hawq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From esp...@apache.org
Subject [30/50] [abbrv] incubator-hawq git commit: HAWQ-1203. Ranger Plugin Service Implementation. (with contributions by Lav Jain and Leslie Chang) (close #1092)
Date Fri, 03 Feb 2017 09:00:32 GMT
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/pom.xml b/ranger-plugin/pom.xml
new file mode 100644
index 0000000..20d3112
--- /dev/null
+++ b/ranger-plugin/pom.xml
@@ -0,0 +1,248 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.apache.hawq</groupId>
+    <artifactId>ranger-plugin</artifactId>
+    <version>2.1.0.0</version>
+    <packaging>pom</packaging>
+    <name>HAWQ Ranger Plugin</name>
+    <description>HAWQ Ranger Plugin</description>
+
+    <modules>
+        <module>admin-plugin</module>
+        <module>service</module>
+    </modules>
+
+    <properties>
+        <jackson.version>1.9</jackson.version>
+        <release.version>1</release.version>
+        <postgresql.version>9.1-901-1.jdbc4</postgresql.version>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <build>
+        <testResources>
+            <testResource>
+                <directory>src/test/resources</directory>
+                <includes>
+                    <include>**/*</include>
+                </includes>
+                <filtering>true</filtering>
+            </testResource>
+        </testResources>
+        <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>rpm-maven-plugin</artifactId>
+                <version>2.0.1</version>
+                <inherited>false</inherited>
+                <executions>
+                    <execution>
+                        <inherited>false</inherited>
+                        <phase>install</phase>
+                        <goals>
+                            <goal>rpm</goal>
+                        </goals>
+                    </execution>
+                </executions>
+
+                <configuration>
+                    <copyright>ASL 2.0</copyright>
+                    <group>org.apache.hawq.ranger</group>
+                    <defaultUsername>gpadmin</defaultUsername>
+                    <defaultGroupname>gpadmin</defaultGroupname>
+                    <description>
+                        HAWQ Ranger plugin.
+                    </description>
+                    <release>${release.version}</release>
+                    <requires>
+                        <require>bigtop-tomcat</require>
+                        <require>hawq_${hawq.name.version} &gt;= ${project.version}</require>
+                    </requires>
+                    <mappings>
+                        <mapping>
+                            <directory>/usr/local/hawq_${hawq.name.version}/ranger/bin</directory>
+                            <filemode>755</filemode>
+                            <sources>
+                                <source>
+                                    <location>scripts</location>
+                                </source>
+                            </sources>
+                        </mapping>
+                        <mapping>
+                            <directory>/usr/local/hawq_${hawq.name.version}/ranger/lib</directory>
+                            <sources>
+                                <source>
+                                    <location>admin-plugin/target/ranger-plugin-admin-${project.version}.jar</location>
+                                </source>
+                                <source>
+                                    <location>admin-plugin/target/lib/postgresql-${postgresql.version}.jar</location>
+                                </source>
+                            </sources>
+                        </mapping>
+                        <mapping>
+                            <directory>/usr/local/hawq_${hawq.name.version}/ranger/etc</directory>
+                            <sources>
+                                <source>
+                                    <location>conf/ranger-servicedef-hawq.json</location>
+                                </source>
+                            </sources>
+                        </mapping>
+                        <mapping>
+                            <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service</directory>
+                        </mapping>
+                        <mapping>
+                            <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/bin</directory>
+                        </mapping>
+                        <mapping>
+                            <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/logs</directory>
+                        </mapping>
+                        <mapping>
+                            <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/temp</directory>
+                        </mapping>
+                        <mapping>
+                            <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/work</directory>
+                        </mapping>
+                        <mapping>
+                            <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/webapps</directory>
+                            <sources>
+                                <source>
+                                    <location>service/target/ranger-plugin-service-${project.version}.war</location>
+                                    <destination>rps.war</destination>
+                                </source>
+                            </sources>
+                        </mapping>
+                        <mapping>
+                            <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/conf</directory>
+                            <sources>
+                                <source>
+                                    <location>conf/tomcat-server.xml</location>
+                                </source>
+                            </sources>
+                        </mapping>
+                    </mappings>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <version>1.7</version>
+                <executions>
+                    <execution>
+                        <id>regex-property</id>
+                        <goals>
+                            <goal>regex-property</goal>
+                        </goals>
+                        <configuration>
+                            <name>hawq.name.version</name>
+                            <value>${project.version}</value>
+                            <regex>^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)?$</regex>
