You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/03/28 03:00:31 UTC
[1/2] incubator-ranger git commit: RANGER-346: Service-def files
updated to use map for *Options fields, instead of a string with custom format
Repository: incubator-ranger
Updated Branches:
refs/heads/master b1bfbc572 -> f88382b6f
RANGER-346: Service-def files updated to use map for *Options fields, instead of a string with custom format
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ca40e35c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ca40e35c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ca40e35c
Branch: refs/heads/master
Commit: ca40e35c7aa499dd8e87514814b86bb2fe854d73
Parents: b1bfbc5
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Fri Mar 27 17:31:07 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Fri Mar 27 17:31:07 2015 -0700
----------------------------------------------------------------------
.../conditionevaluator/RangerSimpleMatcher.java | 16 ++-
.../RangerAbstractContextEnricher.java | 25 +----
.../ranger/plugin/model/RangerServiceDef.java | 100 +++++++++----------
.../RangerDefaultPolicyEvaluator.java | 2 -
.../RangerPathResourceMatcher.java | 22 ++--
.../service-defs/ranger-servicedef-hbase.json | 14 +--
.../service-defs/ranger-servicedef-hdfs.json | 4 +-
.../service-defs/ranger-servicedef-hive.json | 61 ++---------
.../service-defs/ranger-servicedef-knox.json | 12 +--
.../service-defs/ranger-servicedef-storm.json | 13 ++-
.../service-defs/ranger-servicedef-yarn.json | 19 ++--
.../RangerSimpleMatcherTest.java | 14 ++-
.../RangerDefaultPolicyEvaluatorTest.java | 17 +++-
.../policyengine/test_policyengine_hbase.json | 6 +-
.../policyengine/test_policyengine_hdfs.json | 2 +-
.../policyengine/test_policyengine_hive.json | 8 +-
.../service/RangerServiceDefServiceBase.java | 44 ++++++--
17 files changed, 183 insertions(+), 196 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
index e0bcefc..de4baf4 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
@@ -23,6 +23,7 @@ import java.util.ArrayList;
import java.util.List;
import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
@@ -34,8 +35,11 @@ import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
public class RangerSimpleMatcher implements RangerConditionEvaluator {
private static final Log LOG = LogFactory.getLog(RangerSimpleMatcher.class);
+
+ public static final String CONTEXT_NAME = "CONTEXT_NAME";
+
private boolean _allowAny = false;
- private String ConditionName = null;
+ private String _contextName = null;
private List<String> _values = new ArrayList<String>();
@Override
@@ -53,11 +57,14 @@ public class RangerSimpleMatcher implements RangerConditionEvaluator {
} else if (CollectionUtils.isEmpty(condition.getValues())) {
LOG.debug("init: empty conditions collection on policy condition! Will match always!");
_allowAny = true;
- } else if (StringUtils.isEmpty(conditionDef.getEvaluatorOptions())) {
+ } else if (MapUtils.isEmpty(conditionDef.getEvaluatorOptions())) {
LOG.debug("init: Evaluator options were empty. Can't determine what value to use from context. Will match always.");
_allowAny = true;
+ } else if (StringUtils.isEmpty(conditionDef.getEvaluatorOptions().get(CONTEXT_NAME))) {
+ LOG.debug("init: CONTEXT_NAME is not specified in evaluator options. Can't determine what value to use from context. Will match always.");
+ _allowAny = true;
} else {
- ConditionName = conditionDef.getEvaluatorOptions();
+ _contextName = conditionDef.getEvaluatorOptions().get(CONTEXT_NAME);
for (String value : condition.getValues()) {
_values.add(value);
}
@@ -66,7 +73,6 @@ public class RangerSimpleMatcher implements RangerConditionEvaluator {
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerSimpleMatcher.init(" + condition + "): countries[" + _values + "]");
}
-
}
@Override
@@ -80,7 +86,7 @@ public class RangerSimpleMatcher implements RangerConditionEvaluator {
if (_allowAny) {
LOG.debug("isMatched: allowAny flag is true. Matched!");
} else {
- String requestValue = extractValue(request, ConditionName);
+ String requestValue = extractValue(request, _contextName);
if (requestValue == null) {
LOG.debug("isMatched: couldn't get value from request. Ok. Implicitly matched!");
} else {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
index 3229bd8..af4b560 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
@@ -37,8 +37,7 @@ public abstract class RangerAbstractContextEnricher implements RangerContextEnri
public final static String OPTIONS_SEP = ";";
public final static String OPTION_NV_SEP = "=";
- private String optionsString = null;
- private Map<String, String> options = null;
