You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2016/05/10 23:01:29 UTC
incubator-ranger git commit: RANGER-982: updated name of default policies in a new service instance

Repository: incubator-ranger
Updated Branches:
  refs/heads/master f4a7037db -> 2b0281390


RANGER-982: updated name of default policies in a new service instance

Signed-off-by: Madhan Neethiraj <ma...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2b028139
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2b028139
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2b028139

Branch: refs/heads/master
Commit: 2b0281390e79310c2eafa4d483b67f044e76a591
Parents: f4a7037
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Mon May 9 16:54:51 2016 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue May 10 15:47:05 2016 -0700

----------------------------------------------------------------------
 .../org/apache/ranger/biz/ServiceDBStore.java   | 114 ++++++++++++++++---
 1 file changed, 98 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2b028139/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index e27f7ce..69eb630 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -19,12 +19,19 @@
 
 package org.apache.ranger.biz;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 import java.util.Map.Entry;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.OutputStream;
 import java.text.SimpleDateFormat;
+import java.util.TreeMap;
 
 import javax.annotation.PostConstruct;
 import javax.servlet.http.HttpServletResponse;
@@ -36,9 +43,67 @@ import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.security.SecureClientLogin;
 import org.apache.hadoop.security.authentication.util.KerberosName;
 import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
-import org.apache.ranger.common.*;
-import org.apache.ranger.db.*;
-import org.apache.ranger.entity.*;
+import org.apache.ranger.common.AppConstants;
+import org.apache.ranger.common.ContextUtil;
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.PasswordUtils;
+import org.apache.ranger.common.PropertiesUtil;
+import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.RangerConstants;
+import org.apache.ranger.common.RangerFactory;
+import org.apache.ranger.common.RangerServicePoliciesCache;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.common.UserSessionBase;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXAccessTypeDefDao;
+import org.apache.ranger.db.XXAccessTypeDefGrantsDao;
+import org.apache.ranger.db.XXContextEnricherDefDao;
+import org.apache.ranger.db.XXDataMaskTypeDefDao;
+import org.apache.ranger.db.XXEnumDefDao;
+import org.apache.ranger.db.XXEnumElementDefDao;
+import org.apache.ranger.db.XXPolicyConditionDefDao;
+import org.apache.ranger.db.XXPolicyItemAccessDao;
+import org.apache.ranger.db.XXPolicyItemConditionDao;
+import org.apache.ranger.db.XXPolicyItemDao;
+import org.apache.ranger.db.XXPolicyItemDataMaskInfoDao;
+import org.apache.ranger.db.XXPolicyItemGroupPermDao;
+import org.apache.ranger.db.XXPolicyItemRowFilterInfoDao;
+import org.apache.ranger.db.XXPolicyItemUserPermDao;
+import org.apache.ranger.db.XXPolicyResourceDao;
+import org.apache.ranger.db.XXPolicyResourceMapDao;
+import org.apache.ranger.db.XXResourceDefDao;
+import org.apache.ranger.db.XXServiceConfigDefDao;
+import org.apache.ranger.db.XXServiceConfigMapDao;
+import org.apache.ranger.db.XXServiceDao;
+import org.apache.ranger.db.XXServiceVersionInfoDao;
+import org.apache.ranger.entity.XXAccessTypeDef;
+import org.apache.ranger.entity.XXAccessTypeDefGrants;
+import org.apache.ranger.entity.XXContextEnricherDef;
+import org.apache.ranger.entity.XXDBBase;
+import org.apache.ranger.entity.XXDataHist;
+import org.apache.ranger.entity.XXDataMaskTypeDef;
+import org.apache.ranger.entity.XXEnumDef;
+import org.apache.ranger.entity.XXEnumElementDef;
+import org.apache.ranger.entity.XXGroup;
+import org.apache.ranger.entity.XXPolicy;
+import org.apache.ranger.entity.XXPolicyConditionDef;
+import org.apache.ranger.entity.XXPolicyItem;
+import org.apache.ranger.entity.XXPolicyItemAccess;
+import org.apache.ranger.entity.XXPolicyItemCondition;
+import org.apache.ranger.entity.XXPolicyItemDataMaskInfo;
+import org.apache.ranger.entity.XXPolicyItemGroupPerm;
+import org.apache.ranger.entity.XXPolicyItemRowFilterInfo;
+import org.apache.ranger.entity.XXPolicyItemUserPerm;
+import org.apache.ranger.entity.XXPolicyResource;
+import org.apache.ranger.entity.XXPolicyResourceMap;
+import org.apache.ranger.entity.XXResourceDef;
+import org.apache.ranger.entity.XXService;
+import org.apache.ranger.entity.XXServiceConfigDef;
+import org.apache.ranger.entity.XXServiceConfigMap;
+import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.entity.XXServiceVersionInfo;
+import org.apache.ranger.entity.XXTrxLog;
+import org.apache.ranger.entity.XXUser;
 import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem;
@@ -63,7 +128,10 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerRowFilterDef;
 import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef;
 import org.apache.ranger.plugin.model.validation.RangerServiceDefHelper;
 import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator;
-import org.apache.ranger.plugin.store.*;
+import org.apache.ranger.plugin.store.AbstractServiceStore;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.plugin.store.PList;
+import org.apache.ranger.plugin.store.ServicePredicateUtil;
 import org.apache.ranger.plugin.util.SearchFilter;
 import org.apache.ranger.plugin.util.ServicePolicies;
 import org.apache.ranger.service.RangerAuditFields;
@@ -156,7 +224,7 @@ public class ServiceDBStore extends AbstractServiceStore {
 
