ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [5/8] incubator-ranger git commit: RANGER-203: moved pluggable-service-model implementation from plugin-common to exiting project ranger-plugin-common
Date Sat, 31 Jan 2015 20:38:48 GMT
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
new file mode 100644
index 0000000..f1c8adf
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
@@ -0,0 +1,125 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+
+import java.util.Date;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class ServicePolicies implements java.io.Serializable {
+	private static final long serialVersionUID = 1L;
+
+	private String             serviceName;
+	private Long               serviceId;
+	private RangerServiceDef   serviceDef;
+	private Long               policyVersion;
+	private Date               policyUpdateTime;
+	private List<RangerPolicy> policies;
+
+
+	/**
+	 * @return the serviceName
+	 */
+	public String getServiceName() {
+		return serviceName;
+	}
+	/**
+	 * @param serviceName the serviceName to set
+	 */
+	public void setServiceName(String serviceName) {
+		this.serviceName = serviceName;
+	}
+	/**
+	 * @return the serviceId
+	 */
+	public Long getServiceId() {
+		return serviceId;
+	}
+	/**
+	 * @param serviceId the serviceId to set
+	 */
+	public void setServiceId(Long serviceId) {
+		this.serviceId = serviceId;
+	}
+	/**
+	 * @return the serviceDef
+	 */
+	public RangerServiceDef getServiceDef() {
+		return serviceDef;
+	}
+	/**
+	 * @param serviceDef the serviceDef to set
+	 */
+	public void setServiceDef(RangerServiceDef serviceDef) {
+		this.serviceDef = serviceDef;
+	}
+	/**
+	 * @return the policyVersion
+	 */
+	public Long getPolicyVersion() {
+		return policyVersion;
+	}
+	/**
+	 * @param policyVersion the policyVersion to set
+	 */
+	public void setPolicyVersion(Long policyVersion) {
+		this.policyVersion = policyVersion;
+	}
+	/**
+	 * @return the policyUpdateTime
+	 */
+	public Date getPolicyUpdateTime() {
+		return policyUpdateTime;
+	}
+	/**
+	 * @param policyUpdateTime the policyUpdateTime to set
+	 */
+	public void setPolicyUpdateTime(Date policyUpdateTime) {
+		this.policyUpdateTime = policyUpdateTime;
+	}
+	/**
+	 * @return the policies
+	 */
+	public List<RangerPolicy> getPolicies() {
+		return policies;
+	}
+	/**
+	 * @param policies the policies to set
+	 */
+	public void setPolicies(List<RangerPolicy> policies) {
+		this.policies = policies;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
new file mode 100644
index 0000000..e04ee15
--- /dev/null
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
@@ -0,0 +1,50 @@
+{
+  "id":2,
+  "name":"hbase",
+  "implClass":"org.apache.ranger.services.hbase.RangerServiceHBase",
+  "label":"HBase",
+  "description":"HBase",
+  "guid":"d6cea1f0-2509-4791-8fc1-7b092399ba3b",
+  "createTime":"20141208-22:50:22.426--0800",
+  "updateTime":"20141208-22:50:22.426--0800",
+  "version":1,
+  "enums":
+  [
+    {
+      "name":"authnType",
+      "elements":
+      [
+        {"name":"simple",  "label":"Simple"},
+        {"name":"kerberos","label":"Kerberos"}
+      ],
+      "defaultIndex":0
+    }
+  ],
+  "configs":
+  [
+    {"name":"username",                           "type":"string",  "subType":"",         "mandatory":true, "label":"Username"},
+    {"name":"password",                           "type":"password","subType":"",         "mandatory":true, "label":"Password"},
+    {"name":"hadoop.security.authentication",     "type":"enum",    "subType":"authnType","mandatory":true, "defaultValue":"simple"},
+    {"name":"hbase.master.kerberos.principal",    "type":"string",  "subType":"",         "mandatory":false,"defaultValue":""},
+    {"name":"hbase.security.authentication",      "type":"enum",    "subType":"authnType","mandatory":true, "defaultValue":"simple"},
+    {"name":"hbase.zookeeper.property.clientPort","type":"int",     "subType":"",         "mandatory":true, "defaultValue":"2181"},
+    {"name":"hbase.zookeeper.quorum",             "type":"string",  "subType":"",         "mandatory":true, "defaultValue":""},
+    {"name":"zookeeper.znode.parent",             "type":"string",  "subType":"",         "mandatory":true, "defaultValue":"/hbase"}
+  ],
+  "resources":
+  [
+    {"name":"table",        "type":"string","level":1,"parent":"",             "mandatory":true,"lookupSupported":true, "recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"},
+    {"name":"column-family","type":"string","level":2,"parent":"table",        "mandatory":true,"lookupSupported":true, "recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-family","description":"HBase Column-family"},
+    {"name":"column",       "type":"string","level":3,"parent":"column-family","mandatory":true,"lookupSupported":false,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"}
+  ],
+  "accessTypes":
+  [
+    {"name":"read",  "label":"Read"},
+    {"name":"write", "label":"Write"},
+    {"name":"create","label":"Create"},
+    {"name":"admin", "label":"Admin","impliedGrants":["read","write","create"]}
+  ],
+  "policyConditions":
+  [
+  ]
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
new file mode 100644
index 0000000..cf8f008
--- /dev/null
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
@@ -0,0 +1,60 @@
+{
+  "id":1,
+  "name":"hdfs",
+  "implClass":"org.apache.ranger.services.hdfs.RangerServiceHdfs",
+  "label":"HDFS Repository",
+  "description":"HDFS Repository",
+  "guid":"0d047247-bafe-4cf8-8e9b-d5d377284b2d",
+  "createTime":"20141208-22:04:25.233--0800",
+  "updateTime":"20141208-22:04:25.233--0800",
+  "version":1,
+  "enums":
+  [
+    {
+      "name":"authnType",
+      "elements":
+      [
+        {"name":"simple",  "label":"Simple"},
+        {"name":"kerberos","label":"Kerberos"}
+      ],
+      "defaultIndex":0
+    },
+    {
+      "name":"rpcProtection",
+      "elements":
+      [
+        {"name":"authentication","label":"Authentication"},
+        {"name":"integrity",     "label":"Integrity"},
+        {"name":"privacy",       "label":"Privacy"}
+      ],
+      "defaultIndex":0
+    },
+  ],
+  "configs":
+  [
+    {"name":"username",                                "type":"string",  "subType":"",             "mandatory":true, "label":"Username"},
+    {"name":"password",                                "type":"password","subType":"",             "mandatory":true, "label":"Password"},
+    {"name":"fs.default.name",                         "type":"string",  "subType":"",             "mandatory":true, "label":"Namenode URL"},
+    {"name":"hadoop.security.authorization",           "type":"bool",    "subType":"TrueFalse",    "mandatory":true, "defaultValue":"false"},
+    {"name":"hadoop.security.authentication",          "type":"enum",    "subType":"authnType",    "mandatory":true, "defaultValue":"simple"},
+    {"name":"hadoop.security.auth_to_local",           "type":"string",  "subType":"",             "mandatory":false},
+    {"name":"dfs.datanode.kerberos.principal",         "type":"string",  "subType":"",             "mandatory":false},
+    {"name":"dfs.namenode.kerberos.principal",          "type":"string", "subType":"",             "mandatory":false},
+    {"name":"dfs.secondary.namenode.kerberos.principal","type":"string", "subType":"",             "mandatory":false},
+    {"name":"hadoop.rpc.protection",                    "type":"enum",   "subType":"rpcProtection","mandatory":false,"defaultValue":"authentication"},
+    {"name":"certificate.cn",                           "type":"string", "subType":"",             "mandatory":false,"label":"Common Name for Certificate"}
+  ],
+  "resources":
+  [
+    {"name":"path","type":"path","level":1,"parent":"","mandatory":true,"lookupSupported":true,"recursiveSupported":true,"excludesSupported":false,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Resource Path","description":"HDFS file or directory path"}
+  ],
+  "accessTypes":
+  [
+    {"name":"read","label":"Read"},
+    {"name":"write","label":"Write"},
+    {"name":"execute","label":"Execute"}
+  ],
+  "policyConditions":
+  [
+  ]
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
new file mode 100644
index 0000000..6414fe3
--- /dev/null
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
@@ -0,0 +1,43 @@
+{
+  "id":3,
+  "name":"hive",
+  "implClass":"org.apache.ranger.services.hive.RangerServiceHive",
+  "label":"Hive Server2",
+  "description":"Hive Server2",
+  "guid":"3e1afb5a-184a-4e82-9d9c-87a5cacc243c",
+  "createTime":"20141208-22:51:20.732--0800",
