroupInformation.loginUserFromSubject(loginContext
+ // .getSubject());
+ logger.info("POST UserGroupInformation.loginUserFromSubject UGI="
+ + UserGroupInformation.getLoginUser());
+ }
+ } catch (Throwable t) {
+ logger.fatal("Error logging as appName=" + appName + ", config="
+ + config.toString());
+ }
+ }
+
public static void authWithKerberos(String keytab, String principal,
String nameRules) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f1135ea2/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java
index bab496c..17ddab9 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java
@@ -107,7 +107,7 @@ public class AuditFileSpool implements Runnable {
boolean isWriting = true;
boolean isDrain = false;
- boolean isDestDown = true;
+ boolean isDestDown = false;
private Gson gson = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f1135ea2/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
index 8e0ada8..a8ecf15 100644
--- a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
+++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
@@ -28,9 +28,12 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
+import javax.security.auth.login.Configuration;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.audit.RangerMultiResourceAuditHandler;
@@ -50,26 +53,25 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
public static final String PROP_USE_PROXY_IP = "xasecure.solr.use_proxy_ip";
public static final String PROP_PROXY_IP_HEADER = "xasecure.solr.proxy_ip_header";
+ public static final String PROP_SOLR_APP_NAME = "xasecure.solr.app.name";
public static final String KEY_COLLECTION = "collection";
public static final String ACCESS_TYPE_CREATE = "create";
public static final String ACCESS_TYPE_UPDATE = "update";
public static final String ACCESS_TYPE_QUERY = "query";
- public static final String ACCESS_TYPE_OTHER = "other";
+ public static final String ACCESS_TYPE_OTHERS = "others";
public static final String ACCESS_TYPE_ADMIN = "solr_admin";
private static volatile RangerBasePlugin solrPlugin = null;
boolean useProxyIP = false;
String proxyIPHeader = "HTTP_X_FORWARDED_FOR";
+ String solrAppName = "Client";
public RangerSolrAuthorizer() {
logger.info("RangerSolrAuthorizer()");
- if (solrPlugin == null) {
- logger.info("RangerSolrAuthorizer(): init called");
- solrPlugin = new RangerBasePlugin("solr", "solr");
- }
+
}
/*
@@ -82,16 +84,51 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
logger.info("init()");
try {
- solrPlugin.init();
-
useProxyIP = RangerConfiguration.getInstance().getBoolean(
PROP_USE_PROXY_IP, useProxyIP);
proxyIPHeader = RangerConfiguration.getInstance().get(
PROP_PROXY_IP_HEADER, proxyIPHeader);
+ // First get from the -D property
+ solrAppName = System.getProperty("solr.kerberos.jaas.appname",
+ solrAppName);
+ // Override if required from Ranger properties
+ solrAppName = RangerConfiguration.getInstance().get(
+ PROP_SOLR_APP_NAME, solrAppName);
+
+ logger.info("init(): useProxyIP=" + useProxyIP);
+ logger.info("init(): proxyIPHeader=" + proxyIPHeader);
+ logger.info("init(): solrAppName=" + solrAppName);
+ logger.info("init(): KerberosName.rules="
+ + MiscUtil.getKerberosNamesRules());
+ authToJAASFile();
} catch (Throwable t) {
logger.fatal("Error init", t);
}
+
+ try {
+ if (solrPlugin == null) {
+ logger.info("RangerSolrAuthorizer(): init called");
+ solrPlugin = new RangerBasePlugin("solr", "solr");
+ solrPlugin.init();
+ }
+ } catch (Throwable t) {
+ logger.fatal("Error creating and initializing RangerBasePlugin()");
+ }
+ }
+
+ private void authToJAASFile() {
+ try {
+ // logger.info("DEFAULT UGI=" +
+ // UserGroupInformation.getLoginUser());
+
+ Configuration config = javax.security.auth.login.Configuration
+ .getConfiguration();
+ MiscUtil.authWithConfig(solrAppName, config);
+ logger.info("POST AUTH UGI=" + UserGroupInformation.getLoginUser());
+ } catch (Throwable t) {
+ logger.error("Error authenticating for appName=" + solrAppName, t);
+ }
}
/*
@@ -118,69 +155,75 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
*/
@Override
public AuthorizationResponse authorize(AuthorizationContext context) {
- // TODO: Change this to Debug only
- if (logger.isInfoEnabled()) {
- logAuthorizationConext(context);
- }
+ boolean isDenied = false;
- RangerMultiResourceAuditHandler auditHandler = new RangerMultiResourceAuditHandler();
+ try {
+ if (logger.isDebugEnabled()) {
+ logAuthorizationConext(context);
+ }
- String userName = null;
- Set<String> userGroups = null;
- String ip = null;
- Date eventTime = StringUtil.getUTCDate();
+ RangerMultiResourceAuditHandler auditHandler = new RangerMultiResourceAuditHandler();
- // Set the User and Groups
- Principal principal = context.getUserPrincipal();
- if (principal != null) {
- userName = StringUtils.substringBefore(principal.getName(), "@");
- userGroups = getGroupsForUser(userName);
- }
+ String userName = getUserName(context);