+ private Map<String, String> options = null;
@Override
public void init(RangerContextEnricherDef enricherDef) {
@@ -46,27 +45,7 @@ public abstract class RangerAbstractContextEnricher implements RangerContextEnri
LOG.debug("==> RangerAbstractContextEnricher.init(" + enricherDef + ")");
}
- this.optionsString = enricherDef.getEnricherOptions();
- options = new HashMap<String, String>();
-
- if(optionsString != null) {
- for(String optionString : optionsString.split(OPTIONS_SEP)) {
- if(StringUtils.isEmpty(optionString)) {
- continue;
- }
-
- String[] nvArr = optionString.split(OPTION_NV_SEP);
-
- String name = (nvArr != null && nvArr.length > 0) ? nvArr[0].trim() : null;
- String value = (nvArr != null && nvArr.length > 1) ? nvArr[1].trim() : null;
-
- if(StringUtils.isEmpty(name)) {
- continue;
- }
-
- options.put(name, value);
- }
- }
+ options = enricherDef.getEnricherOptions();
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerAbstractContextEnricher.init(" + enricherDef + ")");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
index e7d1a1c..62be788 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
@@ -21,7 +21,9 @@ package org.apache.ranger.plugin.model;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
@@ -581,7 +583,6 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
return false;
return true;
}
-
}
@@ -701,7 +702,6 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
return false;
return true;
}
-
}
@@ -1069,38 +1069,37 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
return false;
return true;
}
-
}
public static class RangerResourceDef implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- private String name = null;
- private String type = null;
- private Integer level = null;
- private String parent = null;
- private Boolean mandatory = null;
- private Boolean lookupSupported = null;
- private Boolean recursiveSupported = null;
- private Boolean excludesSupported = null;
- private String matcher = null;
- private String matcherOptions = null;
- private String validationRegEx = null;
- private String validationMessage = null;
- private String uiHint = null;
- private String label = null;
- private String description = null;
- private String rbKeyLabel = null;
- private String rbKeyDescription = null;
- private String rbKeyValidationMessage = null;
+ private String name = null;
+ private String type = null;
+ private Integer level = null;
+ private String parent = null;
+ private Boolean mandatory = null;
+ private Boolean lookupSupported = null;
+ private Boolean recursiveSupported = null;
+ private Boolean excludesSupported = null;
+ private String matcher = null;
+ private Map<String, String> matcherOptions = null;
+ private String validationRegEx = null;
+ private String validationMessage = null;
+ private String uiHint = null;
+ private String label = null;
+ private String description = null;
+ private String rbKeyLabel = null;
+ private String rbKeyDescription = null;
+ private String rbKeyValidationMessage = null;
public RangerResourceDef() {
this(null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null);
}
- public RangerResourceDef(String name, String type, Integer level, String parent, Boolean mandatory, Boolean lookupSupported, Boolean recursiveSupported, Boolean excludesSupported, String matcher, String matcherOptions, String validationRegEx, String validationMessage, String uiHint, String label, String description, String rbKeyLabel, String rbKeyDescription, String rbKeyValidationMessage) {
+ public RangerResourceDef(String name, String type, Integer level, String parent, Boolean mandatory, Boolean lookupSupported, Boolean recursiveSupported, Boolean excludesSupported, String matcher, Map<String, String> matcherOptions, String validationRegEx, String validationMessage, String uiHint, String label, String description, String rbKeyLabel, String rbKeyDescription, String rbKeyValidationMessage) {
setName(name);
setType(type);
setLevel(level);
@@ -1110,7 +1109,7 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
setRecursiveSupported(recursiveSupported);
setExcludesSupported(excludesSupported);
setMatcher(matcher);
- setMatcher(matcherOptions);
+ setMatcherOptions(matcherOptions);
setValidationRegEx(validationRegEx);
setValidationMessage(validationMessage);
setUiHint(uiHint);
@@ -1250,15 +1249,15 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
/**
* @return the matcher
*/
- public String getMatcherOptions() {
+ public Map<String, String> getMatcherOptions() {
return matcherOptions;
}
/**
* @param matcher the matcher to set
*/
- public void setMatcherOptions(String matcherOptions) {