+  "updateTime":"20141208-22:51:20.732--0800",
+  "version":1,
+  "enums":
+  [
+  ],
+  "configs":
+  [
+    {"name":"username",            "type":"string",  "mandatory":true, "label":"Username"},
+    {"name":"password",            "type":"password","mandatory":true, "label":"Password"},
+    {"name":"jdbc.driverClassName","type":"string",  "mandatory":true, "defaultValue":"org.apache.hive.jdbc.HiveDriver"},
+    {"name":"jdbc.url",            "type":"string",  "mandatory":true, "defaultValue":""},
+    {"name":"certificate.cn",      "type":"string",  "mandatory":false,"label":"Common Name for Certificate"}
+  ],
+  "resources":
+  [
+    {"name":"database","type":"string","level":1,"parent":"",        "mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"},
+    {"name":"table",   "type":"string","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"},
+    {"name":"udf",     "type":"string","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"},
+    {"name":"column",  "type":"string","level":3,"parent":"table",   "mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"}
+  ],
+  "accessTypes":
+  [
+    {"name":"select","label":"select"},
+    {"name":"update","label":"update"},
+    {"name":"create","label":"Create"},
+    {"name":"drop",  "label":"Drop"},
+    {"name":"alter", "label":"Alter"},
+    {"name":"index", "label":"Index"},
+    {"name":"lock",  "label":"Lock"},
+    {"name":"all",   "label":"All"}
+  ],
+  "policyConditions":
+  [
+  ]
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
new file mode 100644
index 0000000..f6a7157
--- /dev/null
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
@@ -0,0 +1,34 @@
+{
+  "id":5,
+  "name":"knox",
+  "implClass":"org.apache.ranger.services.knox.RangerServiceKnox",
+  "label":"Knox Gateway",
+  "description":"Knox Gateway",
+  "guid":"84b481b5-f23b-4f71-b8b6-ab33977149ca",
+  "createTime":"20141208-22:48:42.238--0800",
+  "updateTime":"20141208-22:48:42.238--0800",
+  "version":1,
+  "enums":
+  [
+  ],
+  "configs":
+  [
+    {"name":"username",      "type":"string",  "mandatory":true, "label":"Username"},
+    {"name":"password",      "type":"password","mandatory":true, "label":"Password"},
+    {"name":"knox.url",      "type":"string",  "mandatory":true, "defaultValue":""},
+    {"name":"certificate.cn","type":"string",  "mandatory":false,"label":"Common Name for Certificate"}
+  ],
+  "resources":
+  [
+    {"name":"topology","type":"string","level":1,"parent":"",        "mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Topology","description":"Knox Topology"},
+    {"name":"service", "type":"string","level":2,"parent":"topology","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Service","description":"Knox Service"}
+  ],
+  "accessTypes":
+  [
+    {"name":"allow","label":"Allow"}
+  ],
+  "policyConditions":
+  [
+    {"name":"ip-range","evaluator":"org.apache.ranger.knox.IpRangeCondition","evaluatorOptions":"","label":"IP Address Range","description":"IP Address Range"}
+  ]
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
new file mode 100644
index 0000000..fce10c0
--- /dev/null
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
@@ -0,0 +1,46 @@
+{
+  "id":6,
+  "name":"storm",
+  "implClass":"org.apache.ranger.services.storm.RangerServiceStorm",
+  "label":"Storm",
+  "description":"Storm",
+  "guid":"2a60f427-edcf-4e20-834c-a9a267b5b963",
+  "createTime":"20141208-22:55:47.095--0800",
+  "updateTime":"20141208-22:55:47.095--0800",
+  "version":1,
+  "enums":
+  [
+  ],
+  "configs":
+  [
+    {"name":"username",      "type":"string",  "mandatory":true, "label":"Username"},
+    {"name":"password",      "type":"password","mandatory":true, "label":"Password"},
+    {"name":"nimbus.url",    "type":"string",  "mandatory":true, "label":"Nimbus URL","defaultValue":""},
+    {"name":"certificate.cn","type":"string",  "mandatory":false,"label":"Common Name for Certificate"}
+  ],
+  "resources":
+  [
+    {"name":"topology","type":"string","level":1,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Storm Topology","description":"Storm Topology"}
+  ],
+  "accessTypes":
+  [
+    {"name":"topology-submit",      "label":"Submit Topology"},
+    {"name":"file-upload",          "label":"File Upload"},
+    {"name":"nimbus-conf-get",      "label":"Get Nimbus Conf"},
+    {"name":"cluster-conf-get",     "label":"Get Cluster Conf"},
+    {"name":"cluster-info-get",     "label":"Get Cluster Info"},
+    {"name":"file-download",        "label":"File Download"},
+    {"name":"topology-kill",        "label":"Kill Topology"},
+    {"name":"rebalance",            "label":"Rebalance"},
+    {"name":"activate",             "label":"Activate"},
+    {"name":"deactivate",           "label":"Deactivate"},
+    {"name":"topology-conf-get",    "label":"Get Topology Conf"},
+    {"name":"topology-get",         "label":"Get Topology"},
+    {"name":"topology-user-get",    "label":"Get User Topology"},
+    {"name":"topology-info-get",    "label":"Get Topology Info"},
+    {"name":"new-credential-upload","label":"Upload New Credential"}
+  ],
+  "policyConditions":
+  [
+  ]
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
new file mode 100644
index 0000000..f940c30
--- /dev/null
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import static org.junit.Assert.*;
+
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.lang.reflect.Type;
+import java.util.List;
+
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.policyengine.TestPolicyEngine.PolicyEngineTestCase.TestData;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonDeserializationContext;
+import com.google.gson.JsonDeserializer;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParseException;
+
+
+public class TestPolicyEngine {
+	static RangerPolicyEngineImpl policyEngine = null;
+	static Gson                   gsonBuilder  = null;
+
+
+	@BeforeClass
+	public static void setUpBeforeClass() throws Exception {
+		policyEngine = new RangerPolicyEngineImpl();
+		gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z")
+									   .setPrettyPrinting()
+									   .registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer())
+									   .registerTypeAdapter(RangerResource.class,  new RangerResourceDeserializer())
+									   .create();
+	}
+
+	@AfterClass
+	public static void tearDownAfterClass() throws Exception {
+	}
+
+	@Test
+	public void testPolicyEngine_hdfs() {
+		String[] hdfsTestResourceFiles = { "/policyengine/test_policyengine_hdfs.json" };
+
+		runTestsFromResourceFiles(hdfsTestResourceFiles);
+	}
+
+	@Test
+	public void testPolicyEngine_hive() {
+		String[] hiveTestResourceFiles = { "/policyengine/test_policyengine_hive.json" };
+
+		runTestsFromResourceFiles(hiveTestResourceFiles);
+	}
+
+	@Test
+	public void testPolicyEngine_hbase() {
+		String[] hbaseTestResourceFiles = { "/policyengine/test_policyengine_hbase.json" };
+
+		runTestsFromResourceFiles(hbaseTestResourceFiles);
+	}
+
+	private void runTestsFromResourceFiles(String[] resourceNames) {
+		for(String resourceName : resourceNames) {
+			InputStream       inStream = this.getClass().getResourceAsStream(resourceName);
+			InputStreamReader reader   = new InputStreamReader(inStream);
+
+			runTests(reader, resourceName);
+		}
+	}
+
+	private void runTests(InputStreamReader reader, String testName) {
+		try {
+			PolicyEngineTestCase testCase = gsonBuilder.fromJson(reader, PolicyEngineTestCase.class);
+
+			assertTrue("invalid input: " + testName, testCase != null && testCase.serviceDef != null && testCase.policies != null && testCase.tests != null);
+
+			policyEngine.setPolicies(testCase.serviceName, testCase.serviceDef, testCase.policies);
+
+			for(TestData test : testCase.tests) {
+				RangerAccessResult expected = test.result;
+				RangerAccessResult result   = policyEngine.isAccessAllowed(test.request, null);
+
+				assertNotNull(test.name, result);
+				assertEquals(test.name, expected.getIsAllowed(), result.getIsAllowed());
+				assertEquals(test.name, expected.getIsAudited(), result.getIsAudited());
+				assertEquals(test.name, expected.getPolicyId(), result.getPolicyId());
+			}
+		} catch(Throwable excp) {
+			excp.printStackTrace();
+		}
+		
+	}
+
+	static class PolicyEngineTestCase {
+		public String             serviceName;
+		public RangerServiceDef   serviceDef;
+		public List<RangerPolicy> policies;
+		public List<TestData>     tests;
+		
+		class TestData {
+			public String              name;
+			public RangerAccessRequest request;