+                            <replacement>$1_$2_$3_$4</replacement>
+                            <failIfNoMatch>true</failIfNoMatch>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.1</version>
+                <configuration>
+                    <source>1.7</source>
+                    <target>1.7</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.apache.ranger</groupId>
+                <artifactId>ranger-plugins-common</artifactId>
+                <version>0.6.0</version>
+            </dependency>
+            <dependency>
+                <groupId>log4j</groupId>
+                <artifactId>log4j</artifactId>
+                <version>1.2.17</version>
+            </dependency>
+            <dependency>
+                <groupId>commons-logging</groupId>
+                <artifactId>commons-logging</artifactId>
+                <version>1.2</version>
+            </dependency>
+            <dependency>
+                <groupId>postgresql</groupId>
+                <artifactId>postgresql</artifactId>
+                <version>${postgresql.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.codehaus.jackson</groupId>
+                <artifactId>jackson-xc</artifactId>
+                <version>1.9.13</version>
+            </dependency>
+            <dependency>
+              <groupId>com.google.guava</groupId>
+              <artifactId>guava</artifactId>
+              <version>11.0.2</version>
+            </dependency>
+            <dependency>
+                <groupId>javax.servlet</groupId>
+                <artifactId>servlet-api</artifactId>
+                <version>2.5</version>
+                <scope>provided</scope>
+            </dependency>
+            <dependency>
+                <groupId>javax.servlet.jsp</groupId>
+                <artifactId>jsp-api</artifactId>
+                <version>2.1</version>
+                <scope>provided</scope>
+            </dependency>
+            <dependency>
+                <groupId>junit</groupId>
+                <artifactId>junit</artifactId>
+                <version>4.12</version>
+                <scope>test</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.mockito</groupId>
+                <artifactId>mockito-core</artifactId>
+                <version>1.10.19</version>
+                <scope>test</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.powermock</groupId>
+                <artifactId>powermock-module-junit4</artifactId>
+                <version>1.6.5</version>
+                <scope>test</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.powermock</groupId>
+                <artifactId>powermock-api-mockito</artifactId>
+                <version>1.6.5</version>
+                <scope>test</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+</project>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/scripts/register_hawq.sh
----------------------------------------------------------------------
diff --git a/ranger-plugin/scripts/register_hawq.sh b/ranger-plugin/scripts/register_hawq.sh
new file mode 100755
index 0000000..11e2df8
--- /dev/null
+++ b/ranger-plugin/scripts/register_hawq.sh
@@ -0,0 +1,217 @@
+#!/usr/bin/env bash
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+function usage() {
+  echo "USAGE: register_hawq.sh -r ranger_host:ranger_port -u ranger_user -p ranger_password -h hawq_host:hawq_port -w hawq_user -q hawq_password"
+  exit 1
+}
+
+function fail() {
+  echo "ERROR: $1"
+  exit 1
+}
+
+function mask() {
+  printf -v stars '%*s' ${#1} ''
+  echo "[${stars// /*}]"
+}
+
+function read_value() {
+  local input
+  read -p "Enter value for $1 : " input
+  echo $input
+}
+
+function read_password() {
+  local input
+  read -s -p "Enter value for $1 : " input
+  echo $input
+}
+
+function get_ranger_url() {
+  while [[ -z "$RANGER_URL" ]]
+  do
+    RANGER_URL=$(read_value "Ranger Admin host and port (e.g. abc.com:6080)")
+  done
+  local prefix="http://"
+  RANGER_URL=${RANGER_URL#$prefix}
+}
+
+function get_ranger_user() {
+  while [[ -z "$RANGER_USER" ]]
+  do
+    RANGER_USER=$(read_value "Ranger Admin user name")
+  done
+}
+
+function get_ranger_password() {
+  while [[ -z "$RANGER_PASSWORD" ]]
+  do
+    RANGER_PASSWORD=$(read_password "Ranger Admin password")
+    echo
+  done
+}
+
+function get_hawq_url() {
+  #todo read hawq-site.xml ?
+  local default=`hostname -f`
+  default="${default}:5432"
+  while [[ -z "$HAWQ_URL" ]]
+  do
+    HAWQ_URL=$(read_value "HAWQ Master host and port [${default}]")
+  done
+  local prefix="http://"
+  HAWQ_URL=${HAWQ_URL#$prefix}
+  local parts=(${HAWQ_URL//:/ })
+  if [ ${#parts[@]} != 2 ]; then
+    fail "Incorrect value for HAWQ Master host and port."
+  fi
+  HAWQ_HOST=${parts[0]}
+  HAWQ_PORT=${parts[1]}
+}
+
+function get_hawq_user() {
+  local default="gpadmin"
+  while [[ -z "$HAWQ_USER" ]]
+  do
+    HAWQ_USER=$(read_value "HAWQ user name [${default}]")
+  done
+}
+
+function get_hawq_password() {
+  while [[ -z "$HAWQ_PASSWORD" ]]
+  do
+    HAWQ_PASSWORD=$(read_password "HAWQ password")
+    echo
+  done
+}
+
+function parse_params() {
+  while [[ $# -gt 0 ]] 
+  do
+    key="$1"
+    case $key in
+      -r)
+        RANGER_URL="$2"
+        shift
+        ;;
+      -u)
+        RANGER_USER="$2"
+        shift
+        ;;
+      -p)
+        RANGER_PASSWORD="$2"
+        shift
+        ;;
+      -h)
+        HAWQ_URL="$2"
+        shift
+        ;;
+      -w)
+        HAWQ_USER="$2"
+        shift
+        ;;
+      -q)
+        HAWQ_PASSWORD="$2"
+        shift
+        ;;
+      *)
+        usage
+        ;;
+    esac
+    shift
+  done
+}
+
+function validate_params() {
+  get_ranger_url
+  get_ranger_user
+  get_ranger_password
+  get_hawq_url
+  get_hawq_user
+  get_hawq_password
+  echo "RANGER URL  = ${RANGER_URL}" 
+  echo "RANGER User = ${RANGER_USER}" 
+  echo "RANGER Password = $(mask ${RANGER_PASSWORD})" 
+  echo "HAWQ HOST = ${HAWQ_HOST}"
+  echo "HAWQ PORT = ${HAWQ_PORT}"  
+  echo "HAWQ User = ${HAWQ_USER}" 
+  echo "HAWQ Password = $(mask ${HAWQ_PASSWORD})" 
+}
+
+function check_hawq_service_definition() {
+  echo $(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} http://${RANGER_URL}/service/public/v2/api/servicedef/name/hawq | grep hawq | wc -l)
+}
+
+function create_hawq_service_definition() {
+  if [ $(check_hawq_service_definition) == 0 ]; then
+    local json_file="$(dirname ${SCRIPT_DIR})/etc/ranger-servicedef-hawq.json"
+    if [ ! -f ${json_file} ]; then
+      fail "File ${json_file} not found."
