ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bo...@apache.org
Subject [1/4] incubator-ranger git commit: RANGER-178 - Ranger Admin server side service code for Solr Plugin
Date Tue, 31 Mar 2015 04:09:50 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master 73387f30c -> d27cacd7d


RANGER-178 - Ranger Admin server side service code for Solr Plugin

Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2dc01d08
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2dc01d08
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2dc01d08

Branch: refs/heads/master
Commit: 2dc01d08b27e31a3af260b71f59a9585d853c5c3
Parents: 60a235c
Author: Don Bosco Durai <bosco@apache.org>
Authored: Mon Mar 30 17:23:35 2015 -0700
Committer: Don Bosco Durai <bosco@apache.org>
Committed: Mon Mar 30 17:23:35 2015 -0700

----------------------------------------------------------------------
 .../service-defs/ranger-servicedef-solr.json    | 121 ++++++++
 plugin-solr/.gitignore                          |   1 +
 .../conf/ranger-policymgr-ssl-changes.cfg       |  23 ++
 plugin-solr/conf/ranger-policymgr-ssl.xml       |  63 ++++
 plugin-solr/conf/ranger-solr-audit-changes.cfg  |  36 +++
 plugin-solr/conf/ranger-solr-audit.xml          | 187 ++++++++++++
 .../conf/ranger-solr-security-changes.cfg       |  26 ++
 plugin-solr/conf/ranger-solr-security.xml       |  67 +++++
 plugin-solr/pom.xml                             |  56 ++++
 plugin-solr/scripts/install.properties          | 112 +++++++
 .../scripts/solr-plugin-install.properties      |  23 ++
 .../solr/authorizer/RangerSolrAuthorizer.java   |  37 +++
 .../ranger/services/solr/RangerServiceSolr.java |  78 +++++
 .../services/solr/client/ServiceSolrClient.java | 292 +++++++++++++++++++
 .../solr/client/ServiceSolrConnectionMgr.java   |  60 ++++
 pom.xml                                         |   4 +-
 .../java/org/apache/ranger/biz/ServiceMgr.java  |   4 +-
 .../main/resources/sample.xa_system.properties  |   7 +
 src/main/assembly/plugin-solr.xml               | 157 ++++++++++
 19 files changed, 1352 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
new file mode 100644
index 0000000..e66f2b3
--- /dev/null
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
@@ -0,0 +1,121 @@
+{
+	"name":"solr",
+	"implClass":"org.apache.ranger.services.solr.RangerServiceSolr",
+	"label":"SOLR",
+	"description":"Solr",
+	"resources":[
+		{
+			"name":"collection",
+			"type":"string",
+			"level":1,
+			"parent":"",
+			"mandatory":true,
+			"lookupSupported":true,
+			"recursiveSupported":false,
+			"excludesSupported":true,
+			"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+			"matcherOptions":"wildCard=true;ignoreCase=true",
+			"validationRegEx":"",
+			"validationMessage":"",
+			"uiHint":"",
+			"label":"Solr Collection",
+			"description":"Solr Collection"
+		},
+		{
+			"name":"field",
+			"type":"string",
+			"level":2,
+			"parent":"collection",
+			"mandatory":true,
+			"lookupSupported":true,
+			"recursiveSupported":false,
+			"excludesSupported":true,
+			"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+			"matcherOptions":"wildCard=true;ignoreCase=true",
+			"validationRegEx":"",
+			"validationMessage":"",
+			"uiHint":"",
+			"label":"Field",
+			"description":"Field"
+		}
+		
+	],
+	"accessTypes":[
+		{
+			"name":"create",
+			"label":"Create"
+		},
+		{
+			"name":"update",
+			"label":"Update"
+		},
+		{
+			"name":"query",
+			"label":"Query"
+		},
+		{
+			"name":"admin",
+			"label":"Admin"
+		}
+		
+	],
+	"configs":[
+		{
+			"name":"username",
+			"type":"string",
+			"mandatory":true,
+			"validationRegEx":"",
+			"validationMessage":"",
+			"uiHint":"",
+			"label":"Username"
+		},
+		{
+			"name":"password",
+			"type":"password",
+			"mandatory":true,
+			"validationRegEx":"",
+			"validationMessage":"",
+			"uiHint":"",
+			"label":"Password"
+		},
+		{
+			"name":"solr.url",
+			"type":"string",
+			"mandatory":true,
+			"defaultValue":"",
+			"validationRegEx":"",
+			"validationMessage":"",
+			"uiHint":"",
+			"label":"Solr URL"
+		},
+		{
+			"name":"certificate.cn",
+			"type":"string",
+			"mandatory":false,
+			"validationRegEx":"",
+			"validationMessage":"",
+			"uiHint":"",
+			"label":"Common Name for Certificate"
+		}
+		
+	],
+	"enums":[
+		
+	],
+	"contextEnrichers":[
+		
+	],
+	"policyConditions":[
+		{
+			"name":"ip-range",
+			"evaluator":"org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
+			"evaluatorOptions":"",
+			"validationRegEx":"",
+			"validationMessage":"",
+			"uiHint":"",
+			"label":"IP Address Range",
+			"description":"IP Address Range"
+		}
+		
+	]
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/.gitignore
----------------------------------------------------------------------
diff --git a/plugin-solr/.gitignore b/plugin-solr/.gitignore
new file mode 100644
index 0000000..ea8c4bf
--- /dev/null
+++ b/plugin-solr/.gitignore
@@ -0,0 +1 @@
+/target

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/conf/ranger-policymgr-ssl-changes.cfg
----------------------------------------------------------------------
diff --git a/plugin-solr/conf/ranger-policymgr-ssl-changes.cfg b/plugin-solr/conf/ranger-policymgr-ssl-changes.cfg
new file mode 100644
index 0000000..ec4eeab
--- /dev/null
+++ b/plugin-solr/conf/ranger-policymgr-ssl-changes.cfg
@@ -0,0 +1,23 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SSL Params
+#
+xasecure.policymgr.clientssl.keystore					 %SSL_KEYSTORE_FILE_PATH%						mod create-if-not-exists
+xasecure.policymgr.clientssl.keystore.password			 %SSL_KEYSTORE_PASSWORD%						mod create-if-not-exists
