You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ga...@apache.org on 2016/05/25 10:08:43 UTC
incubator-ranger git commit: RANGER-991: Ranger should support
authorization for Apache Atlas
Repository: incubator-ranger
Updated Branches:
refs/heads/master 982e0a99f -> 5a40ad329
RANGER-991: Ranger should support authorization for Apache Atlas
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/5a40ad32
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/5a40ad32
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/5a40ad32
Branch: refs/heads/master
Commit: 5a40ad32947686fa0d21d2edd4aa0c3cf038bef3
Parents: 982e0a9
Author: Gautam Borad <ga...@apache.org>
Authored: Wed May 25 12:51:23 2016 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Wed May 25 15:38:25 2016 +0530
----------------------------------------------------------------------
agents-common/scripts/enable-agent.sh | 33 +++
.../plugin/store/EmbeddedServiceDefsUtil.java | 10 +-
.../service-defs/ranger-servicedef-atlas.json | 207 +++++++++++++++++++
plugin-atlas/.gitignore | 3 +
.../conf/ranger-atlas-audit-changes.cfg | 30 +++
plugin-atlas/conf/ranger-atlas-audit.xml | 122 +++++++++++
.../conf/ranger-atlas-security-changes.cfg | 29 +++
plugin-atlas/conf/ranger-atlas-security.xml | 83 ++++++++
.../conf/ranger-policymgr-ssl-changes.cfg | 23 +++
plugin-atlas/conf/ranger-policymgr-ssl.xml | 63 ++++++
plugin-atlas/pom.xml | 66 ++++++
plugin-atlas/scripts/install.properties | 110 ++++++++++
.../atlas/authorizer/RangerAtlasAuthorizer.java | 143 +++++++++++++
.../atlas/authorizer/RangerAtlasResource.java | 60 ++++++
.../services/atlas/RangerServiceAtlas.java | 62 ++++++
plugin-atlas/src/test/resource/log4j.properties | 34 +++
plugin-atlas/template/configuration.xml | 20 ++
pom.xml | 5 +
ranger-atlas-plugin-shim/.gitignore | 2 +
ranger-atlas-plugin-shim/pom.xml | 84 ++++++++
.../atlas/authorizer/RangerAtlasAuthorizer.java | 142 +++++++++++++
src/main/assembly/atlas-agent.xml | 170 +++++++++++++++
22 files changed, 1500 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/agents-common/scripts/enable-agent.sh
----------------------------------------------------------------------
diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh
index 1fa1845..39c4633 100755
--- a/agents-common/scripts/enable-agent.sh
+++ b/agents-common/scripts/enable-agent.sh
@@ -184,6 +184,8 @@ elif [ "${HCOMPONENT_NAME}" = "kafka" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/libs
elif [ "${HCOMPONENT_NAME}" = "storm" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/extlib-daemon
+elif [ "${HCOMPONENT_NAME}" = "atlas" ]; then
+ HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/server/webapp/atlas/WEB-INF/lib
fi
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf
@@ -713,6 +715,37 @@ then
fi
fi
+#Update Properties to File
+#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
+updatePropertyToFile(){
+ sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
+ validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
+ if test -z "$validate" ; then log "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
+ echo "Property $1 updated successfully with : '$2'"
+}
+
+if [ "${HCOMPONENT_NAME}" = "atlas" ]
+then
+ if [ "${action}" = "enable" ]
+ then
+ authName="org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer"
+ else
+ authName="org.apache.atlas.authorize.SimpleAtlasAuthorizer"
+ fi
+
+ dt=`date '+%Y%m%d%H%M%S'`
+ fn=`ls ${HCOMPONENT_CONF_DIR}/atlas-application.properties 2> /dev/null`
+ if [ -f "${fn}" ]
+ then
+ dn=`dirname ${fn}`
+ bn=`basename ${fn}`
+ bf=${dn}/.${bn}.${dt}
+ echo "backup of ${fn} to ${bf} ..."
+ cp ${fn} ${bf}
+ echo "Updating properties file: [${fn}] ... "
+ updatePropertyToFile atlas.authorizer.impl $authName ${fn}
+ fi
+fi
#
# Set notice to restart the ${HCOMPONENT_NAME}
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
index bf29ee6..2002295 100755
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
@@ -47,7 +47,7 @@ public class EmbeddedServiceDefsUtil {
// following servicedef list should be reviewed/updated whenever a new embedded service-def is added
- private static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = "tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr";
+ private static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = "tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas";
private static final String PROPERTY_SUPPORTED_SERVICE_DEFS = "ranger.supportedcomponents";
private Set<String> supportedServiceDefs;
public static final String EMBEDDED_SERVICEDEF_TAG_NAME = "tag";
@@ -61,6 +61,7 @@ public class EmbeddedServiceDefsUtil {
public static final String EMBEDDED_SERVICEDEF_KAFKA_NAME = "kafka";
public static final String EMBEDDED_SERVICEDEF_SOLR_NAME = "solr";
public static final String EMBEDDED_SERVICEDEF_NIFI_NAME = "nifi";
+ public static final String EMBEDDED_SERVICEDEF_ATLAS_NAME = "atlas";
public static final String PROPERTY_CREATE_EMBEDDED_SERVICE_DEFS = "ranger.service.store.create.embedded.service-defs";
@@ -74,6 +75,7 @@ public class EmbeddedServiceDefsUtil {
public static final String KAFKA_IMPL_CLASS_NAME = "org.apache.ranger.services.kafka.RangerServiceKafka";
public static final String SOLR_IMPL_CLASS_NAME = "org.apache.ranger.services.solr.RangerServiceSolr";
public static final String NIFI_IMPL_CLASS_NAME = "org.apache.ranger.services.nifi.RangerServiceNiFi";
+ public static final String ATLAS_IMPL_CLASS_NAME = "org.apache.ranger.services.atlas.RangerServiceAtlas";
private static EmbeddedServiceDefsUtil instance = new EmbeddedServiceDefsUtil();
@@ -88,6 +90,7 @@ public class EmbeddedServiceDefsUtil {
private RangerServiceDef kafkaServiceDef = null;
private RangerServiceDef solrServiceDef = null;
private RangerServiceDef nifiServiceDef = null;
+ private RangerServiceDef atlasServiceDef = null;
private RangerServiceDef tagServiceDef = null;
@@ -125,6 +128,7 @@ public class EmbeddedServiceDefsUtil {
kafkaServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_KAFKA_NAME);
solrServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_SOLR_NAME);
nifiServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_NIFI_NAME);
+ atlasServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_ATLAS_NAME);
tagServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_TAG_NAME);
@@ -177,6 +181,10 @@ public class EmbeddedServiceDefsUtil {
return getId(nifiServiceDef);
}
+ public long getAtlasServiceDefId() {
+ return getId(atlasServiceDef);
+ }
+
public long getTagServiceDefId() { return getId(tagServiceDef); }
private long getId(RangerServiceDef serviceDef) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
new file mode 100644
index 0000000..4a550c6
--- /dev/null
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
@@ -0,0 +1,207 @@
+{
+ "id":11,
+ "name": "atlas",
+ "implClass": "org.apache.ranger.services.atlas.RangerServiceAtlas",
+ "label": "Atlas Metadata Server",
+ "description": "Atlas Metadata Server",
+ "resources":
+ [
+ {
+ "itemId": 1,
+ "name": "entity",
+ "type": "string",
+ "level": 10,
+ "parent": "",
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Entity",
+ "description": "Entity"
+ },
+
+ {
+ "itemId": 2,
+ "name": "type",
+ "type": "string",
+ "level": 10,
+ "parent": "",
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Type",
+ "description": "Type"
+ },
+
+ {
+ "itemId": 3,
+ "name": "operation",
+ "type": "string",
+ "level": 10,
+ "parent": "",
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Operations",
+ "description": "Admin Operations"
+ },
+
+ {
+ "itemId": 4,
+ "name": "taxonomy",
+ "type": "string",
+ "level": 10,
+ "parent": "",
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Taxonomy",
+ "description": "Taxonomy"
+ },
+
+ {
+ "itemId": 5,
+ "name": "term",
+ "type": "string",
+ "level": 10,
+ "parent": "",
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": false,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Term",
+ "description": "Term"
+ }
+
+
+ ],
+
+ "accessTypes":
+ [
+ {
+ "itemId": 1,
+ "name": "read",
+ "label": "read"
+ },
+
+ {
+ "itemId": 2,
+ "name": "create",
+ "label": "create"
+ },
+
+ {
+ "itemId": 3,
+ "name": "update",
+ "label": "update"
+ },
+
+ {
+ "itemId": 4,
+ "name": "delete",
+ "label": "delete"
+ },
+
+
+ {
+ "itemId": 5,
+ "name": "all",
+ "label": "All",
+ "impliedGrants":
+ [
+ "read",
+ "create",
+ "update",
+ "delete"
+ ]
+ }
+ ],
+
+ "configs":
+ [
+ {
+ "itemId": 1,
+ "name": "username",
+ "type": "string",
+ "mandatory": true,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Username"
+ },
+
+ {
+ "itemId": 2,
+ "name": "password",
+ "type": "password",
+ "mandatory": true,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Password"
+ },
+
+ {
+ "itemId": 3,
+ "name": "atlas.rest.address",
+ "type": "string",
+ "mandatory": true,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "defaultValue": "http://localhost:21000"
+ },
+
+ {
+ "itemId": 4,
+ "name": "commonNameForCertificate",
+ "type": "string",
+ "mandatory": false,
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Common Name for Certificate"
+ }
+ ],
+
+ "enums":
+ [
+
+ ],
+
+ "contextEnrichers":
+ [
+ ],
+
+ "policyConditions":
+ [
+ ]
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/.gitignore
----------------------------------------------------------------------
diff --git a/plugin-atlas/.gitignore b/plugin-atlas/.gitignore
new file mode 100644
index 0000000..02f68bb
--- /dev/null
+++ b/plugin-atlas/.gitignore
@@ -0,0 +1,3 @@
+/target/
+/bin/
+.settings/
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/conf/ranger-atlas-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/plugin-atlas/conf/ranger-atlas-audit-changes.cfg b/plugin-atlas/conf/ranger-atlas-audit-changes.cfg
new file mode 100644
index 0000000..07fc382
--- /dev/null
+++ b/plugin-atlas/conf/ranger-atlas-audit-changes.cfg
@@ -0,0 +1,30 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+#solr configuration
+xasecure.audit.destination.solr %XAAUDIT.SOLR.ENABLE% mod create-if-not-exists
+xasecure.audit.destination.solr.urls %XAAUDIT.SOLR.URL% mod create-if-not-exists
+xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exists
+xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists
+xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists
+
+
+#hdfs configuration
+xasecure.audit.destination.hdfs %XAAUDIT.HDFS.ENABLE% mod create-if-not-exists
+xasecure.audit.destination.hdfs.dir %XAAUDIT.HDFS.HDFS_DIR% mod create-if-not-exists
+
+
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/conf/ranger-atlas-audit.xml
----------------------------------------------------------------------
diff --git a/plugin-atlas/conf/ranger-atlas-audit.xml b/plugin-atlas/conf/ranger-atlas-audit.xml
new file mode 100644
index 0000000..93ad238
--- /dev/null
+++ b/plugin-atlas/conf/ranger-atlas-audit.xml
@@ -0,0 +1,122 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+ <property>
+ <name>xasecure.audit.is.enabled</name>
+ <value>true</value>
+ </property>
+
+ <!-- Solr audit provider configuration -->
+
+ <property>
+ <name>xasecure.audit.destination.solr</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.solr.urls</name>
+ <value>NONE</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.solr.zookeepers</name>
+ <value></value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.solr.collection</name>
+ <value>NONE</value>
+ </property>
+
+
+ <!-- HDFS audit provider configuration -->
+ <property>
+ <name>xasecure.audit.destination.hdfs</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ <value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.hdfs.subdir</name>
+ <value>%app-type%/%time:yyyyMMdd%</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.hdfs.filename.format</name>
+ <value>%app-type%_ranger_audit_%hostname%.log</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.hdfs.file.rollover.sec</name>
+ <value>86400</value>
+ </property>
+
+ <!-- Audit to HDFS on Azure Datastore (WASB) requires v3 style settings. Comment the above and uncomment only the
+ following to audit to Azure Blob Datastore via hdfs' WASB schema.