+ Set<String> userGroups = getGroupsForUser(userName);
+ String ip = null;
+ Date eventTime = StringUtil.getUTCDate();
- // // Set the IP
- if (useProxyIP) {
- ip = context.getHttpHeader(proxyIPHeader);
- }
- if (ip == null) {
- ip = context.getHttpHeader("REMOTE_ADDR");
- }
-
- String requestData = context.getResource() + ":" + context.getParams();
+ // // Set the IP
+ if (useProxyIP) {
+ ip = context.getHttpHeader(proxyIPHeader);
+ }
+ if (ip == null) {
+ ip = context.getHttpHeader("REMOTE_ADDR");
+ }
- // Create the list of requests for access check. Each field is broken
- // into a request
- List<RangerAccessRequestImpl> rangerRequests = new ArrayList<RangerAccessRequestImpl>();
- for (CollectionRequest collectionRequest : context
- .getCollectionRequests()) {
+ String requestData = context.getResource() + ":"
+ + context.getParams();
- List<RangerAccessRequestImpl> requestsForCollection = createRequests(
- userName, userGroups, ip, eventTime, context,
- collectionRequest, requestData);
- rangerRequests.addAll(requestsForCollection);
- }
+ // Create the list of requests for access check. Each field is
+ // broken
+ // into a request
+ List<RangerAccessRequestImpl> rangerRequests = new ArrayList<RangerAccessRequestImpl>();
+ for (CollectionRequest collectionRequest : context
+ .getCollectionRequests()) {
- boolean isDenied = false;
- try {
- // Let's check the access for each request/resource
- for (RangerAccessRequestImpl rangerRequest : rangerRequests) {
- RangerAccessResult result = solrPlugin.isAccessAllowed(
- rangerRequest, auditHandler);
- if (result == null || !result.getIsAllowed()) {
- isDenied = true;
- // rejecting on first failure
- break;
+ List<RangerAccessRequestImpl> requestsForCollection = createRequests(
+ userName, userGroups, ip, eventTime, context,
+ collectionRequest, requestData);
+ rangerRequests.addAll(requestsForCollection);
+ }
+ if (logger.isDebugEnabled()) {
+ logger.debug("rangerRequests.size()=" + rangerRequests.size());
+ }
+ try {
+ // Let's check the access for each request/resource
+ for (RangerAccessRequestImpl rangerRequest : rangerRequests) {
+ RangerAccessResult result = solrPlugin.isAccessAllowed(
+ rangerRequest, auditHandler);
+ if (logger.isDebugEnabled()) {
+ logger.debug("rangerRequest=" + result);
+ }
+ if (result == null || !result.getIsAllowed()) {
+ isDenied = true;
+ // rejecting on first failure
+ break;
+ }
}
+ } finally {
+ auditHandler.flushAudit();
}
- } finally {
- auditHandler.flushAudit();
+ } catch (Throwable t) {
+ MiscUtil.logErrorMessageByInterval(logger, t.getMessage(), t);
}
-
AuthorizationResponse response = null;
if (isDenied) {
response = new AuthorizationResponse(403);
} else {
response = new AuthorizationResponse(200);
}
+ if (logger.isDebugEnabled()) {
+ logger.debug("context=" + context + ": returning: " + isDenied);
+ }
return response;
}
@@ -188,53 +231,59 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
* @param context
*/
private void logAuthorizationConext(AuthorizationContext context) {
- String collections = "";
- int i = -1;
- for (CollectionRequest collectionRequest : context
- .getCollectionRequests()) {
- i++;
- if (i > 0) {
- collections += ",";
+ try {
+ // Note: This method should be called with isDebugEnabled() or
+ // isInfoEnabled() scope
+
+ String collections = "";
+ int i = -1;
+ for (CollectionRequest collectionRequest : context
+ .getCollectionRequests()) {
+ i++;
+ if (i > 0) {
+ collections += ",";
+ }
+ collections += collectionRequest.collectionName;
}
- collections += collectionRequest.collectionName;
- }
- String headers = "";
- i = -1;
- @SuppressWarnings("unchecked")
- Enumeration<String> eList = context.getHeaderNames();
- while (eList.hasMoreElements()) {
- i++;
- if (i > 0) {
- headers += ",";
+ String headers = "";
+ i = -1;
+ @SuppressWarnings("unchecked")
+ Enumeration<String> eList = context.getHeaderNames();
+ while (eList.hasMoreElements()) {
+ i++;
+ if (i > 0) {
+ headers += ",";
+ }
+ String header = eList.nextElement();
+ String value = context.getHttpHeader(header);
+ headers += header + "=" + value;
}
- String header = eList.nextElement();
- String value = context.getHttpHeader(header);
- headers += header + "=" + value;
- }
- String ipAddress = context.getHttpHeader("HTTP_X_FORWARDED_FOR");
+ String ipAddress = context.getHttpHeader("HTTP_X_FORWARDED_FOR");
- if (ipAddress == null) {
- ipAddress = context.getHttpHeader("REMOTE_ADDR");
- }
+ if (ipAddress == null) {
+ ipAddress = context.getHttpHeader("REMOTE_HOST");
+ }
+ if (ipAddress == null) {
+ ipAddress = context.getHttpHeader("REMOTE_ADDR");
+ }
- Principal principal = context.getUserPrincipal();
- String userName = null;
- if (principal != null) {
- userName = principal.getName();
- userName = StringUtils.substringBefore(userName, "/");
- userName = StringUtils.substringBefore(userName, "@");
+ String userName = getUserName(context);
