You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/01/31 21:38:44 UTC
[1/8] incubator-ranger git commit: RANGER-203: moved
pluggable-service-model implementation from plugin-common to exiting project
ranger-plugin-common
Repository: incubator-ranger
Updated Branches:
refs/heads/stack 46633a9ed -> 217e18924
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
deleted file mode 100644
index f1c8adf..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.util;
-
-
-import java.util.Date;
-import java.util.List;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.codehaus.jackson.annotate.JsonAutoDetect;
-import org.codehaus.jackson.annotate.JsonIgnoreProperties;
-import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
-import org.codehaus.jackson.map.annotate.JsonSerialize;
-
-@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
-@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
-@JsonIgnoreProperties(ignoreUnknown=true)
-@XmlRootElement
-@XmlAccessorType(XmlAccessType.FIELD)
-public class ServicePolicies implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private String serviceName;
- private Long serviceId;
- private RangerServiceDef serviceDef;
- private Long policyVersion;
- private Date policyUpdateTime;
- private List<RangerPolicy> policies;
-
-
- /**
- * @return the serviceName
- */
- public String getServiceName() {
- return serviceName;
- }
- /**
- * @param serviceName the serviceName to set
- */
- public void setServiceName(String serviceName) {
- this.serviceName = serviceName;
- }
- /**
- * @return the serviceId
- */
- public Long getServiceId() {
- return serviceId;
- }
- /**
- * @param serviceId the serviceId to set
- */
- public void setServiceId(Long serviceId) {
- this.serviceId = serviceId;
- }
- /**
- * @return the serviceDef
- */
- public RangerServiceDef getServiceDef() {
- return serviceDef;
- }
- /**
- * @param serviceDef the serviceDef to set
- */
- public void setServiceDef(RangerServiceDef serviceDef) {
- this.serviceDef = serviceDef;
- }
- /**
- * @return the policyVersion
- */
- public Long getPolicyVersion() {
- return policyVersion;
- }
- /**
- * @param policyVersion the policyVersion to set
- */
- public void setPolicyVersion(Long policyVersion) {
- this.policyVersion = policyVersion;
- }
- /**
- * @return the policyUpdateTime
- */
- public Date getPolicyUpdateTime() {
- return policyUpdateTime;
- }
- /**
- * @param policyUpdateTime the policyUpdateTime to set
- */
- public void setPolicyUpdateTime(Date policyUpdateTime) {
- this.policyUpdateTime = policyUpdateTime;
- }
- /**
- * @return the policies
- */
- public List<RangerPolicy> getPolicies() {
- return policies;
- }
- /**
- * @param policies the policies to set
- */
- public void setPolicies(List<RangerPolicy> policies) {
- this.policies = policies;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
deleted file mode 100644
index e04ee15..0000000
--- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
+++ /dev/null
@@ -1,50 +0,0 @@
-{
- "id":2,
- "name":"hbase",
- "implClass":"org.apache.ranger.services.hbase.RangerServiceHBase",
- "label":"HBase",
- "description":"HBase",
- "guid":"d6cea1f0-2509-4791-8fc1-7b092399ba3b",
- "createTime":"20141208-22:50:22.426--0800",
- "updateTime":"20141208-22:50:22.426--0800",
- "version":1,
- "enums":
- [
- {
- "name":"authnType",
- "elements":
- [
- {"name":"simple", "label":"Simple"},
- {"name":"kerberos","label":"Kerberos"}
- ],
- "defaultIndex":0
- }
- ],
- "configs":
- [
- {"name":"username", "type":"string", "subType":"", "mandatory":true, "label":"Username"},
- {"name":"password", "type":"password","subType":"", "mandatory":true, "label":"Password"},
- {"name":"hadoop.security.authentication", "type":"enum", "subType":"authnType","mandatory":true, "defaultValue":"simple"},
- {"name":"hbase.master.kerberos.principal", "type":"string", "subType":"", "mandatory":false,"defaultValue":""},
- {"name":"hbase.security.authentication", "type":"enum", "subType":"authnType","mandatory":true, "defaultValue":"simple"},
- {"name":"hbase.zookeeper.property.clientPort","type":"int", "subType":"", "mandatory":true, "defaultValue":"2181"},
- {"name":"hbase.zookeeper.quorum", "type":"string", "subType":"", "mandatory":true, "defaultValue":""},
- {"name":"zookeeper.znode.parent", "type":"string", "subType":"", "mandatory":true, "defaultValue":"/hbase"}
- ],
- "resources":
- [
- {"name":"table", "type":"string","level":1,"parent":"", "mandatory":true,"lookupSupported":true, "recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"},
- {"name":"column-family","type":"string","level":2,"parent":"table", "mandatory":true,"lookupSupported":true, "recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-family","description":"HBase Column-family"},
- {"name":"column", "type":"string","level":3,"parent":"column-family","mandatory":true,"lookupSupported":false,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"}
- ],
- "accessTypes":
- [
- {"name":"read", "label":"Read"},
- {"name":"write", "label":"Write"},
- {"name":"create","label":"Create"},
- {"name":"admin", "label":"Admin","impliedGrants":["read","write","create"]}
- ],
- "policyConditions":
- [
- ]
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
deleted file mode 100644
index cf8f008..0000000
--- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
+++ /dev/null
@@ -1,60 +0,0 @@
-{
- "id":1,
- "name":"hdfs",
- "implClass":"org.apache.ranger.services.hdfs.RangerServiceHdfs",
- "label":"HDFS Repository",
- "description":"HDFS Repository",
- "guid":"0d047247-bafe-4cf8-8e9b-d5d377284b2d",
- "createTime":"20141208-22:04:25.233--0800",
- "updateTime":"20141208-22:04:25.233--0800",
- "version":1,
- "enums":
- [
- {
- "name":"authnType",
- "elements":
- [
- {"name":"simple", "label":"Simple"},
- {"name":"kerberos","label":"Kerberos"}
- ],
- "defaultIndex":0
- },
- {
- "name":"rpcProtection",
- "elements":
- [
- {"name":"authentication","label":"Authentication"},
- {"name":"integrity", "label":"Integrity"},
- {"name":"privacy", "label":"Privacy"}
- ],
- "defaultIndex":0
- },
- ],
- "configs":
- [
- {"name":"username", "type":"string", "subType":"", "mandatory":true, "label":"Username"},
- {"name":"password", "type":"password","subType":"", "mandatory":true, "label":"Password"},
- {"name":"fs.default.name", "type":"string", "subType":"", "mandatory":true, "label":"Namenode URL"},
- {"name":"hadoop.security.authorization", "type":"bool", "subType":"TrueFalse", "mandatory":true, "defaultValue":"false"},
- {"name":"hadoop.security.authentication", "type":"enum", "subType":"authnType", "mandatory":true, "defaultValue":"simple"},
- {"name":"hadoop.security.auth_to_local", "type":"string", "subType":"", "mandatory":false},
- {"name":"dfs.datanode.kerberos.principal", "type":"string", "subType":"", "mandatory":false},
- {"name":"dfs.namenode.kerberos.principal", "type":"string", "subType":"", "mandatory":false},
- {"name":"dfs.secondary.namenode.kerberos.principal","type":"string", "subType":"", "mandatory":false},
- {"name":"hadoop.rpc.protection", "type":"enum", "subType":"rpcProtection","mandatory":false,"defaultValue":"authentication"},
- {"name":"certificate.cn", "type":"string", "subType":"", "mandatory":false,"label":"Common Name for Certificate"}
- ],
- "resources":
- [
- {"name":"path","type":"path","level":1,"parent":"","mandatory":true,"lookupSupported":true,"recursiveSupported":true,"excludesSupported":false,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Resource Path","description":"HDFS file or directory path"}
- ],
- "accessTypes":
- [
- {"name":"read","label":"Read"},
- {"name":"write","label":"Write"},
- {"name":"execute","label":"Execute"}
- ],
- "policyConditions":
- [
- ]
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json
deleted file mode 100644
index 6414fe3..0000000
--- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
- "id":3,
- "name":"hive",
- "implClass":"org.apache.ranger.services.hive.RangerServiceHive",
- "label":"Hive Server2",
- "description":"Hive Server2",
- "guid":"3e1afb5a-184a-4e82-9d9c-87a5cacc243c",
- "createTime":"20141208-22:51:20.732--0800",
- "updateTime":"20141208-22:51:20.732--0800",
- "version":1,
- "enums":
- [
- ],
- "configs":
- [
- {"name":"username", "type":"string", "mandatory":true, "label":"Username"},
- {"name":"password", "type":"password","mandatory":true, "label":"Password"},
- {"name":"jdbc.driverClassName","type":"string", "mandatory":true, "defaultValue":"org.apache.hive.jdbc.HiveDriver"},
- {"name":"jdbc.url", "type":"string", "mandatory":true, "defaultValue":""},
- {"name":"certificate.cn", "type":"string", "mandatory":false,"label":"Common Name for Certificate"}
- ],
- "resources":
- [
- {"name":"database","type":"string","level":1,"parent":"", "mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"},
- {"name":"table", "type":"string","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"},
- {"name":"udf", "type":"string","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"},
- {"name":"column", "type":"string","level":3,"parent":"table", "mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"}
- ],
- "accessTypes":
- [
- {"name":"select","label":"select"},
- {"name":"update","label":"update"},
- {"name":"create","label":"Create"},
- {"name":"drop", "label":"Drop"},
- {"name":"alter", "label":"Alter"},
- {"name":"index", "label":"Index"},
- {"name":"lock", "label":"Lock"},
- {"name":"all", "label":"All"}
- ],
- "policyConditions":
- [
- ]
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json
deleted file mode 100644
index f6a7157..0000000
--- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
- "id":5,
- "name":"knox",
- "implClass":"org.apache.ranger.services.knox.RangerServiceKnox",
- "label":"Knox Gateway",
- "description":"Knox Gateway",
- "guid":"84b481b5-f23b-4f71-b8b6-ab33977149ca",
- "createTime":"20141208-22:48:42.238--0800",
- "updateTime":"20141208-22:48:42.238--0800",
- "version":1,
- "enums":
- [
- ],
- "configs":
- [
- {"name":"username", "type":"string", "mandatory":true, "label":"Username"},
- {"name":"password", "type":"password","mandatory":true, "label":"Password"},
- {"name":"knox.url", "type":"string", "mandatory":true, "defaultValue":""},
- {"name":"certificate.cn","type":"string", "mandatory":false,"label":"Common Name for Certificate"}
- ],
- "resources":
- [
- {"name":"topology","type":"string","level":1,"parent":"", "mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Topology","description":"Knox Topology"},
- {"name":"service", "type":"string","level":2,"parent":"topology","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Service","description":"Knox Service"}
- ],
- "accessTypes":
- [
- {"name":"allow","label":"Allow"}
- ],
- "policyConditions":
- [
- {"name":"ip-range","evaluator":"org.apache.ranger.knox.IpRangeCondition","evaluatorOptions":"","label":"IP Address Range","description":"IP Address Range"}
- ]
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json
deleted file mode 100644
index fce10c0..0000000
--- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json
+++ /dev/null
@@ -1,46 +0,0 @@
-{
- "id":6,
- "name":"storm",
- "implClass":"org.apache.ranger.services.storm.RangerServiceStorm",
- "label":"Storm",
- "description":"Storm",
- "guid":"2a60f427-edcf-4e20-834c-a9a267b5b963",
- "createTime":"20141208-22:55:47.095--0800",
- "updateTime":"20141208-22:55:47.095--0800",
- "version":1,
- "enums":
- [
- ],
- "configs":
- [
- {"name":"username", "type":"string", "mandatory":true, "label":"Username"},
- {"name":"password", "type":"password","mandatory":true, "label":"Password"},
- {"name":"nimbus.url", "type":"string", "mandatory":true, "label":"Nimbus URL","defaultValue":""},
- {"name":"certificate.cn","type":"string", "mandatory":false,"label":"Common Name for Certificate"}
- ],
- "resources":
- [
- {"name":"topology","type":"string","level":1,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Storm Topology","description":"Storm Topology"}
- ],
- "accessTypes":
- [
- {"name":"topology-submit", "label":"Submit Topology"},
- {"name":"file-upload", "label":"File Upload"},
- {"name":"nimbus-conf-get", "label":"Get Nimbus Conf"},
- {"name":"cluster-conf-get", "label":"Get Cluster Conf"},
- {"name":"cluster-info-get", "label":"Get Cluster Info"},
- {"name":"file-download", "label":"File Download"},
- {"name":"topology-kill", "label":"Kill Topology"},
- {"name":"rebalance", "label":"Rebalance"},
- {"name":"activate", "label":"Activate"},
- {"name":"deactivate", "label":"Deactivate"},
- {"name":"topology-conf-get", "label":"Get Topology Conf"},
- {"name":"topology-get", "label":"Get Topology"},
- {"name":"topology-user-get", "label":"Get User Topology"},
- {"name":"topology-info-get", "label":"Get Topology Info"},
- {"name":"new-credential-upload","label":"Upload New Credential"}
- ],
- "policyConditions":
- [
- ]
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
deleted file mode 100644
index f940c30..0000000
--- a/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-import static org.junit.Assert.*;
-
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.lang.reflect.Type;
-import java.util.List;
-
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.policyengine.TestPolicyEngine.PolicyEngineTestCase.TestData;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.google.gson.JsonDeserializationContext;
-import com.google.gson.JsonDeserializer;
-import com.google.gson.JsonElement;
-import com.google.gson.JsonParseException;
-
-
-public class TestPolicyEngine {
- static RangerPolicyEngineImpl policyEngine = null;
- static Gson gsonBuilder = null;
-
-
- @BeforeClass
- public static void setUpBeforeClass() throws Exception {
- policyEngine = new RangerPolicyEngineImpl();
- gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z")
- .setPrettyPrinting()
- .registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer())
- .registerTypeAdapter(RangerResource.class, new RangerResourceDeserializer())
- .create();
- }
-
- @AfterClass
- public static void tearDownAfterClass() throws Exception {
- }
-
- @Test
- public void testPolicyEngine_hdfs() {
- String[] hdfsTestResourceFiles = { "/policyengine/test_policyengine_hdfs.json" };
-
- runTestsFromResourceFiles(hdfsTestResourceFiles);
- }
-
- @Test
- public void testPolicyEngine_hive() {
- String[] hiveTestResourceFiles = { "/policyengine/test_policyengine_hive.json" };
-
- runTestsFromResourceFiles(hiveTestResourceFiles);
- }
-
- @Test
- public void testPolicyEngine_hbase() {
- String[] hbaseTestResourceFiles = { "/policyengine/test_policyengine_hbase.json" };
-
- runTestsFromResourceFiles(hbaseTestResourceFiles);
- }
-
- private void runTestsFromResourceFiles(String[] resourceNames) {
- for(String resourceName : resourceNames) {
- InputStream inStream = this.getClass().getResourceAsStream(resourceName);
- InputStreamReader reader = new InputStreamReader(inStream);
-
- runTests(reader, resourceName);
- }
- }
-
- private void runTests(InputStreamReader reader, String testName) {
- try {
- PolicyEngineTestCase testCase = gsonBuilder.fromJson(reader, PolicyEngineTestCase.class);
-
- assertTrue("invalid input: " + testName, testCase != null && testCase.serviceDef != null && testCase.policies != null && testCase.tests != null);
-
- policyEngine.setPolicies(testCase.serviceName, testCase.serviceDef, testCase.policies);
-
- for(TestData test : testCase.tests) {
- RangerAccessResult expected = test.result;
- RangerAccessResult result = policyEngine.isAccessAllowed(test.request, null);
-
- assertNotNull(test.name, result);
- assertEquals(test.name, expected.getIsAllowed(), result.getIsAllowed());
- assertEquals(test.name, expected.getIsAudited(), result.getIsAudited());
- assertEquals(test.name, expected.getPolicyId(), result.getPolicyId());
- }
- } catch(Throwable excp) {
- excp.printStackTrace();
- }
-
- }
-
- static class PolicyEngineTestCase {
- public String serviceName;
- public RangerServiceDef serviceDef;
- public List<RangerPolicy> policies;
- public List<TestData> tests;
-
- class TestData {
- public String name;
- public RangerAccessRequest request;
- public RangerAccessResult result;
- }
- }
-
- static class RangerAccessRequestDeserializer implements JsonDeserializer<RangerAccessRequest> {
- @Override
- public RangerAccessRequest deserialize(JsonElement jsonObj, Type type,
- JsonDeserializationContext context) throws JsonParseException {
- return gsonBuilder.fromJson(jsonObj, RangerAccessRequestImpl.class);
- }
- }
-
- static class RangerResourceDeserializer implements JsonDeserializer<RangerResource> {
- @Override
- public RangerResource deserialize(JsonElement jsonObj, Type type,
- JsonDeserializationContext context) throws JsonParseException {
- return gsonBuilder.fromJson(jsonObj, RangerResourceImpl.class);
- }
- }
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java b/plugin-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java
deleted file mode 100644
index 4771085..0000000
--- a/plugin-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.store;
-
-import static org.junit.Assert.*;
-
-import java.util.List;
-
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.store.ServiceStore;
-import org.apache.ranger.plugin.store.ServiceStoreFactory;
-import org.apache.ranger.plugin.util.SearchFilter;
-import org.apache.ranger.plugin.util.ServicePolicies;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-public class TestServiceStore {
- static ServiceStore svcStore = null;
- static SearchFilter filter = null;
-
- static final String sdName = "svcDef-unit-test-TestServiceStore";
- static final String serviceName = "svc-unit-test-TestServiceStore";
- static final String policyName = "testPolicy-1";
-
- @BeforeClass
- public static void setupTest() throws Exception {
- svcStore = ServiceStoreFactory.instance().getServiceStore();
-
- // cleanup if the test service and service-def if they already exist
- List<RangerService> services = svcStore.getServices(filter);
- for(RangerService service : services) {
- if(service.getName().startsWith(serviceName)) {
- svcStore.deleteService(service.getId());
- }
- }
-
- List<RangerServiceDef> serviceDefs = svcStore.getServiceDefs(filter);
- for(RangerServiceDef serviceDef : serviceDefs) {
- if(serviceDef.getName().startsWith(sdName)) {
- svcStore.deleteServiceDef(serviceDef.getId());
- }
- }
- }
-
- @Test
- public void testServiceStore() throws Exception {
- String updatedName, updatedDescription;
-
- List<RangerServiceDef> sds = svcStore.getServiceDefs(filter);
-
- int initSdCount = sds == null ? 0 : sds.size();
-
- RangerServiceDef sd = new RangerServiceDef(sdName, "org.apache.ranger.services.TestService", "TestService", "test servicedef description", null, null, null, null, null);
-
- RangerServiceDef createdSd = svcStore.createServiceDef(sd);
- assertNotNull("createServiceDef() failed", createdSd != null);
-
- sds = svcStore.getServiceDefs(filter);
- assertEquals("createServiceDef() failed", initSdCount + 1, sds == null ? 0 : sds.size());
-
- updatedDescription = sd.getDescription() + ": updated";
- createdSd.setDescription(updatedDescription);
- RangerServiceDef updatedSd = svcStore.updateServiceDef(createdSd);
- assertNotNull("updateServiceDef(updatedDescription) failed", updatedSd);
- assertEquals("updateServiceDef(updatedDescription) failed", updatedDescription, updatedSd.getDescription());
-
- sds = svcStore.getServiceDefs(filter);
- assertEquals("updateServiceDef(updatedDescription) failed", initSdCount + 1, sds == null ? 0 : sds.size());
-
- /*
- updatedName = sd.getName() + "-Renamed";
- updatedSd.setName(updatedName);
- updatedSd = sdMgr.update(updatedSd);
- assertNotNull("updateServiceDef(updatedName) failed", updatedSd);
- assertEquals("updateServiceDef(updatedName) failed", updatedName, updatedSd.getName());
-
- sds = getAllServiceDef();
- assertEquals("updateServiceDef(updatedName) failed", initSdCount + 1, sds == null ? 0 : sds.size());
- */
-
- List<RangerService> services = svcStore.getServices(filter);
-
- int initServiceCount = services == null ? 0 : services.size();
-
- RangerService svc = new RangerService(sdName, serviceName, "test service description", null);
-
- RangerService createdSvc = svcStore.createService(svc);
- assertNotNull("createService() failed", createdSvc);
-
- services = svcStore.getServices(filter);
- assertEquals("createServiceDef() failed", initServiceCount + 1, services == null ? 0 : services.size());
-
- updatedDescription = createdSvc.getDescription() + ": updated";
- createdSvc.setDescription(updatedDescription);
- RangerService updatedSvc = svcStore.updateService(createdSvc);
- assertNotNull("updateService(updatedDescription) failed", updatedSvc);
- assertEquals("updateService(updatedDescription) failed", updatedDescription, updatedSvc.getDescription());
-
- services = svcStore.getServices(filter);
- assertEquals("updateService(updatedDescription) failed", initServiceCount + 1, services == null ? 0 : services.size());
-
- updatedName = serviceName + "-Renamed";
- updatedSvc.setName(updatedName);
- updatedSvc = svcStore.updateService(updatedSvc);
- assertNotNull("updateService(updatedName) failed", updatedSvc);
- assertEquals("updateService(updatedName) failed", updatedName, updatedSvc.getName());
-
- services = svcStore.getServices(filter);
- assertEquals("updateService(updatedName) failed", initServiceCount + 1, services == null ? 0 : services.size());
-
- List<RangerPolicy> policies = svcStore.getPolicies(filter);
-
- int initPolicyCount = policies == null ? 0 : policies.size();
-
- RangerPolicy policy = new RangerPolicy(updatedSvc.getName(), policyName, "test policy description", null, null);
- policy.getResources().put("path", new RangerPolicyResource("/demo/test/finance", Boolean.FALSE, Boolean.TRUE));
-
- RangerPolicyItem item1 = new RangerPolicyItem();
- item1.getAccesses().add(new RangerPolicyItemAccess("read"));
- item1.getAccesses().add(new RangerPolicyItemAccess("write"));
- item1.getAccesses().add(new RangerPolicyItemAccess("execute"));
- item1.getUsers().add("admin");
- item1.getGroups().add("finance");
-
- RangerPolicyItem item2 = new RangerPolicyItem();
- item2.getAccesses().add(new RangerPolicyItemAccess("read"));
- item2.getGroups().add("public");
-
- policy.getPolicyItems().add(item1);
- policy.getPolicyItems().add(item2);
-
- RangerPolicy createdPolicy = svcStore.createPolicy(policy);
- assertNotNull(createdPolicy);
- assertNotNull(createdPolicy.getPolicyItems());
- assertEquals(createdPolicy.getPolicyItems().size(), 2);
-
- RangerPolicyItem createItem1 = createdPolicy.getPolicyItems().get(0);
- RangerPolicyItem createItem2 = createdPolicy.getPolicyItems().get(1);
-
- assertNotNull(createItem1.getAccesses());
- assertEquals(createItem1.getAccesses().size(), 3);
- assertNotNull(createItem1.getUsers());
- assertEquals(createItem1.getUsers().size(), 1);
- assertNotNull(createItem1.getGroups());
- assertEquals(createItem1.getGroups().size(), 1);
-
- assertNotNull(createItem2.getAccesses());
- assertEquals(createItem2.getAccesses().size(), 1);
- assertNotNull(createItem2.getUsers());
- assertEquals(createItem2.getUsers().size(), 0);
- assertNotNull(createItem2.getGroups());
- assertEquals(createItem2.getGroups().size(), 1);
-
- policies = svcStore.getPolicies(filter);
- assertEquals("createPolicy() failed", initPolicyCount + 1, policies == null ? 0 : policies.size());
-
- updatedDescription = policy.getDescription() + ":updated";
- createdPolicy.setDescription(updatedDescription);
- RangerPolicy updatedPolicy = svcStore.updatePolicy(createdPolicy);
- assertNotNull("updatePolicy(updatedDescription) failed", updatedPolicy != null);
-
- policies = svcStore.getPolicies(filter);
- assertEquals("updatePolicy(updatedDescription) failed", initPolicyCount + 1, policies == null ? 0 : policies.size());
-
- updatedName = policyName + "-Renamed";
- updatedPolicy.setName(updatedName);
- updatedPolicy = svcStore.updatePolicy(updatedPolicy);
- assertNotNull("updatePolicy(updatedName) failed", updatedPolicy);
-
- policies = svcStore.getPolicies(filter);
- assertEquals("updatePolicy(updatedName) failed", initPolicyCount + 1, policies == null ? 0 : policies.size());
-
- // rename the service; all the policies for this service should reflect the new service name
- updatedName = serviceName + "-Renamed2";
- updatedSvc.setName(updatedName);
- updatedSvc = svcStore.updateService(updatedSvc);
- assertNotNull("updateService(updatedName2) failed", updatedSvc);
- assertEquals("updateService(updatedName2) failed", updatedName, updatedSvc.getName());
-
- services = svcStore.getServices(filter);
- assertEquals("updateService(updatedName2) failed", initServiceCount + 1, services == null ? 0 : services.size());
-
- updatedPolicy = svcStore.getPolicy(createdPolicy.getId());
- assertNotNull("updateService(updatedName2) failed", updatedPolicy);
- assertEquals("updateService(updatedName2) failed", updatedPolicy.getService(), updatedSvc.getName());
-
- ServicePolicies svcPolicies = svcStore.getServicePoliciesIfUpdated(updatedSvc.getName(), 0l);
- assertNotNull("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies);
- assertNotNull("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicies());
- assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getServiceName(), updatedSvc.getName());
- assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getServiceId(), updatedSvc.getId());
- assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicyVersion(), updatedSvc.getPolicyVersion());
- assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicyUpdateTime(), updatedSvc.getPolicyUpdateTime());
- assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getServiceDef().getId(), updatedSd.getId());
- assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicies().size(), 1);
- assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicies().get(0).getName(), updatedPolicy.getName());
-
- ServicePolicies updatedPolicies = svcStore.getServicePoliciesIfUpdated(updatedSvc.getName(), svcPolicies.getPolicyVersion());
- assertNotNull(updatedPolicies);
- assertEquals(0, updatedPolicies.getPolicies().size());
-
- filter = new SearchFilter();
- filter.setParam(SearchFilter.POLICY_NAME, policyName);
- policies = svcStore.getPolicies(filter);
- assertEquals("getPolicies(filter=origPolicyName) failed", 0, policies == null ? 0 : policies.size());
- filter = null;
-
- filter = new SearchFilter();
- filter.setParam(SearchFilter.POLICY_NAME, updatedPolicy.getName());
- policies = svcStore.getPolicies(filter);
- assertEquals("getPolicies(filter=origPolicyName) failed", 1, policies == null ? 0 : policies.size());
- filter = null;
-
- svcStore.deletePolicy(policy.getId());
- policies = svcStore.getPolicies(filter);
- assertEquals("deletePolicy() failed", initPolicyCount, policies == null ? 0 : policies.size());
-
- svcStore.deleteService(svc.getId());
- services = svcStore.getServices(filter);
- assertEquals("deleteService() failed", initServiceCount, services == null ? 0 : services.size());
-
- svcStore.deleteServiceDef(sd.getId());
- sds = svcStore.getServiceDefs(filter);
- assertEquals("deleteServiceDef() failed", initSdCount, sds == null ? 0 : sds.size());
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/test/java/org/apache/ranger/plugin/util/TestPolicyRefresher.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/java/org/apache/ranger/plugin/util/TestPolicyRefresher.java b/plugin-common/src/test/java/org/apache/ranger/plugin/util/TestPolicyRefresher.java
deleted file mode 100644
index 4cf7e3c..0000000
--- a/plugin-common/src/test/java/org/apache/ranger/plugin/util/TestPolicyRefresher.java
+++ /dev/null
@@ -1,183 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.util;
-
-import static org.junit.Assert.*;
-
-import java.util.List;
-
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl;
-import org.apache.ranger.plugin.store.ServiceStore;
-import org.apache.ranger.plugin.store.ServiceStoreFactory;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-
-public class TestPolicyRefresher {
- static RangerPolicyEngineImpl policyEngine = null;
- static ServiceStore svcStore = null;
- static PolicyRefresher refresher = null;
-
- static final long pollingIntervalInMs = 5 * 1000;
- static final long sleepTimeInMs = pollingIntervalInMs + (5 * 1000);
- static final String sdName = "hbase";
- static final String svcName = "svc-unit-test-TestPolicyRefresher";
-
- static RangerService svc = null;
- static RangerPolicy policy1 = null;
- static RangerPolicy policy2 = null;
-
- static boolean isPolicyRefreshed = false;
- static long policyCount = 0;
-
-
- /**
- * @throws java.lang.Exception
- */
- @BeforeClass
- public static void setUpBeforeClass() throws Exception {
- svcStore = ServiceStoreFactory.instance().getServiceStore();
-
- // cleanup if the test service already exists
- svc = svcStore.getServiceByName(svcName);
- if(svc != null) {
- svcStore.deleteService(svc.getId());
- }
-
- policyEngine = new RangerPolicyEngineImpl() {
- @Override
- public void setPolicies(String serviceName, RangerServiceDef serviceDef, List<RangerPolicy> policies) {
- isPolicyRefreshed = true;
- policyCount = policies != null ? policies.size() : 0;
-
- super.setPolicies(serviceName, serviceDef, policies);
- }
- };
-
- refresher = new PolicyRefresher(policyEngine, sdName, svcName, svcStore, pollingIntervalInMs, null);
- refresher.start();
-
- // create a service
- svc = new RangerService(sdName, svcName, "test service description", null);
-
- svc = svcStore.createService(svc);
- assertNotNull("createService(" + svcName + ") failed", svc);
- }
-
- /**
- * @throws java.lang.Exception
- */
- @AfterClass
- public static void tearDownAfterClass() throws Exception {
- if(refresher != null) {
- refresher.stopRefresher();
- }
-
- if(svcStore != null) {
- if(policy1 != null) {
- svcStore.deletePolicy(policy1.getId());
- }
-
- if(policy2 != null) {
- svcStore.deletePolicy(policy2.getId());
- }
-
- if(svc != null) {
- svcStore.deleteService(svc.getId());
- }
- }
- }
-
- @Test
- public void testRefresher() throws Exception {
- assertEquals("policy count - initial", 0, policyCount);
-
- RangerPolicy policy = new RangerPolicy(svc.getName(), "policy1", "test policy description", null, null);
- policy.getResources().put("table", new RangerPolicyResource("employee", Boolean.FALSE, Boolean.TRUE));
- policy.getResources().put("column-family", new RangerPolicyResource("personal", Boolean.FALSE, Boolean.TRUE));
- policy.getResources().put("column", new RangerPolicyResource("ssn", Boolean.FALSE, Boolean.TRUE));
-
- RangerPolicyItem item1 = new RangerPolicyItem();
- item1.getAccesses().add(new RangerPolicyItemAccess("admin"));
- item1.getUsers().add("admin");
- item1.getGroups().add("hr");
-
- RangerPolicyItem item2 = new RangerPolicyItem();
- item2.getAccesses().add(new RangerPolicyItemAccess("read"));
- item2.getGroups().add("public");
-
- policy.getPolicyItems().add(item1);
- policy.getPolicyItems().add(item2);
-
- policy1 = svcStore.createPolicy(policy);
-
- policy = new RangerPolicy(svc.getName(), "policy2", "test policy description", null, null);
- policy.getResources().put("table", new RangerPolicyResource("employee", Boolean.FALSE, Boolean.TRUE));
- policy.getResources().put("column-family", new RangerPolicyResource("finance", Boolean.FALSE, Boolean.TRUE));
- policy.getResources().put("column", new RangerPolicyResource("balance", Boolean.FALSE, Boolean.TRUE));
-
- item1 = new RangerPolicyItem();
- item1.getAccesses().add(new RangerPolicyItemAccess("admin"));
- item1.getUsers().add("admin");
- item1.getGroups().add("finance");
-
- policy.getPolicyItems().add(item1);
-
- policy2 = svcStore.createPolicy(policy);
-
- Thread.sleep(sleepTimeInMs);
- assertTrue("policy refresh - after two new policies", isPolicyRefreshed);
- assertEquals("policy count - after two new policies", 2, policyCount);
- isPolicyRefreshed = false;
-
- Thread.sleep(sleepTimeInMs);
- assertFalse("policy refresh - after no new policies", isPolicyRefreshed);
- assertEquals("policy count - after no new policies", 2, policyCount);
- isPolicyRefreshed = false;
-
- item2 = new RangerPolicyItem();
- item2.getAccesses().add(new RangerPolicyItemAccess("read"));
- item2.getGroups().add("public");
- policy2.getPolicyItems().add(item2);
-
- policy2 = svcStore.updatePolicy(policy2);
-
- Thread.sleep(sleepTimeInMs);
- assertTrue("policy refresh - after update policy", isPolicyRefreshed);
- assertEquals("policy count - after update policy", 2, policyCount);
- isPolicyRefreshed = false;
-
- svcStore.deletePolicy(policy2.getId());
-
- Thread.sleep(sleepTimeInMs);
- assertTrue("policy refresh - after delete policy", isPolicyRefreshed);
- assertEquals("policy count - after delete policy", 1, policyCount);
- isPolicyRefreshed = false;
- policy2 = null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/test/resources/policyengine/test_policyengine_hbase.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/resources/policyengine/test_policyengine_hbase.json b/plugin-common/src/test/resources/policyengine/test_policyengine_hbase.json
deleted file mode 100644
index 35768cb..0000000
--- a/plugin-common/src/test/resources/policyengine/test_policyengine_hbase.json
+++ /dev/null
@@ -1,159 +0,0 @@
-{
- "serviceName":"hbasedev",
-
- "serviceDef":{
- "name":"hbase",
- "id":2,
- "resources":[
- {"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"},
- {"name":"column-family","level":2,"table":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-Family","description":"HBase Column-Family"},
- {"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"}
- ],
- "accessTypes":[
- {"name":"read","label":"Read"},
- {"name":"write","label":"Write"},
- {"name":"create","label":"Create"},
- {"name":"admin","label":"Admin","impliedGrants":["read","write","create"]}
- ]
- },
-
- "policies":[
- {"id":1,"name":"table=finance; column-family=restricted*: audit-all-access","isEnabled":true,"isAuditEnabled":true,
- "resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}},
- "policyItems":[
- {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
- ]
- }
- ,
- {"id":2,"name":"table=finance; column-family=restricted*","isEnabled":true,"isAuditEnabled":true,
- "resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}},
- "policyItems":[
- {"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false}
- ,
- {"accesses":[{"type":"admin","isAllowed":true}],"users":[],"groups":["finance-admin"],"delegateAdmin":true}
- ]
- }
- ,
- {"id":3,"name":"table=*; column-family=<excluding>restricted*","isEnabled":true,"isAuditEnabled":false,
- "resources":{"table":{"values":["*"]},"column-family":{"values":["restricted*"],"isExcludes":true}},
- "policyItems":[
- {"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false}
- ]
- }
- ],
-
- "tests":[
- {"name":"ALLOW 'scan finance restricted-cf;' for finance",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
- "accessType":"read","user":"user1","userGroups":["users","finance"],"requestData":"scan finance restricted-cf"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"ALLOW 'put finance restricted-cf;' for finance",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
- "accessType":"write","user":"user1","userGroups":["users","finance"],"requestData":"put finance restricted-cf"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"DENY 'create finance restricted-cf;' for finance",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
- "accessType":"create","user":"user1","userGroups":["users","finance"],"requestData":"create finance restricted-cf"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'grant finance restricted-cf;' for finance",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
- "accessType":"admin","user":"user1","userGroups":["users","finance"],"requestData":"grant finance restricted-cf"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'scan finance restricted-cf;' for user1",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
- "accessType":"read","user":"user1","userGroups":["users"],"requestData":"scan finance restricted-cf"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'put finance restricted-cf;' for user1",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
- "accessType":"write","user":"user1","userGroups":["users"],"requestData":"put finance restricted-cf"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'create finance restricted-cf;' for user1",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
- "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create finance restricted-cf"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'grant finance restricted-cf;' for user1",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
- "accessType":"admin","user":"user1","userGroups":["users"],"requestData":"grant finance restricted-cf"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"ALLOW 'scan finance restricted-cf;' for finance-admin",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
- "accessType":"read","user":"user1","userGroups":["users","finance-admin"],"requestData":"scan finance restricted-cf"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"ALLOW 'put finance restricted-cf;' for finance-admin",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
- "accessType":"write","user":"user1","userGroups":["users","finance-admin"],"requestData":"put finance restricted-cf"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"ALLOW 'create finance restricted-cf;' for finance-admin",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
- "accessType":"create","user":"user1","userGroups":["users","finance-admin"],"requestData":"create finance restricted-cf"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"ALLOW 'grant finance restricted-cf;' for finance-admin",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
- "accessType":"admin","user":"user1","userGroups":["users","finance-admin"],"requestData":"grant finance restricted-cf"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"ALLOW 'scan finance regular-cf;' for user1",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"regular-cf"}},
- "accessType":"read","user":"user1","userGroups":["users"],"requestData":"scan finance regular-cf"
- },
- "result":{"isAudited":false,"isAllowed":true,"policyId":3}
- }
- ,
- {"name":"DENY 'put finance regular-cf;' for user1",
- "request":{
- "resource":{"elements":{"table":"finance","column-family":"regular-cf"}},
- "accessType":"write","user":"user1","userGroups":["users"],"requestData":"put finance regular-cf"
- },
- "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
- }
- ]
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/test/resources/policyengine/test_policyengine_hdfs.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/resources/policyengine/test_policyengine_hdfs.json b/plugin-common/src/test/resources/policyengine/test_policyengine_hdfs.json
deleted file mode 100644
index 943fe80..0000000
--- a/plugin-common/src/test/resources/policyengine/test_policyengine_hdfs.json
+++ /dev/null
@@ -1,156 +0,0 @@
-{
- "serviceName":"hdfsdev",
-
- "serviceDef":{
- "name":"hdfs",
- "id":1,
- "resources":[
- {"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Resource Path","description":"HDFS file or directory path"}
- ],
- "accessTypes":[
- {"name":"read","label":"Read"},
- {"name":"write","label":"Write"},
- {"name":"execute","label":"Execute"}
- ]
- },
-
- "policies":[
- {"id":1,"name":"audit-all-access under /finance/restricted/","isEnabled":true,"isAuditEnabled":true,
- "resources":{"path":{"values":["/finance/restricted/"],"isRecursive":true}},
- "policyItems":[
- {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
- ]
- }
- ,
- {"id":2,"name":"allow-read-to-all under /public/","isEnabled":true,"isAuditEnabled":false,
- "resources":{"path":{"values":["/public/"],"isRecursive":true}},
- "policyItems":[
- {"accesses":[{"type":"read","isAllowed":true},{"type":"execute","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false}
- ]
- }
- ,
- {"id":3,"name":"allow-read-to-finance under /finance/restricted","isEnabled":true,"isAuditEnabled":true,
- "resources":{"path":{"values":["/finance/restricted"],"isRecursive":true}},
- "policyItems":[
- {"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false}
- ]
- }
- ],
-
- "tests":[
- {"name":"ALLOW 'read /finance/restricted/sales.db' for g=finance",
- "request":{
- "resource":{"elements":{"path":"/finance/restricted/sales.db"}},
- "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/sales.db"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":3}
- }
- ,
- {"name":"ALLOW 'read /finance/restricted/hr/payroll.db' for g=finance",
- "request":{
- "resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
- "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/hr/payroll.db"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":3}
- }
- ,
- {"name":"DENY 'read /operations/visitors.db' for g=finance",
- "request":{
- "resource":{"elements":{"path":"/operations/visitors.db"}},
- "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /operations/visitors.db"
- },
- "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"ALLOW 'read /public/technology/blogs.db' for g=finance",
- "request":{
- "resource":{"elements":{"path":"/public/technology/blogs.db"}},
- "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /public/technology/blogs.db"
- },
- "result":{"isAudited":false,"isAllowed":true,"policyId":2}
- }
- ,
-
- {"name":"DENY 'read /finance/restricted/sales.db' for g=hr",
- "request":{
- "resource":{"elements":{"path":"/finance/restricted/sales.db"}},
- "accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /finance/restricted/sales.db"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"FALSE 'read /finance/restricted/hr/payroll.db' for g=hr",
- "request":{
- "resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
- "accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /finance/restricted/hr/payroll.db"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'read /operations/visitors.db' for g=hr",
- "request":{
- "resource":{"elements":{"path":"/operations/visitors.db"}},
- "accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /operations/visitors.db"
- },
- "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"ALLOW 'read /public/technology/blogs.db' for g=hr",
- "request":{
- "resource":{"elements":{"path":"/public/technology/blogs.db"}},
- "accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /public/technology/blogs.db"
- },
- "result":{"isAudited":false,"isAllowed":true,"policyId":2}
- }
- ,
-
- {"name":"DENY 'read /finance/restricted/sales.db' for u=user1",
- "request":{
- "resource":{"elements":{"path":"/finance/restricted/sales.db"}},
- "accessType":"read","user":"user1","userGroups":[],"requestData":"read /finance/restricted/sales.db"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'read /finance/restricted/hr/payroll.db' for u=user1",
- "request":{
- "resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
- "accessType":"read","user":"user1","userGroups":[],"requestData":"read /finance/restricted/hr/payroll.db"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'read /operations/visitors.db' for u=user1",
- "request":{
- "resource":{"elements":{"path":"/operations/visitors.db"}},
- "accessType":"read","user":"user1","userGroups":[],"requestData":"read /operations/visitors.db"
- },
- "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"ALLOW 'read /public/technology/blogs.db' for u=user1",
- "request":{
- "resource":{"elements":{"path":"/public/technology/blogs.db"}},
- "accessType":"read","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
- },
- "result":{"isAudited":false,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"ALLOW 'read /public/technology' for u=user1",
- "request":{
- "resource":{"elements":{"path":"/public/technology/blogs.db"}},
- "accessType":"read","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
- },
- "result":{"isAudited":false,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"ALLOW 'read /public/technology' for u=user1",
- "request":{
- "resource":{"elements":{"path":"/public/technology/blogs.db"}},
- "accessType":"execute","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
- },
- "result":{"isAudited":false,"isAllowed":true,"policyId":2}
- }
- ]
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json b/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json
deleted file mode 100644
index 2ac90ae..0000000
--- a/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json
+++ /dev/null
@@ -1,261 +0,0 @@
-{
- "serviceName":"hivedev",
-
- "serviceDef":{
- "name":"hive",
- "id":3,
- "resources":[
- {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"},
- {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"},
- {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"},
- {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"}
- ],
- "accessTypes":[
- {"name":"select","label":"Select"},
- {"name":"update","label":"Update"},
- {"name":"create","label":"Create"},
- {"name":"drop","label":"Drop"},
- {"name":"alter","label":"Alter"},
- {"name":"index","label":"Index"},
- {"name":"lock","label":"Lock"},
- {"name":"all","label":"All"}
- ]
- },
-
- "policies":[
- {"id":1,"name":"db=default: audit-all-access","isEnabled":true,"isAuditEnabled":true,
- "resources":{"database":{"values":["default"]},"table":{"values":["*"]},"column":{"values":["*"]}},
- "policyItems":[
- {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
- ]
- }
- ,
- {"id":2,"name":"db=default; table=test*; column=*","isEnabled":true,"isAuditEnabled":true,
- "resources":{"database":{"values":["default"]},"table":{"values":["test*"]},"column":{"values":["*"]}},
- "policyItems":[
- {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false}
- ,
- {"accesses":[{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true}],"users":["admin"],"groups":["admin"],"delegateAdmin":true}
- ]
- }
- ],
-
- "tests":[
- {"name":"ALLOW 'use default;' for user1",
- "request":{
- "resource":{"elements":{"database":"default"}},
- "accessType":"","user":"user1","userGroups":["users"],"requestData":"use default"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"ALLOW 'use default;' for user2",
- "request":{
- "resource":{"elements":{"database":"default"}},
- "accessType":"","user":"user2","userGroups":["users"],"requestData":"use default"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"DENY 'use default;' to user3",
- "request":{
- "resource":{"elements":{"database":"default"}},
- "accessType":"","user":"user3","userGroups":["users"],"requestData":"use default"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"ALLOW 'use default;' to group1",
- "request":{
- "resource":{"elements":{"database":"default"}},
- "accessType":"","user":"user3","userGroups":["users", "group1"],"requestData":"use default"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"ALLOW 'use default;' to group2",
- "request":{
- "resource":{"elements":{"database":"default"}},
- "accessType":"","user":"user3","userGroups":["users", "group2"],"requestData":"use default"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"DENY 'use default;' to user3/group3",
- "request":{
- "resource":{"elements":{"database":"default"}},
- "accessType":"","user":"user3","userGroups":["users", "group3"],"requestData":"use default"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'use finance;' to user3/group3",
- "request":{
- "resource":{"elements":{"database":"finance"}},
- "accessType":"","user":"user1","userGroups":["users"],"requestData":"use finance"
- },
- "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"ALLOW 'select col1 from default.testtable;' to user1",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
- "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.testtable"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"ALLOW 'select col1 from default.testtable;' to user2",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
- "accessType":"select","user":"user2","userGroups":["users"],"requestData":"select col1 from default.testtable"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"DENY 'select col1 from default.testtable;' to user3",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
- "accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.testtable"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"ALLOW 'select col1 from default.testtable;' to group1",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
- "accessType":"select","user":"user3","userGroups":["users","group1"],"requestData":"select col1 from default.testtable"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"ALLOW 'select col1 from default.testtable;' to group2",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
- "accessType":"select","user":"user3","userGroups":["users","group2"],"requestData":"select col1 from default.testtable"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"DENY 'select col1 from default.testtable;' to user3/group3",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
- "accessType":"select","user":"user3","userGroups":["users","group3"],"requestData":"select col1 from default.testtable"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'select col1 from default.table1;' to user1",
- "request":{
- "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
- "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.table1"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'create table default.testtable1;' to user1",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'create table default.testtable1;' to user1/group1",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessType":"create","user":"user1","userGroups":["users","group1"],"requestData":"create table default.testtable1"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"ALLOW 'create table default.testtable1;' to admin",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessType":"create","user":"admin","userGroups":["users"],"requestData":"create table default.testtable1"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"ALLOW 'create table default.testtable1;' to user1/admin",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"DENY 'drop table default.testtable1;' to user1",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'drop table default.testtable1;' to user1/group1",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessType":"drop","user":"user1","userGroups":["users","group1"],"requestData":"drop table default.testtable1"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"ALLOW 'drop table default.testtable1;' to admin",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessType":"drop","user":"admin","userGroups":["users"],"requestData":"drop table default.testtable1"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"ALLOW 'drop table default.testtable1;' to user1/admin",
- "request":{
- "resource":{"elements":{"database":"default","table":"testtable1"}},
- "accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
- },
- "result":{"isAudited":true,"isAllowed":true,"policyId":2}
- }
- ,
- {"name":"DENY 'create table default.table1;' to user1",
- "request":{
- "resource":{"elements":{"database":"default","table":"table1"}},
- "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'create table default.table1;' to user1/admin",
- "request":{
- "resource":{"elements":{"database":"default","table":"table1"}},
- "accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'drop table default.table1;' to user1",
- "request":{
- "resource":{"elements":{"database":"default","table":"table1"}},
- "accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'drop table default.table1;' to user1/admin",
- "request":{
- "resource":{"elements":{"database":"default","table":"table1"}},
- "accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ,
- {"name":"DENY 'select col1 from default.table1;' to user3",
- "request":{
- "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
- "accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.table1"
- },
- "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
- }
- ]
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index d65e5b7..3df871d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -92,7 +92,6 @@
<module>ugsync</module>
<module>unixauthclient</module>
<module>unixauthservice</module>
- <module>plugin-common</module>
</modules>
<properties>
<javac.source.version>1.7</javac.source.version>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/security-admin/.gitignore
----------------------------------------------------------------------
diff --git a/security-admin/.gitignore b/security-admin/.gitignore
index de3a426..798e8dd 100644
--- a/security-admin/.gitignore
+++ b/security-admin/.gitignore
@@ -1,3 +1,4 @@
/target/
/bin/
/bin/
+/target
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/security-admin/.settings/org.eclipse.wst.common.component
----------------------------------------------------------------------
diff --git a/security-admin/.settings/org.eclipse.wst.common.component b/security-admin/.settings/org.eclipse.wst.common.component
index 1e1ed7d..ab287e8 100644
--- a/security-admin/.settings/org.eclipse.wst.common.component
+++ b/security-admin/.settings/org.eclipse.wst.common.component
@@ -10,7 +10,7 @@
<dependent-module archiveName="unixauthclient-0.4.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/unixauthclient/unixauthclient">
<dependency-type>uses</dependency-type>
</dependent-module>
- <dependent-module archiveName="plugin-common-0.4.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/plugin-common/plugin-common">
+ <dependent-module archiveName="ranger-plugins-common-0.4.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/ranger-plugins-common/ranger-plugins-common">
<dependency-type>uses</dependency-type>
</dependent-module>
<dependent-module archiveName="ranger-plugins-audit-0.4.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/ranger-plugins-audit/ranger-plugins-audit">
@@ -19,9 +19,6 @@
<dependent-module archiveName="ranger-plugins-cred-0.4.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/ranger-plugins-cred/ranger-plugins-cred">
<dependency-type>uses</dependency-type>
</dependent-module>
- <dependent-module archiveName="ranger-plugins-common-0.4.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/ranger-plugins-common/ranger-plugins-common">
- <dependency-type>uses</dependency-type>
- </dependent-module>
<property name="context-root" value="security-admin-web"/>
<property name="java-output-path" value="/security-admin-web/target/classes"/>
<property name="component.exclusion.patterns" value="WEB-INF/lib/spring-*.SEC03.jar,WEB-INF/lib/spring-*.RC3.jar,WEB-INF/lib/spring-2.*.jar"/>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/security-admin/pom.xml
----------------------------------------------------------------------
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
index 5badc65..2bf7a71 100644
--- a/security-admin/pom.xml
+++ b/security-admin/pom.xml
@@ -401,6 +401,11 @@
<artifactId>unixauthclient</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>security_plugins.ranger-plugins-common</groupId>
+ <artifactId>ranger-plugins-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
@@ -412,18 +417,6 @@
<version>${hive.version}</version>
<scope>runtime</scope>
</dependency>
- <!--
- <dependency>
- <groupId>org.apache.ranger</groupId>
- <artifactId>plugin-common</artifactId>
- <version>0.4.0</version>
- </dependency>
- -->
- <dependency>
- <groupId>org.apache.ranger</groupId>
- <artifactId>plugin-common</artifactId>
- <version>${project.version}</version>
- </dependency>
</dependencies>
<build>
<pluginManagement>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/storm-agent/.gitignore
----------------------------------------------------------------------
diff --git a/storm-agent/.gitignore b/storm-agent/.gitignore
index de3a426..798e8dd 100644
--- a/storm-agent/.gitignore
+++ b/storm-agent/.gitignore
@@ -1,3 +1,4 @@
/target/
/bin/
/bin/
+/target
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/unixauthclient/.gitignore
----------------------------------------------------------------------
diff --git a/unixauthclient/.gitignore b/unixauthclient/.gitignore
index 0f63015..20e1ada 100644
--- a/unixauthclient/.gitignore
+++ b/unixauthclient/.gitignore
@@ -1,2 +1,3 @@
/target/
/bin/
+/target
[4/8] incubator-ranger git commit: RANGER-203: moved
pluggable-service-model implementation from plugin-common to exiting project
ranger-plugin-common
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
deleted file mode 100644
index 78ba6e2..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
+++ /dev/null
@@ -1,686 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.model;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-
-import org.codehaus.jackson.annotate.JsonAutoDetect;
-import org.codehaus.jackson.annotate.JsonIgnoreProperties;
-import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
-import org.codehaus.jackson.map.annotate.JsonSerialize;
-
-
-@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