+			public RangerAccessResult  result;
+		}
+	}
+	
+	static class RangerAccessRequestDeserializer implements JsonDeserializer<RangerAccessRequest> {
+		@Override
+		public RangerAccessRequest deserialize(JsonElement jsonObj, Type type,
+				JsonDeserializationContext context) throws JsonParseException {
+			return gsonBuilder.fromJson(jsonObj, RangerAccessRequestImpl.class);
+		}
+	}
+	
+	static class RangerResourceDeserializer implements JsonDeserializer<RangerResource> {
+		@Override
+		public RangerResource deserialize(JsonElement jsonObj, Type type,
+				JsonDeserializationContext context) throws JsonParseException {
+			return gsonBuilder.fromJson(jsonObj, RangerResourceImpl.class);
+		}
+	}
+}
+

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java b/agents-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java
new file mode 100644
index 0000000..4771085
--- /dev/null
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java
@@ -0,0 +1,248 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store;
+
+import static org.junit.Assert.*;
+
+import java.util.List;
+
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.store.ServiceStore;
+import org.apache.ranger.plugin.store.ServiceStoreFactory;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.plugin.util.ServicePolicies;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class TestServiceStore {
+	static ServiceStore svcStore = null;
+	static SearchFilter filter   = null;
+
+	static final String sdName      = "svcDef-unit-test-TestServiceStore";
+	static final String serviceName = "svc-unit-test-TestServiceStore";
+	static final String policyName  = "testPolicy-1";
+
+	@BeforeClass
+	public static void setupTest() throws Exception {
+		svcStore = ServiceStoreFactory.instance().getServiceStore();
+
+		// cleanup if the test service and service-def if they already exist
+		List<RangerService> services = svcStore.getServices(filter);
+		for(RangerService service : services) {
+			if(service.getName().startsWith(serviceName)) {
+				svcStore.deleteService(service.getId());
+			}
+		}
+
+		List<RangerServiceDef> serviceDefs = svcStore.getServiceDefs(filter);
+		for(RangerServiceDef serviceDef : serviceDefs) {
+			if(serviceDef.getName().startsWith(sdName)) {
+				svcStore.deleteServiceDef(serviceDef.getId());
+			}
+		}
+	}
+
+	@Test
+	public void testServiceStore() throws Exception {
+		String updatedName, updatedDescription;
+
+		List<RangerServiceDef> sds = svcStore.getServiceDefs(filter);
+
+		int initSdCount = sds == null ? 0 : sds.size();
+
+		RangerServiceDef sd = new RangerServiceDef(sdName, "org.apache.ranger.services.TestService", "TestService", "test servicedef description", null, null, null, null, null);
+
+		RangerServiceDef createdSd = svcStore.createServiceDef(sd);
+		assertNotNull("createServiceDef() failed", createdSd != null);
+
+		sds = svcStore.getServiceDefs(filter);
+		assertEquals("createServiceDef() failed", initSdCount + 1, sds == null ? 0 : sds.size());
+
+		updatedDescription = sd.getDescription() + ": updated";
+		createdSd.setDescription(updatedDescription);
+		RangerServiceDef updatedSd = svcStore.updateServiceDef(createdSd);
+		assertNotNull("updateServiceDef(updatedDescription) failed", updatedSd);
+		assertEquals("updateServiceDef(updatedDescription) failed", updatedDescription, updatedSd.getDescription());
+
+		sds = svcStore.getServiceDefs(filter);
+		assertEquals("updateServiceDef(updatedDescription) failed", initSdCount + 1, sds == null ? 0 : sds.size());
+
+		/*
+		updatedName = sd.getName() + "-Renamed";
+		updatedSd.setName(updatedName);
+		updatedSd = sdMgr.update(updatedSd);
+		assertNotNull("updateServiceDef(updatedName) failed", updatedSd);
+		assertEquals("updateServiceDef(updatedName) failed", updatedName, updatedSd.getName());
+
+		sds = getAllServiceDef();
+		assertEquals("updateServiceDef(updatedName) failed", initSdCount + 1, sds == null ? 0 : sds.size());
+		*/
+
+		List<RangerService> services = svcStore.getServices(filter);
+
+		int initServiceCount = services == null ? 0 : services.size();
+
+		RangerService svc = new RangerService(sdName, serviceName, "test service description", null);
+
+		RangerService createdSvc = svcStore.createService(svc);
+		assertNotNull("createService() failed", createdSvc);
+
+		services = svcStore.getServices(filter);
+		assertEquals("createServiceDef() failed", initServiceCount + 1, services == null ? 0 : services.size());
+
+		updatedDescription = createdSvc.getDescription() + ": updated";
+		createdSvc.setDescription(updatedDescription);
+		RangerService updatedSvc = svcStore.updateService(createdSvc);
+		assertNotNull("updateService(updatedDescription) failed", updatedSvc);
+		assertEquals("updateService(updatedDescription) failed", updatedDescription, updatedSvc.getDescription());
+
+		services = svcStore.getServices(filter);
+		assertEquals("updateService(updatedDescription) failed", initServiceCount + 1, services == null ? 0 : services.size());
+
+		updatedName = serviceName + "-Renamed";
+		updatedSvc.setName(updatedName);
+		updatedSvc = svcStore.updateService(updatedSvc);
+		assertNotNull("updateService(updatedName) failed", updatedSvc);
+		assertEquals("updateService(updatedName) failed", updatedName, updatedSvc.getName());
+
+		services = svcStore.getServices(filter);
+		assertEquals("updateService(updatedName) failed", initServiceCount + 1, services == null ? 0 : services.size());
+
+		List<RangerPolicy> policies = svcStore.getPolicies(filter);
+
+		int initPolicyCount = policies == null ? 0 : policies.size();
+
+		RangerPolicy policy = new RangerPolicy(updatedSvc.getName(), policyName, "test policy description", null, null);
+		policy.getResources().put("path", new RangerPolicyResource("/demo/test/finance", Boolean.FALSE, Boolean.TRUE));
+
+		RangerPolicyItem item1 = new RangerPolicyItem();
+		item1.getAccesses().add(new RangerPolicyItemAccess("read"));
+		item1.getAccesses().add(new RangerPolicyItemAccess("write"));
+		item1.getAccesses().add(new RangerPolicyItemAccess("execute"));
+		item1.getUsers().add("admin");
+		item1.getGroups().add("finance");
+
+		RangerPolicyItem item2 = new RangerPolicyItem();
+		item2.getAccesses().add(new RangerPolicyItemAccess("read"));
+		item2.getGroups().add("public");
+
+		policy.getPolicyItems().add(item1);
+		policy.getPolicyItems().add(item2);
+
+		RangerPolicy createdPolicy = svcStore.createPolicy(policy);
+		assertNotNull(createdPolicy);
+		assertNotNull(createdPolicy.getPolicyItems());
+		assertEquals(createdPolicy.getPolicyItems().size(), 2);
+
+		RangerPolicyItem createItem1 = createdPolicy.getPolicyItems().get(0);
+		RangerPolicyItem createItem2 = createdPolicy.getPolicyItems().get(1);
+
+		assertNotNull(createItem1.getAccesses());
+		assertEquals(createItem1.getAccesses().size(), 3);
+		assertNotNull(createItem1.getUsers());
+		assertEquals(createItem1.getUsers().size(), 1);
+		assertNotNull(createItem1.getGroups());
+		assertEquals(createItem1.getGroups().size(), 1);
+
+		assertNotNull(createItem2.getAccesses());
+		assertEquals(createItem2.getAccesses().size(), 1);
+		assertNotNull(createItem2.getUsers());
+		assertEquals(createItem2.getUsers().size(), 0);
+		assertNotNull(createItem2.getGroups());
+		assertEquals(createItem2.getGroups().size(), 1);
+
+		policies = svcStore.getPolicies(filter);
+		assertEquals("createPolicy() failed", initPolicyCount + 1, policies == null ? 0 : policies.size());
+
+		updatedDescription = policy.getDescription() + ":updated";
+		createdPolicy.setDescription(updatedDescription);
+		RangerPolicy updatedPolicy = svcStore.updatePolicy(createdPolicy);
+		assertNotNull("updatePolicy(updatedDescription) failed", updatedPolicy != null);
+
+		policies = svcStore.getPolicies(filter);
+		assertEquals("updatePolicy(updatedDescription) failed", initPolicyCount + 1, policies == null ? 0 : policies.size());
+
+		updatedName = policyName + "-Renamed";
+		updatedPolicy.setName(updatedName);
+		updatedPolicy = svcStore.updatePolicy(updatedPolicy);
+		assertNotNull("updatePolicy(updatedName) failed", updatedPolicy);
+
+		policies = svcStore.getPolicies(filter);
+		assertEquals("updatePolicy(updatedName) failed", initPolicyCount + 1, policies == null ? 0 : policies.size());
+
+		// rename the service; all the policies for this service should reflect the new service name
+		updatedName = serviceName + "-Renamed2";
+		updatedSvc.setName(updatedName);
+		updatedSvc = svcStore.updateService(updatedSvc);
+		assertNotNull("updateService(updatedName2) failed", updatedSvc);