+xasecure.policymgr.clientssl.keystore.credential.file	 jceks://file%CREDENTIAL_PROVIDER_FILE%			mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore				     %SSL_TRUSTSTORE_FILE_PATH%						mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore.password	     %SSL_TRUSTSTORE_PASSWORD%						mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore.credential.file  jceks://file%CREDENTIAL_PROVIDER_FILE%         mod create-if-not-exists	

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/conf/ranger-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/plugin-solr/conf/ranger-policymgr-ssl.xml b/plugin-solr/conf/ranger-policymgr-ssl.xml
new file mode 100644
index 0000000..dcadc52
--- /dev/null
+++ b/plugin-solr/conf/ranger-policymgr-ssl.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+	<!--  The following properties are used for 2-way SSL client server validation -->
+	<property>
+		<name>xasecure.policymgr.clientssl.keystore</name>
+		<value>solrdev-clientcert.jks</value>
+		<description> 
+			Java Keystore files 
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.keystore.password</name>
+		<value>none</value>
+		<description> 
+			password for keystore 
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.truststore</name>
+		<value>cacerts-xasecure.jks</value>
+		<description> 
+			java truststore file
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.truststore.password</name>
+		<value>none</value>
+		<description> 
+			java  truststore password
+		</description>
+	</property>
+    <property>
+		<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+		<value>jceks://file/tmp/keystore-solrdev-ssl.jceks</value>
+		<description> 
+			java  keystore credential file
+		</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+		<value>jceks://file/tmp/truststore-solrdev-ssl.jceks</value>
+		<description> 
+			java  truststore credential file
+		</description>
+	</property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/conf/ranger-solr-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/plugin-solr/conf/ranger-solr-audit-changes.cfg b/plugin-solr/conf/ranger-solr-audit-changes.cfg
new file mode 100644
index 0000000..7c0c430
--- /dev/null
+++ b/plugin-solr/conf/ranger-solr-audit-changes.cfg
@@ -0,0 +1,36 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+xasecure.audit.db.is.enabled                        %XAAUDIT.DB.IS_ENABLED%                                         mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.url		%XAAUDIT_DB_JDBC_URL%											mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.user		%XAAUDIT.DB.USER_NAME% 											mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.password	crypted	 														mod create-if-not-exists
+xasecure.audit.credential.provider.file     		jceks://file%CREDENTIAL_PROVIDER_FILE% 							mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.driver	%XAAUDIT_DB_JDBC_DRIVER% 										mod create-if-not-exists
+
+xasecure.audit.hdfs.is.enabled                                     %XAAUDIT.HDFS.IS_ENABLED%                               mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.directory                   %XAAUDIT.HDFS.DESTINATION_DIRECTORY%                    mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.file                        %XAAUDIT.HDFS.DESTINTATION_FILE%                        mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.flush.interval.seconds      %XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS%      mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.rollover.interval.seconds   %XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS%   mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.open.retry.interval.seconds %XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS% mod create-if-not-exists
+xasecure.audit.hdfs.config.local.buffer.directory                  %XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY%                   mod create-if-not-exists
+xasecure.audit.hdfs.config.local.buffer.file                       %XAAUDIT.HDFS.LOCAL_BUFFER_FILE%                        mod create-if-not-exists
+xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds     %XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS%      mod create-if-not-exists
+xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds  %XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS%   mod create-if-not-exists
+xasecure.audit.hdfs.config.local.archive.directory                 %XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY%                  mod create-if-not-exists
+xasecure.audit.hdfs.config.local.archive.max.file.count            %XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT%             mod create-if-not-exists
+
+xasecure.audit.solr.is.enabled                                    %XAAUDIT.SOLR.IS_ENABLED%                               mod create-if-not-exists
+xasecure.audit.solr.solr_url                                      %XAAUDIT.SOLR.SOLR_URL%                                 mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/conf/ranger-solr-audit.xml
----------------------------------------------------------------------
diff --git a/plugin-solr/conf/ranger-solr-audit.xml b/plugin-solr/conf/ranger-solr-audit.xml
new file mode 100644
index 0000000..d27f062
--- /dev/null
+++ b/plugin-solr/conf/ranger-solr-audit.xml
@@ -0,0 +1,187 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+	<property>
+		<name>xasecure.audit.is.enabled</name>
+		<value>true</value>
+	</property>	
+	
+
+	<!-- DB audit provider configuration -->
+	<property>
+		<name>xasecure.audit.db.is.enabled</name>
+		<value>false</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.db.is.async</name>
+		<value>true</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.db.async.max.queue.size</name>