+
+ NOTE: If you specify one audit destination in v3 style then other destinations, if any, must also be specified in v3 style
+ ====
+
+ <property>
+ <name>xasecure.audit.destination.hdfs</name>
+ <value>enabled</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ <value>wasb://ranger-audit1@youraccount.blob.core.windows.net</value>
+ </property>
+
+ the following 3 correspond to the properties with similar name in core-site.xml, i.e.
+ - fs.azure.account.key.youraccount.blob.core.windows.net => xasecure.audit.destination.hdfs.config.fs.azure.account.key.youraccount.blob.core.windows.net and
+ - fs.azure.account.keyprovider.youraccount.blob.core.windows.net => xasecure.audit.destination.hdfs.config.fs.azure.account.keyprovider.youraccount.blob.core.windows.net,
+ - fs.azure.shellkeyprovider.script => xasecure.audit.destination.hdfs.config.fs.azure.shellkeyprovider.script,
+
+ <property>
+ <name>xasecure.audit.destination.hdfs.config.fs.azure.account.key.youraccount.blob.core.windows.net</name>
+ <value>YOUR ENCRYPTED ACCESS KEY</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.hdfs.config.fs.azure.account.keyprovider.youraccount.blob.core.windows.net</name>
+ <value>org.apache.hadoop.fs.azure.ShellDecryptionKeyProvider</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.hdfs.config.fs.azure.shellkeyprovider.script</name>
+ <value>/usr/lib/python2.7/dist-packages/hdinsight_common/decrypt.sh</value>
+ </property>
+ -->
+
+ <!-- Log4j audit provider configuration -->
+ <property>
+ <name>xasecure.audit.destination.log4j</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.log4j.logger</name>
+ <value></value>
+ </property>
+
+</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/conf/ranger-atlas-security-changes.cfg
----------------------------------------------------------------------
diff --git a/plugin-atlas/conf/ranger-atlas-security-changes.cfg b/plugin-atlas/conf/ranger-atlas-security-changes.cfg
new file mode 100644
index 0000000..08790b9
--- /dev/null
+++ b/plugin-atlas/conf/ranger-atlas-security-changes.cfg
@@ -0,0 +1,29 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Change the original policy parameter to work with policy manager based.
+#
+#
+ranger.plugin.atlas.service.name %REPOSITORY_NAME% mod create-if-not-exists
+
+ranger.plugin.atlas.policy.source.impl org.apache.ranger.admin.client.RangerAdminRESTClient mod create-if-not-exists
+
+ranger.plugin.atlas.policy.rest.url %POLICY_MGR_URL% mod create-if-not-exists
+ranger.plugin.atlas.policy.rest.ssl.config.file /etc/atlas/conf/ranger-policymgr-ssl.xml mod create-if-not-exists
+ranger.plugin.atlas.policy.pollIntervalMs 30000 mod create-if-not-exists
+ranger.plugin.atlas.policy.cache.dir %POLICY_CACHE_FILE_PATH% mod create-if-not-exists
+ranger.plugin.atlas.policy.rest.client.connection.timeoutMs 120000 mod create-if-not-exists
+ranger.plugin.atlas.policy.rest.client.read.timeoutMs 30000 mod create-if-not-exists
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/conf/ranger-atlas-security.xml
----------------------------------------------------------------------
diff --git a/plugin-atlas/conf/ranger-atlas-security.xml b/plugin-atlas/conf/ranger-atlas-security.xml
new file mode 100644
index 0000000..933c8e7
--- /dev/null
+++ b/plugin-atlas/conf/ranger-atlas-security.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+ <property>
+ <name>ranger.plugin.atlas.service.name</name>
+ <value>atlasdev</value>
+ <description>
+ Name of the Ranger service containing policies for this YARN instance
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.atlas.policy.source.impl</name>
+ <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
+ <description>
+ Class to retrieve policies from the source
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.atlas.policy.rest.url</name>
+ <value>http://policymanagerhost:port</value>
+ <description>
+ URL to Ranger Admin
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.atlas.policy.rest.ssl.config.file</name>
+ <value>/etc/atlas/conf/ranger-policymgr-ssl.xml</value>
+ <description>
+ Path to the file containing SSL details to contact Ranger Admin
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.atlas.policy.pollIntervalMs</name>
+ <value>30000</value>
+ <description>
+ How often to poll for changes in policies?