+		assertEquals("updateService(updatedName2) failed", updatedName, updatedSvc.getName());
+
+		services = svcStore.getServices(filter);
+		assertEquals("updateService(updatedName2) failed", initServiceCount + 1, services == null ? 0 : services.size());
+
+		updatedPolicy = svcStore.getPolicy(createdPolicy.getId());
+		assertNotNull("updateService(updatedName2) failed", updatedPolicy);
+		assertEquals("updateService(updatedName2) failed", updatedPolicy.getService(), updatedSvc.getName());
+
+		ServicePolicies svcPolicies = svcStore.getServicePoliciesIfUpdated(updatedSvc.getName(), 0l);
+		assertNotNull("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies);
+		assertNotNull("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicies());
+		assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getServiceName(), updatedSvc.getName());
+		assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getServiceId(), updatedSvc.getId());
+		assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicyVersion(), updatedSvc.getPolicyVersion());
+		assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicyUpdateTime(), updatedSvc.getPolicyUpdateTime());
+		assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getServiceDef().getId(), updatedSd.getId());
+		assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicies().size(), 1);
+		assertEquals("getServicePolicies(" + updatedSvc.getName() + ") failed", svcPolicies.getPolicies().get(0).getName(), updatedPolicy.getName());
+
+		ServicePolicies updatedPolicies = svcStore.getServicePoliciesIfUpdated(updatedSvc.getName(), svcPolicies.getPolicyVersion());
+		assertNotNull(updatedPolicies);
+		assertEquals(0, updatedPolicies.getPolicies().size());
+
+		filter = new SearchFilter();
+		filter.setParam(SearchFilter.POLICY_NAME, policyName);
+		policies = svcStore.getPolicies(filter);
+		assertEquals("getPolicies(filter=origPolicyName) failed", 0, policies == null ? 0 : policies.size());
+		filter = null;
+
+		filter = new SearchFilter();
+		filter.setParam(SearchFilter.POLICY_NAME, updatedPolicy.getName());
+		policies = svcStore.getPolicies(filter);
+		assertEquals("getPolicies(filter=origPolicyName) failed", 1, policies == null ? 0 : policies.size());
+		filter = null;
+
+		svcStore.deletePolicy(policy.getId());
+		policies = svcStore.getPolicies(filter);
+		assertEquals("deletePolicy() failed", initPolicyCount, policies == null ? 0 : policies.size());
+
+		svcStore.deleteService(svc.getId());
+		services = svcStore.getServices(filter);
+		assertEquals("deleteService() failed", initServiceCount, services == null ? 0 : services.size());
+
+		svcStore.deleteServiceDef(sd.getId());
+		sds = svcStore.getServiceDefs(filter);
+		assertEquals("deleteServiceDef() failed", initSdCount, sds == null ? 0 : sds.size());
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/test/java/org/apache/ranger/plugin/util/TestPolicyRefresher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/util/TestPolicyRefresher.java b/agents-common/src/test/java/org/apache/ranger/plugin/util/TestPolicyRefresher.java
new file mode 100644
index 0000000..4cf7e3c
--- /dev/null
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/util/TestPolicyRefresher.java
@@ -0,0 +1,183 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+import static org.junit.Assert.*;
+
+import java.util.List;
+
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl;
+import org.apache.ranger.plugin.store.ServiceStore;
+import org.apache.ranger.plugin.store.ServiceStoreFactory;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+
+public class TestPolicyRefresher {
+	static RangerPolicyEngineImpl policyEngine = null;
+	static ServiceStore           svcStore     = null;
+	static PolicyRefresher        refresher    = null;
+
+	static final long   pollingIntervalInMs = 5 * 1000;
+	static final long   sleepTimeInMs       = pollingIntervalInMs + (5 * 1000);
+	static final String sdName              = "hbase";
+	static final String svcName             = "svc-unit-test-TestPolicyRefresher";
+
+	static RangerService svc     = null;
+	static RangerPolicy  policy1 = null;
+	static RangerPolicy  policy2 = null;
+
+	static boolean       isPolicyRefreshed = false;
+	static long          policyCount       = 0;
+
+
+	/**
+	 * @throws java.lang.Exception
+	 */
+	@BeforeClass
+	public static void setUpBeforeClass() throws Exception {
+		svcStore = ServiceStoreFactory.instance().getServiceStore();
+		
+		// cleanup if the test service already exists
+		svc = svcStore.getServiceByName(svcName);
+		if(svc != null) {
+			svcStore.deleteService(svc.getId());
+		}
+
+		policyEngine = new RangerPolicyEngineImpl() {
+			@Override
+			public void setPolicies(String serviceName, RangerServiceDef serviceDef, List<RangerPolicy> policies) {
+				isPolicyRefreshed = true;
+				policyCount       = policies != null ? policies.size() : 0;
+				
+				super.setPolicies(serviceName, serviceDef, policies);
+			}
+		};
+
+		refresher = new PolicyRefresher(policyEngine, sdName, svcName, svcStore, pollingIntervalInMs, null);
+		refresher.start();
+
+		// create a service
+		svc = new RangerService(sdName, svcName, "test service description", null);
+
+		svc = svcStore.createService(svc);
+		assertNotNull("createService(" + svcName + ") failed", svc);
+	}
+
+	/**
+	 * @throws java.lang.Exception
+	 */
+	@AfterClass
+	public static void tearDownAfterClass() throws Exception {
+		if(refresher != null) {
+			refresher.stopRefresher();
+		}
+
+		if(svcStore != null) {
+			if(policy1 != null) {
+				svcStore.deletePolicy(policy1.getId());
+			}
+	
+			if(policy2 != null) {
+				svcStore.deletePolicy(policy2.getId());
+			}
+	
+			if(svc != null) {
+				svcStore.deleteService(svc.getId());
+			}
+		}
+	}
+
+	@Test
+	public void testRefresher() throws Exception {
+		assertEquals("policy count - initial", 0, policyCount);
+
+		RangerPolicy policy = new RangerPolicy(svc.getName(), "policy1", "test policy description", null, null);
+		policy.getResources().put("table", new RangerPolicyResource("employee", Boolean.FALSE, Boolean.TRUE));
+		policy.getResources().put("column-family", new RangerPolicyResource("personal", Boolean.FALSE, Boolean.TRUE));
+		policy.getResources().put("column", new RangerPolicyResource("ssn", Boolean.FALSE, Boolean.TRUE));
+
+		RangerPolicyItem item1 = new RangerPolicyItem();
+		item1.getAccesses().add(new RangerPolicyItemAccess("admin"));
+		item1.getUsers().add("admin");
+		item1.getGroups().add("hr");
+
+		RangerPolicyItem item2 = new RangerPolicyItem();
+		item2.getAccesses().add(new RangerPolicyItemAccess("read"));
+		item2.getGroups().add("public");
+
+		policy.getPolicyItems().add(item1);
+		policy.getPolicyItems().add(item2);
+
+		policy1 = svcStore.createPolicy(policy);
+
+		policy = new RangerPolicy(svc.getName(), "policy2", "test policy description", null, null);
+		policy.getResources().put("table", new RangerPolicyResource("employee", Boolean.FALSE, Boolean.TRUE));
+		policy.getResources().put("column-family", new RangerPolicyResource("finance", Boolean.FALSE, Boolean.TRUE));
+		policy.getResources().put("column", new RangerPolicyResource("balance", Boolean.FALSE, Boolean.TRUE));
+
+		item1 = new RangerPolicyItem();
+		item1.getAccesses().add(new RangerPolicyItemAccess("admin"));
+		item1.getUsers().add("admin");
+		item1.getGroups().add("finance");
+
+		policy.getPolicyItems().add(item1);
+
+		policy2 = svcStore.createPolicy(policy);
+
+		Thread.sleep(sleepTimeInMs);
+		assertTrue("policy refresh - after two new policies", isPolicyRefreshed);
+		assertEquals("policy count - after two new policies", 2, policyCount);
+		isPolicyRefreshed = false;
+
+		Thread.sleep(sleepTimeInMs);
+		assertFalse("policy refresh - after no new policies", isPolicyRefreshed);
+		assertEquals("policy count - after no new policies", 2, policyCount);
+		isPolicyRefreshed = false;
+
+		item2 = new RangerPolicyItem();
+		item2.getAccesses().add(new RangerPolicyItemAccess("read"));
+		item2.getGroups().add("public");
+		policy2.getPolicyItems().add(item2);
+
+		policy2 = svcStore.updatePolicy(policy2);
+
+		Thread.sleep(sleepTimeInMs);
+		assertTrue("policy refresh - after update policy", isPolicyRefreshed);
+		assertEquals("policy count - after update policy", 2, policyCount);
+		isPolicyRefreshed = false;
+
+		svcStore.deletePolicy(policy2.getId());
+
+		Thread.sleep(sleepTimeInMs);
+		assertTrue("policy refresh - after delete policy", isPolicyRefreshed);
+		assertEquals("policy count - after delete policy", 1, policyCount);
