You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/10/28 00:57:48 UTC
incubator-ranger git commit: RANGER-274: updated condition labels
Repository: incubator-ranger
Updated Branches:
refs/heads/tag-policy 5b5e0120f -> 22859f5bc
RANGER-274: updated condition labels
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/22859f5b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/22859f5b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/22859f5b
Branch: refs/heads/tag-policy
Commit: 22859f5bc6d4b1c708162f5e863e4ddafbf1da04
Parents: 5b5e012
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Tue Oct 27 15:55:32 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue Oct 27 16:57:25 2015 -0700
----------------------------------------------------------------------
.../RangerScriptTemplateConditionEvaluator.java | 63 +++++++++-----------
.../service-defs/ranger-servicedef-hive.json | 6 +-
.../service-defs/ranger-servicedef-tag.json | 5 +-
3 files changed, 34 insertions(+), 40 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22859f5b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptTemplateConditionEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptTemplateConditionEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptTemplateConditionEvaluator.java
index 03f96b8..939107e 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptTemplateConditionEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptTemplateConditionEvaluator.java
@@ -24,72 +24,65 @@ import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-import java.util.List;
-import java.util.Map;
public class RangerScriptTemplateConditionEvaluator extends RangerScriptConditionEvaluator {
private static final Log LOG = LogFactory.getLog(RangerScriptTemplateConditionEvaluator.class);
- protected String scriptTemplate;
- protected String script;
+ protected String script = null;
+ private boolean reverseResult = false;
@Override
public void init() {
-
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerScriptTemplateConditionEvaluator.init(" + condition + ")");
}
super.init();
- Map<String, String> evalOptions = conditionDef. getEvaluatorOptions();
+ if(CollectionUtils.isNotEmpty(condition.getValues())) {
+ String expectedScriptReturn = condition.getValues().get(0);
- if (MapUtils.isNotEmpty(evalOptions)) {
- scriptTemplate = evalOptions.get("scriptTemplate");
- }
+ if(StringUtils.isNotBlank(expectedScriptReturn)) {
+ if(StringUtils.equalsIgnoreCase(expectedScriptReturn, "false") || StringUtils.equalsIgnoreCase(expectedScriptReturn, "no")) {
+ reverseResult = true;
+ }
- script = formatScript();
+ script = MapUtils.getString(conditionDef.getEvaluatorOptions(), "scriptTemplate");
+
+ if(script != null) {
+ script = script.trim();
+ }
+ }
+ }
if (LOG.isDebugEnabled()) {
- LOG.debug("<== RangerScriptTemplateConditionEvaluator.init(" + condition + ")");
+ LOG.debug("<== RangerScriptTemplateConditionEvaluator.init(" + condition + "): script=" + script + "; reverseResult=" + reverseResult);
}
}
@Override
- protected String getScript() {
- return script;
- }
-
- private String formatScript() {
-
- String ret = null;
-
+ public boolean isMatched(RangerAccessRequest request) {
if (LOG.isDebugEnabled()) {
- LOG.debug("==> RangerScriptTemplateConditionEvaluator.formatScript()");
+ LOG.debug("==> RangerScriptTemplateConditionEvaluator.isMatched()");
}
- List<String> values = condition.getValues();
-
- if (CollectionUtils.isNotEmpty(values)) {
-
- String value = values.get(0);
- if (StringUtils.isNotBlank(value)) {
+ boolean ret = super.isMatched(request);
- String s = value.trim().toLowerCase();
-
- if (s.equals("no") || s.equals("false")) {
- ret = null;
- } else {
- ret = scriptTemplate == null ? null : scriptTemplate.trim();
- }
- }
+ if(reverseResult) {
+ ret = !ret;
}
if (LOG.isDebugEnabled()) {
- LOG.debug("<== RangerScriptTemplateConditionEvaluator.formatScript(), ret=" + ret);
+ LOG.debug("<== RangerScriptTemplateConditionEvaluator.isMatched(): ret=" + ret);
}
return ret;
}
+
+ @Override
+ protected String getScript() {
+ return script;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22859f5b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
index 53b1926..b966be9 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
@@ -216,10 +216,10 @@
[
{
"itemId":1,
- "name":"not-accessed-together",
- "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerHiveResourcesNotAccessedTogetherCondition",
+ "name":"resources-accessed-together",
+ "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerHiveResourcesAccessedTogetherCondition",
"evaluatorOptions" : {},
- "label":"Not Accessed Together?",
+ "label":"Hive Resources Accessed Together?",
"description": "List of Hive resources"
}
]
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22859f5b/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json
index 40f7b66..3bad222 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json
@@ -63,10 +63,11 @@
[
{
"itemId":1,
- "name":"enforce-expiry",
+ "name":"accessed-after-expiry",
"evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator",
"evaluatorOptions" : { "scriptTemplate":"ctx.isAccessedAfter('expiry_date');" },
- "label":"Accessed after expiry_date?",
+ "uiHint": "{ \"singleValue\":true }",
+ "label":"Accessed after expiry_date (yes/no)?",
"description": "Accessed after expiry_date? (yes/no)"
}
]