You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/01/27 19:47:34 UTC
incubator-ranger git commit: RANGER-203: Added
RangerPolicyConditionDef.evaluatorOptions. Renamed internal permission name
"any" to "_any".
Repository: incubator-ranger
Updated Branches:
refs/heads/stack d7bf8e09d -> 4130d7a5c
RANGER-203: Added RangerPolicyConditionDef.evaluatorOptions. Renamed
internal permission name "any" to "_any".
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/4130d7a5
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/4130d7a5
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/4130d7a5
Branch: refs/heads/stack
Commit: 4130d7a5c4418376ab2942f95b6de43ef9976d2f
Parents: d7bf8e0
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Tue Jan 27 10:47:16 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue Jan 27 10:47:16 2015 -0800
----------------------------------------------------------------------
.../ranger/plugin/model/RangerPolicy.java | 2 +-
.../ranger/plugin/model/RangerServiceDef.java | 51 +++++++++++++-------
.../plugin/policyengine/RangerPolicyEngine.java | 3 +-
.../service-defs/ranger-servicedef-knox.json | 2 +-
.../policyengine/test_policyengine_hive.json | 14 +++---
5 files changed, 45 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4130d7a5/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
index 15f6be8..1a674f2 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
@@ -657,7 +657,7 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
public static class RangerPolicyItemCondition implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- private String type = null;
+ private String type = null;
private String value = null;
public RangerPolicyItemCondition() {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4130d7a5/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
index eb40a56..64c2ea9 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
@@ -1163,7 +1163,8 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
private static final long serialVersionUID = 1L;
private String name = null;
- private String evalClass = null;
+ private String evaluator = null;
+ private String evaluatorOptions = null;
private String label = null;
private String description = null;
private String rbKeyLabel = null;
@@ -1171,24 +1172,25 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
public RangerPolicyConditionDef() {
- this(null, null, null, null, null, null);
+ this(null, null, null, null, null, null, null);
}
- public RangerPolicyConditionDef(String name, String evalClass) {
- this(name, evalClass, null, null, null, null);
+ public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions) {
+ this(name, evaluator, evaluatorOptions, null, null, null, null);
}
- public RangerPolicyConditionDef(String name, String evalClass, String label) {
- this(name, evalClass, label, null, null, null);
+ public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String label) {
+ this(name, evaluator, evaluatorOptions, label, null, null, null);
}
- public RangerPolicyConditionDef(String name, String evalClass, String label, String description) {
- this(name, evalClass, label, description, null, null);
+ public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String label, String description) {
+ this(name, evaluator, evaluatorOptions, label, description, null, null);
}
- public RangerPolicyConditionDef(String name, String evalClass, String label, String description, String rbKeyLabel, String rbKeyDescription) {
+ public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String label, String description, String rbKeyLabel, String rbKeyDescription) {
setName(name);
- setEvalClass(evalClass);
+ setEvaluator(evaluator);
+ setEvaluatorOptions(evaluatorOptions);
setLabel(label);
setDescription(description);
setRbKeyLabel(rbKeyLabel);
@@ -1210,17 +1212,31 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
}
/**
- * @return the evalClass
+ * @return the evaluator
*/
- public String getEvalClass() {
- return evalClass;
+ public String getEvaluator() {
+ return evaluator;
}
/**
- * @param evalClass the evalClass to set
+ * @param evaluator the evaluator to set
*/
- public void setEvalClass(String evalClass) {
- this.evalClass = evalClass;
+ public void setEvaluator(String evaluator) {
+ this.evaluator = evaluator;
+ }
+
+ /**
+ * @return the evaluator
+ */
+ public String getEvaluatorOptions() {
+ return evaluatorOptions;
+ }
+
+ /**
+ * @param evaluator the evaluator to set
+ */
+ public void setEvaluatorOptions(String evaluatorOptions) {
+ this.evaluatorOptions = evaluatorOptions;
}
/**
@@ -1291,7 +1307,8 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