-@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
-@JsonIgnoreProperties(ignoreUnknown=true)
-@XmlRootElement
-@XmlAccessorType(XmlAccessType.FIELD)
-public class RangerPolicy extends RangerBaseModelObject implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private String service = null;
- private String name = null;
- private String description = null;
- private Boolean isAuditEnabled = null;
- private Map<String, RangerPolicyResource> resources = null;
- private List<RangerPolicyItem> policyItems = null;
-
-
- /**
- * @param type
- */
- public RangerPolicy() {
- this(null, null, null, null, null);
- }
-
- /**
- * @param type
- * @param name
- * @param description
- * @param resources
- * @param policyItems
- */
- public RangerPolicy(String service, String name, String description, Map<String, RangerPolicyResource> resources, List<RangerPolicyItem> policyItems) {
- super();
-
- setService(service);
- setName(name);
- setDescription(description);
- setIsAuditEnabled(null);
- setResources(resources);
- setPolicyItems(policyItems);
- }
-
- /**
- * @param other
- */
- public void updateFrom(RangerPolicy other) {
- super.updateFrom(other);
-
- setService(other.getService());
- setName(other.getName());
- setDescription(other.getDescription());
- setIsAuditEnabled(other.getIsAuditEnabled());
- setResources(other.getResources());
- setPolicyItems(other.getPolicyItems());
- }
-
- /**
- * @return the type
- */
- public String getService() {
- return service;
- }
-
- /**
- * @param type the type to set
- */
- public void setService(String service) {
- this.service = service;
- }
-
- /**
- * @return the name
- */
- public String getName() {
- return name;
- }
-
- /**
- * @param name the name to set
- */
- public void setName(String name) {
- this.name = name;
- }
-
- /**
- * @return the description
- */
- public String getDescription() {
- return description;
- }
-
- /**
- * @param description the description to set
- */
- public void setDescription(String description) {
- this.description = description;
- }
-
- /**
- * @return the isAuditEnabled
- */
- public Boolean getIsAuditEnabled() {
- return isAuditEnabled;
- }
-
- /**
- * @param isEnabled the isEnabled to set
- */
- public void setIsAuditEnabled(Boolean isAuditEnabled) {
- this.isAuditEnabled = isAuditEnabled == null ? Boolean.TRUE : isAuditEnabled;
- }
-
- /**
- * @return the resources
- */
- public Map<String, RangerPolicyResource> getResources() {
- return resources;
- }
-
- /**
- * @param configs the resources to set
- */
- public void setResources(Map<String, RangerPolicyResource> resources) {
- if(this.resources == null) {
- this.resources = new HashMap<String, RangerPolicyResource>();
- }
-
- if(this.resources == resources) {
- return;
- }
-
- this.resources.clear();
-
- if(resources != null) {
- for(Map.Entry<String, RangerPolicyResource> e : resources.entrySet()) {
- this.resources.put(e.getKey(), e.getValue());
- }
- }
- }
-
- /**
- * @return the policyItems
- */
- public List<RangerPolicyItem> getPolicyItems() {
- return policyItems;
- }
-
- /**
- * @param policyItems the policyItems to set
- */
- public void setPolicyItems(List<RangerPolicyItem> policyItems) {
- if(this.policyItems == null) {
- this.policyItems = new ArrayList<RangerPolicyItem>();
- }
-
- if(this.policyItems == policyItems) {
- return;
- }
-
- this.policyItems.clear();
-
- if(policyItems != null) {
- for(RangerPolicyItem policyItem : policyItems) {
- this.policyItems.add(policyItem);
- }
- }
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerPolicy={");
-
- super.toString(sb);
-
- sb.append("service={").append(service).append("} ");
- sb.append("name={").append(name).append("} ");
- sb.append("description={").append(description).append("} ");
- sb.append("isAuditEnabled={").append(isAuditEnabled).append("} ");
-
- sb.append("resources={");
- if(resources != null) {
- for(Map.Entry<String, RangerPolicyResource> e : resources.entrySet()) {
- sb.append(e.getKey()).append("={");
- e.getValue().toString(sb);
- sb.append("} ");
- }
- }
- sb.append("} ");
-
- sb.append("policyItems={");
- if(policyItems != null) {
- for(RangerPolicyItem policyItem : policyItems) {
- if(policyItem != null) {
- policyItem.toString(sb);
- }
- }
- }
- sb.append("} ");
-
- sb.append("}");
-
- return sb;
- }
-
-
- public static class RangerPolicyResource implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private List<String> values = null;
- private Boolean isExcludes = null;
- private Boolean isRecursive = null;
-
-
- public RangerPolicyResource() {
- this((List<String>)null, null, null);
- }
-
- public RangerPolicyResource(String value, Boolean isExcludes, Boolean isRecursive) {
- setValue(value);
- setIsExcludes(isExcludes);
- setIsRecursive(isRecursive);
- }
-
- public RangerPolicyResource(List<String> values, Boolean isExcludes, Boolean isRecursive) {
- setValues(values);
- setIsExcludes(isExcludes);
- setIsRecursive(isRecursive);
- }
-
- /**
- * @return the values
- */
- public List<String> getValues() {
- return values;
- }
-
- /**
- * @param values the values to set
- */
- public void setValues(List<String> values) {
- if(this.values == null) {
- this.values = new ArrayList<String>();
- }
-
- if(this.values == values) {
- return;
- }
-
- this.values.clear();
-
- if(values != null) {
- for(String value : values) {
- this.values.add(value);
- }
- }
- }
-
- /**
- * @param value the value to set
- */
- public void setValue(String value) {
- if(this.values == null) {
- this.values = new ArrayList<String>();
- }
-
- this.values.clear();
-
- this.values.add(value);
- }
-
- /**
- * @return the isExcludes
- */
- public Boolean getIsExcludes() {
- return isExcludes;
- }
-
- /**
- * @param isExcludes the isExcludes to set
- */
- public void setIsExcludes(Boolean isExcludes) {
- this.isExcludes = isExcludes == null ? Boolean.FALSE : isExcludes;
- }
-
- /**
- * @return the isRecursive
- */
- public Boolean getIsRecursive() {
- return isRecursive;
- }
-
- /**
- * @param isRecursive the isRecursive to set
- */
- public void setIsRecursive(Boolean isRecursive) {
- this.isRecursive = isRecursive == null ? Boolean.FALSE : isRecursive;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerPolicyResource={");
- sb.append("values={");
- if(values != null) {
- for(String value : values) {
- sb.append(value).append(" ");
- }
- }
- sb.append("} ");
- sb.append("isExcludes={").append(isExcludes).append("} ");
- sb.append("isRecursive={").append(isRecursive).append("} ");
- sb.append("}");
-
- return sb;
- }
- }
-
- public static class RangerPolicyItem implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private List<RangerPolicyItemAccess> accesses = null;
- private List<String> users = null;
- private List<String> groups = null;
- private List<RangerPolicyItemCondition> conditions = null;
- private Boolean delegateAdmin = null;
-
- public RangerPolicyItem() {
- this(null, null, null, null, null);
- }
-
- public RangerPolicyItem(List<RangerPolicyItemAccess> accessTypes, List<String> users, List<String> groups, List<RangerPolicyItemCondition> conditions, Boolean delegateAdmin) {
- setAccesses(accessTypes);
- setUsers(users);
- setGroups(groups);
- setConditions(conditions);
- setDelegateAdmin(delegateAdmin);
- }
-
- /**
- * @return the accesses
- */
- public List<RangerPolicyItemAccess> getAccesses() {
- return accesses;
- }
- /**
- * @param accesses the accesses to set
- */
- public void setAccesses(List<RangerPolicyItemAccess> accesses) {
- if(this.accesses == null) {
- this.accesses = new ArrayList<RangerPolicyItemAccess>();
- }
-
- if(this.accesses == accesses) {
- return;
- }
-
- if(accesses != null) {
- for(RangerPolicyItemAccess access : accesses) {
- this.accesses.add(access);
- }
- }
- }
- /**
- * @return the users
- */
- public List<String> getUsers() {
- return users;
- }
- /**
- * @param users the users to set
- */
- public void setUsers(List<String> users) {
- if(this.users == null) {
- this.users = new ArrayList<String>();
- }
-
- if(this.users == users) {
- return;
- }
-
- if(users != null) {
- for(String user : users) {
- this.users.add(user);
- }
- }
- }
- /**
- * @return the groups
- */
- public List<String> getGroups() {
- return groups;
- }
- /**
- * @param groups the groups to set
- */
- public void setGroups(List<String> groups) {
- if(this.groups == null) {
- this.groups = new ArrayList<String>();
- }
-
- if(this.groups == groups) {
- return;
- }
-
- if(groups != null) {
- for(String group : groups) {
- this.groups.add(group);
- }
- }
- }
- /**
- * @return the conditions
- */
- public List<RangerPolicyItemCondition> getConditions() {
- return conditions;
- }
- /**
- * @param conditions the conditions to set
- */
- public void setConditions(List<RangerPolicyItemCondition> conditions) {
- if(this.conditions == null) {
- this.conditions = new ArrayList<RangerPolicyItemCondition>();
- }
-
- if(this.conditions == conditions) {
- return;
- }
-
- if(conditions != null) {
- for(RangerPolicyItemCondition condition : conditions) {
- this.conditions.add(condition);
- }
- }
- }
-
- /**
- * @return the delegateAdmin
- */
- public Boolean getDelegateAdmin() {
- return delegateAdmin;
- }
-
- /**
- * @param delegateAdmin the delegateAdmin to set
- */
- public void setDelegateAdmin(Boolean delegateAdmin) {
- this.delegateAdmin = delegateAdmin == null ? Boolean.FALSE : delegateAdmin;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerPolicyItem={");
-
- sb.append("accessTypes={");
- if(accesses != null) {
- for(RangerPolicyItemAccess access : accesses) {
- if(access != null) {
- access.toString(sb);
- }
- }
- }
- sb.append("} ");
-
- sb.append("users={");
- if(users != null) {
- for(String user : users) {
- if(user != null) {
- sb.append(user).append(" ");
- }
- }
- }
- sb.append("} ");
-
- sb.append("groups={");
- if(groups != null) {
- for(String group : groups) {
- if(group != null) {
- sb.append(group).append(" ");
- }
- }
- }
- sb.append("} ");
-
- sb.append("conditions={");
- if(conditions != null) {
- for(RangerPolicyItemCondition condition : conditions) {
- if(condition != null) {
- condition.toString(sb);
- }
- }
- }
- sb.append("} ");
-
- sb.append("delegateAdmin={").append(delegateAdmin).append("} ");
- sb.append("}");
-
- return sb;
- }
- }
-
- public static class RangerPolicyItemAccess implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private String type = null;
- private Boolean isAllowed = null;
-
- public RangerPolicyItemAccess() {
- this(null, null);
- }
-
- public RangerPolicyItemAccess(String type) {
- this(type, null);
- }
-
- public RangerPolicyItemAccess(String type, Boolean isAllowed) {
- setType(type);
- setIsAllowed(isAllowed);
- }
-
- /**
- * @return the type
- */
- public String getType() {
- return type;
- }
-
- /**
- * @param type the type to set
- */
- public void setType(String type) {
- this.type = type;
- }
-
- /**
- * @return the isAllowed
- */
- public Boolean getIsAllowed() {
- return isAllowed;
- }
-
- /**
- * @param isAllowed the isAllowed to set
- */
- public void setIsAllowed(Boolean isAllowed) {
- this.isAllowed = isAllowed == null ? Boolean.TRUE : isAllowed;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerPolicyItemAccess={");
- sb.append("type={").append(type).append("} ");
- sb.append("isAllowed={").append(isAllowed).append("} ");
- sb.append("}");
-
- return sb;
- }
- }
-
- public static class RangerPolicyItemCondition implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private String type = null;
- private String value = null;
-
- public RangerPolicyItemCondition() {
- this(null, null);
- }
-
- public RangerPolicyItemCondition(String type, String value) {
- setType(type);
- setValue(value);
- }
-
- /**
- * @return the type
- */
- public String getType() {
- return type;
- }
-
- /**
- * @param type the type to set
- */
- public void setType(String type) {
- this.type = type;
- }
-
- /**
- * @return the value
- */
- public String getValue() {
- return value;
- }
-
- /**
- * @param value the value to set
- */
- public void setValue(String value) {
- this.value = value;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerPolicyItemCondition={");
- sb.append("type={").append(type).append("} ");
- sb.append("value={").append(value).append("} ");
- sb.append("}");
-
- return sb;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
deleted file mode 100644
index f5e4d3e..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.model;
-
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-
-import org.codehaus.jackson.annotate.JsonAutoDetect;
-import org.codehaus.jackson.annotate.JsonIgnoreProperties;
-import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
-import org.codehaus.jackson.map.annotate.JsonSerialize;
-
-
-@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
-@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
-@JsonIgnoreProperties(ignoreUnknown=true)
-@XmlRootElement
-@XmlAccessorType(XmlAccessType.FIELD)
-public class RangerService extends RangerBaseModelObject implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private String type = null;
- private String name = null;
- private String description = null;
- private Map<String, String> configs = null;
- private Long policyVersion = null;
- private Date policyUpdateTime = null;
-
-
- /**
- * @param type
- */
- public RangerService() {
- this(null, null, null, null);
- }
-
- /**
- * @param type
- * @param name
- * @param description
- * @param configs
- */
- public RangerService(String type, String name, String description, Map<String, String> configs) {
- super();
-
- setType(type);
- setName(name);
- setDescription(description);
- setConfigs(configs);
- }
-
- /**
- * @param other
- */
- public void updateFrom(RangerService other) {
- super.updateFrom(other);
-
- setType(other.getType());
- setName(other.getName());
- setDescription(other.getDescription());
- setConfigs(other.getConfigs());
- }
-
- /**
- * @return the type
- */
- public String getType() {
- return type;
- }
-
- /**
- * @param type the type to set
- */
- public void setType(String type) {
- this.type = type;
- }
-
- /**
- * @return the name
- */
- public String getName() {
- return name;
- }
-
- /**
- * @param name the name to set
- */
- public void setName(String name) {
- this.name = name;
- }
-
- /**
- * @return the description
- */
- public String getDescription() {
- return description;
- }
-
- /**
- * @param description the description to set
- */
- public void setDescription(String description) {
- this.description = description;
- }
-
- /**
- * @return the configs
- */
- public Map<String, String> getConfigs() {
- return configs;
- }
-
- /**
- * @param configs the configs to set
- */
- public void setConfigs(Map<String, String> configs) {
- if(this.configs == null) {
- this.configs = new HashMap<String, String>();
- }
-
- if(this.configs == configs) {
- return;
- }
-
- this.configs.clear();
-
- if(configs != null) {
- for(Map.Entry<String, String> e : configs.entrySet()) {
- this.configs.put(e.getKey(), e.getValue());
- }
- }
- }
-
- /**
- * @return the policyVersion
- */
- public Long getPolicyVersion() {
- return policyVersion;
- }
-
- /**
- * @param policyVersion the policyVersion to set
- */
- public void setPolicyVersion(Long policyVersion) {
- this.policyVersion = policyVersion;
- }
-
- /**
- * @return the policyUpdateTime
- */
- public Date getPolicyUpdateTime() {
- return policyUpdateTime;
- }
-
- /**
- * @param policyUpdateTime the policyUpdateTime to set
- */
- public void setPolicyUpdateTime(Date policyUpdateTime) {
- this.policyUpdateTime = policyUpdateTime;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerService={");
-
- super.toString(sb);
- sb.append("name={").append(name).append("} ");
- sb.append("type={").append(type).append("} ");
- sb.append("description={").append(description).append("} ");
-
- sb.append("configs={");
- if(configs != null) {
- for(Map.Entry<String, String> e : configs.entrySet()) {
- sb.append(e.getKey()).append("={").append(e.getValue()).append("} ");
- }
- }
- sb.append("} ");
-
- sb.append("policyVersion={").append(policyVersion).append("} ");
- sb.append("policyUpdateTime={").append(policyUpdateTime).append("} ");
-
- sb.append("}");
-
- return sb;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
deleted file mode 100644
index 2841a23..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
+++ /dev/null
@@ -1,1320 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.model;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-
-import org.codehaus.jackson.annotate.JsonAutoDetect;
-import org.codehaus.jackson.annotate.JsonIgnoreProperties;
-import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
-import org.codehaus.jackson.map.annotate.JsonSerialize;
-
-
-@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
-@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
-@JsonIgnoreProperties(ignoreUnknown=true)
-@XmlRootElement
-@XmlAccessorType(XmlAccessType.FIELD)
-public class RangerServiceDef extends RangerBaseModelObject implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private String name = null;
- private String implClass = null;
- private String label = null;
- private String description = null;
- private String rbKeyLabel = null;
- private String rbKeyDescription = null;
- private List<RangerServiceConfigDef> configs = null;
- private List<RangerResourceDef> resources = null;
- private List<RangerAccessTypeDef> accessTypes = null;
- private List<RangerPolicyConditionDef> policyConditions = null;
- private List<RangerEnumDef> enums = null;
-
-
- public RangerServiceDef() {
- this(null, null, null, null, null, null, null, null, null);
- }
-
- /**
- * @param name
- * @param implClass
- * @param label
- * @param description
- * @param configs
- * @param resources
- * @param accessTypes
- * @param policyConditions
- * @param enums
- */
- public RangerServiceDef(String name, String implClass, String label, String description, List<RangerServiceConfigDef> configs, List<RangerResourceDef> resources, List<RangerAccessTypeDef> accessTypes, List<RangerPolicyConditionDef> policyConditions, List<RangerEnumDef> enums) {
- super();
-
- setName(name);
- setImplClass(implClass);
- setLabel(label);
- setDescription(description);
- setConfigs(configs);
- setResources(resources);
- setAccessTypes(accessTypes);
- setPolicyConditions(policyConditions);
- setEnums(enums);
- }
-
- /**
- * @param other
- */
- public void updateFrom(RangerServiceDef other) {
- super.updateFrom(other);
-
- setName(other.getName());
- setImplClass(other.getImplClass());
- setLabel(other.getLabel());
- setDescription(other.getDescription());
- setConfigs(other.getConfigs());
- setResources(other.getResources());
- setAccessTypes(other.getAccessTypes());
- setPolicyConditions(other.getPolicyConditions());
- setEnums(other.getEnums());
- }
-
- /**
- * @return the name
- */
- public String getName() {
- return name;
- }
-
- /**
- * @param name the name to set
- */
- public void setName(String name) {
- this.name = name;
- }
-
- /**
- * @return the implClass
- */
- public String getImplClass() {
- return implClass;
- }
-
- /**
- * @param implClass the implClass to set
- */
- public void setImplClass(String implClass) {
- this.implClass = implClass;
- }
-
- /**
- * @return the label
- */
- public String getLabel() {
- return label;
- }
-
- /**
- * @param label the label to set
- */
- public void setLabel(String label) {
- this.label = label;
- }
-
- /**
- * @return the description
- */
- public String getDescription() {
- return description;
- }
-
- /**
- * @param description the description to set
- */
- public void setDescription(String description) {
- this.description = description;
- }
-
- /**
- * @return the rbKeyLabel
- */
- public String getRbKeyLabel() {
- return rbKeyLabel;
- }
-
- /**
- * @param rbKeyLabel the rbKeyLabel to set
- */
- public void setRbKeyLabel(String rbKeyLabel) {
- this.rbKeyLabel = rbKeyLabel;
- }
-
- /**
- * @return the rbKeyDescription
- */
- public String getRbKeyDescription() {
- return rbKeyDescription;
- }
-
- /**
- * @param rbKeyDescription the rbKeyDescription to set
- */
- public void setRbKeyDescription(String rbKeyDescription) {
- this.rbKeyDescription = rbKeyDescription;
- }
-
- /**
- * @return the configs
- */
- public List<RangerServiceConfigDef> getConfigs() {
- return configs;
- }
-
- /**
- * @param configs the configs to set
- */
- public void setConfigs(List<RangerServiceConfigDef> configs) {
- if(this.configs == null) {
- this.configs = new ArrayList<RangerServiceConfigDef>();
- } else
-
- if(this.configs == configs) {
- return;
- }
-
- this.configs.clear();
-
- if(configs != null) {
- for(RangerServiceConfigDef config : configs) {
- this.configs.add(config);
- }
- }
- }
-
- /**
- * @return the resources
- */
- public List<RangerResourceDef> getResources() {
- return resources;
- }
-
- /**
- * @param resources the resources to set
- */
- public void setResources(List<RangerResourceDef> resources) {
- if(this.resources == null) {
- this.resources = new ArrayList<RangerResourceDef>();
- }
-
- if(this.resources == resources) {
- return;
- }
-
- this.resources.clear();
-
- if(resources != null) {
- for(RangerResourceDef resource : resources) {
- this.resources.add(resource);
- }
- }
- }
-
- /**
- * @return the accessTypes
- */
- public List<RangerAccessTypeDef> getAccessTypes() {
- return accessTypes;
- }
-
- /**
- * @param accessTypes the accessTypes to set
- */
- public void setAccessTypes(List<RangerAccessTypeDef> accessTypes) {
- if(this.accessTypes == null) {
- this.accessTypes = new ArrayList<RangerAccessTypeDef>();
- }
-
- if(this.accessTypes == accessTypes) {
- return;
- }
-
- this.accessTypes.clear();
-
- if(accessTypes != null) {
- for(RangerAccessTypeDef accessType : accessTypes) {
- this.accessTypes.add(accessType);
- }
- }
- }
-
- /**
- * @return the policyConditions
- */
- public List<RangerPolicyConditionDef> getPolicyConditions() {
- return policyConditions;
- }
-
- /**
- * @param policyConditions the policyConditions to set
- */
- public void setPolicyConditions(List<RangerPolicyConditionDef> policyConditions) {
- if(this.policyConditions == null) {
- this.policyConditions = new ArrayList<RangerPolicyConditionDef>();
- }
-
- if(this.policyConditions == policyConditions) {
- return;
- }
-
- this.policyConditions.clear();
-
- if(policyConditions != null) {
- for(RangerPolicyConditionDef policyCondition : policyConditions) {
- this.policyConditions.add(policyCondition);
- }
- }
- }
-
- /**
- * @return the enums
- */
- public List<RangerEnumDef> getEnums() {
- return enums;
- }
-
- /**
- * @param enums the enums to set
- */
- public void setEnums(List<RangerEnumDef> enums) {
- if(this.enums == null) {
- this.enums = new ArrayList<RangerEnumDef>();
- }
-
- if(this.enums == enums) {
- return;
- }
-
- this.enums.clear();
-
- if(enums != null) {
- for(RangerEnumDef enum1 : enums) {
- this.enums.add(enum1);
- }
- }
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerServiceDef={");
-
- super.toString(sb);
-
- sb.append("name={").append(name).append("} ");
- sb.append("implClass={").append(implClass).append("} ");
- sb.append("label={").append(label).append("} ");
- sb.append("description={").append(description).append("} ");
- sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
- sb.append("rbKeyDescription={").append(rbKeyDescription).append("} ");
-
- sb.append("configs={");
- if(configs != null) {
- for(RangerServiceConfigDef config : configs) {
- if(config != null) {
- config.toString(sb);
- }
- }
- }
- sb.append("} ");
-
- sb.append("resources={");
- if(resources != null) {
- for(RangerResourceDef resource : resources) {
- if(resource != null) {
- resource.toString(sb);
- }
- }
- }
- sb.append("} ");
-
- sb.append("accessTypes={");
- if(accessTypes != null) {
- for(RangerAccessTypeDef accessType : accessTypes) {
- if(accessType != null) {
- accessType.toString(sb);
- }
- }
- }
- sb.append("} ");
-
- sb.append("policyConditions={");
- if(policyConditions != null) {
- for(RangerPolicyConditionDef policyCondition : policyConditions) {
- if(policyCondition != null) {
- policyCondition.toString(sb);
- }
- }
- }
- sb.append("} ");
-
- sb.append("enums={");
- if(enums != null) {
- for(RangerEnumDef e : enums) {
- if(e != null) {
- e.toString(sb);
- }
- }
- }
- sb.append("} ");
-
- sb.append("}");
-
- return sb;
- }
-
-
- public static class RangerEnumDef implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private String name = null;
- private List<RangerEnumElementDef> elements = null;
- private Integer defaultIndex = null;
-
-
- public RangerEnumDef() {
- this(null, null, null);
- }
-
- public RangerEnumDef(String name, List<RangerEnumElementDef> elements, Integer defaultIndex) {
- setName(name);
- setElements(elements);
- setDefaultIndex(defaultIndex);
- }
-
- /**
- * @return the name
- */
- public String getName() {
- return name;
- }
-
- /**
- * @param name the name to set
- */
- public void setName(String name) {
- this.name = name;
- }
-
- /**
- * @return the elements
- */
- public List<RangerEnumElementDef> getElements() {
- return elements;
- }
-
- /**
- * @param elements the elements to set
- */
- public void setElements(List<RangerEnumElementDef> elements) {
- if(this.elements == null) {
- this.elements = new ArrayList<RangerEnumElementDef>();
- }
-
- if(this.elements == elements) {
- return;
- }
-
- this.elements.clear();
-
- if(elements != null) {
- for(RangerEnumElementDef element : elements) {
- this.elements.add(element);
- }
- }
- }
-
- /**
- * @return the defaultIndex
- */
- public Integer getDefaultIndex() {
- return defaultIndex;
- }
-
- /**
- * @param defaultIndex the defaultIndex to set
- */
- public void setDefaultIndex(Integer defaultIndex) {
- this.defaultIndex = (defaultIndex != null && this.elements.size() > defaultIndex) ? defaultIndex : 0;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerEnumDef={");
- sb.append("name={").append(name).append("} ");
- sb.append("elements={");
- if(elements != null) {
- for(RangerEnumElementDef element : elements) {
- if(element != null) {
- element.toString(sb);
- }
- }
- }
- sb.append("} ");
- sb.append("defaultIndex={").append(defaultIndex).append("} ");
- sb.append("}");
-
- return sb;
- }
- }
-
-
- public static class RangerEnumElementDef implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private String name = null;
- private String label = null;
- private String rbKeyLabel = null;
-
-
- public RangerEnumElementDef() {
- this(null, null, null);
- }
-
- public RangerEnumElementDef(String name, String label, String rbKeyLabel) {
- setName(name);
- setLabel(label);
- setRbKeyLabel(rbKeyLabel);
- }
-
- /**
- * @return the name
- */
- public String getName() {
- return name;
- }
-
- /**
- * @param name the name to set
- */
- public void setName(String name) {
- this.name = name;
- }
-
- /**
- * @return the label
- */
- public String getLabel() {
- return label;
- }
-
- /**
- * @param label the label to set
- */
- public void setLabel(String label) {
- this.label = label;
- }
-
- /**
- * @return the rbKeyLabel
- */
- public String getRbKeyLabel() {
- return rbKeyLabel;
- }
-
- /**
- * @param rbKeyLabel the rbKeyLabel to set
- */
- public void setRbKeyLabel(String rbKeyLabel) {
- this.rbKeyLabel = rbKeyLabel;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerEnumElementDef={");
- sb.append("name={").append(name).append("} ");
- sb.append("label={").append(label).append("} ");
- sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
- sb.append("}");
-
- return sb;
- }
- }
-
-
- public static class RangerServiceConfigDef implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private String name = null;
- private String type = null;
- private String subType = null;
- private Boolean mandatory = null;
- private String defaultValue = null;
- private String label = null;
- private String description = null;
- private String rbKeyLabel = null;
- private String rbKeyDescription = null;
-
-
- public RangerServiceConfigDef() {
- this(null, null, null, null, null, null, null, null, null);
- }
-
- public RangerServiceConfigDef(String name, String type, String subType, Boolean mandatory, String defaultValue, String label, String description, String rbKeyLabel, String rbKeyDescription) {
- setName(name);
- setType(type);
- setSubType(subType);
- setMandatory(mandatory);
- setDefaultValue(defaultValue);
- setLabel(label);
- setDescription(description);
- setRbKeyLabel(rbKeyLabel);
- setRbKeyDescription(rbKeyDescription);
- }
-
- /**
- * @return the name
- */
- public String getName() {
- return name;
- }
-
- /**
- * @param name the name to set
- */
- public void setName(String name) {
- this.name = name;
- }
-
- /**
- * @return the type
- */
- public String getType() {
- return type;
- }
-
- /**
- * @param type the type to set
- */
- public void setType(String type) {
- this.type = type;
- }
-
- /**
- * @return the type
- */
- public String getSubType() {
- return subType;
- }
-
- /**
- * @param type the type to set
- */
- public void setSubType(String subType) {
- this.subType = subType;
- }
-
- /**
- * @return the mandatory
- */
- public Boolean getMandatory() {
- return mandatory;
- }
-
- /**
- * @param mandatory the mandatory to set
- */
- public void setMandatory(Boolean mandatory) {
- this.mandatory = mandatory == null ? Boolean.FALSE : mandatory;
- }
-
- /**
- * @return the defaultValue
- */
- public String getDefaultValue() {
- return defaultValue;
- }
-
- /**
- * @param defaultValue the defaultValue to set
- */
- public void setDefaultValue(String defaultValue) {
- this.defaultValue = defaultValue;
- }
-
- /**
- * @return the label
- */
- public String getLabel() {
- return label;
- }
-
- /**
- * @param label the label to set
- */
- public void setLabel(String label) {
- this.label = label;
- }
-
- /**
- * @return the description
- */
- public String getDescription() {
- return description;
- }
-
- /**
- * @param description the description to set
- */
- public void setDescription(String description) {
- this.description = description;
- }
-
- /**
- * @return the rbKeyLabel
- */
- public String getRbKeyLabel() {
- return rbKeyLabel;
- }
-
- /**
- * @param rbKeyLabel the rbKeyLabel to set
- */
- public void setRbKeyLabel(String rbKeyLabel) {
- this.rbKeyLabel = rbKeyLabel;
- }
-
- /**
- * @return the rbKeyDescription
- */
- public String getRbKeyDescription() {
- return rbKeyDescription;
- }
-
- /**
- * @param rbKeyDescription the rbKeyDescription to set
- */
- public void setRbKeyDescription(String rbKeyDescription) {
- this.rbKeyDescription = rbKeyDescription;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerServiceConfigDef={");
- sb.append("name={").append(name).append("} ");
- sb.append("type={").append(type).append("} ");
- sb.append("subType={").append(subType).append("} ");
- sb.append("mandatory={").append(mandatory).append("} ");
- sb.append("defaultValue={").append(defaultValue).append("} ");
- sb.append("label={").append(label).append("} ");
- sb.append("description={").append(description).append("} ");
- sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
- sb.append("rbKeyDescription={").append(rbKeyDescription).append("} ");
- sb.append("}");
-
- return sb;
- }
- }
-
-
- public static class RangerResourceDef implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private String name = null;
- private String type = null;
- private Integer level = null;
- private String parent = null;
- private Boolean mandatory = null;
- private Boolean lookupSupported = null;
- private Boolean recursiveSupported = null;
- private Boolean excludesSupported = null;
- private String matcher = null;
- private String matcherOptions = null;
- private String label = null;
- private String description = null;
- private String rbKeyLabel = null;
- private String rbKeyDescription = null;
-
-
- public RangerResourceDef() {
- this(null, null, null, null, null, null, null, null, null, null, null, null, null, null);
- }
-
- public RangerResourceDef(String name, String type, Integer level, String parent, Boolean mandatory, Boolean lookupSupported, Boolean recursiveSupported, Boolean excludesSupported, String matcher, String matcherOptions, String label, String description, String rbKeyLabel, String rbKeyDescription) {
- setName(name);
- setType(type);
- setLevel(level);
- setParent(parent);
- setMandatory(mandatory);
- setLookupSupported(lookupSupported);
- setRecursiveSupported(recursiveSupported);
- setExcludesSupported(excludesSupported);
- setMatcher(matcher);
- setMatcher(matcherOptions);
- setLabel(label);
- setDescription(description);
- setRbKeyLabel(rbKeyLabel);
- setRbKeyDescription(rbKeyDescription);
- }
-
- /**
- * @return the name
- */
- public String getName() {
- return name;
- }
-
- /**
- * @param name the name to set
- */
- public void setName(String name) {
- this.name = name;
- }
-
- /**
- * @return the type
- */
- public String getType() {
- return type;
- }
-
- /**
- * @param type the type to set
- */
- public void setType(String type) {
- this.type = type;
- }
-
- /**
- * @return the level
- */
- public Integer getLevel() {
- return level;
- }
-
- /**
- * @param level the level to set
- */
- public void setLevel(Integer level) {
- this.level = level == null ? 1 : level;
- }
-
- /**
- * @return the parent
- */
- public String getParent() {
- return parent;
- }
-
- /**
- * @param parent the parent to set
- */
- public void setParent(String parent) {
- this.parent = parent;
- }
-
- /**
- * @return the mandatory
- */
- public Boolean getMandatory() {
- return mandatory;
- }
-
- /**
- * @param mandatory the mandatory to set
- */
- public void setMandatory(Boolean mandatory) {
- this.mandatory = mandatory == null ? Boolean.FALSE : mandatory;
- }
-
- /**
- * @return the lookupSupported
- */
- public Boolean getLookupSupported() {
- return lookupSupported;
- }
-
- /**
- * @param lookupSupported the lookupSupported to set
- */
- public void setLookupSupported(Boolean lookupSupported) {
- this.lookupSupported = lookupSupported == null ? Boolean.FALSE : lookupSupported;
- }
-
- /**
- * @return the recursiveSupported
- */
- public Boolean getRecursiveSupported() {
- return recursiveSupported;
- }
-
- /**
- * @param recursiveSupported the recursiveSupported to set
- */
- public void setRecursiveSupported(Boolean recursiveSupported) {
- this.recursiveSupported = recursiveSupported == null ? Boolean.FALSE : recursiveSupported;
- }
-
- /**
- * @return the excludesSupported
- */
- public Boolean getExcludesSupported() {
- return excludesSupported;
- }
-
- /**
- * @param excludesSupported the excludesSupported to set
- */
- public void setExcludesSupported(Boolean excludesSupported) {
- this.excludesSupported = excludesSupported == null ? Boolean.FALSE : excludesSupported;
- }
-
- /**
- * @return the matcher
- */
- public String getMatcher() {
- return matcher;
- }
-
- /**
- * @param matcher the matcher to set
- */
- public void setMatcher(String matcher) {
- this.matcher = matcher;
- }
-
- /**
- * @return the matcher
- */
- public String getMatcherOptions() {
- return matcherOptions;
- }
-
- /**
- * @param matcher the matcher to set
- */
- public void setMatcherOptions(String matcherOptions) {
- this.matcherOptions = matcherOptions;
- }
-
- /**
- * @return the label
- */
- public String getLabel() {
- return label;
- }
-
- /**
- * @param label the label to set
- */
- public void setLabel(String label) {
- this.label = label;
- }
-
- /**
- * @return the description
- */
- public String getDescription() {
- return description;
- }
-
- /**
- * @param description the description to set
- */
- public void setDescription(String description) {
- this.description = description;
- }
-
- /**
- * @return the rbKeyLabel
- */
- public String getRbKeyLabel() {
- return rbKeyLabel;
- }
-
- /**
- * @param rbKeyLabel the rbKeyLabel to set
- */
- public void setRbKeyLabel(String rbKeyLabel) {
- this.rbKeyLabel = rbKeyLabel;
- }
-
- /**
- * @return the rbKeyDescription
- */
- public String getRbKeyDescription() {
- return rbKeyDescription;
- }
-
- /**
- * @param rbKeyDescription the rbKeyDescription to set
- */
- public void setRbKeyDescription(String rbKeyDescription) {
- this.rbKeyDescription = rbKeyDescription;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerResourceDef={");
- sb.append("name={").append(name).append("} ");
- sb.append("type={").append(type).append("} ");
- sb.append("level={").append(level).append("} ");
- sb.append("parent={").append(parent).append("} ");
- sb.append("mandatory={").append(mandatory).append("} ");
- sb.append("lookupSupported={").append(lookupSupported).append("} ");
- sb.append("recursiveSupported={").append(recursiveSupported).append("} ");
- sb.append("excludesSupported={").append(excludesSupported).append("} ");
- sb.append("matcher={").append(matcher).append("} ");
- sb.append("matcherOptions={").append(matcherOptions).append("} ");
- sb.append("label={").append(label).append("} ");
- sb.append("description={").append(description).append("} ");
- sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
- sb.append("rbKeyDescription={").append(rbKeyDescription).append("} ");
- sb.append("}");
-
- return sb;
- }
- }
-
-
- public static class RangerAccessTypeDef implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private String name = null;
- private String label = null;
- private String rbKeyLabel = null;
- private Collection<String> impliedGrants = null;
-
-
- public RangerAccessTypeDef() {
- this(null, null, null, null);
- }
-
- public RangerAccessTypeDef(String name, String label, String rbKeyLabel, Collection<String> impliedGrants) {
- setName(name);
- setLabel(label);
- setRbKeyLabel(rbKeyLabel);
- setImpliedGrants(impliedGrants);
- }
-
- /**
- * @return the name
- */
- public String getName() {
- return name;
- }
-
- /**
- * @param name the name to set
- */
- public void setName(String name) {
- this.name = name;
- }
-
- /**
- * @return the label
- */
- public String getLabel() {
- return label;
- }
-
- /**
- * @param label the label to set
- */
- public void setLabel(String label) {
- this.label = label;
- }
-
- /**
- * @return the rbKeyLabel
- */
- public String getRbKeyLabel() {
- return rbKeyLabel;
- }
-
- /**
- * @param rbKeyLabel the rbKeyLabel to set
- */
- public void setRbKeyLabel(String rbKeyLabel) {
- this.rbKeyLabel = rbKeyLabel;
- }
-
- /**
- * @return the impliedGrants
- */
- public Collection<String> getImpliedGrants() {
- return impliedGrants;
- }
-
- /**
- * @param impliedGrants the impliedGrants to set
- */
- public void setImpliedGrants(Collection<String> impliedGrants) {
- if(this.impliedGrants == null) {
- this.impliedGrants = new ArrayList<String>();
- }
-
- if(this.impliedGrants == impliedGrants) {
- return;
- }
-
- this.impliedGrants.clear();
-
- if(impliedGrants != null) {
- for(String impliedGrant : impliedGrants) {
- this.impliedGrants.add(impliedGrant);
- }
- }
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerAccessTypeDef={");
- sb.append("name={").append(name).append("} ");
- sb.append("label={").append(label).append("} ");
- sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
-
- sb.append("impliedGrants={");
- if(impliedGrants != null) {
- for(String impliedGrant : impliedGrants) {
- if(impliedGrant != null) {
- sb.append(impliedGrant).append(" ");
- }
- }
- }
- sb.append("} ");
-
- sb.append("}");
-
- return sb;
- }
- }
-
-
- public static class RangerPolicyConditionDef implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private String name = null;
- private String evaluator = null;
- private String evaluatorOptions = null;
- private String label = null;
- private String description = null;
- private String rbKeyLabel = null;
- private String rbKeyDescription = null;
-
-
- public RangerPolicyConditionDef() {
- this(null, null, null, null, null, null, null);
- }
-
- public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions) {
- this(name, evaluator, evaluatorOptions, null, null, null, null);
- }
-
- public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String label) {
- this(name, evaluator, evaluatorOptions, label, null, null, null);
- }
-
- public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String label, String description) {
- this(name, evaluator, evaluatorOptions, label, description, null, null);
- }
-
- public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String label, String description, String rbKeyLabel, String rbKeyDescription) {
- setName(name);
- setEvaluator(evaluator);
- setEvaluatorOptions(evaluatorOptions);
- setLabel(label);
- setDescription(description);
- setRbKeyLabel(rbKeyLabel);
- setRbKeyDescription(rbKeyDescription);
- }
-
- /**
- * @return the name
- */
- public String getName() {
- return name;
- }
-
- /**
- * @param name the name to set
- */
- public void setName(String name) {
- this.name = name;
- }
-
- /**
- * @return the evaluator
- */
- public String getEvaluator() {
- return evaluator;
- }
-
- /**
- * @param evaluator the evaluator to set
- */
- public void setEvaluator(String evaluator) {
- this.evaluator = evaluator;
- }
-
- /**
- * @return the evaluator
- */
- public String getEvaluatorOptions() {
- return evaluatorOptions;
- }
-
- /**
- * @param evaluator the evaluator to set
- */
- public void setEvaluatorOptions(String evaluatorOptions) {
- this.evaluatorOptions = evaluatorOptions;
- }
-
- /**
- * @return the label
- */
- public String getLabel() {
- return label;
- }
-
- /**
- * @param label the label to set
- */
- public void setLabel(String label) {
- this.label = label;
- }
-
- /**
- * @return the description
- */
- public String getDescription() {
- return description;
- }
-
- /**
- * @param description the description to set
- */
- public void setDescription(String description) {
- this.description = description;
- }
-
- /**
- * @return the rbKeyLabel
- */
- public String getRbKeyLabel() {
- return rbKeyLabel;
- }
-
- /**
- * @param rbKeyLabel the rbKeyLabel to set
- */
- public void setRbKeyLabel(String rbKeyLabel) {
- this.rbKeyLabel = rbKeyLabel;
- }
-
- /**
- * @return the rbKeyDescription
- */
- public String getRbKeyDescription() {
- return rbKeyDescription;
- }
-
- /**
- * @param rbKeyDescription the rbKeyDescription to set
- */
- public void setRbKeyDescription(String rbKeyDescription) {
- this.rbKeyDescription = rbKeyDescription;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerPolicyConditionDef={");
- sb.append("name={").append(name).append("} ");
- sb.append("evaluator={").append(evaluator).append("} ");
- sb.append("evaluatorOptions={").append(evaluatorOptions).append("} ");
- sb.append("label={").append(label).append("} ");
- sb.append("description={").append(description).append("} ");
- sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
- sb.append("rbKeyDescription={").append(rbKeyDescription).append("} ");
- sb.append("}");
-
- return sb;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
deleted file mode 100644
index 56a55ae..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-import java.util.Date;
-import java.util.Map;
-import java.util.Set;
-
-public interface RangerAccessRequest {
- RangerResource getResource();
-
- String getAccessType();
-
- String getUser();
-
- Set<String> getUserGroups();
-
- Date getAccessTime();
-
- String getClientIPAddress();
-
- String getClientType();
-
- String getAction();
-
- String getRequestData();
-
- String getSessionId();
-
- Map<String, Object> getContext();
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
deleted file mode 100644
index fff8d4c..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.commons.lang.StringUtils;
-
-
-public class RangerAccessRequestImpl implements RangerAccessRequest {
- private RangerResource resource = null;
- private String accessType = null;
- private String user = null;
- private Set<String> userGroups = null;
- private Date accessTime = null;
- private String clientIPAddress = null;
- private String clientType = null;
- private String action = null;
- private String requestData = null;
- private String sessionId = null;
- private Map<String, Object> context = null;
-
-
- public RangerAccessRequestImpl() {
- this(null, null, null, null);
- }
-
- public RangerAccessRequestImpl(RangerResource resource, String accessType, String user, Set<String> userGroups) {
- setResource(resource);
- setAccessType(accessType);
- setUser(user);
- setUserGroups(userGroups);
-
- // set remaining fields to default value
- setAccessTime(null);
- setClientIPAddress(null);
- setClientType(null);
- setAction(null);
- setRequestData(null);
- setSessionId(null);
- setContext(null);
- }
-
- @Override
- public RangerResource getResource() {
- return resource;
- }
-
- @Override
- public String getAccessType() {
- return accessType;
- }
-
- @Override
- public String getUser() {
- return user;
- }
-
- @Override
- public Set<String> getUserGroups() {
- return userGroups;
- }
-
- @Override
- public Date getAccessTime() {
- return accessTime;
- }
-
- @Override
- public String getClientIPAddress() {
- return clientIPAddress;
- }
-
- @Override
- public String getClientType() {
- return clientType;
- }
-
- @Override
- public String getAction() {
- return action;
- }
-
- @Override
- public String getRequestData() {
- return requestData;
- }
-
- @Override
- public String getSessionId() {
- return sessionId;
- }
-
- @Override
- public Map<String, Object> getContext() {
- return context;
- }
-
-
- public void setResource(RangerResource resource) {
- this.resource = resource;
- }
-
- public void setAccessType(String accessType) {
- this.accessType = accessType;
- }
-
- public void setUser(String user) {
- this.user = user;
- }
-
- public void setUserGroups(Set<String> userGroups) {
- this.userGroups = (userGroups == null) ? new HashSet<String>() : userGroups;
- }
-
- public void setAccessTime(Date accessTime) {
- this.accessTime = (accessTime == null) ? new Date() : accessTime;
- }
-
- public void setClientIPAddress(String clientIPAddress) {
- this.clientIPAddress = clientIPAddress;
- }
-
- public void setClientType(String clientType) {
- this.clientType = clientType;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public void setRequestData(String requestData) {
- this.requestData = requestData;
- }
-
- public void setSessionId(String sessionId) {
- this.sessionId = sessionId;
- }
-
- public void setContext(Map<String, Object> context) {
- this.context = (context == null) ? new HashMap<String, Object>() : context;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerAccessRequestImpl={");
-
- sb.append("resource={").append(resource).append("} ");
- sb.append("accessType={").append(accessType).append("} ");
- sb.append("user={").append(user).append("} ");
-
- sb.append("userGroups={");
- if(userGroups != null) {
- for(String userGroup : userGroups) {
- sb.append(userGroup).append(" ");
- }
- }
-
- sb.append("accessTime={").append(accessTime).append("} ");
- sb.append("clientIPAddress={").append(clientIPAddress).append("} ");
- sb.append("clientType={").append(clientType).append("} ");
- sb.append("action={").append(action).append("} ");
- sb.append("requestData={").append(requestData).append("} ");
- sb.append("sessionId={").append(sessionId).append("} ");
-
-
- sb.append("context={");
- if(context != null) {
- for(Map.Entry<String, Object> e : context.entrySet()) {
- sb.append(e.getKey()).append("={").append(e.getValue()).append("} ");
- }
- }
- sb.append("} ");
-
- sb.append("}");
-
- return sb;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
deleted file mode 100644
index 2eaec16..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-import org.apache.ranger.plugin.model.RangerServiceDef;
-
-
-public class RangerAccessResult {
- private String serviceName = null;
- private RangerServiceDef serviceDef = null;
- private RangerAccessRequest request = null;
-
- private boolean isAllowed = false;
- private boolean isAudited = false;
- private long policyId = -1;
- private String reason = null;
-
- public RangerAccessResult(String serviceName, RangerServiceDef serviceDef, RangerAccessRequest request) {
- this(serviceName, serviceDef, request, false, false, -1, null);
- }
-
- public RangerAccessResult(String serviceName, RangerServiceDef serviceDef, RangerAccessRequest request, boolean isAllowed, boolean isAudited, long policyId, String reason) {
- this.serviceName = serviceName;
- this.serviceDef = serviceDef;
- this.request = request;
- this.isAllowed = isAllowed;
- this.isAudited = isAudited;
- this.policyId = policyId;
- this.reason = reason;
- }
-
- /**
- * @return the serviceName
- */
- public String getServiceName() {
- return serviceName;
- }
-
- /**
- * @return the serviceDef
- */
- public RangerServiceDef getServiceDef() {
- return serviceDef;
- }
-
- /**
- * @return the request
- */
- public RangerAccessRequest getAccessRequest() {
- return request;
- }
-
- /**
- * @return the isAllowed
- */
- public boolean getIsAllowed() {
- return isAllowed;
- }
-
- /**
- * @param isAllowed the isAllowed to set
- */
- public void setIsAllowed(boolean isAllowed) {
- this.isAllowed = isAllowed;
- }
-
- /**
- * @param reason the reason to set
- */
- public void setReason(String reason) {
- this.reason = reason;
- }
-
- /**
- * @return the isAudited
- */
- public boolean getIsAudited() {
- return isAudited;
- }
-
- /**
- * @param isAudited the isAudited to set
- */
- public void setIsAudited(boolean isAudited) {
- this.isAudited = isAudited;
- }
-
- /**
- * @return the reason
- */
- public String getReason() {
- return reason;
- }
-
- /**
- * @return the policyId
- */
- public long getPolicyId() {
- return policyId;
- }
-
- /**
- * @return the policyId
- */
- public void setPolicyId(long policyId) {
- this.policyId = policyId;
- }
-
- public int getServiceType() {
- int ret = -1;
-
- if(serviceDef != null && serviceDef.getId() != null) {
- ret = serviceDef.getId().intValue();
- }
-
- return ret;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerAccessResult={");
-
- sb.append("isAllowed={").append(isAllowed).append("} ");
- sb.append("isAudited={").append(isAudited).append("} ");
- sb.append("policyId={").append(policyId).append("} ");
- sb.append("reason={").append(reason).append("} ");
-
- sb.append("}");
-
- return sb;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
deleted file mode 100644
index f49bf8c..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-
-public interface RangerMutableResource extends RangerResource {
- void setOwnerUser(String ownerUser);
-
- void setValue(String type, String value);
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
deleted file mode 100644
index a66bc23..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-import java.util.Collection;
-import java.util.List;
-
-import org.apache.ranger.plugin.audit.RangerAuditHandler;
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-
-public interface RangerPolicyEngine {
- public static final String GROUP_PUBLIC = "public";
- public static final String ANY_ACCESS = "_any";
- public static final String ADMIN_ACCESS = "_admin";
- public static final long UNKNOWN_POLICY = -1;
-
- String getServiceName();
-
- RangerServiceDef getServiceDef();
-
- void setPolicies(String serviceName, RangerServiceDef serviceDef, List<RangerPolicy> policies);
-
- void setDefaultAuditHandler(RangerAuditHandler auditHandler);
-
- RangerAuditHandler getDefaultAuditHandler();
-
- RangerAccessResult createAccessResult(RangerAccessRequest request);
-
- RangerAccessResult isAccessAllowed(RangerAccessRequest request);
-
- Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests);
-
- RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler);
-
- Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAuditHandler auditHandler);
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
deleted file mode 100644
index 8f6231b..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ /dev/null
@@ -1,254 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.audit.RangerAuditHandler;
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyEvaluator;
-import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
-
-
-public class RangerPolicyEngineImpl implements RangerPolicyEngine {
- private static final Log LOG = LogFactory.getLog(RangerPolicyEngineImpl.class);
-
- private String serviceName = null;
- private RangerServiceDef serviceDef = null;
- private List<RangerPolicyEvaluator> policyEvaluators = null;
- private RangerAuditHandler defaultAuditHandler = null;
-
-
- public RangerPolicyEngineImpl() {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPolicyEngineImpl()");
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPolicyEngineImpl()");
- }
- }
-
- @Override
- public String getServiceName() {
- return serviceName;
- }
-
- @Override
- public RangerServiceDef getServiceDef() {
- return serviceDef;
- }
-
- @Override
- public void setPolicies(String serviceName, RangerServiceDef serviceDef, List<RangerPolicy> policies) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPolicyEngineImpl.setPolicies(" + serviceName + ", " + serviceDef + ", policies.count=" + (policies == null ? 0 : policies.size()) + ")");
- }
-
- if(serviceName != null && serviceDef != null && policies != null) {
- List<RangerPolicyEvaluator> evaluators = new ArrayList<RangerPolicyEvaluator>();
-
- for(RangerPolicy policy : policies) {
- if(! policy.getIsEnabled()) {
- continue;
- }
-
- RangerPolicyEvaluator evaluator = getPolicyEvaluator(policy, serviceDef);
-
- if(evaluator != null) {
- evaluators.add(evaluator);
- }
- }
-
- /* TODO:
- * sort evaluators list for faster completion of isAccessAllowed() method
- * 1. Global policies: the policies that cover for any resource (for example: database=*; table=*; column=*)
- * 2. Policies that cover all resources under level-1 (for example: every thing in one or more databases)
- * 3. Policies that cover all resources under level-2 (for example: every thing in one or more tables)
- * ...
- * 4. Policies that cover all resources under level-n (for example: one or more columns)
- *
- */
-
- this.serviceName = serviceName;
- this.serviceDef = serviceDef;
- this.policyEvaluators = evaluators;
- } else {
- LOG.error("RangerPolicyEngineImpl.setPolicies(): invalid arguments - null serviceDef/policies");
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPolicyEngineImpl.setPolicies(" + serviceName + ", " + serviceDef + ", policies.count=" + (policies == null ? 0 : policies.size()) + ")");
- }
- }
-
- @Override
- public void setDefaultAuditHandler(RangerAuditHandler auditHandler) {
- this.defaultAuditHandler = auditHandler;
- }
-
- @Override
- public RangerAuditHandler getDefaultAuditHandler() {
- return defaultAuditHandler;
- }
-
- @Override
- public RangerAccessResult createAccessResult(RangerAccessRequest request) {
- return new RangerAccessResult(serviceName, serviceDef, request);
- }
-
- @Override
- public RangerAccessResult isAccessAllowed(RangerAccessRequest request) {
- return isAccessAllowed(request, defaultAuditHandler);
- }
-
- @Override
- public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests) {
- return isAccessAllowed(requests, defaultAuditHandler);
- }
-
- @Override
- public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowed(" + request + ")");
- }
-
- RangerAccessResult ret = isAccessAllowedNoAudit(request);
-
- if(auditHandler != null) {
- auditHandler.logAudit(ret);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPolicyEngineImpl.isAccessAllowed(" + request + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAuditHandler auditHandler) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowed(" + requests + ")");
- }
-
- Collection<RangerAccessResult> ret = new ArrayList<RangerAccessResult>();
-
- if(requests != null) {
- for(RangerAccessRequest request : requests) {
- RangerAccessResult result = isAccessAllowedNoAudit(request);
-
- ret.add(result);
- }
- }
-
- if(auditHandler != null) {
- auditHandler.logAudit(ret);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPolicyEngineImpl.isAccessAllowed(" + requests + "): " + ret);
- }
-
- return ret;
- }
-
- protected RangerAccessResult isAccessAllowedNoAudit(RangerAccessRequest request) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowedNoAudit(" + request + ")");
- }
-
- RangerAccessResult ret = createAccessResult(request);
-
- if(request != null) {
- List<RangerPolicyEvaluator> evaluators = policyEvaluators;
-
- if(evaluators != null) {
- for(RangerPolicyEvaluator evaluator : evaluators) {
- evaluator.evaluate(request, ret);
-
- // stop once allowed=true && audited==true
- if(ret.getIsAllowed() && ret.getIsAudited()) {
- break;
- }
- }
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPolicyEngineImpl.isAccessAllowedNoAudit(" + request + "): " + ret);
- }
-
- return ret;
- }
-
- private RangerPolicyEvaluator getPolicyEvaluator(RangerPolicy policy, RangerServiceDef serviceDef) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPolicyEngineImpl.getPolicyEvaluator(" + policy + "," + serviceDef + ")");
- }
-
- RangerPolicyEvaluator ret = null;
-
- ret = new RangerDefaultPolicyEvaluator(); // TODO: configurable evaluator class?