+		<value>10240</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.db.async.max.flush.interval.ms</name>
+		<value>30000</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.db.batch.size</name>
+		<value>100</value>
+	</property>	
+
+	<!--  Properties whose name begin with "xasecure.audit.jpa." are used to configure JPA -->
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
+		<value>jdbc:mysql://localhost:3306/ranger_audit</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
+		<value>rangerlogger</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
+		<value>none</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name>
+		<value>com.mysql.jdbc.Driver</value>
+	</property>
+
+    <property>
+		<name>xasecure.audit.credential.provider.file</name>
+		<value>jceks://file/etc/ranger/solrdev/auditcred.jceks</value>
+	</property>
+	
+
+
+	<!-- HDFS audit provider configuration -->
+	<property>
+		<name>xasecure.audit.hdfs.is.enabled</name>
+		<value>false</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.is.async</name>
+		<value>true</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.hdfs.async.max.queue.size</name>
+		<value>1048576</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.async.max.flush.interval.ms</name>
+		<value>30000</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.encoding</name>
+		<value></value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.destination.directory</name>
+		<value>hdfs://NAMENODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.destination.file</name>
+		<value>%hostname%-audit.log</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.destination.flush.interval.seconds</name>
+		<value>900</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.destination.rollover.interval.seconds</name>
+		<value>86400</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.destination.open.retry.interval.seconds</name>
+		<value>60</value>
+	</property>
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.buffer.directory</name>
+		<value>/var/log/solr/audit</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.buffer.file</name>
+		<value>%time:yyyyMMdd-HHmm.ss%.log</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.buffer.file.buffer.size.bytes</name>
+		<value>8192</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds</name>
+		<value>60</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds</name>
+		<value>600</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.archive.directory</name>
+		<value>/var/log/solr/audit/archive</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.hdfs.config.local.archive.max.file.count</name>
+		<value>10</value>
+	</property>	
+	
+
+	<!-- Log4j audit provider configuration -->
+	<property>
+		<name>xasecure.audit.log4j.is.enabled</name>
+		<value>false</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.log4j.is.async</name>
+		<value>false</value>
+	</property>	
+	
+	<property>
+		<name>xasecure.audit.log4j.async.max.queue.size</name>
+		<value>10240</value>
+	</property>	
+
+	<property>
+		<name>xasecure.audit.log4j.async.max.flush.interval.ms</name>
+		<value>30000</value>
+	</property>	
+</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/conf/ranger-solr-security-changes.cfg
----------------------------------------------------------------------
diff --git a/plugin-solr/conf/ranger-solr-security-changes.cfg b/plugin-solr/conf/ranger-solr-security-changes.cfg
new file mode 100644
index 0000000..ed8a509
--- /dev/null
+++ b/plugin-solr/conf/ranger-solr-security-changes.cfg
@@ -0,0 +1,26 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Change the original policy parameter to work with policy manager based.
+# 
+#
+ranger.plugin.solr.service.name %REPOSITORY_NAME% mod create-if-not-exists
+
+ranger.plugin.solr.policy.source.impl org.apache.ranger.admin.client.RangerAdminRESTClient mod create-if-not-exists
+
+ranger.plugin.solr.policy.rest.url                %POLICY_MGR_URL%                          mod create-if-not-exists
+ranger.plugin.solr.policy.rest.ssl.config.file    /etc/solr/conf/ranger-policymgr-ssl.xml mod create-if-not-exists
+ranger.plugin.solr.policy.pollIntervalMs          30000                                     mod create-if-not-exists
+ranger.plugin.solr.policy.cache.dir               %POLICY_CACHE_FILE_PATH%                  mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/conf/ranger-solr-security.xml
----------------------------------------------------------------------
diff --git a/plugin-solr/conf/ranger-solr-security.xml b/plugin-solr/conf/ranger-solr-security.xml
new file mode 100644
index 0000000..c865749
--- /dev/null
+++ b/plugin-solr/conf/ranger-solr-security.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+	<property>
+		<name>ranger.plugin.solr.service.name</name>
+		<value>solrdev</value>
+		<description>
+			Name of the Ranger service containing policies for this SOLR instance
+		</description>
+	</property>
+
+	<property>
+		<name>ranger.plugin.solr.policy.source.impl</name>
+		<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
+		<description>
+			Class to retrieve policies from the source
+		</description>
+	</property>
+
+	<property>
+		<name>ranger.plugin.solr.policy.rest.url</name>
+		<value>http://policymanagerhost:port</value>
+		<description>
+			URL to Ranger Admin
+		</description>
+	</property>
+
+	<property>
+		<name>ranger.plugin.solr.policy.rest.ssl.config.file</name>
+		<value>/etc/solr/conf/ranger-policymgr-ssl.xml</value>
+		<description>
+			Path to the file containing SSL details to contact Ranger Admin
+		</description>
+	</property>
+
+	<property>
+		<name>ranger.plugin.solr.policy.pollIntervalMs</name>
+		<value>30000</value>
+		<description>
+			How often to poll for changes in policies?
