You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2021/04/26 21:04:51 UTC
[ranger] branch ranger-2.2 updated: RANGER-3249: Enhance
RangerScriptExecutionContext class to provide APIs for comprehensive tag
information
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new 9696e41 RANGER-3249: Enhance RangerScriptExecutionContext class to provide APIs for comprehensive tag information
9696e41 is described below
commit 9696e41c16015c5044329088e74fa810700e8388
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Mon Apr 26 13:49:47 2021 -0700
RANGER-3249: Enhance RangerScriptExecutionContext class to provide APIs for comprehensive tag information
---
.../RangerScriptExecutionContext.java | 58 ++++++++++++++++++----
.../plugin/util/RangerAccessRequestUtil.java | 4 +-
2 files changed, 49 insertions(+), 13 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
index dc4ede9..c0a8f9f 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
@@ -113,14 +113,10 @@ public final class RangerScriptExecutionContext {
public String getResource() {
String ret = null;
- Object val = getRequestContext().get(RangerAccessRequestUtil.KEY_CONTEXT_RESOURCE);
+ RangerAccessResource val = RangerAccessRequestUtil.getCurrentResourceFromContext(getRequestContext());
if(val != null) {
- if(val instanceof RangerAccessResource) {
- ret = ((RangerAccessResource)val).getAsString();
- } else {
- ret = val.toString();
- }
+ ret = val.getAsString();
}
return ret;
@@ -165,12 +161,9 @@ public final class RangerScriptExecutionContext {
public String getSessionId() { return accessRequest.getSessionId(); }
public RangerTagForEval getCurrentTag() {
- RangerTagForEval ret = null;
- Object val = getRequestContext().get(RangerAccessRequestUtil.KEY_CONTEXT_TAG_OBJECT);
+ RangerTagForEval ret = RangerAccessRequestUtil.getCurrentTagFromContext(getRequestContext());
- if(val instanceof RangerTagForEval) {
- ret = (RangerTagForEval)val;
- } else {
+ if(ret == null ) {
if (LOG.isDebugEnabled()) {
logDebug("RangerScriptExecutionContext.getCurrentTag() - No current TAG object. Script execution must be for resource-based policy.");
}
@@ -221,6 +214,33 @@ public final class RangerScriptExecutionContext {
return ret;
}
+ public List<Map<String, String>> getTagAttributesForAllMatchingTags(final String tagType) {
+ List<Map<String, String>> ret = null;
+
+ if (StringUtils.isNotBlank(tagType)) {
+ Set<RangerTagForEval> tagObjectList = getAllTags();
+
+ // Assumption: There is exactly one tag with given tagType in the list of tags - may not be true ***TODO***
+ // This will get attributes of the first tagType that matches
+ if (CollectionUtils.isNotEmpty(tagObjectList)) {
+ for (RangerTagForEval tag : tagObjectList) {
+ if (tag.getType().equals(tagType)) {
+ Map<String, String> tagAttributes = tag.getAttributes();
+ if (tagAttributes != null) {
+ if (ret == null) {
+ ret = new ArrayList<>();
+ }
+ ret.add(tagAttributes);
+ }
+ break;
+ }
+ }
+ }
+ }
+
+ return ret;
+ }
+
public Set<String> getAttributeNames(final String tagType) {
Set<String> ret = null;
Map<String, String> attributes = getTagAttributes(tagType);
@@ -245,6 +265,22 @@ public final class RangerScriptExecutionContext {
return ret;
}
+ public List<String> getAttributeValueForAllMatchingTags(final String tagType, final String attributeName) {
+ List<String> ret = null;
+
+ if (StringUtils.isNotBlank(tagType) || StringUtils.isNotBlank(attributeName)) {
+ Map<String, String> attributes = getTagAttributes(tagType);
+
+ if (attributes != null && attributes.get(attributeName) != null) {
+ if (ret == null) {
+ ret = new ArrayList<>();
+ }
+ ret.add(attributes.get(attributeName));
+ }
+ }
+ return ret;
+ }
+
public String getAttributeValue(final String attributeName) {
String ret = null;
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
index a22027a..696a3f6 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
@@ -77,7 +77,7 @@ public class RangerAccessRequestUtil {
public static RangerTagForEval getCurrentTagFromContext(Map<String, Object> context) {
RangerTagForEval ret = null;
- Object val = context.get(KEY_CONTEXT_TAGS);
+ Object val = context.get(KEY_CONTEXT_TAG_OBJECT);
if(val instanceof RangerTagForEval) {
ret = (RangerTagForEval)val;
@@ -107,7 +107,7 @@ public class RangerAccessRequestUtil {
public static RangerAccessResource getCurrentResourceFromContext(Map<String, Object> context) {
RangerAccessResource ret = null;
- Object val = context.get(KEY_CONTEXT_RESOURCE);
+ Object val = MapUtils.isNotEmpty(context) ? context.get(KEY_CONTEXT_RESOURCE) : null;
if(val instanceof RangerAccessResource) {
ret = (RangerAccessResource)val;