-
- ret.init(policy, serviceDef);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPolicyEngineImpl.getPolicyEvaluator(" + policy + "," + serviceDef + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerPolicyEngineImpl={");
-
- sb.append("serviceName={").append(serviceName).append("} ");
- sb.append("serviceDef={").append(serviceDef).append("} ");
-
- sb.append("policyEvaluators={");
- if(policyEvaluators != null) {
- for(RangerPolicyEvaluator policyEvaluator : policyEvaluators) {
- if(policyEvaluator != null) {
- sb.append(policyEvaluator).append(" ");
- }
- }
- }
- sb.append("} ");
-
- sb.append("}");
-
- return sb;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
deleted file mode 100644
index 6941bc3..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-import java.util.Set;
-
-
-public interface RangerResource {
- public abstract String getOwnerUser();
-
- public abstract boolean exists(String name);
-
- public abstract String getValue(String name);
-
- public Set<String> getKeys();
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
deleted file mode 100644
index 86f7ea4..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-
-public class RangerResourceImpl implements RangerMutableResource {
- private String ownerUser = null;
- private Map<String, String> elements = null;
-
-
- public RangerResourceImpl() {
- }
-
- @Override
- public String getOwnerUser() {
- return ownerUser;
- }
-
- @Override
- public boolean exists(String name) {
- return elements != null && elements.containsKey(name);
- }
-
- @Override
- public String getValue(String name) {
- String ret = null;
-
- if(elements != null && elements.containsKey(name)) {
- ret = elements.get(name);
- }
-
- return ret;
- }
-
- @Override
- public Set<String> getKeys() {
- Set<String> ret = null;
-
- if(elements != null) {
- ret = elements.keySet();
- }
-
- return ret;
- }
-
- @Override
- public void setOwnerUser(String ownerUser) {
- this.ownerUser = ownerUser;
- }
-
- @Override
- public void setValue(String name, String value) {
- if(elements == null) {
- elements = new HashMap<String, String>();
- }
-
- elements.put(name, value);
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerResourceImpl={");
-
- sb.append("ownerUser={").append(ownerUser).append("} ");
-
- sb.append("elements={");
- if(elements != null) {
- for(Map.Entry<String, String> e : elements.entrySet()) {
- sb.append(e.getKey()).append("=").append(e.getValue()).append("; ");
- }
- }
- sb.append("} ");
-
- sb.append("}");
-
- return sb;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java
deleted file mode 100644
index 36273eb..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyevaluator;
-
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-
-
-public abstract class RangerAbstractPolicyEvaluator implements RangerPolicyEvaluator {
- private static final Log LOG = LogFactory.getLog(RangerAbstractPolicyEvaluator.class);
-
- private RangerPolicy policy = null;
- private RangerServiceDef serviceDef = null;
-
-
- @Override
- public void init(RangerPolicy policy, RangerServiceDef serviceDef) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerAbstractPolicyEvaluator.init(" + policy + ", " + serviceDef + ")");
- }
-
- this.policy = policy;
- this.serviceDef = serviceDef;
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerAbstractPolicyEvaluator.init(" + policy + ", " + serviceDef + ")");
- }
- }
-
- @Override
- public RangerPolicy getPolicy() {
- return policy;
- }
-
- @Override
- public RangerServiceDef getServiceDef() {
- return serviceDef;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerAbstractPolicyEvaluator={");
-
- sb.append("policy={").append(policy).append("} ");
- sb.append("serviceDef={").append(serviceDef).append("} ");
-
- sb.append("}");
-
- return sb;
- }
-}
[6/8] incubator-ranger git commit: RANGER-203: moved
pluggable-service-model implementation from plugin-common to exiting project
ranger-plugin-common
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
new file mode 100644
index 0000000..b51c160
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
@@ -0,0 +1,1589 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store.file;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.collections.Predicate;
+import org.apache.commons.collections.PredicateUtils;
+import org.apache.commons.lang.ObjectUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.fs.Path;
+import org.apache.ranger.plugin.model.RangerBaseModelObject;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
+import org.apache.ranger.plugin.store.ServiceStore;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.plugin.util.ServicePolicies;
+
+
+public class ServiceFileStore extends BaseFileStore implements ServiceStore {
+ private static final Log LOG = LogFactory.getLog(ServiceFileStore.class);
+
+ private long nextServiceDefId = 0;
+ private long nextServiceId = 0;
+ private long nextPolicyId = 0;
+
+ static Map<String, Long> legacyServiceDefs = new HashMap<String, Long>();
+
+ static {
+ legacyServiceDefs.put("hdfs", new Long(1));
+ legacyServiceDefs.put("hbase", new Long(2));
+ legacyServiceDefs.put("hive", new Long(3));
+ legacyServiceDefs.put("knox", new Long(5));
+ legacyServiceDefs.put("storm", new Long(6));
+ }
+
+ public ServiceFileStore() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.ServiceFileStore()");
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.ServiceFileStore()");
+ }
+ }
+
+ @Override
+ public void init() throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.init()");
+ }
+
+ super.initStore();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.init()");
+ }
+ }
+
+ @Override
+ public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.createServiceDef(" + serviceDef + ")");
+ }
+
+ RangerServiceDef existing = getServiceDefByName(serviceDef.getName());
+
+ if(existing != null) {
+ throw new Exception(serviceDef.getName() + ": service-def already exists (id=" + existing.getId() + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ try {
+ preCreate(serviceDef);
+
+ serviceDef.setId(nextServiceDefId++);
+
+ ret = saveToFile(serviceDef, false);
+
+ postCreate(ret);
+ } catch(Exception excp) {
+ LOG.warn("ServiceDefFileStore.createServiceDef(): failed to save service-def '" + serviceDef.getName() + "'", excp);
+
+ throw new Exception("failed to save service-def '" + serviceDef.getName() + "'", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.createServiceDef(" + serviceDef + ")");
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.updateServiceDef(" + serviceDef + ")");
+ }
+
+ RangerServiceDef existing = getServiceDef(serviceDef.getId());
+
+ if(existing == null) {
+ throw new Exception(serviceDef.getId() + ": service-def does not exist");
+ }
+
+ if(isLegacyServiceDef(existing)) {
+ String msg = existing.getName() + ": is an in-built service-def. Update not allowed";
+
+ LOG.warn(msg);
+
+ throw new Exception(msg);
+ }
+
+ String existingName = existing.getName();
+
+ boolean renamed = !StringUtils.equalsIgnoreCase(serviceDef.getName(), existingName);
+
+ // renaming service-def would require updating services that refer to this service-def
+ if(renamed) {
+ LOG.warn("ServiceDefFileStore.updateServiceDef(): service-def renaming not supported. " + existingName + " ==> " + serviceDef.getName());
+
+ throw new Exception("service-def renaming not supported. " + existingName + " ==> " + serviceDef.getName());
+ }
+
+ RangerServiceDef ret = null;
+
+ try {
+ existing.updateFrom(serviceDef);
+
+ preUpdate(existing);
+
+ ret = saveToFile(existing, true);
+
+ postUpdate(ret);
+ } catch(Exception excp) {
+ LOG.warn("ServiceDefFileStore.updateServiceDef(): failed to save service-def '" + existing.getName() + "'", excp);
+
+ throw new Exception("failed to save service-def '" + existing.getName() + "'", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.updateServiceDef(" + serviceDef + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void deleteServiceDef(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.deleteServiceDef(" + id + ")");
+ }
+
+ RangerServiceDef existing = getServiceDef(id);
+
+ if(existing == null) {
+ throw new Exception("service-def does not exist. id=" + id);
+ }
+
+ if(isLegacyServiceDef(existing)) {
+ String msg = existing.getName() + ": is an in-built service-def. Update not allowed";
+
+ LOG.warn(msg);
+
+ throw new Exception(msg);
+ }
+
+ // TODO: deleting service-def would require deleting services that refer to this service-def
+
+ try {
+ preDelete(existing);
+
+ Path filePath = new Path(getServiceDefFile(id));
+
+ deleteFile(filePath);
+
+ postDelete(existing);
+ } catch(Exception excp) {
+ throw new Exception("failed to delete service-def. id=" + id + "; name=" + existing.getName(), excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.deleteServiceDef(" + id + ")");
+ }
+ }
+
+ @Override
+ public RangerServiceDef getServiceDef(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.getServiceDef(" + id + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ if(id != null) {
+ SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_TYPE_ID, id.toString());
+
+ List<RangerServiceDef> serviceDefs = getServiceDefs(filter);
+
+ ret = CollectionUtils.isEmpty(serviceDefs) ? null : serviceDefs.get(0);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.getServiceDef(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerServiceDef getServiceDefByName(String name) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.getServiceDefByName(" + name + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ if(name != null) {
+ SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_TYPE, name);
+
+ List<RangerServiceDef> serviceDefs = getServiceDefs(filter);
+
+ ret = CollectionUtils.isEmpty(serviceDefs) ? null : serviceDefs.get(0);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.getServiceDefByName(" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerServiceDef> getServiceDefs(SearchFilter filter) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.getServiceDefs()");
+ }
+
+ List<RangerServiceDef> ret = getAllServiceDefs();
+
+ if(ret != null && filter != null && !filter.isEmpty()) {
+ CollectionUtils.filter(ret, getPredicate(filter));
+
+ Comparator<RangerBaseModelObject> comparator = getSorter(filter);
+
+ if(comparator != null) {
+ Collections.sort(ret, comparator);
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.getServiceDefs(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+
+ @Override
+ public RangerService createService(RangerService service) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.createService(" + service + ")");
+ }
+
+ RangerService existing = getServiceByName(service.getName());
+
+ if(existing != null) {
+ throw new Exception("service already exists - '" + service.getName() + "'. ID=" + existing.getId());
+ }
+
+ RangerService ret = null;
+
+ try {
+ preCreate(service);
+
+ service.setId(nextServiceId++);
+
+ ret = saveToFile(service, false);
+
+ postCreate(service);
+ } catch(Exception excp) {
+ throw new Exception("failed to save service '" + service.getName() + "'", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.createService(" + service + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerService updateService(RangerService service) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.updateService(" + service + ")");
+ }
+
+ RangerService existing = getService(service.getId());
+
+ if(existing == null) {
+ throw new Exception("no service exists with ID=" + service.getId());
+ }
+
+ String existingName = existing.getName();
+
+ boolean renamed = !StringUtils.equalsIgnoreCase(service.getName(), existingName);
+
+ if(renamed) {
+ RangerService newNameService = getServiceByName(service.getName());
+
+ if(newNameService != null) {
+ throw new Exception("another service already exists with name '" + service.getName() + "'. ID=" + newNameService.getId());
+ }
+ }
+
+ RangerService ret = null;
+
+ try {
+ existing.updateFrom(service);
+
+ preUpdate(existing);
+
+ ret = saveToFile(existing, true);
+
+ postUpdate(ret);
+
+ if(renamed) {
+ handleServiceRename(ret, existingName);
+ }
+ } catch(Exception excp) {
+ throw new Exception("failed to update service '" + existing.getName() + "'", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.updateService(" + service + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void deleteService(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.deleteService(" + id + ")");
+ }
+
+ RangerService existing = getService(id);
+
+ if(existing == null) {
+ throw new Exception("no service exists with ID=" + id);
+ }
+
+ try {
+ Path filePath = new Path(getServiceFile(id));
+
+ preDelete(existing);
+
+ handleServiceDelete(existing);
+
+ deleteFile(filePath);
+
+ postDelete(existing);
+ } catch(Exception excp) {
+ throw new Exception("failed to delete service with ID=" + id, excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.deleteService(" + id + ")");
+ }
+ }
+
+ @Override
+ public RangerService getService(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getService(" + id + ")");
+ }
+
+ RangerService ret = null;
+
+ try {
+ Path filePath = new Path(getServiceFile(id));
+
+ ret = loadFromFile(filePath, RangerService.class);
+ } catch(Exception excp) {
+ LOG.error("ServiceFileStore.getService(" + id + "): failed to read service", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getService(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerService getServiceByName(String name) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getServiceByName(" + name + ")");
+ }
+
+ RangerService ret = null;
+
+ if(name != null) {
+ SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_NAME, name);
+
+ List<RangerService> services = getServices(filter);
+
+ ret = CollectionUtils.isEmpty(services) ? null : services.get(0);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getServiceByName(" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerService> getServices(SearchFilter filter) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getServices()");
+ }
+
+ List<RangerService> ret = getAllServices();
+
+ if(ret != null && filter != null && !filter.isEmpty()) {
+ CollectionUtils.filter(ret, getPredicate(filter));
+
+ Comparator<RangerBaseModelObject> comparator = getSorter(filter);
+
+ if(comparator != null) {
+ Collections.sort(ret, comparator);
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getServices(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerPolicy createPolicy(RangerPolicy policy) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.createPolicy(" + policy + ")");
+ }
+
+ RangerService service = getServiceByName(policy.getService());
+
+ if(service == null) {
+ throw new Exception("service does not exist - name=" + policy.getService());
+ }
+
+ RangerPolicy existing = findPolicyByName(policy.getService(), policy.getName());
+
+ if(existing != null) {
+ throw new Exception("policy already exists: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName() + ". ID=" + existing.getId());
+ }
+
+ RangerPolicy ret = null;
+
+ try {
+ preCreate(policy);
+
+ policy.setId(nextPolicyId++);
+
+ ret = saveToFile(policy, service.getId(), false);
+
+ handlePolicyUpdate(service);
+
+ postCreate(ret);
+ } catch(Exception excp) {
+ throw new Exception("failed to save policy: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName(), excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.createPolicy(" + policy + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerPolicy updatePolicy(RangerPolicy policy) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.updatePolicy(" + policy + ")");
+ }
+
+ RangerPolicy existing = getPolicy(policy.getId());
+
+ if(existing == null) {
+ throw new Exception("no policy exists with ID=" + policy.getId());
+ }
+
+ RangerService service = getServiceByName(policy.getService());
+
+ if(service == null) {
+ throw new Exception("service does not exist - name=" + policy.getService());
+ }
+
+ if(! StringUtils.equalsIgnoreCase(existing.getService(), policy.getService())) {
+ throw new Exception("policy id=" + policy.getId() + " already exists in service " + existing.getService() + ". It can not be moved to service " + policy.getService());
+ }
+
+ boolean renamed = !StringUtils.equalsIgnoreCase(policy.getName(), existing.getName());
+
+ if(renamed) {
+ RangerPolicy newNamePolicy = findPolicyByName(service.getName(), policy.getName());
+
+ if(newNamePolicy != null) {
+ throw new Exception("another policy already exists with name '" + policy.getName() + "'. ID=" + newNamePolicy.getId());
+ }
+ }
+
+ RangerPolicy ret = null;
+
+ try {
+ existing.updateFrom(policy);
+
+ preUpdate(existing);
+
+ ret = saveToFile(existing, service.getId(), true);
+
+ handlePolicyUpdate(service);
+
+ postUpdate(ret);
+ } catch(Exception excp) {
+ throw new Exception("failed to update policy - ID=" + existing.getId(), excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.updatePolicy(" + policy + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void deletePolicy(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.deletePolicy(" + id + ")");
+ }
+
+ RangerPolicy existing = getPolicy(id);
+
+ if(existing == null) {
+ throw new Exception("no policy exists with ID=" + id);
+ }
+
+ RangerService service = getServiceByName(existing.getService());
+
+ if(service == null) {
+ throw new Exception("service does not exist - name='" + existing.getService());
+ }
+
+ try {
+ preDelete(existing);
+
+ Path filePath = new Path(getPolicyFile(service.getId(), existing.getId()));
+
+ deleteFile(filePath);
+
+ handlePolicyUpdate(service);
+
+ postDelete(existing);
+ } catch(Exception excp) {
+ throw new Exception(existing.getId() + ": failed to delete policy", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.deletePolicy(" + id + ")");
+ }
+ }
+
+ @Override
+ public RangerPolicy getPolicy(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getPolicy(" + id + ")");
+ }
+
+ RangerPolicy ret = null;
+
+ if(id != null) {
+ SearchFilter filter = new SearchFilter(SearchFilter.POLICY_ID, id.toString());
+
+ List<RangerPolicy> policies = getPolicies(filter);
+
+ ret = CollectionUtils.isEmpty(policies) ? null : policies.get(0);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getPolicy(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getPolicies(SearchFilter filter) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getPolicies()");
+ }
+
+ List<RangerPolicy> ret = getAllPolicies();
+
+ if(ret != null && filter != null && !filter.isEmpty()) {
+ CollectionUtils.filter(ret, getPredicate(filter));
+
+ Comparator<RangerBaseModelObject> comparator = getSorter(filter);
+
+ if(comparator != null) {
+ Collections.sort(ret, comparator);
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getPolicies(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getServicePolicies(Long serviceId, SearchFilter filter) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getServicePolicies(" + serviceId + ")");
+ }
+
+ RangerService service = getService(serviceId);
+
+ if(service == null) {
+ throw new Exception("service does not exist - id='" + serviceId);
+ }
+
+ List<RangerPolicy> ret = getServicePolicies(service.getName(), filter);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getServicePolicies(" + serviceId + "): " + ((ret == null) ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getServicePolicies(String serviceName, SearchFilter filter) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getServicePolicies(" + serviceName + ")");
+ }
+
+ List<RangerPolicy> ret = new ArrayList<RangerPolicy>();
+
+ try {
+ if(filter == null) {
+ filter = new SearchFilter();
+ }
+
+ filter.setParam(SearchFilter.SERVICE_NAME, serviceName);
+
+ ret = getPolicies(filter);
+ } catch(Exception excp) {
+ LOG.error("ServiceFileStore.getServicePolicies(" + serviceName + "): failed to read policies", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getServicePolicies(" + serviceName + "): count=" + ((ret == null) ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ @Override
+ public ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long lastKnownVersion) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")");
+ }
+
+ RangerService service = getServiceByName(serviceName);
+
+ if(service == null) {
+ throw new Exception("service does not exist - name=" + serviceName);
+ }
+
+ RangerServiceDef serviceDef = getServiceDefByName(service.getType());
+
+ if(serviceDef == null) {
+ throw new Exception(service.getType() + ": unknown service-def)");
+ }
+
+ ServicePolicies ret = new ServicePolicies();
+ ret.setServiceId(service.getId());
+ ret.setServiceName(service.getName());
+ ret.setPolicyVersion(service.getPolicyVersion());
+ ret.setPolicyUpdateTime(service.getPolicyUpdateTime());
+ ret.setServiceDef(serviceDef);
+ ret.setPolicies(new ArrayList<RangerPolicy>());
+
+ if(lastKnownVersion == null || service.getPolicyVersion() == null || lastKnownVersion.longValue() != service.getPolicyVersion().longValue()) {
+ SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_NAME, serviceName);
+
+ List<RangerPolicy> policies = getPolicies(filter);
+
+ ret.setPolicies(policies);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
+ }
+
+ if(ret != null && ret.getPolicies() != null) {
+ Collections.sort(ret.getPolicies(), idComparator);
+ }
+
+ return ret;
+ }
+
+
+ private void handleServiceRename(RangerService service, String oldName) throws Exception {
+ List<RangerPolicy> policies = getAllPolicies();
+
+ if(policies != null) {
+ for(RangerPolicy policy : policies) {
+ if(StringUtils.equalsIgnoreCase(policy.getService(), oldName)) {
+ policy.setService(service.getName());
+
+ preUpdate(policy);
+
+ saveToFile(policy, service.getId(), true);
+
+ postUpdate(policy);
+ }
+ }
+ }
+ }
+
+ private void handleServiceDelete(RangerService service) throws Exception {
+ List<RangerPolicy> policies = getAllPolicies();
+
+ if(policies != null) {
+ for(RangerPolicy policy : policies) {
+ if(! StringUtils.equals(policy.getService(), service.getName())) {
+ continue;
+ }
+
+ preDelete(policy);
+
+ Path filePath = new Path(getPolicyFile(service.getId(), policy.getId()));
+
+ deleteFile(filePath);
+
+ postDelete(policy);
+ }
+ }
+ }
+
+ private void handlePolicyUpdate(RangerService service) throws Exception {
+ if(service == null) {
+ return;
+ }
+
+ Long policyVersion = service.getPolicyVersion();
+
+ if(policyVersion == null) {
+ policyVersion = new Long(1);
+ } else {
+ policyVersion = new Long(policyVersion.longValue() + 1);
+ }
+
+ service.setPolicyVersion(policyVersion);
+ service.setPolicyUpdateTime(new Date());
+
+ saveToFile(service, true);
+ }
+
+ private RangerPolicy findPolicyByName(String serviceName, String policyName) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.findPolicyByName(" + serviceName + ", " + policyName + ")");
+ }
+
+ RangerService service = getServiceByName(serviceName);
+
+ if(service == null) {
+ throw new Exception("service does not exist - name='" + serviceName);
+ }
+
+ RangerPolicy ret = null;
+
+ SearchFilter filter = new SearchFilter();
+
+ filter.setParam(SearchFilter.SERVICE_NAME, serviceName);
+ filter.setParam(SearchFilter.POLICY_NAME, policyName);
+
+ List<RangerPolicy> policies = getPolicies(filter);
+
+ ret = CollectionUtils.isEmpty(policies) ? null : policies.get(0);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.findPolicyByName(" + serviceName + ", " + policyName + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ private boolean isLegacyServiceDef(RangerServiceDef sd) {
+ return sd == null ? false : (isLegacyServiceDef(sd.getName()) || isLegacyServiceDef(sd.getId()));
+ }
+
+ private boolean isLegacyServiceDef(String name) {
+ return name == null ? false : legacyServiceDefs.containsKey(name);
+ }
+
+ private boolean isLegacyServiceDef(Long id) {
+ return id == null ? false : legacyServiceDefs.containsValue(id);
+ }
+
+ private List<RangerServiceDef> getAllServiceDefs() throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceDefFileStore.getAllServiceDefs()");
+ }
+
+ List<RangerServiceDef> ret = new ArrayList<RangerServiceDef>();
+
+ try {
+ // load definitions for legacy services from embedded resources
+ String[] legacyServiceDefResources = {
+ "/service-defs/ranger-servicedef-hdfs.json",
+ "/service-defs/ranger-servicedef-hive.json",
+ "/service-defs/ranger-servicedef-hbase.json",
+ "/service-defs/ranger-servicedef-knox.json",
+ "/service-defs/ranger-servicedef-storm.json",
+ };
+
+ for(String resource : legacyServiceDefResources) {
+ RangerServiceDef sd = loadFromResource(resource, RangerServiceDef.class);
+
+ if(sd != null) {
+ ret.add(sd);
+ }
+ }
+ nextServiceDefId = getMaxId(ret) + 1;
+
+ // load service definitions from file system
+ List<RangerServiceDef> sds = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE_DEF, RangerServiceDef.class);
+
+ if(sds != null) {
+ for(RangerServiceDef sd : sds) {
+ if(sd != null) {
+ if(isLegacyServiceDef(sd)) {
+ LOG.warn("Found in-built service-def '" + sd.getName() + "' under " + getDataDir() + ". Ignorning");
+
+ continue;
+ }
+
+ // if the ServiceDef is already found, remove the earlier definition
+ for(int i = 0; i < ret.size(); i++) {
+ RangerServiceDef currSd = ret.get(i);
+
+ if(StringUtils.equals(currSd.getName(), sd.getName()) ||
+ ObjectUtils.equals(currSd.getId(), sd.getId())) {
+ ret.remove(i);
+ }
+ }
+
+ ret.add(sd);
+ }
+ }
+ }
+ nextServiceDefId = getMaxId(ret) + 1;
+ } catch(Exception excp) {
+ LOG.error("ServiceDefFileStore.getAllServiceDefs(): failed to read service-defs", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDefFileStore.getAllServiceDefs(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ if(ret != null) {
+ Collections.sort(ret, idComparator);
+
+ for(RangerServiceDef sd : ret) {
+ Collections.sort(sd.getResources(), resourceLevelComparator);
+ }
+ }
+
+ return ret;
+ }
+
+ private List<RangerService> getAllServices() throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getAllServices()");
+ }
+
+ List<RangerService> ret = null;
+
+ try {
+ ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE, RangerService.class);
+
+ nextServiceId = getMaxId(ret) + 1;
+ } catch(Exception excp) {
+ LOG.error("ServiceFileStore.getAllServices(): failed to read services", excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getAllServices(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ if(ret != null) {
+ Collections.sort(ret, idComparator);
+ }
+
+ return ret;
+ }
+
+ private List<RangerPolicy> getAllPolicies() throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceFileStore.getAllPolicies()");
+ }
+
+ List<RangerPolicy> ret = null;
+
+ try {
+ ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_POLICY, RangerPolicy.class);
+
+ nextPolicyId = getMaxId(ret) + 1;
+ } catch(Exception excp) {
+ LOG.error("ServiceFileStore.getAllPolicies(): failed to read policies", excp);
+ }
+
+ if(ret != null) {
+ Collections.sort(ret, idComparator);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceFileStore.getAllPolicies(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ private String getServiceType(String serviceName) {
+ RangerService service = null;
+
+ try {
+ service = getServiceByName(serviceName);
+ } catch(Exception excp) {
+ // ignore
+ }
+
+ return service != null ? service.getType() : null;
+ }
+
+ private Long getServiceId(String serviceName) {
+ RangerService service = null;
+
+ try {
+ service = getServiceByName(serviceName);
+ } catch(Exception excp) {
+ // ignore
+ }
+
+ return service != null ? service.getId() : null;
+ }
+
+ private final static Comparator<RangerBaseModelObject> idComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ Long val1 = (o1 != null) ? o1.getId() : null;
+ Long val2 = (o2 != null) ? o2.getId() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ private final static Comparator<RangerBaseModelObject> createTimeComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ Date val1 = (o1 != null) ? o1.getCreateTime() : null;
+ Date val2 = (o2 != null) ? o2.getCreateTime() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ private final static Comparator<RangerBaseModelObject> updateTimeComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ Date val1 = (o1 != null) ? o1.getUpdateTime() : null;
+ Date val2 = (o2 != null) ? o2.getUpdateTime() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ private final static Comparator<RangerBaseModelObject> serviceDefNameComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ String val1 = null;
+ String val2 = null;
+
+ if(o1 != null) {
+ if(o1 instanceof RangerServiceDef) {
+ val1 = ((RangerServiceDef)o1).getName();
+ } else if(o1 instanceof RangerService) {
+ val1 = ((RangerService)o1).getType();
+ }
+ }
+
+ if(o2 != null) {
+ if(o2 instanceof RangerServiceDef) {
+ val2 = ((RangerServiceDef)o2).getName();
+ } else if(o2 instanceof RangerService) {
+ val2 = ((RangerService)o2).getType();
+ }
+ }
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ private final static Comparator<RangerBaseModelObject> serviceNameComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ String val1 = null;
+ String val2 = null;
+
+ if(o1 != null) {
+ if(o1 instanceof RangerPolicy) {
+ val1 = ((RangerPolicy)o1).getService();
+ } else if(o1 instanceof RangerService) {
+ val1 = ((RangerService)o1).getType();
+ }
+ }
+
+ if(o2 != null) {
+ if(o2 instanceof RangerPolicy) {
+ val2 = ((RangerPolicy)o2).getService();
+ } else if(o2 instanceof RangerService) {
+ val2 = ((RangerService)o2).getType();
+ }
+ }
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ private final static Comparator<RangerBaseModelObject> policyNameComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ String val1 = (o1 != null && o1 instanceof RangerPolicy) ? ((RangerPolicy)o1).getName() : null;
+ String val2 = (o2 != null && o2 instanceof RangerPolicy) ? ((RangerPolicy)o2).getName() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ private final static Comparator<RangerResourceDef> resourceLevelComparator = new Comparator<RangerResourceDef>() {
+ @Override
+ public int compare(RangerResourceDef o1, RangerResourceDef o2) {
+ Integer val1 = (o1 != null) ? o1.getLevel() : null;
+ Integer val2 = (o2 != null) ? o2.getLevel() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ private Predicate getPredicate(SearchFilter filter) {
+ if(filter == null || filter.isEmpty()) {
+ return null;
+ }
+
+ List<Predicate> predicates = new ArrayList<Predicate>();
+
+ addPredicateForLoginUser(filter.getParam(SearchFilter.LOGIN_USER), predicates);
+ addPredicateForServiceType(filter.getParam(SearchFilter.SERVICE_TYPE), predicates);
+ addPredicateForServiceTypeId(filter.getParam(SearchFilter.SERVICE_TYPE_ID), predicates);
+ addPredicateForServiceName(filter.getParam(SearchFilter.SERVICE_NAME), predicates);
+ addPredicateForServiceId(filter.getParam(SearchFilter.SERVICE_ID), predicates);
+ addPredicateForPolicyName(filter.getParam(SearchFilter.POLICY_NAME), predicates);
+ addPredicateForPolicyId(filter.getParam(SearchFilter.POLICY_ID), predicates);
+ addPredicateForStatus(filter.getParam(SearchFilter.STATUS), predicates);
+ addPredicateForUserName(filter.getParam(SearchFilter.USER), predicates);
+ addPredicateForGroupName(filter.getParam(SearchFilter.GROUP), predicates);
+ addPredicateForResources(filter.getParamsWithPrefix(SearchFilter.RESOURCE_PREFIX, true), predicates);
+
+ Predicate ret = CollectionUtils.isEmpty(predicates) ? null : PredicateUtils.allPredicate(predicates);
+
+ return ret;
+ }
+
+ private static Map<String, Comparator<RangerBaseModelObject>> sorterMap = new HashMap<String, Comparator<RangerBaseModelObject>>();
+
+ static {
+ sorterMap.put(SearchFilter.SERVICE_TYPE, serviceDefNameComparator);
+ sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
+ sorterMap.put(SearchFilter.SERVICE_NAME, serviceNameComparator);
+ sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
+ sorterMap.put(SearchFilter.POLICY_NAME, policyNameComparator);
+ sorterMap.put(SearchFilter.POLICY_ID, idComparator);
+ sorterMap.put(SearchFilter.CREATE_TIME, createTimeComparator);
+ sorterMap.put(SearchFilter.UPDATE_TIME, updateTimeComparator);
+ }
+
+ private Comparator<RangerBaseModelObject> getSorter(SearchFilter filter) {
+ String sortBy = filter == null ? null : filter.getParam(SearchFilter.SORT_BY);
+
+ if(StringUtils.isEmpty(sortBy)) {
+ return null;
+ }
+
+ Comparator<RangerBaseModelObject> ret = sorterMap.get(sortBy);
+
+ return ret;
+ }
+
+ private Predicate addPredicateForLoginUser(final String loginUser, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(loginUser)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
+ if(!policyItem.getDelegateAdmin()) {
+ continue;
+ }
+
+ if(policyItem.getUsers().contains(loginUser)) { // TODO: group membership check
+ ret = true;
+
+ break;
+ }
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(ret != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForServiceType(final String serviceType, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(serviceType)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ ret = StringUtils.equals(serviceType, getServiceType(policy.getService()));
+ } else if(object instanceof RangerService) {
+ RangerService service = (RangerService)object;
+
+ ret = StringUtils.equals(serviceType, service.getType());
+ } else if(object instanceof RangerServiceDef) {
+ RangerServiceDef serviceDef = (RangerServiceDef)object;
+
+ ret = StringUtils.equals(serviceType, serviceDef.getName());
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForServiceTypeId(final String serviceTypeId, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(serviceTypeId)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerServiceDef) {
+ RangerServiceDef serviceDef = (RangerServiceDef)object;
+ Long svcDefId = serviceDef.getId();
+
+ if(svcDefId != null) {
+ ret = StringUtils.equals(serviceTypeId, svcDefId.toString());
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForServiceName(final String serviceName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(serviceName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ ret = StringUtils.equals(serviceName, policy.getService());
+ } else if(object instanceof RangerService) {
+ RangerService service = (RangerService)object;
+
+ ret = StringUtils.equals(serviceName, service.getName());
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(ret != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForServiceId(final String serviceId, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(serviceId)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+ Long svcId = getServiceId(policy.getService());
+
+ if(svcId != null) {
+ ret = StringUtils.equals(serviceId, svcId.toString());
+ }
+ } else if(object instanceof RangerService) {
+ RangerService service = (RangerService)object;
+
+ if(service.getId() != null) {
+ ret = StringUtils.equals(serviceId, service.getId().toString());
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForPolicyName(final String policyName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(policyName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ ret = StringUtils.equals(policyName, policy.getName());
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForPolicyId(final String policyId, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(policyId)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ if(policy.getId() != null) {
+ ret = StringUtils.equals(policyId, policy.getId().toString());
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForUserName(final String userName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(userName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
+ if(policyItem.getUsers().contains(userName)) { // TODO: group membership check
+ ret = true;
+
+ break;
+ }
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForGroupName(final String groupName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(groupName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
+ if(policyItem.getGroups().contains(groupName)) {
+ ret = true;
+
+ break;
+ }
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForStatus(final String status, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(status)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerBaseModelObject) {
+ RangerBaseModelObject obj = (RangerBaseModelObject)object;
+
+ if(StringUtils.equals(status, "enabled")) {
+ ret = obj.getIsEnabled();
+ } else if(StringUtils.equals(status, "disabled")) {
+ ret = !obj.getIsEnabled();
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForResources(final Map<String, String> resources, List<Predicate> predicates) {
+ if(MapUtils.isEmpty(resources)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ if(! MapUtils.isEmpty(policy.getResources())) {
+ int numFound = 0;
+ for(String name : resources.keySet()) {
+ boolean isMatch = false;
+
+ RangerPolicyResource policyResource = policy.getResources().get(name);
+
+ if(policyResource != null && !CollectionUtils.isEmpty(policyResource.getValues())) {
+ String val = resources.get(name);
+
+ if(policyResource.getValues().contains(val)) {
+ isMatch = true;
+ } else {
+ for(String policyResourceValue : policyResource.getValues()) {
+ if(policyResourceValue.contains(val)) { // TODO: consider match for wildcard in policyResourceValue?
+ isMatch = true;
+ break;
+ }
+ }
+ }
+ }
+
+ if(isMatch) {
+ numFound++;
+ } else {
+ break;
+ }
+ }
+
+ ret = numFound == resources.size();
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java
new file mode 100644
index 0000000..dd3624b
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java
@@ -0,0 +1,609 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store.rest;
+
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.admin.client.datatype.RESTResponse;
+import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.store.ServiceStore;
+import org.apache.ranger.plugin.util.RangerRESTClient;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.plugin.util.ServicePolicies;
+
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.GenericType;
+import com.sun.jersey.api.client.WebResource;
+
+
+public class ServiceRESTStore implements ServiceStore {
+ private static final Log LOG = LogFactory.getLog(ServiceRESTStore.class);
+
+
+ public final String REST_URL_SERVICEDEF_CREATE = "/service/plugins/definitions";
+ public final String REST_URL_SERVICEDEF_UPDATE = "/service/plugins/definitions/";
+ public final String REST_URL_SERVICEDEF_DELETE = "/service/plugins/definitions/";
+ public final String REST_URL_SERVICEDEF_GET = "/service/plugins/definitions/";
+ public final String REST_URL_SERVICEDEF_GET_BY_NAME = "/service/plugins/definitions/name/";
+ public final String REST_URL_SERVICEDEF_GET_ALL = "/service/plugins/definitions";
+
+ public final String REST_URL_SERVICE_CREATE = "/service/plugins/services";
+ public final String REST_URL_SERVICE_UPDATE = "/service/plugins/services/";
+ public final String REST_URL_SERVICE_DELETE = "/service/plugins/services/";
+ public final String REST_URL_SERVICE_GET = "/service/plugins/services/";
+ public final String REST_URL_SERVICE_GET_BY_NAME = "/service/plugins/services/name/";
+ public final String REST_URL_SERVICE_GET_ALL = "/service/plugins/services";
+
+ public final String REST_URL_POLICY_CREATE = "/service/plugins/policies";
+ public final String REST_URL_POLICY_UPDATE = "/service/plugins/policies/";
+ public final String REST_URL_POLICY_DELETE = "/service/plugins/policies/";
+ public final String REST_URL_POLICY_GET = "/service/plugins/policies/";
+ public final String REST_URL_POLICY_GET_BY_NAME = "/service/plugins/policies/name/";
+ public final String REST_URL_POLICY_GET_ALL = "/service/plugins/policies";
+ public final String REST_URL_POLICY_GET_FOR_SERVICE = "/service/plugins/policies/service/";
+ public final String REST_URL_POLICY_GET_FOR_SERVICE_BY_NAME = "/service/plugins/policies/service/name/";
+ public final String REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED = "/service/plugins/policies/service/name/";
+
+ public static final String REST_MIME_TYPE_JSON = "application/json" ;
+
+ private RangerRESTClient restClient;
+
+ public ServiceRESTStore() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.ServiceRESTStore()");
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.ServiceRESTStore()");
+ }
+ }
+
+ @Override
+ public void init() throws Exception {
+ String restUrl = RangerConfiguration.getInstance().get("ranger.service.store.rest.url", "http://localhost:6080");
+ String restUsername = RangerConfiguration.getInstance().get("ranger.service.store.rest.username", "admin");
+ String restPassword = RangerConfiguration.getInstance().get("ranger.service.store.rest.password", "admin");
+ String sslConfigFile = RangerConfiguration.getInstance().get("ranger.service.store.rest.ssl.config.file", "");
+
+ restClient = new RangerRESTClient(restUrl, sslConfigFile);
+ restClient.setBasicAuthInfo(restUsername, restPassword);
+ }
+
+ @Override
+ public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.createServiceDef(" + serviceDef + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_SERVICEDEF_CREATE);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(serviceDef));
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerServiceDef.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.createServiceDef(" + serviceDef + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.updateServiceDef(" + serviceDef + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_SERVICEDEF_UPDATE + serviceDef.getId());
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(serviceDef));
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerServiceDef.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.updateServiceDef(" + serviceDef + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void deleteServiceDef(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.deleteServiceDef(" + id + ")");
+ }
+
+ WebResource webResource = createWebResource(REST_URL_SERVICEDEF_DELETE + id);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class);
+
+ if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.deleteServiceDef(" + id + ")");
+ }
+ }
+
+ @Override
+ public RangerServiceDef getServiceDef(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getServiceDef(" + id + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_SERVICEDEF_GET + id);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerServiceDef.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getServiceDef(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerServiceDef getServiceDefByName(String name) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getServiceDefByName(" + name + ")");
+ }
+
+ RangerServiceDef ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_SERVICEDEF_GET_BY_NAME + name);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerServiceDef.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getServiceDefByName(" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerServiceDef> getServiceDefs(SearchFilter filter) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getServiceDefs()");
+ }
+
+ List<RangerServiceDef> ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_SERVICEDEF_GET_ALL, filter);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(new GenericType<List<RangerServiceDef>>() { });
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getAllServiceDefs(): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerService createService(RangerService service) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.createService(" + service + ")");
+ }
+
+ RangerService ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_SERVICE_CREATE);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(service));
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerService.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.createService(" + service + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerService updateService(RangerService service) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.updateService(" + service + ")");
+ }
+
+ RangerService ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_SERVICE_UPDATE + service.getId());
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(service));
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerService.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.updateService(" + service + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void deleteService(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.deleteService(" + id + ")");
+ }
+
+ WebResource webResource = createWebResource(REST_URL_SERVICE_DELETE + id);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class);
+
+ if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.deleteService(" + id + ")");
+ }
+ }
+
+ @Override
+ public RangerService getService(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getService(" + id + ")");
+ }
+
+ RangerService ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_SERVICE_GET + id);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerService.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getService(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerService getServiceByName(String name) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getServiceByName(" + name + ")");
+ }
+
+ RangerService ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_SERVICE_GET_BY_NAME + name);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerService.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getServiceByName(" + name + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerService> getServices(SearchFilter filter) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getServices()");
+ }
+
+ List<RangerService> ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_SERVICE_GET_ALL, filter);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(new GenericType<List<RangerService>>() { });
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getServices(): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerPolicy createPolicy(RangerPolicy policy) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.createPolicy(" + policy + ")");
+ }
+
+ RangerPolicy ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_POLICY_CREATE);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(policy));
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerPolicy.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.createPolicy(" + policy + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public RangerPolicy updatePolicy(RangerPolicy policy) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.updatePolicy(" + policy + ")");
+ }
+
+ RangerPolicy ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_POLICY_UPDATE + policy.getId());
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(policy));
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerPolicy.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.updatePolicy(" + policy + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void deletePolicy(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.deletePolicy(" + id + ")");
+ }
+
+ WebResource webResource = createWebResource(REST_URL_POLICY_DELETE + id);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class);
+
+ if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.deletePolicy(" + id + ")");
+ }
+ }
+
+ @Override
+ public RangerPolicy getPolicy(Long id) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getPolicy(" + id + ")");
+ }
+
+ RangerPolicy ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_POLICY_GET + id);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(RangerPolicy.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getPolicy(" + id + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getPolicies(SearchFilter filter) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getPolicies()");
+ }
+
+ List<RangerPolicy> ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_POLICY_GET_ALL, filter);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(new GenericType<List<RangerPolicy>>() { });
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getPolicies(): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getServicePolicies(Long serviceId, SearchFilter filter) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getServicePolicies(" + serviceId + ")");
+ }
+
+ List<RangerPolicy> ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_POLICY_GET_FOR_SERVICE + serviceId, filter);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(new GenericType<List<RangerPolicy>>() { });
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getServicePolicies(" + serviceId + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getServicePolicies(String serviceName, SearchFilter filter) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getServicePolicies(" + serviceName + ")");
+ }
+
+ List<RangerPolicy> ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_POLICY_GET_FOR_SERVICE_BY_NAME + serviceName, filter);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(new GenericType<List<RangerPolicy>>() { });
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getServicePolicies(" + serviceName + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long lastKnownVersion) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceRESTStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")");
+ }
+
+ ServicePolicies ret = null;
+
+ WebResource webResource = createWebResource(REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName + "/" + lastKnownVersion);
+ ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
+
+ if(response != null && response.getStatus() == 200) {
+ ret = response.getEntity(ServicePolicies.class);
+ } else {
+ RESTResponse resp = RESTResponse.fromClientResponse(response);
+
+ throw new Exception(resp.getMessage());
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceRESTStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ private WebResource createWebResource(String url) {
+ return createWebResource(url, null);
+ }
+
+ private WebResource createWebResource(String url, SearchFilter filter) {
+ WebResource ret = restClient.getResource(url);
+
+ if(filter != null) {
+ // TODO: add query params for filter
+ }
+
+ return ret;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
new file mode 100644
index 0000000..7112562
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
@@ -0,0 +1,154 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
+import org.apache.ranger.plugin.store.ServiceStore;
+
+
+public class PolicyRefresher extends Thread {
+ private static final Log LOG = LogFactory.getLog(PolicyRefresher.class);
+
+ private RangerPolicyEngine policyEngine = null;
+ private String serviceType = null;
+ private String serviceName = null;
+ private ServiceStore serviceStore = null;
+ private long pollingIntervalMs = 30 * 1000;
+
+ private boolean shutdownFlag = false;
+ private ServicePolicies lastKnownPolicies = null;
+
+
+ public PolicyRefresher(RangerPolicyEngine policyEngine, String serviceType, String serviceName, ServiceStore serviceStore, long pollingIntervalMs, String cacheDir) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> PolicyRefresher.PolicyRefresher(serviceName=" + serviceName + ")");
+ }
+
+ this.policyEngine = policyEngine;
+ this.serviceType = serviceType;
+ this.serviceName = serviceName;
+ this.serviceStore = serviceStore;
+ this.pollingIntervalMs = pollingIntervalMs;
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== PolicyRefresher.PolicyRefresher(serviceName=" + serviceName + ")");
+ }
+ }
+
+ /**
+ * @return the policyEngine
+ */
+ public RangerPolicyEngine getPolicyEngine() {
+ return policyEngine;
+ }
+
+ /**
+ * @return the serviceType
+ */
+ public String getServiceType() {
+ return serviceType;
+ }
+
+ /**
+ * @return the serviceName
+ */
+ public String getServiceName() {
+ return serviceName;
+ }
+
+ /**
+ * @return the serviceStore
+ */
+ public ServiceStore getServiceStore() {
+ return serviceStore;
+ }
+
+ /**
+ * @return the pollingIntervalMilliSeconds
+ */
+ public long getPollingIntervalMs() {
+ return pollingIntervalMs;
+ }
+
+ /**
+ * @param pollingIntervalMilliSeconds the pollingIntervalMilliSeconds to set
+ */
+ public void setPollingIntervalMilliSeconds(long pollingIntervalMilliSeconds) {
+ this.pollingIntervalMs = pollingIntervalMilliSeconds;
+ }
+
+ public void startRefresher() {
+ shutdownFlag = false;
+
+ super.start();
+ }
+
+ public void stopRefresher() {
+ shutdownFlag = true;
+ }
+
+ public void run() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> PolicyRefresher.run()");
+ }
+
+ while(! shutdownFlag) {
+ try {
+ long lastKnownVersion = (lastKnownPolicies == null || lastKnownPolicies.getPolicyVersion() == null) ? 0 : lastKnownPolicies.getPolicyVersion().longValue();
+
+ ServicePolicies svcPolicies = serviceStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion);
+
+ long newVersion = (svcPolicies == null || svcPolicies.getPolicyVersion() == null) ? 0 : svcPolicies.getPolicyVersion().longValue();
+
+ boolean isUpdated = newVersion != 0 && lastKnownVersion != newVersion;
+
+ if(isUpdated) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("PolicyRefresher(serviceName=" + serviceName + ").run(): found updated version. lastKnownVersion=" + lastKnownVersion + "; newVersion=" + newVersion);
+ }
+
+ policyEngine.setPolicies(serviceName, svcPolicies.getServiceDef(), svcPolicies.getPolicies());
+
+ lastKnownPolicies = svcPolicies;
+ } else {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("PolicyRefresher(serviceName=" + serviceName + ").run(): no update found. lastKnownVersion=" + lastKnownVersion + "; newVersion=" + newVersion);
+ }
+ }
+ } catch(Exception excp) {
+ LOG.error("PolicyRefresher(serviceName=" + serviceName + ").run(): ", excp);
+ }
+
+ try {
+ Thread.sleep(pollingIntervalMs);
+ } catch(Exception excp) {
+ LOG.error("PolicyRefresher(serviceName=" + serviceName + ").run(): error while sleep. exiting thread", excp);
+
+ throw new RuntimeException(excp);
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== PolicyRefresher.run()");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
new file mode 100644
index 0000000..cfff4b7
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
@@ -0,0 +1,376 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider;
+import org.apache.ranger.authorization.utils.StringUtil;
+import org.codehaus.jackson.jaxrs.JacksonJsonProvider;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.WebResource;
+import com.sun.jersey.api.client.config.ClientConfig;
+import com.sun.jersey.api.client.config.DefaultClientConfig;
+import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
+import com.sun.jersey.client.urlconnection.HTTPSProperties;
+
+
+public class RangerRESTClient {
+ private static final Log LOG = LogFactory.getLog(RangerRESTClient.class);
+
+ public static final String RANGER_PROP_POLICYMGR_URL = "xasecure.policymgr.url";
+ public static final String RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME = "xasecure.policymgr.sslconfig.filename";
+
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE = "xasecure.policymgr.clientssl.keystore";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE = "xasecure.policymgr.clientssl.keystore.type";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.keystore.credential.file";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS = "sslKeyStore";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT = "jks";
+
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE = "xasecure.policymgr.clientssl.truststore";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE = "xasecure.policymgr.clientssl.truststore.type";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.truststore.credential.file";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS = "sslTrustStore";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT = "jks";
+
+ public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = "SunX509" ;
+ public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = "SunX509" ;
+ public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "SSL" ;
+
+
+ private String mUrl = null;
+ private String mSslConfigFileName = null;
+ private String mUsername = null;
+ private String mPassword = null;
+ private boolean mIsSSL = false;
+
+ private String mKeyStoreURL = null;
+ private String mKeyStoreAlias = null;
+ private String mKeyStoreFile = null;
+ private String mKeyStoreType = null;
+ private String mTrustStoreURL = null;
+ private String mTrustStoreAlias = null;
+ private String mTrustStoreFile = null;
+ private String mTrustStoreType = null;
+
+ private Gson gsonBuilder = null;
+ private Client client = null;
+
+ public RangerRESTClient() {
+ this(RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_URL),
+ RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME));
+ }
+
+ public RangerRESTClient(String url, String sslConfigFileName) {
+ mUrl = url;
+ mSslConfigFileName = sslConfigFileName;
+
+ init();
+ }
+
+ public String getUrl() {
+ return mUrl;
+ }
+
+ public void setUrl(String url) {
+ this.mUrl = url;
+ }
+
+ public String getUsername() {
+ return mUsername;
+ }
+
+ public String getPassword() {
+ return mPassword;
+ }
+
+ public void setBasicAuthInfo(String username, String password) {
+ mUsername = username;
+ mPassword = password;
+ }
+
+ public WebResource getResource(String relativeUrl) {
+ WebResource ret = getClient().resource(getUrl() + relativeUrl);
+
+ return ret;
+ }
+
+ public String toJson(Object obj) {
+ return gsonBuilder.toJson(obj);
+ }
+
+ public <T> T fromJson(String json, Class<T> cls) {
+ return gsonBuilder.fromJson(json, cls);
+ }
+
+ public Client getClient() {
+ if(client == null) {
+ synchronized(this) {
+ if(client == null) {
+ client = buildClient();
+ }
+ }
+ }
+
+ return client;
+ }
+
+ private Client buildClient() {
+ Client client = null;
+
+ if (mIsSSL) {
+ KeyManager[] kmList = getKeyManagers();
+ TrustManager[] tmList = getTrustManagers();
+ SSLContext sslContext = getSSLContext(kmList, tmList);
+ ClientConfig config = new DefaultClientConfig();
+
+ config.getClasses().add(JacksonJsonProvider.class); // to handle List<> unmarshalling
+
+ HostnameVerifier hv = new HostnameVerifier() {
+ public boolean verify(String urlHostName, SSLSession session) {
+ return session.getPeerHost().equals(urlHostName);
+ }
+ };
+
+ config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext));
+
+ client = Client.create(config);
+ }
+
+ if(client == null) {
+ ClientConfig config = new DefaultClientConfig();
+
+ config.getClasses().add(JacksonJsonProvider.class); // to handle List<> unmarshalling
+
+ client = Client.create(config);
+ }
+
+ // TODO: for testing only
+ if(!StringUtils.isEmpty(mUsername) || !StringUtils.isEmpty(mPassword)) {
+ client.addFilter(new HTTPBasicAuthFilter(mUsername, mPassword));
+ }
+
+ return client;
+ }
+
+ private void init() {
+ try {
+ gsonBuilder = new GsonBuilder().setDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ").setPrettyPrinting().create();
+ } catch(Throwable excp) {
+ LOG.fatal("RangerRESTClient.init(): failed to create GsonBuilder object", excp);
+ }
+
+ mIsSSL = StringUtil.containsIgnoreCase(mUrl, "https");
+
+ InputStream in = null ;
+
+ try {
+ Configuration conf = new Configuration() ;
+
+ in = getFileInputStream(mSslConfigFileName) ;
+
+ if (in != null) {
+ conf.addResource(in);
+ }
+
+ mKeyStoreURL = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL);
+ mKeyStoreAlias = RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS;
+ mKeyStoreType = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE, RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT);
+ mKeyStoreFile = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE);
+
+ mTrustStoreURL = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL);
+ mTrustStoreAlias = RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS;
+ mTrustStoreType = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE, RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT);
+ mTrustStoreFile = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE);
+ }
+ catch(IOException ioe) {
+ LOG.error("Unable to load SSL Config FileName: [" + mSslConfigFileName + "]", ioe);
+ }
+ finally {
+ close(in, mSslConfigFileName);
+ }
+ }
+
+ private KeyManager[] getKeyManagers() {
+ KeyManager[] kmList = null;
+
+ String keyStoreFilepwd = getCredential(mKeyStoreURL, mKeyStoreAlias);
+
+ if (!StringUtil.isEmpty(mKeyStoreFile) && !StringUtil.isEmpty(keyStoreFilepwd)) {
+ InputStream in = null ;
+
+ try {
+ in = getFileInputStream(mKeyStoreFile) ;
+
+ if (in != null) {
+ KeyStore keyStore = KeyStore.getInstance(mKeyStoreType);
+
+ keyStore.load(in, keyStoreFilepwd.toCharArray());
+
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE);
+
+ keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