+    fi
+    echo "HAWQ service definition was not found in Ranger Admin, creating it by uploading ${json_file}"
+    local output=$(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} -H "Content-Type: application/json" -X POST http://${RANGER_URL}/service/plugins/definitions -d @${json_file})
+    local created=$(echo ${output} | grep created | wc -l)
+    if [ ${created} == 0 ] || [ $(check_hawq_service_definition) == 0 ]; then
+      fail "Creation of HAWQ service definition from ${json_file} in Ranger Admin at ${RANGER_URL} failed. ${output}"
+    fi
+  else
+    echo "HAWQ service definition already exists in Ranger Admin, nothing to do." 
+  fi
+}
+
+function check_hawq_service_instance() {
+  echo $(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} http://${RANGER_URL}/service/public/v2/api/service/name/hawq | grep hawq | wc -l)
+}
+
+function create_hawq_service_instance() {
+  if [ $(check_hawq_service_instance) == 0 ]; then
+    local payload="{\"name\":\"hawq\",
+                    \"type\":\"hawq\",
+                    \"description\":\"HAWQ Master\",
+                    \"isEnabled\":true,
+                    \"configs\":{\"username\":\"${HAWQ_USER}\",
+                               \"password\":\"${HAWQ_PASSWORD}\",
+                               \"hostname\":\"${HAWQ_HOST}\",
+                               \"port\":\"${HAWQ_PORT}\"}}"
+
+    echo "HAWQ service instance was not found in Ranger Admin, creating it."
+    local output=$(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} -H "Content-Type: application/json" -X POST http://${RANGER_URL}/service/public/v2/api/service -d "${payload}")
+    local created=$(echo ${output} | grep created | wc -l)
+    if [ ${created} == 0 ] || [ $(check_hawq_service_instance) == 0 ]; then
+      fail "Creation of HAWQ service instance in Ranger Admin at ${RANGER_URL} failed. ${output}"
+    fi
+  else
+    echo "HAWQ service instance already exists in Ranger Admin, nothing to do."
+  fi
+}
+
+main() {
+  if [[ $# -lt 1 ]]; then
+    usage
+  fi
+  SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+  parse_params "$@"
+  validate_params
+  create_hawq_service_definition
+  create_hawq_service_instance
+}
+main "$@"

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/scripts/rps.sh
----------------------------------------------------------------------
diff --git a/ranger-plugin/scripts/rps.sh b/ranger-plugin/scripts/rps.sh
new file mode 100755
index 0000000..e8ccf3a
--- /dev/null
+++ b/ranger-plugin/scripts/rps.sh
@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+if [ $# -le 0 ]; then
+  echo "Usage: rps (start|stop|init) [<catalina-args...>]"
+  exit 1
+fi
+
+actionCmd=$1
+shift
+
+CWDIR=$( cd $( dirname ${BASH_SOURCE[0]} ) && pwd )
+source $CWDIR/rps_env.sh
+
+setup_rps() {
+  echo "Initializing Hawq Ranger Plugin Service..."
+  cp $CATALINA_HOME/conf.template/* $CATALINA_BASE/conf
+  cp $CATALINA_BASE/conf/tomcat-server.xml $CATALINA_BASE/conf/server.xml
+  pushd $CATALINA_BASE/webapps >/dev/null
+  unzip -d rps rps.war >/dev/null
+  find . -name ranger-hawq-security.xml | xargs sed -i \
+    "s/localhost:6080/$RANGER_ADMIN_HOST:$RANGER_ADMIN_PORT/g"
+  popd >/dev/null
+  echo "Hawq Ranger Plugin Service installed on http://$RPS_HOST:$RPS_PORT/rps"
+  echo "Please use 'rps.sh start' to start the service"
+}
+
+case $actionCmd in
+  (init)
+    setup_rps
+    ;;
+  (start)
+    $CATALINA_HOME/bin/catalina.sh start "$@"
+    echo "Waiting for RPS service to start..."
+    sleep 15
+    ;;
+  (stop)
+    $CATALINA_HOME/bin/catalina.sh stop "$@"
+    echo "Waiting for RPS service to stop..."
+    sleep 10
+    ;;
+esac

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/scripts/rps_env.sh
----------------------------------------------------------------------
diff --git a/ranger-plugin/scripts/rps_env.sh b/ranger-plugin/scripts/rps_env.sh
new file mode 100755
index 0000000..ae36e8f
--- /dev/null
+++ b/ranger-plugin/scripts/rps_env.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+export CATALINA_HOME=/usr/lib/bigtop-tomcat
+export CATALINA_BASE=/usr/local/hawq/ranger/plugin-service
+
+export RANGER_ADMIN_HOST=${RANGER_ADMIN_HOST:-localhost}
+export RANGER_ADMIN_PORT=${RANGER_ADMIN_PORT:-6080}
+
+export RPS_HOST=${RPS_HOST:-localhost}
+export RPS_PORT=${RPS_PORT:-8432}
+export CATALINA_OPTS="-Dhttp.host=$RPS_HOST -Dhttp.port=$RPS_PORT"

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/pom.xml b/ranger-plugin/service/pom.xml
new file mode 100644
index 0000000..3f2f9f8
--- /dev/null
+++ b/ranger-plugin/service/pom.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.apache.hawq</groupId>
+    <artifactId>ranger-plugin-service</artifactId>
+    <packaging>war</packaging>
+    <name>HAWQ Ranger Service</name>
+    <description>HAWQ Ranger Service</description>
+    <parent>
+        <groupId>org.apache.hawq</groupId>
+        <artifactId>ranger-plugin</artifactId>
+        <version>2.1.0.0</version>
+        <relativePath>..</relativePath>
+    </parent>
+    <build>
+        <resources>
+            <resource>
+                <directory>src/main/resources</directory>
+                <filtering>true</filtering>
+            </resource>
+        </resources>
+        <plugins>
+            <plugin>
+                <!-- use mvn tomcat6:run-war to run the appserver with the app deployed -->
+                <groupId>org.apache.tomcat.maven</groupId>
+                <artifactId>tomcat6-maven-plugin</artifactId>
+                <version>2.2</version>
+                <configuration>
+                    <path>/rps</path>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.codehaus.jackson</groupId>
+            <artifactId>jackson-xc</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.ranger</groupId>
+            <artifactId>ranger-plugins-common</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-module-junit4</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-api-mockito</artifactId>
+        </dependency>
+    </dependencies>
+
+    
+</project>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/HawqAuthorizer.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/HawqAuthorizer.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/HawqAuthorizer.java
new file mode 100644
index 0000000..625ce50
--- /dev/null
+++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/HawqAuthorizer.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.authorization;
+
+import org.apache.hawq.ranger.authorization.model.AuthorizationRequest;
+import org.apache.hawq.ranger.authorization.model.AuthorizationResponse;
+
+/**
+ * Interface for making authorization decisions.