+ Set<String> groups = getGroupsForUser(userName);
+
+ logger.info("AuthorizationContext: context.getResource()="
+ + context.getResource() + ", solarParams="
+ + context.getParams() + ", requestType="
+ + context.getRequestType() + ", ranger.requestType="
+ + mapToRangerAccessType(context) + ", userPrincipal="
+ + context.getUserPrincipal() + ", userName=" + userName
+ + ", groups=" + groups + ", ipAddress=" + ipAddress
+ + ", collections=" + collections + ", headers=" + headers);
+ } catch (Throwable t) {
+ logger.error("Error getting request context!!!", t);
}
- logger.info("AuthorizationContext: context.getResource()="
- + context.getResource() + ", solarParams="
- + context.getParams() + ", requestType="
- + context.getRequestType() + ", userPrincipal="
- + context.getUserPrincipal() + ", userName=" + userName
- + ", ipAddress=" + ipAddress + ", collections=" + collections
- + ", headers=" + headers);
-
}
/**
@@ -292,18 +341,24 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
return rangerRequest;
}
+ private String getUserName(AuthorizationContext context) {
+ Principal principal = context.getUserPrincipal();
+ if (principal != null) {
+ return MiscUtil.getShortNameFromPrincipalName(principal.getName());
+ }
+ return null;
+ }
+
/**
* @param name
* @return
*/
private Set<String> getGroupsForUser(String name) {
- // TODO: Need to implement this method
-
- return null;
+ return MiscUtil.getGroupsForRequestUser(name);
}
String mapToRangerAccessType(AuthorizationContext context) {
- String accessType = ACCESS_TYPE_OTHER;
+ String accessType = ACCESS_TYPE_OTHERS;
RequestType requestType = context.getRequestType();
if (requestType.equals(RequestType.ADMIN)) {
@@ -313,11 +368,13 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
} else if (requestType.equals(RequestType.WRITE)) {
accessType = ACCESS_TYPE_UPDATE;
} else if (requestType.equals(RequestType.UNKNOWN)) {
- logger.info("UNKNOWN request type. Mapping it to " + accessType);
- accessType = ACCESS_TYPE_OTHER;
+ logger.info("UNKNOWN request type. Mapping it to " + accessType
+ + ". Resource=" + context.getResource());
+ accessType = ACCESS_TYPE_OTHERS;
} else {
logger.info("Request type is not supported. requestType="
- + requestType + ". Mapping it to " + accessType);
+ + requestType + ". Mapping it to " + accessType
+ + ". Resource=" + context.getResource());
}
return accessType;
}
[6/7] incubator-ranger git commit: Ranger-684: Fixed some minor
issues found during unit testing
Posted by ma...@apache.org.
Ranger-684: Fixed some minor issues found during unit testing
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/99b97e21
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/99b97e21
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/99b97e21
Branch: refs/heads/tag-policy
Commit: 99b97e21bf4dd9c136319471daf7b18ad719d508
Parents: a57740e
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Wed Oct 28 17:57:46 2015 -0700
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Fri Oct 30 18:32:07 2015 -0400
----------------------------------------------------------------------
.../unixusersync/config/UserGroupSyncConfig.java | 18 +++++++++++-------
.../org/apache/ranger/usergroupsync/RegEx.java | 2 +-
.../apache/ranger/usergroupsync/RegExTest.java | 5 +++--
3 files changed, 15 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/99b97e21/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index ceeb836..f43e125 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -25,7 +25,6 @@ import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
-import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Properties;
@@ -756,12 +755,17 @@ public class UserGroupSyncConfig {
public List<String> getAllRegexPatterns(String baseProperty) {
List<String> regexPatterns = new ArrayList<String>();
if (prop != null) {
- Enumeration<?> propertyNames = prop.propertyNames();
- while (propertyNames != null && propertyNames.hasMoreElements()) {
- String propertyName = (String)propertyNames.nextElement();
- if (propertyName != null && propertyName.contains(baseProperty)) {
- regexPatterns.add(prop.getProperty(propertyName));
- }
+ String baseRegex = prop.getProperty(baseProperty);
+ if (baseRegex == null) {
+ return regexPatterns;
+ }
+ regexPatterns.add(baseRegex);
+ int i = 1;
+ String nextRegex = prop.getProperty(baseProperty + "." + i);;
+ while (nextRegex != null) {
+ regexPatterns.add(nextRegex);
+ i++;
+ nextRegex = prop.getProperty(baseProperty + "." + i);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/99b97e21/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java b/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
index b655536..0e9ed99 100644
--- a/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
+++ b/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
@@ -54,7 +54,7 @@ public class RegEx extends AbstractMapper {
String matchPattern = m.group(1);