+		</description>
+	</property>
+
+	<property>
+		<name>ranger.plugin.solr.policy.cache.dir</name>
+		<value>/etc/ranger/solrdev/policycache</value>
+		<description>
+			Directory where Ranger policies are cached after successful retrieval from the source
+		</description>
+	</property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/pom.xml
----------------------------------------------------------------------
diff --git a/plugin-solr/pom.xml b/plugin-solr/pom.xml
new file mode 100644
index 0000000..54bcafa
--- /dev/null
+++ b/plugin-solr/pom.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>security_plugins.ranger-solr-plugin</groupId>
+  <artifactId>ranger-solr-plugin</artifactId>
+  <name>SOLR Security Plugin</name>
+  <description>SOLR Security Plugin</description>
+  <packaging>jar</packaging>
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+  <parent>
+     <groupId>org.apache.ranger</groupId>
+     <artifactId>ranger</artifactId>
+     <version>0.5.0</version>
+     <relativePath>..</relativePath>
+  </parent>
+  <dependencies>
+    <dependency>
+      <groupId>security_plugins.ranger-plugins-common</groupId>
+      <artifactId>ranger-plugins-common</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>security_plugins.ranger-plugins-audit</groupId>
+      <artifactId>ranger-plugins-audit</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.ranger</groupId>
+      <artifactId>credentialbuilder</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.ranger</groupId>
+      <artifactId>ranger_solrj</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+  </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/scripts/install.properties
----------------------------------------------------------------------
diff --git a/plugin-solr/scripts/install.properties b/plugin-solr/scripts/install.properties
new file mode 100644
index 0000000..6a84c19
--- /dev/null
+++ b/plugin-solr/scripts/install.properties
@@ -0,0 +1,112 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Location of Policy Manager URL  
+#
+# Example:
+# POLICY_MGR_URL=http://policymanager.xasecure.net:6080
+#
+POLICY_MGR_URL=
+
+#
+# Location of db client library (please check the location of the jar file)
+#
+# Example:
+# SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+# SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
+#
+SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+
+#
+# This is the repository name created within policy manager
+#
+# Example:
+# REPOSITORY_NAME=solrdev
+#
+REPOSITORY_NAME=
+
+#
+# AUDIT DB Configuration
+# 
+#  This information should match with the one you specified during the PolicyManager Installation
+# 
+# Example:
+# XAAUDIT.DB.IS_ENABLED=true
+# XAAUDIT.DB.FLAVOUR=MYSQL
+# XAAUDIT.DB.FLAVOUR=ORACLE
+# XAAUDIT.DB.HOSTNAME=localhost
+# XAAUDIT.DB.DATABASE_NAME=ranger_audit
+# XAAUDIT.DB.USER_NAME=rangerlogger
+# XAAUDIT.DB.PASSWORD=rangerlogger
+#
+XAAUDIT.DB.IS_ENABLED=false
+XAAUDIT.DB.FLAVOUR=MYSQL
+XAAUDIT.DB.HOSTNAME=
+XAAUDIT.DB.DATABASE_NAME=
+XAAUDIT.DB.USER_NAME=
+XAAUDIT.DB.PASSWORD=
+
+#
+#  Audit to HDFS Configuration
+#
+# If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens
+# that start with __REPLACE__ with appropriate values
+#  XAAUDIT.HDFS.IS_ENABLED=true
+#  XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
+#  XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/solr/audit
+#  XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/solr/audit/archive
+#
+# Example:
+#  XAAUDIT.HDFS.IS_ENABLED=true
+#  XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://namenode.example.com:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
+#  XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/solr/audit
+#  XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/solr/audit/archive
+#
+XAAUDIT.HDFS.IS_ENABLED=false
+XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
+XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/solr/audit
+XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/solr/audit/archive
+
+XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log
+XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900
+XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400
+XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60
+XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
+XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
+XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
+XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
+
+#Solr Audit Provder
+XAAUDIT.SOLR.IS_ENABLED=false
+XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
+XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
+XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits
+
+#
+# SSL Client Certificate Information
+#
+# Example:
+# SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
+# SSL_KEYSTORE_PASSWORD=none
+# SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
+# SSL_TRUSTSTORE_PASSWORD=none
+#
+# You do not need use SSL between agent and security admin tool, please leave these sample value as it is.
+#
+SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
+SSL_KEYSTORE_PASSWORD=myKeyFilePassword
+SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
+SSL_TRUSTSTORE_PASSWORD=changeit

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/scripts/solr-plugin-install.properties
----------------------------------------------------------------------
diff --git a/plugin-solr/scripts/solr-plugin-install.properties b/plugin-solr/scripts/solr-plugin-install.properties
new file mode 100644
index 0000000..a360906
--- /dev/null
+++ b/plugin-solr/scripts/solr-plugin-install.properties
@@ -0,0 +1,23 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# installation properties for this plugin
+
+#
+# Name of the directory where the component's lib and conf directory exist.