- this.matcherOptions = matcherOptions;
+ public void setMatcherOptions(Map<String, String> matcherOptions) {
+ this.matcherOptions = matcherOptions == null ? new HashMap<String, String>() : matcherOptions;
}
/**
@@ -1731,35 +1730,34 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
return false;
return true;
}
-
}
public static class RangerPolicyConditionDef implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- private String name = null;
- private String evaluator = null;
- private String evaluatorOptions = null;
- private String validationRegEx = null;
- private String validationMessage = null;
- private String uiHint = null;
- private String label = null;
- private String description = null;
- private String rbKeyLabel = null;
- private String rbKeyDescription = null;
- private String rbKeyValidationMessage = null;
+ private String name = null;
+ private String evaluator = null;
+ private Map<String, String> evaluatorOptions = null;
+ private String validationRegEx = null;
+ private String validationMessage = null;
+ private String uiHint = null;
+ private String label = null;
+ private String description = null;
+ private String rbKeyLabel = null;
+ private String rbKeyDescription = null;
+ private String rbKeyValidationMessage = null;
public RangerPolicyConditionDef() {
this(null, null, null, null, null, null, null, null, null, null, null);
}
- public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions) {
+ public RangerPolicyConditionDef(String name, String evaluator, Map<String, String> evaluatorOptions) {
this(name, evaluator, evaluatorOptions, null, null, null, null, null, null, null, null);
}
- public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String validationRegEx, String vaidationMessage, String uiHint, String label, String description, String rbKeyLabel, String rbKeyDescription, String rbKeyValidationMessage) {
+ public RangerPolicyConditionDef(String name, String evaluator, Map<String, String> evaluatorOptions, String validationRegEx, String vaidationMessage, String uiHint, String label, String description, String rbKeyLabel, String rbKeyDescription, String rbKeyValidationMessage) {
setName(name);
setEvaluator(evaluator);
setEvaluatorOptions(evaluatorOptions);
@@ -1804,15 +1802,15 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
/**
* @return the evaluator
*/
- public String getEvaluatorOptions() {
+ public Map<String, String> getEvaluatorOptions() {
return evaluatorOptions;
}
/**
* @param evaluator the evaluator to set
*/
- public void setEvaluatorOptions(String evaluatorOptions) {
- this.evaluatorOptions = evaluatorOptions;
+ public void setEvaluatorOptions(Map<String, String> evaluatorOptions) {
+ this.evaluatorOptions = evaluatorOptions == null ? new HashMap<String, String>() : evaluatorOptions;
}
/**
@@ -2058,22 +2056,21 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
return false;
return true;
}
-
}
public static class RangerContextEnricherDef implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- private String name = null;
- private String enricher = null;
- private String enricherOptions = null;
+ private String name = null;
+ private String enricher = null;
+ private Map<String, String> enricherOptions = null;
public RangerContextEnricherDef() {
this(null, null, null);
}
- public RangerContextEnricherDef(String name, String enricher, String enricherOptions) {
+ public RangerContextEnricherDef(String name, String enricher, Map<String, String> enricherOptions) {
setName(name);
setEnricher(enricher);
setEnricherOptions(enricherOptions);
@@ -2110,15 +2107,15 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
/**
* @return the evaluator
*/
- public String getEnricherOptions() {
+ public Map<String, String> getEnricherOptions() {
return enricherOptions;
}
/**
* @param evaluator the evaluator to set
*/
- public void setEnricherOptions(String enricherOptions) {
- this.enricherOptions = enricherOptions;
+ public void setEnricherOptions(Map<String, String> enricherOptions) {
+ this.enricherOptions = enricherOptions == null ? new HashMap<String, String>() : enricherOptions;
}
@Override
@@ -2180,6 +2177,5 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
return false;
return true;
}
-
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index d5332b2..191b370 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -573,7 +573,6 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
String resName = resourceDef != null ? resourceDef.getName() : null;
String clsName = resourceDef != null ? resourceDef.getMatcher() : null;
- String options = resourceDef != null ? resourceDef.getMatcherOptions() : null;
