ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [4/4] incubator-ranger git commit: RANGER-203: updates to RangerPolicyResource per comments from Alok. PolicyEngine updated to return the result in RangerAccessResult, instead of Boolean.
Date Sat, 20 Dec 2014 01:27:30 GMT
RANGER-203: updates to RangerPolicyResource per comments from Alok. PolicyEngine updated to
return the result in RangerAccessResult, instead of Boolean.


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2242c441
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2242c441
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2242c441

Branch: refs/heads/stack
Commit: 2242c44183f2ecb1a631db9d7b483119d59e7c3c
Parents: 941ae69
Author: Madhan Neethiraj <madhan@apache.org>
Authored: Fri Dec 19 17:24:01 2014 -0800
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Fri Dec 19 17:24:01 2014 -0800

----------------------------------------------------------------------
 .../ranger/plugin/model/RangerPolicy.java       | 94 +++++++++++---------
 .../plugin/policyengine/RangerAccessResult.java | 62 +++++++++++++
 .../plugin/policyengine/RangerPolicyEngine.java |  8 +-
 .../policyengine/RangerPolicyEngineImpl.java    | 13 ++-
 .../plugin/manager/TestServiceManager.java      |  2 +-
 .../org/apache/ranger/common/ServiceUtil.java   | 72 ++++++++++-----
 6 files changed, 171 insertions(+), 80 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2242c441/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
index 13a9c4d..57b52cc 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
@@ -21,6 +21,8 @@ package org.apache.ranger.plugin.model;
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
@@ -40,13 +42,13 @@ import org.codehaus.jackson.map.annotate.JsonSerialize;
 public class RangerPolicy extends RangerBaseModelObject implements java.io.Serializable {
 	private static final long serialVersionUID = 1L;
 
-	private String                     service        = null;
-	private String                     name           = null;
-	private String                     description    = null;
-	private Boolean                    isEnabled      = null;
-	private Boolean                    isAuditEnabled = null;
-	private List<RangerPolicyResource> resources      = null;
-	private List<RangerPolicyItem>     policyItems    = null;
+	private String                            service        = null;
+	private String                            name           = null;
+	private String                            description    = null;
+	private Boolean                           isEnabled      = null;
+	private Boolean                           isAuditEnabled = null;
+	private Map<String, RangerPolicyResource> resources      = null;
+	private List<RangerPolicyItem>            policyItems    = null;
 
 
 	/**
@@ -63,7 +65,7 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
 	 * @param isEnabled
 	 * @param configs
 	 */
-	public RangerPolicy(String service, String name, String description, Boolean isEnabled,
List<RangerPolicyResource> resources, List<RangerPolicyItem> policyItems) {
+	public RangerPolicy(String service, String name, String description, Boolean isEnabled,
Map<String, RangerPolicyResource> resources, List<RangerPolicyItem> policyItems)
{
 		super();
 
 		setService(service);
@@ -160,19 +162,19 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
 	/**
 	 * @return the resources
 	 */
-	public List<RangerPolicyResource> getResources() {
+	public Map<String, RangerPolicyResource> getResources() {
 		return resources;
 	}
 
 	/**
 	 * @param configs the resources to set
 	 */
-	public void setResources(List<RangerPolicyResource> resources) {
-		this.resources = new ArrayList<RangerPolicyResource>();
+	public void setResources(Map<String, RangerPolicyResource> resources) {
+		this.resources = new HashMap<String, RangerPolicyResource>();
 
 		if(resources != null) {
-			for(RangerPolicyResource resource : resources) {
-				this.resources.add(resource);
+			for(Map.Entry<String, RangerPolicyResource> e : resources.entrySet()) {
+				this.resources.put(e.getKey(), e.getValue());
 			}
 		}
 	}
@@ -219,10 +221,10 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
 
 		sb.append("resources={");
 		if(resources != null) {
-			for(RangerPolicyResource resource : resources) {
-				if(resource != null) {
-					resource.toString(sb);
-				}
+			for(Map.Entry<String, RangerPolicyResource> e : resources.entrySet()) {
+				sb.append(e.getKey()).append("={");
+				e.getValue().toString(sb);
+				sb.append("} ");
 			}
 		}
 		sb.append("} ");
@@ -246,49 +248,48 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
 	public static class RangerPolicyResource implements java.io.Serializable {
 		private static final long serialVersionUID = 1L;
 