+# This location should be relative to the parent of the directory containing
+# the plugin installation files.
+# 
+COMPONENT_INSTALL_DIR_NAME=solr

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
new file mode 100644
index 0000000..8ccc703
--- /dev/null
+++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
@@ -0,0 +1,37 @@
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authorization.solr.authorizer;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class RangerSolrAuthorizer /*SolrAuthorizationPlugin*/ {
+    public static final String ACCESS_TYPE_CREATE = "create";
+    public static final String ACCESS_TYPE_UPDATE  = "update";
+    public static final String ACCESS_TYPE_QUERY  = "query";
+    public static final String ACCESS_TYPE_ADMIN       = "admin";
+
+	private static final Log LOG = LogFactory.getLog(RangerSolrAuthorizer.class);
+
+    //private static volatile RangerSolrPlugin solrPlugin = null;
+
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/src/main/java/org/apache/ranger/services/solr/RangerServiceSolr.java
----------------------------------------------------------------------
diff --git a/plugin-solr/src/main/java/org/apache/ranger/services/solr/RangerServiceSolr.java b/plugin-solr/src/main/java/org/apache/ranger/services/solr/RangerServiceSolr.java
new file mode 100644
index 0000000..3a43a9e
--- /dev/null
+++ b/plugin-solr/src/main/java/org/apache/ranger/services/solr/RangerServiceSolr.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.services.solr;
+
+import java.util.HashMap;
+import java.util.List;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.service.RangerBaseService;
+import org.apache.ranger.plugin.service.ResourceLookupContext;
+import org.apache.ranger.services.solr.client.ServiceSolrClient;
+import org.apache.ranger.services.solr.client.ServiceSolrConnectionMgr;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class RangerServiceSolr extends RangerBaseService {
+
+	private static final Log LOG = LogFactory.getLog(RangerServiceSolr.class);
+
+	public RangerServiceSolr() {
+		super();
+	}
+
+	@Override
+	public void init(RangerServiceDef serviceDef, RangerService service) {
+		super.init(serviceDef, service);
+	}
+
+	@Override
+	public HashMap<String, Object> validateConfig() throws Exception {
+		HashMap<String, Object> ret = new HashMap<String, Object>();
+		String serviceName = getServiceName();
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerServiceSolr.validateConfig Service: ("
+					+ serviceName + " )");
+		}
+		if (configs != null) {
+			try {
+				ret = ServiceSolrConnectionMgr.testConnection(serviceName,
+						configs);
+			} catch (Exception e) {
+				LOG.error("<== RangerServiceSolr.validateConfig Error:" + e);
+				throw e;
+			}
+		}
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerServiceSolr.validateConfig Response : (" + ret
+					+ " )");
+		}
+		return ret;
+	}
+
+	@Override
+	public List<String> lookupResource(ResourceLookupContext context)
+			throws Exception {
+
+		ServiceSolrClient serviceSolrClient = ServiceSolrConnectionMgr
+				.getSolrClient(serviceName, configs);
+		return serviceSolrClient.getResources(context);
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java
----------------------------------------------------------------------
diff --git a/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java b/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java
new file mode 100644
index 0000000..d1b8e55
--- /dev/null
+++ b/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java
@@ -0,0 +1,292 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.services.solr.client;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.Callable;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.plugin.client.BaseClient;
+import org.apache.ranger.plugin.service.ResourceLookupContext;
+import org.apache.ranger.plugin.util.TimedEventUtil;
+import org.apache.solr.client.solrj.SolrClient;
+import org.apache.solr.client.solrj.SolrQuery;
+import org.apache.solr.client.solrj.request.CollectionAdminRequest;
+import org.apache.solr.client.solrj.request.CoreAdminRequest;
+import org.apache.solr.client.solrj.response.CollectionAdminResponse;
+import org.apache.solr.client.solrj.response.CoreAdminResponse;
+import org.apache.solr.client.solrj.response.QueryResponse;
+import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction;
+import org.apache.solr.common.util.SimpleOrderedMap;
+
+public class ServiceSolrClient {
+	public static final Logger LOG = Logger.getLogger(ServiceSolrClient.class);
+
+	enum RESOURCE_TYPE {
+		COLLECTION, FIELD
+	}
+
+	SolrClient solrClient = null;
+	boolean isSolrCloud = false;
+
+	String serviceName = null;
+	private static final String errMessage = " You can still save the repository and start creating "
+			+ "policies, but you would not be able to use autocomplete for "
+			+ "resource names. Check server logs for more info.";
+
+	private static final String COLLECTION_KEY = "collection";
+	private static final String FIELD_KEY = "column";
+	private static final long LOOKUP_TIMEOUT_SEC = 5;
+
+	public ServiceSolrClient(String serviceName, SolrClient solrClient,
+			boolean isSolrCloud) {
+		this.solrClient = solrClient;
+		this.isSolrCloud = isSolrCloud;
+		this.serviceName = serviceName;
+
+	}
+
+	public HashMap<String, Object> testConnection() throws Exception {
+		String errMsg = errMessage;
+		boolean connectivityStatus = false;
+		HashMap<String, Object> responseData = new HashMap<String, Object>();
+
+		try {
+			getCollectionList(null);
+			// If it doesn't throw exception, then assume the instance is
+			// reachable
+			String successMsg = "TestConnection Successful";
+			BaseClient.generateResponseDataMap(connectivityStatus, successMsg,
+					successMsg, null, null, responseData);
+		} catch (IOException e) {
+			LOG.error("Error connecting to Solr. solrClient=" + solrClient, e);
+			String failureMsg = "Unable to connect to Solr instance."
