You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/01/20 22:44:37 UTC
incubator-ranger git commit: RANGER-203: PolicyEngine interface
updated with additional methods - to set/get defaultAuditHandler,
isAccessAllowed methods without auditHandler parameter,
createAccessResult method.
Repository: incubator-ranger
Updated Branches:
refs/heads/stack 0d7f8dea8 -> 1e590f35d
RANGER-203: PolicyEngine interface updated with additional methods - to
set/get defaultAuditHandler, isAccessAllowed methods without
auditHandler parameter, createAccessResult method.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/1e590f35
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/1e590f35
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/1e590f35
Branch: refs/heads/stack
Commit: 1e590f35d1761804f077da03dab0cd1d8eacde5d
Parents: 0d7f8de
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Tue Jan 20 13:44:15 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue Jan 20 13:44:15 2015 -0800
----------------------------------------------------------------------
.../plugin/policyengine/RangerPolicyEngine.java | 10 +++
.../policyengine/RangerPolicyEngineImpl.java | 94 +++++++++-----------
2 files changed, 53 insertions(+), 51 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1e590f35/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
index c0d30c1..435ffaa 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
@@ -32,6 +32,16 @@ public interface RangerPolicyEngine {
void setPolicies(String serviceName, RangerServiceDef serviceDef, List<RangerPolicy> policies);
+ void setDefaultAuditHandler(RangerAuditHandler auditHandler);
+
+ RangerAuditHandler getDefaultAuditHandler();
+
+ RangerAccessResult createAccessResult();
+
+ RangerAccessResult isAccessAllowed(RangerAccessRequest request);
+
+ List<RangerAccessResult> isAccessAllowed(List<RangerAccessRequest> requests);
+
RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler);
List<RangerAccessResult> isAccessAllowed(List<RangerAccessRequest> requests, RangerAuditHandler auditHandler);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1e590f35/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index 351d8bd..abac54f 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -35,9 +35,10 @@ import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
public class RangerPolicyEngineImpl implements RangerPolicyEngine {
private static final Log LOG = LogFactory.getLog(RangerPolicyEngineImpl.class);
- private String serviceName = null;
- private RangerServiceDef serviceDef = null;
- private List<RangerPolicyEvaluator> policyEvaluators = null;
+ private String serviceName = null;
+ private RangerServiceDef serviceDef = null;
+ private List<RangerPolicyEvaluator> policyEvaluators = null;
+ private RangerAuditHandler defaultAuditHandler = null;
public RangerPolicyEngineImpl() {
@@ -71,6 +72,16 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
}
}
+ /* TODO:
+ * sort evaluators list for faster completion of isAccessAllowed() method
+ * 1. Global policies: the policies that cover for any resource (for example: database=*; table=*; column=*)
+ * 2. Policies that cover all resources under level-1 (for example: every thing in one or more databases)
+ * 3. Policies that cover all resources under level-2 (for example: every thing in one or more tables)
+ * ...
+ * 4. Policies that cover all resources under level-n (for example: one or more columns)
+ *
+ */
+
this.serviceName = serviceName;
this.serviceDef = serviceDef;
this.policyEvaluators = evaluators;
@@ -84,6 +95,31 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
}
@Override
+ public void setDefaultAuditHandler(RangerAuditHandler auditHandler) {
+ this.defaultAuditHandler = auditHandler;
+ }
+
+ @Override
+ public RangerAuditHandler getDefaultAuditHandler() {
+ return defaultAuditHandler;
+ }
+
+ @Override
+ public RangerAccessResult createAccessResult() {
+ return new RangerAccessResult(serviceName, serviceDef);
+ }
+
+ @Override
+ public RangerAccessResult isAccessAllowed(RangerAccessRequest request) {
+ return isAccessAllowed(request, defaultAuditHandler);
+ }
+
+ @Override
+ public List<RangerAccessResult> isAccessAllowed(List<RangerAccessRequest> requests) {
+ return isAccessAllowed(requests, defaultAuditHandler);
+ }
+
+ @Override
public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowed(" + request + ")");
@@ -134,7 +170,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowedNoAudit(" + request + ")");
}
- RangerAccessResult ret = new RangerAccessResult(serviceName, serviceDef);
+ RangerAccessResult ret = createAccessResult();
if(request != null) {
if(CollectionUtils.isEmpty(request.getAccessTypes())) {
@@ -195,6 +231,9 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
public StringBuilder toString(StringBuilder sb) {
sb.append("RangerPolicyEngineImpl={");
+ sb.append("serviceName={").append(serviceName).append("} ");
+ sb.append("serviceDef={").append(serviceDef).append("} ");
+
sb.append("policyEvaluators={");
if(policyEvaluators != null) {
for(RangerPolicyEvaluator policyEvaluator : policyEvaluators) {
@@ -209,51 +248,4 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
return sb;
}
-
-
- /*
- public void init(String svcName) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPolicyEngineImpl.init(" + svcName + ")");
- }
-
- ServiceManager svcMgr = new ServiceManager();
- ServiceDefManager sdMgr = new ServiceDefManager();
-
- RangerServiceDef serviceDef = null;
- List<RangerPolicy> policies = null;
-
- RangerService service = svcMgr.getByName(svcName);
-
- if(service == null) {
- String msg = svcName + ": service not found";
-
- LOG.error(msg);
-
- throw new Exception(msg);
- } else {
- serviceDef = sdMgr.getByName(service.getType());
-
- if(serviceDef == null) {
- String msg = service.getType() + ": service-def not found";
-
- LOG.error(msg);
-
- throw new Exception(msg);
- }
-
- policies = svcMgr.getPolicies(service.getId());
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("RangerPolicyEngineImpl.init(): found " + (policyEvaluators == null ? 0 : policyEvaluators.size()) + " policies in service '" + svcName + "'");
- }
- }
-
- setPolicies(serviceDef, policies);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPolicyEngineImpl.init(" + svcName + ")");
- }
- }
- */
}