+
+ kmList = keyManagerFactory.getKeyManagers();
+ } else {
+ LOG.error("Unable to obtain keystore from file [" + mKeyStoreFile + "]");
+ }
+ } catch (KeyStoreException e) {
+ LOG.error("Unable to obtain from KeyStore", e);
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("SSL algorithm is available in the environment", e);
+ } catch (CertificateException e) {
+ LOG.error("Unable to obtain the requested certification ", e);
+ } catch (FileNotFoundException e) {
+ LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
+ } catch (IOException e) {
+ LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
+ } catch (UnrecoverableKeyException e) {
+ LOG.error("Unable to recover the key from keystore", e);
+ } finally {
+ close(in, mKeyStoreFile);
+ }
+ }
+
+ return kmList;
+ }
+
+ private TrustManager[] getTrustManagers() {
+ TrustManager[] tmList = null;
+
+ String trustStoreFilepwd = getCredential(mTrustStoreURL, mTrustStoreAlias);
+
+ if (!StringUtil.isEmpty(mTrustStoreFile) && !StringUtil.isEmpty(trustStoreFilepwd)) {
+ InputStream in = null ;
+
+ try {
+ in = getFileInputStream(mTrustStoreFile) ;
+
+ if (in != null) {
+ KeyStore trustStore = KeyStore.getInstance(mTrustStoreType);
+
+ trustStore.load(in, trustStoreFilepwd.toCharArray());
+
+ TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_SSL_TRUSTMANAGER_ALGO_TYPE);
+
+ trustManagerFactory.init(trustStore);
+
+ tmList = trustManagerFactory.getTrustManagers();
+ } else {
+ LOG.error("Unable to obtain keystore from file [" + mTrustStoreFile + "]");
+ }
+ } catch (KeyStoreException e) {
+ LOG.error("Unable to obtain from KeyStore", e);
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("SSL algorithm is available in the environment", e);
+ } catch (CertificateException e) {
+ LOG.error("Unable to obtain the requested certification ", e);
+ } catch (FileNotFoundException e) {
+ LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
+ } catch (IOException e) {
+ LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
+ } finally {
+ close(in, mTrustStoreFile);
+ }
+ }
+
+ return tmList;
+ }
+
+ private SSLContext getSSLContext(KeyManager[] kmList, TrustManager[] tmList) {
+ try {
+ if(kmList != null && tmList != null) {
+ SSLContext sslContext = SSLContext.getInstance(RANGER_SSL_CONTEXT_ALGO_TYPE);
+
+ sslContext.init(kmList, tmList, new SecureRandom());
+
+ return sslContext;
+ }
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("SSL algorithm is available in the environment", e);
+ } catch (KeyManagementException e) {
+ LOG.error("Unable to initials the SSLContext", e);
+ }
+
+ return null;
+ }
+
+ private String getCredential(String url, String alias) {
+ char[] credStr = RangerCredentialProvider.getInstance().getCredentialString(url, alias);
+
+ return credStr == null ? null : new String(credStr);
+ }
+
+ private InputStream getFileInputStream(String fileName) throws IOException {
+ InputStream in = null ;
+
+ if(! StringUtil.isEmpty(fileName)) {
+ File f = new File(fileName) ;
+
+ if (f.exists()) {
+ in = new FileInputStream(f) ;
+ }
+ else {
+ in = ClassLoader.getSystemResourceAsStream(fileName) ;
+ }
+ }
+
+ return in ;
+ }
+
+ private void close(InputStream str, String filename) {
+ if (str != null) {
+ try {
+ str.close() ;
+ } catch (IOException excp) {
+ LOG.error("Error while closing file: [" + filename + "]", excp) ;
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
new file mode 100644
index 0000000..ab8384c
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.lang.StringUtils;
+
+
+public class SearchFilter {
+ public static final String LOGIN_USER = "loginUser"; // search
+ public static final String SERVICE_TYPE = "serviceType"; // search, sort
+ public static final String SERVICE_TYPE_ID = "serviceTypeId"; // search, sort
+ public static final String SERVICE_NAME = "serviceName"; // search, sort
+ public static final String SERVICE_ID = "serviceId"; // search, sort
+ public static final String POLICY_NAME = "policyName"; // search, sort
+ public static final String POLICY_ID = "policyId"; // search, sort
+ public static final String STATUS = "status"; // search
+ public static final String USER = "user"; // search
+ public static final String GROUP = "group"; // search
+ public static final String RESOURCE_PREFIX = "resource:"; // search
+ public static final String CREATE_TIME = "createTime"; // sort
+ public static final String UPDATE_TIME = "updateTime"; // sort
+ public static final String START_INDEX = "startIndex";
+ public static final String PAGE_SIZE = "pageSize";
+ public static final String SORT_BY = "sortBy";
+
+ private Map<String, String> params = null;
+
+ public SearchFilter() {
+ this(null);
+ }
+
+ public SearchFilter(String name, String value) {
+ setParam(name, value);
+ }
+
+ public SearchFilter(Map<String, String> values) {
+ setParams(values);
+ }
+
+ public Map<String, String> getParams() {
+ return params;
+ }
+
+ public void setParams(Map<String, String> params) {
+ this.params = params;
+ }
+
+ public String getParam(String name) {
+ return params == null ? null : params.get(name);
+ }
+
+ public void setParam(String name, String value) {
+ if(StringUtils.isEmpty(name) || StringUtils.isEmpty(value)) {
+ return;
+ }
+
+ if(params == null) {
+ params = new HashMap<String, String>();
+ }
+
+ params.put(name, value);
+ }
+
+ public Map<String, String> getParamsWithPrefix(String prefix, boolean stripPrefix) {
+ Map<String, String> ret = null;
+
+ if(prefix == null) {
+ prefix = StringUtils.EMPTY;
+ }
+
+ if(params != null) {
+ for(Map.Entry<String, String> e : params.entrySet()) {
+ String name = e.getKey();
+
+ if(name.startsWith(prefix)) {
+ if(ret == null) {
+ ret = new HashMap<String, String>();
+ }
+
+ if(stripPrefix) {
+ name = name.substring(prefix.length());
+ }
+
+ ret.put(name, e.getValue());
+ }
+ }
+ }
+
+ return ret;
+ }
+
+ public boolean isEmpty() {
+ return MapUtils.isEmpty(params);
+ }
+}
[2/8] incubator-ranger git commit: RANGER-203: moved
pluggable-service-model implementation from plugin-common to exiting project
ranger-plugin-common
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
deleted file mode 100644
index b51c160..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
+++ /dev/null
@@ -1,1589 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.store.file;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.collections.MapUtils;
-import org.apache.commons.collections.Predicate;
-import org.apache.commons.collections.PredicateUtils;
-import org.apache.commons.lang.ObjectUtils;
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.fs.Path;
-import org.apache.ranger.plugin.model.RangerBaseModelObject;
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
-import org.apache.ranger.plugin.store.ServiceStore;
-import org.apache.ranger.plugin.util.SearchFilter;
-import org.apache.ranger.plugin.util.ServicePolicies;
-
-
-public class ServiceFileStore extends BaseFileStore implements ServiceStore {
- private static final Log LOG = LogFactory.getLog(ServiceFileStore.class);
-
- private long nextServiceDefId = 0;
- private long nextServiceId = 0;
- private long nextPolicyId = 0;
-
- static Map<String, Long> legacyServiceDefs = new HashMap<String, Long>();
-
- static {
- legacyServiceDefs.put("hdfs", new Long(1));
- legacyServiceDefs.put("hbase", new Long(2));
- legacyServiceDefs.put("hive", new Long(3));
- legacyServiceDefs.put("knox", new Long(5));
- legacyServiceDefs.put("storm", new Long(6));
- }
-
- public ServiceFileStore() {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.ServiceFileStore()");
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.ServiceFileStore()");
- }
- }
-
- @Override
- public void init() throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.init()");
- }
-
- super.initStore();
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.init()");
- }
- }
-
- @Override
- public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.createServiceDef(" + serviceDef + ")");
- }
-
- RangerServiceDef existing = getServiceDefByName(serviceDef.getName());
-
- if(existing != null) {
- throw new Exception(serviceDef.getName() + ": service-def already exists (id=" + existing.getId() + ")");
- }
-
- RangerServiceDef ret = null;
-
- try {
- preCreate(serviceDef);
-
- serviceDef.setId(nextServiceDefId++);
-
- ret = saveToFile(serviceDef, false);
-
- postCreate(ret);
- } catch(Exception excp) {
- LOG.warn("ServiceDefFileStore.createServiceDef(): failed to save service-def '" + serviceDef.getName() + "'", excp);
-
- throw new Exception("failed to save service-def '" + serviceDef.getName() + "'", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.createServiceDef(" + serviceDef + ")");
- }
-
- return ret;
- }
-
- @Override
- public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.updateServiceDef(" + serviceDef + ")");
- }
-
- RangerServiceDef existing = getServiceDef(serviceDef.getId());
-
- if(existing == null) {
- throw new Exception(serviceDef.getId() + ": service-def does not exist");
- }
-
- if(isLegacyServiceDef(existing)) {
- String msg = existing.getName() + ": is an in-built service-def. Update not allowed";
-
- LOG.warn(msg);
-
- throw new Exception(msg);
- }
-
- String existingName = existing.getName();
-
- boolean renamed = !StringUtils.equalsIgnoreCase(serviceDef.getName(), existingName);
-
- // renaming service-def would require updating services that refer to this service-def
- if(renamed) {
- LOG.warn("ServiceDefFileStore.updateServiceDef(): service-def renaming not supported. " + existingName + " ==> " + serviceDef.getName());
-
- throw new Exception("service-def renaming not supported. " + existingName + " ==> " + serviceDef.getName());
- }
-
- RangerServiceDef ret = null;
-
- try {
- existing.updateFrom(serviceDef);
-
- preUpdate(existing);
-
- ret = saveToFile(existing, true);
-
- postUpdate(ret);
- } catch(Exception excp) {
- LOG.warn("ServiceDefFileStore.updateServiceDef(): failed to save service-def '" + existing.getName() + "'", excp);
-
- throw new Exception("failed to save service-def '" + existing.getName() + "'", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.updateServiceDef(" + serviceDef + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public void deleteServiceDef(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.deleteServiceDef(" + id + ")");
- }
-
- RangerServiceDef existing = getServiceDef(id);
-
- if(existing == null) {
- throw new Exception("service-def does not exist. id=" + id);
- }
-
- if(isLegacyServiceDef(existing)) {
- String msg = existing.getName() + ": is an in-built service-def. Update not allowed";
-
- LOG.warn(msg);
-
- throw new Exception(msg);
- }
-
- // TODO: deleting service-def would require deleting services that refer to this service-def
-
- try {
- preDelete(existing);
-
- Path filePath = new Path(getServiceDefFile(id));
-
- deleteFile(filePath);
-
- postDelete(existing);
- } catch(Exception excp) {
- throw new Exception("failed to delete service-def. id=" + id + "; name=" + existing.getName(), excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.deleteServiceDef(" + id + ")");
- }
- }
-
- @Override
- public RangerServiceDef getServiceDef(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.getServiceDef(" + id + ")");
- }
-
- RangerServiceDef ret = null;
-
- if(id != null) {
- SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_TYPE_ID, id.toString());
-
- List<RangerServiceDef> serviceDefs = getServiceDefs(filter);
-
- ret = CollectionUtils.isEmpty(serviceDefs) ? null : serviceDefs.get(0);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.getServiceDef(" + id + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerServiceDef getServiceDefByName(String name) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.getServiceDefByName(" + name + ")");
- }
-
- RangerServiceDef ret = null;
-
- if(name != null) {
- SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_TYPE, name);
-
- List<RangerServiceDef> serviceDefs = getServiceDefs(filter);
-
- ret = CollectionUtils.isEmpty(serviceDefs) ? null : serviceDefs.get(0);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.getServiceDefByName(" + name + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerServiceDef> getServiceDefs(SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.getServiceDefs()");
- }
-
- List<RangerServiceDef> ret = getAllServiceDefs();
-
- if(ret != null && filter != null && !filter.isEmpty()) {
- CollectionUtils.filter(ret, getPredicate(filter));
-
- Comparator<RangerBaseModelObject> comparator = getSorter(filter);
-
- if(comparator != null) {
- Collections.sort(ret, comparator);
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.getServiceDefs(): count=" + (ret == null ? 0 : ret.size()));
- }
-
- return ret;
- }
-
-
- @Override
- public RangerService createService(RangerService service) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.createService(" + service + ")");
- }
-
- RangerService existing = getServiceByName(service.getName());
-
- if(existing != null) {
- throw new Exception("service already exists - '" + service.getName() + "'. ID=" + existing.getId());
- }
-
- RangerService ret = null;
-
- try {
- preCreate(service);
-
- service.setId(nextServiceId++);
-
- ret = saveToFile(service, false);
-
- postCreate(service);
- } catch(Exception excp) {
- throw new Exception("failed to save service '" + service.getName() + "'", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.createService(" + service + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerService updateService(RangerService service) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.updateService(" + service + ")");
- }
-
- RangerService existing = getService(service.getId());
-
- if(existing == null) {
- throw new Exception("no service exists with ID=" + service.getId());
- }
-
- String existingName = existing.getName();
-
- boolean renamed = !StringUtils.equalsIgnoreCase(service.getName(), existingName);
-
- if(renamed) {
- RangerService newNameService = getServiceByName(service.getName());
-
- if(newNameService != null) {
- throw new Exception("another service already exists with name '" + service.getName() + "'. ID=" + newNameService.getId());
- }
- }
-
- RangerService ret = null;
-
- try {
- existing.updateFrom(service);
-
- preUpdate(existing);
-
- ret = saveToFile(existing, true);
-
- postUpdate(ret);
-
- if(renamed) {
- handleServiceRename(ret, existingName);
- }
- } catch(Exception excp) {
- throw new Exception("failed to update service '" + existing.getName() + "'", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.updateService(" + service + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public void deleteService(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.deleteService(" + id + ")");
- }
-
- RangerService existing = getService(id);
-
- if(existing == null) {
- throw new Exception("no service exists with ID=" + id);
- }
-
- try {
- Path filePath = new Path(getServiceFile(id));
-
- preDelete(existing);
-
- handleServiceDelete(existing);
-
- deleteFile(filePath);
-
- postDelete(existing);
- } catch(Exception excp) {
- throw new Exception("failed to delete service with ID=" + id, excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.deleteService(" + id + ")");
- }
- }
-
- @Override
- public RangerService getService(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getService(" + id + ")");
- }
-
- RangerService ret = null;
-
- try {
- Path filePath = new Path(getServiceFile(id));
-
- ret = loadFromFile(filePath, RangerService.class);
- } catch(Exception excp) {
- LOG.error("ServiceFileStore.getService(" + id + "): failed to read service", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getService(" + id + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerService getServiceByName(String name) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getServiceByName(" + name + ")");
- }
-
- RangerService ret = null;
-
- if(name != null) {
- SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_NAME, name);
-
- List<RangerService> services = getServices(filter);
-
- ret = CollectionUtils.isEmpty(services) ? null : services.get(0);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getServiceByName(" + name + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerService> getServices(SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getServices()");
- }
-
- List<RangerService> ret = getAllServices();
-
- if(ret != null && filter != null && !filter.isEmpty()) {
- CollectionUtils.filter(ret, getPredicate(filter));
-
- Comparator<RangerBaseModelObject> comparator = getSorter(filter);
-
- if(comparator != null) {
- Collections.sort(ret, comparator);
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getServices(): count=" + (ret == null ? 0 : ret.size()));
- }
-
- return ret;
- }
-
- @Override
- public RangerPolicy createPolicy(RangerPolicy policy) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.createPolicy(" + policy + ")");
- }
-
- RangerService service = getServiceByName(policy.getService());
-
- if(service == null) {
- throw new Exception("service does not exist - name=" + policy.getService());
- }
-
- RangerPolicy existing = findPolicyByName(policy.getService(), policy.getName());
-
- if(existing != null) {
- throw new Exception("policy already exists: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName() + ". ID=" + existing.getId());
- }
-
- RangerPolicy ret = null;
-
- try {
- preCreate(policy);
-
- policy.setId(nextPolicyId++);
-
- ret = saveToFile(policy, service.getId(), false);
-
- handlePolicyUpdate(service);
-
- postCreate(ret);
- } catch(Exception excp) {
- throw new Exception("failed to save policy: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName(), excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.createPolicy(" + policy + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerPolicy updatePolicy(RangerPolicy policy) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.updatePolicy(" + policy + ")");
- }
-
- RangerPolicy existing = getPolicy(policy.getId());
-
- if(existing == null) {
- throw new Exception("no policy exists with ID=" + policy.getId());
- }
-
- RangerService service = getServiceByName(policy.getService());
-
- if(service == null) {
- throw new Exception("service does not exist - name=" + policy.getService());
- }
-
- if(! StringUtils.equalsIgnoreCase(existing.getService(), policy.getService())) {
- throw new Exception("policy id=" + policy.getId() + " already exists in service " + existing.getService() + ". It can not be moved to service " + policy.getService());
- }
-
- boolean renamed = !StringUtils.equalsIgnoreCase(policy.getName(), existing.getName());
-
- if(renamed) {
- RangerPolicy newNamePolicy = findPolicyByName(service.getName(), policy.getName());
-
- if(newNamePolicy != null) {
- throw new Exception("another policy already exists with name '" + policy.getName() + "'. ID=" + newNamePolicy.getId());
- }
- }
-
- RangerPolicy ret = null;
-
- try {
- existing.updateFrom(policy);
-
- preUpdate(existing);
-
- ret = saveToFile(existing, service.getId(), true);
-
- handlePolicyUpdate(service);
-
- postUpdate(ret);
- } catch(Exception excp) {
- throw new Exception("failed to update policy - ID=" + existing.getId(), excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.updatePolicy(" + policy + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public void deletePolicy(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.deletePolicy(" + id + ")");
- }
-
- RangerPolicy existing = getPolicy(id);
-
- if(existing == null) {
- throw new Exception("no policy exists with ID=" + id);
- }
-
- RangerService service = getServiceByName(existing.getService());
-
- if(service == null) {
- throw new Exception("service does not exist - name='" + existing.getService());
- }
-
- try {
- preDelete(existing);
-
- Path filePath = new Path(getPolicyFile(service.getId(), existing.getId()));
-
- deleteFile(filePath);
-
- handlePolicyUpdate(service);
-
- postDelete(existing);
- } catch(Exception excp) {
- throw new Exception(existing.getId() + ": failed to delete policy", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.deletePolicy(" + id + ")");
- }
- }
-
- @Override
- public RangerPolicy getPolicy(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getPolicy(" + id + ")");
- }
-
- RangerPolicy ret = null;
-
- if(id != null) {
- SearchFilter filter = new SearchFilter(SearchFilter.POLICY_ID, id.toString());
-
- List<RangerPolicy> policies = getPolicies(filter);
-
- ret = CollectionUtils.isEmpty(policies) ? null : policies.get(0);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getPolicy(" + id + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerPolicy> getPolicies(SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getPolicies()");
- }
-
- List<RangerPolicy> ret = getAllPolicies();
-
- if(ret != null && filter != null && !filter.isEmpty()) {
- CollectionUtils.filter(ret, getPredicate(filter));
-
- Comparator<RangerBaseModelObject> comparator = getSorter(filter);
-
- if(comparator != null) {
- Collections.sort(ret, comparator);
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getPolicies(): count=" + (ret == null ? 0 : ret.size()));
- }
-
- return ret;
- }
-
- @Override
- public List<RangerPolicy> getServicePolicies(Long serviceId, SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getServicePolicies(" + serviceId + ")");
- }
-
- RangerService service = getService(serviceId);
-
- if(service == null) {
- throw new Exception("service does not exist - id='" + serviceId);
- }
-
- List<RangerPolicy> ret = getServicePolicies(service.getName(), filter);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getServicePolicies(" + serviceId + "): " + ((ret == null) ? 0 : ret.size()));
- }
-
- return ret;
- }
-
- @Override
- public List<RangerPolicy> getServicePolicies(String serviceName, SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getServicePolicies(" + serviceName + ")");
- }
-
- List<RangerPolicy> ret = new ArrayList<RangerPolicy>();
-
- try {
- if(filter == null) {
- filter = new SearchFilter();
- }
-
- filter.setParam(SearchFilter.SERVICE_NAME, serviceName);
-
- ret = getPolicies(filter);
- } catch(Exception excp) {
- LOG.error("ServiceFileStore.getServicePolicies(" + serviceName + "): failed to read policies", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getServicePolicies(" + serviceName + "): count=" + ((ret == null) ? 0 : ret.size()));
- }
-
- return ret;
- }
-
- @Override
- public ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long lastKnownVersion) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")");
- }
-
- RangerService service = getServiceByName(serviceName);
-
- if(service == null) {
- throw new Exception("service does not exist - name=" + serviceName);
- }
-
- RangerServiceDef serviceDef = getServiceDefByName(service.getType());
-
- if(serviceDef == null) {
- throw new Exception(service.getType() + ": unknown service-def)");
- }
-
- ServicePolicies ret = new ServicePolicies();
- ret.setServiceId(service.getId());
- ret.setServiceName(service.getName());
- ret.setPolicyVersion(service.getPolicyVersion());
- ret.setPolicyUpdateTime(service.getPolicyUpdateTime());
- ret.setServiceDef(serviceDef);
- ret.setPolicies(new ArrayList<RangerPolicy>());
-
- if(lastKnownVersion == null || service.getPolicyVersion() == null || lastKnownVersion.longValue() != service.getPolicyVersion().longValue()) {
- SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_NAME, serviceName);
-
- List<RangerPolicy> policies = getPolicies(filter);
-
- ret.setPolicies(policies);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
- }
-
- if(ret != null && ret.getPolicies() != null) {
- Collections.sort(ret.getPolicies(), idComparator);
- }
-
- return ret;
- }
-
-
- private void handleServiceRename(RangerService service, String oldName) throws Exception {
- List<RangerPolicy> policies = getAllPolicies();
-
- if(policies != null) {
- for(RangerPolicy policy : policies) {
- if(StringUtils.equalsIgnoreCase(policy.getService(), oldName)) {
- policy.setService(service.getName());
-
- preUpdate(policy);
-
- saveToFile(policy, service.getId(), true);
-
- postUpdate(policy);
- }
- }
- }
- }
-
- private void handleServiceDelete(RangerService service) throws Exception {
- List<RangerPolicy> policies = getAllPolicies();
-
- if(policies != null) {
- for(RangerPolicy policy : policies) {
- if(! StringUtils.equals(policy.getService(), service.getName())) {
- continue;
- }
-
- preDelete(policy);
-
- Path filePath = new Path(getPolicyFile(service.getId(), policy.getId()));
-
- deleteFile(filePath);
-
- postDelete(policy);
- }
- }
- }
-
- private void handlePolicyUpdate(RangerService service) throws Exception {
- if(service == null) {
- return;
- }
-
- Long policyVersion = service.getPolicyVersion();
-
- if(policyVersion == null) {
- policyVersion = new Long(1);
- } else {
- policyVersion = new Long(policyVersion.longValue() + 1);
- }
-
- service.setPolicyVersion(policyVersion);
- service.setPolicyUpdateTime(new Date());
-
- saveToFile(service, true);
- }
-
- private RangerPolicy findPolicyByName(String serviceName, String policyName) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.findPolicyByName(" + serviceName + ", " + policyName + ")");
- }
-
- RangerService service = getServiceByName(serviceName);
-
- if(service == null) {
- throw new Exception("service does not exist - name='" + serviceName);
- }
-
- RangerPolicy ret = null;
-
- SearchFilter filter = new SearchFilter();
-
- filter.setParam(SearchFilter.SERVICE_NAME, serviceName);
- filter.setParam(SearchFilter.POLICY_NAME, policyName);
-
- List<RangerPolicy> policies = getPolicies(filter);
-
- ret = CollectionUtils.isEmpty(policies) ? null : policies.get(0);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.findPolicyByName(" + serviceName + ", " + policyName + "): " + ret);
- }
-
- return ret;
- }
-
- private boolean isLegacyServiceDef(RangerServiceDef sd) {
- return sd == null ? false : (isLegacyServiceDef(sd.getName()) || isLegacyServiceDef(sd.getId()));
- }
-
- private boolean isLegacyServiceDef(String name) {
- return name == null ? false : legacyServiceDefs.containsKey(name);
- }
-
- private boolean isLegacyServiceDef(Long id) {
- return id == null ? false : legacyServiceDefs.containsValue(id);
- }
-
- private List<RangerServiceDef> getAllServiceDefs() throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceDefFileStore.getAllServiceDefs()");
- }
-
- List<RangerServiceDef> ret = new ArrayList<RangerServiceDef>();
-
- try {
- // load definitions for legacy services from embedded resources
- String[] legacyServiceDefResources = {
- "/service-defs/ranger-servicedef-hdfs.json",
- "/service-defs/ranger-servicedef-hive.json",
- "/service-defs/ranger-servicedef-hbase.json",
- "/service-defs/ranger-servicedef-knox.json",
- "/service-defs/ranger-servicedef-storm.json",
- };
-
- for(String resource : legacyServiceDefResources) {
- RangerServiceDef sd = loadFromResource(resource, RangerServiceDef.class);
-
- if(sd != null) {
- ret.add(sd);
- }
- }
- nextServiceDefId = getMaxId(ret) + 1;
-
- // load service definitions from file system
- List<RangerServiceDef> sds = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE_DEF, RangerServiceDef.class);
-
- if(sds != null) {
- for(RangerServiceDef sd : sds) {
- if(sd != null) {
- if(isLegacyServiceDef(sd)) {
- LOG.warn("Found in-built service-def '" + sd.getName() + "' under " + getDataDir() + ". Ignorning");
-
- continue;
- }
-
- // if the ServiceDef is already found, remove the earlier definition
- for(int i = 0; i < ret.size(); i++) {
- RangerServiceDef currSd = ret.get(i);
-
- if(StringUtils.equals(currSd.getName(), sd.getName()) ||
- ObjectUtils.equals(currSd.getId(), sd.getId())) {
- ret.remove(i);
- }
- }
-
- ret.add(sd);
- }
- }
- }
- nextServiceDefId = getMaxId(ret) + 1;
- } catch(Exception excp) {
- LOG.error("ServiceDefFileStore.getAllServiceDefs(): failed to read service-defs", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceDefFileStore.getAllServiceDefs(): count=" + (ret == null ? 0 : ret.size()));
- }
-
- if(ret != null) {
- Collections.sort(ret, idComparator);
-
- for(RangerServiceDef sd : ret) {
- Collections.sort(sd.getResources(), resourceLevelComparator);
- }
- }
-
- return ret;
- }
-
- private List<RangerService> getAllServices() throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getAllServices()");
- }
-
- List<RangerService> ret = null;
-
- try {
- ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_SERVICE, RangerService.class);
-
- nextServiceId = getMaxId(ret) + 1;
- } catch(Exception excp) {
- LOG.error("ServiceFileStore.getAllServices(): failed to read services", excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getAllServices(): count=" + (ret == null ? 0 : ret.size()));
- }
-
- if(ret != null) {
- Collections.sort(ret, idComparator);
- }
-
- return ret;
- }
-
- private List<RangerPolicy> getAllPolicies() throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceFileStore.getAllPolicies()");
- }
-
- List<RangerPolicy> ret = null;
-
- try {
- ret = loadFromDir(new Path(getDataDir()), FILE_PREFIX_POLICY, RangerPolicy.class);
-
- nextPolicyId = getMaxId(ret) + 1;
- } catch(Exception excp) {
- LOG.error("ServiceFileStore.getAllPolicies(): failed to read policies", excp);
- }
-
- if(ret != null) {
- Collections.sort(ret, idComparator);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceFileStore.getAllPolicies(): count=" + (ret == null ? 0 : ret.size()));
- }
-
- return ret;
- }
-
- private String getServiceType(String serviceName) {
- RangerService service = null;
-
- try {
- service = getServiceByName(serviceName);
- } catch(Exception excp) {
- // ignore
- }
-
- return service != null ? service.getType() : null;
- }
-
- private Long getServiceId(String serviceName) {
- RangerService service = null;
-
- try {
- service = getServiceByName(serviceName);
- } catch(Exception excp) {
- // ignore
- }
-
- return service != null ? service.getId() : null;
- }
-
- private final static Comparator<RangerBaseModelObject> idComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- Long val1 = (o1 != null) ? o1.getId() : null;
- Long val2 = (o2 != null) ? o2.getId() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> createTimeComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- Date val1 = (o1 != null) ? o1.getCreateTime() : null;
- Date val2 = (o2 != null) ? o2.getCreateTime() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> updateTimeComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- Date val1 = (o1 != null) ? o1.getUpdateTime() : null;
- Date val2 = (o2 != null) ? o2.getUpdateTime() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> serviceDefNameComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- String val1 = null;
- String val2 = null;
-
- if(o1 != null) {
- if(o1 instanceof RangerServiceDef) {
- val1 = ((RangerServiceDef)o1).getName();
- } else if(o1 instanceof RangerService) {
- val1 = ((RangerService)o1).getType();
- }
- }
-
- if(o2 != null) {
- if(o2 instanceof RangerServiceDef) {
- val2 = ((RangerServiceDef)o2).getName();
- } else if(o2 instanceof RangerService) {
- val2 = ((RangerService)o2).getType();
- }
- }
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> serviceNameComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- String val1 = null;
- String val2 = null;
-
- if(o1 != null) {
- if(o1 instanceof RangerPolicy) {
- val1 = ((RangerPolicy)o1).getService();
- } else if(o1 instanceof RangerService) {
- val1 = ((RangerService)o1).getType();
- }
- }
-
- if(o2 != null) {
- if(o2 instanceof RangerPolicy) {
- val2 = ((RangerPolicy)o2).getService();
- } else if(o2 instanceof RangerService) {
- val2 = ((RangerService)o2).getType();
- }
- }
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> policyNameComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- String val1 = (o1 != null && o1 instanceof RangerPolicy) ? ((RangerPolicy)o1).getName() : null;
- String val2 = (o2 != null && o2 instanceof RangerPolicy) ? ((RangerPolicy)o2).getName() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerResourceDef> resourceLevelComparator = new Comparator<RangerResourceDef>() {
- @Override
- public int compare(RangerResourceDef o1, RangerResourceDef o2) {
- Integer val1 = (o1 != null) ? o1.getLevel() : null;
- Integer val2 = (o2 != null) ? o2.getLevel() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private Predicate getPredicate(SearchFilter filter) {
- if(filter == null || filter.isEmpty()) {
- return null;
- }
-
- List<Predicate> predicates = new ArrayList<Predicate>();
-
- addPredicateForLoginUser(filter.getParam(SearchFilter.LOGIN_USER), predicates);
- addPredicateForServiceType(filter.getParam(SearchFilter.SERVICE_TYPE), predicates);
- addPredicateForServiceTypeId(filter.getParam(SearchFilter.SERVICE_TYPE_ID), predicates);
- addPredicateForServiceName(filter.getParam(SearchFilter.SERVICE_NAME), predicates);
- addPredicateForServiceId(filter.getParam(SearchFilter.SERVICE_ID), predicates);
- addPredicateForPolicyName(filter.getParam(SearchFilter.POLICY_NAME), predicates);
- addPredicateForPolicyId(filter.getParam(SearchFilter.POLICY_ID), predicates);
- addPredicateForStatus(filter.getParam(SearchFilter.STATUS), predicates);
- addPredicateForUserName(filter.getParam(SearchFilter.USER), predicates);
- addPredicateForGroupName(filter.getParam(SearchFilter.GROUP), predicates);
- addPredicateForResources(filter.getParamsWithPrefix(SearchFilter.RESOURCE_PREFIX, true), predicates);
-
- Predicate ret = CollectionUtils.isEmpty(predicates) ? null : PredicateUtils.allPredicate(predicates);
-
- return ret;
- }
-
- private static Map<String, Comparator<RangerBaseModelObject>> sorterMap = new HashMap<String, Comparator<RangerBaseModelObject>>();
-
- static {
- sorterMap.put(SearchFilter.SERVICE_TYPE, serviceDefNameComparator);
- sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
- sorterMap.put(SearchFilter.SERVICE_NAME, serviceNameComparator);
- sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
- sorterMap.put(SearchFilter.POLICY_NAME, policyNameComparator);
- sorterMap.put(SearchFilter.POLICY_ID, idComparator);
- sorterMap.put(SearchFilter.CREATE_TIME, createTimeComparator);
- sorterMap.put(SearchFilter.UPDATE_TIME, updateTimeComparator);
- }
-
- private Comparator<RangerBaseModelObject> getSorter(SearchFilter filter) {
- String sortBy = filter == null ? null : filter.getParam(SearchFilter.SORT_BY);
-
- if(StringUtils.isEmpty(sortBy)) {
- return null;
- }
-
- Comparator<RangerBaseModelObject> ret = sorterMap.get(sortBy);
-
- return ret;
- }
-
- private Predicate addPredicateForLoginUser(final String loginUser, List<Predicate> predicates) {
- if(StringUtils.isEmpty(loginUser)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
- if(!policyItem.getDelegateAdmin()) {
- continue;
- }
-
- if(policyItem.getUsers().contains(loginUser)) { // TODO: group membership check
- ret = true;
-
- break;
- }
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(ret != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceType(final String serviceType, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceType)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- ret = StringUtils.equals(serviceType, getServiceType(policy.getService()));
- } else if(object instanceof RangerService) {
- RangerService service = (RangerService)object;
-
- ret = StringUtils.equals(serviceType, service.getType());
- } else if(object instanceof RangerServiceDef) {
- RangerServiceDef serviceDef = (RangerServiceDef)object;
-
- ret = StringUtils.equals(serviceType, serviceDef.getName());
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceTypeId(final String serviceTypeId, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceTypeId)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerServiceDef) {
- RangerServiceDef serviceDef = (RangerServiceDef)object;
- Long svcDefId = serviceDef.getId();
-
- if(svcDefId != null) {
- ret = StringUtils.equals(serviceTypeId, svcDefId.toString());
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceName(final String serviceName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- ret = StringUtils.equals(serviceName, policy.getService());
- } else if(object instanceof RangerService) {
- RangerService service = (RangerService)object;
-
- ret = StringUtils.equals(serviceName, service.getName());
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(ret != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceId(final String serviceId, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceId)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
- Long svcId = getServiceId(policy.getService());
-
- if(svcId != null) {
- ret = StringUtils.equals(serviceId, svcId.toString());
- }
- } else if(object instanceof RangerService) {
- RangerService service = (RangerService)object;
-
- if(service.getId() != null) {
- ret = StringUtils.equals(serviceId, service.getId().toString());
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForPolicyName(final String policyName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(policyName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- ret = StringUtils.equals(policyName, policy.getName());
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForPolicyId(final String policyId, List<Predicate> predicates) {
- if(StringUtils.isEmpty(policyId)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- if(policy.getId() != null) {
- ret = StringUtils.equals(policyId, policy.getId().toString());
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForUserName(final String userName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(userName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
- if(policyItem.getUsers().contains(userName)) { // TODO: group membership check
- ret = true;
-
- break;
- }
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForGroupName(final String groupName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(groupName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
- if(policyItem.getGroups().contains(groupName)) {
- ret = true;
-
- break;
- }
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForStatus(final String status, List<Predicate> predicates) {
- if(StringUtils.isEmpty(status)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerBaseModelObject) {
- RangerBaseModelObject obj = (RangerBaseModelObject)object;
-
- if(StringUtils.equals(status, "enabled")) {
- ret = obj.getIsEnabled();
- } else if(StringUtils.equals(status, "disabled")) {
- ret = !obj.getIsEnabled();
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForResources(final Map<String, String> resources, List<Predicate> predicates) {
- if(MapUtils.isEmpty(resources)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- if(! MapUtils.isEmpty(policy.getResources())) {
- int numFound = 0;
- for(String name : resources.keySet()) {
- boolean isMatch = false;
-
- RangerPolicyResource policyResource = policy.getResources().get(name);
-
- if(policyResource != null && !CollectionUtils.isEmpty(policyResource.getValues())) {
- String val = resources.get(name);
-
- if(policyResource.getValues().contains(val)) {
- isMatch = true;
- } else {
- for(String policyResourceValue : policyResource.getValues()) {
- if(policyResourceValue.contains(val)) { // TODO: consider match for wildcard in policyResourceValue?
- isMatch = true;
- break;
- }
- }
- }
- }
-
- if(isMatch) {
- numFound++;
- } else {
- break;
- }
- }
-
- ret = numFound == resources.size();
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java
deleted file mode 100644
index dd3624b..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java
+++ /dev/null
@@ -1,609 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.store.rest;
-
-import java.util.List;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.admin.client.datatype.RESTResponse;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.store.ServiceStore;
-import org.apache.ranger.plugin.util.RangerRESTClient;
-import org.apache.ranger.plugin.util.SearchFilter;
-import org.apache.ranger.plugin.util.ServicePolicies;
-
-import com.sun.jersey.api.client.ClientResponse;
-import com.sun.jersey.api.client.GenericType;
-import com.sun.jersey.api.client.WebResource;
-
-
-public class ServiceRESTStore implements ServiceStore {
- private static final Log LOG = LogFactory.getLog(ServiceRESTStore.class);
-
-
- public final String REST_URL_SERVICEDEF_CREATE = "/service/plugins/definitions";
- public final String REST_URL_SERVICEDEF_UPDATE = "/service/plugins/definitions/";
- public final String REST_URL_SERVICEDEF_DELETE = "/service/plugins/definitions/";
- public final String REST_URL_SERVICEDEF_GET = "/service/plugins/definitions/";
- public final String REST_URL_SERVICEDEF_GET_BY_NAME = "/service/plugins/definitions/name/";
- public final String REST_URL_SERVICEDEF_GET_ALL = "/service/plugins/definitions";
-
- public final String REST_URL_SERVICE_CREATE = "/service/plugins/services";
- public final String REST_URL_SERVICE_UPDATE = "/service/plugins/services/";
- public final String REST_URL_SERVICE_DELETE = "/service/plugins/services/";
- public final String REST_URL_SERVICE_GET = "/service/plugins/services/";
- public final String REST_URL_SERVICE_GET_BY_NAME = "/service/plugins/services/name/";
- public final String REST_URL_SERVICE_GET_ALL = "/service/plugins/services";
-
- public final String REST_URL_POLICY_CREATE = "/service/plugins/policies";
- public final String REST_URL_POLICY_UPDATE = "/service/plugins/policies/";
- public final String REST_URL_POLICY_DELETE = "/service/plugins/policies/";
- public final String REST_URL_POLICY_GET = "/service/plugins/policies/";
- public final String REST_URL_POLICY_GET_BY_NAME = "/service/plugins/policies/name/";
- public final String REST_URL_POLICY_GET_ALL = "/service/plugins/policies";
- public final String REST_URL_POLICY_GET_FOR_SERVICE = "/service/plugins/policies/service/";
- public final String REST_URL_POLICY_GET_FOR_SERVICE_BY_NAME = "/service/plugins/policies/service/name/";
- public final String REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED = "/service/plugins/policies/service/name/";
-
- public static final String REST_MIME_TYPE_JSON = "application/json" ;
-
- private RangerRESTClient restClient;
-
- public ServiceRESTStore() {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.ServiceRESTStore()");
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.ServiceRESTStore()");
- }
- }
-
- @Override
- public void init() throws Exception {
- String restUrl = RangerConfiguration.getInstance().get("ranger.service.store.rest.url", "http://localhost:6080");
- String restUsername = RangerConfiguration.getInstance().get("ranger.service.store.rest.username", "admin");
- String restPassword = RangerConfiguration.getInstance().get("ranger.service.store.rest.password", "admin");
- String sslConfigFile = RangerConfiguration.getInstance().get("ranger.service.store.rest.ssl.config.file", "");
-
- restClient = new RangerRESTClient(restUrl, sslConfigFile);
- restClient.setBasicAuthInfo(restUsername, restPassword);
- }
-
- @Override
- public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.createServiceDef(" + serviceDef + ")");
- }
-
- RangerServiceDef ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICEDEF_CREATE);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(serviceDef));
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerServiceDef.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.createServiceDef(" + serviceDef + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.updateServiceDef(" + serviceDef + ")");
- }
-
- RangerServiceDef ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICEDEF_UPDATE + serviceDef.getId());
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(serviceDef));
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerServiceDef.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.updateServiceDef(" + serviceDef + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public void deleteServiceDef(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.deleteServiceDef(" + id + ")");
- }
-
- WebResource webResource = createWebResource(REST_URL_SERVICEDEF_DELETE + id);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class);
-
- if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.deleteServiceDef(" + id + ")");
- }
- }
-
- @Override
- public RangerServiceDef getServiceDef(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServiceDef(" + id + ")");
- }
-
- RangerServiceDef ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICEDEF_GET + id);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerServiceDef.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServiceDef(" + id + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerServiceDef getServiceDefByName(String name) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServiceDefByName(" + name + ")");
- }
-
- RangerServiceDef ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICEDEF_GET_BY_NAME + name);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerServiceDef.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServiceDefByName(" + name + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerServiceDef> getServiceDefs(SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServiceDefs()");
- }
-
- List<RangerServiceDef> ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICEDEF_GET_ALL, filter);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(new GenericType<List<RangerServiceDef>>() { });
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getAllServiceDefs(): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerService createService(RangerService service) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.createService(" + service + ")");
- }
-
- RangerService ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICE_CREATE);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(service));
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerService.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.createService(" + service + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerService updateService(RangerService service) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.updateService(" + service + ")");
- }
-
- RangerService ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICE_UPDATE + service.getId());
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(service));
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerService.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.updateService(" + service + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public void deleteService(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.deleteService(" + id + ")");
- }
-
- WebResource webResource = createWebResource(REST_URL_SERVICE_DELETE + id);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class);
-
- if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.deleteService(" + id + ")");
- }
- }
-
- @Override
- public RangerService getService(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getService(" + id + ")");
- }
-
- RangerService ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICE_GET + id);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerService.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getService(" + id + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerService getServiceByName(String name) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServiceByName(" + name + ")");
- }
-
- RangerService ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICE_GET_BY_NAME + name);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerService.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServiceByName(" + name + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerService> getServices(SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServices()");
- }
-
- List<RangerService> ret = null;
-
- WebResource webResource = createWebResource(REST_URL_SERVICE_GET_ALL, filter);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(new GenericType<List<RangerService>>() { });
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServices(): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerPolicy createPolicy(RangerPolicy policy) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.createPolicy(" + policy + ")");
- }
-
- RangerPolicy ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_CREATE);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).post(ClientResponse.class, restClient.toJson(policy));
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerPolicy.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.createPolicy(" + policy + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public RangerPolicy updatePolicy(RangerPolicy policy) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.updatePolicy(" + policy + ")");
- }
-
- RangerPolicy ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_UPDATE + policy.getId());
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).type(REST_MIME_TYPE_JSON).put(ClientResponse.class, restClient.toJson(policy));
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerPolicy.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.updatePolicy(" + policy + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public void deletePolicy(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.deletePolicy(" + id + ")");
- }
-
- WebResource webResource = createWebResource(REST_URL_POLICY_DELETE + id);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).delete(ClientResponse.class);
-
- if(response == null || (response.getStatus() != 200 && response.getStatus() != 204)) {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.deletePolicy(" + id + ")");
- }
- }
-
- @Override
- public RangerPolicy getPolicy(Long id) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getPolicy(" + id + ")");
- }
-
- RangerPolicy ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_GET + id);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(RangerPolicy.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getPolicy(" + id + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerPolicy> getPolicies(SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getPolicies()");
- }
-
- List<RangerPolicy> ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_GET_ALL, filter);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(new GenericType<List<RangerPolicy>>() { });
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getPolicies(): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerPolicy> getServicePolicies(Long serviceId, SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServicePolicies(" + serviceId + ")");
- }
-
- List<RangerPolicy> ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_GET_FOR_SERVICE + serviceId, filter);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(new GenericType<List<RangerPolicy>>() { });
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServicePolicies(" + serviceId + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public List<RangerPolicy> getServicePolicies(String serviceName, SearchFilter filter) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServicePolicies(" + serviceName + ")");
- }
-
- List<RangerPolicy> ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_GET_FOR_SERVICE_BY_NAME + serviceName, filter);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(new GenericType<List<RangerPolicy>>() { });
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServicePolicies(" + serviceName + "): " + ret);
- }
-
- return ret;
- }
-
- @Override
- public ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long lastKnownVersion) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceRESTStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ")");
- }
-
- ServicePolicies ret = null;
-
- WebResource webResource = createWebResource(REST_URL_POLICY_GET_FOR_SERVICE_IF_UPDATED + serviceName + "/" + lastKnownVersion);
- ClientResponse response = webResource.accept(REST_MIME_TYPE_JSON).get(ClientResponse.class);
-
- if(response != null && response.getStatus() == 200) {
- ret = response.getEntity(ServicePolicies.class);
- } else {
- RESTResponse resp = RESTResponse.fromClientResponse(response);
-
- throw new Exception(resp.getMessage());
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceRESTStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + "): " + ret);
- }
-
- return ret;
- }
-
- private WebResource createWebResource(String url) {
- return createWebResource(url, null);
- }
-
- private WebResource createWebResource(String url, SearchFilter filter) {
- WebResource ret = restClient.getResource(url);
-
- if(filter != null) {
- // TODO: add query params for filter
- }
-
- return ret;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
deleted file mode 100644
index 7112562..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.util;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
-import org.apache.ranger.plugin.store.ServiceStore;
-
-
-public class PolicyRefresher extends Thread {
- private static final Log LOG = LogFactory.getLog(PolicyRefresher.class);
-
- private RangerPolicyEngine policyEngine = null;
- private String serviceType = null;
- private String serviceName = null;
- private ServiceStore serviceStore = null;
- private long pollingIntervalMs = 30 * 1000;
-
- private boolean shutdownFlag = false;
- private ServicePolicies lastKnownPolicies = null;
-
-
- public PolicyRefresher(RangerPolicyEngine policyEngine, String serviceType, String serviceName, ServiceStore serviceStore, long pollingIntervalMs, String cacheDir) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> PolicyRefresher.PolicyRefresher(serviceName=" + serviceName + ")");
- }
-
- this.policyEngine = policyEngine;
- this.serviceType = serviceType;
- this.serviceName = serviceName;
- this.serviceStore = serviceStore;
- this.pollingIntervalMs = pollingIntervalMs;
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== PolicyRefresher.PolicyRefresher(serviceName=" + serviceName + ")");
- }
- }
-
- /**
- * @return the policyEngine
- */
- public RangerPolicyEngine getPolicyEngine() {
- return policyEngine;
- }
-
- /**
- * @return the serviceType
- */
- public String getServiceType() {
- return serviceType;
- }
-
- /**
- * @return the serviceName
- */
- public String getServiceName() {
- return serviceName;
- }
-
- /**
- * @return the serviceStore
- */
- public ServiceStore getServiceStore() {
- return serviceStore;
- }
-
- /**
- * @return the pollingIntervalMilliSeconds
- */
- public long getPollingIntervalMs() {
- return pollingIntervalMs;
- }
-
- /**
- * @param pollingIntervalMilliSeconds the pollingIntervalMilliSeconds to set
- */
- public void setPollingIntervalMilliSeconds(long pollingIntervalMilliSeconds) {
- this.pollingIntervalMs = pollingIntervalMilliSeconds;
- }
-
- public void startRefresher() {
- shutdownFlag = false;
-
- super.start();
- }
-
- public void stopRefresher() {
- shutdownFlag = true;
- }
-
- public void run() {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> PolicyRefresher.run()");
- }
-
- while(! shutdownFlag) {
- try {
- long lastKnownVersion = (lastKnownPolicies == null || lastKnownPolicies.getPolicyVersion() == null) ? 0 : lastKnownPolicies.getPolicyVersion().longValue();
-
- ServicePolicies svcPolicies = serviceStore.getServicePoliciesIfUpdated(serviceName, lastKnownVersion);
-
- long newVersion = (svcPolicies == null || svcPolicies.getPolicyVersion() == null) ? 0 : svcPolicies.getPolicyVersion().longValue();
-
- boolean isUpdated = newVersion != 0 && lastKnownVersion != newVersion;
-
- if(isUpdated) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("PolicyRefresher(serviceName=" + serviceName + ").run(): found updated version. lastKnownVersion=" + lastKnownVersion + "; newVersion=" + newVersion);
- }
-
- policyEngine.setPolicies(serviceName, svcPolicies.getServiceDef(), svcPolicies.getPolicies());
-
- lastKnownPolicies = svcPolicies;
- } else {
- if(LOG.isDebugEnabled()) {
- LOG.debug("PolicyRefresher(serviceName=" + serviceName + ").run(): no update found. lastKnownVersion=" + lastKnownVersion + "; newVersion=" + newVersion);
- }
- }
- } catch(Exception excp) {
- LOG.error("PolicyRefresher(serviceName=" + serviceName + ").run(): ", excp);
- }
-
- try {
- Thread.sleep(pollingIntervalMs);
- } catch(Exception excp) {
- LOG.error("PolicyRefresher(serviceName=" + serviceName + ").run(): error while sleep. exiting thread", excp);
-
- throw new RuntimeException(excp);
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== PolicyRefresher.run()");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
deleted file mode 100644
index cfff4b7..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
+++ /dev/null
@@ -1,376 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.util;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
-import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider;
-import org.apache.ranger.authorization.utils.StringUtil;
-import org.codehaus.jackson.jaxrs.JacksonJsonProvider;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.sun.jersey.api.client.Client;
-import com.sun.jersey.api.client.WebResource;
-import com.sun.jersey.api.client.config.ClientConfig;
-import com.sun.jersey.api.client.config.DefaultClientConfig;
-import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
-import com.sun.jersey.client.urlconnection.HTTPSProperties;
-
-
-public class RangerRESTClient {
- private static final Log LOG = LogFactory.getLog(RangerRESTClient.class);
-
- public static final String RANGER_PROP_POLICYMGR_URL = "xasecure.policymgr.url";
- public static final String RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME = "xasecure.policymgr.sslconfig.filename";
-
- public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE = "xasecure.policymgr.clientssl.keystore";
- public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password";
- public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE = "xasecure.policymgr.clientssl.keystore.type";
- public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.keystore.credential.file";
- public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS = "sslKeyStore";
- public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT = "jks";
-
- public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE = "xasecure.policymgr.clientssl.truststore";
- public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password";
- public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE = "xasecure.policymgr.clientssl.truststore.type";
- public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.truststore.credential.file";
- public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS = "sslTrustStore";
- public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT = "jks";
-
- public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = "SunX509" ;
- public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = "SunX509" ;
- public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "SSL" ;
-
-
- private String mUrl = null;
- private String mSslConfigFileName = null;
- private String mUsername = null;
- private String mPassword = null;
- private boolean mIsSSL = false;
-
- private String mKeyStoreURL = null;
- private String mKeyStoreAlias = null;
- private String mKeyStoreFile = null;
- private String mKeyStoreType = null;
- private String mTrustStoreURL = null;
- private String mTrustStoreAlias = null;
- private String mTrustStoreFile = null;
- private String mTrustStoreType = null;
-
- private Gson gsonBuilder = null;
- private Client client = null;
-
- public RangerRESTClient() {
- this(RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_URL),
- RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME));
- }
-
- public RangerRESTClient(String url, String sslConfigFileName) {
- mUrl = url;
- mSslConfigFileName = sslConfigFileName;
-
- init();
- }
-
- public String getUrl() {
- return mUrl;
- }
-
- public void setUrl(String url) {
- this.mUrl = url;
- }
-
- public String getUsername() {
- return mUsername;
- }
-
- public String getPassword() {
- return mPassword;
- }
-
- public void setBasicAuthInfo(String username, String password) {
- mUsername = username;
- mPassword = password;
- }
-
- public WebResource getResource(String relativeUrl) {
- WebResource ret = getClient().resource(getUrl() + relativeUrl);
-
- return ret;
- }
-
- public String toJson(Object obj) {
- return gsonBuilder.toJson(obj);
- }
-
- public <T> T fromJson(String json, Class<T> cls) {
- return gsonBuilder.fromJson(json, cls);
- }
-
- public Client getClient() {
- if(client == null) {
- synchronized(this) {
- if(client == null) {
- client = buildClient();
- }
- }
- }
-
- return client;
- }
-
- private Client buildClient() {
- Client client = null;
-
- if (mIsSSL) {
- KeyManager[] kmList = getKeyManagers();
- TrustManager[] tmList = getTrustManagers();