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.atlas.policy.cache.dir</name>
+ <value>/etc/ranger/atlasdev/policycache</value>
+ <description>
+ Directory where Ranger policies are cached after successful retrieval from the source
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.atlas.policy.rest.client.connection.timeoutMs</name>
+ <value>120000</value>
+ <description>
+ RangerRestClient Connection Timeout in Milli Seconds
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.atlas.policy.rest.client.read.timeoutMs</name>
+ <value>30000</value>
+ <description>
+ RangerRestClient read Timeout in Milli Seconds
+ </description>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/conf/ranger-policymgr-ssl-changes.cfg
----------------------------------------------------------------------
diff --git a/plugin-atlas/conf/ranger-policymgr-ssl-changes.cfg b/plugin-atlas/conf/ranger-policymgr-ssl-changes.cfg
new file mode 100644
index 0000000..6bf4265
--- /dev/null
+++ b/plugin-atlas/conf/ranger-policymgr-ssl-changes.cfg
@@ -0,0 +1,23 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SSL Params
+#
+xasecure.policymgr.clientssl.keystore %SSL_KEYSTORE_FILE_PATH% mod create-if-not-exists
+xasecure.policymgr.clientssl.keystore.password %SSL_KEYSTORE_PASSWORD% mod create-if-not-exists
+xasecure.policymgr.clientssl.keystore.credential.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore %SSL_TRUSTSTORE_FILE_PATH% mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore.password %SSL_TRUSTSTORE_PASSWORD% mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore.credential.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/conf/ranger-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/plugin-atlas/conf/ranger-policymgr-ssl.xml b/plugin-atlas/conf/ranger-policymgr-ssl.xml
new file mode 100644
index 0000000..964aac7
--- /dev/null
+++ b/plugin-atlas/conf/ranger-policymgr-ssl.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+ <!-- The following properties are used for 2-way SSL client server validation -->
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore</name>
+ <value>hadoopdev-clientcert.jks</value>
+ <description>
+ Java Keystore files
+ </description>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.password</name>
+ <value>none</value>
+ <description>
+ password for keystore
+ </description>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore</name>
+ <value>cacerts-xasecure.jks</value>
+ <description>
+ java truststore file
+ </description>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.password</name>
+ <value>none</value>
+ <description>
+ java truststore password
+ </description>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+ <value>jceks://file/tmp/keystore-hadoopdev-ssl.jceks</value>
+ <description>
+ java keystore credential file
+ </description>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+ <value>jceks://file/tmp/truststore-hadoopdev-ssl.jceks</value>
+ <description>
+ java truststore credential file
+ </description>
+ </property>
+</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/pom.xml
----------------------------------------------------------------------
diff --git a/plugin-atlas/pom.xml b/plugin-atlas/pom.xml
new file mode 100644
index 0000000..2c82c57
--- /dev/null
+++ b/plugin-atlas/pom.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>ranger-atlas-plugin</artifactId>
+ <name>Atlas Security Plugin</name>
+ <description>Atlas Security Plugins</description>
+ <packaging>jar</packaging>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <parent>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger</artifactId>
+ <version>0.6.0-SNAPSHOT</version>
+ <relativePath>..</relativePath>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>commons-lang</groupId>
+ <artifactId>commons-lang</artifactId>
+ <version>${commons.lang.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.google.code.gson</groupId>
+ <artifactId>gson</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger-plugins-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger-plugins-audit</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.atlas</groupId>
+ <artifactId>atlas-authorization</artifactId>
+ <version>${atlas.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.atlas</groupId>
+ <artifactId>atlas-common</artifactId>
+ <version>${atlas.version}</version>
+ </dependency>
+ </dependencies>
+</project>
+
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/scripts/install.properties
----------------------------------------------------------------------
diff --git a/plugin-atlas/scripts/install.properties b/plugin-atlas/scripts/install.properties
new file mode 100644
index 0000000..b339d26
--- /dev/null
+++ b/plugin-atlas/scripts/install.properties
@@ -0,0 +1,110 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Location of Policy Manager URL
+#
+# Example:
+# POLICY_MGR_URL=http://policymanager.xasecure.net:6080
+#
+POLICY_MGR_URL=
+
+#
+# Location of db client library (please check the location of the jar file)
+#
+# Example:
+# SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+# SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
+#
+SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+
+#
+# This is the repository name created within policy manager
+#
+# Example:
+# REPOSITORY_NAME=atlasdev
+#
+REPOSITORY_NAME=
+
+# AUDIT configuration with V3 properties
+
+#Should audit be summarized at source
+XAAUDIT.SUMMARY.ENABLE=true
+
+# Enable audit logs to Solr
+#Example
+#XAAUDIT.SOLR.ENABLE=true
+#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits
+#XAAUDIT.SOLR.ZOOKEEPER=
+#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/atlas/audit/solr/spool
+
+XAAUDIT.SOLR.ENABLE=false
+XAAUDIT.SOLR.URL=NONE
+XAAUDIT.SOLR.USER=NONE
+XAAUDIT.SOLR.PASSWORD=NONE
+XAAUDIT.SOLR.ZOOKEEPER=NONE
+
+# Enable audit logs to HDFS
+#Example
+#XAAUDIT.HDFS.ENABLE=true
+#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit
+# If using Azure Blob Storage
+#XAAUDIT.HDFS.HDFS_DIR=wasb[s]://<containername>@<accountname>.blob.core.windows.net/<path>
+#XAAUDIT.HDFS.HDFS_DIR=wasb://ranger_audit_container@my-azure-account.blob.core.windows.net/ranger/audit
+#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/atlas/audit/hdfs/spool
+
+XAAUDIT.HDFS.ENABLE=false
+XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit
+
+# Following additional propertis are needed When auditing to Azure Blob Storage via HDFS
+# Get these values from your /etc/hadoop/conf/core-site.xml
+#XAAUDIT.HDFS.HDFS_DIR=wasb[s]://<containername>@<accountname>.blob.core.windows.net/<path>
+XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME
+XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY
+XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER
+XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
+
+# End of V3 properties
+
+
+#
+# SSL Client Certificate Information
+#
+# Example:
+# SSL_KEYSTORE_FILE_PATH=/etc/atlas/conf/ranger-plugin-keystore.jks
+# SSL_KEYSTORE_PASSWORD=none
+# SSL_TRUSTSTORE_FILE_PATH=/etc/atlas/conf/ranger-plugin-truststore.jks
+# SSL_TRUSTSTORE_PASSWORD=none
+#
+# You do not need use SSL between agent and security admin tool, please leave these sample value as it is.