String replacement = m.group(2);
if (matchPattern != null && !matchPattern.isEmpty() && replacement != null) {
- replacementPattern.put(matchPattern, Matcher.quoteReplacement(replacement));
+ replacementPattern.put(matchPattern, replacement);
if (logger.isDebugEnabled()) {
logger.debug(baseProperty + " match pattern = " + matchPattern + " and replacement string = " + replacement);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/99b97e21/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java
----------------------------------------------------------------------
diff --git a/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java b/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java
index d74eb2b..2621862 100644
--- a/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java
+++ b/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java
@@ -55,7 +55,7 @@ public class RegExTest {
@Test
public void testGroupNameTransform() {
groupRegexPatterns.add("s/\\s/_/g");
- groupRegexPatterns.add("s/_/$/g");
+ groupRegexPatterns.add("s/_/\\$/g");
groupNameRegEx.populateReplacementPatterns(userNameBaseProperty, groupRegexPatterns);
assertEquals("ldap$grp", groupNameRegEx.transform("ldap grp"));
}
@@ -79,8 +79,9 @@ public class RegExTest {
userRegexPatterns.add("s/\\\\/ /g");
userRegexPatterns.add("s//_/g");
userNameRegEx.populateReplacementPatterns(userNameBaseProperty, userRegexPatterns);
- groupRegexPatterns.add("s/\\s//g");
+ groupRegexPatterns.add("s/\\s/\\$/g");
groupRegexPatterns.add("s/\\s");
+ groupRegexPatterns.add("s/\\$//g");
groupNameRegEx.populateReplacementPatterns(userNameBaseProperty, groupRegexPatterns);
assertEquals("test user", userNameRegEx.transform("test\\user"));
assertEquals("ldapgrp", groupNameRegEx.transform("ldap grp"));
[3/7] incubator-ranger git commit: Ranger-684: Modified code to
incorporate review comments
Posted by ma...@apache.org.
Ranger-684: Modified code to incorporate review comments
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/e83d4a70
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/e83d4a70
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/e83d4a70
Branch: refs/heads/tag-policy
Commit: e83d4a703c533ce1e8b58ac5cf1dd2df83a25240
Parents: 99b97e2
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Thu Oct 29 11:09:19 2015 -0700
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Fri Oct 30 18:32:07 2015 -0400
----------------------------------------------------------------------
.../process/LdapUserGroupBuilder.java | 5 ++--
.../config/UserGroupSyncConfig.java | 2 +-
.../org/apache/ranger/usergroupsync/RegEx.java | 30 +++++++++++++-------
.../apache/ranger/usergroupsync/RegExTest.java | 8 +++---
4 files changed, 27 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e83d4a70/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
index 911c5d5..e13db58 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
@@ -42,6 +42,7 @@ import javax.naming.ldap.PagedResultsResponseControl;
import org.apache.log4j.Logger;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
+import org.apache.ranger.usergroupsync.Mapper;
import org.apache.ranger.usergroupsync.AbstractMapper;
import org.apache.ranger.usergroupsync.UserGroupSink;
import org.apache.ranger.usergroupsync.UserGroupSource;
@@ -93,8 +94,8 @@ public class LdapUserGroupBuilder implements UserGroupSource {
private boolean groupUserMapSyncEnabled = false;
- AbstractMapper userNameRegExInst = null;
- AbstractMapper groupNameRegExInst = null;
+ Mapper userNameRegExInst = null;
+ Mapper groupNameRegExInst = null;
public static void main(String[] args) throws Throwable {
LdapUserGroupBuilder ugBuilder = new LdapUserGroupBuilder();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e83d4a70/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index f43e125..792a05a 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -752,7 +752,7 @@ public class UserGroupSyncConfig {
return referral;
}
- public List<String> getAllRegexPatterns(String baseProperty) {
+ public List<String> getAllRegexPatterns(String baseProperty) throws Throwable {
List<String> regexPatterns = new ArrayList<String>();
if (prop != null) {
String baseRegex = prop.getProperty(baseProperty);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e83d4a70/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java b/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
index 0e9ed99..4bf452a 100644
--- a/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
+++ b/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
@@ -37,11 +37,15 @@ public class RegEx extends AbstractMapper {
@Override
public void init (String baseProperty) {
logger.info("Initializing for " + baseProperty);
- List<String> regexPatterns = config.getAllRegexPatterns(baseProperty);
- populateReplacementPatterns(baseProperty, regexPatterns);
+ try {
+ List<String> regexPatterns = config.getAllRegexPatterns(baseProperty);