- SSLContext sslContext = getSSLContext(kmList, tmList);
- ClientConfig config = new DefaultClientConfig();
-
- config.getClasses().add(JacksonJsonProvider.class); // to handle List<> unmarshalling
-
- HostnameVerifier hv = new HostnameVerifier() {
- public boolean verify(String urlHostName, SSLSession session) {
- return session.getPeerHost().equals(urlHostName);
- }
- };
-
- config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext));
-
- client = Client.create(config);
- }
-
- if(client == null) {
- ClientConfig config = new DefaultClientConfig();
-
- config.getClasses().add(JacksonJsonProvider.class); // to handle List<> unmarshalling
-
- client = Client.create(config);
- }
-
- // TODO: for testing only
- if(!StringUtils.isEmpty(mUsername) || !StringUtils.isEmpty(mPassword)) {
- client.addFilter(new HTTPBasicAuthFilter(mUsername, mPassword));
- }
-
- return client;
- }
-
- private void init() {
- try {
- gsonBuilder = new GsonBuilder().setDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ").setPrettyPrinting().create();
- } catch(Throwable excp) {
- LOG.fatal("RangerRESTClient.init(): failed to create GsonBuilder object", excp);
- }
-
- mIsSSL = StringUtil.containsIgnoreCase(mUrl, "https");
-
- InputStream in = null ;
-
- try {
- Configuration conf = new Configuration() ;
-
- in = getFileInputStream(mSslConfigFileName) ;
-
- if (in != null) {
- conf.addResource(in);
- }
-
- mKeyStoreURL = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL);
- mKeyStoreAlias = RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS;
- mKeyStoreType = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE, RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT);
- mKeyStoreFile = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE);
-
- mTrustStoreURL = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL);
- mTrustStoreAlias = RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS;
- mTrustStoreType = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE, RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT);
- mTrustStoreFile = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE);
- }
- catch(IOException ioe) {
- LOG.error("Unable to load SSL Config FileName: [" + mSslConfigFileName + "]", ioe);
- }
- finally {
- close(in, mSslConfigFileName);
- }
- }
-
- private KeyManager[] getKeyManagers() {
- KeyManager[] kmList = null;
-
- String keyStoreFilepwd = getCredential(mKeyStoreURL, mKeyStoreAlias);
-
- if (!StringUtil.isEmpty(mKeyStoreFile) && !StringUtil.isEmpty(keyStoreFilepwd)) {
- InputStream in = null ;
-
- try {
- in = getFileInputStream(mKeyStoreFile) ;
-
- if (in != null) {
- KeyStore keyStore = KeyStore.getInstance(mKeyStoreType);
-
- keyStore.load(in, keyStoreFilepwd.toCharArray());
-
- KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE);
-
- keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
-
- kmList = keyManagerFactory.getKeyManagers();
- } else {
- LOG.error("Unable to obtain keystore from file [" + mKeyStoreFile + "]");
- }
- } catch (KeyStoreException e) {
- LOG.error("Unable to obtain from KeyStore", e);
- } catch (NoSuchAlgorithmException e) {
- LOG.error("SSL algorithm is available in the environment", e);
- } catch (CertificateException e) {
- LOG.error("Unable to obtain the requested certification ", e);
- } catch (FileNotFoundException e) {
- LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
- } catch (IOException e) {
- LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
- } catch (UnrecoverableKeyException e) {
- LOG.error("Unable to recover the key from keystore", e);
- } finally {
- close(in, mKeyStoreFile);
- }
- }
-
- return kmList;
- }
-
- private TrustManager[] getTrustManagers() {
- TrustManager[] tmList = null;
-
- String trustStoreFilepwd = getCredential(mTrustStoreURL, mTrustStoreAlias);
-
- if (!StringUtil.isEmpty(mTrustStoreFile) && !StringUtil.isEmpty(trustStoreFilepwd)) {
- InputStream in = null ;
-
- try {
- in = getFileInputStream(mTrustStoreFile) ;
-
- if (in != null) {
- KeyStore trustStore = KeyStore.getInstance(mTrustStoreType);
-
- trustStore.load(in, trustStoreFilepwd.toCharArray());
-
- TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_SSL_TRUSTMANAGER_ALGO_TYPE);
-
- trustManagerFactory.init(trustStore);
-
- tmList = trustManagerFactory.getTrustManagers();
- } else {
- LOG.error("Unable to obtain keystore from file [" + mTrustStoreFile + "]");
- }
- } catch (KeyStoreException e) {
- LOG.error("Unable to obtain from KeyStore", e);
- } catch (NoSuchAlgorithmException e) {
- LOG.error("SSL algorithm is available in the environment", e);
- } catch (CertificateException e) {
- LOG.error("Unable to obtain the requested certification ", e);
- } catch (FileNotFoundException e) {
- LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
- } catch (IOException e) {
- LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
- } finally {
- close(in, mTrustStoreFile);
- }
- }
-
- return tmList;
- }
-
- private SSLContext getSSLContext(KeyManager[] kmList, TrustManager[] tmList) {
- try {
- if(kmList != null && tmList != null) {
- SSLContext sslContext = SSLContext.getInstance(RANGER_SSL_CONTEXT_ALGO_TYPE);
-
- sslContext.init(kmList, tmList, new SecureRandom());
-
- return sslContext;
- }
- } catch (NoSuchAlgorithmException e) {
- LOG.error("SSL algorithm is available in the environment", e);
- } catch (KeyManagementException e) {
- LOG.error("Unable to initials the SSLContext", e);
- }
-
- return null;
- }
-
- private String getCredential(String url, String alias) {
- char[] credStr = RangerCredentialProvider.getInstance().getCredentialString(url, alias);
-
- return credStr == null ? null : new String(credStr);
- }
-
- private InputStream getFileInputStream(String fileName) throws IOException {
- InputStream in = null ;
-
- if(! StringUtil.isEmpty(fileName)) {
- File f = new File(fileName) ;
-
- if (f.exists()) {
- in = new FileInputStream(f) ;
- }
- else {
- in = ClassLoader.getSystemResourceAsStream(fileName) ;
- }
- }
-
- return in ;
- }
-
- private void close(InputStream str, String filename) {
- if (str != null) {
- try {
- str.close() ;
- } catch (IOException excp) {
- LOG.error("Error while closing file: [" + filename + "]", excp) ;
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
deleted file mode 100644
index ab8384c..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.util;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.commons.collections.MapUtils;
-import org.apache.commons.lang.StringUtils;
-
-
-public class SearchFilter {
- public static final String LOGIN_USER = "loginUser"; // search
- public static final String SERVICE_TYPE = "serviceType"; // search, sort
- public static final String SERVICE_TYPE_ID = "serviceTypeId"; // search, sort
- public static final String SERVICE_NAME = "serviceName"; // search, sort
- public static final String SERVICE_ID = "serviceId"; // search, sort
- public static final String POLICY_NAME = "policyName"; // search, sort
- public static final String POLICY_ID = "policyId"; // search, sort
- public static final String STATUS = "status"; // search
- public static final String USER = "user"; // search
- public static final String GROUP = "group"; // search
- public static final String RESOURCE_PREFIX = "resource:"; // search
- public static final String CREATE_TIME = "createTime"; // sort
- public static final String UPDATE_TIME = "updateTime"; // sort
- public static final String START_INDEX = "startIndex";
- public static final String PAGE_SIZE = "pageSize";
- public static final String SORT_BY = "sortBy";
-
- private Map<String, String> params = null;
-
- public SearchFilter() {
- this(null);
- }
-
- public SearchFilter(String name, String value) {
- setParam(name, value);
- }
-
- public SearchFilter(Map<String, String> values) {
- setParams(values);
- }
-
- public Map<String, String> getParams() {
- return params;
- }
-
- public void setParams(Map<String, String> params) {
- this.params = params;
- }
-
- public String getParam(String name) {
- return params == null ? null : params.get(name);
- }
-
- public void setParam(String name, String value) {
- if(StringUtils.isEmpty(name) || StringUtils.isEmpty(value)) {
- return;
- }
-
- if(params == null) {
- params = new HashMap<String, String>();
- }
-
- params.put(name, value);
- }
-
- public Map<String, String> getParamsWithPrefix(String prefix, boolean stripPrefix) {
- Map<String, String> ret = null;
-
- if(prefix == null) {
- prefix = StringUtils.EMPTY;
- }
-
- if(params != null) {
- for(Map.Entry<String, String> e : params.entrySet()) {
- String name = e.getKey();
-
- if(name.startsWith(prefix)) {
- if(ret == null) {
- ret = new HashMap<String, String>();
- }
-
- if(stripPrefix) {
- name = name.substring(prefix.length());
- }
-
- ret.put(name, e.getValue());
- }
- }
- }
-
- return ret;
- }
-
- public boolean isEmpty() {
- return MapUtils.isEmpty(params);
- }
-}
[5/8] incubator-ranger git commit: RANGER-203: moved
pluggable-service-model implementation from plugin-common to exiting project
ranger-plugin-common
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
new file mode 100644
index 0000000..f1c8adf
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
@@ -0,0 +1,125 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+
+import java.util.Date;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class ServicePolicies implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String serviceName;
+ private Long serviceId;
+ private RangerServiceDef serviceDef;
+ private Long policyVersion;
+ private Date policyUpdateTime;
+ private List<RangerPolicy> policies;
+
+
+ /**
+ * @return the serviceName
+ */
+ public String getServiceName() {
+ return serviceName;
+ }
+ /**
+ * @param serviceName the serviceName to set
+ */
+ public void setServiceName(String serviceName) {
+ this.serviceName = serviceName;
+ }
+ /**
+ * @return the serviceId
+ */
+ public Long getServiceId() {
+ return serviceId;
+ }
+ /**
+ * @param serviceId the serviceId to set
+ */
+ public void setServiceId(Long serviceId) {
+ this.serviceId = serviceId;
+ }
+ /**
+ * @return the serviceDef
+ */
+ public RangerServiceDef getServiceDef() {
+ return serviceDef;
+ }
+ /**
+ * @param serviceDef the serviceDef to set
+ */
+ public void setServiceDef(RangerServiceDef serviceDef) {
+ this.serviceDef = serviceDef;
+ }
+ /**
+ * @return the policyVersion
+ */
+ public Long getPolicyVersion() {
+ return policyVersion;
+ }
+ /**
+ * @param policyVersion the policyVersion to set
+ */
+ public void setPolicyVersion(Long policyVersion) {
+ this.policyVersion = policyVersion;
+ }
+ /**
+ * @return the policyUpdateTime
+ */
+ public Date getPolicyUpdateTime() {
+ return policyUpdateTime;
+ }
+ /**
+ * @param policyUpdateTime the policyUpdateTime to set
+ */
+ public void setPolicyUpdateTime(Date policyUpdateTime) {
+ this.policyUpdateTime = policyUpdateTime;
+ }
+ /**
+ * @return the policies
+ */
+ public List<RangerPolicy> getPolicies() {
+ return policies;
+ }
+ /**
+ * @param policies the policies to set
+ */
+ public void setPolicies(List<RangerPolicy> policies) {
+ this.policies = policies;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
new file mode 100644
index 0000000..e04ee15
--- /dev/null
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
@@ -0,0 +1,50 @@
+{
+ "id":2,
+ "name":"hbase",
+ "implClass":"org.apache.ranger.services.hbase.RangerServiceHBase",
+ "label":"HBase",
+ "description":"HBase",
+ "guid":"d6cea1f0-2509-4791-8fc1-7b092399ba3b",
+ "createTime":"20141208-22:50:22.426--0800",
+ "updateTime":"20141208-22:50:22.426--0800",
+ "version":1,
+ "enums":
+ [
+ {
+ "name":"authnType",
+ "elements":
+ [
+ {"name":"simple", "label":"Simple"},
+ {"name":"kerberos","label":"Kerberos"}
+ ],
+ "defaultIndex":0
+ }
+ ],
+ "configs":
+ [
+ {"name":"username", "type":"string", "subType":"", "mandatory":true, "label":"Username"},
+ {"name":"password", "type":"password","subType":"", "mandatory":true, "label":"Password"},
+ {"name":"hadoop.security.authentication", "type":"enum", "subType":"authnType","mandatory":true, "defaultValue":"simple"},
+ {"name":"hbase.master.kerberos.principal", "type":"string", "subType":"", "mandatory":false,"defaultValue":""},
+ {"name":"hbase.security.authentication", "type":"enum", "subType":"authnType","mandatory":true, "defaultValue":"simple"},
+ {"name":"hbase.zookeeper.property.clientPort","type":"int", "subType":"", "mandatory":true, "defaultValue":"2181"},
+ {"name":"hbase.zookeeper.quorum", "type":"string", "subType":"", "mandatory":true, "defaultValue":""},
+ {"name":"zookeeper.znode.parent", "type":"string", "subType":"", "mandatory":true, "defaultValue":"/hbase"}
+ ],
+ "resources":
+ [
+ {"name":"table", "type":"string","level":1,"parent":"", "mandatory":true,"lookupSupported":true, "recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"},
+ {"name":"column-family","type":"string","level":2,"parent":"table", "mandatory":true,"lookupSupported":true, "recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-family","description":"HBase Column-family"},
+ {"name":"column", "type":"string","level":3,"parent":"column-family","mandatory":true,"lookupSupported":false,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"}
+ ],
+ "accessTypes":
+ [
+ {"name":"read", "label":"Read"},
+ {"name":"write", "label":"Write"},
+ {"name":"create","label":"Create"},
+ {"name":"admin", "label":"Admin","impliedGrants":["read","write","create"]}
+ ],
+ "policyConditions":
+ [
+ ]
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
new file mode 100644
index 0000000..cf8f008
--- /dev/null
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
@@ -0,0 +1,60 @@
+{
+ "id":1,
+ "name":"hdfs",
+ "implClass":"org.apache.ranger.services.hdfs.RangerServiceHdfs",
+ "label":"HDFS Repository",
+ "description":"HDFS Repository",
+ "guid":"0d047247-bafe-4cf8-8e9b-d5d377284b2d",
+ "createTime":"20141208-22:04:25.233--0800",
+ "updateTime":"20141208-22:04:25.233--0800",
+ "version":1,
+ "enums":
+ [
+ {
+ "name":"authnType",
+ "elements":
+ [
+ {"name":"simple", "label":"Simple"},
+ {"name":"kerberos","label":"Kerberos"}
+ ],
+ "defaultIndex":0
+ },
+ {
+ "name":"rpcProtection",
+ "elements":
+ [
+ {"name":"authentication","label":"Authentication"},
+ {"name":"integrity", "label":"Integrity"},
+ {"name":"privacy", "label":"Privacy"}
+ ],
+ "defaultIndex":0
+ },
+ ],
+ "configs":
+ [
+ {"name":"username", "type":"string", "subType":"", "mandatory":true, "label":"Username"},
+ {"name":"password", "type":"password","subType":"", "mandatory":true, "label":"Password"},
+ {"name":"fs.default.name", "type":"string", "subType":"", "mandatory":true, "label":"Namenode URL"},
+ {"name":"hadoop.security.authorization", "type":"bool", "subType":"TrueFalse", "mandatory":true, "defaultValue":"false"},
+ {"name":"hadoop.security.authentication", "type":"enum", "subType":"authnType", "mandatory":true, "defaultValue":"simple"},
+ {"name":"hadoop.security.auth_to_local", "type":"string", "subType":"", "mandatory":false},
+ {"name":"dfs.datanode.kerberos.principal", "type":"string", "subType":"", "mandatory":false},
+ {"name":"dfs.namenode.kerberos.principal", "type":"string", "subType":"", "mandatory":false},
+ {"name":"dfs.secondary.namenode.kerberos.principal","type":"string", "subType":"", "mandatory":false},
+ {"name":"hadoop.rpc.protection", "type":"enum", "subType":"rpcProtection","mandatory":false,"defaultValue":"authentication"},
+ {"name":"certificate.cn", "type":"string", "subType":"", "mandatory":false,"label":"Common Name for Certificate"}
+ ],
+ "resources":
+ [
+ {"name":"path","type":"path","level":1,"parent":"","mandatory":true,"lookupSupported":true,"recursiveSupported":true,"excludesSupported":false,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Resource Path","description":"HDFS file or directory path"}
+ ],
+ "accessTypes":
+ [
+ {"name":"read","label":"Read"},
+ {"name":"write","label":"Write"},
+ {"name":"execute","label":"Execute"}
+ ],
+ "policyConditions":
+ [
+ ]
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
new file mode 100644
index 0000000..6414fe3
--- /dev/null
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
@@ -0,0 +1,43 @@
+{
+ "id":3,
+ "name":"hive",
+ "implClass":"org.apache.ranger.services.hive.RangerServiceHive",
+ "label":"Hive Server2",
+ "description":"Hive Server2",
+ "guid":"3e1afb5a-184a-4e82-9d9c-87a5cacc243c",
+ "createTime":"20141208-22:51:20.732--0800",
+ "updateTime":"20141208-22:51:20.732--0800",
+ "version":1,
+ "enums":
+ [
+ ],
+ "configs":
+ [
+ {"name":"username", "type":"string", "mandatory":true, "label":"Username"},
+ {"name":"password", "type":"password","mandatory":true, "label":"Password"},
+ {"name":"jdbc.driverClassName","type":"string", "mandatory":true, "defaultValue":"org.apache.hive.jdbc.HiveDriver"},
+ {"name":"jdbc.url", "type":"string", "mandatory":true, "defaultValue":""},
+ {"name":"certificate.cn", "type":"string", "mandatory":false,"label":"Common Name for Certificate"}
+ ],
+ "resources":
+ [
+ {"name":"database","type":"string","level":1,"parent":"", "mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"},
+ {"name":"table", "type":"string","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"},
+ {"name":"udf", "type":"string","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"},
+ {"name":"column", "type":"string","level":3,"parent":"table", "mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"}
+ ],
+ "accessTypes":
+ [
+ {"name":"select","label":"select"},
+ {"name":"update","label":"update"},
+ {"name":"create","label":"Create"},
+ {"name":"drop", "label":"Drop"},
+ {"name":"alter", "label":"Alter"},
+ {"name":"index", "label":"Index"},
+ {"name":"lock", "label":"Lock"},
+ {"name":"all", "label":"All"}
+ ],
+ "policyConditions":
+ [
+ ]
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
new file mode 100644
index 0000000..f6a7157
--- /dev/null
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
@@ -0,0 +1,34 @@
+{
+ "id":5,
+ "name":"knox",
+ "implClass":"org.apache.ranger.services.knox.RangerServiceKnox",
+ "label":"Knox Gateway",
+ "description":"Knox Gateway",
+ "guid":"84b481b5-f23b-4f71-b8b6-ab33977149ca",
+ "createTime":"20141208-22:48:42.238--0800",
+ "updateTime":"20141208-22:48:42.238--0800",
+ "version":1,
+ "enums":
+ [
+ ],
+ "configs":
+ [
+ {"name":"username", "type":"string", "mandatory":true, "label":"Username"},
+ {"name":"password", "type":"password","mandatory":true, "label":"Password"},
+ {"name":"knox.url", "type":"string", "mandatory":true, "defaultValue":""},
+ {"name":"certificate.cn","type":"string", "mandatory":false,"label":"Common Name for Certificate"}
+ ],
+ "resources":
+ [
+ {"name":"topology","type":"string","level":1,"parent":"", "mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Topology","description":"Knox Topology"},
+ {"name":"service", "type":"string","level":2,"parent":"topology","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Service","description":"Knox Service"}
+ ],
+ "accessTypes":
+ [
+ {"name":"allow","label":"Allow"}
+ ],
+ "policyConditions":
+ [
+ {"name":"ip-range","evaluator":"org.apache.ranger.knox.IpRangeCondition","evaluatorOptions":"","label":"IP Address Range","description":"IP Address Range"}
+ ]
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
new file mode 100644
index 0000000..fce10c0
--- /dev/null
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
@@ -0,0 +1,46 @@
+{
+ "id":6,
+ "name":"storm",
+ "implClass":"org.apache.ranger.services.storm.RangerServiceStorm",
+ "label":"Storm",
+ "description":"Storm",
+ "guid":"2a60f427-edcf-4e20-834c-a9a267b5b963",
+ "createTime":"20141208-22:55:47.095--0800",
+ "updateTime":"20141208-22:55:47.095--0800",
+ "version":1,
+ "enums":
+ [
+ ],
+ "configs":
+ [
+ {"name":"username", "type":"string", "mandatory":true, "label":"Username"},
+ {"name":"password", "type":"password","mandatory":true, "label":"Password"},
+ {"name":"nimbus.url", "type":"string", "mandatory":true, "label":"Nimbus URL","defaultValue":""},
+ {"name":"certificate.cn","type":"string", "mandatory":false,"label":"Common Name for Certificate"}
+ ],
+ "resources":
+ [
+ {"name":"topology","type":"string","level":1,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Storm Topology","description":"Storm Topology"}
+ ],
+ "accessTypes":
+ [
+ {"name":"topology-submit", "label":"Submit Topology"},
+ {"name":"file-upload", "label":"File Upload"},
+ {"name":"nimbus-conf-get", "label":"Get Nimbus Conf"},
+ {"name":"cluster-conf-get", "label":"Get Cluster Conf"},
+ {"name":"cluster-info-get", "label":"Get Cluster Info"},
+ {"name":"file-download", "label":"File Download"},
+ {"name":"topology-kill", "label":"Kill Topology"},
+ {"name":"rebalance", "label":"Rebalance"},
+ {"name":"activate", "label":"Activate"},
+ {"name":"deactivate", "label":"Deactivate"},
+ {"name":"topology-conf-get", "label":"Get Topology Conf"},
+ {"name":"topology-get", "label":"Get Topology"},
+ {"name":"topology-user-get", "label":"Get User Topology"},
+ {"name":"topology-info-get", "label":"Get Topology Info"},
+ {"name":"new-credential-upload","label":"Upload New Credential"}
+ ],
+ "policyConditions":
+ [
+ ]
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
new file mode 100644
index 0000000..f940c30
--- /dev/null
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import static org.junit.Assert.*;
+
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.lang.reflect.Type;
+import java.util.List;
+
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.policyengine.TestPolicyEngine.PolicyEngineTestCase.TestData;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonDeserializationContext;
+import com.google.gson.JsonDeserializer;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParseException;
+
+
+public class TestPolicyEngine {
+ static RangerPolicyEngineImpl policyEngine = null;
+ static Gson gsonBuilder = null;
+
+
+ @BeforeClass
+ public static void setUpBeforeClass() throws Exception {
+ policyEngine = new RangerPolicyEngineImpl();
+ gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z")
+ .setPrettyPrinting()
+ .registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer())
+ .registerTypeAdapter(RangerResource.class, new RangerResourceDeserializer())
+ .create();
+ }
+
+ @AfterClass
+ public static void tearDownAfterClass() throws Exception {
+ }
+
+ @Test
+ public void testPolicyEngine_hdfs() {
+ String[] hdfsTestResourceFiles = { "/policyengine/test_policyengine_hdfs.json" };
+
+ runTestsFromResourceFiles(hdfsTestResourceFiles);
+ }
+
+ @Test
+ public void testPolicyEngine_hive() {
+ String[] hiveTestResourceFiles = { "/policyengine/test_policyengine_hive.json" };
+
+ runTestsFromResourceFiles(hiveTestResourceFiles);
+ }
+
+ @Test
+ public void testPolicyEngine_hbase() {
+ String[] hbaseTestResourceFiles = { "/policyengine/test_policyengine_hbase.json" };
+
+ runTestsFromResourceFiles(hbaseTestResourceFiles);
+ }
+
+ private void runTestsFromResourceFiles(String[] resourceNames) {
+ for(String resourceName : resourceNames) {
+ InputStream inStream = this.getClass().getResourceAsStream(resourceName);
+ InputStreamReader reader = new InputStreamReader(inStream);
+
+ runTests(reader, resourceName);
+ }
+ }
+
+ private void runTests(InputStreamReader reader, String testName) {
+ try {
+ PolicyEngineTestCase testCase = gsonBuilder.fromJson(reader, PolicyEngineTestCase.class);
+
+ assertTrue("invalid input: " + testName, testCase != null && testCase.serviceDef != null && testCase.policies != null && testCase.tests != null);
+
+ policyEngine.setPolicies(testCase.serviceName, testCase.serviceDef, testCase.policies);
+
+ for(TestData test : testCase.tests) {
+ RangerAccessResult expected = test.result;
+ RangerAccessResult result = policyEngine.isAccessAllowed(test.request, null);
+
+ assertNotNull(test.name, result);
+ assertEquals(test.name, expected.getIsAllowed(), result.getIsAllowed());
+ assertEquals(test.name, expected.getIsAudited(), result.getIsAudited());
+ assertEquals(test.name, expected.getPolicyId(), result.getPolicyId());
+ }
+ } catch(Throwable excp) {
+ excp.printStackTrace();
+ }
+
+ }
+
+ static class PolicyEngineTestCase {
+ public String serviceName;
+ public RangerServiceDef serviceDef;
+ public List<RangerPolicy> policies;
+ public List<TestData> tests;
+
+ class TestData {
+ public String name;
+ public RangerAccessRequest request;
+ public RangerAccessResult result;
+ }
+ }
+
+ static class RangerAccessRequestDeserializer implements JsonDeserializer<RangerAccessRequest> {
+ @Override
+ public RangerAccessRequest deserialize(JsonElement jsonObj, Type type,
+ JsonDeserializationContext context) throws JsonParseException {
+ return gsonBuilder.fromJson(jsonObj, RangerAccessRequestImpl.class);
+ }
+ }
+
+ static class RangerResourceDeserializer implements JsonDeserializer<RangerResource> {
+ @Override
+ public RangerResource deserialize(JsonElement jsonObj, Type type,
+ JsonDeserializationContext context) throws JsonParseException {
+ return gsonBuilder.fromJson(jsonObj, RangerResourceImpl.class);
+ }
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java b/agents-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java
new file mode 100644
index 0000000..4771085
--- /dev/null
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java
@@ -0,0 +1,248 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store;
+
+import static org.junit.Assert.*;
+
+import java.util.List;
+
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.store.ServiceStore;
+import org.apache.ranger.plugin.store.ServiceStoreFactory;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.plugin.util.ServicePolicies;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class TestServiceStore {
+ static ServiceStore svcStore = null;
+ static SearchFilter filter = null;
+
+ static final String sdName = "svcDef-unit-test-TestServiceStore";
+ static final String serviceName = "svc-unit-test-TestServiceStore";
+ static final String policyName = "testPolicy-1";
+
+ @BeforeClass
+ public static void setupTest() throws Exception {
+ svcStore = ServiceStoreFactory.instance().getServiceStore();
+
+ // cleanup if the test service and service-def if they already exist
+ List<RangerService> services = svcStore.getServices(filter);
+ for(RangerService service : services) {
+ if(service.getName().startsWith(serviceName)) {
+ svcStore.deleteService(service.getId());
+ }
+ }
+
+ List<RangerServiceDef> serviceDefs = svcStore.getServiceDefs(filter);
+ for(RangerServiceDef serviceDef : serviceDefs) {
+ if(serviceDef.getName().startsWith(sdName)) {
+ svcStore.deleteServiceDef(serviceDef.getId());
+ }
+ }
+ }
+
+ @Test
+ public void testServiceStore() throws Exception {
+ String updatedName, updatedDescription;
+
+ List<RangerServiceDef> sds = svcStore.getServiceDefs(filter);
+
+ int initSdCount = sds == null ? 0 : sds.size();
+
+ RangerServiceDef sd = new RangerServiceDef(sdName, "org.apache.ranger.services.TestService", "TestService", "test servicedef description", null, null, null, null, null);
+
+ RangerServiceDef createdSd = svcStore.createServiceDef(sd);
+ assertNotNull("createServiceDef() failed", createdSd != null);
+
+ sds = svcStore.getServiceDefs(filter);
+ assertEquals("createServiceDef() failed", initSdCount + 1, sds == null ? 0 : sds.size());
+
+ updatedDescription = sd.getDescription() + ": updated";
+ createdSd.setDescription(updatedDescription);
+ RangerServiceDef updatedSd = svcStore.updateServiceDef(createdSd);
+ assertNotNull("updateServiceDef(updatedDescription) failed", updatedSd);
+ assertEquals("updateServiceDef(updatedDescription) failed", updatedDescription, updatedSd.getDescription());
+
+ sds = svcStore.getServiceDefs(filter);
+ assertEquals("updateServiceDef(updatedDescription) failed", initSdCount + 1, sds == null ? 0 : sds.size());
+
+ /*
+ updatedName = sd.getName() + "-Renamed";
+ updatedSd.setName(updatedName);
+ updatedSd = sdMgr.update(updatedSd);
+ assertNotNull("updateServiceDef(updatedName) failed", updatedSd);
+ assertEquals("updateServiceDef(updatedName) failed", updatedName, updatedSd.getName());
+
+ sds = getAllServiceDef();
+ assertEquals("updateServiceDef(updatedName) failed", initSdCount + 1, sds == null ? 0 : sds.size());
+ */
+
+ List<RangerService> services = svcStore.getServices(filter);
+
+ int initServiceCount = services == null ? 0 : services.size();
+
+ RangerService svc = new RangerService(sdName, serviceName, "test service description", null);
+
+ RangerService createdSvc = svcStore.createService(svc);
+ assertNotNull("createService() failed", createdSvc);
+
+ services = svcStore.getServices(filter);
+ assertEquals("createServiceDef() failed", initServiceCount + 1, services == null ? 0 : services.size());
+
+ updatedDescription = createdSvc.getDescription() + ": updated";
+ createdSvc.setDescription(updatedDescription);
+ RangerService updatedSvc = svcStore.updateService(createdSvc);
+ assertNotNull("updateService(updatedDescription) failed", updatedSvc);
+ assertEquals("updateService(updatedDescription) failed", updatedDescription, updatedSvc.getDescription());
+
+ services = svcStore.getServices(filter);
+ assertEquals("updateService(updatedDescription) failed", initServiceCount + 1, services == null ? 0 : services.size());
+
+ updatedName = serviceName + "-Renamed";
+ updatedSvc.setName(updatedName);
+ updatedSvc = svcStore.updateService(updatedSvc);
+ assertNotNull("updateService(updatedName) failed", updatedSvc);
+ assertEquals("updateService(updatedName) failed", updatedName, updatedSvc.getName());
+
+ services = svcStore.getServices(filter);
+ assertEquals("updateService(updatedName) failed", initServiceCount + 1, services == null ? 0 : services.size());
+
+ List<RangerPolicy> policies = svcStore.getPolicies(filter);
+
+ int initPolicyCount = policies == null ? 0 : policies.size();
+
+ RangerPolicy policy = new RangerPolicy(updatedSvc.getName(), policyName, "test policy description", null, null);
+ policy.getResources().put("path", new RangerPolicyResource("/demo/test/finance", Boolean.FALSE, Boolean.TRUE));
+
+ RangerPolicyItem item1 = new RangerPolicyItem();
+ item1.getAccesses().add(new RangerPolicyItemAccess("read"));
+ item1.getAccesses().add(new RangerPolicyItemAccess("write"));
+ item1.getAccesses().add(new RangerPolicyItemAccess("execute"));
+ item1.getUsers().add("admin");
+ item1.getGroups().add("finance");
+
+ RangerPolicyItem item2 = new RangerPolicyItem();
+ item2.getAccesses().add(new RangerPolicyItemAccess("read"));
+ item2.getGroups().add("public");
+
+ policy.getPolicyItems().add(item1);
+ policy.getPolicyItems().add(item2);
+
+ RangerPolicy createdPolicy = svcStore.createPolicy(policy);
+ assertNotNull(createdPolicy);
+ assertNotNull(createdPolicy.getPolicyItems());
+ assertEquals(createdPolicy.getPolicyItems().size(), 2);
+
+ RangerPolicyItem createItem1 = createdPolicy.getPolicyItems().get(0);
+ RangerPolicyItem createItem2 = createdPolicy.getPolicyItems().get(1);
+
+ assertNotNull(createItem1.getAccesses());
+ assertEquals(createItem1.getAccesses().size(), 3);
+ assertNotNull(createItem1.getUsers());
+ assertEquals(createItem1.getUsers().size(), 1);
+ assertNotNull(createItem1.getGroups());
+ assertEquals(createItem1.getGroups().size(), 1);
+
+ assertNotNull(createItem2.getAccesses());
+ assertEquals(createItem2.getAccesses().size(), 1);
+ assertNotNull(createItem2.getUsers());
+ assertEquals(createItem2.getUsers().size(), 0);
+ assertNotNull(createItem2.getGroups());
+ assertEquals(createItem2.getGroups().size(), 1);
+
+ policies = svcStore.getPolicies(filter);
+ assertEquals("createPolicy() failed", initPolicyCount + 1, policies == null ? 0 : policies.size());
+
+ updatedDescription = policy.getDescription() + ":updated";
+ createdPolicy.setDescription(updatedDescription);
+ RangerPolicy updatedPolicy = svcStore.updatePolicy(createdPolicy);
+ assertNotNull("updatePolicy(updatedDescription) failed", updatedPolicy != null);
+
+ policies = svcStore.getPolicies(filter);
+ assertEquals("updatePolicy(updatedDescription) failed", initPolicyCount + 1, policies == null ? 0 : policies.size());
+
+ updatedName = policyName + "-Renamed";
+ updatedPolicy.setName(updatedName);
+ updatedPolicy = svcStore.updatePolicy(updatedPolicy);
+ assertNotNull("updatePolicy(updatedName) failed", updatedPolicy);
+
+ policies = svcStore.getPolicies(filter);
+ assertEquals("updatePolicy(updatedName) failed", initPolicyCount + 1, policies == null ? 0 : policies.size());
+
+ // rename the service; all the policies for this service should reflect the new service name
+ updatedName = serviceName + "-Renamed2";
+ updatedSvc.setName(updatedName);
+ updatedSvc = svcStore.updateService(updatedSvc);
+ assertNotNull("updateService(updatedName2) failed", updatedSvc);
+ assertEquals("updateService(updatedName2) failed", updatedName, updatedSvc.getName());
+
+ services = svcStore.getServices(filter);
+ assertEquals("updateService(updatedName2) failed", initServiceCount + 1, services == null ? 0 : services.size());
+
+ updatedPolicy = svcStore.getPolicy(createdPolicy.getId());
+ assertNotNull("updateService(updatedName2) failed", updatedPolicy);
+ assertEquals("updateService(updatedName2) failed", updatedPolicy.getService(), updatedSvc.getName());
+
+ ServicePolicies svcPolicies = svcStore.getServicePoliciesIfUpdated(updatedSvc.getName(), 0l);
+ assertNotNull("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies);
+ assertNotNull("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicies());
+ assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getServiceName(), updatedSvc.getName());
+ assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getServiceId(), updatedSvc.getId());
+ assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicyVersion(), updatedSvc.getPolicyVersion());
+ assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicyUpdateTime(), updatedSvc.getPolicyUpdateTime());
+ assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getServiceDef().getId(), updatedSd.getId());
+ assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicies().size(), 1);
+ assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicies().get(0).getName(), updatedPolicy.getName());
+
+ ServicePolicies updatedPolicies = svcStore.getServicePoliciesIfUpdated(updatedSvc.getName(), svcPolicies.getPolicyVersion());
+ assertNotNull(updatedPolicies);
+ assertEquals(0, updatedPolicies.getPolicies().size());
+
+ filter = new SearchFilter();
+ filter.setParam(SearchFilter.POLICY_NAME, policyName);
+ policies = svcStore.getPolicies(filter);
+ assertEquals("getPolicies(filter=origPolicyName) failed", 0, policies == null ? 0 : policies.size());
+ filter = null;
+
+ filter = new SearchFilter();
+ filter.setParam(SearchFilter.POLICY_NAME, updatedPolicy.getName());
+ policies = svcStore.getPolicies(filter);
+ assertEquals("getPolicies(filter=origPolicyName) failed", 1, policies == null ? 0 : policies.size());
+ filter = null;
+
+ svcStore.deletePolicy(policy.getId());
+ policies = svcStore.getPolicies(filter);
+ assertEquals("deletePolicy() failed", initPolicyCount, policies == null ? 0 : policies.size());
+
+ svcStore.deleteService(svc.getId());
+ services = svcStore.getServices(filter);
+ assertEquals("deleteService() failed", initServiceCount, services == null ? 0 : services.size());
+
+ svcStore.deleteServiceDef(sd.getId());
+ sds = svcStore.getServiceDefs(filter);
+ assertEquals("deleteServiceDef() failed", initSdCount, sds == null ? 0 : sds.size());
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/test/java/org/apache/ranger/plugin/util/TestPolicyRefresher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/util/TestPolicyRefresher.java b/agents-common/src/test/java/org/apache/ranger/plugin/util/TestPolicyRefresher.java
new file mode 100644
index 0000000..4cf7e3c
--- /dev/null
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/util/TestPolicyRefresher.java
@@ -0,0 +1,183 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+import static org.junit.Assert.*;
+
+import java.util.List;
+
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl;
+import org.apache.ranger.plugin.store.ServiceStore;
+import org.apache.ranger.plugin.store.ServiceStoreFactory;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+
+public class TestPolicyRefresher {
+ static RangerPolicyEngineImpl policyEngine = null;
+ static ServiceStore svcStore = null;
+ static PolicyRefresher refresher = null;
+
+ static final long pollingIntervalInMs = 5 * 1000;
+ static final long sleepTimeInMs = pollingIntervalInMs + (5 * 1000);
+ static final String sdName = "hbase";
+ static final String svcName = "svc-unit-test-TestPolicyRefresher";
+
+ static RangerService svc = null;
+ static RangerPolicy policy1 = null;
+ static RangerPolicy policy2 = null;
+
+ static boolean isPolicyRefreshed = false;
+ static long policyCount = 0;
+
+
+ /**
+ * @throws java.lang.Exception
+ */
+ @BeforeClass
+ public static void setUpBeforeClass() throws Exception {
+ svcStore = ServiceStoreFactory.instance().getServiceStore();
+
+ // cleanup if the test service already exists
+ svc = svcStore.getServiceByName(svcName);
+ if(svc != null) {
+ svcStore.deleteService(svc.getId());
+ }
+
+ policyEngine = new RangerPolicyEngineImpl() {
+ @Override
+ public void setPolicies(String serviceName, RangerServiceDef serviceDef, List<RangerPolicy> policies) {
+ isPolicyRefreshed = true;
+ policyCount = policies != null ? policies.size() : 0;
+
+ super.setPolicies(serviceName, serviceDef, policies);
+ }
+ };
+
+ refresher = new PolicyRefresher(policyEngine, sdName, svcName, svcStore, pollingIntervalInMs, null);
+ refresher.start();
+
+ // create a service
+ svc = new RangerService(sdName, svcName, "test service description", null);
+
+ svc = svcStore.createService(svc);
+ assertNotNull("createService(" + svcName + ") failed", svc);
+ }
+
+ /**
+ * @throws java.lang.Exception
+ */
+ @AfterClass
+ public static void tearDownAfterClass() throws Exception {
+ if(refresher != null) {
+ refresher.stopRefresher();
+ }
+
+ if(svcStore != null) {
+ if(policy1 != null) {
+ svcStore.deletePolicy(policy1.getId());
+ }
+
+ if(policy2 != null) {
+ svcStore.deletePolicy(policy2.getId());
+ }
+
+ if(svc != null) {
+ svcStore.deleteService(svc.getId());
+ }
+ }
+ }
+
+ @Test
+ public void testRefresher() throws Exception {
+ assertEquals("policy count - initial", 0, policyCount);
+
+ RangerPolicy policy = new RangerPolicy(svc.getName(), "policy1", "test policy description", null, null);
+ policy.getResources().put("table", new RangerPolicyResource("employee", Boolean.FALSE, Boolean.TRUE));
+ policy.getResources().put("column-family", new RangerPolicyResource("personal", Boolean.FALSE, Boolean.TRUE));
+ policy.getResources().put("column", new RangerPolicyResource("ssn", Boolean.FALSE, Boolean.TRUE));
+
+ RangerPolicyItem item1 = new RangerPolicyItem();
+ item1.getAccesses().add(new RangerPolicyItemAccess("admin"));
+ item1.getUsers().add("admin");
+ item1.getGroups().add("hr");
+
+ RangerPolicyItem item2 = new RangerPolicyItem();
+ item2.getAccesses().add(new RangerPolicyItemAccess("read"));
+ item2.getGroups().add("public");
+
+ policy.getPolicyItems().add(item1);
+ policy.getPolicyItems().add(item2);
+
+ policy1 = svcStore.createPolicy(policy);
+
+ policy = new RangerPolicy(svc.getName(), "policy2", "test policy description", null, null);
+ policy.getResources().put("table", new RangerPolicyResource("employee", Boolean.FALSE, Boolean.TRUE));
+ policy.getResources().put("column-family", new RangerPolicyResource("finance", Boolean.FALSE, Boolean.TRUE));
+ policy.getResources().put("column", new RangerPolicyResource("balance", Boolean.FALSE, Boolean.TRUE));
+
+ item1 = new RangerPolicyItem();
+ item1.getAccesses().add(new RangerPolicyItemAccess("admin"));
+ item1.getUsers().add("admin");
+ item1.getGroups().add("finance");
+
+ policy.getPolicyItems().add(item1);
+
+ policy2 = svcStore.createPolicy(policy);
+
+ Thread.sleep(sleepTimeInMs);
+ assertTrue("policy refresh - after two new policies", isPolicyRefreshed);
+ assertEquals("policy count - after two new policies", 2, policyCount);
+ isPolicyRefreshed = false;
+
+ Thread.sleep(sleepTimeInMs);
+ assertFalse("policy refresh - after no new policies", isPolicyRefreshed);
+ assertEquals("policy count - after no new policies", 2, policyCount);
+ isPolicyRefreshed = false;
+
+ item2 = new RangerPolicyItem();
+ item2.getAccesses().add(new RangerPolicyItemAccess("read"));
+ item2.getGroups().add("public");
+ policy2.getPolicyItems().add(item2);
+
+ policy2 = svcStore.updatePolicy(policy2);
+
+ Thread.sleep(sleepTimeInMs);
+ assertTrue("policy refresh - after update policy", isPolicyRefreshed);
+ assertEquals("policy count - after update policy", 2, policyCount);
+ isPolicyRefreshed = false;
+
+ svcStore.deletePolicy(policy2.getId());
+
+ Thread.sleep(sleepTimeInMs);
+ assertTrue("policy refresh - after delete policy", isPolicyRefreshed);
+ assertEquals("policy count - after delete policy", 1, policyCount);
+ isPolicyRefreshed = false;
+ policy2 = null;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json b/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json
new file mode 100644
index 0000000..35768cb
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json
@@ -0,0 +1,159 @@
+{
+ "serviceName":"hbasedev",
+
+ "serviceDef":{
+ "name":"hbase",
+ "id":2,
+ "resources":[
+ {"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"},
+ {"name":"column-family","level":2,"table":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-Family","description":"HBase Column-Family"},
+ {"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"}
+ ],
+ "accessTypes":[
+ {"name":"read","label":"Read"},
+ {"name":"write","label":"Write"},
+ {"name":"create","label":"Create"},
+ {"name":"admin","label":"Admin","impliedGrants":["read","write","create"]}
+ ]
+ },
+
+ "policies":[
+ {"id":1,"name":"table=finance; column-family=restricted*: audit-all-access","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}},
+ "policyItems":[
+ {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
+ ]
+ }
+ ,
+ {"id":2,"name":"table=finance; column-family=restricted*","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}},
+ "policyItems":[
+ {"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false}
+ ,
+ {"accesses":[{"type":"admin","isAllowed":true}],"users":[],"groups":["finance-admin"],"delegateAdmin":true}
+ ]
+ }
+ ,
+ {"id":3,"name":"table=*; column-family=<excluding>restricted*","isEnabled":true,"isAuditEnabled":false,
+ "resources":{"table":{"values":["*"]},"column-family":{"values":["restricted*"],"isExcludes":true}},
+ "policyItems":[
+ {"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false}
+ ]
+ }
+ ],
+
+ "tests":[
+ {"name":"ALLOW 'scan finance restricted-cf;' for finance",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessType":"read","user":"user1","userGroups":["users","finance"],"requestData":"scan finance restricted-cf"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"ALLOW 'put finance restricted-cf;' for finance",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessType":"write","user":"user1","userGroups":["users","finance"],"requestData":"put finance restricted-cf"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"DENY 'create finance restricted-cf;' for finance",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessType":"create","user":"user1","userGroups":["users","finance"],"requestData":"create finance restricted-cf"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'grant finance restricted-cf;' for finance",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessType":"admin","user":"user1","userGroups":["users","finance"],"requestData":"grant finance restricted-cf"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'scan finance restricted-cf;' for user1",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessType":"read","user":"user1","userGroups":["users"],"requestData":"scan finance restricted-cf"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'put finance restricted-cf;' for user1",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessType":"write","user":"user1","userGroups":["users"],"requestData":"put finance restricted-cf"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'create finance restricted-cf;' for user1",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create finance restricted-cf"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'grant finance restricted-cf;' for user1",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessType":"admin","user":"user1","userGroups":["users"],"requestData":"grant finance restricted-cf"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"ALLOW 'scan finance restricted-cf;' for finance-admin",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessType":"read","user":"user1","userGroups":["users","finance-admin"],"requestData":"scan finance restricted-cf"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"ALLOW 'put finance restricted-cf;' for finance-admin",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessType":"write","user":"user1","userGroups":["users","finance-admin"],"requestData":"put finance restricted-cf"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"ALLOW 'create finance restricted-cf;' for finance-admin",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessType":"create","user":"user1","userGroups":["users","finance-admin"],"requestData":"create finance restricted-cf"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"ALLOW 'grant finance restricted-cf;' for finance-admin",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+ "accessType":"admin","user":"user1","userGroups":["users","finance-admin"],"requestData":"grant finance restricted-cf"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"ALLOW 'scan finance regular-cf;' for user1",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"regular-cf"}},
+ "accessType":"read","user":"user1","userGroups":["users"],"requestData":"scan finance regular-cf"
+ },
+ "result":{"isAudited":false,"isAllowed":true,"policyId":3}
+ }
+ ,
+ {"name":"DENY 'put finance regular-cf;' for user1",
+ "request":{
+ "resource":{"elements":{"table":"finance","column-family":"regular-cf"}},
+ "accessType":"write","user":"user1","userGroups":["users"],"requestData":"put finance regular-cf"
+ },
+ "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
+ }
+ ]
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
new file mode 100644
index 0000000..943fe80
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
@@ -0,0 +1,156 @@
+{
+ "serviceName":"hdfsdev",
+
+ "serviceDef":{
+ "name":"hdfs",
+ "id":1,
+ "resources":[
+ {"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Resource Path","description":"HDFS file or directory path"}
+ ],
+ "accessTypes":[
+ {"name":"read","label":"Read"},
+ {"name":"write","label":"Write"},
+ {"name":"execute","label":"Execute"}
+ ]
+ },
+
+ "policies":[
+ {"id":1,"name":"audit-all-access under /finance/restricted/","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"path":{"values":["/finance/restricted/"],"isRecursive":true}},
+ "policyItems":[
+ {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
+ ]
+ }
+ ,
+ {"id":2,"name":"allow-read-to-all under /public/","isEnabled":true,"isAuditEnabled":false,
+ "resources":{"path":{"values":["/public/"],"isRecursive":true}},
+ "policyItems":[
+ {"accesses":[{"type":"read","isAllowed":true},{"type":"execute","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false}
+ ]
+ }
+ ,
+ {"id":3,"name":"allow-read-to-finance under /finance/restricted","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"path":{"values":["/finance/restricted"],"isRecursive":true}},
+ "policyItems":[
+ {"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false}
+ ]
+ }
+ ],
+
+ "tests":[
+ {"name":"ALLOW 'read /finance/restricted/sales.db' for g=finance",
+ "request":{
+ "resource":{"elements":{"path":"/finance/restricted/sales.db"}},
+ "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/sales.db"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":3}
+ }
+ ,
+ {"name":"ALLOW 'read /finance/restricted/hr/payroll.db' for g=finance",
+ "request":{
+ "resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
+ "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/hr/payroll.db"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":3}
+ }
+ ,
+ {"name":"DENY 'read /operations/visitors.db' for g=finance",
+ "request":{
+ "resource":{"elements":{"path":"/operations/visitors.db"}},
+ "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /operations/visitors.db"
+ },
+ "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"ALLOW 'read /public/technology/blogs.db' for g=finance",
+ "request":{
+ "resource":{"elements":{"path":"/public/technology/blogs.db"}},
+ "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /public/technology/blogs.db"
+ },
+ "result":{"isAudited":false,"isAllowed":true,"policyId":2}
+ }
+ ,
+
+ {"name":"DENY 'read /finance/restricted/sales.db' for g=hr",
+ "request":{
+ "resource":{"elements":{"path":"/finance/restricted/sales.db"}},
+ "accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /finance/restricted/sales.db"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"FALSE 'read /finance/restricted/hr/payroll.db' for g=hr",
+ "request":{
+ "resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
+ "accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /finance/restricted/hr/payroll.db"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'read /operations/visitors.db' for g=hr",
+ "request":{
+ "resource":{"elements":{"path":"/operations/visitors.db"}},
+ "accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /operations/visitors.db"
+ },
+ "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"ALLOW 'read /public/technology/blogs.db' for g=hr",
+ "request":{
+ "resource":{"elements":{"path":"/public/technology/blogs.db"}},
+ "accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /public/technology/blogs.db"
+ },
+ "result":{"isAudited":false,"isAllowed":true,"policyId":2}
+ }
+ ,
+
+ {"name":"DENY 'read /finance/restricted/sales.db' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/finance/restricted/sales.db"}},
+ "accessType":"read","user":"user1","userGroups":[],"requestData":"read /finance/restricted/sales.db"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'read /finance/restricted/hr/payroll.db' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
+ "accessType":"read","user":"user1","userGroups":[],"requestData":"read /finance/restricted/hr/payroll.db"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'read /operations/visitors.db' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/operations/visitors.db"}},
+ "accessType":"read","user":"user1","userGroups":[],"requestData":"read /operations/visitors.db"
+ },
+ "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"ALLOW 'read /public/technology/blogs.db' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/public/technology/blogs.db"}},
+ "accessType":"read","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
+ },
+ "result":{"isAudited":false,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"ALLOW 'read /public/technology' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/public/technology/blogs.db"}},
+ "accessType":"read","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
+ },
+ "result":{"isAudited":false,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"ALLOW 'read /public/technology' for u=user1",
+ "request":{
+ "resource":{"elements":{"path":"/public/technology/blogs.db"}},
+ "accessType":"execute","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
+ },
+ "result":{"isAudited":false,"isAllowed":true,"policyId":2}
+ }
+ ]
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/test/resources/policyengine/test_policyengine_hive.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hive.json b/agents-common/src/test/resources/policyengine/test_policyengine_hive.json
new file mode 100644
index 0000000..2ac90ae
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/test_policyengine_hive.json
@@ -0,0 +1,261 @@
+{
+ "serviceName":"hivedev",
+
+ "serviceDef":{
+ "name":"hive",
+ "id":3,
+ "resources":[
+ {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"},
+ {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"},
+ {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"},
+ {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"}
+ ],
+ "accessTypes":[
+ {"name":"select","label":"Select"},
+ {"name":"update","label":"Update"},
+ {"name":"create","label":"Create"},
+ {"name":"drop","label":"Drop"},
+ {"name":"alter","label":"Alter"},
+ {"name":"index","label":"Index"},
+ {"name":"lock","label":"Lock"},
+ {"name":"all","label":"All"}
+ ]
+ },
+
+ "policies":[
+ {"id":1,"name":"db=default: audit-all-access","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"database":{"values":["default"]},"table":{"values":["*"]},"column":{"values":["*"]}},
+ "policyItems":[
+ {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
+ ]
+ }
+ ,
+ {"id":2,"name":"db=default; table=test*; column=*","isEnabled":true,"isAuditEnabled":true,
+ "resources":{"database":{"values":["default"]},"table":{"values":["test*"]},"column":{"values":["*"]}},
+ "policyItems":[
+ {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false}
+ ,
+ {"accesses":[{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true}],"users":["admin"],"groups":["admin"],"delegateAdmin":true}
+ ]
+ }
+ ],
+
+ "tests":[
+ {"name":"ALLOW 'use default;' for user1",
+ "request":{
+ "resource":{"elements":{"database":"default"}},
+ "accessType":"","user":"user1","userGroups":["users"],"requestData":"use default"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"ALLOW 'use default;' for user2",
+ "request":{
+ "resource":{"elements":{"database":"default"}},
+ "accessType":"","user":"user2","userGroups":["users"],"requestData":"use default"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"DENY 'use default;' to user3",
+ "request":{
+ "resource":{"elements":{"database":"default"}},
+ "accessType":"","user":"user3","userGroups":["users"],"requestData":"use default"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"ALLOW 'use default;' to group1",
+ "request":{
+ "resource":{"elements":{"database":"default"}},
+ "accessType":"","user":"user3","userGroups":["users", "group1"],"requestData":"use default"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"ALLOW 'use default;' to group2",
+ "request":{
+ "resource":{"elements":{"database":"default"}},
+ "accessType":"","user":"user3","userGroups":["users", "group2"],"requestData":"use default"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"DENY 'use default;' to user3/group3",
+ "request":{
+ "resource":{"elements":{"database":"default"}},
+ "accessType":"","user":"user3","userGroups":["users", "group3"],"requestData":"use default"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'use finance;' to user3/group3",
+ "request":{
+ "resource":{"elements":{"database":"finance"}},
+ "accessType":"","user":"user1","userGroups":["users"],"requestData":"use finance"
+ },
+ "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"ALLOW 'select col1 from default.testtable;' to user1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+ "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.testtable"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"ALLOW 'select col1 from default.testtable;' to user2",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+ "accessType":"select","user":"user2","userGroups":["users"],"requestData":"select col1 from default.testtable"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"DENY 'select col1 from default.testtable;' to user3",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+ "accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.testtable"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"ALLOW 'select col1 from default.testtable;' to group1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+ "accessType":"select","user":"user3","userGroups":["users","group1"],"requestData":"select col1 from default.testtable"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"ALLOW 'select col1 from default.testtable;' to group2",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+ "accessType":"select","user":"user3","userGroups":["users","group2"],"requestData":"select col1 from default.testtable"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"DENY 'select col1 from default.testtable;' to user3/group3",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+ "accessType":"select","user":"user3","userGroups":["users","group3"],"requestData":"select col1 from default.testtable"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'select col1 from default.table1;' to user1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
+ "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.table1"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'create table default.testtable1;' to user1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'create table default.testtable1;' to user1/group1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessType":"create","user":"user1","userGroups":["users","group1"],"requestData":"create table default.testtable1"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"ALLOW 'create table default.testtable1;' to admin",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessType":"create","user":"admin","userGroups":["users"],"requestData":"create table default.testtable1"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"ALLOW 'create table default.testtable1;' to user1/admin",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"DENY 'drop table default.testtable1;' to user1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'drop table default.testtable1;' to user1/group1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessType":"drop","user":"user1","userGroups":["users","group1"],"requestData":"drop table default.testtable1"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"ALLOW 'drop table default.testtable1;' to admin",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessType":"drop","user":"admin","userGroups":["users"],"requestData":"drop table default.testtable1"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"ALLOW 'drop table default.testtable1;' to user1/admin",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"testtable1"}},
+ "accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
+ },
+ "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+ }
+ ,
+ {"name":"DENY 'create table default.table1;' to user1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"table1"}},
+ "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'create table default.table1;' to user1/admin",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"table1"}},
+ "accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'drop table default.table1;' to user1",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"table1"}},
+ "accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'drop table default.table1;' to user1/admin",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"table1"}},
+ "accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ,
+ {"name":"DENY 'select col1 from default.table1;' to user3",
+ "request":{
+ "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
+ "accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.table1"
+ },
+ "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+ }
+ ]
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-impl/.gitignore
----------------------------------------------------------------------
diff --git a/agents-impl/.gitignore b/agents-impl/.gitignore
index 0f63015..20e1ada 100644
--- a/agents-impl/.gitignore
+++ b/agents-impl/.gitignore
@@ -1,2 +1,3 @@
/target/
/bin/
+/target
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/hbase-agent/pom.xml
----------------------------------------------------------------------
diff --git a/hbase-agent/pom.xml b/hbase-agent/pom.xml
index 2749ca4..2fee01f 100644
--- a/hbase-agent/pom.xml
+++ b/hbase-agent/pom.xml
@@ -53,11 +53,6 @@
<version>${project.version}</version>
</dependency>
<dependency>
- <groupId>org.apache.ranger</groupId>
- <artifactId>plugin-common</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>${gson.version}</version>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/hdfs-agent/pom.xml
----------------------------------------------------------------------
diff --git a/hdfs-agent/pom.xml b/hdfs-agent/pom.xml
index 5867ac8..db0fbee 100644
--- a/hdfs-agent/pom.xml
+++ b/hdfs-agent/pom.xml
@@ -75,11 +75,6 @@
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
</dependency>
- <dependency>
- <groupId>org.apache.ranger</groupId>
- <artifactId>plugin-common</artifactId>
- <version>${project.version}</version>
- </dependency>
</dependencies>
<build>
<!--
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/hive-agent/pom.xml
