You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2021/04/26 21:04:51 UTC

[ranger] branch ranger-2.2 updated: RANGER-3249: Enhance RangerScriptExecutionContext class to provide APIs for comprehensive tag information

This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.2 by this push:
     new 9696e41  RANGER-3249: Enhance RangerScriptExecutionContext class to provide APIs for comprehensive tag information
9696e41 is described below

commit 9696e41c16015c5044329088e74fa810700e8388
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Mon Apr 26 13:49:47 2021 -0700

    RANGER-3249: Enhance RangerScriptExecutionContext class to provide APIs for comprehensive tag information
---
 .../RangerScriptExecutionContext.java              | 58 ++++++++++++++++++----
 .../plugin/util/RangerAccessRequestUtil.java       |  4 +-
 2 files changed, 49 insertions(+), 13 deletions(-)

diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
index dc4ede9..c0a8f9f 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
@@ -113,14 +113,10 @@ public final class RangerScriptExecutionContext {
 
 	public String getResource() {
 		String ret = null;
-		Object val = getRequestContext().get(RangerAccessRequestUtil.KEY_CONTEXT_RESOURCE);
+		RangerAccessResource val = RangerAccessRequestUtil.getCurrentResourceFromContext(getRequestContext());
 
 		if(val != null) {
-			if(val instanceof RangerAccessResource) {
-				ret = ((RangerAccessResource)val).getAsString();
-			} else {
-				ret = val.toString();
-			}
+			ret = val.getAsString();
 		}
 
 		return ret;
@@ -165,12 +161,9 @@ public final class RangerScriptExecutionContext {
 	public String getSessionId() { return accessRequest.getSessionId(); }
 
 	public RangerTagForEval getCurrentTag() {
-		RangerTagForEval ret = null;
-		Object    val = getRequestContext().get(RangerAccessRequestUtil.KEY_CONTEXT_TAG_OBJECT);
+		RangerTagForEval ret = RangerAccessRequestUtil.getCurrentTagFromContext(getRequestContext());
 
-		if(val instanceof RangerTagForEval) {
-			ret = (RangerTagForEval)val;
-		} else {
+		if(ret == null ) {
 			if (LOG.isDebugEnabled()) {
 				logDebug("RangerScriptExecutionContext.getCurrentTag() - No current TAG object. Script execution must be for resource-based policy.");
 			}
@@ -221,6 +214,33 @@ public final class RangerScriptExecutionContext {
 		return ret;
 	}
 
+	public List<Map<String, String>> getTagAttributesForAllMatchingTags(final String tagType) {
+		List<Map<String, String>> ret = null;
+
+		if (StringUtils.isNotBlank(tagType)) {
+			Set<RangerTagForEval> tagObjectList = getAllTags();
+
+			// Assumption: There is exactly one tag with given tagType in the list of tags - may not be true ***TODO***
+			// This will get attributes of the first tagType that matches
+			if (CollectionUtils.isNotEmpty(tagObjectList)) {
+				for (RangerTagForEval tag : tagObjectList) {
+					if (tag.getType().equals(tagType)) {
+						Map<String, String> tagAttributes = tag.getAttributes();
+						if (tagAttributes != null) {
+							if (ret == null) {
+								ret = new ArrayList<>();
+							}
+							ret.add(tagAttributes);
+						}
+						break;
+					}
+				}
+			}
+		}
+
+		return ret;
+	}
+
 	public Set<String> getAttributeNames(final String tagType) {
 		Set<String>         ret        = null;
 		Map<String, String> attributes = getTagAttributes(tagType);
@@ -245,6 +265,22 @@ public final class RangerScriptExecutionContext {
 		return ret;
 	}
 
+	public List<String> getAttributeValueForAllMatchingTags(final String tagType, final String attributeName) {
+		List<String> ret = null;
+
+		if (StringUtils.isNotBlank(tagType) || StringUtils.isNotBlank(attributeName)) {
+			Map<String, String> attributes = getTagAttributes(tagType);
+
+			if (attributes != null && attributes.get(attributeName) != null) {
+				if (ret == null) {
+					ret = new ArrayList<>();
+				}
+				ret.add(attributes.get(attributeName));
+			}
+		}
+		return ret;
+	}
+
 	public String getAttributeValue(final String attributeName) {
 		String ret = null;
 
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
index a22027a..696a3f6 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
@@ -77,7 +77,7 @@ public class RangerAccessRequestUtil {
 
 	public static RangerTagForEval getCurrentTagFromContext(Map<String, Object> context) {
 		RangerTagForEval ret = null;
-		Object    val = context.get(KEY_CONTEXT_TAGS);
+		Object    val = context.get(KEY_CONTEXT_TAG_OBJECT);
 
 		if(val instanceof RangerTagForEval) {
 			ret = (RangerTagForEval)val;
@@ -107,7 +107,7 @@ public class RangerAccessRequestUtil {
 
 	public static RangerAccessResource getCurrentResourceFromContext(Map<String, Object> context) {
 		RangerAccessResource ret = null;
-		Object               val = context.get(KEY_CONTEXT_RESOURCE);
+		Object               val = MapUtils.isNotEmpty(context) ? context.get(KEY_CONTEXT_RESOURCE) : null;
 
 		if(val instanceof RangerAccessResource) {
 			ret = (RangerAccessResource)val;