+		isPolicyRefreshed = false;
+		policy2 = null;
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json b/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json
new file mode 100644
index 0000000..35768cb
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json
@@ -0,0 +1,159 @@
+{
+  "serviceName":"hbasedev",
+
+  "serviceDef":{
+    "name":"hbase",
+    "id":2,
+    "resources":[
+      {"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"},
+      {"name":"column-family","level":2,"table":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-Family","description":"HBase Column-Family"},
+      {"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"}
+    ],
+    "accessTypes":[
+      {"name":"read","label":"Read"},
+      {"name":"write","label":"Write"},
+      {"name":"create","label":"Create"},
+      {"name":"admin","label":"Admin","impliedGrants":["read","write","create"]}
+    ]
+  },
+
+  "policies":[
+    {"id":1,"name":"table=finance; column-family=restricted*: audit-all-access","isEnabled":true,"isAuditEnabled":true,
+     "resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}},
+     "policyItems":[
+       {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
+     ]
+    }
+    ,
+    {"id":2,"name":"table=finance; column-family=restricted*","isEnabled":true,"isAuditEnabled":true,
+     "resources":{"table":{"values":["finance"]},"column-family":{"values":["restricted*"]}},
+     "policyItems":[
+       {"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false}
+       ,
+       {"accesses":[{"type":"admin","isAllowed":true}],"users":[],"groups":["finance-admin"],"delegateAdmin":true}
+     ]
+    }
+    ,
+    {"id":3,"name":"table=*; column-family=<excluding>restricted*","isEnabled":true,"isAuditEnabled":false,
+     "resources":{"table":{"values":["*"]},"column-family":{"values":["restricted*"],"isExcludes":true}},
+     "policyItems":[
+       {"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false}
+     ]
+    }
+  ],
+
+  "tests":[
+    {"name":"ALLOW 'scan finance restricted-cf;' for finance",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+      "accessType":"read","user":"user1","userGroups":["users","finance"],"requestData":"scan finance restricted-cf"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"ALLOW 'put finance restricted-cf;' for finance",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+      "accessType":"write","user":"user1","userGroups":["users","finance"],"requestData":"put finance restricted-cf"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"DENY 'create finance restricted-cf;' for finance",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+      "accessType":"create","user":"user1","userGroups":["users","finance"],"requestData":"create finance restricted-cf"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'grant finance restricted-cf;' for finance",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+      "accessType":"admin","user":"user1","userGroups":["users","finance"],"requestData":"grant finance restricted-cf"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'scan finance restricted-cf;' for user1",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+      "accessType":"read","user":"user1","userGroups":["users"],"requestData":"scan finance restricted-cf"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'put finance restricted-cf;' for user1",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+      "accessType":"write","user":"user1","userGroups":["users"],"requestData":"put finance restricted-cf"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'create finance restricted-cf;' for user1",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+      "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create finance restricted-cf"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'grant finance restricted-cf;' for user1",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+      "accessType":"admin","user":"user1","userGroups":["users"],"requestData":"grant finance restricted-cf"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"ALLOW 'scan finance restricted-cf;' for finance-admin",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+      "accessType":"read","user":"user1","userGroups":["users","finance-admin"],"requestData":"scan finance restricted-cf"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"ALLOW 'put finance restricted-cf;' for finance-admin",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+      "accessType":"write","user":"user1","userGroups":["users","finance-admin"],"requestData":"put finance restricted-cf"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"ALLOW 'create finance restricted-cf;' for finance-admin",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+      "accessType":"create","user":"user1","userGroups":["users","finance-admin"],"requestData":"create finance restricted-cf"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"ALLOW 'grant finance restricted-cf;' for finance-admin",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"restricted-cf"}},
+      "accessType":"admin","user":"user1","userGroups":["users","finance-admin"],"requestData":"grant finance restricted-cf"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"ALLOW 'scan finance regular-cf;' for user1",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"regular-cf"}},
+      "accessType":"read","user":"user1","userGroups":["users"],"requestData":"scan finance regular-cf"
+     },
+     "result":{"isAudited":false,"isAllowed":true,"policyId":3}
+    }
+    ,
+    {"name":"DENY 'put finance regular-cf;' for user1",
+     "request":{
+      "resource":{"elements":{"table":"finance","column-family":"regular-cf"}},
+      "accessType":"write","user":"user1","userGroups":["users"],"requestData":"put finance regular-cf"
+     },
+     "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
+    }
+  ]
+}
+

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
new file mode 100644
index 0000000..943fe80
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
@@ -0,0 +1,156 @@
+{
+  "serviceName":"hdfsdev",
+
+  "serviceDef":{
+    "name":"hdfs",
+    "id":1,
+    "resources":[
+    {"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Resource Path","description":"HDFS file or directory path"}
+    ],
+    "accessTypes":[
+      {"name":"read","label":"Read"},
+      {"name":"write","label":"Write"},
+      {"name":"execute","label":"Execute"}
+    ]
+  },
+
+  "policies":[
+    {"id":1,"name":"audit-all-access under /finance/restricted/","isEnabled":true,"isAuditEnabled":true,
+     "resources":{"path":{"values":["/finance/restricted/"],"isRecursive":true}},
+     "policyItems":[
+       {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
+     ]
+    }
+    ,
+    {"id":2,"name":"allow-read-to-all under /public/","isEnabled":true,"isAuditEnabled":false,
+     "resources":{"path":{"values":["/public/"],"isRecursive":true}},
+     "policyItems":[
+       {"accesses":[{"type":"read","isAllowed":true},{"type":"execute","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false}
+     ]
+    }
+    ,
+    {"id":3,"name":"allow-read-to-finance under /finance/restricted","isEnabled":true,"isAuditEnabled":true,
+     "resources":{"path":{"values":["/finance/restricted"],"isRecursive":true}},
+     "policyItems":[
+       {"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false}
+     ]
+    }
+  ],
+
+  "tests":[
+    {"name":"ALLOW 'read /finance/restricted/sales.db' for g=finance",
+     "request":{
+      "resource":{"elements":{"path":"/finance/restricted/sales.db"}},
+      "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/sales.db"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":3}
+    }
+    ,
+    {"name":"ALLOW 'read /finance/restricted/hr/payroll.db' for g=finance",
+     "request":{
+      "resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
+      "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/hr/payroll.db"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":3}
+    }
+    ,
+    {"name":"DENY 'read /operations/visitors.db' for g=finance",
+     "request":{
+      "resource":{"elements":{"path":"/operations/visitors.db"}},
+      "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /operations/visitors.db"
+     },
+     "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"ALLOW 'read /public/technology/blogs.db' for g=finance",
+     "request":{
+      "resource":{"elements":{"path":"/public/technology/blogs.db"}},