+ populateReplacementPatterns(baseProperty, regexPatterns);
+ } catch (Throwable t) {
+ logger.error("Failed to initialize " + baseProperty, t.fillInStackTrace());
+ }
}
- protected void populateReplacementPatterns(String baseProperty, List<String> regexPatterns) {
+ protected void populateReplacementPatterns(String baseProperty, List<String> regexPatterns) throws Throwable{
replacementPattern = new LinkedHashMap<String, String>();
Pattern p = Pattern.compile("s/([^/]*)/([^/]*)/(g)?");
for (String regexPattern : regexPatterns) {
@@ -66,17 +70,21 @@ public class RegEx extends AbstractMapper {
@Override
public String transform (String attrValue) {
String result = attrValue;
- if (replacementPattern != null && !replacementPattern.isEmpty()) {
- for (String matchPattern : replacementPattern.keySet()) {
- Pattern p = Pattern.compile(matchPattern);
- Matcher m = p.matcher(result);
- if (m.find()) {
- String replacement = replacementPattern.get(matchPattern);
- if (replacement != null) {
- result = m.replaceAll(replacement);
+ try {
+ if (replacementPattern != null && !replacementPattern.isEmpty()) {
+ for (String matchPattern : replacementPattern.keySet()) {
+ Pattern p = Pattern.compile(matchPattern);
+ Matcher m = p.matcher(result);
+ if (m.find()) {
+ String replacement = replacementPattern.get(matchPattern);
+ if (replacement != null) {
+ result = m.replaceAll(replacement);
+ }
}
}
}
+ } catch (Throwable t) {
+ logger.error("Failed to transform " + attrValue, t.fillInStackTrace());
}
return result;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e83d4a70/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java
----------------------------------------------------------------------
diff --git a/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java b/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java
index 2621862..2c1e023 100644
--- a/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java
+++ b/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java
@@ -46,14 +46,14 @@ public class RegExTest {
}
@Test
- public void testUserNameTransform() {
+ public void testUserNameTransform() throws Throwable {
userRegexPatterns.add("s/\\s/_/");
userNameRegEx.populateReplacementPatterns(userNameBaseProperty, userRegexPatterns);
assertEquals("test_user", userNameRegEx.transform("test user"));
}
@Test
- public void testGroupNameTransform() {
+ public void testGroupNameTransform() throws Throwable {
groupRegexPatterns.add("s/\\s/_/g");
groupRegexPatterns.add("s/_/\\$/g");
groupNameRegEx.populateReplacementPatterns(userNameBaseProperty, groupRegexPatterns);
@@ -67,7 +67,7 @@ public class RegExTest {
}
@Test
- public void testTransform() {
+ public void testTransform() throws Throwable {
userRegexPatterns.add("s/\\s/_/g");
userNameRegEx.populateReplacementPatterns(userNameBaseProperty, userRegexPatterns);
assertEquals("test_user", userNameRegEx.transform("test user"));
@@ -75,7 +75,7 @@ public class RegExTest {
}
@Test
- public void testTransform1() {
+ public void testTransform1() throws Throwable {
userRegexPatterns.add("s/\\\\/ /g");
userRegexPatterns.add("s//_/g");
userNameRegEx.populateReplacementPatterns(userNameBaseProperty, userRegexPatterns);
[5/7] incubator-ranger git commit: Ranger-684: Added support for
Ranger Usersync to transform AD usernames and/or group names to linux
compliant format
Posted by ma...@apache.org.
Ranger-684: Added support for Ranger Usersync to transform AD usernames and/or group names to linux compliant format
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/a57740e2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/a57740e2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/a57740e2
Branch: refs/heads/tag-policy
Commit: a57740e277bf777e78cc0807349a9bcd96a80f3e
Parents: f1135ea
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Wed Oct 28 13:14:24 2015 -0700
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Fri Oct 30 18:32:07 2015 -0400
----------------------------------------------------------------------
ugsync/pom.xml | 5 ++
.../process/LdapUserGroupBuilder.java | 50 +++++++++++
.../config/UserGroupSyncConfig.java | 47 +++++++++++
.../ranger/usergroupsync/AbstractMapper.java | 40 +++++++++
.../org/apache/ranger/usergroupsync/Mapper.java | 26 ++++++
.../org/apache/ranger/usergroupsync/RegEx.java | 83 ++++++++++++++++++
.../apache/ranger/usergroupsync/RegExTest.java | 89 ++++++++++++++++++++
7 files changed, 340 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a57740e2/ugsync/pom.xml
----------------------------------------------------------------------
diff --git a/ugsync/pom.xml b/ugsync/pom.xml
index c72eeee..d0ecb2f 100644
--- a/ugsync/pom.xml
+++ b/ugsync/pom.xml
@@ -105,6 +105,11 @@
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a57740e2/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