if(! StringUtils.isEmpty(clsName)) {
try {
@@ -591,7 +590,6 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
}
if(ret != null) {
- ret.initOptions(options);
ret.init(resourceDef, resource);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
index f372294..3640b38 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
@@ -31,11 +31,11 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher {
private static final Log LOG = LogFactory.getLog(RangerPathResourceMatcher.class);
- public static final String OPTION_PATH_SEPERATOR = "pathSeperatorChar";
+ public static final String OPTION_PATH_SEPERATOR = "pathSeparatorChar";
public static final char DEFAULT_PATH_SEPERATOR_CHAR = org.apache.hadoop.fs.Path.SEPARATOR_CHAR;
private boolean policyIsRecursive = false;
- private char pathSeperatorChar = DEFAULT_PATH_SEPERATOR_CHAR;
+ private char pathSeparatorChar = DEFAULT_PATH_SEPERATOR_CHAR;
@Override
public void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource) {
@@ -44,7 +44,7 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher {
}
policyIsRecursive = policyResource == null ? false : policyResource.getIsRecursive();
- pathSeperatorChar = getCharOption(OPTION_PATH_SEPERATOR, DEFAULT_PATH_SEPERATOR_CHAR);
+ pathSeparatorChar = getCharOption(OPTION_PATH_SEPERATOR, DEFAULT_PATH_SEPERATOR_CHAR);
super.init(resourceDef, policyResource);
@@ -69,7 +69,7 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher {
for(String policyValue : policyValues) {
if(policyIsRecursive) {
if(optWildCard) {
- ret = isRecursiveWildCardMatch(resource, policyValue, pathSeperatorChar) ;
+ ret = isRecursiveWildCardMatch(resource, policyValue, pathSeparatorChar) ;
} else {
ret = StringUtils.startsWith(resource, policyValue);
}
@@ -100,9 +100,9 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher {
return ret;
}
- private boolean isRecursiveWildCardMatch(String pathToCheck, String wildcardPath, char pathSeperatorChar) {
+ private boolean isRecursiveWildCardMatch(String pathToCheck, String wildcardPath, char pathSeparatorChar) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + ", " + pathSeperatorChar + ")");
+ LOG.debug("==> RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + ", " + pathSeparatorChar + ")");
}
boolean ret = false;
@@ -110,11 +110,11 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher {
if (! StringUtils.isEmpty(pathToCheck)) {
StringBuilder sb = new StringBuilder();
- if(pathToCheck.charAt(0) == pathSeperatorChar) {
- sb.append(pathSeperatorChar); // preserve the initial seperator
+ if(pathToCheck.charAt(0) == pathSeparatorChar) {
+ sb.append(pathSeparatorChar); // preserve the initial seperator
}
- for(String p : StringUtils.split(pathToCheck, pathSeperatorChar)) {
+ for(String p : StringUtils.split(pathToCheck, pathSeparatorChar)) {
sb.append(p);
boolean matchFound = FilenameUtils.wildcardMatch(sb.toString(), wildcardPath) ;
@@ -125,14 +125,14 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher {
break;
}
- sb.append(pathSeperatorChar) ;
+ sb.append(pathSeparatorChar) ;
}
sb = null;
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + ", " + pathSeperatorChar + "): " + ret);
+ LOG.debug("<== RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + ", " + pathSeparatorChar + "): " + ret);
}
return ret;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
index 0376189..e611895 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
@@ -13,14 +13,14 @@
{
"name": "table",
"type": "string",
- "level": 1,
+ "level": 10,
"parent": "",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": "wildCard=true;ignoreCase=true",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
@@ -31,14 +31,14 @@
{
"name": "column-family",
"type": "string",
- "level": 2,
+ "level": 20,
"parent": "table",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": "wildCard=true;ignoreCase=true",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
@@ -49,14 +49,14 @@
{
"name": "column",
"type": "string",
- "level": 3,
+ "level": 30,
"parent": "column-family",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": "wildCard=true;ignoreCase=true",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
@@ -222,4 +222,4 @@
[
]
-}
\ No newline at end of file
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
index 925cc77..b279f0c 100755
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
@@ -13,14 +13,14 @@
{
"name": "path",
"type": "path",
- "level": 1,
+ "level": 10,
"parent": "",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": true,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions": "wildCard=true;ignoreCase=true",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