+      "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /public/technology/blogs.db"
+     },
+     "result":{"isAudited":false,"isAllowed":true,"policyId":2}
+    }
+    ,
+
+    {"name":"DENY 'read /finance/restricted/sales.db' for g=hr",
+     "request":{
+      "resource":{"elements":{"path":"/finance/restricted/sales.db"}},
+      "accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /finance/restricted/sales.db"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"FALSE 'read /finance/restricted/hr/payroll.db' for g=hr",
+     "request":{
+      "resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
+      "accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /finance/restricted/hr/payroll.db"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'read /operations/visitors.db' for g=hr",
+     "request":{
+      "resource":{"elements":{"path":"/operations/visitors.db"}},
+      "accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /operations/visitors.db"
+     },
+     "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"ALLOW 'read /public/technology/blogs.db' for g=hr",
+     "request":{
+      "resource":{"elements":{"path":"/public/technology/blogs.db"}},
+      "accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /public/technology/blogs.db"
+     },
+     "result":{"isAudited":false,"isAllowed":true,"policyId":2}
+    }
+    ,
+
+    {"name":"DENY 'read /finance/restricted/sales.db' for u=user1",
+     "request":{
+      "resource":{"elements":{"path":"/finance/restricted/sales.db"}},
+      "accessType":"read","user":"user1","userGroups":[],"requestData":"read /finance/restricted/sales.db"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'read /finance/restricted/hr/payroll.db' for u=user1",
+     "request":{
+      "resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
+      "accessType":"read","user":"user1","userGroups":[],"requestData":"read /finance/restricted/hr/payroll.db"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'read /operations/visitors.db' for u=user1",
+     "request":{
+      "resource":{"elements":{"path":"/operations/visitors.db"}},
+      "accessType":"read","user":"user1","userGroups":[],"requestData":"read /operations/visitors.db"
+     },
+     "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"ALLOW 'read /public/technology/blogs.db' for u=user1",
+     "request":{
+      "resource":{"elements":{"path":"/public/technology/blogs.db"}},
+      "accessType":"read","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
+     },
+     "result":{"isAudited":false,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"ALLOW 'read /public/technology' for u=user1",
+     "request":{
+      "resource":{"elements":{"path":"/public/technology/blogs.db"}},
+      "accessType":"read","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
+     },
+     "result":{"isAudited":false,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"ALLOW 'read /public/technology' for u=user1",
+     "request":{
+      "resource":{"elements":{"path":"/public/technology/blogs.db"}},
+      "accessType":"execute","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
+     },
+     "result":{"isAudited":false,"isAllowed":true,"policyId":2}
+    }
+  ]
+}
+

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-common/src/test/resources/policyengine/test_policyengine_hive.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hive.json b/agents-common/src/test/resources/policyengine/test_policyengine_hive.json
new file mode 100644
index 0000000..2ac90ae
--- /dev/null
+++ b/agents-common/src/test/resources/policyengine/test_policyengine_hive.json
@@ -0,0 +1,261 @@
+{
+  "serviceName":"hivedev",
+
+  "serviceDef":{
+    "name":"hive",
+    "id":3,
+    "resources":[
+      {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"},
+      {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"},
+      {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"},
+      {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"}
+    ],
+    "accessTypes":[
+      {"name":"select","label":"Select"},
+      {"name":"update","label":"Update"},
+      {"name":"create","label":"Create"},
+      {"name":"drop","label":"Drop"},
+      {"name":"alter","label":"Alter"},
+      {"name":"index","label":"Index"},
+      {"name":"lock","label":"Lock"},
+      {"name":"all","label":"All"}
+    ]
+  },
+
+  "policies":[
+    {"id":1,"name":"db=default: audit-all-access","isEnabled":true,"isAuditEnabled":true,
+     "resources":{"database":{"values":["default"]},"table":{"values":["*"]},"column":{"values":["*"]}},
+     "policyItems":[
+       {"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
+     ]
+    }
+    ,
+    {"id":2,"name":"db=default; table=test*; column=*","isEnabled":true,"isAuditEnabled":true,
+     "resources":{"database":{"values":["default"]},"table":{"values":["test*"]},"column":{"values":["*"]}},
+     "policyItems":[
+       {"accesses":[{"type":"select","isAllowed":true}],"users":["user1","user2"],"groups":["group1","group2"],"delegateAdmin":false}
+       ,
+       {"accesses":[{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true}],"users":["admin"],"groups":["admin"],"delegateAdmin":true}
+     ]
+    }
+  ],
+
+  "tests":[
+    {"name":"ALLOW 'use default;' for user1",
+     "request":{
+      "resource":{"elements":{"database":"default"}},
+      "accessType":"","user":"user1","userGroups":["users"],"requestData":"use default"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"ALLOW 'use default;' for user2",
+     "request":{
+      "resource":{"elements":{"database":"default"}},
+      "accessType":"","user":"user2","userGroups":["users"],"requestData":"use default"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"DENY 'use default;' to user3",
+     "request":{
+      "resource":{"elements":{"database":"default"}},
+      "accessType":"","user":"user3","userGroups":["users"],"requestData":"use default"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"ALLOW 'use default;' to group1",
+     "request":{
+      "resource":{"elements":{"database":"default"}},
+      "accessType":"","user":"user3","userGroups":["users", "group1"],"requestData":"use default"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"ALLOW 'use default;' to group2",
+     "request":{
+      "resource":{"elements":{"database":"default"}},
+      "accessType":"","user":"user3","userGroups":["users", "group2"],"requestData":"use default"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"DENY 'use default;' to user3/group3",
+     "request":{
+      "resource":{"elements":{"database":"default"}},
+      "accessType":"","user":"user3","userGroups":["users", "group3"],"requestData":"use default"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'use finance;' to user3/group3",
+     "request":{
+      "resource":{"elements":{"database":"finance"}},
+      "accessType":"","user":"user1","userGroups":["users"],"requestData":"use finance"
+     },
+     "result":{"isAudited":false,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"ALLOW 'select col1 from default.testtable;' to user1",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+      "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.testtable"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"ALLOW 'select col1 from default.testtable;' to user2",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+      "accessType":"select","user":"user2","userGroups":["users"],"requestData":"select col1 from default.testtable"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"DENY 'select col1 from default.testtable;' to user3",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+      "accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.testtable"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"ALLOW 'select col1 from default.testtable;' to group1",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+      "accessType":"select","user":"user3","userGroups":["users","group1"],"requestData":"select col1 from default.testtable"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"ALLOW 'select col1 from default.testtable;' to group2",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+      "accessType":"select","user":"user3","userGroups":["users","group2"],"requestData":"select col1 from default.testtable"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"DENY 'select col1 from default.testtable;' to user3/group3",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable","column":"col1"}},