index 63643c0..911c5d5 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
@@ -42,6 +42,7 @@ import javax.naming.ldap.PagedResultsResponseControl;
import org.apache.log4j.Logger;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
+import org.apache.ranger.usergroupsync.AbstractMapper;
import org.apache.ranger.usergroupsync.UserGroupSink;
import org.apache.ranger.usergroupsync.UserGroupSource;
@@ -91,6 +92,9 @@ public class LdapUserGroupBuilder implements UserGroupSource {
private boolean groupNameLowerCaseFlag = false ;
private boolean groupUserMapSyncEnabled = false;
+
+ AbstractMapper userNameRegExInst = null;
+ AbstractMapper groupNameRegExInst = null;
public static void main(String[] args) throws Throwable {
LdapUserGroupBuilder ugBuilder = new LdapUserGroupBuilder();
@@ -120,6 +124,39 @@ public class LdapUserGroupBuilder implements UserGroupSource {
groupNameLowerCaseFlag = UserGroupSyncConfig.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion) ;
}
+ String mappingUserNameHandler = config.getUserSyncMappingUserNameHandler();
+ try {
+ if (mappingUserNameHandler != null) {
+ Class<AbstractMapper> regExClass = (Class<AbstractMapper>)Class.forName(mappingUserNameHandler);
+ userNameRegExInst = regExClass.newInstance();
+ if (userNameRegExInst != null) {
+ userNameRegExInst.init(UserGroupSyncConfig.SYNC_MAPPING_USERNAME);
+ } else {
+ LOG.error("RegEx handler instance for username is null!");
+ }
+ }
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load " + mappingUserNameHandler + " " + cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate " + mappingUserNameHandler + " " + te);
+ }
+
+ String mappingGroupNameHandler = config.getUserSyncMappingGroupNameHandler();
+ try {
+ if (mappingGroupNameHandler != null) {
+ Class<AbstractMapper> regExClass = (Class<AbstractMapper>)Class.forName(mappingGroupNameHandler);
+ groupNameRegExInst = regExClass.newInstance();
+ if (groupNameRegExInst != null) {
+ groupNameRegExInst.init(UserGroupSyncConfig.SYNC_MAPPING_GROUPNAME);
+ } else {
+ LOG.error("RegEx handler instance for groupname is null!");
+ }
+ }
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load " + mappingGroupNameHandler + " " + cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate " + mappingGroupNameHandler + " " + te);
+ }
}
@Override
@@ -320,6 +357,10 @@ public class LdapUserGroupBuilder implements UserGroupSource {
userName = userName.toUpperCase() ;
}
}
+
+ if (userNameRegExInst != null) {
+ userName = userNameRegExInst.transform(userName);
+ }
Set<String> groups = new HashSet<String>();
@@ -337,6 +378,9 @@ public class LdapUserGroupBuilder implements UserGroupSource {
gName = gName.toUpperCase();
}
}
+ if (groupNameRegExInst != null) {
+ gName = groupNameRegExInst.transform(gName);
+ }
groups.add(gName);
}
}
@@ -361,6 +405,9 @@ public class LdapUserGroupBuilder implements UserGroupSource {
gName = gName.toUpperCase();
}
}
+ if (groupNameRegExInst != null) {
+ gName = groupNameRegExInst.transform(gName);
+ }
computedGroups.add(gName);
}
}
@@ -453,6 +500,9 @@ public class LdapUserGroupBuilder implements UserGroupSource {
gName = gName.toUpperCase();
}
}
+ if (groupNameRegExInst != null) {
+ gName = groupNameRegExInst.transform(gName);
+ }
groupNames.add(gName);
}
if (LOG.isInfoEnabled()) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a57740e2/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index c1b305b..ceeb836 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -24,7 +24,10 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Enumeration;
import java.util.HashSet;
+import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
@@ -174,6 +177,17 @@ public class UserGroupSyncConfig {
private static final String SYNC_SOURCE = "ranger.usersync.sync.source";
private static final String LGSYNC_REFERRAL = "ranger.usersync.ldap.referral";
private static final String DEFAULT_LGSYNC_REFERRAL = "ignore";
+
+ public static final String SYNC_MAPPING_USERNAME = "ranger.usersync.mapping.username.regex";
+
+ public static final String SYNC_MAPPING_GROUPNAME = "ranger.usersync.mapping.groupname.regex";
+
+ private static final String SYNC_MAPPING_USERNAME_HANDLER = "ranger.usersync.mapping.username.handler";
+ private static final String DEFAULT_SYNC_MAPPING_USERNAME_HANDLER = "org.apache.ranger.usergroupsync.RegEx";
+
+ private static final String SYNC_MAPPING_GROUPNAME_HANDLER = "ranger.usersync.mapping.groupname.handler";
+ private static final String DEFAULT_SYNC_MAPPING_GROUPNAME_HANDLER = "org.apache.ranger.usergroupsync.RegEx";
+
private Properties prop = new Properties() ;
private static volatile UserGroupSyncConfig me = null ;
@@ -738,4 +752,37 @@ public class UserGroupSyncConfig {
}
return referral;
}
+
+ public List<String> getAllRegexPatterns(String baseProperty) {
+ List<String> regexPatterns = new ArrayList<String>();
+ if (prop != null) {
+ Enumeration<?> propertyNames = prop.propertyNames();