index 704ae60..aabc73b 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
@@ -13,14 +13,14 @@
{
"name": "database",
"type": "string",
- "level": 1,
+ "level": 10,
"parent": "",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": "wildCard=true;ignoreCase=true",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
@@ -31,14 +31,14 @@
{
"name": "table",
"type": "string",
- "level": 2,
+ "level": 20,
"parent": "database",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": "wildCard=true;ignoreCase=true",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
@@ -49,14 +49,14 @@
{
"name": "udf",
"type": "string",
- "level": 2,
+ "level": 20,
"parent": "database",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": "wildCard=true;ignoreCase=true",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
@@ -67,14 +67,14 @@
{
"name": "column",
"type": "string",
- "level": 3,
+ "level": 30,
"parent": "table",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": "wildCard=true;ignoreCase=true",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
@@ -186,52 +186,9 @@
"contextEnrichers":
[
- {
- "name": "country-provider",
- "enricher": "org.apache.ranger.plugin.contextenricher.RangerCountryProvider",
- "enricherOptions": "contextName=COUNTRY;dataFile=/etc/ranger/data/userCountry.properties"
- },
-
- {
- "name": "project-provider",
- "enricher": "org.apache.ranger.plugin.contextenricher.RangerProjectProvider",
- "enricherOptions": "contextName=PROJECT;dataFile=/etc/ranger/data/userProject.properties"
- }
],
"policyConditions":
[
- {
- "name": "country",
- "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerSimpleMatcher",
- "evaluatorOptions": "COUNTRY",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Countries",
- "description": "Countries"
- },
-
- {
- "name": "project",
- "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerSimpleMatcher",
- "evaluatorOptions": "PROJECT",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Projects",
- "description": "Projects"
- },
-
- {
- "name": "timeOfDay",
- "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerTimeOfDayMatcher",
- "evaluatorOptions": "",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Time of Day",
- "description": "Time of Day"
- }
]
-}
\ No newline at end of file
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
index 947b109..0174e96 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
@@ -13,14 +13,14 @@
{
"name": "topology",
"type": "string",
- "level": 1,
+ "level": 10,
"parent": "",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": "wildCard=true;ignoreCase=true",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
@@ -31,14 +31,14 @@
{
"name": "service",
"type": "string",
- "level": 2,
+ "level": 20,
"parent": "topology",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": "wildCard=true;ignoreCase=true",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
@@ -113,7 +113,7 @@
{
"name": "ip-range",
"evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
- "evaluatorOptions": "",
+ "evaluatorOptions": { },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
@@ -121,4 +121,4 @@
"description": "IP Address Range"
}
]
-}
\ No newline at end of file
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
index 506c9d3..bcc4394 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
@@ -13,13 +13,13 @@
{
"name": "topology",
"type": "string",
- "level": 1,
+ "level": 10,
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": "wildCard=true;ignoreCase=true",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
@@ -32,7 +32,12 @@
[
{
"name": "submitTopology",
- "label": "Submit Topology"
+ "label": "Submit Topology",
+ "impliedGrants":
+ [
+ "fileUpload",
+ "fileDownload"
+ ]
},
{
@@ -159,4 +164,4 @@
[
]
-}
\ No newline at end of file
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json
index a28ea50..8af8f9d 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json
@@ -13,12 +13,12 @@
{
"name": "queue",
"type": "string",
- "level": 1,
+ "level": 10,
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions": "wildCard=true;ignoreCase=true;pathSeperatorChar=.",
+ "matcherOptions": { "wildCard":true, "ignoreCase":true, "pathSeparatorChar":"." },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
@@ -36,12 +36,11 @@
{
"name": "admin-queue",
- "label": "admin-queue"
- },
-
- {
- "name": "admin",
- "label": "admin"
+ "label": "admin-queue",
+ "impliedGrants":
+ [
+ "submit-app"
+ ]
}
],
@@ -104,7 +103,7 @@
{
"name": "ip-range",
"evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
- "evaluatorOptions": "",