----------------------------------------------------------------------
diff --git a/hive-agent/pom.xml b/hive-agent/pom.xml
index c6d41be..1b19025 100644
--- a/hive-agent/pom.xml
+++ b/hive-agent/pom.xml
@@ -108,10 +108,5 @@
<artifactId>ranger-plugins-audit</artifactId>
<version>${project.version}</version>
</dependency>
- <dependency>
- <groupId>org.apache.ranger</groupId>
- <artifactId>plugin-common</artifactId>
- <version>${project.version}</version>
- </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/jisql/.gitignore
----------------------------------------------------------------------
diff --git a/jisql/.gitignore b/jisql/.gitignore
new file mode 100644
index 0000000..798e8dd
--- /dev/null
+++ b/jisql/.gitignore
@@ -0,0 +1,4 @@
+/target/
+/bin/
+/bin/
+/target
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/lookup-client/.gitignore
----------------------------------------------------------------------
diff --git a/lookup-client/.gitignore b/lookup-client/.gitignore
index 0f63015..20e1ada 100644
--- a/lookup-client/.gitignore
+++ b/lookup-client/.gitignore
@@ -1,2 +1,3 @@
/target/
/bin/
+/target
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java b/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java
deleted file mode 100644
index 45a63c2..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.audit;
-
-import java.util.Collection;
-
-import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-
-
-public interface RangerAuditHandler {
- void logAudit(RangerAccessResult result);
-
- void logAudit(Collection<RangerAccessResult> results);
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java b/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
deleted file mode 100644
index feb6e98..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
+++ /dev/null
@@ -1,231 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.audit;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.audit.model.AuthzAuditEvent;
-import org.apache.ranger.audit.provider.AuditProviderFactory;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerResource;
-
-
-public class RangerDefaultAuditHandler implements RangerAuditHandler {
- private static final Log LOG = LogFactory.getLog(RangerDefaultAuditHandler.class);
-
- private static final String RESOURCE_SEP = "/";
-
-
- public RangerDefaultAuditHandler() {
- }
-
- @Override
- public void logAudit(RangerAccessResult result) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + result + ")");
- }
-
- AuthzAuditEvent event = getAuthzEvents(result);
-
- logAuthzAudit(event);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + result + ")");
- }
- }
-
- @Override
- public void logAudit(Collection<RangerAccessResult> results) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + results + ")");
- }
-
- Collection<AuthzAuditEvent> events = getAuthzEvents(results);
-
- logAuthzAudits(events);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + results + ")");
- }
- }
-
-
- public AuthzAuditEvent getAuthzEvents(RangerAccessResult result) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultAuditHandler.getAuthzEvents(" + result + ")");
- }
-
- AuthzAuditEvent ret = null;
-
- RangerAccessRequest request = result != null ? result.getAccessRequest() : null;
-
- if(request != null && result != null && result.getIsAudited()) {
- RangerServiceDef serviceDef = result.getServiceDef();
- String resourceType = getResourceName(request.getResource(), serviceDef);
- String resourcePath = getResourceValueAsString(request.getResource(), serviceDef);
-
- ret = createAuthzAuditEvent();
-
- ret.setRepositoryName(result.getServiceName());
- ret.setRepositoryType(result.getServiceType());
- ret.setResourceType(resourceType);
- ret.setResourcePath(resourcePath);
- ret.setRequestData(request.getRequestData());
- ret.setEventTime(request.getAccessTime());
- ret.setUser(request.getUser());
- ret.setAccessType(request.getAction());
- ret.setAccessResult((short)(result.getIsAllowed() ? 1 : 0));
- ret.setPolicyId(result.getPolicyId());
- ret.setAclEnforcer("ranger-acl"); // TODO: review
- ret.setAction(request.getAccessType());
- ret.setClientIP(request.getClientIPAddress());
- ret.setClientType(request.getClientType());
- ret.setAgentHostname(null);
- ret.setAgentId(null);
- ret.setEventId(null);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultAuditHandler.getAuthzEvents(" + result + "): " + ret);
- }
-
- return ret;
- }
-
- public Collection<AuthzAuditEvent> getAuthzEvents(Collection<RangerAccessResult> results) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultAuditHandler.getAuthzEvents(" + results + ")");
- }
-
- List<AuthzAuditEvent> ret = null;
-
- if(results != null) {
- // TODO: optimize the number of audit logs created
- for(RangerAccessResult result : results) {
- AuthzAuditEvent event = getAuthzEvents(result);
-
- if(event == null) {
- continue;
- }
-
- if(ret == null) {
- ret = new ArrayList<AuthzAuditEvent>();
- }
-
- ret.add(event);
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultAuditHandler.getAuthzEvents(" + results + "): " + ret);
- }
-
- return ret;
- }
-
- public void logAuthzAudit(AuthzAuditEvent auditEvent) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultAuditHandler.logAuthzAudit(" + auditEvent + ")");
- }
-
- if(auditEvent != null) {
- AuditProviderFactory.getAuditProvider().log(auditEvent);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultAuditHandler.logAuthzAudit(" + auditEvent + ")");
- }
- }
-
- public void logAuthzAudits(Collection<AuthzAuditEvent> auditEvents) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultAuditHandler.logAuthzAudits(" + auditEvents + ")");
- }
-
- if(auditEvents != null) {
- for(AuthzAuditEvent auditEvent : auditEvents) {
- logAuthzAudit(auditEvent);
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultAuditHandler.logAuthzAudits(" + auditEvents + ")");
- }
- }
-
- public AuthzAuditEvent createAuthzAuditEvent() {
- return new AuthzAuditEvent();
- }
-
- public String getResourceName(RangerResource resource, RangerServiceDef serviceDef) {
- String ret = null;
-
- if(resource != null && serviceDef != null && serviceDef.getResources() != null) {
- List<RangerResourceDef> resourceDefs = serviceDef.getResources();
-
- for(int idx = resourceDefs.size() - 1; idx >= 0; idx--) {
- RangerResourceDef resourceDef = resourceDefs.get(idx);
-
- if(resourceDef == null || !resource.exists(resourceDef.getName())) {
- continue;
- }
-
- ret = resourceDef.getName();
-
- break;
- }
- }
-
- return ret;
- }
-
- public String getResourceValueAsString(RangerResource resource, RangerServiceDef serviceDef) {
- String ret = null;
-
- if(resource != null && serviceDef != null && serviceDef.getResources() != null) {
- StringBuilder sb = new StringBuilder();
-
- for(RangerResourceDef resourceDef : serviceDef.getResources()) {
- if(resourceDef == null || !resource.exists(resourceDef.getName())) {
- continue;
- }
-
- if(sb.length() > 0) {
- sb.append(RESOURCE_SEP);
- }
-
- sb.append(resource.getValue(resourceDef.getName()));
- }
-
- if(sb.length() > 0) {
- ret = sb.toString();
- }
- }
-
- return ret;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java
deleted file mode 100644
index b90d387..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.model;
-
-import java.util.Date;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-
-import org.codehaus.jackson.annotate.JsonAutoDetect;
-import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
-import org.codehaus.jackson.annotate.JsonIgnoreProperties;
-import org.codehaus.jackson.map.annotate.JsonSerialize;
-
-@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
-@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
-@JsonIgnoreProperties(ignoreUnknown=true)
-@XmlRootElement
-@XmlAccessorType(XmlAccessType.FIELD)
-public class RangerBaseModelObject implements java.io.Serializable {
- private static final long serialVersionUID = 1L;
-
- private Long id = null;
- private String guid = null;
- private Boolean isEnabled = null;
- private String createdBy = null;
- private String updatedBy = null;
- private Date createTime = null;
- private Date updateTime = null;
- private Long version = null;
-
- /**
- *
- */
- public RangerBaseModelObject() {
- setIsEnabled(null);
- }
-
- public void updateFrom(RangerBaseModelObject other) {
- setIsEnabled(other.getIsEnabled());
- }
-
- /**
- * @return the id
- */
- public Long getId() {
- return id;
- }
- /**
- * @param id the id to set
- */
- public void setId(Long id) {
- this.id = id;
- }
- /**
- * @return the guid
- */
- public String getGuid() {
- return guid;
- }
- /**
- * @param guid the guid to set
- */
- public void setGuid(String guid) {
- this.guid = guid;
- }
- /**
- * @return the isEnabled
- */
- public Boolean getIsEnabled() {
- return isEnabled;
- }
- /**
- * @param isEnabled the isEnabled to set
- */
- public void setIsEnabled(Boolean isEnabled) {
- this.isEnabled = isEnabled == null ? Boolean.TRUE : isEnabled;
- }
- /**
- * @return the createdBy
- */
- public String getCreatedBy() {
- return createdBy;
- }
- /**
- * @param createdBy the createdBy to set
- */
- public void setCreatedBy(String createdBy) {
- this.createdBy = createdBy;
- }
- /**
- * @return the updatedBy
- */
- public String getUpdatedBy() {
- return updatedBy;
- }
- /**
- * @param updatedBy the updatedBy to set
- */
- public void setUpdatedBy(String updatedBy) {
- this.updatedBy = updatedBy;
- }
- /**
- * @return the createTime
- */
- public Date getCreateTime() {
- return createTime;
- }
- /**
- * @param createTime the createTime to set
- */
- public void setCreateTime(Date createTime) {
- this.createTime = createTime;
- }
- /**
- * @return the updateTime
- */
- public Date getUpdateTime() {
- return updateTime;
- }
- /**
- * @param updateTime the updateTime to set
- */
- public void setUpdateTime(Date updateTime) {
- this.updateTime = updateTime;
- }
- /**
- * @return the version
- */
- public Long getVersion() {
- return version;
- }
- /**
- * @param version the version to set
- */
- public void setVersion(Long version) {
- this.version = version;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("id={").append(id).append("} ");
- sb.append("guid={").append(guid).append("} ");
- sb.append("isEnabled={").append(isEnabled).append("} ");
- sb.append("createdBy={").append(createdBy).append("} ");
- sb.append("updatedBy={").append(updatedBy).append("} ");
- sb.append("createTime={").append(createTime).append("} ");
- sb.append("updateTime={").append(updateTime).append("} ");
- sb.append("version={").append(version).append("} ");
-
- return sb;
- }
-}
[3/8] incubator-ranger git commit: RANGER-203: moved
pluggable-service-model implementation from plugin-common to exiting project
ranger-plugin-common
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
deleted file mode 100644
index cc1ee1e..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ /dev/null
@@ -1,446 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyevaluator;
-
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
-import org.apache.ranger.plugin.policyengine.RangerResource;
-import org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher;
-import org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher;
-
-
-public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator {
- private static final Log LOG = LogFactory.getLog(RangerDefaultPolicyEvaluator.class);
-
- private Map<String, RangerResourceMatcher> matchers = null;
-
- @Override
- public void init(RangerPolicy policy, RangerServiceDef serviceDef) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultPolicyEvaluator.init()");
- }
-
- preprocessPolicy(policy, serviceDef);
-
- super.init(policy, serviceDef);
-
- this.matchers = new HashMap<String, RangerResourceMatcher>();
-
- if(policy != null && policy.getResources() != null && serviceDef != null) {
- for(RangerResourceDef resourceDef : serviceDef.getResources()) {
- String resourceName = resourceDef.getName();
- RangerPolicyResource policyResource = policy.getResources().get(resourceName);
-
- RangerResourceMatcher matcher = createResourceMatcher(resourceDef, policyResource);
-
- if(matcher != null) {
- matchers.put(resourceName, matcher);
- } else {
- LOG.error("failed to find matcher for resource " + resourceName);
- }
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultPolicyEvaluator.init()");
- }
- }
-
- @Override
- public void evaluate(RangerAccessRequest request, RangerAccessResult result) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultPolicyEvaluator.evaluate(" + request + ", " + result + ")");
- }
-
- RangerPolicy policy = getPolicy();
-
- if(policy != null && request != null && result != null) {
- boolean isResourceMatch = matchResource(request.getResource());
- boolean isResourceHeadMatch = isResourceMatch || matchResourceHead(request.getResource());
- String accessType = request.getAccessType();
-
- if(StringUtils.isEmpty(accessType)) {
- accessType = RangerPolicyEngine.ANY_ACCESS;
- }
-
- boolean isAnyAccess = StringUtils.equals(accessType, RangerPolicyEngine.ANY_ACCESS);
-
- if(isResourceMatch || (isResourceHeadMatch && isAnyAccess)) {
- if(policy.getIsAuditEnabled()) {
- result.setIsAudited(true);
- }
-
- for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
- if(result.getIsAllowed()) {
- break;
- }
-
- if(CollectionUtils.isEmpty(policyItem.getAccesses())) {
- continue;
- }
-
- boolean isUserGroupMatch = matchUserGroup(policyItem, request.getUser(), request.getUserGroups());
-
- if(! isUserGroupMatch) {
- continue;
- }
-
- boolean isCustomConditionsMatch = matchCustomConditions(policyItem, request);
-
- if(! isCustomConditionsMatch) {
- continue;
- }
-
- if(isAnyAccess) {
- for(RangerPolicyItemAccess access : policyItem.getAccesses()) {
- if(access.getIsAllowed()) {
- result.setIsAllowed(true);
- result.setPolicyId(policy.getId());
- break;
- }
- }
- } else {
- RangerPolicyItemAccess access = getAccess(policyItem, accessType);
-
- if(access != null && access.getIsAllowed()) {
- result.setIsAllowed(true);
- result.setPolicyId(policy.getId());
- }
- }
- }
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultPolicyEvaluator.evaluate(" + request + ", " + result + ")");
- }
- }
-
- protected boolean matchResource(RangerResource resource) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultPolicyEvaluator.matchResource(" + resource + ")");
- }
-
- boolean ret = false;
-
- RangerServiceDef serviceDef = getServiceDef();
-
- if(serviceDef != null && serviceDef.getResources() != null) {
- Collection<String> resourceKeys = resource == null ? null : resource.getKeys();
- Collection<String> policyKeys = matchers == null ? null : matchers.keySet();
-
- boolean keysMatch = (resourceKeys == null) || (policyKeys != null && policyKeys.containsAll(resourceKeys));
-
- if(keysMatch) {
- for(RangerResourceDef resourceDef : serviceDef.getResources()) {
- String resourceName = resourceDef.getName();
- String resourceValue = resource == null ? null : resource.getValue(resourceName);
- RangerResourceMatcher matcher = matchers == null ? null : matchers.get(resourceName);
-
- // when no value exists for a resourceName, consider it a match only if (policy doesn't have a matcher OR matcher allows no-value resource)
- if(StringUtils.isEmpty(resourceValue)) {
- ret = matcher == null || matcher.isMatch(resourceValue);
- } else {
- ret = matcher != null && matcher.isMatch(resourceValue);
- }
-
- if(! ret) {
- break;
- }
- }
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultPolicyEvaluator.matchResource(" + resource + "): " + ret);
- }
-
- return ret;
- }
-
- protected boolean matchResourceHead(RangerResource resource) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultPolicyEvaluator.matchResourceHead(" + resource + ")");
- }
-
- boolean ret = false;
-
- RangerServiceDef serviceDef = getServiceDef();
-
- if(serviceDef != null && serviceDef.getResources() != null) {
- int numMatched = 0;
- int numUnmatched = 0;
-
- for(RangerResourceDef resourceDef : serviceDef.getResources()) {
- String resourceName = resourceDef.getName();
- String resourceValue = resource == null ? null : resource.getValue(resourceName);
- RangerResourceMatcher matcher = matchers == null ? null : matchers.get(resourceName);
-
- if(numUnmatched > 0) { // no further values are expected in the resource
- if(! StringUtils.isEmpty(resourceValue)) {
- break;
- }
-
- numUnmatched++;
- continue;
- } else {
- boolean isMatch = false;
-
- // when no value exists for a resourceName, consider it a match only if (policy doesn't have a matcher OR matcher allows no-value resource)
- if(StringUtils.isEmpty(resourceValue)) {
- isMatch = matcher == null || matcher.isMatch(resourceValue);
- } else {
- isMatch = matcher != null && matcher.isMatch(resourceValue);
- }
-
- if(isMatch) {
- numMatched++;
- } else {
- numUnmatched++;
- }
- }
- }
-
- ret = (numMatched > 0) && serviceDef.getResources().size() == (numMatched + numUnmatched);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultPolicyEvaluator.matchResourceHead(" + resource + "): " + ret);
- }
-
- return ret;
- }
-
- protected boolean matchUserGroup(RangerPolicyItem policyItem, String user, Collection<String> groups) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultPolicyEvaluator.matchUserGroup(" + policyItem + ", " + user + ", " + groups + ")");
- }
-
- boolean ret = false;
-
- if(policyItem != null) {
- if(!ret && user != null && policyItem.getUsers() != null) {
- ret = policyItem.getUsers().contains(user);
- }
-
- if(!ret && groups != null && policyItem.getGroups() != null) {
- ret = policyItem.getGroups().contains(RangerPolicyEngine.GROUP_PUBLIC) ||
- !Collections.disjoint(policyItem.getGroups(), groups);
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultPolicyEvaluator.matchUserGroup(" + policyItem + ", " + user + ", " + groups + "): " + ret);
- }
-
- return ret;
- }
-
- protected boolean matchCustomConditions(RangerPolicyItem policyItem, RangerAccessRequest request) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultPolicyEvaluator.matchCustomConditions(" + policyItem + ", " + request + ")");
- }
-
- boolean ret = false;
-
- // TODO:
- ret = true;
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultPolicyEvaluator.matchCustomConditions(" + policyItem + ", " + request + "): " + ret);
- }
-
- return ret;
- }
-
- protected RangerPolicyItemAccess getAccess(RangerPolicyItem policyItem, String accessType) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultPolicyEvaluator.getAccess(" + policyItem + ", " + accessType + ")");
- }
-
- RangerPolicyItemAccess ret = null;
-
- if(policyItem != null && accessType != null && policyItem.getAccesses() != null) {
- for(RangerPolicyItemAccess access : policyItem.getAccesses()) {
- if(StringUtils.equalsIgnoreCase(accessType, access.getType())) {
- ret = access;
-
- break;
- }
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultPolicyEvaluator.getAccess(" + policyItem + ", " + accessType + "): " + ret);
- }
-
- return ret;
- }
-
- protected RangerResourceMatcher createResourceMatcher(RangerResourceDef resourceDef, RangerPolicyResource resource) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultPolicyEvaluator.createResourceMatcher(" + resourceDef + ", " + resource + ")");
- }
-
- RangerResourceMatcher ret = null;
-
- String clsName = resourceDef != null ? resourceDef.getMatcher() : null;
- String options = resourceDef != null ? resourceDef.getMatcherOptions() : null;
-
- if(StringUtils.isEmpty(clsName)) {
- ret = new RangerDefaultResourceMatcher();
- } else {
- try {
- @SuppressWarnings("unchecked")
- Class<RangerResourceMatcher> matcherClass = (Class<RangerResourceMatcher>)Class.forName(clsName);
-
- ret = matcherClass.newInstance();
- } catch(ClassNotFoundException excp) {
- // TODO: ERROR
- excp.printStackTrace();
- } catch (InstantiationException excp) {
- // TODO: ERROR
- excp.printStackTrace();
- } catch (IllegalAccessException excp) {
- // TODO: ERROR
- excp.printStackTrace();
- }
- }
-
- if(ret != null) {
- ret.init(resourceDef, resource, options);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultPolicyEvaluator.createResourceMatcher(" + resourceDef + ", " + resource + "): " + ret);
- }
-
- return ret;
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerDefaultPolicyEvaluator={");
-
- super.toString(sb);
-
- sb.append("matchers={");
- if(matchers != null) {
- for(RangerResourceMatcher matcher : matchers.values()) {
- sb.append("{").append(matcher).append("} ");
- }
- }
- sb.append("} ");
-
- sb.append("}");
-
- return sb;
- }
-
- private void preprocessPolicy(RangerPolicy policy, RangerServiceDef serviceDef) {
- if(policy == null || CollectionUtils.isEmpty(policy.getPolicyItems()) || serviceDef == null) {
- return;
- }
-
- Map<String, Collection<String>> impliedAccessGrants = getImpliedAccessGrants(serviceDef);
-
- if(impliedAccessGrants == null || impliedAccessGrants.isEmpty()) {
- return;
- }
-
- for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
- if(CollectionUtils.isEmpty(policyItem.getAccesses())) {
- continue;
- }
-
- // Only one round of 'expansion' is done; multi-level impliedGrants (like shown below) are not handled for now
- // multi-level impliedGrants: given admin=>write; write=>read: must imply admin=>read,write
- for(Map.Entry<String, Collection<String>> e : impliedAccessGrants.entrySet()) {
- String accessType = e.getKey();
- Collection<String> impliedGrants = e.getValue();
-
- RangerPolicyItemAccess access = getAccess(policyItem, accessType);
-
- if(access == null) {
- continue;
- }
-
- for(String impliedGrant : impliedGrants) {
- RangerPolicyItemAccess impliedAccess = getAccess(policyItem, impliedGrant);
-
- if(impliedAccess == null) {
- impliedAccess = new RangerPolicyItemAccess(impliedGrant, access.getIsAllowed());
-
- policyItem.getAccesses().add(impliedAccess);
- } else {
- if(! impliedAccess.getIsAllowed()) {
- impliedAccess.setIsAllowed(access.getIsAllowed());
- }
- }
- }
- }
- }
- }
-
- private Map<String, Collection<String>> getImpliedAccessGrants(RangerServiceDef serviceDef) {
- Map<String, Collection<String>> ret = null;
-
- if(serviceDef != null && !CollectionUtils.isEmpty(serviceDef.getAccessTypes())) {
- for(RangerAccessTypeDef accessTypeDef : serviceDef.getAccessTypes()) {
- if(!CollectionUtils.isEmpty(accessTypeDef.getImpliedGrants())) {
- if(ret == null) {
- ret = new HashMap<String, Collection<String>>();
- }
-
- Collection<String> impliedAccessGrants = ret.get(accessTypeDef.getName());
-
- if(impliedAccessGrants == null) {
- impliedAccessGrants = new HashSet<String>();
-
- ret.put(accessTypeDef.getName(), impliedAccessGrants);
- }
-
- for(String impliedAccessGrant : accessTypeDef.getImpliedGrants()) {
- impliedAccessGrants.add(impliedAccessGrant);
- }
- }
- }
- }
-
- return ret;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
deleted file mode 100644
index b6e0f10..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyevaluator;
-
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-
-public interface RangerPolicyEvaluator {
- void init(RangerPolicy policy, RangerServiceDef serviceDef);
-
- RangerPolicy getPolicy();
-
- RangerServiceDef getServiceDef();
-
- void evaluate(RangerAccessRequest request, RangerAccessResult result);
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java b/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
deleted file mode 100644
index 9fb248a..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
+++ /dev/null
@@ -1,226 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.resourcematcher;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
-
-
-public abstract class RangerAbstractResourceMatcher implements RangerResourceMatcher {
- private static final Log LOG = LogFactory.getLog(RangerAbstractResourceMatcher.class);
-
- public final String WILDCARD_PATTERN = ".*";
-
- public final String OPTIONS_SEP = ";";
- public final String OPTION_NV_SEP = "=";
- public final String OPTION_IGNORE_CASE = "ignoreCase";
- public final String OPTION_WILD_CARD = "wildCard";
-
- private RangerResourceDef resourceDef = null;
- private RangerPolicyResource policyResource = null;
- private String optionsString = null;
- private Map<String, String> options = null;
-
- protected boolean optIgnoreCase = false;
- protected boolean optWildCard = false;
-
- protected List<String> policyValues = null;
- protected boolean policyIsExcludes = false;
- protected boolean isMatchAny = false;
-
- @Override
- public void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource, String optionsString) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerAbstractResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")");
- }
-
- this.resourceDef = resourceDef;
- this.policyResource = policyResource;
- this.optionsString = optionsString;
-
- options = new HashMap<String, String>();
-
- if(optionsString != null) {
- for(String optionString : optionsString.split(OPTIONS_SEP)) {
- if(StringUtils.isEmpty(optionString)) {
- continue;
- }
-
- String[] nvArr = optionString.split(OPTION_NV_SEP);
-
- String name = (nvArr != null && nvArr.length > 0) ? nvArr[0].trim() : null;
- String value = (nvArr != null && nvArr.length > 1) ? nvArr[1].trim() : null;
-
- if(StringUtils.isEmpty(name)) {
- continue;
- }
-
- options.put(name, value);
- }
- }
-
- optIgnoreCase = getBooleanOption(OPTION_IGNORE_CASE, true);
- optWildCard = getBooleanOption(OPTION_WILD_CARD, true);
-
- policyValues = new ArrayList<String>();
- policyIsExcludes = policyResource == null ? false : policyResource.getIsExcludes();
-
- if(policyResource != null && policyResource.getValues() != null) {
- for(String policyValue : policyResource.getValues()) {
- if(StringUtils.isEmpty(policyValue)) {
- continue;
- }
-
- if(optIgnoreCase) {
- policyValue = policyValue.toLowerCase();
- }
-
- if(optWildCard) {
- policyValue = getWildCardPattern(policyValue);
- }
-
- if(policyValue.equals(WILDCARD_PATTERN)) {
- isMatchAny = true;
- }
-
- policyValues.add(policyValue);
- }
- }
-
- if(policyValues.isEmpty()) {
- isMatchAny = true;
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerAbstractResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")");
- }
- }
-
- @Override
- public RangerResourceDef getResourceDef() {
- return resourceDef;
- }
-
- @Override
- public RangerPolicyResource getPolicyResource() {
- return policyResource;
- }
-
- @Override
- public String getOptionsString() {
- return optionsString;
- }
-
-
- public String getOption(String name) {
- String ret = null;
-
- if(options != null && name != null) {
- ret = options.get(name);
- }
-
- return ret;
- }
-
- public String getOption(String name, String defaultValue) {
- String ret = getOption(name);
-
- if(StringUtils.isEmpty(ret)) {
- ret = defaultValue;
- }
-
- return ret;
- }
-
- public boolean getBooleanOption(String name) {
- String val = getOption(name);
-
- boolean ret = StringUtils.isEmpty(val) ? false : Boolean.parseBoolean(val);
-
- return ret;
- }
-
- public boolean getBooleanOption(String name, boolean defaultValue) {
- String strVal = getOption(name);
-
- boolean ret = StringUtils.isEmpty(strVal) ? defaultValue : Boolean.parseBoolean(strVal);
-
- return ret;
- }
-
- public String getWildCardPattern(String policyValue) {
- if (policyValue != null) {
- policyValue = policyValue.replaceAll("\\?", "\\.")
- .replaceAll("\\*", ".*") ;
- }
-
- return policyValue ;
- }
-
- @Override
- public String toString( ) {
- StringBuilder sb = new StringBuilder();
-
- toString(sb);
-
- return sb.toString();
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerAbstractResourceMatcher={");
-
- sb.append("resourceDef={");
- if(resourceDef != null) {
- resourceDef.toString(sb);
- }
- sb.append("} ");
- sb.append("policyResource={");
- if(policyResource != null) {
- policyResource.toString(sb);
- }
- sb.append("} ");
- sb.append("optionsString={").append(optionsString).append("} ");
- sb.append("optIgnoreCase={").append(optIgnoreCase).append("} ");
- sb.append("optWildCard={").append(optWildCard).append("} ");
- sb.append("policyValues={").append(StringUtils.join(policyValues, ",")).append("} ");
- sb.append("policyIsExcludes={").append(policyIsExcludes).append("} ");
- sb.append("isMatchAny={").append(isMatchAny).append("} ");
-
- sb.append("options={");
- if(options != null) {
- for(Map.Entry<String, String> e : options.entrySet()) {
- sb.append(e.getKey()).append("=").append(e.getValue()).append(OPTIONS_SEP);
- }
- }
- sb.append("} ");
-
- sb.append("}");
-
- return sb;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java b/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
deleted file mode 100644
index 13500dc..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.resourcematcher;
-
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
-
-
-public class RangerDefaultResourceMatcher extends RangerAbstractResourceMatcher {
- private static final Log LOG = LogFactory.getLog(RangerDefaultResourceMatcher.class);
-
-
- @Override
- public void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource, String optionsString) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")");
- }
-
- super.init(resourceDef, policyResource, optionsString);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")");
- }
- }
-
- @Override
- public boolean isMatch(String resource) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultResourceMatcher.isMatch(" + resource + ")");
- }
-
- boolean ret = false;
-
- if(resource != null) {
- if(optIgnoreCase) {
- resource = resource.toLowerCase();
- }
-
- for(String policyValue : policyValues) {
- ret = optWildCard ? resource.matches(policyValue) : StringUtils.equals(resource, policyValue);
-
- if(ret) {
- break;
- }
- }
- } else {
- ret = isMatchAny;
- }
-
- if(policyIsExcludes) {
- ret = !ret;
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultResourceMatcher.isMatch(" + resource + "): " + ret);
- }
-
- return ret;
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerDefaultResourceMatcher={");
-
- super.toString(sb);
-
- sb.append("policyValues={");
- if(policyValues != null) {
- for(String value : policyValues) {
- sb.append(value).append(",");
- }
- }
- sb.append("} ");
-
- sb.append("policyIsExcludes={").append(policyIsExcludes).append("} ");
-
- sb.append("}");
-
- return sb;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java b/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
deleted file mode 100644
index 2cf3a68..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.resourcematcher;
-
-import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
-
-
-public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher {
- private static final Log LOG = LogFactory.getLog(RangerPathResourceMatcher.class);
-
- private boolean policyIsRecursive = false;
-
- @Override
- public void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource, String optionsString) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPathResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")");
- }
-
- super.init(resourceDef, policyResource, optionsString);
-
- policyIsRecursive = policyResource == null ? false : policyResource.getIsRecursive();
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPathResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")");
- }
- }
-
- @Override
- public boolean isMatch(String resource) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPathResourceMatcher.isMatch(" + resource + ")");
- }
-
- boolean ret = false;
-
- if(resource != null) {
- if(optIgnoreCase) {
- resource = resource.toLowerCase();
- }
-
- for(String policyValue : policyValues) {
- if(policyIsRecursive) {
- ret = StringUtils.startsWith(resource, policyValue);
-
- if(! ret && optWildCard) {
- ret = isRecursiveWildCardMatch(resource, policyValue) ;
- }
- } else {
- ret = StringUtils.equals(resource, policyValue);
-
- if(! ret && optWildCard) {
- ret = FilenameUtils.wildcardMatch(resource, policyValue);
- }
- }
-
- if(ret) {
- break;
- }
- }
- } else {
- ret = isMatchAny;
- }
-
- if(policyIsExcludes) {
- ret = !ret;
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPathResourceMatcher.isMatch(" + resource + "): " + ret);
- }
-
- return ret;
- }
-
- private static boolean isRecursiveWildCardMatch(String pathToCheck, String wildcardPath) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + ")");
- }
-
- boolean ret = false;
-
- if (pathToCheck != null) {
- StringBuilder sb = new StringBuilder() ;
-
- for(String p : pathToCheck.split(org.apache.hadoop.fs.Path.SEPARATOR) ) {
- sb.append(p);
-
- boolean matchFound = FilenameUtils.wildcardMatch(sb.toString(), wildcardPath) ;
-
- if (matchFound) {
- ret = true ;
-
- break;
- }
-
- sb.append(org.apache.hadoop.fs.Path.SEPARATOR) ;
- }
-
- sb = null;
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + "): " + ret);
- }
-
- return ret;
- }
-
- public StringBuilder toString(StringBuilder sb) {
- sb.append("RangerPathResourceMatcher={");
-
- super.toString(sb);
-
- sb.append("policyValues={");
- if(policyValues != null) {
- for(String value : policyValues) {
- sb.append(value).append(",");
- }
- }
- sb.append("} ");
-
- sb.append("policyIsExcludes={").append(policyIsExcludes).append("} ");
- sb.append("policyIsRecursive={").append(policyIsRecursive).append("} ");
-
- sb.append("}");
-
- return sb;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java b/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
deleted file mode 100644
index c750cd8..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.resourcematcher;
-
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
-
-public interface RangerResourceMatcher {
- void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource, String optionsString);
-
- RangerResourceDef getResourceDef();
-
- RangerPolicyResource getPolicyResource();
-
- String getOptionsString();
-
- boolean isMatch(String resource);
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
deleted file mode 100644
index 8f1fa5f..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.service;
-
-import java.util.Collection;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
-import org.apache.ranger.plugin.audit.RangerAuditHandler;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
-import org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl;
-import org.apache.ranger.plugin.store.ServiceStore;
-import org.apache.ranger.plugin.store.ServiceStoreFactory;
-import org.apache.ranger.plugin.util.PolicyRefresher;
-
-
-public class RangerBasePlugin {
- private String serviceType = null;
- private String serviceName = null;
- private RangerPolicyEngine policyEngine = null;
- private PolicyRefresher refresher = null;
-
-
- public RangerBasePlugin(String serviceType) {
- this.serviceType = serviceType;
- }
-
- public String getServiceType() {
- return serviceType;
- }
-
- public String getServiceName() {
- return serviceName;
- }
-
- public RangerPolicyEngine getPolicyEngine() {
- return policyEngine;
- }
-
- public void init() {
- RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl();
-
- init(policyEngine);
- }
-
- public synchronized void init(RangerPolicyEngine policyEngine) {
- cleanup();
-
-
- String serviceName = RangerConfiguration.getInstance().get("ranger.plugin." + serviceType + ".service.name");
- String serviceStoreClass = RangerConfiguration.getInstance().get("ranger.plugin." + serviceType + ".service.store.class", "org.apache.ranger.plugin.store.rest.ServiceRESTStore");
- String cacheDir = RangerConfiguration.getInstance().get("ranger.plugin." + serviceType + ".service.store.cache.dir", "/tmp");
- long pollingIntervalMs = RangerConfiguration.getInstance().getLong("ranger.plugin." + serviceType + ".service.store.pollIntervalMs", 30 * 1000);
-
- if(StringUtils.isEmpty(serviceName)) {
- // get the serviceName from download URL: http://ranger-admin-host:port/service/assets/policyList/serviceName
- String policyDownloadUrl = RangerConfiguration.getInstance().get("xasecure." + serviceType + ".policymgr.url");
-
- if(! StringUtils.isEmpty(policyDownloadUrl)) {
- int idx = policyDownloadUrl.lastIndexOf('/');
-
- if(idx != -1) {
- serviceName = policyDownloadUrl.substring(idx + 1);
- }
- }
- }
-
- ServiceStore serviceStore = ServiceStoreFactory.instance().getServiceStore(serviceStoreClass);
-
- refresher = new PolicyRefresher(policyEngine, serviceType, serviceName, serviceStore, pollingIntervalMs, cacheDir);
- refresher.startRefresher();
- this.policyEngine = policyEngine;
- }
-
- public synchronized void cleanup() {
- PolicyRefresher refresher = this.refresher;
-
- this.serviceName = null;
- this.policyEngine = null;
- this.refresher = null;
-
- if(refresher != null) {
- refresher.stopRefresher();
- }
- }
-
- public void setDefaultAuditHandler(RangerAuditHandler auditHandler) {
- RangerPolicyEngine policyEngine = this.policyEngine;
-
- if(policyEngine != null) {
- policyEngine.setDefaultAuditHandler(auditHandler);
- }
- }
-
- public RangerAuditHandler getDefaultAuditHandler() {
- RangerPolicyEngine policyEngine = this.policyEngine;
-
- if(policyEngine != null) {
- return policyEngine.getDefaultAuditHandler();
- }
-
- return null;
- }
-
-
- public RangerAccessResult createAccessResult(RangerAccessRequest request) {
- RangerPolicyEngine policyEngine = this.policyEngine;
-
- if(policyEngine != null) {
- return policyEngine.createAccessResult(request);
- }
-
- return null;
- }
-
-
- public RangerAccessResult isAccessAllowed(RangerAccessRequest request) {
- RangerPolicyEngine policyEngine = this.policyEngine;
-
- if(policyEngine != null) {
- return policyEngine.isAccessAllowed(request);
- }
-
- return null;
- }
-
-
- public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests) {
- RangerPolicyEngine policyEngine = this.policyEngine;
-
- if(policyEngine != null) {
- return policyEngine.isAccessAllowed(requests);
- }
-
- return null;
- }
-
-
- public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler) {
- RangerPolicyEngine policyEngine = this.policyEngine;
-
- if(policyEngine != null) {
- return policyEngine.isAccessAllowed(request, auditHandler);
- }
-
- return null;
- }
-
-
- public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAuditHandler auditHandler) {
- RangerPolicyEngine policyEngine = this.policyEngine;
-
- if(policyEngine != null) {
- return policyEngine.isAccessAllowed(requests, auditHandler);
- }
-
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java b/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
deleted file mode 100644
index 8eeb439..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.service;
-
-import java.util.List;
-
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-
-
-public abstract class RangerBaseService {
- private RangerServiceDef serviceDef;
- private RangerService service;
-
-
- public void init(RangerServiceDef serviceDef, RangerService service) {
- this.serviceDef = serviceDef;
- this.service = service;
- }
-
- /**
- * @return the serviceDef
- */
- public RangerServiceDef getServiceDef() {
- return serviceDef;
- }
-
- /**
- * @return the service
- */
- public RangerService getService() {
- return service;
- }
-
- public abstract void validateConfig() throws Exception;
-
- public abstract List<String> lookupResource(ResourceLookupContext context) throws Exception;
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java b/plugin-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
deleted file mode 100644
index b5c3dda..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.service;
-
-import java.util.List;
-import java.util.Map;
-
-
-public class ResourceLookupContext {
- private String userInput;
- private String resourceName;
- private Map<String, List<String>> resources;
-
-
- public ResourceLookupContext() {
-
- }
-
- /**
- * @return the userInput
- */
- public String getUserInput() {
- return userInput;
- }
- /**
- * @param userInput the userInput to set
- */
- public void setUserInput(String userInput) {
- this.userInput = userInput;
- }
- /**
- * @return the resourceName
- */
- public String getResourceName() {
- return resourceName;
- }
- /**
- * @param resourceName the resourceName to set
- */
- public void setResourceName(String resourceName) {
- this.resourceName = resourceName;
- }
- /**
- * @return the resources
- */
- public Map<String, List<String>> getResources() {
- return resources;
- }
- /**
- * @param resources the resources to set
- */
- public void setResources(Map<String, List<String>> resources) {
- this.resources = resources;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
deleted file mode 100644
index e8d970c..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.store;
-
-import java.util.List;
-
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.util.SearchFilter;
-import org.apache.ranger.plugin.util.ServicePolicies;
-
-public interface ServiceStore {
- void init() throws Exception;
-
- RangerServiceDef createServiceDef(RangerServiceDef serviceDef) throws Exception;
-
- RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) throws Exception;
-
- void deleteServiceDef(Long id) throws Exception;
-
- RangerServiceDef getServiceDef(Long id) throws Exception;
-
- RangerServiceDef getServiceDefByName(String name) throws Exception;
-
- List<RangerServiceDef> getServiceDefs(SearchFilter filter) throws Exception;
-
-
- RangerService createService(RangerService service) throws Exception;
-
- RangerService updateService(RangerService service) throws Exception;
-
- void deleteService(Long id) throws Exception;
-
- RangerService getService(Long id) throws Exception;
-
- RangerService getServiceByName(String name) throws Exception;
-
- List<RangerService> getServices(SearchFilter filter) throws Exception;
-
-
- RangerPolicy createPolicy(RangerPolicy policy) throws Exception;
-
- RangerPolicy updatePolicy(RangerPolicy policy) throws Exception;
-
- void deletePolicy(Long id) throws Exception;
-
- RangerPolicy getPolicy(Long id) throws Exception;
-
- List<RangerPolicy> getPolicies(SearchFilter filter) throws Exception;
-
- List<RangerPolicy> getServicePolicies(Long serviceId, SearchFilter filter) throws Exception;
-
- List<RangerPolicy> getServicePolicies(String serviceName, SearchFilter filter) throws Exception;
-
- ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long lastKnownVersion) throws Exception;
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStoreFactory.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStoreFactory.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStoreFactory.java
deleted file mode 100644
index f9a2404..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStoreFactory.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.store;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
-
-
-public class ServiceStoreFactory {
- private static final Log LOG = LogFactory.getLog(ServiceStoreFactory.class);
-
- private static ServiceStoreFactory sInstance = null;
-
- private Map<String, ServiceStore> serviceStores = null;
- private ServiceStore defaultServiceStore = null;
-
-
- public static ServiceStoreFactory instance() {
- if(sInstance == null) {
- sInstance = new ServiceStoreFactory();
- }
-
- return sInstance;
- }
-
- public ServiceStore getServiceStore() {
- ServiceStore ret = defaultServiceStore;
-
- if(ret == null) { // if no service store has been created yet, create the default store. TODO: review the impact and update, if necessary
- String defaultServiceStoreClass = RangerConfiguration.getInstance().get("ranger.default.service.store.class", "org.apache.ranger.plugin.store.file.ServiceFileStore");
-
- ret = getServiceStore(defaultServiceStoreClass);
- }
-
- return ret;
- }
-
- public ServiceStore getServiceStore(String storeClassname) {
- ServiceStore ret = serviceStores.get(storeClassname);
-
- if(ret == null) {
- synchronized(this) {
- ret = serviceStores.get(storeClassname);
-
- if(ret == null) {
- try {
- @SuppressWarnings("unchecked")
- Class<ServiceStore> storeClass = (Class<ServiceStore>)Class.forName(storeClassname);
-
- ret = storeClass.newInstance();
-
- ret.init();
-
- serviceStores.put(storeClassname, ret);
-
- if(defaultServiceStore == null) {
- defaultServiceStore = ret;
- }
- } catch(Exception excp) {
- LOG.error("failed to instantiate service store of type " + storeClassname, excp);
- }
- }
- }
- }
-
- return ret;
- }
-
- private ServiceStoreFactory() {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceStoreFactory.ServiceStoreFactory()");
- }
-
- init();
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceStoreFactory.ServiceStoreFactory()");
- }
- }
-
- private void init() {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceStoreFactory.init()");
- }
-
- serviceStores = new HashMap<String, ServiceStore>();
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceStoreFactory.init()");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
deleted file mode 100644
index 17b46f9..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
+++ /dev/null
@@ -1,390 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.store.file;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStreamWriter;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.UUID;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.FSDataInputStream;
-import org.apache.hadoop.fs.FSDataOutputStream;
-import org.apache.hadoop.fs.FileStatus;
-import org.apache.hadoop.fs.FileSystem;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.fs.PathFilter;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
-import org.apache.ranger.plugin.model.RangerBaseModelObject;
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-
-public class BaseFileStore {
- private static final Log LOG = LogFactory.getLog(BaseFileStore.class);
-
- private Gson gsonBuilder = null;
- private String dataDir = null;
-
- protected static String FILE_PREFIX_SERVICE_DEF = "ranger-servicedef-";
- protected static String FILE_PREFIX_SERVICE = "ranger-service-";
- protected static String FILE_PREFIX_POLICY = "ranger-policy-";
- protected static String FILE_SUFFIX_JSON = ".json";
-
-
- protected void initStore() {
- dataDir = RangerConfiguration.getInstance().get("ranger.service.store.file.dir", "file:///etc/ranger/data");
-
- try {
- gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
- } catch(Throwable excp) {
- LOG.fatal("BaseFileStore.init(): failed to create GsonBuilder object", excp);
- }
- }
-
- protected String getDataDir() {
- return dataDir;
- }
-
- protected String getServiceDefFile(Long id) {
- String filePath = dataDir + Path.SEPARATOR + FILE_PREFIX_SERVICE_DEF + id + FILE_SUFFIX_JSON;
-
- return filePath;
- }
-
- protected String getServiceFile(Long id) {
- String filePath = dataDir + Path.SEPARATOR + FILE_PREFIX_SERVICE + id + FILE_SUFFIX_JSON;
-
- return filePath;
- }
-
- protected String getPolicyFile(Long serviceId, Long policyId) {
- String filePath = dataDir + Path.SEPARATOR + FILE_PREFIX_POLICY + serviceId + "-" + policyId + FILE_SUFFIX_JSON;
-
- return filePath;
- }
-
- protected <T> T loadFromResource(String resource, Class<T> cls) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> BaseFileStore.loadFromResource(" + resource + ")");
- }
-
- InputStream inStream = this.getClass().getResourceAsStream(resource);
-
- T ret = loadFromStream(inStream, cls);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== BaseFileStore.loadFromResource(" + resource + "): " + ret);
- }
-
- return ret;
- }
-
- protected <T> T loadFromStream(InputStream inStream, Class<T> cls) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> BaseFileStore.loadFromStream()");
- }
-
- InputStreamReader reader = new InputStreamReader(inStream);
-
- T ret = gsonBuilder.fromJson(reader, cls);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== BaseFileStore.loadFromStream(): " + ret);
- }
-
- return ret;
- }
-
- protected <T> T loadFromFile(Path filePath, Class<T> cls) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> BaseFileStore.loadFromFile(" + filePath + ")");
- }
-
- T ret = null;
- InputStreamReader reader = null;
-
- try {
- FileSystem fileSystem = getFileSystem(filePath);
- FSDataInputStream inStream = fileSystem.open(filePath);
-
- ret = loadFromStream(inStream, cls);
- } finally {
- close(reader);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== BaseFileStore.loadFromFile(" + filePath + "): " + ret);
- }
-
- return ret;
- }
-
- protected <T> List<T> loadFromDir(Path dirPath, final String filePrefix, Class<T> cls) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> BaseFileStore.loadFromDir()");
- }
-
- List<T> ret = new ArrayList<T>();
-
- try {
- FileSystem fileSystem = getFileSystem(dirPath);
-
- if(fileSystem.exists(dirPath) && fileSystem.isDirectory(dirPath)) {
- PathFilter filter = new PathFilter() {
- @Override
- public boolean accept(Path path) {
- return path.getName().startsWith(filePrefix) &&
- path.getName().endsWith(FILE_SUFFIX_JSON);
- }
- };
-
- FileStatus[] sdFiles = fileSystem.listStatus(dirPath, filter);
-
- if(sdFiles != null) {
- for(FileStatus sdFile : sdFiles) {
- T obj = loadFromFile(sdFile.getPath(), cls);
-
- if(obj != null) {
- ret.add(obj);
- }
- }
- }
- } else {
- LOG.error(dirPath + ": does not exists or not a directory");
- }
- } catch(IOException excp) {
- LOG.warn("error loading service-def in directory " + dirPath, excp);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== BaseFileStore.loadFromDir(): count=" + (ret == null ? 0 : ret.size()));
- }
-
- return ret;
- }
-
- protected <T> T saveToFile(T obj, Path filePath, boolean overWrite) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> BaseFileStore.saveToFile(" + filePath + ")");
- }
-
- OutputStreamWriter writer = null;
-
- try {
- FileSystem fileSystem = getFileSystem(filePath);
- FSDataOutputStream outStream = fileSystem.create(filePath, overWrite);
-
- writer = new OutputStreamWriter(outStream);
-
- gsonBuilder.toJson(obj, writer);
- } finally {
- close(writer);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== BaseFileStore.saveToFile(" + filePath + "): " + obj);
- }
-
- return obj;
- }
-
- protected boolean deleteFile(Path filePath) throws Exception {
- LOG.debug("==> BaseFileStore.deleteFile(" + filePath + ")");
-
- FileSystem fileSystem = getFileSystem(filePath);
-
- boolean ret = false;
-
- if(fileSystem.exists(filePath)) {
- ret = fileSystem.delete(filePath, false);
- } else {
- ret = true; // nothing to delete
- }
-
- LOG.debug("<== BaseFileStore.deleteFile(" + filePath + "): " + ret);
-
- return ret;
- }
-
- protected boolean renamePath(Path oldPath, Path newPath) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> BaseFileStore.renamePath(" + oldPath + "," + newPath + ")");
- }
-
- FileSystem fileSystem = getFileSystem(oldPath);
-
- boolean ret = false;
-
- if(fileSystem.exists(oldPath)) {
- if(! fileSystem.exists(newPath)) {
- ret = fileSystem.rename(oldPath, newPath);
- } else {
- LOG.warn("target of rename '" + newPath + "' already exists");
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== BaseFileStore.renamePath(" + oldPath + "," + newPath + "): " + ret);
- }
-
- return ret;
- }
-
- protected RangerServiceDef saveToFile(RangerServiceDef serviceDef, boolean overWrite) throws Exception {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> BaseFileStore.saveToFile(" + serviceDef + "," + overWrite + ")");
- }
-
- Path filePath = new Path(getServiceDefFile(serviceDef.getId()));
-
- RangerServiceDef ret = saveToFile(serviceDef, filePath, overWrite);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== BaseFileStore.saveToFile(" + serviceDef + "," + overWrite + "): ");
- }
-
- return ret;
- }
-
- protected RangerService saveToFile(RangerService service, boolean overWrite) throws Exception {
- Path filePath = new Path(getServiceFile(service.getId()));
-
- RangerService ret = saveToFile(service, filePath, overWrite);
-
- return ret;
- }
-
- protected RangerPolicy saveToFile(RangerPolicy policy, long serviceId, boolean overWrite) throws Exception {
- Path filePath = new Path(getPolicyFile(serviceId, policy.getId()));
-
- RangerPolicy ret = saveToFile(policy, filePath, overWrite);
-
- return ret;
- }
-
- protected long getMaxId(List<? extends RangerBaseModelObject> objs) {
- long ret = -1;
-
- if(objs != null) {
- for(RangerBaseModelObject obj : objs) {
- if(obj.getId() > ret) {
- ret = obj.getId();
- }
- }
- }
-
- return ret;
- }
- protected FileSystem getFileSystem(Path filePath) throws Exception {
- Configuration conf = new Configuration();
- FileSystem fileSystem = filePath.getFileSystem(conf);
-
- return fileSystem;
- }
-
- protected void close(FileSystem fs) {
- if(fs != null) {
- try {
- fs.close();
- } catch(IOException excp) {
- // ignore
- }
- }
- }
-
- protected void close(InputStreamReader reader) {
- if(reader != null) {
- try {
- reader.close();
- } catch(IOException excp) {
- // ignore
- }
- }
- }
-
- protected void close(OutputStreamWriter writer) {
- if(writer != null) {
- try {
- writer.close();
- } catch(IOException excp) {
- // ignore
- }
- }
- }
-
- protected void preCreate(RangerBaseModelObject obj) {
- obj.setId(new Long(0));
- obj.setGuid(UUID.randomUUID().toString());
- obj.setCreateTime(new Date());
- obj.setUpdateTime(obj.getCreateTime());
- obj.setVersion(new Long(1));
- }
-
- protected void postCreate(RangerBaseModelObject obj) {
- // TODO:
- }
-
- protected void preUpdate(RangerBaseModelObject obj) {
- if(obj.getId() == null) {
- obj.setId(new Long(0));
- }
-
- if(obj.getGuid() == null) {
- obj.setGuid(UUID.randomUUID().toString());
- }
-
- if(obj.getCreateTime() == null) {
- obj.setCreateTime(new Date());
- }
-
- Long version = obj.getVersion();
-
- if(version == null) {
- version = new Long(1);
- } else {
- version = new Long(version.longValue() + 1);
- }
-
- obj.setVersion(version);
- obj.setUpdateTime(new Date());
- }
-
- protected void postUpdate(RangerBaseModelObject obj) {
- // TODO:
- }
-
- protected void preDelete(RangerBaseModelObject obj) {
- // TODO:
- }
-
- protected void postDelete(RangerBaseModelObject obj) {
- // TODO:
- }
-}
[7/8] incubator-ranger git commit: RANGER-203: moved
pluggable-service-model implementation from plugin-common to exiting project
ranger-plugin-common
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
new file mode 100644
index 0000000..f49bf8c
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+
+public interface RangerMutableResource extends RangerResource {
+ void setOwnerUser(String ownerUser);
+
+ void setValue(String type, String value);
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
new file mode 100644
index 0000000..a66bc23
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.Collection;
+import java.util.List;
+
+import org.apache.ranger.plugin.audit.RangerAuditHandler;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+
+public interface RangerPolicyEngine {
+ public static final String GROUP_PUBLIC = "public";
+ public static final String ANY_ACCESS = "_any";
+ public static final String ADMIN_ACCESS = "_admin";
+ public static final long UNKNOWN_POLICY = -1;
+
+ String getServiceName();
+
+ RangerServiceDef getServiceDef();
+
+ void setPolicies(String serviceName, RangerServiceDef serviceDef, List<RangerPolicy> policies);
+
+ void setDefaultAuditHandler(RangerAuditHandler auditHandler);
+
+ RangerAuditHandler getDefaultAuditHandler();
+
+ RangerAccessResult createAccessResult(RangerAccessRequest request);
+
+ RangerAccessResult isAccessAllowed(RangerAccessRequest request);
+
+ Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests);
+
+ RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler);
+
+ Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAuditHandler auditHandler);
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
new file mode 100644
index 0000000..8f6231b
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -0,0 +1,254 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.audit.RangerAuditHandler;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyEvaluator;
+import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
+
+
+public class RangerPolicyEngineImpl implements RangerPolicyEngine {
+ private static final Log LOG = LogFactory.getLog(RangerPolicyEngineImpl.class);
+
+ private String serviceName = null;
+ private RangerServiceDef serviceDef = null;
+ private List<RangerPolicyEvaluator> policyEvaluators = null;
+ private RangerAuditHandler defaultAuditHandler = null;
+
+
+ public RangerPolicyEngineImpl() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPolicyEngineImpl()");
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPolicyEngineImpl()");
+ }
+ }
+
+ @Override
+ public String getServiceName() {
+ return serviceName;
+ }
+
+ @Override
+ public RangerServiceDef getServiceDef() {
+ return serviceDef;
+ }
+
+ @Override
+ public void setPolicies(String serviceName, RangerServiceDef serviceDef, List<RangerPolicy> policies) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPolicyEngineImpl.setPolicies(" + serviceName + ", " + serviceDef + ", policies.count=" + (policies == null ? 0 : policies.size()) + ")");
+ }
+
+ if(serviceName != null && serviceDef != null && policies != null) {
+ List<RangerPolicyEvaluator> evaluators = new ArrayList<RangerPolicyEvaluator>();
+
+ for(RangerPolicy policy : policies) {
+ if(! policy.getIsEnabled()) {
+ continue;
+ }
+
+ RangerPolicyEvaluator evaluator = getPolicyEvaluator(policy, serviceDef);
+
+ if(evaluator != null) {
+ evaluators.add(evaluator);
+ }
+ }
+
+ /* TODO:
+ * sort evaluators list for faster completion of isAccessAllowed() method
+ * 1. Global policies: the policies that cover for any resource (for example: database=*; table=*; column=*)
+ * 2. Policies that cover all resources under level-1 (for example: every thing in one or more databases)
+ * 3. Policies that cover all resources under level-2 (for example: every thing in one or more tables)
+ * ...
+ * 4. Policies that cover all resources under level-n (for example: one or more columns)
+ *
+ */
+
+ this.serviceName = serviceName;
+ this.serviceDef = serviceDef;
+ this.policyEvaluators = evaluators;
+ } else {
+ LOG.error("RangerPolicyEngineImpl.setPolicies(): invalid arguments - null serviceDef/policies");
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPolicyEngineImpl.setPolicies(" + serviceName + ", " + serviceDef + ", policies.count=" + (policies == null ? 0 : policies.size()) + ")");
+ }
+ }
+
+ @Override
+ public void setDefaultAuditHandler(RangerAuditHandler auditHandler) {
+ this.defaultAuditHandler = auditHandler;
+ }
+
+ @Override
+ public RangerAuditHandler getDefaultAuditHandler() {
+ return defaultAuditHandler;
+ }
+
+ @Override
+ public RangerAccessResult createAccessResult(RangerAccessRequest request) {
+ return new RangerAccessResult(serviceName, serviceDef, request);
+ }
+
+ @Override
+ public RangerAccessResult isAccessAllowed(RangerAccessRequest request) {
+ return isAccessAllowed(request, defaultAuditHandler);
+ }
+
+ @Override
+ public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests) {
+ return isAccessAllowed(requests, defaultAuditHandler);
+ }
+
+ @Override
+ public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowed(" + request + ")");
+ }
+
+ RangerAccessResult ret = isAccessAllowedNoAudit(request);
+
+ if(auditHandler != null) {
+ auditHandler.logAudit(ret);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPolicyEngineImpl.isAccessAllowed(" + request + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAuditHandler auditHandler) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowed(" + requests + ")");
+ }
+
+ Collection<RangerAccessResult> ret = new ArrayList<RangerAccessResult>();
+
+ if(requests != null) {
+ for(RangerAccessRequest request : requests) {
+ RangerAccessResult result = isAccessAllowedNoAudit(request);
+
+ ret.add(result);
+ }
+ }
+
+ if(auditHandler != null) {
+ auditHandler.logAudit(ret);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPolicyEngineImpl.isAccessAllowed(" + requests + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected RangerAccessResult isAccessAllowedNoAudit(RangerAccessRequest request) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowedNoAudit(" + request + ")");
+ }
+
+ RangerAccessResult ret = createAccessResult(request);
+
+ if(request != null) {
+ List<RangerPolicyEvaluator> evaluators = policyEvaluators;
+
+ if(evaluators != null) {
+ for(RangerPolicyEvaluator evaluator : evaluators) {
+ evaluator.evaluate(request, ret);
+
+ // stop once allowed=true && audited==true
+ if(ret.getIsAllowed() && ret.getIsAudited()) {
+ break;
+ }
+ }
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPolicyEngineImpl.isAccessAllowedNoAudit(" + request + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ private RangerPolicyEvaluator getPolicyEvaluator(RangerPolicy policy, RangerServiceDef serviceDef) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPolicyEngineImpl.getPolicyEvaluator(" + policy + "," + serviceDef + ")");
+ }
+
+ RangerPolicyEvaluator ret = null;
+
+ ret = new RangerDefaultPolicyEvaluator(); // TODO: configurable evaluator class?