-		private String  type       = null;
-		private String  value      = null;
-		private Boolean isExcludes = null;
-		private Boolean isRecursive = null;
+		private List<String> values      = null;
+		private Boolean      isExcludes = null;
+		private Boolean      isRecursive = null;
 
 
 		public RangerPolicyResource() {
-			this(null, null, null, null);
+			this((List<String>)null, null, null);
 		}
 
-		public RangerPolicyResource(String type, String value, Boolean isExcludes, Boolean isRecursive)
{
-			setType(type);
-			setValue(value);
+		public RangerPolicyResource(String value, Boolean isExcludes, Boolean isRecursive) {
+			List<String> values = new ArrayList<String>();
+			values.add(value);
+
+			setValues(values);
 			setIsExcludes(isExcludes);
 			setIsRecursive(isRecursive);
 		}
 
-		/**
-		 * @return the type
-		 */
-		public String getType() {
-			return type;
+		public RangerPolicyResource(List<String> values, Boolean isExcludes, Boolean isRecursive)
{
+			setValues(values);
+			setIsExcludes(isExcludes);
+			setIsRecursive(isRecursive);
 		}
 
 		/**
-		 * @param type the type to set
+		 * @return the values
 		 */
-		public void setType(String type) {
-			this.type = type;
+		public List<String> getValues() {
+			return values;
 		}
 
 		/**
-		 * @return the value
+		 * @param values the values to set
 		 */
-		public String getValue() {
-			return value;
-		}
+		public void setValues(List<String> values) {
+			this.values = new ArrayList<String>();
 
-		/**
-		 * @param value the value to set
-		 */
-		public void setValue(String value) {
-			this.value = value;
+			if(values != null) {
+				for(String value : values) {
+					this.values.add(value);
+				}
+			}
 		}
 
 		/**
@@ -330,8 +331,13 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria
 
 		public StringBuilder toString(StringBuilder sb) {
 			sb.append("RangerPolicyResource={");
-			sb.append("type={").append(type).append("} ");
-			sb.append("value={").append(value).append("} ");
+			sb.append("values={");
+			if(values != null) {
+				for(String value : values) {
+					sb.append(value).append(" ");
+				}
+			}
+			sb.append("} ");
 			sb.append("isExcludes={").append(isExcludes).append("} ");
 			sb.append("isRecursive={").append(isRecursive).append("} ");
 			sb.append("}");

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2242c441/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
new file mode 100644
index 0000000..bf17e86
--- /dev/null
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+
+public class RangerAccessResult {
+	private RangerAccessRequest request;
+	private boolean             isAllowed;
+	private boolean             auditAccess;
+	private long                policyId;
+	private String              reason;
+
+
+	public RangerAccessResult(RangerAccessRequest request, boolean isAllowed, boolean auditAccess)
{
+		this(request, isAllowed, auditAccess, -1, null);
+	}
+
+	public RangerAccessResult(RangerAccessRequest request, boolean isAllowed, boolean auditAccess,
long policyId, String reason) {
+		this.request     = request;
+		this.isAllowed   = isAllowed;
+		this.auditAccess = auditAccess;
+		this.policyId    = policyId;
+		this.reason      = reason;
+	}
+
+	public RangerAccessRequest getRequest() {
+		return request;
+	}
+
+	public boolean isAllowed() {
+		return isAllowed;
+	}
+
+	public boolean auditAccess() {
+		return auditAccess;
+	}
+
+	public long getPolicyId() {
+		return policyId;
+	}
+
+	public String getReason() {
+		return reason;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2242c441/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
index aee6716..cf2a5f3 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
@@ -22,11 +22,11 @@ package org.apache.ranger.plugin.policyengine;
 import java.util.List;
 
 public interface RangerPolicyEngine {
-	boolean isAccessAllowed(RangerAccessRequest request);
+	RangerAccessResult isAccessAllowed(RangerAccessRequest request);
 