+ "evaluatorOptions": { },
"validationRegEx":"",
"validationMessage": "",
"uiHint":"",
@@ -112,4 +111,4 @@
"description": "IP Address Range"
}
]
-}
\ No newline at end of file
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
index 4bd2a43..99c8df0 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
@@ -38,7 +38,12 @@ import org.junit.Test;
public class RangerSimpleMatcherTest {
- final String _conditionOption = "key1";
+ final Map<String, String> _conditionOptions = new HashMap<String, String>();
+
+ {
+ _conditionOptions.put(RangerSimpleMatcher.CONTEXT_NAME, RangerSimpleMatcher.CONTEXT_NAME);
+ }
+
@Test
public void testIsMatched_happyPath() {
// this documents some unexpected behavior of the ip matcher
@@ -89,7 +94,7 @@ public class RangerSimpleMatcherTest {
assertTrue(matcher.isMatched(request));
// If evaluator option on the condition def is non-null then it starts to evaluate for real
- when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOption);
+ when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
matcher.init(conditionDef, policyItemCondition);
assertTrue(matcher.isMatched(request));
}
@@ -105,7 +110,8 @@ public class RangerSimpleMatcherTest {
when(condition.getValues()).thenReturn(addresses);
RangerPolicyConditionDef conditionDef = mock(RangerPolicyConditionDef.class);
- when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOption);
+
+ when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
matcher.init(conditionDef, condition);
}
@@ -114,7 +120,7 @@ public class RangerSimpleMatcherTest {
RangerAccessRequest createRequest(String value) {
Map<String, Object> context = new HashMap<String, Object>();
- context.put(_conditionOption, value);
+ context.put(RangerSimpleMatcher.CONTEXT_NAME, value);
RangerAccessRequest request = mock(RangerAccessRequest.class);
when(request.getContext()).thenReturn(context);
return request;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java
index 9efbcaf..88e668e 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java
@@ -98,7 +98,11 @@ public class RangerDefaultPolicyEvaluatorTest {
// if service has a condition then sensible answer should come back
RangerPolicyConditionDef aConditionDef = getMockPolicyConditionDef("type1", "com.company.SomeEvaluator", null);
- RangerPolicyConditionDef anotherConditionDef = getMockPolicyConditionDef("type2", "com.company.AnotherEvaluator", "key1");
+
+ Map<String, String> evaluatorOptions = new HashMap<String, String>();
+ evaluatorOptions.put("key1", "key1");
+
+ RangerPolicyConditionDef anotherConditionDef = getMockPolicyConditionDef("type2", "com.company.AnotherEvaluator", evaluatorOptions);
List<RangerPolicyConditionDef> conditionDefs = Lists.newArrayList(aConditionDef, anotherConditionDef);
serviceDef = getMockServiceDef(conditionDefs);
@@ -344,18 +348,23 @@ public class RangerDefaultPolicyEvaluatorTest {
RangerPolicyConditionDef aCondition = mock(RangerPolicyConditionDef.class);
when(aCondition.getName()).thenReturn(anEntry.getKey());
when(aCondition.getEvaluator()).thenReturn(anEntry.getValue()[0]);
- when(aCondition.getEvaluatorOptions()).thenReturn(anEntry.getValue()[1]);
+
+ Map<String, String> evaluatorOptions = new HashMap<String, String>();
+ evaluatorOptions.put(anEntry.getValue()[1], anEntry.getValue()[1]);
+
+ when(aCondition.getEvaluatorOptions()).thenReturn(evaluatorOptions);
+
conditions.add(aCondition);
}
return conditions;
}
- RangerPolicyConditionDef getMockPolicyConditionDef(String name, String evaluatorClassName, String evaluatorOption) {
+ RangerPolicyConditionDef getMockPolicyConditionDef(String name, String evaluatorClassName, Map<String, String> evaluatorOptions) {
// null policy condition def collection should behave sensibly
RangerPolicyConditionDef aCondition = mock(RangerPolicyConditionDef.class);
when(aCondition.getName()).thenReturn(name);
when(aCondition.getEvaluator()).thenReturn(evaluatorClassName);
- when(aCondition.getEvaluatorOptions()).thenReturn(evaluatorOption);
+ when(aCondition.getEvaluatorOptions()).thenReturn(evaluatorOptions);
return aCondition;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json b/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json
index 35768cb..338d4cf 100644
--- a/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json
+++ b/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json
@@ -5,9 +5,9 @@
"name":"hbase",
"id":2,
"resources":[
- {"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"},
- {"name":"column-family","level":2,"table":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-Family","description":"HBase Column-Family"},
- {"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"}
