You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/01/22 04:24:13 UTC
incubator-ranger git commit: RANGER-203: AccessRequest object added
to AccessResult object.
Repository: incubator-ranger
Updated Branches:
refs/heads/stack 84382d387 -> 55c260923
RANGER-203: AccessRequest object added to AccessResult object.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/55c26092
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/55c26092
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/55c26092
Branch: refs/heads/stack
Commit: 55c260923b571ae29c7d92641fe8ac59b73a1b9d
Parents: 84382d3
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Wed Jan 21 19:21:43 2015 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Wed Jan 21 19:21:43 2015 -0800
----------------------------------------------------------------------
.../ranger/plugin/audit/RangerAuditHandler.java | 7 ++-
.../plugin/audit/RangerDefaultAuditHandler.java | 53 ++++++++++----------
.../plugin/policyengine/RangerAccessResult.java | 19 +++++--
.../plugin/policyengine/RangerPolicyEngine.java | 7 +--
.../policyengine/RangerPolicyEngineImpl.java | 17 ++++---
.../ranger/plugin/service/RangerBasePlugin.java | 14 +++---
.../plugin/service/RangerBaseService.java | 4 +-
.../ranger/plugin/util/PolicyRefresher.java | 6 +++
8 files changed, 72 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/55c26092/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java b/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java
index 53edc18..45a63c2 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java
@@ -19,14 +19,13 @@
package org.apache.ranger.plugin.audit;
-import java.util.List;
+import java.util.Collection;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
public interface RangerAuditHandler {
- void logAudit(RangerAccessRequest request, RangerAccessResult result);
+ void logAudit(RangerAccessResult result);
- void logAudit(List<RangerAccessRequest> requests, List<RangerAccessResult> results);
+ void logAudit(Collection<RangerAccessResult> results);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/55c26092/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java b/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
index bf55276..82732e7 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
@@ -46,43 +46,45 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler {
}
@Override
- public void logAudit(RangerAccessRequest request, RangerAccessResult result) {
+ public void logAudit(RangerAccessResult result) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + request + ", " + result + ")");
+ LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + result + ")");
}
- Collection<AuthzAuditEvent> events = getAuditEvents(request, result);
+ Collection<AuthzAuditEvent> events = getAuthzEvents(result);
- logAudit(events);
+ logAuthzAudits(events);
if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + request + ", " + result + ")");
+ LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + result + ")");
}
}
@Override
- public void logAudit(List<RangerAccessRequest> requests, List<RangerAccessResult> results) {
+ public void logAudit(Collection<RangerAccessResult> results) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + requests + ", " + results + ")");
+ LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + results + ")");
}
- Collection<AuthzAuditEvent> events = getAuditEvents(requests, results);
+ Collection<AuthzAuditEvent> events = getAuthzEvents(results);
- logAudit(events);
+ logAuthzAudits(events);
if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + requests + ", " + results + ")");
+ LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + results + ")");
}
}
- public Collection<AuthzAuditEvent> getAuditEvents(RangerAccessRequest request, RangerAccessResult result) {
+ public Collection<AuthzAuditEvent> getAuthzEvents(RangerAccessResult result) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultAuditHandler.getAuditEvents(" + request + ", " + result + ")");
+ LOG.debug("==> RangerDefaultAuditHandler.getAuthzEvents(" + result + ")");
}
List<AuthzAuditEvent> ret = null;
+ RangerAccessRequest request = result != null ? result.getAccessRequest() : null;
+
if(request != null && result != null) {
RangerServiceDef serviceDef = result.getServiceDef();
int serviceType = (serviceDef != null && serviceDef.getId() != null) ? serviceDef.getId().intValue() : -1;
@@ -105,6 +107,7 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler {
event.setRepositoryType(serviceType);
event.setResourceType(resourceType);
event.setResourcePath(resourcePath);
+ event.setRequestData(request.getRequestData());
event.setEventTime(request.getAccessTime());
event.setUser(request.getUser());
event.setAccessType(request.getAction());
@@ -126,25 +129,23 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler {
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultAuditHandler.getAuditEvents(" + request + ", " + result + "): " + ret);
+ LOG.debug("<== RangerDefaultAuditHandler.getAuthzEvents(" + result + "): " + ret);
}
return ret;
}
- public Collection<AuthzAuditEvent> getAuditEvents(List<RangerAccessRequest> requests, List<RangerAccessResult> results) {
+ public Collection<AuthzAuditEvent> getAuthzEvents(Collection<RangerAccessResult> results) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultAuditHandler.getAuditEvents(" + requests + ", " + results + ")");
+ LOG.debug("==> RangerDefaultAuditHandler.getAuthzEvents(" + results + ")");
}
List<AuthzAuditEvent> ret = null;
- if(requests != null && results != null) {
- int count = Math.min(requests.size(), results.size());
-
+ if(results != null) {
// TODO: optimize the number of audit logs created
- for(int i = 0; i < count; i++) {
- Collection<AuthzAuditEvent> events = getAuditEvents(requests.get(i), results.get(i));
+ for(RangerAccessResult result : results) {
+ Collection<AuthzAuditEvent> events = getAuthzEvents(result);
if(events == null) {
continue;
@@ -159,7 +160,7 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler {
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultAuditHandler.getAuditEvents(" + requests + ", " + results + "): " + ret);
+ LOG.debug("<== RangerDefaultAuditHandler.getAuthzEvents(" + results + "): " + ret);
}
return ret;
@@ -167,7 +168,7 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler {
public void logAuthzAudit(AuthzAuditEvent auditEvent) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + auditEvent + ")");
+ LOG.debug("==> RangerDefaultAuditHandler.logAuthzAudit(" + auditEvent + ")");
}
if(auditEvent != null) {
@@ -175,13 +176,13 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler {
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + auditEvent + ")");
+ LOG.debug("<== RangerDefaultAuditHandler.logAuthzAudit(" + auditEvent + ")");
}
}
- public void logAudit(Collection<AuthzAuditEvent> auditEvents) {
+ public void logAuthzAudits(Collection<AuthzAuditEvent> auditEvents) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + auditEvents + ")");
+ LOG.debug("==> RangerDefaultAuditHandler.logAuthzAudits(" + auditEvents + ")");
}
if(auditEvents != null) {
@@ -191,7 +192,7 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler {
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + auditEvents + ")");
+ LOG.debug("<== RangerDefaultAuditHandler.logAuthzAudits(" + auditEvents + ")");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/55c26092/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
index ae75fe7..934864e 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
@@ -29,17 +29,19 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
public class RangerAccessResult {
public enum Result { ALLOWED, DENIED, PARTIALLY_ALLOWED };
- private String serviceName = null;
- private RangerServiceDef serviceDef = null;
+ private String serviceName = null;
+ private RangerServiceDef serviceDef = null;
+ private RangerAccessRequest request = null;
private Map<String, ResultDetail> accessTypeResults = null;
- public RangerAccessResult(String serviceName, RangerServiceDef serviceDef) {
- this(serviceName, serviceDef, null);
+ public RangerAccessResult(String serviceName, RangerServiceDef serviceDef, RangerAccessRequest request) {
+ this(serviceName, serviceDef, request, null);
}
- public RangerAccessResult(String serviceName, RangerServiceDef serviceDef, Map<String, ResultDetail> accessTypeResults) {
+ public RangerAccessResult(String serviceName, RangerServiceDef serviceDef, RangerAccessRequest request, Map<String, ResultDetail> accessTypeResults) {
this.serviceName = serviceName;
this.serviceDef = serviceDef;
+ this.request = request;
setAccessTypeResults(accessTypeResults);
}
@@ -59,6 +61,13 @@ public class RangerAccessResult {
}
/**
+ * @return the request
+ */
+ public RangerAccessRequest getAccessRequest() {
+ return request;
+ }
+
+ /**
* @return the accessTypeResults
*/
public Map<String, ResultDetail> getAccessTypeResults() {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/55c26092/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
index 435ffaa..bd58e48 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
@@ -19,6 +19,7 @@
package org.apache.ranger.plugin.policyengine;
+import java.util.Collection;
import java.util.List;
import org.apache.ranger.plugin.audit.RangerAuditHandler;
@@ -36,13 +37,13 @@ public interface RangerPolicyEngine {
RangerAuditHandler getDefaultAuditHandler();
- RangerAccessResult createAccessResult();
+ RangerAccessResult createAccessResult(RangerAccessRequest request);
RangerAccessResult isAccessAllowed(RangerAccessRequest request);
- List<RangerAccessResult> isAccessAllowed(List<RangerAccessRequest> requests);
+ Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests);
RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler);
- List<RangerAccessResult> isAccessAllowed(List<RangerAccessRequest> requests, RangerAuditHandler auditHandler);
+ Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAuditHandler auditHandler);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/55c26092/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index abac54f..ee05351 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -20,6 +20,7 @@
package org.apache.ranger.plugin.policyengine;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.List;
import org.apache.commons.collections.CollectionUtils;
@@ -105,8 +106,8 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
}
@Override
- public RangerAccessResult createAccessResult() {
- return new RangerAccessResult(serviceName, serviceDef);
+ public RangerAccessResult createAccessResult(RangerAccessRequest request) {
+ return new RangerAccessResult(serviceName, serviceDef, request);
}
@Override
@@ -115,7 +116,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
}
@Override
- public List<RangerAccessResult> isAccessAllowed(List<RangerAccessRequest> requests) {
+ public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests) {
return isAccessAllowed(requests, defaultAuditHandler);
}
@@ -128,7 +129,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
RangerAccessResult ret = isAccessAllowedNoAudit(request);
if(auditHandler != null) {
- auditHandler.logAudit(request, ret);
+ auditHandler.logAudit(ret);
}
if(LOG.isDebugEnabled()) {
@@ -139,12 +140,12 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
}
@Override
- public List<RangerAccessResult> isAccessAllowed(List<RangerAccessRequest> requests, RangerAuditHandler auditHandler) {
+ public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAuditHandler auditHandler) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowed(" + requests + ")");
}
- List<RangerAccessResult> ret = new ArrayList<RangerAccessResult>();
+ Collection<RangerAccessResult> ret = new ArrayList<RangerAccessResult>();
if(requests != null) {
for(RangerAccessRequest request : requests) {
@@ -155,7 +156,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
}
if(auditHandler != null) {
- auditHandler.logAudit(requests, ret);
+ auditHandler.logAudit(ret);
}
if(LOG.isDebugEnabled()) {
@@ -170,7 +171,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowedNoAudit(" + request + ")");
}
- RangerAccessResult ret = createAccessResult();
+ RangerAccessResult ret = createAccessResult(request);
if(request != null) {
if(CollectionUtils.isEmpty(request.getAccessTypes())) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/55c26092/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index 6deea8f..16e3cac 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -27,7 +27,7 @@ import org.apache.ranger.plugin.store.ServiceStoreFactory;
import org.apache.ranger.plugin.util.PolicyRefresher;
-public abstract class RangerBasePlugin {
+public class RangerBasePlugin {
private boolean initDone = false;
private PolicyRefresher refresher = null;
@@ -48,7 +48,7 @@ public abstract class RangerBasePlugin {
serviceName = policyDownloadUrl.substring(idx) + 1;
}
}
-
+
if(StringUtils.isEmpty(serviceName)) {
serviceName = RangerConfiguration.getInstance().get("ranger.plugin.service.name", "hbasedev");
}
@@ -56,9 +56,9 @@ public abstract class RangerBasePlugin {
ServiceStore serviceStore = ServiceStoreFactory.instance().getServiceStore();
refresher = new PolicyRefresher(policyEngine, serviceName, serviceStore);
-
- refresher.start();
-
+
+ refresher.startRefresher();
+
initDone = true;
}
}
@@ -66,10 +66,10 @@ public abstract class RangerBasePlugin {
return initDone;
}
-
+
public void cleanup() {
PolicyRefresher refresher = this.refresher;
-
+
if(refresher != null) {
refresher.stopRefresher();
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/55c26092/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java b/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
index b234b46..8eeb439 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
@@ -49,7 +49,7 @@ public abstract class RangerBaseService {
return service;
}
- public abstract void validateConfig();
+ public abstract void validateConfig() throws Exception;
- public abstract List<String> lookupResource(ResourceLookupContext context);
+ public abstract List<String> lookupResource(ResourceLookupContext context) throws Exception;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/55c26092/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
index 146d151..e2eb69e 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
@@ -68,6 +68,12 @@ public class PolicyRefresher extends Thread {
this.pollingIntervalMilliSeconds = pollingIntervalMilliSeconds;
}
+ public void startRefresher() {
+ shutdownFlag = false;
+
+ super.start();
+ }
+
public void stopRefresher() {
shutdownFlag = true;
}