+					+ e.getMessage();
+			BaseClient.generateResponseDataMap(connectivityStatus, failureMsg,
+					failureMsg + errMsg, null, null, responseData);
+
+		}
+
+		return responseData;
+	}
+
+	public List<String> getCollectionList(List<String> ignoreCollectionList)
+			throws Exception {
+		if (!isSolrCloud) {
+			return getCoresList(ignoreCollectionList);
+		}
+
+		CollectionAdminRequest request = new CollectionAdminRequest.List();
+		CollectionAdminResponse response = request.process(solrClient);
+
+		List<String> list = new ArrayList<String>();
+		for (int i = 0; i < response.getCollectionStatus().size(); i++) {
+			if (ignoreCollectionList == null
+					|| !ignoreCollectionList.contains(list.get(i))) {
+				list.add(list.get(i));
+			}
+		}
+		return list;
+	}
+
+	public List<String> getCoresList(List<String> ignoreCollectionList)
+			throws Exception {
+		CoreAdminRequest request = new CoreAdminRequest();
+		request.setAction(CoreAdminAction.STATUS);
+		CoreAdminResponse cores = request.process(solrClient);
+		// List of the cores
+		List<String> coreList = new ArrayList<String>();
+		for (int i = 0; i < cores.getCoreStatus().size(); i++) {
+			if (ignoreCollectionList == null
+					|| !ignoreCollectionList.contains(cores.getCoreStatus()
+							.getName(i))) {
+				coreList.add(cores.getCoreStatus().getName(i));
+			}
+		}
+		return coreList;
+	}
+
+	public List<String> getFieldList(String collection,
+			List<String> ignoreFieldList) throws Exception {
+		// TODO: Best is to get the collections based on the collection value
+		// which could contain wild cards
+		String queryStr = "";
+		if (collection != null && !collection.isEmpty()) {
+			queryStr += "/" + collection;
+		}
+		queryStr += "/schema/fields";
+		SolrQuery query = new SolrQuery();
+		query.setRequestHandler(queryStr);
+		QueryResponse response = solrClient.query(query);
+
+		List<String> fieldList = new ArrayList<String>();
+		if (response != null && response.getStatus() == 0) {
+			@SuppressWarnings("unchecked")
+			List<SimpleOrderedMap<String>> fields = (ArrayList<SimpleOrderedMap<String>>) response
+					.getResponse().get("fields");
+			for (SimpleOrderedMap<String> fmap : fields) {
+				String fieldName = fmap.get("name");
+				if (ignoreFieldList == null
+						|| !ignoreFieldList.contains(fieldName)) {
+					fieldList.add(fieldName);
+				}
+			}
+		} else {
+			LOG.error("Error getting fields for collection=" + collection
+					+ ", response=" + response);
+		}
+		return fieldList;
+	}
+
+	public List<String> getFieldList(List<String> collectionList,
+			List<String> ignoreFieldList) throws Exception {
+
+		Set<String> fieldSet = new LinkedHashSet<String>();
+		if (collectionList == null || collectionList.size() == 0) {
+			return getFieldList((String) null, ignoreFieldList);
+		}
+		for (String collection : collectionList) {
+			try {
+				fieldSet.addAll(getFieldList(collection, ignoreFieldList));
+			} catch (Exception ex) {
+				LOG.error("Error getting fields.", ex);
+			}
+		}
+		return new ArrayList<String>(fieldSet);
+	}
+
+	/**
+	 * @param serviceName
+	 * @param context
+	 * @return
+	 */
+	public List<String> getResources(ResourceLookupContext context) {
+
+		String userInput = context.getUserInput();
+		String resource = context.getResourceName();
+		Map<String, List<String>> resourceMap = context.getResources();
+		List<String> resultList = null;
+		List<String> collectionList = null;
+		List<String> fieldList = null;
+
+		RESOURCE_TYPE lookupResource = RESOURCE_TYPE.COLLECTION;
+
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("<== HiveResourceMgr.getHiveResources()  UserInput: \""
+					+ userInput + "\" resource : " + resource
+					+ " resourceMap: " + resourceMap);
+		}
+
+		if (userInput != null && resource != null) {
+			if (resourceMap != null && !resourceMap.isEmpty()) {
+				collectionList = resourceMap.get(COLLECTION_KEY);
+				fieldList = resourceMap.get(FIELD_KEY);
+			}
+			switch (resource.trim().toLowerCase()) {
+			case COLLECTION_KEY:
+				lookupResource = RESOURCE_TYPE.COLLECTION;
+				break;
+			case FIELD_KEY:
+				lookupResource = RESOURCE_TYPE.FIELD;
+				break;
+			default:
+				break;
+			}
+		}
+
+		if (userInput != null) {
+			try {
+				Callable<List<String>> callableObj = null;
+				final String userInputFinal = userInput;
+
+				final List<String> finalCollectionList = collectionList;
+				final List<String> finalFieldList = fieldList;
+
+				if (lookupResource == RESOURCE_TYPE.COLLECTION) {
+					// get the collection list for given Input
+					callableObj = new Callable<List<String>>() {
+						@Override
+						public List<String> call() {
+							List<String> retList = new ArrayList<String>();
+							try {
+								List<String> list = getCollectionList(finalCollectionList);
+								if (userInputFinal != null