+ */
+public interface HawqAuthorizer {
+
+    /**
+     * Determines whether access should be allowed for the given authorization request.
+     * @param request authorization request
+     * @return authorization response
+     */
+    AuthorizationResponse isAccessAllowed(AuthorizationRequest request);
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java
new file mode 100644
index 0000000..04d6f99
--- /dev/null
+++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java
@@ -0,0 +1,263 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.authorization;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hawq.ranger.authorization.model.AuthorizationRequest;
+import org.apache.hawq.ranger.authorization.model.AuthorizationResponse;
+import org.apache.hawq.ranger.authorization.model.HawqPrivilege;
+import org.apache.hawq.ranger.authorization.model.HawqResource;
+import org.apache.hawq.ranger.authorization.model.ResourceAccess;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResult;
+import org.apache.ranger.plugin.service.RangerBasePlugin;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import static org.apache.hawq.ranger.authorization.Utils.HAWQ;
+
+/**
+ * Authorizer implementation that uses Ranger to make access decision. Implemented as a singleton.
+ */
+public class RangerHawqAuthorizer implements HawqAuthorizer {
+
+    private static final Log LOG = LogFactory.getLog(RangerHawqAuthorizer.class);
+
+    private static final RangerHawqAuthorizer INSTANCE = new RangerHawqAuthorizer();
+
+    private RangerBasePlugin rangerPlugin;
+
+    /**
+     * Returns the instance of the RangerHawqAuthorizer.
+     * @return the singleton instance
+     */
+    public static RangerHawqAuthorizer getInstance() {
+        return INSTANCE;
+    }
+
+    /**
+     * Constructor. Initializes Ranger Base Plugin to fetch policies from Ranger.
+     */
+    private RangerHawqAuthorizer() {
+
+        LOG.info("Initializing RangerHawqAuthorizer");
+
+        String appId = Utils.getAppId();
+
+        LOG.info(String.format("Initializing RangerBasePlugin for service %s:%s", HAWQ, appId));
+        rangerPlugin = new RangerBasePlugin(HAWQ, appId);
+        rangerPlugin.init();
+        LOG.info(String.format("Initialized RangerBasePlugin for service %s:%s", HAWQ, appId));
+    }
+
+    @Override
+    public AuthorizationResponse isAccessAllowed(AuthorizationRequest request) {
+
+        // validate request to make sure no data is missing
+        validateRequest(request);
+
+        // prepare response object
+        AuthorizationResponse response = new AuthorizationResponse();
+        response.setRequestId(request.getRequestId());
+        Set<ResourceAccess> access = new HashSet<>();
+        response.setAccess(access);
+
+        // iterate over resource requests, augment processed ones with the decision and add to the response
+        for (ResourceAccess resourceAccess : request.getAccess()) {
+            boolean accessAllowed = authorizeResource(resourceAccess, request.getUser());
+            resourceAccess.setAllowed(accessAllowed);
+            access.add(resourceAccess);
+        }
+
+        return response;
+    }
+
+    /**
+     * Authorizes access to a single resource for a given user.
+     *
+     * @param resourceAccess resource to authorize access to
+     * @param user user requesting authorization
+     * @return true if access is authorized, false otherwise
+     */
+    private boolean authorizeResource(ResourceAccess resourceAccess, String user) {
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(String.format("Request: access for user=%s to resource=%s with privileges=%s",
+                user, resourceAccess.getResource(), resourceAccess.getPrivileges()));
+        }
+
+        RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
+        //resource.setOwnerUser();
+        for (Map.Entry<HawqResource, String> resourceEntry : resourceAccess.getResource().entrySet()) {
+            rangerResource.setValue(resourceEntry.getKey().name(), resourceEntry.getValue());
+        }
+
+        boolean accessAllowed = true;
+        // iterate over all privileges requested
+        for (HawqPrivilege privilege : resourceAccess.getPrivileges()) {
+            // TODO not clear how we will get user groups -- Kerberos case ?
+            Set<String> userGroups = Collections.emptySet();
+            boolean privilegeAuthorized = authorizeResourcePrivilege(rangerResource, privilege.name(), user, userGroups);
+            // ALL model of evaluation -- all privileges must be authorized for access to be allowed
+            if (!privilegeAuthorized) {
+                accessAllowed = false;
+                break; // terminate early if even a single privilege is not authorized
+            }
+        }
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(String.format("Decision: accessAllowed=%s for user=%s to resource=%s with privileges=%s",
+                    accessAllowed, user, resourceAccess.getResource(), resourceAccess.getPrivileges()));
+        }
+
+        return accessAllowed;
+    }
+
+    /**
+     * Authorizes access of a given type (privilege) to a single resource for a given user.