+ {"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"HBase Table","description":"HBase Table"},
+ {"name":"column-family","level":2,"table":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"HBase Column-Family","description":"HBase Column-Family"},
+ {"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"HBase Column","description":"HBase Column"}
],
"accessTypes":[
{"name":"read","label":"Read"},
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
index 2acf868..eed71be 100644
--- a/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
+++ b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
@@ -5,7 +5,7 @@
"name":"hdfs",
"id":1,
"resources":[
- {"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Resource Path","description":"HDFS file or directory path"}
+ {"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Resource Path","description":"HDFS file or directory path"}
],
"accessTypes":[
{"name":"read","label":"Read"},
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/test/resources/policyengine/test_policyengine_hive.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hive.json b/agents-common/src/test/resources/policyengine/test_policyengine_hive.json
index 2ac90ae..8ca7071 100644
--- a/agents-common/src/test/resources/policyengine/test_policyengine_hive.json
+++ b/agents-common/src/test/resources/policyengine/test_policyengine_hive.json
@@ -5,10 +5,10 @@
"name":"hive",
"id":3,
"resources":[
- {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"},
- {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"},
- {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"},
- {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"}
+ {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Database","description":"Hive Database"},
+ {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Table","description":"Hive Table"},
+ {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive UDF","description":"Hive UDF"},
+ {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Column","description":"Hive Column"}
],
"accessTypes":[
{"name":"select","label":"Select"},
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
index afaf2cb..7754077 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
@@ -2,12 +2,14 @@ package org.apache.ranger.service;
import java.util.ArrayList;
import java.util.List;
+import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.GUIDUtil;
+import org.apache.ranger.common.JSONUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.entity.XXAccessTypeDef;
import org.apache.ranger.entity.XXContextEnricherDef;
@@ -36,6 +38,9 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte
@Autowired
RangerAuditFields<XXDBBase> rangerAuditFields;
+
+ @Autowired
+ JSONUtil jsonUtil;
@SuppressWarnings("unchecked")
@Override
@@ -128,7 +133,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte
xObj.setRecursivesupported(vObj.getRecursiveSupported());
xObj.setExcludessupported(vObj.getExcludesSupported());
xObj.setMatcher(vObj.getMatcher());
- xObj.setMatcheroptions(vObj.getMatcherOptions());
+ xObj.setMatcheroptions(mapToJsonString(vObj.getMatcherOptions()));
xObj.setValidationRegEx(vObj.getValidationRegEx());
xObj.setValidationMessage(vObj.getValidationMessage());
xObj.setUiHint(vObj.getUiHint());
@@ -151,7 +156,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte
vObj.setRecursiveSupported(xObj.getRecursivesupported());
vObj.setExcludesSupported(xObj.getExcludessupported());
vObj.setMatcher(xObj.getMatcher());
- vObj.setMatcherOptions(xObj.getMatcheroptions());
+ vObj.setMatcherOptions(jsonStringToMap(xObj.getMatcheroptions()));
vObj.setValidationRegEx(xObj.getValidationRegEx());
vObj.setValidationMessage(xObj.getValidationMessage());
vObj.setUiHint(xObj.getUiHint());
@@ -202,7 +207,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte
xObj.setDefid(serviceDef.getId());
xObj.setName(vObj.getName());
xObj.setEvaluator(vObj.getEvaluator());
- xObj.setEvaluatoroptions(vObj.getEvaluatorOptions());
+ xObj.setEvaluatoroptions(mapToJsonString(vObj.getEvaluatorOptions()));
xObj.setValidationRegEx(vObj.getValidationRegEx());
xObj.setValidationMessage(vObj.getValidationMessage());
xObj.setUiHint(vObj.getUiHint());
@@ -219,7 +224,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte
RangerPolicyConditionDef vObj = new RangerPolicyConditionDef();
vObj.setName(xObj.getName());
vObj.setEvaluator(xObj.getEvaluator());
- vObj.setEvaluatorOptions(xObj.getEvaluatoroptions());
+ vObj.setEvaluatorOptions(jsonStringToMap(xObj.getEvaluatoroptions()));
vObj.setValidationRegEx(xObj.getValidationRegEx());