+#
+SSL_KEYSTORE_FILE_PATH=/etc/atlas/conf/ranger-plugin-keystore.jks
+SSL_KEYSTORE_PASSWORD=myKeyFilePassword
+SSL_TRUSTSTORE_FILE_PATH=/etc/atlas/conf/ranger-plugin-truststore.jks
+SSL_TRUSTSTORE_PASSWORD=changeit
+
+#
+# Custom component user
+# CUSTOM_COMPONENT_USER=<custom-user>
+# keep blank if component user is default
+CUSTOM_USER=atlas
+
+
+#
+# Custom component group
+# CUSTOM_COMPONENT_GROUP=<custom-group>
+# keep blank if component group is default
+CUSTOM_GROUP=hadoop
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java b/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
new file mode 100644
index 0000000..c735aa7
--- /dev/null
+++ b/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authorization.atlas.authorizer;
+
+import java.util.Date;
+import java.util.Set;
+
+import org.apache.atlas.authorize.AtlasAccessRequest;
+import org.apache.atlas.authorize.AtlasAuthorizationException;
+import org.apache.atlas.authorize.AtlasAuthorizer;
+import org.apache.atlas.authorize.AtlasResourceTypes;
+import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResult;
+import org.apache.ranger.plugin.service.RangerBasePlugin;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class RangerAtlasAuthorizer implements AtlasAuthorizer {
+ private static final Logger LOG = LoggerFactory.getLogger(RangerAtlasAuthorizer.class);
+ private static boolean isDebugEnabled = LOG.isDebugEnabled();
+ private static volatile RangerBasePlugin atlasPlugin = null;
+
+ @Override
+ public void init() {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerAtlasPlugin.init()");
+ }
+
+ RangerBasePlugin plugin = atlasPlugin;
+
+ if (plugin == null) {
+ synchronized (RangerAtlasPlugin.class) {
+ plugin = atlasPlugin;
+
+ if (plugin == null) {
+ plugin = new RangerAtlasPlugin();
+ plugin.init();
+ plugin.setResultProcessor(new RangerDefaultAuditHandler());
+ atlasPlugin = plugin;
+
+ }
+ }
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerAtlasPlugin.init()");
+ }
+ }
+
+ @Override
+ public boolean isAccessAllowed(AtlasAccessRequest request) throws AtlasAuthorizationException {
+ boolean isAccessAllowed = true;
+ if (isDebugEnabled) {
+ LOG.debug("==> isAccessAllowed( " + request + " )");
+ }
+
+ String resource = request.getResource();
+ String user = request.getUser();
+ Set<String> userGroups = request.getUserGroups();
+ String action = request.getAction().name();
+ Set<AtlasResourceTypes> resourceTypes = request.getResourceTypes();
+ String clientIPAddress = request.getClientIPAddress();
+
+ for (AtlasResourceTypes resourceType : resourceTypes) {
+ RangerAtlasAccessRequest rangerRequest =
+ new RangerAtlasAccessRequest(resourceType, resource, action, user, userGroups, clientIPAddress);
+ if (isDebugEnabled) {
+ LOG.debug("Creating RangerAtlasAccessRequest with values [resource : " + resource + ", user : " + user
+ + ", Groups : " + userGroups + ", action : " + action + ", resourceType : " + resourceType
+ + ", clientIP : " + clientIPAddress + "]");
+ }
+ isAccessAllowed = checkAccess(rangerRequest);
+ if (!isAccessAllowed) {
+ break;
+ }
+ }
+
+ if (isDebugEnabled) {
+ LOG.debug("<== isAccessAllowed Returning value :: " + isAccessAllowed);
+ }
+ return isAccessAllowed;
+ }
+
+ private boolean checkAccess(RangerAtlasAccessRequest request) {
+ boolean isAccessAllowed = false;
+ RangerBasePlugin plugin = atlasPlugin;
+
+ if (plugin != null) {
+ RangerAccessResult rangerResult = plugin.isAccessAllowed(request);
+ isAccessAllowed = (rangerResult == null) ? false : rangerResult.getIsAllowed();
+ } else {
+ isAccessAllowed = false;
+ LOG.warn("AtlasPlugin not initialized properly : " + plugin+"... Access blocked!!!");
+ }
+ return isAccessAllowed;
+ }
+
+ @Override
+ public void cleanUp() {
+ if (isDebugEnabled) {
+ LOG.debug("==> cleanUp ");
+ }
+ }
+
+ class RangerAtlasPlugin extends RangerBasePlugin {
+ RangerAtlasPlugin() {
+ super("atlas", "atlas");
+ }
+ }
+
+}
+
+class RangerAtlasAccessRequest extends RangerAccessRequestImpl {
+
+ public RangerAtlasAccessRequest(AtlasResourceTypes resType, String resource, String action, String user,
+ Set<String> userGroups, String clientIp) {
+ super.setResource(new RangerAtlasResource(resType, resource));
+ super.setAccessType(action);
+ super.setUser(user);
+ super.setUserGroups(userGroups);
+ super.setAccessTime(new Date(System.currentTimeMillis()));
+ super.setClientIPAddress(clientIp);
+ super.setAction(action);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasResource.java
----------------------------------------------------------------------
diff --git a/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasResource.java b/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasResource.java
new file mode 100644
index 0000000..01b0f82
--- /dev/null
+++ b/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasResource.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authorization.atlas.authorizer;
+
+import org.apache.atlas.authorize.AtlasResourceTypes;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class RangerAtlasResource extends RangerAccessResourceImpl {
+ public static final String KEY_TYPE = "type";
+ public static final String KEY_ENTITY = "entity";
+ public static final String KEY_OPERATION = "operation";
+ public static final String KEY_TAXONOMY = "taxonomy";
+ public static final String KEY_TERM = "term";
+
+ private static final Logger LOG = LoggerFactory.getLogger(RangerAtlasResource.class);
+
+ public RangerAtlasResource(AtlasResourceTypes resourceType, String atlasResource) {