+										&& !userInputFinal.isEmpty()) {
+									for (String value : list) {
+										if (value.startsWith(userInputFinal)) {
+											retList.add(value);
+										}
+									}
+								} else {
+									retList.addAll(list);
+								}
+							} catch (Exception ex) {
+								LOG.error("Error getting collection.", ex);
+							}
+							return retList;
+						};
+					};
+				} else if (lookupResource == RESOURCE_TYPE.FIELD) {
+					callableObj = new Callable<List<String>>() {
+						@Override
+						public List<String> call() {
+							List<String> retList = new ArrayList<String>();
+							try {
+								List<String> list = getFieldList(
+										finalCollectionList, finalFieldList);
+								if (userInputFinal != null
+										&& !userInputFinal.isEmpty()) {
+									for (String value : list) {
+										if (value.startsWith(userInputFinal)) {
+											retList.add(value);
+										}
+									}
+								} else {
+									retList.addAll(list);
+								}
+							} catch (Exception ex) {
+								LOG.error("Error getting collection.", ex);
+							}
+							return retList;
+						};
+					};
+				}
+				// If we need to do lookup
+				if (callableObj != null) {
+					synchronized (this) {
+						resultList = TimedEventUtil.timedTask(callableObj,
+								LOOKUP_TIMEOUT_SEC, TimeUnit.SECONDS);
+					}
+				}
+			} catch (Exception e) {
+				LOG.error("Unable to get hive resources.", e);
+			}
+		}
+
+		return resultList;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrConnectionMgr.java
----------------------------------------------------------------------
diff --git a/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrConnectionMgr.java b/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrConnectionMgr.java
new file mode 100644
index 0000000..874fca5
--- /dev/null
+++ b/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrConnectionMgr.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.services.solr.client;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.log4j.Logger;
+import org.apache.solr.client.solrj.SolrClient;
+import org.apache.solr.client.solrj.impl.HttpSolrClient;
+
+public class ServiceSolrConnectionMgr {
+	public static final Logger LOG = Logger
+			.getLogger(ServiceSolrConnectionMgr.class);
+
+	static public ServiceSolrClient getSolrClient(String serviceName,
+			Map<String, String> configs) throws Exception {
+		String url = configs.get("solr.url");
+		if (url != null) {
+			SolrClient solrClient = new HttpSolrClient(url);
+			ServiceSolrClient serviceSolrClient = new ServiceSolrClient(
+					serviceName, solrClient, false);
+			return serviceSolrClient;
+		}
+		// TODO: Need to add method to create SolrClient using ZooKeeper for
+		// SolrCloud
+		throw new Exception("Required properties are not set for "
+				+ serviceName + ". URL or Zookeeper information not provided.");
+	}
+
+	/**
+	 * @param serviceName
+	 * @param configs
+	 * @return
+	 */
+	public static HashMap<String, Object> testConnection(String serviceName,
+			Map<String, String> configs) throws Exception {
+		ServiceSolrClient serviceSolrClient = getSolrClient(serviceName,
+				configs);
+		return serviceSolrClient.testConnection();
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index a93cd73..e0345cb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -87,6 +87,7 @@
   <module>hive-agent</module>
   <module>knox-agent</module>
   <module>storm-agent</module>
+  <module>plugin-solr</module>
   <module>plugin-yarn</module>
   <module>ranger_solrj</module>
   <module>security-admin</module>
@@ -158,7 +159,7 @@
 		<security-agent-install-dir>hadoop-security/plugins</security-agent-install-dir>
 		<slf4j-api.version>1.7.5</slf4j-api.version>
 		<!--<solr.version>5.0.0</solr.version>-->
-		<ranger.solrj.version>0.4.0</ranger.solrj.version>
+		<ranger.solrj.version>${project.version}</ranger.solrj.version>
 		<springframework.spring.version>2.5.6</springframework.spring.version>
 		<!--
 		<springframework.spring.version>3.1.3.RELEASE</springframework.spring.version>
@@ -364,6 +365,7 @@
              <descriptor>src/main/assembly/knox-agent.xml</descriptor>
              <descriptor>src/main/assembly/storm-agent.xml</descriptor>
              <descriptor>src/main/assembly/plugin-yarn.xml</descriptor>
+	     <descriptor>src/main/assembly/plugin-solr.xml</descriptor>
              <descriptor>src/main/assembly/admin-web.xml</descriptor>
              <descriptor>src/main/assembly/usersync.xml</descriptor>
              <descriptor>src/main/assembly/migration-util.xml</descriptor>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
index 8e6aa3f..4cad883 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
@@ -167,7 +167,7 @@ public class ServiceMgr {