+
+ ret.init(policy, serviceDef);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPolicyEngineImpl.getPolicyEvaluator(" + policy + "," + serviceDef + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPolicyEngineImpl={");
+
+ sb.append("serviceName={").append(serviceName).append("} ");
+ sb.append("serviceDef={").append(serviceDef).append("} ");
+
+ sb.append("policyEvaluators={");
+ if(policyEvaluators != null) {
+ for(RangerPolicyEvaluator policyEvaluator : policyEvaluators) {
+ if(policyEvaluator != null) {
+ sb.append(policyEvaluator).append(" ");
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
new file mode 100644
index 0000000..6941bc3
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.Set;
+
+
+public interface RangerResource {
+ public abstract String getOwnerUser();
+
+ public abstract boolean exists(String name);
+
+ public abstract String getValue(String name);
+
+ public Set<String> getKeys();
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
new file mode 100644
index 0000000..86f7ea4
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+
+public class RangerResourceImpl implements RangerMutableResource {
+ private String ownerUser = null;
+ private Map<String, String> elements = null;
+
+
+ public RangerResourceImpl() {
+ }
+
+ @Override
+ public String getOwnerUser() {
+ return ownerUser;
+ }
+
+ @Override
+ public boolean exists(String name) {
+ return elements != null && elements.containsKey(name);
+ }
+
+ @Override
+ public String getValue(String name) {
+ String ret = null;
+
+ if(elements != null && elements.containsKey(name)) {
+ ret = elements.get(name);
+ }
+
+ return ret;
+ }
+
+ @Override
+ public Set<String> getKeys() {
+ Set<String> ret = null;
+
+ if(elements != null) {
+ ret = elements.keySet();
+ }
+
+ return ret;
+ }
+
+ @Override
+ public void setOwnerUser(String ownerUser) {
+ this.ownerUser = ownerUser;
+ }
+
+ @Override
+ public void setValue(String name, String value) {
+ if(elements == null) {
+ elements = new HashMap<String, String>();
+ }
+
+ elements.put(name, value);
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerResourceImpl={");
+
+ sb.append("ownerUser={").append(ownerUser).append("} ");
+
+ sb.append("elements={");
+ if(elements != null) {
+ for(Map.Entry<String, String> e : elements.entrySet()) {
+ sb.append(e.getKey()).append("=").append(e.getValue()).append("; ");
+ }
+ }
+ sb.append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java
new file mode 100644
index 0000000..36273eb
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyevaluator;
+
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+
+
+public abstract class RangerAbstractPolicyEvaluator implements RangerPolicyEvaluator {
+ private static final Log LOG = LogFactory.getLog(RangerAbstractPolicyEvaluator.class);
+
+ private RangerPolicy policy = null;
+ private RangerServiceDef serviceDef = null;
+
+
+ @Override
+ public void init(RangerPolicy policy, RangerServiceDef serviceDef) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerAbstractPolicyEvaluator.init(" + policy + ", " + serviceDef + ")");
+ }
+
+ this.policy = policy;
+ this.serviceDef = serviceDef;
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerAbstractPolicyEvaluator.init(" + policy + ", " + serviceDef + ")");
+ }
+ }
+
+ @Override
+ public RangerPolicy getPolicy() {
+ return policy;
+ }
+
+ @Override
+ public RangerServiceDef getServiceDef() {
+ return serviceDef;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerAbstractPolicyEvaluator={");
+
+ sb.append("policy={").append(policy).append("} ");
+ sb.append("serviceDef={").append(serviceDef).append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
new file mode 100644
index 0000000..cc1ee1e
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -0,0 +1,446 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyevaluator;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.policyengine.RangerAccessResult;
+import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
+import org.apache.ranger.plugin.policyengine.RangerResource;
+import org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher;
+import org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher;
+
+
+public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator {
+ private static final Log LOG = LogFactory.getLog(RangerDefaultPolicyEvaluator.class);
+
+ private Map<String, RangerResourceMatcher> matchers = null;
+
+ @Override
+ public void init(RangerPolicy policy, RangerServiceDef serviceDef) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultPolicyEvaluator.init()");
+ }
+
+ preprocessPolicy(policy, serviceDef);
+
+ super.init(policy, serviceDef);
+
+ this.matchers = new HashMap<String, RangerResourceMatcher>();
+
+ if(policy != null && policy.getResources() != null && serviceDef != null) {
+ for(RangerResourceDef resourceDef : serviceDef.getResources()) {
+ String resourceName = resourceDef.getName();
+ RangerPolicyResource policyResource = policy.getResources().get(resourceName);
+
+ RangerResourceMatcher matcher = createResourceMatcher(resourceDef, policyResource);
+
+ if(matcher != null) {
+ matchers.put(resourceName, matcher);
+ } else {
+ LOG.error("failed to find matcher for resource " + resourceName);
+ }
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultPolicyEvaluator.init()");
+ }
+ }
+
+ @Override
+ public void evaluate(RangerAccessRequest request, RangerAccessResult result) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultPolicyEvaluator.evaluate(" + request + ", " + result + ")");
+ }
+
+ RangerPolicy policy = getPolicy();
+
+ if(policy != null && request != null && result != null) {
+ boolean isResourceMatch = matchResource(request.getResource());
+ boolean isResourceHeadMatch = isResourceMatch || matchResourceHead(request.getResource());
+ String accessType = request.getAccessType();
+
+ if(StringUtils.isEmpty(accessType)) {
+ accessType = RangerPolicyEngine.ANY_ACCESS;
+ }
+
+ boolean isAnyAccess = StringUtils.equals(accessType, RangerPolicyEngine.ANY_ACCESS);
+
+ if(isResourceMatch || (isResourceHeadMatch && isAnyAccess)) {
+ if(policy.getIsAuditEnabled()) {
+ result.setIsAudited(true);
+ }
+
+ for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
+ if(result.getIsAllowed()) {
+ break;
+ }
+
+ if(CollectionUtils.isEmpty(policyItem.getAccesses())) {
+ continue;
+ }
+
+ boolean isUserGroupMatch = matchUserGroup(policyItem, request.getUser(), request.getUserGroups());
+
+ if(! isUserGroupMatch) {
+ continue;
+ }
+
+ boolean isCustomConditionsMatch = matchCustomConditions(policyItem, request);
+
+ if(! isCustomConditionsMatch) {
+ continue;
+ }
+
+ if(isAnyAccess) {
+ for(RangerPolicyItemAccess access : policyItem.getAccesses()) {
+ if(access.getIsAllowed()) {
+ result.setIsAllowed(true);
+ result.setPolicyId(policy.getId());
+ break;
+ }
+ }
+ } else {
+ RangerPolicyItemAccess access = getAccess(policyItem, accessType);
+
+ if(access != null && access.getIsAllowed()) {
+ result.setIsAllowed(true);
+ result.setPolicyId(policy.getId());
+ }
+ }
+ }
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultPolicyEvaluator.evaluate(" + request + ", " + result + ")");
+ }
+ }
+
+ protected boolean matchResource(RangerResource resource) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultPolicyEvaluator.matchResource(" + resource + ")");
+ }
+
+ boolean ret = false;
+
+ RangerServiceDef serviceDef = getServiceDef();
+
+ if(serviceDef != null && serviceDef.getResources() != null) {
+ Collection<String> resourceKeys = resource == null ? null : resource.getKeys();
+ Collection<String> policyKeys = matchers == null ? null : matchers.keySet();
+
+ boolean keysMatch = (resourceKeys == null) || (policyKeys != null && policyKeys.containsAll(resourceKeys));
+
+ if(keysMatch) {
+ for(RangerResourceDef resourceDef : serviceDef.getResources()) {
+ String resourceName = resourceDef.getName();
+ String resourceValue = resource == null ? null : resource.getValue(resourceName);
+ RangerResourceMatcher matcher = matchers == null ? null : matchers.get(resourceName);
+
+ // when no value exists for a resourceName, consider it a match only if (policy doesn't have a matcher OR matcher allows no-value resource)
+ if(StringUtils.isEmpty(resourceValue)) {
+ ret = matcher == null || matcher.isMatch(resourceValue);
+ } else {
+ ret = matcher != null && matcher.isMatch(resourceValue);
+ }
+
+ if(! ret) {
+ break;
+ }
+ }
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultPolicyEvaluator.matchResource(" + resource + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected boolean matchResourceHead(RangerResource resource) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultPolicyEvaluator.matchResourceHead(" + resource + ")");
+ }
+
+ boolean ret = false;
+
+ RangerServiceDef serviceDef = getServiceDef();
+
+ if(serviceDef != null && serviceDef.getResources() != null) {
+ int numMatched = 0;
+ int numUnmatched = 0;
+
+ for(RangerResourceDef resourceDef : serviceDef.getResources()) {
+ String resourceName = resourceDef.getName();
+ String resourceValue = resource == null ? null : resource.getValue(resourceName);
+ RangerResourceMatcher matcher = matchers == null ? null : matchers.get(resourceName);
+
+ if(numUnmatched > 0) { // no further values are expected in the resource
+ if(! StringUtils.isEmpty(resourceValue)) {
+ break;
+ }
+
+ numUnmatched++;
+ continue;
+ } else {
+ boolean isMatch = false;
+
+ // when no value exists for a resourceName, consider it a match only if (policy doesn't have a matcher OR matcher allows no-value resource)
+ if(StringUtils.isEmpty(resourceValue)) {
+ isMatch = matcher == null || matcher.isMatch(resourceValue);
+ } else {
+ isMatch = matcher != null && matcher.isMatch(resourceValue);
+ }
+
+ if(isMatch) {
+ numMatched++;
+ } else {
+ numUnmatched++;
+ }
+ }
+ }
+
+ ret = (numMatched > 0) && serviceDef.getResources().size() == (numMatched + numUnmatched);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultPolicyEvaluator.matchResourceHead(" + resource + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected boolean matchUserGroup(RangerPolicyItem policyItem, String user, Collection<String> groups) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultPolicyEvaluator.matchUserGroup(" + policyItem + ", " + user + ", " + groups + ")");
+ }
+
+ boolean ret = false;
+
+ if(policyItem != null) {
+ if(!ret && user != null && policyItem.getUsers() != null) {
+ ret = policyItem.getUsers().contains(user);
+ }
+
+ if(!ret && groups != null && policyItem.getGroups() != null) {
+ ret = policyItem.getGroups().contains(RangerPolicyEngine.GROUP_PUBLIC) ||
+ !Collections.disjoint(policyItem.getGroups(), groups);
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultPolicyEvaluator.matchUserGroup(" + policyItem + ", " + user + ", " + groups + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected boolean matchCustomConditions(RangerPolicyItem policyItem, RangerAccessRequest request) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultPolicyEvaluator.matchCustomConditions(" + policyItem + ", " + request + ")");
+ }
+
+ boolean ret = false;
+
+ // TODO:
+ ret = true;
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultPolicyEvaluator.matchCustomConditions(" + policyItem + ", " + request + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected RangerPolicyItemAccess getAccess(RangerPolicyItem policyItem, String accessType) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultPolicyEvaluator.getAccess(" + policyItem + ", " + accessType + ")");
+ }
+
+ RangerPolicyItemAccess ret = null;
+
+ if(policyItem != null && accessType != null && policyItem.getAccesses() != null) {
+ for(RangerPolicyItemAccess access : policyItem.getAccesses()) {
+ if(StringUtils.equalsIgnoreCase(accessType, access.getType())) {
+ ret = access;
+
+ break;
+ }
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultPolicyEvaluator.getAccess(" + policyItem + ", " + accessType + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected RangerResourceMatcher createResourceMatcher(RangerResourceDef resourceDef, RangerPolicyResource resource) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultPolicyEvaluator.createResourceMatcher(" + resourceDef + ", " + resource + ")");
+ }
+
+ RangerResourceMatcher ret = null;
+
+ String clsName = resourceDef != null ? resourceDef.getMatcher() : null;
+ String options = resourceDef != null ? resourceDef.getMatcherOptions() : null;
+
+ if(StringUtils.isEmpty(clsName)) {
+ ret = new RangerDefaultResourceMatcher();
+ } else {
+ try {
+ @SuppressWarnings("unchecked")
+ Class<RangerResourceMatcher> matcherClass = (Class<RangerResourceMatcher>)Class.forName(clsName);
+
+ ret = matcherClass.newInstance();
+ } catch(ClassNotFoundException excp) {
+ // TODO: ERROR
+ excp.printStackTrace();
+ } catch (InstantiationException excp) {
+ // TODO: ERROR
+ excp.printStackTrace();
+ } catch (IllegalAccessException excp) {
+ // TODO: ERROR
+ excp.printStackTrace();
+ }
+ }
+
+ if(ret != null) {
+ ret.init(resourceDef, resource, options);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultPolicyEvaluator.createResourceMatcher(" + resourceDef + ", " + resource + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerDefaultPolicyEvaluator={");
+
+ super.toString(sb);
+
+ sb.append("matchers={");
+ if(matchers != null) {
+ for(RangerResourceMatcher matcher : matchers.values()) {
+ sb.append("{").append(matcher).append("} ");
+ }
+ }
+ sb.append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+
+ private void preprocessPolicy(RangerPolicy policy, RangerServiceDef serviceDef) {
+ if(policy == null || CollectionUtils.isEmpty(policy.getPolicyItems()) || serviceDef == null) {
+ return;
+ }
+
+ Map<String, Collection<String>> impliedAccessGrants = getImpliedAccessGrants(serviceDef);
+
+ if(impliedAccessGrants == null || impliedAccessGrants.isEmpty()) {
+ return;
+ }
+
+ for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
+ if(CollectionUtils.isEmpty(policyItem.getAccesses())) {
+ continue;
+ }
+
+ // Only one round of 'expansion' is done; multi-level impliedGrants (like shown below) are not handled for now
+ // multi-level impliedGrants: given admin=>write; write=>read: must imply admin=>read,write
+ for(Map.Entry<String, Collection<String>> e : impliedAccessGrants.entrySet()) {
+ String accessType = e.getKey();
+ Collection<String> impliedGrants = e.getValue();
+
+ RangerPolicyItemAccess access = getAccess(policyItem, accessType);
+
+ if(access == null) {
+ continue;
+ }
+
+ for(String impliedGrant : impliedGrants) {
+ RangerPolicyItemAccess impliedAccess = getAccess(policyItem, impliedGrant);
+
+ if(impliedAccess == null) {
+ impliedAccess = new RangerPolicyItemAccess(impliedGrant, access.getIsAllowed());
+
+ policyItem.getAccesses().add(impliedAccess);
+ } else {
+ if(! impliedAccess.getIsAllowed()) {
+ impliedAccess.setIsAllowed(access.getIsAllowed());
+ }
+ }
+ }
+ }
+ }
+ }
+
+ private Map<String, Collection<String>> getImpliedAccessGrants(RangerServiceDef serviceDef) {
+ Map<String, Collection<String>> ret = null;
+
+ if(serviceDef != null && !CollectionUtils.isEmpty(serviceDef.getAccessTypes())) {
+ for(RangerAccessTypeDef accessTypeDef : serviceDef.getAccessTypes()) {
+ if(!CollectionUtils.isEmpty(accessTypeDef.getImpliedGrants())) {
+ if(ret == null) {
+ ret = new HashMap<String, Collection<String>>();
+ }
+
+ Collection<String> impliedAccessGrants = ret.get(accessTypeDef.getName());
+
+ if(impliedAccessGrants == null) {
+ impliedAccessGrants = new HashSet<String>();
+
+ ret.put(accessTypeDef.getName(), impliedAccessGrants);
+ }
+
+ for(String impliedAccessGrant : accessTypeDef.getImpliedGrants()) {
+ impliedAccessGrants.add(impliedAccessGrant);
+ }
+ }
+ }
+ }
+
+ return ret;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
new file mode 100644
index 0000000..b6e0f10
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyevaluator;
+
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.policyengine.RangerAccessResult;
+
+public interface RangerPolicyEvaluator {
+ void init(RangerPolicy policy, RangerServiceDef serviceDef);
+
+ RangerPolicy getPolicy();
+
+ RangerServiceDef getServiceDef();
+
+ void evaluate(RangerAccessRequest request, RangerAccessResult result);
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
new file mode 100644
index 0000000..9fb248a
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
@@ -0,0 +1,226 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.resourcematcher;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
+
+
+public abstract class RangerAbstractResourceMatcher implements RangerResourceMatcher {
+ private static final Log LOG = LogFactory.getLog(RangerAbstractResourceMatcher.class);
+
+ public final String WILDCARD_PATTERN = ".*";
+
+ public final String OPTIONS_SEP = ";";
+ public final String OPTION_NV_SEP = "=";
+ public final String OPTION_IGNORE_CASE = "ignoreCase";
+ public final String OPTION_WILD_CARD = "wildCard";
+
+ private RangerResourceDef resourceDef = null;
+ private RangerPolicyResource policyResource = null;
+ private String optionsString = null;
+ private Map<String, String> options = null;
+
+ protected boolean optIgnoreCase = false;
+ protected boolean optWildCard = false;
+
+ protected List<String> policyValues = null;
+ protected boolean policyIsExcludes = false;
+ protected boolean isMatchAny = false;
+
+ @Override
+ public void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource, String optionsString) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerAbstractResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")");
+ }
+
+ this.resourceDef = resourceDef;
+ this.policyResource = policyResource;
+ this.optionsString = optionsString;
+
+ options = new HashMap<String, String>();
+
+ if(optionsString != null) {
+ for(String optionString : optionsString.split(OPTIONS_SEP)) {
+ if(StringUtils.isEmpty(optionString)) {
+ continue;
+ }
+
+ String[] nvArr = optionString.split(OPTION_NV_SEP);
+
+ String name = (nvArr != null && nvArr.length > 0) ? nvArr[0].trim() : null;
+ String value = (nvArr != null && nvArr.length > 1) ? nvArr[1].trim() : null;
+
+ if(StringUtils.isEmpty(name)) {
+ continue;
+ }
+
+ options.put(name, value);
+ }
+ }
+
+ optIgnoreCase = getBooleanOption(OPTION_IGNORE_CASE, true);
+ optWildCard = getBooleanOption(OPTION_WILD_CARD, true);
+
+ policyValues = new ArrayList<String>();
+ policyIsExcludes = policyResource == null ? false : policyResource.getIsExcludes();
+
+ if(policyResource != null && policyResource.getValues() != null) {
+ for(String policyValue : policyResource.getValues()) {
+ if(StringUtils.isEmpty(policyValue)) {
+ continue;
+ }
+
+ if(optIgnoreCase) {
+ policyValue = policyValue.toLowerCase();
+ }
+
+ if(optWildCard) {
+ policyValue = getWildCardPattern(policyValue);
+ }
+
+ if(policyValue.equals(WILDCARD_PATTERN)) {
+ isMatchAny = true;
+ }
+
+ policyValues.add(policyValue);
+ }
+ }
+
+ if(policyValues.isEmpty()) {
+ isMatchAny = true;
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerAbstractResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")");
+ }
+ }
+
+ @Override
+ public RangerResourceDef getResourceDef() {
+ return resourceDef;
+ }
+
+ @Override
+ public RangerPolicyResource getPolicyResource() {
+ return policyResource;
+ }
+
+ @Override
+ public String getOptionsString() {
+ return optionsString;
+ }
+
+
+ public String getOption(String name) {
+ String ret = null;
+
+ if(options != null && name != null) {
+ ret = options.get(name);
+ }
+
+ return ret;
+ }
+
+ public String getOption(String name, String defaultValue) {
+ String ret = getOption(name);
+
+ if(StringUtils.isEmpty(ret)) {
+ ret = defaultValue;
+ }
+
+ return ret;
+ }
+
+ public boolean getBooleanOption(String name) {
+ String val = getOption(name);
+
+ boolean ret = StringUtils.isEmpty(val) ? false : Boolean.parseBoolean(val);
+
+ return ret;
+ }
+
+ public boolean getBooleanOption(String name, boolean defaultValue) {
+ String strVal = getOption(name);
+
+ boolean ret = StringUtils.isEmpty(strVal) ? defaultValue : Boolean.parseBoolean(strVal);
+
+ return ret;
+ }
+
+ public String getWildCardPattern(String policyValue) {
+ if (policyValue != null) {
+ policyValue = policyValue.replaceAll("\\?", "\\.")
+ .replaceAll("\\*", ".*") ;
+ }
+
+ return policyValue ;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerAbstractResourceMatcher={");
+
+ sb.append("resourceDef={");
+ if(resourceDef != null) {
+ resourceDef.toString(sb);
+ }
+ sb.append("} ");
+ sb.append("policyResource={");
+ if(policyResource != null) {
+ policyResource.toString(sb);
+ }
+ sb.append("} ");
+ sb.append("optionsString={").append(optionsString).append("} ");
+ sb.append("optIgnoreCase={").append(optIgnoreCase).append("} ");
+ sb.append("optWildCard={").append(optWildCard).append("} ");
+ sb.append("policyValues={").append(StringUtils.join(policyValues, ",")).append("} ");
+ sb.append("policyIsExcludes={").append(policyIsExcludes).append("} ");
+ sb.append("isMatchAny={").append(isMatchAny).append("} ");
+
+ sb.append("options={");
+ if(options != null) {
+ for(Map.Entry<String, String> e : options.entrySet()) {
+ sb.append(e.getKey()).append("=").append(e.getValue()).append(OPTIONS_SEP);
+ }
+ }
+ sb.append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
new file mode 100644
index 0000000..13500dc
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.resourcematcher;
+
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
+
+
+public class RangerDefaultResourceMatcher extends RangerAbstractResourceMatcher {
+ private static final Log LOG = LogFactory.getLog(RangerDefaultResourceMatcher.class);
+
+
+ @Override
+ public void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource, String optionsString) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")");
+ }
+
+ super.init(resourceDef, policyResource, optionsString);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")");
+ }
+ }
+
+ @Override
+ public boolean isMatch(String resource) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultResourceMatcher.isMatch(" + resource + ")");
+ }
+
+ boolean ret = false;
+
+ if(resource != null) {
+ if(optIgnoreCase) {
+ resource = resource.toLowerCase();
+ }
+
+ for(String policyValue : policyValues) {
+ ret = optWildCard ? resource.matches(policyValue) : StringUtils.equals(resource, policyValue);
+
+ if(ret) {
+ break;
+ }
+ }
+ } else {
+ ret = isMatchAny;
+ }
+
+ if(policyIsExcludes) {
+ ret = !ret;
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultResourceMatcher.isMatch(" + resource + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerDefaultResourceMatcher={");
+
+ super.toString(sb);
+
+ sb.append("policyValues={");
+ if(policyValues != null) {
+ for(String value : policyValues) {
+ sb.append(value).append(",");
+ }
+ }
+ sb.append("} ");
+
+ sb.append("policyIsExcludes={").append(policyIsExcludes).append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
new file mode 100644
index 0000000..2cf3a68
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
@@ -0,0 +1,151 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.resourcematcher;
+
+import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
+
+
+public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher {
+ private static final Log LOG = LogFactory.getLog(RangerPathResourceMatcher.class);
+
+ private boolean policyIsRecursive = false;
+
+ @Override
+ public void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource, String optionsString) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPathResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")");
+ }
+
+ super.init(resourceDef, policyResource, optionsString);
+
+ policyIsRecursive = policyResource == null ? false : policyResource.getIsRecursive();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPathResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")");
+ }
+ }
+
+ @Override
+ public boolean isMatch(String resource) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPathResourceMatcher.isMatch(" + resource + ")");
+ }
+
+ boolean ret = false;
+
+ if(resource != null) {
+ if(optIgnoreCase) {
+ resource = resource.toLowerCase();
+ }
+
+ for(String policyValue : policyValues) {
+ if(policyIsRecursive) {
+ ret = StringUtils.startsWith(resource, policyValue);
+
+ if(! ret && optWildCard) {
+ ret = isRecursiveWildCardMatch(resource, policyValue) ;
+ }
+ } else {
+ ret = StringUtils.equals(resource, policyValue);
+
+ if(! ret && optWildCard) {
+ ret = FilenameUtils.wildcardMatch(resource, policyValue);
+ }
+ }
+
+ if(ret) {
+ break;
+ }
+ }
+ } else {
+ ret = isMatchAny;
+ }
+
+ if(policyIsExcludes) {
+ ret = !ret;
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPathResourceMatcher.isMatch(" + resource + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ private static boolean isRecursiveWildCardMatch(String pathToCheck, String wildcardPath) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + ")");
+ }
+
+ boolean ret = false;
+
+ if (pathToCheck != null) {
+ StringBuilder sb = new StringBuilder() ;
+
+ for(String p : pathToCheck.split(org.apache.hadoop.fs.Path.SEPARATOR) ) {
+ sb.append(p);
+
+ boolean matchFound = FilenameUtils.wildcardMatch(sb.toString(), wildcardPath) ;
+
+ if (matchFound) {
+ ret = true ;
+
+ break;
+ }
+
+ sb.append(org.apache.hadoop.fs.Path.SEPARATOR) ;
+ }
+
+ sb = null;
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPathResourceMatcher={");
+
+ super.toString(sb);
+
+ sb.append("policyValues={");
+ if(policyValues != null) {
+ for(String value : policyValues) {
+ sb.append(value).append(",");
+ }
+ }
+ sb.append("} ");
+
+ sb.append("policyIsExcludes={").append(policyIsExcludes).append("} ");
+ sb.append("policyIsRecursive={").append(policyIsRecursive).append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
new file mode 100644
index 0000000..c750cd8
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.resourcematcher;
+
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
+
+public interface RangerResourceMatcher {
+ void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource, String optionsString);
+
+ RangerResourceDef getResourceDef();
+
+ RangerPolicyResource getPolicyResource();
+
+ String getOptionsString();
+
+ boolean isMatch(String resource);
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
new file mode 100644
index 0000000..8f1fa5f
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -0,0 +1,178 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.service;
+
+import java.util.Collection;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.plugin.audit.RangerAuditHandler;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.policyengine.RangerAccessResult;
+import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
+import org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl;
+import org.apache.ranger.plugin.store.ServiceStore;
+import org.apache.ranger.plugin.store.ServiceStoreFactory;
+import org.apache.ranger.plugin.util.PolicyRefresher;
+
+
+public class RangerBasePlugin {
+ private String serviceType = null;
+ private String serviceName = null;
+ private RangerPolicyEngine policyEngine = null;
+ private PolicyRefresher refresher = null;
+
+
+ public RangerBasePlugin(String serviceType) {
+ this.serviceType = serviceType;
+ }
+
+ public String getServiceType() {
+ return serviceType;
+ }
+
+ public String getServiceName() {
+ return serviceName;
+ }
+
+ public RangerPolicyEngine getPolicyEngine() {
+ return policyEngine;
+ }
+
+ public void init() {
+ RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl();
+
+ init(policyEngine);
+ }
+
+ public synchronized void init(RangerPolicyEngine policyEngine) {
+ cleanup();
+
+
+ String serviceName = RangerConfiguration.getInstance().get("ranger.plugin." + serviceType + ".service.name");
+ String serviceStoreClass = RangerConfiguration.getInstance().get("ranger.plugin." + serviceType + ".service.store.class", "org.apache.ranger.plugin.store.rest.ServiceRESTStore");
+ String cacheDir = RangerConfiguration.getInstance().get("ranger.plugin." + serviceType + ".service.store.cache.dir", "/tmp");
+ long pollingIntervalMs = RangerConfiguration.getInstance().getLong("ranger.plugin." + serviceType + ".service.store.pollIntervalMs", 30 * 1000);
+
+ if(StringUtils.isEmpty(serviceName)) {
+ // get the serviceName from download URL: http://ranger-admin-host:port/service/assets/policyList/serviceName
+ String policyDownloadUrl = RangerConfiguration.getInstance().get("xasecure." + serviceType + ".policymgr.url");
+
+ if(! StringUtils.isEmpty(policyDownloadUrl)) {
+ int idx = policyDownloadUrl.lastIndexOf('/');
+
+ if(idx != -1) {
+ serviceName = policyDownloadUrl.substring(idx + 1);
+ }
+ }
+ }
+
+ ServiceStore serviceStore = ServiceStoreFactory.instance().getServiceStore(serviceStoreClass);
+
+ refresher = new PolicyRefresher(policyEngine, serviceType, serviceName, serviceStore, pollingIntervalMs, cacheDir);
+ refresher.startRefresher();
+ this.policyEngine = policyEngine;
+ }
+
+ public synchronized void cleanup() {
+ PolicyRefresher refresher = this.refresher;
+
+ this.serviceName = null;
+ this.policyEngine = null;
+ this.refresher = null;
+
+ if(refresher != null) {
+ refresher.stopRefresher();
+ }
+ }
+
+ public void setDefaultAuditHandler(RangerAuditHandler auditHandler) {
+ RangerPolicyEngine policyEngine = this.policyEngine;
+
+ if(policyEngine != null) {
+ policyEngine.setDefaultAuditHandler(auditHandler);
+ }
+ }
+
+ public RangerAuditHandler getDefaultAuditHandler() {
+ RangerPolicyEngine policyEngine = this.policyEngine;
+
+ if(policyEngine != null) {
+ return policyEngine.getDefaultAuditHandler();
+ }
+
+ return null;
+ }
+
+
+ public RangerAccessResult createAccessResult(RangerAccessRequest request) {
+ RangerPolicyEngine policyEngine = this.policyEngine;
+
+ if(policyEngine != null) {
+ return policyEngine.createAccessResult(request);
+ }
+
+ return null;
+ }
+
+
+ public RangerAccessResult isAccessAllowed(RangerAccessRequest request) {
+ RangerPolicyEngine policyEngine = this.policyEngine;
+
+ if(policyEngine != null) {
+ return policyEngine.isAccessAllowed(request);
+ }
+
+ return null;
+ }
+
+
+ public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests) {
+ RangerPolicyEngine policyEngine = this.policyEngine;
+
+ if(policyEngine != null) {
+ return policyEngine.isAccessAllowed(requests);
+ }
+
+ return null;
+ }
+
+
+ public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler) {
+ RangerPolicyEngine policyEngine = this.policyEngine;
+
+ if(policyEngine != null) {
+ return policyEngine.isAccessAllowed(request, auditHandler);
+ }
+
+ return null;
+ }
+
+
+ public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAuditHandler auditHandler) {
+ RangerPolicyEngine policyEngine = this.policyEngine;
+
+ if(policyEngine != null) {
+ return policyEngine.isAccessAllowed(requests, auditHandler);
+ }
+
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
new file mode 100644
index 0000000..8eeb439
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.service;
+
+import java.util.List;
+
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+
+
+public abstract class RangerBaseService {
+ private RangerServiceDef serviceDef;
+ private RangerService service;
+
+
+ public void init(RangerServiceDef serviceDef, RangerService service) {
+ this.serviceDef = serviceDef;
+ this.service = service;
+ }
+
+ /**
+ * @return the serviceDef
+ */
+ public RangerServiceDef getServiceDef() {
+ return serviceDef;
+ }
+
+ /**
+ * @return the service
+ */
+ public RangerService getService() {
+ return service;
+ }
+
+ public abstract void validateConfig() throws Exception;
+
+ public abstract List<String> lookupResource(ResourceLookupContext context) throws Exception;
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
new file mode 100644
index 0000000..b5c3dda
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/ResourceLookupContext.java
@@ -0,0 +1,72 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.service;
+
+import java.util.List;
+import java.util.Map;
+
+
+public class ResourceLookupContext {
+ private String userInput;
+ private String resourceName;
+ private Map<String, List<String>> resources;
+
+
+ public ResourceLookupContext() {
+
+ }
+
+ /**
+ * @return the userInput
+ */
+ public String getUserInput() {
+ return userInput;
+ }
+ /**
+ * @param userInput the userInput to set
+ */
+ public void setUserInput(String userInput) {
+ this.userInput = userInput;
+ }
+ /**
+ * @return the resourceName
+ */
+ public String getResourceName() {
+ return resourceName;
+ }
+ /**
+ * @param resourceName the resourceName to set
+ */
+ public void setResourceName(String resourceName) {
+ this.resourceName = resourceName;
+ }
+ /**
+ * @return the resources
+ */
+ public Map<String, List<String>> getResources() {
+ return resources;
+ }
+ /**
+ * @param resources the resources to set
+ */
+ public void setResources(Map<String, List<String>> resources) {
+ this.resources = resources;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
new file mode 100644
index 0000000..e8d970c
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store;
+
+import java.util.List;
+
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.plugin.util.ServicePolicies;
+
+public interface ServiceStore {
+ void init() throws Exception;
+
+ RangerServiceDef createServiceDef(RangerServiceDef serviceDef) throws Exception;
+
+ RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) throws Exception;
+
+ void deleteServiceDef(Long id) throws Exception;
+
+ RangerServiceDef getServiceDef(Long id) throws Exception;
+
+ RangerServiceDef getServiceDefByName(String name) throws Exception;
+
+ List<RangerServiceDef> getServiceDefs(SearchFilter filter) throws Exception;
+
+
+ RangerService createService(RangerService service) throws Exception;
+
+ RangerService updateService(RangerService service) throws Exception;
+
+ void deleteService(Long id) throws Exception;
+
+ RangerService getService(Long id) throws Exception;
+
+ RangerService getServiceByName(String name) throws Exception;
+
+ List<RangerService> getServices(SearchFilter filter) throws Exception;
+
+
+ RangerPolicy createPolicy(RangerPolicy policy) throws Exception;
+
+ RangerPolicy updatePolicy(RangerPolicy policy) throws Exception;
+
+ void deletePolicy(Long id) throws Exception;
+
+ RangerPolicy getPolicy(Long id) throws Exception;
+
+ List<RangerPolicy> getPolicies(SearchFilter filter) throws Exception;
+
+ List<RangerPolicy> getServicePolicies(Long serviceId, SearchFilter filter) throws Exception;
+
+ List<RangerPolicy> getServicePolicies(String serviceName, SearchFilter filter) throws Exception;
+
+ ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long lastKnownVersion) throws Exception;
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStoreFactory.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStoreFactory.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStoreFactory.java
new file mode 100644
index 0000000..f9a2404
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStoreFactory.java
@@ -0,0 +1,113 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+
+
+public class ServiceStoreFactory {
+ private static final Log LOG = LogFactory.getLog(ServiceStoreFactory.class);
+
+ private static ServiceStoreFactory sInstance = null;
+
+ private Map<String, ServiceStore> serviceStores = null;
+ private ServiceStore defaultServiceStore = null;
+
+
+ public static ServiceStoreFactory instance() {
+ if(sInstance == null) {
+ sInstance = new ServiceStoreFactory();
+ }
+
+ return sInstance;
+ }
+
+ public ServiceStore getServiceStore() {
+ ServiceStore ret = defaultServiceStore;
+
+ if(ret == null) { // if no service store has been created yet, create the default store. TODO: review the impact and update, if necessary
+ String defaultServiceStoreClass = RangerConfiguration.getInstance().get("ranger.default.service.store.class", "org.apache.ranger.plugin.store.file.ServiceFileStore");
+
+ ret = getServiceStore(defaultServiceStoreClass);
+ }
+
+ return ret;
+ }
+
+ public ServiceStore getServiceStore(String storeClassname) {
+ ServiceStore ret = serviceStores.get(storeClassname);
+
+ if(ret == null) {
+ synchronized(this) {
+ ret = serviceStores.get(storeClassname);
+
+ if(ret == null) {
+ try {
+ @SuppressWarnings("unchecked")
+ Class<ServiceStore> storeClass = (Class<ServiceStore>)Class.forName(storeClassname);
+
+ ret = storeClass.newInstance();
+
+ ret.init();
+
+ serviceStores.put(storeClassname, ret);
+
+ if(defaultServiceStore == null) {
+ defaultServiceStore = ret;
+ }
+ } catch(Exception excp) {
+ LOG.error("failed to instantiate service store of type " + storeClassname, excp);
+ }
+ }
+ }
+ }
+
+ return ret;
+ }
+
+ private ServiceStoreFactory() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceStoreFactory.ServiceStoreFactory()");
+ }
+
+ init();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceStoreFactory.ServiceStoreFactory()");
+ }
+ }
+
+ private void init() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceStoreFactory.init()");
+ }
+
+ serviceStores = new HashMap<String, ServiceStore>();
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceStoreFactory.init()");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
new file mode 100644
index 0000000..17b46f9
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
@@ -0,0 +1,390 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store.file;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.UUID;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.FSDataInputStream;
+import org.apache.hadoop.fs.FSDataOutputStream;
+import org.apache.hadoop.fs.FileStatus;
+import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.fs.PathFilter;
+import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.plugin.model.RangerBaseModelObject;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+
+public class BaseFileStore {
+ private static final Log LOG = LogFactory.getLog(BaseFileStore.class);
+
+ private Gson gsonBuilder = null;
+ private String dataDir = null;
+
+ protected static String FILE_PREFIX_SERVICE_DEF = "ranger-servicedef-";
+ protected static String FILE_PREFIX_SERVICE = "ranger-service-";
+ protected static String FILE_PREFIX_POLICY = "ranger-policy-";
+ protected static String FILE_SUFFIX_JSON = ".json";
+
+
+ protected void initStore() {
+ dataDir = RangerConfiguration.getInstance().get("ranger.service.store.file.dir", "file:///etc/ranger/data");
+
+ try {
+ gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
+ } catch(Throwable excp) {
+ LOG.fatal("BaseFileStore.init(): failed to create GsonBuilder object", excp);
+ }
+ }
+
+ protected String getDataDir() {
+ return dataDir;
+ }
+
+ protected String getServiceDefFile(Long id) {
+ String filePath = dataDir + Path.SEPARATOR + FILE_PREFIX_SERVICE_DEF + id + FILE_SUFFIX_JSON;
+
+ return filePath;
+ }
+
+ protected String getServiceFile(Long id) {
+ String filePath = dataDir + Path.SEPARATOR + FILE_PREFIX_SERVICE + id + FILE_SUFFIX_JSON;
+
+ return filePath;
+ }
+
+ protected String getPolicyFile(Long serviceId, Long policyId) {
+ String filePath = dataDir + Path.SEPARATOR + FILE_PREFIX_POLICY + serviceId + "-" + policyId + FILE_SUFFIX_JSON;
+
+ return filePath;
+ }
+
+ protected <T> T loadFromResource(String resource, Class<T> cls) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> BaseFileStore.loadFromResource(" + resource + ")");
+ }
+
+ InputStream inStream = this.getClass().getResourceAsStream(resource);
+
+ T ret = loadFromStream(inStream, cls);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== BaseFileStore.loadFromResource(" + resource + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected <T> T loadFromStream(InputStream inStream, Class<T> cls) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> BaseFileStore.loadFromStream()");
+ }
+
+ InputStreamReader reader = new InputStreamReader(inStream);
+
+ T ret = gsonBuilder.fromJson(reader, cls);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== BaseFileStore.loadFromStream(): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected <T> T loadFromFile(Path filePath, Class<T> cls) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> BaseFileStore.loadFromFile(" + filePath + ")");
+ }
+
+ T ret = null;
+ InputStreamReader reader = null;
+
+ try {
+ FileSystem fileSystem = getFileSystem(filePath);
+ FSDataInputStream inStream = fileSystem.open(filePath);
+
+ ret = loadFromStream(inStream, cls);
+ } finally {
+ close(reader);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== BaseFileStore.loadFromFile(" + filePath + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected <T> List<T> loadFromDir(Path dirPath, final String filePrefix, Class<T> cls) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> BaseFileStore.loadFromDir()");
+ }
+
+ List<T> ret = new ArrayList<T>();
+
+ try {
+ FileSystem fileSystem = getFileSystem(dirPath);
+
+ if(fileSystem.exists(dirPath) && fileSystem.isDirectory(dirPath)) {
+ PathFilter filter = new PathFilter() {
+ @Override
+ public boolean accept(Path path) {
+ return path.getName().startsWith(filePrefix) &&
+ path.getName().endsWith(FILE_SUFFIX_JSON);
+ }
+ };
+
+ FileStatus[] sdFiles = fileSystem.listStatus(dirPath, filter);
+
+ if(sdFiles != null) {
+ for(FileStatus sdFile : sdFiles) {
+ T obj = loadFromFile(sdFile.getPath(), cls);
+
+ if(obj != null) {
+ ret.add(obj);
+ }
+ }
+ }
+ } else {
+ LOG.error(dirPath + ": does not exists or not a directory");
+ }
+ } catch(IOException excp) {
+ LOG.warn("error loading service-def in directory " + dirPath, excp);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== BaseFileStore.loadFromDir(): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ protected <T> T saveToFile(T obj, Path filePath, boolean overWrite) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> BaseFileStore.saveToFile(" + filePath + ")");
+ }
+
+ OutputStreamWriter writer = null;
+
+ try {
+ FileSystem fileSystem = getFileSystem(filePath);
+ FSDataOutputStream outStream = fileSystem.create(filePath, overWrite);
+
+ writer = new OutputStreamWriter(outStream);
+
+ gsonBuilder.toJson(obj, writer);
+ } finally {
+ close(writer);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== BaseFileStore.saveToFile(" + filePath + "): " + obj);
+ }
+
+ return obj;
+ }
+
+ protected boolean deleteFile(Path filePath) throws Exception {
+ LOG.debug("==> BaseFileStore.deleteFile(" + filePath + ")");
+
+ FileSystem fileSystem = getFileSystem(filePath);
+
+ boolean ret = false;
+
+ if(fileSystem.exists(filePath)) {
+ ret = fileSystem.delete(filePath, false);
+ } else {
+ ret = true; // nothing to delete
+ }
+
+ LOG.debug("<== BaseFileStore.deleteFile(" + filePath + "): " + ret);
+
+ return ret;
+ }
+
+ protected boolean renamePath(Path oldPath, Path newPath) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> BaseFileStore.renamePath(" + oldPath + "," + newPath + ")");
+ }
+
+ FileSystem fileSystem = getFileSystem(oldPath);
+
+ boolean ret = false;
+
+ if(fileSystem.exists(oldPath)) {
+ if(! fileSystem.exists(newPath)) {
+ ret = fileSystem.rename(oldPath, newPath);
+ } else {
+ LOG.warn("target of rename '" + newPath + "' already exists");
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== BaseFileStore.renamePath(" + oldPath + "," + newPath + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ protected RangerServiceDef saveToFile(RangerServiceDef serviceDef, boolean overWrite) throws Exception {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> BaseFileStore.saveToFile(" + serviceDef + "," + overWrite + ")");
+ }
+
+ Path filePath = new Path(getServiceDefFile(serviceDef.getId()));
+
+ RangerServiceDef ret = saveToFile(serviceDef, filePath, overWrite);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== BaseFileStore.saveToFile(" + serviceDef + "," + overWrite + "): ");
+ }
+
+ return ret;
+ }
+
+ protected RangerService saveToFile(RangerService service, boolean overWrite) throws Exception {
+ Path filePath = new Path(getServiceFile(service.getId()));
+
+ RangerService ret = saveToFile(service, filePath, overWrite);
+
+ return ret;
+ }
+
+ protected RangerPolicy saveToFile(RangerPolicy policy, long serviceId, boolean overWrite) throws Exception {
+ Path filePath = new Path(getPolicyFile(serviceId, policy.getId()));
+
+ RangerPolicy ret = saveToFile(policy, filePath, overWrite);
+
+ return ret;
+ }
+
+ protected long getMaxId(List<? extends RangerBaseModelObject> objs) {
+ long ret = -1;
+
+ if(objs != null) {
+ for(RangerBaseModelObject obj : objs) {
+ if(obj.getId() > ret) {
+ ret = obj.getId();
+ }
+ }
+ }
+
+ return ret;
+ }
+ protected FileSystem getFileSystem(Path filePath) throws Exception {
+ Configuration conf = new Configuration();
+ FileSystem fileSystem = filePath.getFileSystem(conf);
+
+ return fileSystem;
+ }
+
+ protected void close(FileSystem fs) {
+ if(fs != null) {
+ try {
+ fs.close();
+ } catch(IOException excp) {
+ // ignore
+ }
+ }
+ }
+
+ protected void close(InputStreamReader reader) {
+ if(reader != null) {
+ try {
+ reader.close();
+ } catch(IOException excp) {
+ // ignore
+ }
+ }
+ }
+
+ protected void close(OutputStreamWriter writer) {
+ if(writer != null) {
+ try {
+ writer.close();
+ } catch(IOException excp) {
+ // ignore
+ }
+ }
+ }
+
+ protected void preCreate(RangerBaseModelObject obj) {
+ obj.setId(new Long(0));
+ obj.setGuid(UUID.randomUUID().toString());
+ obj.setCreateTime(new Date());
+ obj.setUpdateTime(obj.getCreateTime());
+ obj.setVersion(new Long(1));
+ }
+
+ protected void postCreate(RangerBaseModelObject obj) {
+ // TODO:
+ }
+
+ protected void preUpdate(RangerBaseModelObject obj) {
+ if(obj.getId() == null) {
+ obj.setId(new Long(0));
+ }
+
+ if(obj.getGuid() == null) {
+ obj.setGuid(UUID.randomUUID().toString());
+ }
+
+ if(obj.getCreateTime() == null) {
+ obj.setCreateTime(new Date());
+ }
+
+ Long version = obj.getVersion();
+
+ if(version == null) {
+ version = new Long(1);
+ } else {
+ version = new Long(version.longValue() + 1);
+ }
+
+ obj.setVersion(version);
+ obj.setUpdateTime(new Date());
+ }
+
+ protected void postUpdate(RangerBaseModelObject obj) {
+ // TODO:
+ }
+
+ protected void preDelete(RangerBaseModelObject obj) {
+ // TODO:
+ }
+
+ protected void postDelete(RangerBaseModelObject obj) {
+ // TODO:
+ }
+}
[8/8] incubator-ranger git commit: RANGER-203: moved
pluggable-service-model implementation from plugin-common to exiting project
ranger-plugin-common
Posted by ma...@apache.org.