+     *
+     * @param rangerResource resource to authorize access to
+     * @param accessType privilege requested for a given resource
+     * @param user user requesting authorization
+     * @param userGroups groups a user belongs to
+     * @return true if access is authorized, false otherwise
+     */
+    private boolean authorizeResourcePrivilege(RangerAccessResource rangerResource, String accessType, String user, Set<String> userGroups) {
+
+        Map<String, String> resourceMap = rangerResource.getAsMap();
+        String database = resourceMap.get(HawqResource.database.name());
+        String schema = resourceMap.get(HawqResource.schema.name());
+        int resourceSize = resourceMap.size();
+
+        // special handling for non-leaf policies
+        if (accessType.equals(HawqPrivilege.create.name()) && database != null && schema == null && resourceSize == 1) {
+            accessType = HawqPrivilege.create_schema.toValue();
+            LOG.debug("accessType mapped to: create-schema");
+        } else if (accessType.equals(HawqPrivilege.usage.name()) && database != null && schema != null && resourceSize == 2) {
+            accessType = HawqPrivilege.usage_schema.toValue();
+            LOG.debug("accessType mapped to: usage-schema");
+        }
+
+        RangerAccessRequest rangerRequest = new RangerAccessRequestImpl(rangerResource, accessType, user, userGroups);
+        RangerAccessResult result = rangerPlugin.isAccessAllowed(rangerRequest);
+        boolean accessAllowed = result != null && result.getIsAllowed();
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(String.format("--- RangerDecision: accessAllowed=%s for user=%s to resource=%s with privileges=%s, result present=%s",
+                    accessAllowed, user, rangerResource.getAsString(), accessType, result!=null));
+        }
+
+        return accessAllowed;
+    }
+
+    /**
+     * Validates that authorization requests do not have any missing data.
+     *
+     * @param request authorization request
+     * @throws IllegalArgumentException if any data is missing
+     */
+    private void validateRequest(AuthorizationRequest request) {
+        LOG.debug("Validating authorization request");
+
+        if (request == null) {
+            throw new IllegalArgumentException("request is null");
+        }
+
+        if (request.getRequestId() == null) {
+            throw new IllegalArgumentException("requestId field is missing or null in the request");
+        }
+
+        if (StringUtils.isEmpty(request.getUser())) {
+            throw new IllegalArgumentException("user field is missing or empty in the request");
+        }
+
+        if (StringUtils.isEmpty(request.getClientIp())) {
+            throw new IllegalArgumentException("clientIp field is missing or empty in the request");
+        }
+
+        if (StringUtils.isEmpty(request.getContext())) {
+            throw new IllegalArgumentException("context field is missing or empty in the request");
+        }
+
+        Set<ResourceAccess> accessSet = request.getAccess();
+        if (CollectionUtils.isEmpty(accessSet)) {
+            throw new IllegalArgumentException("access field is missing or empty in the request");
+        }
+
+        for (ResourceAccess access : accessSet) {
+            validateResourceAccess(access);
+        }
+
+        LOG.debug("Successfully validated authorization request");
+    }
+
+    /**
+     * Validates that resource access does not have any missing data.
+     *
+     * @param access resource access data
+     * @throws IllegalArgumentException if any data is missing
+     */
+    private void validateResourceAccess(ResourceAccess access) {
+        Map<HawqResource, String> resourceMap = access.getResource();
+        if  (MapUtils.isEmpty(resourceMap)) {
+            throw new IllegalArgumentException("resource field is missing or empty in the request");
+        }
+        for (Map.Entry<HawqResource, String> resourceEntry : resourceMap.entrySet()) {
+            if (StringUtils.isEmpty(resourceEntry.getValue())) {
+                throw new IllegalArgumentException(
+                        String.format("resource value is missing for key=%s in the request", resourceEntry.getKey())
+                );
+            }
+        }
+        if (CollectionUtils.isEmpty(access.getPrivileges())) {
+            throw new IllegalArgumentException("set of privileges is missing empty in the request");
+        }
+    }
+
+
+
+    /**
+     * Sets an instance of the Ranger Plugin for testing.
+     *
+     * @param plugin plugin instance to use while testing
+     */
+    void setRangerPlugin(RangerBasePlugin plugin) {
+        rangerPlugin = plugin;
+    }
+
+    /**
+     * Returns the instance of the Ranger Plugin for testing.
+     *
+     * @return BaseRangerPlugin instance
+     */
+    RangerBasePlugin getRangerPlugin() {
+        return rangerPlugin;
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqPluginResource.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqPluginResource.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqPluginResource.java
new file mode 100644
index 0000000..26a7660
--- /dev/null
+++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqPluginResource.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.authorization;
+
+import com.sun.jersey.spi.resource.Singleton;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hawq.ranger.authorization.model.AuthorizationRequest;
+import org.apache.hawq.ranger.authorization.model.AuthorizationResponse;
+
+import javax.ws.rs.*;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.util.Date;
+
+/**
+ * JAX-RS resource for the authorization endpoint.
+ */
+@Path("/")
+@Singleton
+public class RangerHawqPluginResource {
+
+    private static final Log LOG = LogFactory.getLog(RangerHawqPluginResource.class);
+
+    private HawqAuthorizer authorizer;
+    private String version;
+
+    /**
+     * Constructor. Creates a new instance of the resource that uses <code>RangerHawqAuthorizer</code>.
+     */
+    public RangerHawqPluginResource() {
+        this.authorizer = RangerHawqAuthorizer.getInstance();
+    }
+
+
+    @Path("/version")
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    public Response version()
+    {
+        String output = "{\"version\":\"" + Utils.getVersion() + "\"}";
+        return Response.status(200).entity(output).build();
+    }
+
+    /**
+     * Authorizes a request to access protected resources with requested privileges.
