You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2021/09/02 18:56:34 UTC
[ranger] branch ranger-2.2 updated (91cf22c -> 670567d)
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a change to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git.
from 91cf22c RANGER-3396: fixed incorrect class name in RangerPolicyItemRowFilterInfo.toString()
new 9a65430 RANGER-3378: HDFS plugin performance improvement - RangerHdfsResource.getAsString()
new 670567d RANGER-3377: HDFS plugin performance improvement - conditionally ignore deny and exception conditions
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../policyevaluator/RangerDefaultPolicyEvaluator.java | 14 +++++++++++---
.../ranger/authorization/hadoop/RangerHdfsAuthorizer.java | 13 +++++++++++++
2 files changed, 24 insertions(+), 3 deletions(-)
[ranger] 01/02: RANGER-3378: HDFS plugin performance improvement -
RangerHdfsResource.getAsString()
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 9a65430647be51aa52f3a61fcf3cb505bfb747c0
Author: cao zhiqiang <lf...@163.com>
AuthorDate: Wed Aug 25 22:16:39 2021 -0700
RANGER-3378: HDFS plugin performance improvement - RangerHdfsResource.getAsString()
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
(cherry picked from commit b0e970f21f7b2bd3f591e291684014f92434a2d3)
(cherry picked from commit 88d4030531dd673fb8f8899c274bc56852e625b5)
---
.../ranger/authorization/hadoop/RangerHdfsAuthorizer.java | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index 605a719..2389899 100644
--- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -908,6 +908,19 @@ class RangerHdfsResource extends RangerAccessResourceImpl {
super.setValue(RangerHdfsAuthorizer.KEY_RESOURCE_PATH, path);
super.setOwnerUser(owner);
}
+
+ @Override
+ public String getAsString() {
+ String ret = super.getStringifiedValue();
+
+ if (ret == null) {
+ ret = Objects.toString(super.getValue(RangerHdfsAuthorizer.KEY_RESOURCE_PATH));
+
+ super.setStringifiedValue(ret);
+ }
+
+ return ret;
+ }
}
class RangerHdfsAccessRequest extends RangerAccessRequestImpl {
[ranger] 02/02: RANGER-3377: HDFS plugin performance improvement -
conditionally ignore deny and exception conditions
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 670567dae68e158f865eef841d8de167e0bbfa63
Author: cao zhiqiang <lf...@163.com>
AuthorDate: Wed Aug 25 23:20:04 2021 -0700
RANGER-3377: HDFS plugin performance improvement - conditionally ignore deny and exception conditions
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
(cherry picked from commit 79f6cdec2cce5d6dc3a8bb72ac2a82329cba7d4a)
(cherry picked from commit 8d617c626b949cdadf8d914259f78d050556cc5d)
---
.../policyevaluator/RangerDefaultPolicyEvaluator.java | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index b5b859c..8c08d0e 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -150,9 +150,17 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
denyExceptionEvaluators = Collections.<RangerPolicyItemEvaluator>emptyList();
} else {
allowEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW);
- denyEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY);
- allowExceptionEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS);
- denyExceptionEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS);
+
+ if (ServiceDefUtil.getOption_enableDenyAndExceptionsInPolicies(serviceDef, pluginContext)) {
+ denyEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY);
+ allowExceptionEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS);
+ denyExceptionEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS);
+ } else {
+ denyEvaluators = Collections.<RangerPolicyItemEvaluator>emptyList();
+ allowExceptionEvaluators = Collections.<RangerPolicyItemEvaluator>emptyList();
+ denyExceptionEvaluators = Collections.<RangerPolicyItemEvaluator>emptyList();
+ }
+
}
dataMaskEvaluators = createDataMaskPolicyItemEvaluators(policy, serviceDef, options, policy.getDataMaskPolicyItems());