RANGER-203: moved pluggable-service-model implementation from plugin-common to exiting project ranger-plugin-common
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/217e1892
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/217e1892
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/217e1892
Branch: refs/heads/stack
Commit: 217e18924017500a0871b2a7cb47d2095960b8cf
Parents: 46633a9
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Sat Jan 31 12:38:28 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Jan 31 12:38:28 2015 -0800
----------------------------------------------------------------------
.../.settings/org.eclipse.core.resources.prefs | 3 +
agents-common/pom.xml | 4 +
.../ranger/plugin/audit/RangerAuditHandler.java | 31 +
.../plugin/audit/RangerDefaultAuditHandler.java | 231 +++
.../plugin/model/RangerBaseModelObject.java | 179 ++
.../ranger/plugin/model/RangerPolicy.java | 686 ++++++++
.../ranger/plugin/model/RangerService.java | 216 +++
.../ranger/plugin/model/RangerServiceDef.java | 1320 +++++++++++++++
.../policyengine/RangerAccessRequest.java | 48 +
.../policyengine/RangerAccessRequestImpl.java | 208 +++
.../plugin/policyengine/RangerAccessResult.java | 157 ++
.../policyengine/RangerMutableResource.java | 27 +
.../plugin/policyengine/RangerPolicyEngine.java | 54 +
.../policyengine/RangerPolicyEngineImpl.java | 254 +++
.../plugin/policyengine/RangerResource.java | 33 +
.../plugin/policyengine/RangerResourceImpl.java | 107 ++
.../RangerAbstractPolicyEvaluator.java | 79 +
.../RangerDefaultPolicyEvaluator.java | 446 +++++
.../policyevaluator/RangerPolicyEvaluator.java | 35 +
.../RangerAbstractResourceMatcher.java | 226 +++
.../RangerDefaultResourceMatcher.java | 101 ++
.../RangerPathResourceMatcher.java | 151 ++
.../resourcematcher/RangerResourceMatcher.java | 35 +
.../ranger/plugin/service/RangerBasePlugin.java | 178 ++
.../plugin/service/RangerBaseService.java | 55 +
.../plugin/service/ResourceLookupContext.java | 72 +
.../ranger/plugin/store/ServiceStore.java | 74 +
.../plugin/store/ServiceStoreFactory.java | 113 ++
.../ranger/plugin/store/file/BaseFileStore.java | 390 +++++
.../plugin/store/file/ServiceFileStore.java | 1589 ++++++++++++++++++
.../plugin/store/rest/ServiceRESTStore.java | 609 +++++++
.../ranger/plugin/util/PolicyRefresher.java | 154 ++
.../ranger/plugin/util/RangerRESTClient.java | 376 +++++
.../apache/ranger/plugin/util/SearchFilter.java | 116 ++
.../ranger/plugin/util/ServicePolicies.java | 125 ++
.../service-defs/ranger-servicedef-hbase.json | 50 +
.../service-defs/ranger-servicedef-hdfs.json | 60 +
.../service-defs/ranger-servicedef-hive.json | 43 +
.../service-defs/ranger-servicedef-knox.json | 34 +
.../service-defs/ranger-servicedef-storm.json | 46 +
.../plugin/policyengine/TestPolicyEngine.java | 145 ++
.../ranger/plugin/store/TestServiceStore.java | 248 +++
.../ranger/plugin/util/TestPolicyRefresher.java | 183 ++
.../policyengine/test_policyengine_hbase.json | 159 ++
.../policyengine/test_policyengine_hdfs.json | 156 ++
.../policyengine/test_policyengine_hive.json | 261 +++
agents-impl/.gitignore | 1 +
hbase-agent/pom.xml | 5 -
hdfs-agent/pom.xml | 5 -
hive-agent/pom.xml | 5 -
jisql/.gitignore | 4 +
lookup-client/.gitignore | 1 +
.../ranger/plugin/audit/RangerAuditHandler.java | 31 -
.../plugin/audit/RangerDefaultAuditHandler.java | 231 ---
.../plugin/model/RangerBaseModelObject.java | 179 --
.../ranger/plugin/model/RangerPolicy.java | 686 --------
.../ranger/plugin/model/RangerService.java | 216 ---
.../ranger/plugin/model/RangerServiceDef.java | 1320 ---------------
.../policyengine/RangerAccessRequest.java | 48 -
.../policyengine/RangerAccessRequestImpl.java | 208 ---
.../plugin/policyengine/RangerAccessResult.java | 157 --
.../policyengine/RangerMutableResource.java | 27 -
.../plugin/policyengine/RangerPolicyEngine.java | 54 -
.../policyengine/RangerPolicyEngineImpl.java | 254 ---
.../plugin/policyengine/RangerResource.java | 33 -
.../plugin/policyengine/RangerResourceImpl.java | 107 --
.../RangerAbstractPolicyEvaluator.java | 79 -
.../RangerDefaultPolicyEvaluator.java | 446 -----
.../policyevaluator/RangerPolicyEvaluator.java | 35 -
.../RangerAbstractResourceMatcher.java | 226 ---
.../RangerDefaultResourceMatcher.java | 101 --
.../RangerPathResourceMatcher.java | 151 --
.../resourcematcher/RangerResourceMatcher.java | 35 -
.../ranger/plugin/service/RangerBasePlugin.java | 178 --
.../plugin/service/RangerBaseService.java | 55 -
.../plugin/service/ResourceLookupContext.java | 72 -
.../ranger/plugin/store/ServiceStore.java | 74 -
.../plugin/store/ServiceStoreFactory.java | 113 --
.../ranger/plugin/store/file/BaseFileStore.java | 390 -----
.../plugin/store/file/ServiceFileStore.java | 1589 ------------------
.../plugin/store/rest/ServiceRESTStore.java | 609 -------
.../ranger/plugin/util/PolicyRefresher.java | 154 --
.../ranger/plugin/util/RangerRESTClient.java | 376 -----
.../apache/ranger/plugin/util/SearchFilter.java | 116 --
.../ranger/plugin/util/ServicePolicies.java | 125 --
.../service-defs/ranger-servicedef-hbase.json | 50 -
.../service-defs/ranger-servicedef-hdfs.json | 60 -
.../service-defs/ranger-servicedef-hive.json | 43 -
.../service-defs/ranger-servicedef-knox.json | 34 -
.../service-defs/ranger-servicedef-storm.json | 46 -
.../plugin/policyengine/TestPolicyEngine.java | 145 --
.../ranger/plugin/store/TestServiceStore.java | 248 ---
.../ranger/plugin/util/TestPolicyRefresher.java | 183 --
.../policyengine/test_policyengine_hbase.json | 159 --
.../policyengine/test_policyengine_hdfs.json | 156 --
.../policyengine/test_policyengine_hive.json | 261 ---
pom.xml | 1 -
security-admin/.gitignore | 1 +
.../.settings/org.eclipse.wst.common.component | 5 +-
security-admin/pom.xml | 17 +-
storm-agent/.gitignore | 1 +
unixauthclient/.gitignore | 1 +
102 files changed, 9882 insertions(+), 9892 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/.settings/org.eclipse.core.resources.prefs
----------------------------------------------------------------------
diff --git a/agents-common/.settings/org.eclipse.core.resources.prefs b/agents-common/.settings/org.eclipse.core.resources.prefs
index e9441bb..29abf99 100644
--- a/agents-common/.settings/org.eclipse.core.resources.prefs
+++ b/agents-common/.settings/org.eclipse.core.resources.prefs
@@ -1,3 +1,6 @@
eclipse.preferences.version=1
encoding//src/main/java=UTF-8
+encoding//src/main/resources=UTF-8
+encoding//src/test/java=UTF-8
+encoding//src/test/resources=UTF-8
encoding/<project>=UTF-8
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/pom.xml
----------------------------------------------------------------------
diff --git a/agents-common/pom.xml b/agents-common/pom.xml
index a26f45d..e2e904a 100644
--- a/agents-common/pom.xml
+++ b/agents-common/pom.xml
@@ -52,6 +52,10 @@
<artifactId>log4j</artifactId>
<version>${log4j.version}</version>
</dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
<dependency>
<groupId>security_plugins.ranger-plugins-audit</groupId>
<artifactId>ranger-plugins-audit</artifactId>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java
new file mode 100644
index 0000000..45a63c2
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.audit;
+
+import java.util.Collection;
+
+import org.apache.ranger.plugin.policyengine.RangerAccessResult;
+
+
+public interface RangerAuditHandler {
+ void logAudit(RangerAccessResult result);
+
+ void logAudit(Collection<RangerAccessResult> results);
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
new file mode 100644
index 0000000..feb6e98
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
@@ -0,0 +1,231 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.audit;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.audit.model.AuthzAuditEvent;
+import org.apache.ranger.audit.provider.AuditProviderFactory;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.policyengine.RangerAccessResult;
+import org.apache.ranger.plugin.policyengine.RangerResource;
+
+
+public class RangerDefaultAuditHandler implements RangerAuditHandler {
+ private static final Log LOG = LogFactory.getLog(RangerDefaultAuditHandler.class);
+
+ private static final String RESOURCE_SEP = "/";
+
+
+ public RangerDefaultAuditHandler() {
+ }
+
+ @Override
+ public void logAudit(RangerAccessResult result) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + result + ")");
+ }
+
+ AuthzAuditEvent event = getAuthzEvents(result);
+
+ logAuthzAudit(event);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + result + ")");
+ }
+ }
+
+ @Override
+ public void logAudit(Collection<RangerAccessResult> results) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + results + ")");
+ }
+
+ Collection<AuthzAuditEvent> events = getAuthzEvents(results);
+
+ logAuthzAudits(events);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + results + ")");
+ }
+ }
+
+
+ public AuthzAuditEvent getAuthzEvents(RangerAccessResult result) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultAuditHandler.getAuthzEvents(" + result + ")");
+ }
+
+ AuthzAuditEvent ret = null;
+
+ RangerAccessRequest request = result != null ? result.getAccessRequest() : null;
+
+ if(request != null && result != null && result.getIsAudited()) {
+ RangerServiceDef serviceDef = result.getServiceDef();
+ String resourceType = getResourceName(request.getResource(), serviceDef);
+ String resourcePath = getResourceValueAsString(request.getResource(), serviceDef);
+
+ ret = createAuthzAuditEvent();
+
+ ret.setRepositoryName(result.getServiceName());
+ ret.setRepositoryType(result.getServiceType());
+ ret.setResourceType(resourceType);
+ ret.setResourcePath(resourcePath);
+ ret.setRequestData(request.getRequestData());
+ ret.setEventTime(request.getAccessTime());
+ ret.setUser(request.getUser());
+ ret.setAccessType(request.getAction());
+ ret.setAccessResult((short)(result.getIsAllowed() ? 1 : 0));
+ ret.setPolicyId(result.getPolicyId());
+ ret.setAclEnforcer("ranger-acl"); // TODO: review
+ ret.setAction(request.getAccessType());
+ ret.setClientIP(request.getClientIPAddress());
+ ret.setClientType(request.getClientType());
+ ret.setAgentHostname(null);
+ ret.setAgentId(null);
+ ret.setEventId(null);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultAuditHandler.getAuthzEvents(" + result + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public Collection<AuthzAuditEvent> getAuthzEvents(Collection<RangerAccessResult> results) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultAuditHandler.getAuthzEvents(" + results + ")");
+ }
+
+ List<AuthzAuditEvent> ret = null;
+
+ if(results != null) {
+ // TODO: optimize the number of audit logs created
+ for(RangerAccessResult result : results) {
+ AuthzAuditEvent event = getAuthzEvents(result);
+
+ if(event == null) {
+ continue;
+ }
+
+ if(ret == null) {
+ ret = new ArrayList<AuthzAuditEvent>();
+ }
+
+ ret.add(event);
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultAuditHandler.getAuthzEvents(" + results + "): " + ret);
+ }
+
+ return ret;
+ }
+
+ public void logAuthzAudit(AuthzAuditEvent auditEvent) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultAuditHandler.logAuthzAudit(" + auditEvent + ")");
+ }
+
+ if(auditEvent != null) {
+ AuditProviderFactory.getAuditProvider().log(auditEvent);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultAuditHandler.logAuthzAudit(" + auditEvent + ")");
+ }
+ }
+
+ public void logAuthzAudits(Collection<AuthzAuditEvent> auditEvents) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultAuditHandler.logAuthzAudits(" + auditEvents + ")");
+ }
+
+ if(auditEvents != null) {
+ for(AuthzAuditEvent auditEvent : auditEvents) {
+ logAuthzAudit(auditEvent);
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultAuditHandler.logAuthzAudits(" + auditEvents + ")");
+ }
+ }
+
+ public AuthzAuditEvent createAuthzAuditEvent() {
+ return new AuthzAuditEvent();
+ }
+
+ public String getResourceName(RangerResource resource, RangerServiceDef serviceDef) {
+ String ret = null;
+
+ if(resource != null && serviceDef != null && serviceDef.getResources() != null) {
+ List<RangerResourceDef> resourceDefs = serviceDef.getResources();
+
+ for(int idx = resourceDefs.size() - 1; idx >= 0; idx--) {
+ RangerResourceDef resourceDef = resourceDefs.get(idx);
+
+ if(resourceDef == null || !resource.exists(resourceDef.getName())) {
+ continue;
+ }
+
+ ret = resourceDef.getName();
+
+ break;
+ }
+ }
+
+ return ret;
+ }
+
+ public String getResourceValueAsString(RangerResource resource, RangerServiceDef serviceDef) {
+ String ret = null;
+
+ if(resource != null && serviceDef != null && serviceDef.getResources() != null) {
+ StringBuilder sb = new StringBuilder();
+
+ for(RangerResourceDef resourceDef : serviceDef.getResources()) {
+ if(resourceDef == null || !resource.exists(resourceDef.getName())) {
+ continue;
+ }
+
+ if(sb.length() > 0) {
+ sb.append(RESOURCE_SEP);
+ }
+
+ sb.append(resource.getValue(resourceDef.getName()));
+ }
+
+ if(sb.length() > 0) {
+ ret = sb.toString();
+ }
+ }
+
+ return ret;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java
new file mode 100644
index 0000000..b90d387
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java
@@ -0,0 +1,179 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.model;
+
+import java.util.Date;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class RangerBaseModelObject implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private Long id = null;
+ private String guid = null;
+ private Boolean isEnabled = null;
+ private String createdBy = null;
+ private String updatedBy = null;
+ private Date createTime = null;
+ private Date updateTime = null;
+ private Long version = null;
+
+ /**
+ *
+ */
+ public RangerBaseModelObject() {
+ setIsEnabled(null);
+ }
+
+ public void updateFrom(RangerBaseModelObject other) {
+ setIsEnabled(other.getIsEnabled());
+ }
+
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+ /**
+ * @param id the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+ /**
+ * @return the guid
+ */
+ public String getGuid() {
+ return guid;
+ }
+ /**
+ * @param guid the guid to set
+ */
+ public void setGuid(String guid) {
+ this.guid = guid;
+ }
+ /**
+ * @return the isEnabled
+ */
+ public Boolean getIsEnabled() {
+ return isEnabled;
+ }
+ /**
+ * @param isEnabled the isEnabled to set
+ */
+ public void setIsEnabled(Boolean isEnabled) {
+ this.isEnabled = isEnabled == null ? Boolean.TRUE : isEnabled;
+ }
+ /**
+ * @return the createdBy
+ */
+ public String getCreatedBy() {
+ return createdBy;
+ }
+ /**
+ * @param createdBy the createdBy to set
+ */
+ public void setCreatedBy(String createdBy) {
+ this.createdBy = createdBy;
+ }
+ /**
+ * @return the updatedBy
+ */
+ public String getUpdatedBy() {
+ return updatedBy;
+ }
+ /**
+ * @param updatedBy the updatedBy to set
+ */
+ public void setUpdatedBy(String updatedBy) {
+ this.updatedBy = updatedBy;
+ }
+ /**
+ * @return the createTime
+ */
+ public Date getCreateTime() {
+ return createTime;
+ }
+ /**
+ * @param createTime the createTime to set
+ */
+ public void setCreateTime(Date createTime) {
+ this.createTime = createTime;
+ }
+ /**
+ * @return the updateTime
+ */
+ public Date getUpdateTime() {
+ return updateTime;
+ }
+ /**
+ * @param updateTime the updateTime to set
+ */
+ public void setUpdateTime(Date updateTime) {
+ this.updateTime = updateTime;
+ }
+ /**
+ * @return the version
+ */
+ public Long getVersion() {
+ return version;
+ }
+ /**
+ * @param version the version to set
+ */
+ public void setVersion(Long version) {
+ this.version = version;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("id={").append(id).append("} ");
+ sb.append("guid={").append(guid).append("} ");
+ sb.append("isEnabled={").append(isEnabled).append("} ");
+ sb.append("createdBy={").append(createdBy).append("} ");
+ sb.append("updatedBy={").append(updatedBy).append("} ");
+ sb.append("createTime={").append(createTime).append("} ");
+ sb.append("updateTime={").append(updateTime).append("} ");
+ sb.append("version={").append(version).append("} ");
+
+ return sb;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
new file mode 100644
index 0000000..78ba6e2
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
@@ -0,0 +1,686 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.model;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class RangerPolicy extends RangerBaseModelObject implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String service = null;
+ private String name = null;
+ private String description = null;
+ private Boolean isAuditEnabled = null;
+ private Map<String, RangerPolicyResource> resources = null;
+ private List<RangerPolicyItem> policyItems = null;
+
+
+ /**
+ * @param type
+ */
+ public RangerPolicy() {
+ this(null, null, null, null, null);
+ }
+
+ /**
+ * @param type
+ * @param name
+ * @param description
+ * @param resources
+ * @param policyItems
+ */
+ public RangerPolicy(String service, String name, String description, Map<String, RangerPolicyResource> resources, List<RangerPolicyItem> policyItems) {
+ super();
+
+ setService(service);
+ setName(name);
+ setDescription(description);
+ setIsAuditEnabled(null);
+ setResources(resources);
+ setPolicyItems(policyItems);
+ }
+
+ /**
+ * @param other
+ */
+ public void updateFrom(RangerPolicy other) {
+ super.updateFrom(other);
+
+ setService(other.getService());
+ setName(other.getName());
+ setDescription(other.getDescription());
+ setIsAuditEnabled(other.getIsAuditEnabled());
+ setResources(other.getResources());
+ setPolicyItems(other.getPolicyItems());
+ }
+
+ /**
+ * @return the type
+ */
+ public String getService() {
+ return service;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setService(String service) {
+ this.service = service;
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * @param description the description to set
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * @return the isAuditEnabled
+ */
+ public Boolean getIsAuditEnabled() {
+ return isAuditEnabled;
+ }
+
+ /**
+ * @param isEnabled the isEnabled to set
+ */
+ public void setIsAuditEnabled(Boolean isAuditEnabled) {
+ this.isAuditEnabled = isAuditEnabled == null ? Boolean.TRUE : isAuditEnabled;
+ }
+
+ /**
+ * @return the resources
+ */
+ public Map<String, RangerPolicyResource> getResources() {
+ return resources;
+ }
+
+ /**
+ * @param configs the resources to set
+ */
+ public void setResources(Map<String, RangerPolicyResource> resources) {
+ if(this.resources == null) {
+ this.resources = new HashMap<String, RangerPolicyResource>();
+ }
+
+ if(this.resources == resources) {
+ return;
+ }
+
+ this.resources.clear();
+
+ if(resources != null) {
+ for(Map.Entry<String, RangerPolicyResource> e : resources.entrySet()) {
+ this.resources.put(e.getKey(), e.getValue());
+ }
+ }
+ }
+
+ /**
+ * @return the policyItems
+ */
+ public List<RangerPolicyItem> getPolicyItems() {
+ return policyItems;
+ }
+
+ /**
+ * @param policyItems the policyItems to set
+ */
+ public void setPolicyItems(List<RangerPolicyItem> policyItems) {
+ if(this.policyItems == null) {
+ this.policyItems = new ArrayList<RangerPolicyItem>();
+ }
+
+ if(this.policyItems == policyItems) {
+ return;
+ }
+
+ this.policyItems.clear();
+
+ if(policyItems != null) {
+ for(RangerPolicyItem policyItem : policyItems) {
+ this.policyItems.add(policyItem);
+ }
+ }
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPolicy={");
+
+ super.toString(sb);
+
+ sb.append("service={").append(service).append("} ");
+ sb.append("name={").append(name).append("} ");
+ sb.append("description={").append(description).append("} ");
+ sb.append("isAuditEnabled={").append(isAuditEnabled).append("} ");
+
+ sb.append("resources={");
+ if(resources != null) {
+ for(Map.Entry<String, RangerPolicyResource> e : resources.entrySet()) {
+ sb.append(e.getKey()).append("={");
+ e.getValue().toString(sb);
+ sb.append("} ");
+ }
+ }
+ sb.append("} ");
+
+ sb.append("policyItems={");
+ if(policyItems != null) {
+ for(RangerPolicyItem policyItem : policyItems) {
+ if(policyItem != null) {
+ policyItem.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+
+
+ public static class RangerPolicyResource implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private List<String> values = null;
+ private Boolean isExcludes = null;
+ private Boolean isRecursive = null;
+
+
+ public RangerPolicyResource() {
+ this((List<String>)null, null, null);
+ }
+
+ public RangerPolicyResource(String value, Boolean isExcludes, Boolean isRecursive) {
+ setValue(value);
+ setIsExcludes(isExcludes);
+ setIsRecursive(isRecursive);
+ }
+
+ public RangerPolicyResource(List<String> values, Boolean isExcludes, Boolean isRecursive) {
+ setValues(values);
+ setIsExcludes(isExcludes);
+ setIsRecursive(isRecursive);
+ }
+
+ /**
+ * @return the values
+ */
+ public List<String> getValues() {
+ return values;
+ }
+
+ /**
+ * @param values the values to set
+ */
+ public void setValues(List<String> values) {
+ if(this.values == null) {
+ this.values = new ArrayList<String>();
+ }
+
+ if(this.values == values) {
+ return;
+ }
+
+ this.values.clear();
+
+ if(values != null) {
+ for(String value : values) {
+ this.values.add(value);
+ }
+ }
+ }
+
+ /**
+ * @param value the value to set
+ */
+ public void setValue(String value) {
+ if(this.values == null) {
+ this.values = new ArrayList<String>();
+ }
+
+ this.values.clear();
+
+ this.values.add(value);
+ }
+
+ /**
+ * @return the isExcludes
+ */
+ public Boolean getIsExcludes() {
+ return isExcludes;
+ }
+
+ /**
+ * @param isExcludes the isExcludes to set
+ */
+ public void setIsExcludes(Boolean isExcludes) {
+ this.isExcludes = isExcludes == null ? Boolean.FALSE : isExcludes;
+ }
+
+ /**
+ * @return the isRecursive
+ */
+ public Boolean getIsRecursive() {
+ return isRecursive;
+ }
+
+ /**
+ * @param isRecursive the isRecursive to set
+ */
+ public void setIsRecursive(Boolean isRecursive) {
+ this.isRecursive = isRecursive == null ? Boolean.FALSE : isRecursive;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPolicyResource={");
+ sb.append("values={");
+ if(values != null) {
+ for(String value : values) {
+ sb.append(value).append(" ");
+ }
+ }
+ sb.append("} ");
+ sb.append("isExcludes={").append(isExcludes).append("} ");
+ sb.append("isRecursive={").append(isRecursive).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+ public static class RangerPolicyItem implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private List<RangerPolicyItemAccess> accesses = null;
+ private List<String> users = null;
+ private List<String> groups = null;
+ private List<RangerPolicyItemCondition> conditions = null;
+ private Boolean delegateAdmin = null;
+
+ public RangerPolicyItem() {
+ this(null, null, null, null, null);
+ }
+
+ public RangerPolicyItem(List<RangerPolicyItemAccess> accessTypes, List<String> users, List<String> groups, List<RangerPolicyItemCondition> conditions, Boolean delegateAdmin) {
+ setAccesses(accessTypes);
+ setUsers(users);
+ setGroups(groups);
+ setConditions(conditions);
+ setDelegateAdmin(delegateAdmin);
+ }
+
+ /**
+ * @return the accesses
+ */
+ public List<RangerPolicyItemAccess> getAccesses() {
+ return accesses;
+ }
+ /**
+ * @param accesses the accesses to set
+ */
+ public void setAccesses(List<RangerPolicyItemAccess> accesses) {
+ if(this.accesses == null) {
+ this.accesses = new ArrayList<RangerPolicyItemAccess>();
+ }
+
+ if(this.accesses == accesses) {
+ return;
+ }
+
+ if(accesses != null) {
+ for(RangerPolicyItemAccess access : accesses) {
+ this.accesses.add(access);
+ }
+ }
+ }
+ /**
+ * @return the users
+ */
+ public List<String> getUsers() {
+ return users;
+ }
+ /**
+ * @param users the users to set
+ */
+ public void setUsers(List<String> users) {
+ if(this.users == null) {
+ this.users = new ArrayList<String>();
+ }
+
+ if(this.users == users) {
+ return;
+ }
+
+ if(users != null) {
+ for(String user : users) {
+ this.users.add(user);
+ }
+ }
+ }
+ /**
+ * @return the groups
+ */
+ public List<String> getGroups() {
+ return groups;
+ }
+ /**
+ * @param groups the groups to set
+ */
+ public void setGroups(List<String> groups) {
+ if(this.groups == null) {
+ this.groups = new ArrayList<String>();
+ }
+
+ if(this.groups == groups) {
+ return;
+ }
+
+ if(groups != null) {
+ for(String group : groups) {
+ this.groups.add(group);
+ }
+ }
+ }
+ /**
+ * @return the conditions
+ */
+ public List<RangerPolicyItemCondition> getConditions() {
+ return conditions;
+ }
+ /**
+ * @param conditions the conditions to set
+ */
+ public void setConditions(List<RangerPolicyItemCondition> conditions) {
+ if(this.conditions == null) {
+ this.conditions = new ArrayList<RangerPolicyItemCondition>();
+ }
+
+ if(this.conditions == conditions) {
+ return;
+ }
+
+ if(conditions != null) {
+ for(RangerPolicyItemCondition condition : conditions) {
+ this.conditions.add(condition);
+ }
+ }
+ }
+
+ /**
+ * @return the delegateAdmin
+ */
+ public Boolean getDelegateAdmin() {
+ return delegateAdmin;
+ }
+
+ /**
+ * @param delegateAdmin the delegateAdmin to set
+ */
+ public void setDelegateAdmin(Boolean delegateAdmin) {
+ this.delegateAdmin = delegateAdmin == null ? Boolean.FALSE : delegateAdmin;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPolicyItem={");
+
+ sb.append("accessTypes={");
+ if(accesses != null) {
+ for(RangerPolicyItemAccess access : accesses) {
+ if(access != null) {
+ access.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("users={");
+ if(users != null) {
+ for(String user : users) {
+ if(user != null) {
+ sb.append(user).append(" ");
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("groups={");
+ if(groups != null) {
+ for(String group : groups) {
+ if(group != null) {
+ sb.append(group).append(" ");
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("conditions={");
+ if(conditions != null) {
+ for(RangerPolicyItemCondition condition : conditions) {
+ if(condition != null) {
+ condition.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("delegateAdmin={").append(delegateAdmin).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+ public static class RangerPolicyItemAccess implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String type = null;
+ private Boolean isAllowed = null;
+
+ public RangerPolicyItemAccess() {
+ this(null, null);
+ }
+
+ public RangerPolicyItemAccess(String type) {
+ this(type, null);
+ }
+
+ public RangerPolicyItemAccess(String type, Boolean isAllowed) {
+ setType(type);
+ setIsAllowed(isAllowed);
+ }
+
+ /**
+ * @return the type
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ /**
+ * @return the isAllowed
+ */
+ public Boolean getIsAllowed() {
+ return isAllowed;
+ }
+
+ /**
+ * @param isAllowed the isAllowed to set
+ */
+ public void setIsAllowed(Boolean isAllowed) {
+ this.isAllowed = isAllowed == null ? Boolean.TRUE : isAllowed;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPolicyItemAccess={");
+ sb.append("type={").append(type).append("} ");
+ sb.append("isAllowed={").append(isAllowed).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+ public static class RangerPolicyItemCondition implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String type = null;
+ private String value = null;
+
+ public RangerPolicyItemCondition() {
+ this(null, null);
+ }
+
+ public RangerPolicyItemCondition(String type, String value) {
+ setType(type);
+ setValue(value);
+ }
+
+ /**
+ * @return the type
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ /**
+ * @return the value
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * @param value the value to set
+ */
+ public void setValue(String value) {
+ this.value = value;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPolicyItemCondition={");
+ sb.append("type={").append(type).append("} ");
+ sb.append("value={").append(value).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
new file mode 100644
index 0000000..f5e4d3e
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
@@ -0,0 +1,216 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.model;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class RangerService extends RangerBaseModelObject implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String type = null;
+ private String name = null;
+ private String description = null;
+ private Map<String, String> configs = null;
+ private Long policyVersion = null;
+ private Date policyUpdateTime = null;
+
+
+ /**
+ * @param type
+ */
+ public RangerService() {
+ this(null, null, null, null);
+ }
+
+ /**
+ * @param type
+ * @param name
+ * @param description
+ * @param configs
+ */
+ public RangerService(String type, String name, String description, Map<String, String> configs) {
+ super();
+
+ setType(type);
+ setName(name);
+ setDescription(description);
+ setConfigs(configs);
+ }
+
+ /**
+ * @param other
+ */
+ public void updateFrom(RangerService other) {
+ super.updateFrom(other);
+
+ setType(other.getType());
+ setName(other.getName());
+ setDescription(other.getDescription());
+ setConfigs(other.getConfigs());
+ }
+
+ /**
+ * @return the type
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * @param description the description to set
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * @return the configs
+ */
+ public Map<String, String> getConfigs() {
+ return configs;
+ }
+
+ /**
+ * @param configs the configs to set
+ */
+ public void setConfigs(Map<String, String> configs) {
+ if(this.configs == null) {
+ this.configs = new HashMap<String, String>();
+ }
+
+ if(this.configs == configs) {
+ return;
+ }
+
+ this.configs.clear();
+
+ if(configs != null) {
+ for(Map.Entry<String, String> e : configs.entrySet()) {
+ this.configs.put(e.getKey(), e.getValue());
+ }
+ }
+ }
+
+ /**
+ * @return the policyVersion
+ */
+ public Long getPolicyVersion() {
+ return policyVersion;
+ }
+
+ /**
+ * @param policyVersion the policyVersion to set
+ */
+ public void setPolicyVersion(Long policyVersion) {
+ this.policyVersion = policyVersion;
+ }
+
+ /**
+ * @return the policyUpdateTime
+ */
+ public Date getPolicyUpdateTime() {
+ return policyUpdateTime;
+ }
+
+ /**
+ * @param policyUpdateTime the policyUpdateTime to set
+ */
+ public void setPolicyUpdateTime(Date policyUpdateTime) {
+ this.policyUpdateTime = policyUpdateTime;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerService={");
+
+ super.toString(sb);
+ sb.append("name={").append(name).append("} ");
+ sb.append("type={").append(type).append("} ");
+ sb.append("description={").append(description).append("} ");
+
+ sb.append("configs={");
+ if(configs != null) {
+ for(Map.Entry<String, String> e : configs.entrySet()) {
+ sb.append(e.getKey()).append("={").append(e.getValue()).append("} ");
+ }
+ }
+ sb.append("} ");
+
+ sb.append("policyVersion={").append(policyVersion).append("} ");
+ sb.append("policyUpdateTime={").append(policyUpdateTime).append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
new file mode 100644
index 0000000..2841a23
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
@@ -0,0 +1,1320 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.model;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class RangerServiceDef extends RangerBaseModelObject implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private String implClass = null;
+ private String label = null;
+ private String description = null;
+ private String rbKeyLabel = null;
+ private String rbKeyDescription = null;
+ private List<RangerServiceConfigDef> configs = null;
+ private List<RangerResourceDef> resources = null;
+ private List<RangerAccessTypeDef> accessTypes = null;
+ private List<RangerPolicyConditionDef> policyConditions = null;
+ private List<RangerEnumDef> enums = null;
+
+
+ public RangerServiceDef() {
+ this(null, null, null, null, null, null, null, null, null);
+ }
+
+ /**
+ * @param name
+ * @param implClass
+ * @param label
+ * @param description
+ * @param configs
+ * @param resources
+ * @param accessTypes
+ * @param policyConditions
+ * @param enums
+ */
+ public RangerServiceDef(String name, String implClass, String label, String description, List<RangerServiceConfigDef> configs, List<RangerResourceDef> resources, List<RangerAccessTypeDef> accessTypes, List<RangerPolicyConditionDef> policyConditions, List<RangerEnumDef> enums) {
+ super();
+
+ setName(name);
+ setImplClass(implClass);
+ setLabel(label);
+ setDescription(description);
+ setConfigs(configs);
+ setResources(resources);
+ setAccessTypes(accessTypes);
+ setPolicyConditions(policyConditions);
+ setEnums(enums);
+ }
+
+ /**
+ * @param other
+ */
+ public void updateFrom(RangerServiceDef other) {
+ super.updateFrom(other);
+
+ setName(other.getName());
+ setImplClass(other.getImplClass());
+ setLabel(other.getLabel());
+ setDescription(other.getDescription());
+ setConfigs(other.getConfigs());
+ setResources(other.getResources());
+ setAccessTypes(other.getAccessTypes());
+ setPolicyConditions(other.getPolicyConditions());
+ setEnums(other.getEnums());
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the implClass
+ */
+ public String getImplClass() {
+ return implClass;
+ }
+
+ /**
+ * @param implClass the implClass to set
+ */
+ public void setImplClass(String implClass) {
+ this.implClass = implClass;
+ }
+
+ /**
+ * @return the label
+ */
+ public String getLabel() {
+ return label;
+ }
+
+ /**
+ * @param label the label to set
+ */
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ /**
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * @param description the description to set
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * @return the rbKeyLabel
+ */
+ public String getRbKeyLabel() {
+ return rbKeyLabel;
+ }
+
+ /**
+ * @param rbKeyLabel the rbKeyLabel to set
+ */
+ public void setRbKeyLabel(String rbKeyLabel) {
+ this.rbKeyLabel = rbKeyLabel;
+ }
+
+ /**
+ * @return the rbKeyDescription
+ */
+ public String getRbKeyDescription() {
+ return rbKeyDescription;
+ }
+
+ /**
+ * @param rbKeyDescription the rbKeyDescription to set
+ */
+ public void setRbKeyDescription(String rbKeyDescription) {
+ this.rbKeyDescription = rbKeyDescription;
+ }
+
+ /**
+ * @return the configs
+ */
+ public List<RangerServiceConfigDef> getConfigs() {
+ return configs;
+ }
+
+ /**
+ * @param configs the configs to set
+ */
+ public void setConfigs(List<RangerServiceConfigDef> configs) {
+ if(this.configs == null) {
+ this.configs = new ArrayList<RangerServiceConfigDef>();
+ } else
+
+ if(this.configs == configs) {
+ return;
+ }
+
+ this.configs.clear();
+
+ if(configs != null) {
+ for(RangerServiceConfigDef config : configs) {
+ this.configs.add(config);
+ }
+ }
+ }
+
+ /**
+ * @return the resources
+ */
+ public List<RangerResourceDef> getResources() {
+ return resources;
+ }
+
+ /**
+ * @param resources the resources to set
+ */
+ public void setResources(List<RangerResourceDef> resources) {
+ if(this.resources == null) {
+ this.resources = new ArrayList<RangerResourceDef>();
+ }
+
+ if(this.resources == resources) {
+ return;
+ }
+
+ this.resources.clear();
+
+ if(resources != null) {
+ for(RangerResourceDef resource : resources) {
+ this.resources.add(resource);
+ }
+ }
+ }
+
+ /**
+ * @return the accessTypes
+ */
+ public List<RangerAccessTypeDef> getAccessTypes() {
+ return accessTypes;
+ }
+
+ /**
+ * @param accessTypes the accessTypes to set
+ */
+ public void setAccessTypes(List<RangerAccessTypeDef> accessTypes) {
+ if(this.accessTypes == null) {
+ this.accessTypes = new ArrayList<RangerAccessTypeDef>();
+ }
+
+ if(this.accessTypes == accessTypes) {
+ return;
+ }
+
+ this.accessTypes.clear();
+
+ if(accessTypes != null) {
+ for(RangerAccessTypeDef accessType : accessTypes) {
+ this.accessTypes.add(accessType);
+ }
+ }
+ }
+
+ /**
+ * @return the policyConditions
+ */
+ public List<RangerPolicyConditionDef> getPolicyConditions() {
+ return policyConditions;
+ }
+
+ /**
+ * @param policyConditions the policyConditions to set
+ */
+ public void setPolicyConditions(List<RangerPolicyConditionDef> policyConditions) {
+ if(this.policyConditions == null) {
+ this.policyConditions = new ArrayList<RangerPolicyConditionDef>();
+ }
+
+ if(this.policyConditions == policyConditions) {
+ return;
+ }
+
+ this.policyConditions.clear();
+
+ if(policyConditions != null) {
+ for(RangerPolicyConditionDef policyCondition : policyConditions) {
+ this.policyConditions.add(policyCondition);
+ }
+ }
+ }
+
+ /**
+ * @return the enums
+ */
+ public List<RangerEnumDef> getEnums() {
+ return enums;
+ }
+
+ /**
+ * @param enums the enums to set
+ */
+ public void setEnums(List<RangerEnumDef> enums) {
+ if(this.enums == null) {
+ this.enums = new ArrayList<RangerEnumDef>();
+ }
+
+ if(this.enums == enums) {
+ return;
+ }
+
+ this.enums.clear();
+
+ if(enums != null) {
+ for(RangerEnumDef enum1 : enums) {
+ this.enums.add(enum1);
+ }
+ }
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerServiceDef={");
+
+ super.toString(sb);
+
+ sb.append("name={").append(name).append("} ");
+ sb.append("implClass={").append(implClass).append("} ");
+ sb.append("label={").append(label).append("} ");
+ sb.append("description={").append(description).append("} ");
+ sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
+ sb.append("rbKeyDescription={").append(rbKeyDescription).append("} ");
+
+ sb.append("configs={");
+ if(configs != null) {
+ for(RangerServiceConfigDef config : configs) {
+ if(config != null) {
+ config.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("resources={");
+ if(resources != null) {
+ for(RangerResourceDef resource : resources) {
+ if(resource != null) {
+ resource.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("accessTypes={");
+ if(accessTypes != null) {
+ for(RangerAccessTypeDef accessType : accessTypes) {
+ if(accessType != null) {
+ accessType.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("policyConditions={");
+ if(policyConditions != null) {
+ for(RangerPolicyConditionDef policyCondition : policyConditions) {
+ if(policyCondition != null) {
+ policyCondition.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("enums={");
+ if(enums != null) {
+ for(RangerEnumDef e : enums) {
+ if(e != null) {
+ e.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+
+
+ public static class RangerEnumDef implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private List<RangerEnumElementDef> elements = null;
+ private Integer defaultIndex = null;
+
+
+ public RangerEnumDef() {
+ this(null, null, null);
+ }
+
+ public RangerEnumDef(String name, List<RangerEnumElementDef> elements, Integer defaultIndex) {
+ setName(name);
+ setElements(elements);
+ setDefaultIndex(defaultIndex);
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the elements
+ */
+ public List<RangerEnumElementDef> getElements() {
+ return elements;
+ }
+
+ /**
+ * @param elements the elements to set
+ */
+ public void setElements(List<RangerEnumElementDef> elements) {
+ if(this.elements == null) {
+ this.elements = new ArrayList<RangerEnumElementDef>();
+ }
+
+ if(this.elements == elements) {
+ return;
+ }
+
+ this.elements.clear();
+
+ if(elements != null) {
+ for(RangerEnumElementDef element : elements) {
+ this.elements.add(element);
+ }
+ }
+ }
+
+ /**
+ * @return the defaultIndex
+ */
+ public Integer getDefaultIndex() {
+ return defaultIndex;
+ }
+
+ /**
+ * @param defaultIndex the defaultIndex to set
+ */
+ public void setDefaultIndex(Integer defaultIndex) {
+ this.defaultIndex = (defaultIndex != null && this.elements.size() > defaultIndex) ? defaultIndex : 0;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerEnumDef={");
+ sb.append("name={").append(name).append("} ");
+ sb.append("elements={");
+ if(elements != null) {
+ for(RangerEnumElementDef element : elements) {
+ if(element != null) {
+ element.toString(sb);
+ }
+ }
+ }
+ sb.append("} ");
+ sb.append("defaultIndex={").append(defaultIndex).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+
+ public static class RangerEnumElementDef implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private String label = null;
+ private String rbKeyLabel = null;
+
+
+ public RangerEnumElementDef() {
+ this(null, null, null);
+ }
+
+ public RangerEnumElementDef(String name, String label, String rbKeyLabel) {
+ setName(name);
+ setLabel(label);
+ setRbKeyLabel(rbKeyLabel);
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the label
+ */
+ public String getLabel() {
+ return label;
+ }
+
+ /**
+ * @param label the label to set
+ */
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ /**
+ * @return the rbKeyLabel
+ */
+ public String getRbKeyLabel() {
+ return rbKeyLabel;
+ }
+
+ /**
+ * @param rbKeyLabel the rbKeyLabel to set
+ */
+ public void setRbKeyLabel(String rbKeyLabel) {
+ this.rbKeyLabel = rbKeyLabel;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerEnumElementDef={");
+ sb.append("name={").append(name).append("} ");
+ sb.append("label={").append(label).append("} ");
+ sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+
+ public static class RangerServiceConfigDef implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private String type = null;
+ private String subType = null;
+ private Boolean mandatory = null;
+ private String defaultValue = null;
+ private String label = null;
+ private String description = null;
+ private String rbKeyLabel = null;
+ private String rbKeyDescription = null;
+
+
+ public RangerServiceConfigDef() {
+ this(null, null, null, null, null, null, null, null, null);
+ }
+
+ public RangerServiceConfigDef(String name, String type, String subType, Boolean mandatory, String defaultValue, String label, String description, String rbKeyLabel, String rbKeyDescription) {
+ setName(name);
+ setType(type);
+ setSubType(subType);
+ setMandatory(mandatory);
+ setDefaultValue(defaultValue);
+ setLabel(label);
+ setDescription(description);
+ setRbKeyLabel(rbKeyLabel);
+ setRbKeyDescription(rbKeyDescription);
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the type
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ /**
+ * @return the type
+ */
+ public String getSubType() {
+ return subType;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setSubType(String subType) {
+ this.subType = subType;
+ }
+
+ /**
+ * @return the mandatory
+ */
+ public Boolean getMandatory() {
+ return mandatory;
+ }
+
+ /**
+ * @param mandatory the mandatory to set
+ */
+ public void setMandatory(Boolean mandatory) {
+ this.mandatory = mandatory == null ? Boolean.FALSE : mandatory;
+ }
+
+ /**
+ * @return the defaultValue
+ */
+ public String getDefaultValue() {
+ return defaultValue;
+ }
+
+ /**
+ * @param defaultValue the defaultValue to set
+ */
+ public void setDefaultValue(String defaultValue) {
+ this.defaultValue = defaultValue;
+ }
+
+ /**
+ * @return the label
+ */
+ public String getLabel() {
+ return label;
+ }
+
+ /**
+ * @param label the label to set
+ */
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ /**
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * @param description the description to set
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * @return the rbKeyLabel
+ */
+ public String getRbKeyLabel() {
+ return rbKeyLabel;
+ }
+
+ /**
+ * @param rbKeyLabel the rbKeyLabel to set
+ */
+ public void setRbKeyLabel(String rbKeyLabel) {
+ this.rbKeyLabel = rbKeyLabel;
+ }
+
+ /**
+ * @return the rbKeyDescription
+ */
+ public String getRbKeyDescription() {
+ return rbKeyDescription;
+ }
+
+ /**
+ * @param rbKeyDescription the rbKeyDescription to set
+ */
+ public void setRbKeyDescription(String rbKeyDescription) {
+ this.rbKeyDescription = rbKeyDescription;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerServiceConfigDef={");
+ sb.append("name={").append(name).append("} ");
+ sb.append("type={").append(type).append("} ");
+ sb.append("subType={").append(subType).append("} ");
+ sb.append("mandatory={").append(mandatory).append("} ");
+ sb.append("defaultValue={").append(defaultValue).append("} ");
+ sb.append("label={").append(label).append("} ");
+ sb.append("description={").append(description).append("} ");
+ sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
+ sb.append("rbKeyDescription={").append(rbKeyDescription).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+
+ public static class RangerResourceDef implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private String type = null;
+ private Integer level = null;
+ private String parent = null;
+ private Boolean mandatory = null;
+ private Boolean lookupSupported = null;
+ private Boolean recursiveSupported = null;
+ private Boolean excludesSupported = null;
+ private String matcher = null;
+ private String matcherOptions = null;
+ private String label = null;
+ private String description = null;
+ private String rbKeyLabel = null;
+ private String rbKeyDescription = null;
+
+
+ public RangerResourceDef() {
+ this(null, null, null, null, null, null, null, null, null, null, null, null, null, null);
+ }
+
+ public RangerResourceDef(String name, String type, Integer level, String parent, Boolean mandatory, Boolean lookupSupported, Boolean recursiveSupported, Boolean excludesSupported, String matcher, String matcherOptions, String label, String description, String rbKeyLabel, String rbKeyDescription) {
+ setName(name);
+ setType(type);
+ setLevel(level);
+ setParent(parent);
+ setMandatory(mandatory);
+ setLookupSupported(lookupSupported);
+ setRecursiveSupported(recursiveSupported);
+ setExcludesSupported(excludesSupported);
+ setMatcher(matcher);
+ setMatcher(matcherOptions);
+ setLabel(label);
+ setDescription(description);
+ setRbKeyLabel(rbKeyLabel);
+ setRbKeyDescription(rbKeyDescription);
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the type
+ */
+ public String getType() {
+ return type;
+ }
+
+ /**
+ * @param type the type to set
+ */
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ /**
+ * @return the level
+ */
+ public Integer getLevel() {
+ return level;
+ }
+
+ /**
+ * @param level the level to set
+ */
+ public void setLevel(Integer level) {
+ this.level = level == null ? 1 : level;
+ }
+
+ /**
+ * @return the parent
+ */
+ public String getParent() {
+ return parent;
+ }
+
+ /**
+ * @param parent the parent to set
+ */
+ public void setParent(String parent) {
+ this.parent = parent;
+ }
+
+ /**
+ * @return the mandatory
+ */
+ public Boolean getMandatory() {
+ return mandatory;
+ }
+
+ /**
+ * @param mandatory the mandatory to set
+ */
+ public void setMandatory(Boolean mandatory) {
+ this.mandatory = mandatory == null ? Boolean.FALSE : mandatory;
+ }
+
+ /**
+ * @return the lookupSupported
+ */
+ public Boolean getLookupSupported() {
+ return lookupSupported;
+ }
+
+ /**
+ * @param lookupSupported the lookupSupported to set
+ */
+ public void setLookupSupported(Boolean lookupSupported) {
+ this.lookupSupported = lookupSupported == null ? Boolean.FALSE : lookupSupported;
+ }
+
+ /**
+ * @return the recursiveSupported
+ */
+ public Boolean getRecursiveSupported() {
+ return recursiveSupported;
+ }
+
+ /**
+ * @param recursiveSupported the recursiveSupported to set
+ */
+ public void setRecursiveSupported(Boolean recursiveSupported) {
+ this.recursiveSupported = recursiveSupported == null ? Boolean.FALSE : recursiveSupported;
+ }
+
+ /**
+ * @return the excludesSupported
+ */
+ public Boolean getExcludesSupported() {
+ return excludesSupported;
+ }
+
+ /**
+ * @param excludesSupported the excludesSupported to set
+ */
+ public void setExcludesSupported(Boolean excludesSupported) {
+ this.excludesSupported = excludesSupported == null ? Boolean.FALSE : excludesSupported;
+ }
+
+ /**
+ * @return the matcher
+ */
+ public String getMatcher() {
+ return matcher;
+ }
+
+ /**
+ * @param matcher the matcher to set
+ */
+ public void setMatcher(String matcher) {
+ this.matcher = matcher;
+ }
+
+ /**
+ * @return the matcher
+ */
+ public String getMatcherOptions() {
+ return matcherOptions;
+ }
+
+ /**
+ * @param matcher the matcher to set
+ */
+ public void setMatcherOptions(String matcherOptions) {
+ this.matcherOptions = matcherOptions;
+ }
+
+ /**
+ * @return the label
+ */
+ public String getLabel() {
+ return label;
+ }
+
+ /**
+ * @param label the label to set
+ */
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ /**
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * @param description the description to set
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * @return the rbKeyLabel
+ */
+ public String getRbKeyLabel() {
+ return rbKeyLabel;
+ }
+
+ /**
+ * @param rbKeyLabel the rbKeyLabel to set
+ */
+ public void setRbKeyLabel(String rbKeyLabel) {
+ this.rbKeyLabel = rbKeyLabel;
+ }
+
+ /**
+ * @return the rbKeyDescription
+ */
+ public String getRbKeyDescription() {
+ return rbKeyDescription;
+ }
+
+ /**
+ * @param rbKeyDescription the rbKeyDescription to set
+ */
+ public void setRbKeyDescription(String rbKeyDescription) {
+ this.rbKeyDescription = rbKeyDescription;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerResourceDef={");
+ sb.append("name={").append(name).append("} ");
+ sb.append("type={").append(type).append("} ");
+ sb.append("level={").append(level).append("} ");
+ sb.append("parent={").append(parent).append("} ");
+ sb.append("mandatory={").append(mandatory).append("} ");
+ sb.append("lookupSupported={").append(lookupSupported).append("} ");
+ sb.append("recursiveSupported={").append(recursiveSupported).append("} ");
+ sb.append("excludesSupported={").append(excludesSupported).append("} ");
+ sb.append("matcher={").append(matcher).append("} ");
+ sb.append("matcherOptions={").append(matcherOptions).append("} ");
+ sb.append("label={").append(label).append("} ");
+ sb.append("description={").append(description).append("} ");
+ sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
+ sb.append("rbKeyDescription={").append(rbKeyDescription).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+
+ public static class RangerAccessTypeDef implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private String label = null;
+ private String rbKeyLabel = null;
+ private Collection<String> impliedGrants = null;
+
+
+ public RangerAccessTypeDef() {
+ this(null, null, null, null);
+ }
+
+ public RangerAccessTypeDef(String name, String label, String rbKeyLabel, Collection<String> impliedGrants) {
+ setName(name);
+ setLabel(label);
+ setRbKeyLabel(rbKeyLabel);
+ setImpliedGrants(impliedGrants);
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the label
+ */
+ public String getLabel() {
+ return label;
+ }
+
+ /**
+ * @param label the label to set
+ */
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ /**
+ * @return the rbKeyLabel
+ */
+ public String getRbKeyLabel() {
+ return rbKeyLabel;
+ }
+
+ /**
+ * @param rbKeyLabel the rbKeyLabel to set
+ */
+ public void setRbKeyLabel(String rbKeyLabel) {
+ this.rbKeyLabel = rbKeyLabel;
+ }
+
+ /**
+ * @return the impliedGrants
+ */
+ public Collection<String> getImpliedGrants() {
+ return impliedGrants;
+ }
+
+ /**
+ * @param impliedGrants the impliedGrants to set
+ */
+ public void setImpliedGrants(Collection<String> impliedGrants) {
+ if(this.impliedGrants == null) {
+ this.impliedGrants = new ArrayList<String>();
+ }
+
+ if(this.impliedGrants == impliedGrants) {
+ return;
+ }
+
+ this.impliedGrants.clear();
+
+ if(impliedGrants != null) {
+ for(String impliedGrant : impliedGrants) {
+ this.impliedGrants.add(impliedGrant);
+ }
+ }
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerAccessTypeDef={");
+ sb.append("name={").append(name).append("} ");
+ sb.append("label={").append(label).append("} ");
+ sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
+
+ sb.append("impliedGrants={");
+ if(impliedGrants != null) {
+ for(String impliedGrant : impliedGrants) {
+ if(impliedGrant != null) {
+ sb.append(impliedGrant).append(" ");
+ }
+ }
+ }
+ sb.append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+ }
+
+
+ public static class RangerPolicyConditionDef implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name = null;
+ private String evaluator = null;
+ private String evaluatorOptions = null;
+ private String label = null;
+ private String description = null;
+ private String rbKeyLabel = null;
+ private String rbKeyDescription = null;
+
+
+ public RangerPolicyConditionDef() {
+ this(null, null, null, null, null, null, null);
+ }
+
+ public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions) {
+ this(name, evaluator, evaluatorOptions, null, null, null, null);
+ }
+
+ public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String label) {
+ this(name, evaluator, evaluatorOptions, label, null, null, null);
+ }
+
+ public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String label, String description) {
+ this(name, evaluator, evaluatorOptions, label, description, null, null);
+ }
+
+ public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String label, String description, String rbKeyLabel, String rbKeyDescription) {
+ setName(name);
+ setEvaluator(evaluator);
+ setEvaluatorOptions(evaluatorOptions);
+ setLabel(label);
+ setDescription(description);
+ setRbKeyLabel(rbKeyLabel);
+ setRbKeyDescription(rbKeyDescription);
+ }
+
+ /**
+ * @return the name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the evaluator
+ */
+ public String getEvaluator() {
+ return evaluator;
+ }
+
+ /**
+ * @param evaluator the evaluator to set
+ */
+ public void setEvaluator(String evaluator) {
+ this.evaluator = evaluator;
+ }
+
+ /**
+ * @return the evaluator
+ */
+ public String getEvaluatorOptions() {
+ return evaluatorOptions;
+ }
+
+ /**
+ * @param evaluator the evaluator to set
+ */
+ public void setEvaluatorOptions(String evaluatorOptions) {
+ this.evaluatorOptions = evaluatorOptions;
+ }
+
+ /**
+ * @return the label
+ */
+ public String getLabel() {
+ return label;
+ }
+
+ /**
+ * @param label the label to set
+ */
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ /**
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * @param description the description to set
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * @return the rbKeyLabel
+ */
+ public String getRbKeyLabel() {
+ return rbKeyLabel;
+ }
+
+ /**
+ * @param rbKeyLabel the rbKeyLabel to set
+ */
+ public void setRbKeyLabel(String rbKeyLabel) {
+ this.rbKeyLabel = rbKeyLabel;
+ }
+
+ /**
+ * @return the rbKeyDescription
+ */
+ public String getRbKeyDescription() {
+ return rbKeyDescription;
+ }
+
+ /**
+ * @param rbKeyDescription the rbKeyDescription to set
+ */
+ public void setRbKeyDescription(String rbKeyDescription) {
+ this.rbKeyDescription = rbKeyDescription;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerPolicyConditionDef={");
+ sb.append("name={").append(name).append("} ");
+ sb.append("evaluator={").append(evaluator).append("} ");
+ sb.append("evaluatorOptions={").append(evaluatorOptions).append("} ");
+ sb.append("label={").append(label).append("} ");
+ sb.append("description={").append(description).append("} ");
+ sb.append("rbKeyLabel={").append(rbKeyLabel).append("} ");
+ sb.append("rbKeyDescription={").append(rbKeyDescription).append("} ");
+ sb.append("}");
+
+ return sb;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
new file mode 100644
index 0000000..56a55ae
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.Date;
+import java.util.Map;
+import java.util.Set;
+
+public interface RangerAccessRequest {
+ RangerResource getResource();
+
+ String getAccessType();
+
+ String getUser();
+
+ Set<String> getUserGroups();
+
+ Date getAccessTime();
+
+ String getClientIPAddress();
+
+ String getClientType();
+
+ String getAction();
+
+ String getRequestData();
+
+ String getSessionId();
+
+ Map<String, Object> getContext();
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
new file mode 100644
index 0000000..fff8d4c
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
@@ -0,0 +1,208 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.commons.lang.StringUtils;
+
+
+public class RangerAccessRequestImpl implements RangerAccessRequest {
+ private RangerResource resource = null;
+ private String accessType = null;
+ private String user = null;
+ private Set<String> userGroups = null;
+ private Date accessTime = null;
+ private String clientIPAddress = null;
+ private String clientType = null;
+ private String action = null;
+ private String requestData = null;
+ private String sessionId = null;
+ private Map<String, Object> context = null;
+
+
+ public RangerAccessRequestImpl() {
+ this(null, null, null, null);
+ }
+
+ public RangerAccessRequestImpl(RangerResource resource, String accessType, String user, Set<String> userGroups) {
+ setResource(resource);
+ setAccessType(accessType);
+ setUser(user);
+ setUserGroups(userGroups);
+
+ // set remaining fields to default value
+ setAccessTime(null);
+ setClientIPAddress(null);
+ setClientType(null);
+ setAction(null);
+ setRequestData(null);
+ setSessionId(null);
+ setContext(null);
+ }
+
+ @Override
+ public RangerResource getResource() {
+ return resource;
+ }
+
+ @Override
+ public String getAccessType() {
+ return accessType;
+ }
+
+ @Override
+ public String getUser() {
+ return user;
+ }
+
+ @Override
+ public Set<String> getUserGroups() {
+ return userGroups;
+ }
+
+ @Override
+ public Date getAccessTime() {
+ return accessTime;
+ }
+
+ @Override
+ public String getClientIPAddress() {
+ return clientIPAddress;
+ }
+
+ @Override
+ public String getClientType() {
+ return clientType;
+ }
+
+ @Override
+ public String getAction() {
+ return action;
+ }
+
+ @Override
+ public String getRequestData() {
+ return requestData;
+ }
+
+ @Override
+ public String getSessionId() {
+ return sessionId;
+ }
+
+ @Override
+ public Map<String, Object> getContext() {
+ return context;
+ }
+
+
+ public void setResource(RangerResource resource) {
+ this.resource = resource;
+ }
+
+ public void setAccessType(String accessType) {
+ this.accessType = accessType;
+ }
+
+ public void setUser(String user) {
+ this.user = user;
+ }
+
+ public void setUserGroups(Set<String> userGroups) {
+ this.userGroups = (userGroups == null) ? new HashSet<String>() : userGroups;
+ }
+
+ public void setAccessTime(Date accessTime) {
+ this.accessTime = (accessTime == null) ? new Date() : accessTime;
+ }
+
+ public void setClientIPAddress(String clientIPAddress) {
+ this.clientIPAddress = clientIPAddress;
+ }
+
+ public void setClientType(String clientType) {
+ this.clientType = clientType;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public void setRequestData(String requestData) {
+ this.requestData = requestData;
+ }
+
+ public void setSessionId(String sessionId) {
+ this.sessionId = sessionId;
+ }
+
+ public void setContext(Map<String, Object> context) {
+ this.context = (context == null) ? new HashMap<String, Object>() : context;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerAccessRequestImpl={");
+
+ sb.append("resource={").append(resource).append("} ");
+ sb.append("accessType={").append(accessType).append("} ");
+ sb.append("user={").append(user).append("} ");
+
+ sb.append("userGroups={");
+ if(userGroups != null) {
+ for(String userGroup : userGroups) {
+ sb.append(userGroup).append(" ");
+ }
+ }
+
+ sb.append("accessTime={").append(accessTime).append("} ");
+ sb.append("clientIPAddress={").append(clientIPAddress).append("} ");
+ sb.append("clientType={").append(clientType).append("} ");
+ sb.append("action={").append(action).append("} ");
+ sb.append("requestData={").append(requestData).append("} ");
+ sb.append("sessionId={").append(sessionId).append("} ");
+
+
+ sb.append("context={");
+ if(context != null) {
+ for(Map.Entry<String, Object> e : context.entrySet()) {
+ sb.append(e.getKey()).append("={").append(e.getValue()).append("} ");
+ }
+ }
+ sb.append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
new file mode 100644
index 0000000..2eaec16
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
@@ -0,0 +1,157 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import org.apache.ranger.plugin.model.RangerServiceDef;
+
+
+public class RangerAccessResult {
+ private String serviceName = null;
+ private RangerServiceDef serviceDef = null;
+ private RangerAccessRequest request = null;
+
+ private boolean isAllowed = false;
+ private boolean isAudited = false;
+ private long policyId = -1;
+ private String reason = null;
+
+ public RangerAccessResult(String serviceName, RangerServiceDef serviceDef, RangerAccessRequest request) {
+ this(serviceName, serviceDef, request, false, false, -1, null);
+ }
+
+ public RangerAccessResult(String serviceName, RangerServiceDef serviceDef, RangerAccessRequest request, boolean isAllowed, boolean isAudited, long policyId, String reason) {
+ this.serviceName = serviceName;
+ this.serviceDef = serviceDef;
+ this.request = request;
+ this.isAllowed = isAllowed;
+ this.isAudited = isAudited;
+ this.policyId = policyId;
+ this.reason = reason;
+ }
+
+ /**
+ * @return the serviceName
+ */
+ public String getServiceName() {
+ return serviceName;
+ }
+
+ /**
+ * @return the serviceDef
+ */
+ public RangerServiceDef getServiceDef() {
+ return serviceDef;
+ }
+
+ /**
+ * @return the request
+ */
+ public RangerAccessRequest getAccessRequest() {
+ return request;
+ }
+
+ /**
+ * @return the isAllowed
+ */
+ public boolean getIsAllowed() {
+ return isAllowed;
+ }
+
+ /**
+ * @param isAllowed the isAllowed to set
+ */
+ public void setIsAllowed(boolean isAllowed) {
+ this.isAllowed = isAllowed;
+ }
+
+ /**
+ * @param reason the reason to set
+ */
+ public void setReason(String reason) {
+ this.reason = reason;
+ }
+
+ /**
+ * @return the isAudited
+ */
+ public boolean getIsAudited() {
+ return isAudited;
+ }
+
+ /**
+ * @param isAudited the isAudited to set
+ */
+ public void setIsAudited(boolean isAudited) {
+ this.isAudited = isAudited;
+ }
+
+ /**
+ * @return the reason
+ */
+ public String getReason() {
+ return reason;
+ }
+
+ /**
+ * @return the policyId
+ */
+ public long getPolicyId() {
+ return policyId;
+ }
+
+ /**
+ * @return the policyId
+ */
+ public void setPolicyId(long policyId) {
+ this.policyId = policyId;
+ }
+
+ public int getServiceType() {
+ int ret = -1;
+
+ if(serviceDef != null && serviceDef.getId() != null) {
+ ret = serviceDef.getId().intValue();
+ }
+
+ return ret;
+ }
+
+ @Override
+ public String toString( ) {
+ StringBuilder sb = new StringBuilder();
+
+ toString(sb);
+
+ return sb.toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerAccessResult={");
+
+ sb.append("isAllowed={").append(isAllowed).append("} ");
+ sb.append("isAudited={").append(isAudited).append("} ");
+ sb.append("policyId={").append(policyId).append("} ");
+ sb.append("reason={").append(reason).append("} ");
+
+ sb.append("}");
+
+ return sb;
+ }
+}