+     * @param request authorization request
+     * @return authorization response
+     */
+    @POST
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    public AuthorizationResponse authorize(AuthorizationRequest request)
+    {
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Received authorization request: " + request);
+        }
+
+        // exceptions are handled by ServiceExceptionMapper
+        AuthorizationResponse response = authorizer.isAccessAllowed(request);
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Returning authorization response: " + response);
+        }
+        return response;
+    }
+}
+
+

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/ServiceExceptionMapper.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/ServiceExceptionMapper.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/ServiceExceptionMapper.java
new file mode 100644
index 0000000..b983d72
--- /dev/null
+++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/ServiceExceptionMapper.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.authorization;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.ExceptionMapper;
+import javax.ws.rs.ext.Provider;
+
+/**
+ * Maps service exceptions to HTTP response.
+ */
+@Provider
+public class ServiceExceptionMapper implements ExceptionMapper<Throwable> {
+
+    private static final Log LOG = LogFactory.getLog(ServiceExceptionMapper.class);
+
+    @Override
+    public Response toResponse(Throwable e) {
+
+        LOG.error("Service threw an exception: ", e);
+
+        // default to internal server error (HTTP 500)
+        Response.Status status = Response.Status.INTERNAL_SERVER_ERROR;
+
+        if (e instanceof IllegalArgumentException) {
+            status = Response.Status.BAD_REQUEST;
+        }
+
+        ErrorPayload error = new ErrorPayload(status.getStatusCode(), e.getMessage());
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(String.format("Returning error response: status=%s message=%s",
+                                    error.getStatus(), error.getMessage()));
+        }
+
+        return Response.status(status)
+                .entity(error)
+                .type(MediaType.APPLICATION_JSON)
+                .build();
+    }
+
+    /**
+     * Represents payload to be serialized as JSON into response.
+     */
+    public static class ErrorPayload {
+        private int status;
+        private String message;
+
+        /**
+         * Constructor.
+         * @param status HTTP error status
+         * @param message error message
+         */
+        public ErrorPayload(int status, String message) {
+            this.status = status;
+            this.message = message;
+        }
+
+        /**
+         * Returns status code
+         * @return status code
+         */
+        public int getStatus() {
+            return status;
+        }
+
+        /**
+         * Returns error message
+         * @return error message
+         */
+        public String getMessage() {
+            return message;
+        }
+
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java
new file mode 100644
index 0000000..86f7fc4
--- /dev/null
+++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.authorization;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+/**
+ * Utility class for reading values from the property file.
+ */
+public abstract class Utils {
+
+    public static final String HAWQ = "hawq";
+    public static final String UNKNOWN = "unknown";
+    public static final String APP_ID_PROPERTY = "ranger.hawq.instance";
+    public static final String VERSION_PROPERTY = "version";
+    public static final String RANGER_SERVICE_PROPERTY_FILE = "rps.properties";
+
+    private static final Log LOG = LogFactory.getLog(Utils.class);
+    private static final Properties properties = readPropertiesFromFile();
+
+    /**
+     * Retrieves the app id from the environment variable with the key ranger.hawq.instance
+     * or from the rps.properties file with the key ranger.hawq.instance
+     *
+     * If none exist, hawq is used as the default
+     *
+     * @return String id of the app
+     */
+    public static String getAppId() {
+        return System.getProperty(APP_ID_PROPERTY, properties.getProperty(APP_ID_PROPERTY, HAWQ));
+    }
+
+    /**
+     * Retrieves the version read from the property file.
+     *
+     * If none exist, unknown is used as the default
+     *
+     * @return version of the service
+     */
+    public static String getVersion() {
+        return properties.getProperty(VERSION_PROPERTY, UNKNOWN);
+    }
+
+    /**
+     * Reads properties from the property file.
+     * @return properties read from the file
+     */
+    private static Properties readPropertiesFromFile() {
+        Properties prop = new Properties();
+        InputStream inputStream = Utils.class.getClassLoader().getResourceAsStream(RANGER_SERVICE_PROPERTY_FILE);
+        try {
+            prop.load(inputStream);
+        } catch (IOException e) {
+            LOG.error("Failed to read from: " + RANGER_SERVICE_PROPERTY_FILE);
+        }
+        return prop;
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/AuthorizationRequest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/AuthorizationRequest.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/AuthorizationRequest.java
new file mode 100644
index 0000000..6e8ab4f
--- /dev/null
+++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/AuthorizationRequest.java
@@ -0,0 +1,115 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.authorization.model;
+
+import java.util.Set;
+
+/**
+ * Model for submitting an authorization request for multiple resources.
+ */
+public class AuthorizationRequest {
+
+    private Integer requestId;
+    private String user;
+    private String clientIp;
+    private String context;
+    private Set<ResourceAccess> access;
+
+    /**
+     * Returns request id.
+     * @return id of the request
+     */
+    public Integer getRequestId() {
+        return requestId;
+    }
+
+    /**
+     * Sets request id.
+     * @param requestId id of the request
+     */
+    public void setRequestId(Integer requestId) {
+        this.requestId = requestId;
+    }
+
+    /**
+     * Returns user name for the user submitting the access request.
+     * @return name of the user
+     */
+    public String getUser() {
+        return user;
+    }
+
+    /**
+     * Sets user name for the user submitting the access request.
+     * @param user name of the user
+     */
+    public void setUser(String user) {
+        this.user = user;
+    }
+
+    /**
+     * Returns IP address of the client where the user request is made from.
+     * @return IP address of the user's client
+     */
+    public String getClientIp() {
+        return clientIp;
+    }
+
+    /**
+     * Sets IP address of the client where the user request is made from.
+     * @param clientIp IP address of the user's client
+     */
+    public void setClientIp(String clientIp) {
+        this.clientIp = clientIp;
+    }
+
+    /**
+     * Returns context of the request, usually a SQL query that the user ran
+     * @return context of the request
+     */
+    public String getContext() {
+        return context;
+    }
+
+    /**
+     * Sets the context of the request, usually a SQL query that the user ran
+     * @param context context of the request
+     */
+    public void setContext(String context) {
+        this.context = context;
+    }
+
+    /**
+     * Returns a set of <code>ResourceAccess</code> objects.