+ switch (resourceType) {
+ case TYPE:
+ setValue(KEY_TYPE, atlasResource);
+ break;
+ case ENTITY:
+ setValue(KEY_ENTITY, atlasResource);
+ break;
+ case OPERATION:
+ setValue(KEY_OPERATION, atlasResource);
+ break;
+ case TAXONOMY:
+ setValue(KEY_TAXONOMY, atlasResource);
+ break;
+ case TERM:
+ setValue(KEY_TERM, atlasResource);
+ break;
+ default:
+ LOG.warn("Invalid Resource : " + atlasResource);
+ break;
+ }
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
----------------------------------------------------------------------
diff --git a/plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java b/plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
new file mode 100644
index 0000000..47616f4
--- /dev/null
+++ b/plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ranger.services.atlas;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.client.BaseClient;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.service.RangerBaseService;
+import org.apache.ranger.plugin.service.ResourceLookupContext;
+
+public class RangerServiceAtlas extends RangerBaseService {
+
+ private static final Log LOG = LogFactory.getLog(RangerServiceAtlas.class);
+
+ public RangerServiceAtlas() {
+ super();
+ }
+
+ @Override
+ public void init(RangerServiceDef serviceDef, RangerService service) {
+ super.init(serviceDef, service);
+ }
+
+ @Override
+ public HashMap<String, Object> validateConfig() throws Exception {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("This method will be implemented");
+ }
+ HashMap<String, Object> responseMap = new HashMap<String, Object>();
+ String msg = "This feature is not available currently";
+ BaseClient.generateResponseDataMap(true, msg, msg, null, null, responseMap);
+ return responseMap;
+ }
+
+ @Override
+ public List<String> lookupResource(ResourceLookupContext context) throws Exception {
+ //This feature is not available currently
+ return new ArrayList<String>();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/src/test/resource/log4j.properties
----------------------------------------------------------------------
diff --git a/plugin-atlas/src/test/resource/log4j.properties b/plugin-atlas/src/test/resource/log4j.properties
new file mode 100644
index 0000000..f7ab2ba
--- /dev/null
+++ b/plugin-atlas/src/test/resource/log4j.properties
@@ -0,0 +1,34 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+##-- To prevent junits from cluttering the build run by default all test runs send output to null appender
+log4j.appender.devnull=org.apache.log4j.varia.NullAppender
+ranger.root.logger=FATAL,devnull
+
+##-- uncomment the following line during during development/debugging so see debug messages during test run to be emitted to console
+# ranger.root.logger=DEBUG,console
+log4j.rootLogger=${ranger.root.logger}
+
+# Logging Threshold
+log4j.threshold=ALL
+
+#
+# console
+# Add "console" to rootlogger above if you want to use this
+#
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.target=System.err
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/plugin-atlas/template/configuration.xml
----------------------------------------------------------------------
diff --git a/plugin-atlas/template/configuration.xml b/plugin-atlas/template/configuration.xml
new file mode 100644
index 0000000..bdb0125
--- /dev/null
+++ b/plugin-atlas/template/configuration.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<configuration>
+</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 327f30c..29292a7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -104,9 +104,11 @@
<module>ranger-storm-plugin-shim</module>
<module>ranger-kafka-plugin-shim</module>
<module>ranger-solr-plugin-shim</module>
+ <module>ranger-atlas-plugin-shim</module>
<module>ranger-hive-utils</module>
<module>ranger-examples</module>
<module>ranger-tools</module>
+ <module>plugin-atlas</module>
</modules>
<properties>
<javac.source.version>1.7</javac.source.version>
@@ -162,6 +164,7 @@
<hamcrest.all.version>1.3</hamcrest.all.version>
<hbase.version>1.1.3</hbase.version>
<hive.version>2.1.0-SNAPSHOT</hive.version>
+ <atlas.version>0.7-incubating-SNAPSHOT</atlas.version>
<htrace-core.version>3.1.0-incubating</htrace-core.version>
<httpcomponents.httpclient.version>4.3.6</httpcomponents.httpclient.version>
<httpcomponents.httpcore.version>4.4.3</httpcomponents.httpcore.version>
@@ -401,6 +404,7 @@
<descriptor>src/main/assembly/kms.xml</descriptor>
<descriptor>src/main/assembly/ranger-tools.xml</descriptor>
<descriptor>src/main/assembly/ranger-src.xml</descriptor>
+ <descriptor>src/main/assembly/atlas-agent.xml</descriptor>
</descriptors>
</configuration>
</plugin>
@@ -517,6 +521,7 @@
<exclude>**/.classpath/**</exclude>
<exclude>**/*.iml</exclude>
<exclude>**/target/**</exclude>
+ <exclude>**/bin/**</exclude>
<exclude>**/CHANGES</exclude>
<exclude>**/ISSUES</exclude>
<exclude>**/patchprocess/**</exclude>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/ranger-atlas-plugin-shim/.gitignore
----------------------------------------------------------------------
diff --git a/ranger-atlas-plugin-shim/.gitignore b/ranger-atlas-plugin-shim/.gitignore
new file mode 100644
index 0000000..b9c5b0b
--- /dev/null
+++ b/ranger-atlas-plugin-shim/.gitignore
@@ -0,0 +1,2 @@
+/target/
+.settings/
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/ranger-atlas-plugin-shim/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-atlas-plugin-shim/pom.xml b/ranger-atlas-plugin-shim/pom.xml
new file mode 100644