+ while (propertyNames != null && propertyNames.hasMoreElements()) {
+ String propertyName = (String)propertyNames.nextElement();
+ if (propertyName != null && propertyName.contains(baseProperty)) {
+ regexPatterns.add(prop.getProperty(propertyName));
+ }
+ }
+
+ }
+ return regexPatterns;
+ }
+
+ public String getUserSyncMappingUserNameHandler() {
+ String val = prop.getProperty(SYNC_MAPPING_USERNAME_HANDLER) ;
+
+ if(val == null) {
+ val = DEFAULT_SYNC_MAPPING_USERNAME_HANDLER;
+ }
+ return val;
+ }
+
+ public String getUserSyncMappingGroupNameHandler() {
+ String val = prop.getProperty(SYNC_MAPPING_GROUPNAME_HANDLER) ;
+
+ if(val == null) {
+ val = DEFAULT_SYNC_MAPPING_GROUPNAME_HANDLER;
+ }
+ return val;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a57740e2/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractMapper.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractMapper.java b/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractMapper.java
new file mode 100644
index 0000000..fc5d10b
--- /dev/null
+++ b/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractMapper.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.usergroupsync;
+
+import org.apache.log4j.Logger;
+
+public abstract class AbstractMapper implements Mapper {
+
+ static Logger logger = Logger.getLogger(AbstractMapper.class);
+
+ @Override
+ public void init(String baseProperty) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public String transform(String attrValue) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a57740e2/ugsync/src/main/java/org/apache/ranger/usergroupsync/Mapper.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/usergroupsync/Mapper.java b/ugsync/src/main/java/org/apache/ranger/usergroupsync/Mapper.java
new file mode 100644
index 0000000..820fe20
--- /dev/null
+++ b/ugsync/src/main/java/org/apache/ranger/usergroupsync/Mapper.java
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.usergroupsync;
+
+public interface Mapper {
+ public void init(String baseProperty);
+
+ public String transform(String attrValue);
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a57740e2/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java b/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
new file mode 100644
index 0000000..b655536
--- /dev/null
+++ b/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.usergroupsync;
+
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
+
+public class RegEx extends AbstractMapper {
+ private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
+ private LinkedHashMap<String, String> replacementPattern;
+
+ public LinkedHashMap<String, String> getReplacementPattern() {
+ return replacementPattern;
+ }
+
+ @Override
+ public void init (String baseProperty) {
+ logger.info("Initializing for " + baseProperty);
+ List<String> regexPatterns = config.getAllRegexPatterns(baseProperty);
+ populateReplacementPatterns(baseProperty, regexPatterns);
+ }
+
+ protected void populateReplacementPatterns(String baseProperty, List<String> regexPatterns) {
+ replacementPattern = new LinkedHashMap<String, String>();
+ Pattern p = Pattern.compile("s/([^/]*)/([^/]*)/(g)?");
+ for (String regexPattern : regexPatterns) {
+ Matcher m = p.matcher(regexPattern);
+ if (!m.matches()) {
+ logger.warn("Invalid RegEx " + regexPattern + " and hence skipping this regex property");
+ }
+ m = m.reset();
+ while (m.find()) {
+ String matchPattern = m.group(1);
+ String replacement = m.group(2);
+ if (matchPattern != null && !matchPattern.isEmpty() && replacement != null) {
+ replacementPattern.put(matchPattern, Matcher.quoteReplacement(replacement));
+ if (logger.isDebugEnabled()) {
+ logger.debug(baseProperty + " match pattern = " + matchPattern + " and replacement string = " + replacement);
+ }
+ }
+ }
+ }
+ }
+
+ @Override
+ public String transform (String attrValue) {
+ String result = attrValue;
+ if (replacementPattern != null && !replacementPattern.isEmpty()) {
+ for (String matchPattern : replacementPattern.keySet()) {
+ Pattern p = Pattern.compile(matchPattern);
+ Matcher m = p.matcher(result);
+ if (m.find()) {
+ String replacement = replacementPattern.get(matchPattern);
+ if (replacement != null) {
+ result = m.replaceAll(replacement);
+ }
+ }
+ }
+ }
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a57740e2/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java
----------------------------------------------------------------------
diff --git a/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java b/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java
new file mode 100644
index 0000000..d74eb2b
--- /dev/null
+++ b/ugsync/src/test/java/org/apache/ranger/usergroupsync/RegExTest.java
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.usergroupsync;
+
+import static org.junit.Assert.*;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.junit.Before;
+import org.junit.Test;