+      "accessType":"select","user":"user3","userGroups":["users","group3"],"requestData":"select col1 from default.testtable"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'select col1 from default.table1;' to user1",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
+      "accessType":"select","user":"user1","userGroups":["users"],"requestData":"select col1 from default.table1"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'create table default.testtable1;' to user1",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable1"}},
+      "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'create table default.testtable1;' to user1/group1",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable1"}},
+      "accessType":"create","user":"user1","userGroups":["users","group1"],"requestData":"create table default.testtable1"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"ALLOW 'create table default.testtable1;' to admin",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable1"}},
+      "accessType":"create","user":"admin","userGroups":["users"],"requestData":"create table default.testtable1"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"ALLOW 'create table default.testtable1;' to user1/admin",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable1"}},
+      "accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+     ,
+    {"name":"DENY 'drop table default.testtable1;' to user1",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable1"}},
+      "accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'drop table default.testtable1;' to user1/group1",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable1"}},
+      "accessType":"drop","user":"user1","userGroups":["users","group1"],"requestData":"drop table default.testtable1"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"ALLOW 'drop table default.testtable1;' to admin",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable1"}},
+      "accessType":"drop","user":"admin","userGroups":["users"],"requestData":"drop table default.testtable1"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"ALLOW 'drop table default.testtable1;' to user1/admin",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"testtable1"}},
+      "accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
+     },
+     "result":{"isAudited":true,"isAllowed":true,"policyId":2}
+    }
+    ,
+    {"name":"DENY 'create table default.table1;' to user1",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"table1"}},
+      "accessType":"create","user":"user1","userGroups":["users"],"requestData":"create table default.testtable1"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'create table default.table1;' to user1/admin",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"table1"}},
+      "accessType":"create","user":"user1","userGroups":["users","admin"],"requestData":"create table default.testtable1"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'drop table default.table1;' to user1",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"table1"}},
+      "accessType":"drop","user":"user1","userGroups":["users"],"requestData":"drop table default.testtable1"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'drop table default.table1;' to user1/admin",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"table1"}},
+      "accessType":"drop","user":"user1","userGroups":["users","admin"],"requestData":"drop table default.testtable1"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+    ,
+    {"name":"DENY 'select col1 from default.table1;' to user3",
+     "request":{
+      "resource":{"elements":{"database":"default","table":"table1","column":"col1"}},
+      "accessType":"select","user":"user3","userGroups":["users"],"requestData":"select col1 from default.table1"
+     },
+     "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
+    }
+  ]
+}
+

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/agents-impl/.gitignore
----------------------------------------------------------------------
diff --git a/agents-impl/.gitignore b/agents-impl/.gitignore
index 0f63015..20e1ada 100644
--- a/agents-impl/.gitignore
+++ b/agents-impl/.gitignore
@@ -1,2 +1,3 @@
 /target/
 /bin/
+/target

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/hbase-agent/pom.xml
----------------------------------------------------------------------
diff --git a/hbase-agent/pom.xml b/hbase-agent/pom.xml
index 2749ca4..2fee01f 100644
--- a/hbase-agent/pom.xml
+++ b/hbase-agent/pom.xml
@@ -53,11 +53,6 @@
       <version>${project.version}</version>
     </dependency>
     <dependency>
-      <groupId>org.apache.ranger</groupId>
-      <artifactId>plugin-common</artifactId>
-      <version>${project.version}</version>
-    </dependency>
-    <dependency>
       <groupId>com.google.code.gson</groupId>
       <artifactId>gson</artifactId>
       <version>${gson.version}</version>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/hdfs-agent/pom.xml
----------------------------------------------------------------------
diff --git a/hdfs-agent/pom.xml b/hdfs-agent/pom.xml
index 5867ac8..db0fbee 100644
--- a/hdfs-agent/pom.xml
+++ b/hdfs-agent/pom.xml
@@ -75,11 +75,6 @@
 		<groupId>org.mockito</groupId>
 		<artifactId>mockito-core</artifactId>
 	</dependency>
-	<dependency>
-		<groupId>org.apache.ranger</groupId>
-		<artifactId>plugin-common</artifactId>
-		<version>${project.version}</version>
-	</dependency>
   </dependencies>
   <build>
 	<!--

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/hive-agent/pom.xml
----------------------------------------------------------------------
diff --git a/hive-agent/pom.xml b/hive-agent/pom.xml
index c6d41be..1b19025 100644
--- a/hive-agent/pom.xml
+++ b/hive-agent/pom.xml
@@ -108,10 +108,5 @@
       <artifactId>ranger-plugins-audit</artifactId>
       <version>${project.version}</version>
     </dependency>
-    <dependency>
-    	<groupId>org.apache.ranger</groupId>
-    	<artifactId>plugin-common</artifactId>
-    	<version>${project.version}</version>
-    </dependency>
   </dependencies>
 </project>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/jisql/.gitignore
----------------------------------------------------------------------
diff --git a/jisql/.gitignore b/jisql/.gitignore
new file mode 100644
index 0000000..798e8dd
--- /dev/null
+++ b/jisql/.gitignore
@@ -0,0 +1,4 @@
+/target/
+/bin/
+/bin/
+/target

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/lookup-client/.gitignore
----------------------------------------------------------------------
diff --git a/lookup-client/.gitignore b/lookup-client/.gitignore
index 0f63015..20e1ada 100644
--- a/lookup-client/.gitignore
+++ b/lookup-client/.gitignore
@@ -1,2 +1,3 @@
 /target/
 /bin/
+/target

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java b/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java
deleted file mode 100644
index 45a63c2..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.audit;
-
-import java.util.Collection;
-
-import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-
-
-public interface RangerAuditHandler {
-	void logAudit(RangerAccessResult result);
-
-	void logAudit(Collection<RangerAccessResult> results);
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java b/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
deleted file mode 100644
index feb6e98..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
+++ /dev/null
@@ -1,231 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.audit;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.audit.model.AuthzAuditEvent;
-import org.apache.ranger.audit.provider.AuditProviderFactory;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerResource;
-
-
-public class RangerDefaultAuditHandler implements RangerAuditHandler {
-	private static final Log LOG = LogFactory.getLog(RangerDefaultAuditHandler.class);
-
-	private static final String RESOURCE_SEP = "/";
-
-
-	public RangerDefaultAuditHandler() {
-	}
-
-	@Override
-	public void logAudit(RangerAccessResult result) {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + result + ")");
-		}
-
-		AuthzAuditEvent event = getAuthzEvents(result);
-
-		logAuthzAudit(event);
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + result + ")");
-		}
-	}
-
-	@Override
-	public void logAudit(Collection<RangerAccessResult> results) {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + results + ")");
-		}
-
-		Collection<AuthzAuditEvent> events = getAuthzEvents(results);