index 0000000..a656d94
--- /dev/null
+++ b/ranger-atlas-plugin-shim/pom.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>ranger-atlas-plugin-shim</artifactId>
+ <name>Atlas Security Plugin Shim</name>
+ <description>Atlas Security Plugins Shim</description>
+ <packaging>jar</packaging>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <parent>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger</artifactId>
+ <version>0.6.0-SNAPSHOT</version>
+ <relativePath>..</relativePath>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <version>${commons.logging.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-common</artifactId>
+ <version>${hadoop.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-hdfs</artifactId>
+ <version>${hadoop.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger-plugin-classloader</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-lang</groupId>
+ <artifactId>commons-lang</artifactId>
+ <version>${commons.lang.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.google.code.gson</groupId>
+ <artifactId>gson</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger-plugins-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger-plugins-audit</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.atlas</groupId>
+ <artifactId>atlas-authorization</artifactId>
+ <version>${atlas.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.atlas</groupId>
+ <artifactId>atlas-common</artifactId>
+ <version>${atlas.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
----------------------------------------------------------------------
diff --git a/ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java b/ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
new file mode 100644
index 0000000..d8bdefd
--- /dev/null
+++ b/ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
@@ -0,0 +1,142 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authorization.atlas.authorizer;
+
+import org.apache.atlas.authorize.AtlasAccessRequest;
+import org.apache.atlas.authorize.AtlasAuthorizationException;
+import org.apache.atlas.authorize.AtlasAuthorizer;
+import org.apache.ranger.plugin.classloader.RangerPluginClassLoader;
+import org.apache.ranger.plugin.service.RangerBasePlugin;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class RangerAtlasAuthorizer implements AtlasAuthorizer {
+ private static final Logger LOG = LoggerFactory.getLogger(RangerAtlasAuthorizer.class);
+ private static boolean isDebugEnabled = LOG.isDebugEnabled();
+ private static volatile RangerBasePlugin atlasPlugin = null;
+
+ private static final String RANGER_PLUGIN_TYPE = "atlas";
+ private static final String[] RANGER_PLUGIN_LIB_DIR = new String[] {"lib/ranger-atlas-plugin"};
+ private static final String RANGER_ATLAS_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer";
+
+ private AtlasAuthorizer rangerAtlasAuthorizerImpl = null;
+ private static RangerPluginClassLoader rangerPluginClassLoader = null;
+
+ public RangerAtlasAuthorizer() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerAtlasAuthorizer.RangerAtlasAuthorizer()");
+ }
+
+ this.init0();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerAtlasAuthorizer.RangerAtlasAuthorizer()");
+ }
+ }
+
+ private void init0() {
+ LOG.info("Initializing RangerAtlasPlugin");
+ try {
+ rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass());
+
+ @SuppressWarnings("unchecked")
+ Class<AtlasAuthorizer> cls = (Class<AtlasAuthorizer>) Class.forName(RANGER_ATLAS_AUTHORIZER_IMPL_CLASSNAME, true, rangerPluginClassLoader);
+
+ activatePluginClassLoader();
+
+ rangerAtlasAuthorizerImpl = cls.newInstance();
+ } catch (Exception e) {
+ // check what need to be done
+ LOG.error("Error Enabling RangerAtlasPluing", e);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerAtlasPlugin.init()");
+ }
+ }
+
+ @Override
+ public void init() {
+ if (isDebugEnabled) {
+ LOG.debug("gautam init <===");
+ }
+
+ try {
+ activatePluginClassLoader();
+
+ rangerAtlasAuthorizerImpl.init();
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if (isDebugEnabled) {
+ LOG.debug("gautam init ===> " );
+ }
+
+ }
+
+ @Override
+ public boolean isAccessAllowed(AtlasAccessRequest request) throws AtlasAuthorizationException {
+ boolean isAccessAllowed = false;
+ if (isDebugEnabled) {
+ LOG.debug("isAccessAllowed <===");
+ }
+
+ try {
+ activatePluginClassLoader();
+
+ isAccessAllowed = rangerAtlasAuthorizerImpl.isAccessAllowed(request);
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ if (isDebugEnabled) {
+ LOG.debug("isAccessAllowed ===> Returning value :: " + isAccessAllowed);
+ }
+ return isAccessAllowed;
+ }
+
+ @Override
+ public void cleanUp() {
+ if (isDebugEnabled) {
+ LOG.debug("cleanUp <===");
+ }
+ try {
+ activatePluginClassLoader();
+ rangerAtlasAuthorizerImpl.cleanUp();
+ } finally {
+ deactivatePluginClassLoader();
+ }
+
+ }
+
+ private void activatePluginClassLoader() {
+ if(rangerPluginClassLoader != null) {
+ rangerPluginClassLoader.activate();
+ }
+ }
+
+ private void deactivatePluginClassLoader() {
+ if(rangerPluginClassLoader != null) {
+ rangerPluginClassLoader.deactivate();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a40ad32/src/main/assembly/atlas-agent.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/atlas-agent.xml b/src/main/assembly/atlas-agent.xml
new file mode 100644
index 0000000..a1c1cc5
--- /dev/null
+++ b/src/main/assembly/atlas-agent.xml
@@ -0,0 +1,170 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<assembly>
+ <id>atlas-plugin</id>