+
+public class RegExTest {
+ protected String userNameBaseProperty = "ranger.usersync.mapping.username.regex";
+ protected String groupNameBaseProperty = "ranger.usersync.mapping.groupname.regex";
+ protected RegEx userNameRegEx = null;
+ protected RegEx groupNameRegEx = null;
+ List<String> userRegexPatterns = null;
+ List<String> groupRegexPatterns = null;
+
+ @Before
+ public void setUp() throws Exception {
+ userNameRegEx = new RegEx();
+ //userNameRegEx.init(userNameBaseProperty);
+ userRegexPatterns = new ArrayList<String>();
+ groupNameRegEx = new RegEx();
+ //groupNameRegEx.init(groupNameBaseProperty);
+ groupRegexPatterns = new ArrayList<String>();
+ }
+
+ @Test
+ public void testUserNameTransform() {
+ userRegexPatterns.add("s/\\s/_/");
+ userNameRegEx.populateReplacementPatterns(userNameBaseProperty, userRegexPatterns);
+ assertEquals("test_user", userNameRegEx.transform("test user"));
+ }
+
+ @Test
+ public void testGroupNameTransform() {
+ groupRegexPatterns.add("s/\\s/_/g");
+ groupRegexPatterns.add("s/_/$/g");
+ groupNameRegEx.populateReplacementPatterns(userNameBaseProperty, groupRegexPatterns);
+ assertEquals("ldap$grp", groupNameRegEx.transform("ldap grp"));
+ }
+
+ @Test
+ public void testEmptyTransform() {
+ assertEquals("test user", userNameRegEx.transform("test user"));
+ assertEquals("ldap grp", groupNameRegEx.transform("ldap grp"));
+ }
+
+ @Test
+ public void testTransform() {
+ userRegexPatterns.add("s/\\s/_/g");
+ userNameRegEx.populateReplacementPatterns(userNameBaseProperty, userRegexPatterns);
+ assertEquals("test_user", userNameRegEx.transform("test user"));
+ assertEquals("ldap grp", groupNameRegEx.transform("ldap grp"));
+ }
+
+ @Test
+ public void testTransform1() {
+ userRegexPatterns.add("s/\\\\/ /g");
+ userRegexPatterns.add("s//_/g");
+ userNameRegEx.populateReplacementPatterns(userNameBaseProperty, userRegexPatterns);
+ groupRegexPatterns.add("s/\\s//g");
+ groupRegexPatterns.add("s/\\s");
+ groupNameRegEx.populateReplacementPatterns(userNameBaseProperty, groupRegexPatterns);
+ assertEquals("test user", userNameRegEx.transform("test\\user"));
+ assertEquals("ldapgrp", groupNameRegEx.transform("ldap grp"));
+ }
+
+}
[4/7] incubator-ranger git commit: Ranger-684: Using Class type as
Mapper (which is the interface) instead of AbstractMapper (which is an
abstract class that implements Mapper) inorder to allow handlers to implement
the interface directly without using t
Posted by ma...@apache.org.
Ranger-684: Using Class type as Mapper (which is the interface) instead of AbstractMapper (which is an abstract class that implements Mapper) inorder to allow handlers to implement the interface directly without using the abstract class.
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/fab2a10c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/fab2a10c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/fab2a10c
Branch: refs/heads/tag-policy
Commit: fab2a10c45e56e4d3253641c2a1f862bc989597c
Parents: e83d4a7
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Fri Oct 30 13:36:50 2015 -0700
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Fri Oct 30 18:32:07 2015 -0400
----------------------------------------------------------------------
.../ranger/ldapusersync/process/LdapUserGroupBuilder.java | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fab2a10c/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
index e13db58..bab9e84 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
@@ -43,7 +43,6 @@ import javax.naming.ldap.PagedResultsResponseControl;
import org.apache.log4j.Logger;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.usergroupsync.Mapper;
-import org.apache.ranger.usergroupsync.AbstractMapper;
import org.apache.ranger.usergroupsync.UserGroupSink;
import org.apache.ranger.usergroupsync.UserGroupSource;
@@ -128,7 +127,7 @@ public class LdapUserGroupBuilder implements UserGroupSource {
String mappingUserNameHandler = config.getUserSyncMappingUserNameHandler();
try {
if (mappingUserNameHandler != null) {
- Class<AbstractMapper> regExClass = (Class<AbstractMapper>)Class.forName(mappingUserNameHandler);
+ Class<Mapper> regExClass = (Class<Mapper>)Class.forName(mappingUserNameHandler);
userNameRegExInst = regExClass.newInstance();
if (userNameRegExInst != null) {
userNameRegExInst.init(UserGroupSyncConfig.SYNC_MAPPING_USERNAME);
@@ -145,7 +144,7 @@ public class LdapUserGroupBuilder implements UserGroupSource {
String mappingGroupNameHandler = config.getUserSyncMappingGroupNameHandler();
try {
if (mappingGroupNameHandler != null) {
- Class<AbstractMapper> regExClass = (Class<AbstractMapper>)Class.forName(mappingGroupNameHandler);
+ Class<Mapper> regExClass = (Class<Mapper>)Class.forName(mappingGroupNameHandler);
groupNameRegExInst = regExClass.newInstance();
if (groupNameRegExInst != null) {
groupNameRegExInst.init(UserGroupSyncConfig.SYNC_MAPPING_GROUPNAME);