vObj.setValidationMessage(xObj.getValidationMessage());
vObj.setUiHint(xObj.getUiHint());
@@ -240,7 +245,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte
xObj.setDefid(serviceDef.getId());
xObj.setName(vObj.getName());
xObj.setEnricher(vObj.getEnricher());
- xObj.setEnricherOptions(vObj.getEnricherOptions());
+ xObj.setEnricherOptions(mapToJsonString(vObj.getEnricherOptions()));
xObj.setOrder(AppConstants.DEFAULT_SORT_ORDER);
return xObj;
}
@@ -249,7 +254,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte
RangerContextEnricherDef vObj = new RangerContextEnricherDef();
vObj.setName(xObj.getName());
vObj.setEnricher(xObj.getEnricher());
- vObj.setEnricherOptions(xObj.getEnricherOptions());
+ vObj.setEnricherOptions(jsonStringToMap(xObj.getEnricherOptions()));
return vObj;
}
@@ -319,4 +324,31 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte
return retList;
}
+ private String mapToJsonString(Map<String, String> map) {
+ String ret = null;
+
+ if(map != null) {
+ try {
+ ret = jsonUtil.readMapToString(map);
+ } catch(Exception excp) {
+ LOG.warn("mapToJsonString() failed to convert map: " + map, excp);
+ }
+ }
+
+ return ret;
+ }
+
+ private Map<String, String> jsonStringToMap(String jsonStr) {
+ Map<String, String> ret = null;
+
+ if(jsonStr != null) {
+ try {
+ ret = jsonUtil.jsonToMap(jsonStr);
+ } catch(Exception excp) {
+ LOG.warn("jsonStringToMap() failed to convert string: " + jsonStr, excp);
+ }
+ }
+
+ return ret;
+ }
}
[2/2] incubator-ranger git commit: RANGER-346: Service-def files
updated to use map for *Options fields, instead of a string with custom format
Posted by ma...@apache.org.
RANGER-346: Service-def files updated to use map for *Options fields, instead of a string with custom format
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f88382b6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f88382b6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f88382b6
Branch: refs/heads/master
Commit: f88382b6f11f4317fcf5cba77025f14e1f647231
Parents: ca40e35
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Fri Mar 27 18:50:11 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Fri Mar 27 18:50:11 2015 -0700
----------------------------------------------------------------------
.../RangerAbstractContextEnricher.java | 3 ---
.../RangerSimpleMatcherTest.java | 2 +-
.../service/RangerServiceDefServiceBase.java | 25 ++++++++++++++++++--
3 files changed, 24 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f88382b6/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
index af4b560..f14360d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
@@ -34,9 +34,6 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
public abstract class RangerAbstractContextEnricher implements RangerContextEnricher {
private static final Log LOG = LogFactory.getLog(RangerAbstractContextEnricher.class);
- public final static String OPTIONS_SEP = ";";
- public final static String OPTION_NV_SEP = "=";
-
private Map<String, String> options = null;
@Override
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f88382b6/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
index 99c8df0..7ce9cf3 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
@@ -39,7 +39,7 @@ import org.junit.Test;
public class RangerSimpleMatcherTest {
final Map<String, String> _conditionOptions = new HashMap<String, String>();
-
+
{
_conditionOptions.put(RangerSimpleMatcher.CONTEXT_NAME, RangerSimpleMatcher.CONTEXT_NAME);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f88382b6/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
index 7754077..48fd7f8 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
@@ -1,6 +1,7 @@
package org.apache.ranger.service;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -341,11 +342,31 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte
private Map<String, String> jsonStringToMap(String jsonStr) {
Map<String, String> ret = null;
- if(jsonStr != null) {
+ if(!StringUtils.isEmpty(jsonStr)) {
try {
ret = jsonUtil.jsonToMap(jsonStr);
} catch(Exception excp) {
- LOG.warn("jsonStringToMap() failed to convert string: " + jsonStr, excp);
+ // fallback to earlier format: "name1=value1;name2=value2"
+ for(String optionString : jsonStr.split(";")) {
+ if(StringUtils.isEmpty(optionString)) {
+ continue;
+ }
+
+ String[] nvArr = optionString.split("=");
+
+ String name = (nvArr != null && nvArr.length > 0) ? nvArr[0].trim() : null;
+ String value = (nvArr != null && nvArr.length > 1) ? nvArr[1].trim() : null;
+
+ if(StringUtils.isEmpty(name)) {
+ continue;
+ }
+
+ if(ret == null) {
+ ret = new HashMap<String, String>();
+ }
+
+ ret.put(name, value);
+ }
}
}