+     * @return s set of <code>ResourceAccess</code> objects
+     */
+    public Set<ResourceAccess> getAccess() {
+        return access;
+    }
+
+    /**
+     * Sets <code>ResourceAccess</code> objects
+     * @param access a set of <code>ResourceAccess</code> objects
+     */
+    public void setAccess(Set<ResourceAccess> access) {
+        this.access = access;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/AuthorizationResponse.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/AuthorizationResponse.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/AuthorizationResponse.java
new file mode 100644
index 0000000..f989b8d
--- /dev/null
+++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/AuthorizationResponse.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.authorization.model;
+
+import java.util.Set;
+
+/**
+ *  Model for response containing authorization decisions for access to multiple resources.
+ */
+public class AuthorizationResponse {
+
+    private Integer requestId;
+    private Set<ResourceAccess> access;
+
+    /**
+     * Returns request id.
+     * @return id of the request
+     */
+    public Integer getRequestId() {
+        return requestId;
+    }
+
+    /**
+     * Sets request id.
+     * @param requestId id of the request
+     */
+    public void setRequestId(Integer requestId) {
+        this.requestId = requestId;
+    }
+
+    /**
+     * Returns a set of <code>ResourceAccess</code> objects.
+     * @return a set of <code>ResourceAccess</code> objects
+     */
+    public Set<ResourceAccess> getAccess() {
+        return access;
+    }
+
+    /**
+     * Sets <code>ResourceAccess</code> objects
+     * @param access a set of <code>ResourceAccess</code> objects
+     */
+    public void setAccess(Set<ResourceAccess> access) {
+        this.access = access;
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/HawqPrivilege.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/HawqPrivilege.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/HawqPrivilege.java
new file mode 100644
index 0000000..ffce67a
--- /dev/null
+++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/HawqPrivilege.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.authorization.model;
+
+import org.codehaus.jackson.annotate.JsonCreator;
+import org.codehaus.jackson.annotate.JsonValue;
+
+/**
+ *  Model enumeration of types of HAWQ privileges.
+ */
+public enum HawqPrivilege {
+    select,
+    insert,
+    update,
+    delete,
+    references,
+    usage,
+    create,
+    connect,
+    execute,
+    temp,
+    create_schema,
+    usage_schema,
+    all;
+
+    /**
+     * Returns HawqPrivilege type by case-insensitive lookup of the value.
+     * @param key case insensitive string representation of the privilege
+     * @return instance of HawqPrivilege
+     */
+    @JsonCreator
+    public static HawqPrivilege fromString(String key) {
+        return key == null ? null : HawqPrivilege.valueOf(key.replace('-', '_').toLowerCase());
+    }
+
+    /**
+     * Returns string representation of the enum, replaces underscores with dashes.
+     * @return string representation of the enum
+     */
+    @JsonValue
+    public String toValue() {
+        return name().replace('_', '-');
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/HawqResource.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/HawqResource.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/HawqResource.java
new file mode 100644
index 0000000..c9de4e7
--- /dev/null
+++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/HawqResource.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.authorization.model;
+
+import org.codehaus.jackson.annotate.JsonCreator;
+
+/**
+ * Model enumeration of types of HAWQ resources.
+ */
+public enum HawqResource {
+    database,
+    schema,
+    table,
+    sequence,
+    function,
+    language,
+    tablespace,
+    protocol;
+
+    /**
+     * Returns HawqResource type by case-insensitive lookup of the value.
+     * @param key case insensitive string representation of the resource
+     * @return instance of HawqResource
+     */
+    @JsonCreator
+    public static HawqResource fromString(String key) {
+        return key == null ? null : HawqResource.valueOf(key.toLowerCase());
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/ResourceAccess.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/ResourceAccess.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/ResourceAccess.java
new file mode 100644
index 0000000..df1631a
--- /dev/null
+++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/model/ResourceAccess.java
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.hawq.ranger.authorization.model;
+
+import org.apache.commons.lang.builder.ToStringBuilder;
+
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+
+/**
+ * Model object for requesting access to a single resource.