-
-		logAuthzAudits(events);
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + results + ")");
-		}
-	}
-
-
-	public AuthzAuditEvent getAuthzEvents(RangerAccessResult result) {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerDefaultAuditHandler.getAuthzEvents(" + result + ")");
-		}
-
-		AuthzAuditEvent ret = null;
-
-		RangerAccessRequest request = result != null ? result.getAccessRequest() : null;
-
-		if(request != null && result != null && result.getIsAudited()) {
-			RangerServiceDef serviceDef   = result.getServiceDef();
-			String           resourceType = getResourceName(request.getResource(), serviceDef);
-			String           resourcePath = getResourceValueAsString(request.getResource(), serviceDef);
-
-			ret = createAuthzAuditEvent();
-
-			ret.setRepositoryName(result.getServiceName());
-			ret.setRepositoryType(result.getServiceType());
-			ret.setResourceType(resourceType);
-			ret.setResourcePath(resourcePath);
-			ret.setRequestData(request.getRequestData());
-			ret.setEventTime(request.getAccessTime());
-			ret.setUser(request.getUser());
-			ret.setAccessType(request.getAction());
-			ret.setAccessResult((short)(result.getIsAllowed() ? 1 : 0));
-			ret.setPolicyId(result.getPolicyId());
-			ret.setAclEnforcer("ranger-acl"); // TODO: review
-			ret.setAction(request.getAccessType());
-			ret.setClientIP(request.getClientIPAddress());
-			ret.setClientType(request.getClientType());
-			ret.setAgentHostname(null);
-			ret.setAgentId(null);
-			ret.setEventId(null);
-		}
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerDefaultAuditHandler.getAuthzEvents(" + result + "): " + ret);
-		}
-
-		return ret;
-	}
-
-	public Collection<AuthzAuditEvent> getAuthzEvents(Collection<RangerAccessResult> results) {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerDefaultAuditHandler.getAuthzEvents(" + results + ")");
-		}
-
-		List<AuthzAuditEvent> ret = null;
-
-		if(results != null) {
-			// TODO: optimize the number of audit logs created
-			for(RangerAccessResult result : results) {
-				AuthzAuditEvent event = getAuthzEvents(result);
-
-				if(event == null) {
-					continue;
-				}
-
-				if(ret == null) {
-					ret = new ArrayList<AuthzAuditEvent>();
-				}
-
-				ret.add(event);
-			}
-		}
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerDefaultAuditHandler.getAuthzEvents(" + results + "): " + ret);
-		}
-
-		return ret;
-	}
-
-	public void logAuthzAudit(AuthzAuditEvent auditEvent) {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerDefaultAuditHandler.logAuthzAudit(" + auditEvent + ")");
-		}
-
-		if(auditEvent != null) {
-			AuditProviderFactory.getAuditProvider().log(auditEvent);
-		}
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerDefaultAuditHandler.logAuthzAudit(" + auditEvent + ")");
-		}
-	}
-
-	public void logAuthzAudits(Collection<AuthzAuditEvent> auditEvents) {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerDefaultAuditHandler.logAuthzAudits(" + auditEvents + ")");
-		}
-
-		if(auditEvents != null) {
-			for(AuthzAuditEvent auditEvent : auditEvents) {
-				logAuthzAudit(auditEvent);
-			}
-		}
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerDefaultAuditHandler.logAuthzAudits(" + auditEvents + ")");
-		}
-	}
-
-	public AuthzAuditEvent createAuthzAuditEvent() {
-		return new AuthzAuditEvent();
-	}
-
-	public String getResourceName(RangerResource resource, RangerServiceDef serviceDef) {
-		String ret = null;
-
-		if(resource != null && serviceDef != null && serviceDef.getResources() != null) {
-			List<RangerResourceDef> resourceDefs = serviceDef.getResources();
-
-			for(int idx = resourceDefs.size() - 1; idx >= 0; idx--) {
-				RangerResourceDef resourceDef = resourceDefs.get(idx);
-
-				if(resourceDef == null || !resource.exists(resourceDef.getName())) {
-					continue;
-				}
-
-				ret = resourceDef.getName();
-
-				break;
-			}
-		}
-		
-		return ret;
-	}
-
-	public String getResourceValueAsString(RangerResource resource, RangerServiceDef serviceDef) {
-		String ret = null;
-
-		if(resource != null && serviceDef != null && serviceDef.getResources() != null) {
-			StringBuilder sb = new StringBuilder();
-
-			for(RangerResourceDef resourceDef : serviceDef.getResources()) {
-				if(resourceDef == null || !resource.exists(resourceDef.getName())) {
-					continue;
-				}
-
-				if(sb.length() > 0) {
-					sb.append(RESOURCE_SEP);
-				}
-
-				sb.append(resource.getValue(resourceDef.getName()));
-			}
-
-			if(sb.length() > 0) {
-				ret = sb.toString();
-			}
-		}
-
-		return ret;
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/217e1892/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java
----------------------------------------------------------------------
diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java
deleted file mode 100644
index b90d387..0000000
--- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.model;
-
-import java.util.Date;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-
-import org.codehaus.jackson.annotate.JsonAutoDetect;
-import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
-import org.codehaus.jackson.annotate.JsonIgnoreProperties;
-import org.codehaus.jackson.map.annotate.JsonSerialize;
-
-@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
-@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
-@JsonIgnoreProperties(ignoreUnknown=true)
-@XmlRootElement
-@XmlAccessorType(XmlAccessType.FIELD)
-public class RangerBaseModelObject implements java.io.Serializable {
-	private static final long serialVersionUID = 1L;
-
-	private Long    id         = null;
-	private String  guid       = null;
-	private Boolean isEnabled  = null;
-	private String  createdBy  = null;
-	private String  updatedBy  = null;
-	private Date    createTime = null;
-	private Date    updateTime = null;
-	private Long    version    = null;
-
-	/**
-	 * 
-	 */
-	public RangerBaseModelObject() {
-		setIsEnabled(null);
-	}
-
-	public void updateFrom(RangerBaseModelObject other) {
-		setIsEnabled(other.getIsEnabled());
-	}
-
-	/**
-	 * @return the id
-	 */
-	public Long getId() {
-		return id;
-	}
-	/**
-	 * @param id the id to set
-	 */
-	public void setId(Long id) {
-		this.id = id;
-	}
-	/**
-	 * @return the guid
-	 */
-	public String getGuid() {
-		return guid;
-	}
-	/**
-	 * @param guid the guid to set
-	 */
-	public void setGuid(String guid) {
-		this.guid = guid;
-	}
-	/**
-	 * @return the isEnabled
-	 */
-	public Boolean getIsEnabled() {
-		return isEnabled;
-	}
-	/**
-	 * @param isEnabled the isEnabled to set
-	 */
-	public void setIsEnabled(Boolean isEnabled) {
-		this.isEnabled = isEnabled == null ? Boolean.TRUE : isEnabled;
-	}
-	/**
-	 * @return the createdBy
-	 */
-	public String getCreatedBy() {
-		return createdBy;
-	}
-	/**
-	 * @param createdBy the createdBy to set
-	 */
-	public void setCreatedBy(String createdBy) {
-		this.createdBy = createdBy;
-	}
-	/**
-	 * @return the updatedBy
-	 */
-	public String getUpdatedBy() {
-		return updatedBy;
-	}
-	/**
-	 * @param updatedBy the updatedBy to set
-	 */
-	public void setUpdatedBy(String updatedBy) {
-		this.updatedBy = updatedBy;
-	}
-	/**
-	 * @return the createTime
-	 */
-	public Date getCreateTime() {
-		return createTime;
-	}
-	/**
-	 * @param createTime the createTime to set
-	 */
-	public void setCreateTime(Date createTime) {
-		this.createTime = createTime;
-	}
-	/**
-	 * @return the updateTime
-	 */
-	public Date getUpdateTime() {
-		return updateTime;
-	}
-	/**
-	 * @param updateTime the updateTime to set
-	 */
-	public void setUpdateTime(Date updateTime) {
-		this.updateTime = updateTime;
-	}
-	/**
-	 * @return the version
-	 */
-	public Long getVersion() {
-		return version;
-	}
-	/**
-	 * @param version the version to set
-	 */
-	public void setVersion(Long version) {
-		this.version = version;
-	}
-
-	@Override
-	public String toString( ) {
-		StringBuilder sb = new StringBuilder();
-
-		toString(sb);
-
-		return sb.toString();
-	}
-
-	public StringBuilder toString(StringBuilder sb) {
-		sb.append("id={").append(id).append("} ");
-		sb.append("guid={").append(guid).append("} ");
-		sb.append("isEnabled={").append(isEnabled).append("} ");
-		sb.append("createdBy={").append(createdBy).append("} ");
-		sb.append("updatedBy={").append(updatedBy).append("} ");
-		sb.append("createTime={").append(createTime).append("} ");
-		sb.append("updateTime={").append(updateTime).append("} ");
-		sb.append("version={").append(version).append("} ");
-
-		return sb;
-	}
-}


Mime
View raw message