+ <formats>
+ <format>tar.gz</format>
+ <format>zip</format>
+ </formats>
+ <baseDirectory>${project.name}-${project.version}-atlas-plugin</baseDirectory>
+ <includeBaseDirectory>true</includeBaseDirectory>
+ <moduleSets>
+
+ <moduleSet>
+ <binaries>
+ <includeDependencies>false</includeDependencies>
+ <unpack>false</unpack>
+ <directoryMode>755</directoryMode>
+ <fileMode>644</fileMode>
+ <outputDirectory>/lib</outputDirectory>
+ </binaries>
+ <includes>
+ <include>org.apache.ranger:ranger-atlas-plugin-shim</include>
+ <include>org.apache.ranger:ranger-plugin-classloader</include>
+ </includes>
+ </moduleSet>
+
+ <moduleSet>
+ <binaries>
+ <includeDependencies>false</includeDependencies>
+ <unpack>false</unpack>
+ <directoryMode>755</directoryMode>
+ <fileMode>644</fileMode>
+ <dependencySets>
+ <dependencySet>
+ <outputDirectory>/lib/ranger-atlas-plugin-impl</outputDirectory>
+ <includes>
+ <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include>
+ <include>com.google.code.gson:gson</include>
+ <include>org.eclipse.persistence:eclipselink</include>
+ <include>org.eclipse.persistence:javax.persistence</include>
+ <include>com.sun.jersey:jersey-bundle</include>
+ <include>com.google.guava:guava:jar:${guava.version}</include>
+ <include>org.codehaus.jackson:jackson-core-asl</include>
+ <include>org.codehaus.jackson:jackson-jaxrs</include>
+ <include>org.codehaus.jackson:jackson-mapper-asl</include>
+ <include>org.codehaus.jackson:jackson-xc</include>
+ <include>commons-configuration:commons-configuration</include>
+ <include>com.google.code.gson:gson*</include>
+ <include>org.apache.httpcomponents:httpmime:jar:${httpcomponents.httpmime.version}</include>
+ <include>org.noggit:noggit:jar:${noggit.version}</include>
+ <include>com.google.protobuf:protobuf-java:jar:${protobuf-java.version}</include>
+ <include>org.apache.hadoop:hadoop-hdfs:jar:${hadoop.version}</include>
+ <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include>
+ <include>org.apache.htrace:htrace-core:jar:${htrace-core.version}</include>
+ <include>org.codehaus.jackson:jackson-core-asl:jar:${codehaus.jackson.version}</include>
+ <include>org.codehaus.jackson:jackson-mapper-asl:jar:${codehaus.jackson.version}</include>
+ </includes>
+ <unpack>false</unpack>
+ </dependencySet>
+ <dependencySet>
+ <outputDirectory>/install/lib</outputDirectory>
+ <unpack>false</unpack>
+ <directoryMode>755</directoryMode>
+ <fileMode>644</fileMode>
+ <includes>
+ <include>commons-cli:commons-cli</include>
+ <include>commons-collections:commons-collections</include>
+ <include>commons-configuration:commons-configuration:jar:${commons.configuration.version}</include>
+ <include>commons-io:commons-io:jar:${commons.io.version}</include>
+ <include>commons-lang:commons-lang:jar:${commons.lang.version}</include>
+ <include>commons-logging:commons-logging</include>
+ <include>com.google.guava:guava:jar:${guava.version}</include>
+ <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include>
+ <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include>
+ <include>org.apache.hadoop:hadoop-auth:jar:${hadoop-common.version}</include>
+ <include>org.apache.ranger:ranger-plugins-cred</include>
+ <include>org.apache.ranger:credentialbuilder</include>
+ </includes>
+ </dependencySet>
+ </dependencySets>
+ <outputDirectory>/lib/ranger-atlas-plugin-impl</outputDirectory>
+ </binaries>
+ <includes>
+ <include>org.apache.ranger:ranger_solrj</include>
+ <include>org.apache.ranger:ranger-plugins-audit</include>
+ <include>org.apache.ranger:ranger-plugins-cred</include>
+ <include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ranger-atlas-plugin</include>
+ </includes>
+ </moduleSet>
+ <moduleSet>
+ <binaries>
+ <includeDependencies>false</includeDependencies>
+ <outputDirectory>/install/lib</outputDirectory>
+ <unpack>false</unpack>
+ </binaries>
+ <includes>
+ <include>org.apache.ranger:ranger-plugins-installer</include>
+ <include>org.apache.ranger:credentialbuilder</include>
+ </includes>
+ </moduleSet>
+ </moduleSets>
+ <fileSets>
+ <!-- conf.templates for enable -->
+ <fileSet>
+ <outputDirectory>/install/conf.templates/enable</outputDirectory>
+ <directory>plugin-atlas/conf</directory>
+ <excludes>
+ <exclude>*.sh</exclude>
+ </excludes>
+ <fileMode>700</fileMode>
+ </fileSet>
+ <fileSet>
+ <outputDirectory>/install/conf.templates/default</outputDirectory>
+ <directory>plugin-atlas/template</directory>
+ <fileMode>700</fileMode>
+ </fileSet>
+ <!-- version file -->
+ <fileSet>
+ <outputDirectory>/</outputDirectory>
+ <directory>${project.build.outputDirectory}</directory>
+ <includes>
+ <include>version</include>
+ </includes>
+ <fileMode>444</fileMode>
+ </fileSet>
+ </fileSets>
+ <!-- enable/disable script for plugin -->
+ <files>
+ <file>
+ <source>agents-common/scripts/enable-agent.sh</source>
+ <outputDirectory>/</outputDirectory>
+ <destName>enable-atlas-plugin.sh</destName>
+ <fileMode>755</fileMode>
+ </file>
+ <file>
+ <source>security-admin/scripts/ranger_credential_helper.py</source>
+ <outputDirectory>/</outputDirectory>
+ <fileMode>755</fileMode>
+ </file>
+ <file>
+ <source>agents-common/scripts/enable-agent.sh</source>
+ <outputDirectory>/</outputDirectory>
+ <destName>disable-atlas-plugin.sh</destName>
+ <fileMode>755</fileMode>
+ </file>
+ <file>
+ <source>plugin-atlas/scripts/install.properties</source>
+ <outputDirectory>/</outputDirectory>
+ <destName>install.properties</destName>
+ <fileMode>755</fileMode>
+ </file>
+ </files>
+</assembly>
+