-	boolean isAccessAllowed(List<RangerAccessRequest> requests, List<Boolean> results);
+	void isAccessAllowed(List<RangerAccessRequest> requests, List<RangerAccessResult>
results);
 
-	void auditAccess(RangerAccessRequest request);
+	void auditAccess(RangerAccessResult result);
 
-	void auditAccess(List<RangerAccessRequest> requests, List<Boolean> results);
+	void auditAccess(List<RangerAccessResult> results);
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2242c441/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index 71274f3..49cf364 100644
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -87,27 +87,24 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
 	}
 
 	@Override
-	public boolean isAccessAllowed(RangerAccessRequest request) {
+	public RangerAccessResult isAccessAllowed(RangerAccessRequest request) {
 		// TODO Auto-generated method stub
-		return false;
+		return null;
 	}
 
 	@Override
-	public boolean isAccessAllowed(List<RangerAccessRequest> requests,
-			List<Boolean> results) {
+	public void isAccessAllowed(List<RangerAccessRequest> requests, List<RangerAccessResult>
results) {
 		// TODO Auto-generated method stub
-		return false;
 	}
 
 	@Override
-	public void auditAccess(RangerAccessRequest request) {
+	public void auditAccess(RangerAccessResult result) {
 		// TODO Auto-generated method stub
 		
 	}
 
 	@Override
-	public void auditAccess(List<RangerAccessRequest> requests,
-			List<Boolean> results) {
+	public void auditAccess(List<RangerAccessResult> results) {
 		// TODO Auto-generated method stub
 		
 	}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2242c441/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java
b/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java
index b2e12a1..4263f59 100644
--- a/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java
+++ b/plugin-common/src/test/java/org/apache/ranger/plugin/manager/TestServiceManager.java
@@ -117,7 +117,7 @@ public class TestServiceManager {
 		int initPolicyCount = policies == null ? 0 : policies.size();
 
 		RangerPolicy policy = new RangerPolicy(updatedSvc.getName(), policyName, "test policy description",
Boolean.TRUE, null, null);
-		policy.getResources().add(new RangerPolicyResource("path", "/demo/test/finance", Boolean.FALSE,
Boolean.TRUE));
+		policy.getResources().put("path", new RangerPolicyResource("/demo/test/finance", Boolean.FALSE,
Boolean.TRUE));
 
 		RangerPolicyItem item1 = new RangerPolicyItem();
 		item1.getAccesses().add(new RangerPolicyItemAccess("read", Boolean.TRUE));

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2242c441/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
index 8a990da..62a65c3 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
@@ -232,26 +232,30 @@ public class ServiceUtil {
 		}
 		ret.setAuditList(auditList);
 