public StringBuilder toString(StringBuilder sb) {
sb.append("RangerPolicyConditionDef={");
sb.append("name={").append(name).append("} ");
- sb.append("evalClass={").append(evalClass).append("} ");
+ sb.append("evaluator={").append(evaluator).append("} ");
+ sb.append("evaluatorOptions={").append(evaluatorOptions).append("} ");
sb.append("label={").append(label).append("} ");
sb.append("description={").append(description).append("} ");
sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4130d7a5/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
index 3c340ae..a66bc23 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
@@ -28,7 +28,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
public interface RangerPolicyEngine {
public static final String GROUP_PUBLIC = "public";
- public static final String ANY_ACCESS = "any";
+ public static final String ANY_ACCESS = "_any";
+ public static final String ADMIN_ACCESS = "_admin";
public static final long UNKNOWN_POLICY = -1;
String getServiceName();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4130d7a5/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json
index 7ce09ff..3368bee 100644
--- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json
+++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json
@@ -29,6 +29,6 @@
],
"policyConditions":
[
- {"name":"ip-range","evalClass":"org.apache.ranger.knox.IpRangeCondition","label":"IP Address Range","description":"IP Address Range"}
+ {"name":"ip-range","evaluator":"org.apache.ranger.knox.IpRangeCondition","evaluatorOptions":"","label":"IP Address Range","description":"IP Address Range"}
]
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4130d7a5/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json b/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json
index 6c277d1..3fa7cf4 100644
--- a/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json
+++ b/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json
@@ -46,7 +46,7 @@
"resource":{"elements":{"database":"default"}},
"accessTypes":[],"user":"user1","userGroups":["users"],"requestData":"use default"
},
- "result":{"isAudited":true,"accessTypeResults":{"any":{"isAllowed":true,"policyId":2}}}
+ "result":{"isAudited":true,"accessTypeResults":{"_any":{"isAllowed":true,"policyId":2}}}
}
,
{"name":"ALLOW 'use default;' for user2",
@@ -54,7 +54,7 @@
"resource":{"elements":{"database":"default"}},
"accessTypes":[],"user":"user2","userGroups":["users"],"requestData":"use default"
},
- "result":{"isAudited":true,"accessTypeResults":{"any":{"isAllowed":true,"policyId":2}}}
+ "result":{"isAudited":true,"accessTypeResults":{"_any":{"isAllowed":true,"policyId":2}}}
}
,
{"name":"DENY 'use default;' to user3",
@@ -62,7 +62,7 @@
"resource":{"elements":{"database":"default"}},
"accessTypes":[],"user":"user3","userGroups":["users"],"requestData":"use default"
},
- "result":{"isAudited":true,"accessTypeResults":{"any":{"isAllowed":false,"policyId":-1}}}
+ "result":{"isAudited":true,"accessTypeResults":{"_any":{"isAllowed":false,"policyId":-1}}}
}
,
{"name":"ALLOW 'use default;' to group1",
@@ -70,7 +70,7 @@
"resource":{"elements":{"database":"default"}},
"accessTypes":[],"user":"user3","userGroups":["users", "group1"],"requestData":"use default"
},
- "result":{"isAudited":true,"accessTypeResults":{"any":{"isAllowed":true,"policyId":2}}}
+ "result":{"isAudited":true,"accessTypeResults":{"_any":{"isAllowed":true,"policyId":2}}}
}
,
{"name":"ALLOW 'use default;' to group2",
@@ -78,7 +78,7 @@
"resource":{"elements":{"database":"default"}},
"accessTypes":[],"user":"user3","userGroups":["users", "group2"],"requestData":"use default"
},
- "result":{"isAudited":true,"accessTypeResults":{"any":{"isAllowed":true,"policyId":2}}}
+ "result":{"isAudited":true,"accessTypeResults":{"_any":{"isAllowed":true,"policyId":2}}}
}
,
{"name":"DENY 'use default;' to user3/group3",
@@ -86,7 +86,7 @@
"resource":{"elements":{"database":"default"}},
"accessTypes":[],"user":"user3","userGroups":["users", "group3"],"requestData":"use default"
},
- "result":{"isAudited":true,"accessTypeResults":{"any":{"isAllowed":false,"policyId":-1}}}
+ "result":{"isAudited":true,"accessTypeResults":{"_any":{"isAllowed":false,"policyId":-1}}}
}
,
{"name":"DENY 'use finance;' to user3/group3",
@@ -94,7 +94,7 @@
"resource":{"elements":{"database":"finance"}},
"accessTypes":[],"user":"user1","userGroups":["users"],"requestData":"use finance"
},
- "result":{"isAudited":false,"accessTypeResults":{"any":{"isAllowed":false,"policyId":-1}}}
+ "result":{"isAudited":false,"accessTypeResults":{"_any":{"isAllowed":false,"policyId":-1}}}
}
,
{"name":"ALLOW 'select col1 from default.testtable;' to user1",