+ */
+public class ResourceAccess {
+
+    private Map<HawqResource, String> resource;
+    private Set<HawqPrivilege> privileges;
+    private boolean allowed = false;
+
+    public Set<HawqPrivilege> getPrivileges() {
+        return privileges;
+    }
+
+    public void setPrivileges(Set<HawqPrivilege> privileges) {
+        this.privileges = privileges;
+    }
+
+    public boolean isAllowed() {
+        return allowed;
+    }
+
+    public void setAllowed(boolean allowed) {
+        this.allowed = allowed;
+    }
+
+    public Map<HawqResource, String> getResource() {
+        return resource;
+    }
+
+    public void setResource(Map<HawqResource, String> resource) {
+        this.resource = resource;
+    }
+
+    @Override
+    public String toString() {
+        return new ToStringBuilder(this)
+                .append("resource", resource)
+                .append("privileges", privileges)
+                .append("allowed", allowed)
+                .toString();
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        ResourceAccess that = (ResourceAccess) o;
+        return allowed == that.allowed &&
+                Objects.equals(resource, that.resource) &&
+                Objects.equals(privileges, that.privileges);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(resource, privileges, allowed);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/resources/log4j.properties b/ranger-plugin/service/src/main/resources/log4j.properties
new file mode 100644
index 0000000..6bbdaed
--- /dev/null
+++ b/ranger-plugin/service/src/main/resources/log4j.properties
@@ -0,0 +1,42 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# see debug messages during unit tests
+project.root.logger=DEBUG,console
+
+# suppress all logging output during unit tests
+#project.root.logger=FATAL,devnull
+
+#
+# Loggers
+#
+log4j.rootLogger=${project.root.logger}
+
+# ignore most errors from the Apache Ranger and Hadoop for unit tests
+log4j.logger.org.apache.ranger=FATAL
+log4j.logger.org.apache.hadoop=FATAL
+
+#
+# Appenders
+#
+
+# nothing
+log4j.appender.devnull=org.apache.log4j.varia.NullAppender
+
+# console
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.target=System.err
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/resources/ranger-hawq-security.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/resources/ranger-hawq-security.xml b/ranger-plugin/service/src/main/resources/ranger-hawq-security.xml
new file mode 100644
index 0000000..46dd75d
--- /dev/null
+++ b/ranger-plugin/service/src/main/resources/ranger-hawq-security.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+    <property>
+        <name>ranger.plugin.hawq.service.name</name>
+        <value>hawq</value>
+        <description>
+            Name of the Ranger service containing policies for this HAWQ instance
+        </description>
+    </property>
+
+    <property>
+        <name>ranger.plugin.hawq.policy.source.impl</name>
+        <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
+        <description>
+            Class to retrieve policies from the source
+        </description>
+    </property>
+
+    <property>
+        <name>ranger.plugin.hawq.policy.rest.url</name>
+        <value>http://localhost:6080</value>
+        <description>
+            URL to Ranger Admin
+        </description>
+    </property>
+
+    <property>
+        <name>ranger.plugin.hawq.policy.rest.ssl.config.file</name>
+        <value>/usr/local/hawq/ranger/etc/ranger-policymgr-ssl.xml</value>
+        <description>
+            Path to the file containing SSL details to contact Ranger Admin
+        </description>
+    </property>
+
+    <property>
+        <name>ranger.plugin.hawq.policy.pollIntervalMs</name>
+        <value>30000</value>
+        <description>
+            How often to poll for changes in policies?
+        </description>
+    </property>
+
+    <property>
+        <name>ranger.plugin.hawq.policy.cache.dir</name>
+        <value>/usr/local/hawq/ranger/policycache</value>
+        <description>
+            Directory where Ranger policies are cached after successful retrieval from the source
+        </description>
+    </property>
+
+    <!--
+    <property>
+        <name>xasecure.hive.update.xapolicies.on.grant.revoke</name>
+        <value>true</value>
+        <description>Should Hive plugin update Ranger policies for updates to permissions done using GRANT/REVOKE?</description>
+    </property>
+    -->
+    <property>
+        <name>ranger.plugin.hawq.policy.rest.client.connection.timeoutMs</name>
+        <value>120000</value>
+        <description>
+            RangerRESTClient Connection Timeout in Milliseconds
+        </description>
+    </property>
+
+    <property>
+        <name>ranger.plugin.hawq.policy.rest.client.read.timeoutMs</name>
+        <value>30000</value>
+        <description>
+            RangerRESTClient read Timeout in Milliseconds
+        </description>
+    </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/resources/rps.properties
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/resources/rps.properties b/ranger-plugin/service/src/main/resources/rps.properties
new file mode 100644
index 0000000..9e2b1f4
--- /dev/null
+++ b/ranger-plugin/service/src/main/resources/rps.properties
@@ -0,0 +1,17 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ranger.hawq.instance=hawq
+version=${project.version}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml b/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..36c976f
--- /dev/null
+++ b/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<web-app version="3.0"
+         xmlns="http://java.sun.com/xml/ns/javaee"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
+
+    <!--
+        This is the HAWQ Ranger Plugin Service webapp xml descriptor
+
+        servlet-class	Jersey entrypoint class
+        init-param		com.sun.jersey.config.property.packages
+                            Tells Jersey where are the REST components of this webapp
+                        jersey.config.server.provider.scanning.recursive
+                            Tells Jersey to recusively scan package for REST resources
+        load-on-startup	Initialize the webapp on app server startup
+        servlet-mapping	Maps the path of the servlet (ranger-plugin/*)
+        listener		A class called after the webapp was initialized and before it's about to go down
+    -->
+
+    <servlet>
+        <servlet-name>HAWQ_Ranger_Plugin_Service</servlet-name>
+        <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
+        <init-param>
+            <param-name>com.sun.jersey.config.property.packages</param-name>
+            <param-value>org.apache.hawq.ranger.authorization</param-value>
+        </init-param>
+        <init-param>
+            <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>HAWQ_Ranger_Plugin_Service</servlet-name>
+        <url-pattern>/*</url-pattern>
+    </servlet-mapping>
+
+    <!--
+    <listener>
+        <listener-class>org.apache.hawq.pxf.service.rest.ServletLifecycleListener</listener-class>
+    </listener>
+    -->
+    <!-- log4j configuration
+         Log4jConfigListener looks for a file under log4jConfigLocation.
+         When not using absolute path, the path starts from the webapp root directory.
+         If this file cannot be read, log4j will revert to using the default
+         pxf-log4j.properties inside the webapp. -->
+    <context-param>
+        <param-name>log4jConfigLocation</param-name>
+        <param-value>/etc/pxf/conf/pxf-log4j.properties</param-value>
+    </context-param>
+</web-app>

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/7f36b35b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizerAppIdTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizerAppIdTest.java b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizerAppIdTest.java
new file mode 100644
index 0000000..461864e
--- /dev/null
+++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizerAppIdTest.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hawq.ranger.authorization;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Mockito.when;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(Utils.class)
+public class RangerHawqAuthorizerAppIdTest {
+
+    @Test
+    public void testAppIdIsSet() {
+        PowerMockito.mockStatic(Utils.class);
+        when(Utils.getAppId()).thenReturn("foo");
+        assertEquals("foo", RangerHawqAuthorizer.getInstance().getRangerPlugin().getAppId());
+    }
+}


Mime
View raw message