-		for(RangerPolicy.RangerPolicyResource res : policy.getResources()) {
-			if(res.getType().equalsIgnoreCase("path")) {
-				ret.setName(addResource(ret.getName(), res.getValue()));
+		for(Map.Entry<String, RangerPolicy.RangerPolicyResource> e : policy.getResources().entrySet())
{
+			RangerPolicy.RangerPolicyResource res       = e.getValue();
+			String                            resType   = e.getKey();
+			String                            resString = getResourceString(res.getValues());
+
+			if(resType.equalsIgnoreCase("path")) {
+				ret.setName(resString);
 				ret.setIsRecursive(Boolean.TRUE.equals(res.getIsRecursive()) ? RangerCommonEnums.BOOL_TRUE
: RangerCommonEnums.BOOL_FALSE);
-			} else if(res.getType().equalsIgnoreCase("table")) {
-				ret.setTables(addResource(ret.getTables(), res.getValue()));
+			} else if(resType.equalsIgnoreCase("table")) {
+				ret.setTables(resString);
 				ret.setTableType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION
: RangerCommonEnums.POLICY_INCLUSION);
-			} else if(res.getType().equalsIgnoreCase("column-family")) {
-				ret.setColumnFamilies(addResource(ret.getColumnFamilies(), res.getValue()));
-			} else if(res.getType().equalsIgnoreCase("column")) {
-				ret.setColumns(addResource(ret.getColumns(), res.getValue()));
+			} else if(resType.equalsIgnoreCase("column-family")) {
+				ret.setColumnFamilies(resString);
+			} else if(resType.equalsIgnoreCase("column")) {
+				ret.setColumns(resString);
 				ret.setColumnType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION
: RangerCommonEnums.POLICY_INCLUSION);
-			} else if(res.getType().equalsIgnoreCase("database")) {
-				ret.setDatabases(addResource(ret.getDatabases(), res.getValue()));
-			} else if(res.getType().equalsIgnoreCase("udf")) {
-				ret.setUdfs(addResource(ret.getUdfs(), res.getValue()));
-			} else if(res.getType().equalsIgnoreCase("topology")) {
-				ret.setTopologies(addResource(ret.getTopologies(), res.getValue()));
-			} else if(res.getType().equalsIgnoreCase("service")) {
-				ret.setServices(addResource(ret.getServices(), res.getValue()));
+			} else if(resType.equalsIgnoreCase("database")) {
+				ret.setDatabases(resString);
+			} else if(resType.equalsIgnoreCase("udf")) {
+				ret.setUdfs(resString);
+			} else if(resType.equalsIgnoreCase("topology")) {
+				ret.setTopologies(resString);
+			} else if(resType.equalsIgnoreCase("service")) {
+				ret.setServices(resString);
 			}
 		}
 
@@ -308,12 +312,22 @@ public class ServiceUtil {
 		return ret;
 	}
 
-	private List<RangerPolicy.RangerPolicyResource> toRangerResourceList(String resourceString,
String resourceType, Boolean isExcludes, Boolean isRecursive, List<RangerPolicy.RangerPolicyResource>
resList) {
-		List<RangerPolicy.RangerPolicyResource> ret = resList == null ? new ArrayList<RangerPolicy.RangerPolicyResource>()
: resList;
+	private Map<String, RangerPolicy.RangerPolicyResource> toRangerResourceList(String
resourceString, String resourceType, Boolean isExcludes, Boolean isRecursive, Map<String,
RangerPolicy.RangerPolicyResource> resources) {
+		Map<String, RangerPolicy.RangerPolicyResource> ret = resources == null ? new HashMap<String,
RangerPolicy.RangerPolicyResource>() : resources;
 
 		if(resourceString != null) {
-			for(String resource : resourceString.split(",")) {
-				ret.add(new RangerPolicy.RangerPolicyResource(resourceType, resource, isExcludes, isRecursive));
+			RangerPolicy.RangerPolicyResource resource = ret.get(resourceType);
+
+			if(resource == null) {
+				resource = new RangerPolicy.RangerPolicyResource();
+				resource.setIsExcludes(isExcludes);
+				resource.setIsRecursive(isRecursive);
+
+				ret.put(resourceType, resource);
+			}
+
+			for(String res : resourceString.split(",")) {
+				resource.getValues().add(res);
 			}
 		}
 
@@ -392,8 +406,20 @@ public class ServiceUtil {
 		return ret;
 	}
 	
-	private String addResource(String currentVal, String valToAdd) {
-		return (currentVal == null || currentVal.isEmpty()) ? valToAdd : (currentVal + "," + valToAdd);
+	private String getResourceString(List<String> values) {
+		String ret = null;
+
+		if(values != null) {
+			for(String value : values) {
+				if(ret == null) {
+					ret = value;
+				} else if(value != null) {
+					ret += ("," + value);
+				}
+			}
+		}
+
+		return ret;
 	}
 
 	private String getUserName(VXPermMap permMap) {


Mime
View raw message