     @Autowired
     RangerFactory factory;
-        
+
 	private static volatile boolean legacyServiceDefsInitDone = false;
 	private Boolean populateExistingBaseFields = false;
 	
@@ -2190,10 +2258,8 @@ public class ServiceDBStore extends AbstractServiceStore {
 		} else {
 			// we need to create one policy for each resource hierarchy
 			RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef);
-			int i = 1;
 			for (List<RangerResourceDef> aHierarchy : serviceDefHelper.getResourceHierarchies(RangerPolicy.POLICY_TYPE_ACCESS)) {
-				createDefaultPolicy(createdService, vXUser, aHierarchy, i);
-				i++;
+				createDefaultPolicy(createdService, vXUser, aHierarchy);
 			}
 		}
 	}
@@ -2234,7 +2300,7 @@ public class ServiceDBStore extends AbstractServiceStore {
 
 			String tagType = "EXPIRES_ON";
 
-			String policyName = createdService.getName() + "-" + tagType;
+			String policyName = tagType;
 
 			RangerPolicy policy = new RangerPolicy();
 
@@ -2242,7 +2308,7 @@ public class ServiceDBStore extends AbstractServiceStore {
 			policy.setVersion(1L);
 			policy.setName(policyName);
 			policy.setService(createdService.getName());
-			policy.setDescription(tagType + " Policy for TAG Service: " + createdService.getName());
+			policy.setDescription("Policy for data with " + tagType + " tag");
 			policy.setIsAuditEnabled(true);
 
 			Map<String, RangerPolicyResource> resourceMap = new HashMap<String, RangerPolicyResource>();
@@ -2297,21 +2363,37 @@ public class ServiceDBStore extends AbstractServiceStore {
 		}
 	}
 
-	private void createDefaultPolicy(XXService createdService, VXUser vXUser, List<RangerResourceDef> resourceHierarchy, int num) throws Exception {
+	private String buildPolicyName(List<RangerResourceDef> resourceHierarchy) {
+		String ret = "all";
+		if (CollectionUtils.isNotEmpty(resourceHierarchy)) {
+			int resourceDefCount = 0;
+			for (RangerResourceDef resourceDef : resourceHierarchy) {
+				if (resourceDefCount > 0) {
+					ret += ", ";
+				} else {
+					ret += " - ";
+				}
+				ret += resourceDef.getName();
+				resourceDefCount++;
+			}
+		}
+		return ret;
+	}
+
+	private void createDefaultPolicy(XXService createdService, VXUser vXUser, List<RangerResourceDef> resourceHierarchy) throws Exception {
 		String adminPrincipal = PropertiesUtil.getProperty(ADMIN_USER_PRINCIPAL);
 		String adminKeytab = PropertiesUtil.getProperty(ADMIN_USER_KEYTAB);
 		String authType = PropertiesUtil.getProperty(RANGER_AUTH_TYPE);
 		String lookupPrincipal = PropertiesUtil.getProperty(LOOKUP_PRINCIPAL);
 		String lookupKeytab = PropertiesUtil.getProperty(LOOKUP_KEYTAB);
-		
 		RangerPolicy policy = new RangerPolicy();
-		String policyName=createdService.getName()+"-"+num+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss");
-		
+		String policyName=buildPolicyName(resourceHierarchy);
+
 		policy.setIsEnabled(true);
 		policy.setVersion(1L);
 		policy.setName(policyName);
 		policy.setService(createdService.getName());
-		policy.setDescription("Default Policy for Service: " + createdService.getName());
+		policy.setDescription("Policy for " + policyName);
 		policy.setIsAuditEnabled(true);
 		
 		policy.setResources(createDefaultPolicyResource(resourceHierarchy));