 	private static Map<String, Class<RangerBaseService>> serviceTypeClassMap = new HashMap<String, Class<RangerBaseService>>();
 
 	@SuppressWarnings("unchecked")
-	private Class<RangerBaseService> getClassForServiceType(RangerServiceDef serviceDef) {
+	private Class<RangerBaseService> getClassForServiceType(RangerServiceDef serviceDef) throws Exception {
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> ServiceMgr.getClassForServiceType(" + serviceDef + ")");
 		}
@@ -201,6 +201,8 @@ public class ServiceMgr {
 							serviceTypeClassMap.put(serviceType, ret);
 						} catch (Exception excp) {
 							LOG.warn("ServiceMgr.getClassForServiceType(" + serviceType + "): failed to find service-class '" + clsName + "'. Resource lookup will not be available", excp);
+							//Let's propagate the error
+							throw new Exception(serviceType + " failed to find service class " + clsName + ". Resource lookup will not be available. Please make sure plugin jar is in the correct place.");
 						}
 					} else {
 						if(LOG.isDebugEnabled()) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/security-admin/src/main/resources/sample.xa_system.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/sample.xa_system.properties b/security-admin/src/main/resources/sample.xa_system.properties
index 8043ef8..a4bbe84 100644
--- a/security-admin/src/main/resources/sample.xa_system.properties
+++ b/security-admin/src/main/resources/sample.xa_system.properties
@@ -38,11 +38,18 @@ xa.logs.base.dir=user.home
 xa.scheduler.enabled=true
 
 
+#Audit Destination (solr or db)
+xa.audit.store=solr
+
 # DB Info for audit_DB
 auditDB.jdbc.driver=net.sf.log4jdbc.DriverSpy
 auditDB.jdbc.url=jdbc:log4jdbc:mysql://localhost:3306/xasecure
 auditDB.jdbc.user=
 auditDB.jdbc.password=
 
+#Solr info for solr audit
+xa.audit.solr.url=
+
+
 #http
 http.enabled=true
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/src/main/assembly/plugin-solr.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/plugin-solr.xml b/src/main/assembly/plugin-solr.xml
new file mode 100644
index 0000000..954ea52
--- /dev/null
+++ b/src/main/assembly/plugin-solr.xml
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<assembly>
+  <id>solr-plugin</id>
+  <formats>
+     <format>tar.gz</format>
+	 <format>zip</format>
+  </formats>
+  <baseDirectory>${project.name}-${project.version}-solr-plugin</baseDirectory>
+  <includeBaseDirectory>true</includeBaseDirectory>
+  <moduleSets>
+    <moduleSet>
+     <binaries>
+        <includeDependencies>false</includeDependencies>
+        <unpack>false</unpack>
+	    <directoryMode>755</directoryMode>
+	    <fileMode>644</fileMode>
+        <dependencySets>
+            <dependencySet>
+                <outputDirectory>/lib</outputDirectory>
+                <unpack>false</unpack>
+                <includes>
+                    <include>commons-configuration:commons-configuration:jar:${commons.configuration.version}</include>
+                    <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include>
+                    <include>org.apache.hadoop:hadoop-common-plus:jar:${hadoop-common.version}</include>
+                    <include>com.google.code.gson:gson</include>
+                    <include>org.eclipse.persistence:eclipselink</include>
+                    <include>org.eclipse.persistence:javax.persistence</include>
+                    <include>commons-collections:commons-collections</include>
+					<include>com.sun.jersey:jersey-bundle</include>
+                    <include>commons-logging:commons-logging:jar:${commons.logging.version}</include>
+                    <include>com.google.guava:guava:jar:${guava.version}</include>
+		    <include>org.apache.httpcomponents:httpclient:jar:${httpcomponent.httpclient.version}</include>
+		    <include>org.apache.httpcomponents:httpcore:jar:${httpcomponent.httpcore.version}</include>
+		    <include>org.apache.httpcomponents:httpmime:jar:${httpcomponent.httpmime.version}</include>
+		    <include>org.noggit:noggit:jar:${noggit.version}</include>
+                </includes>
+            </dependencySet>
+            <dependencySet>
+                    <outputDirectory>/install/lib</outputDirectory>
+                    <unpack>false</unpack>
+            		<directoryMode>755</directoryMode>
+            		<fileMode>644</fileMode>
+                    <includes>
+                        <include>commons-cli:commons-cli</include>
+                        <include>commons-collections:commons-collections</include>
+                        <include>commons-configuration:commons-configuration:jar:${commons.configuration.version}</include>
+                        <include>commons-io:commons-io:jar:${commons.io.version}</include>
+                        <include>commons-lang:commons-lang:jar:${commons.lang.version}</include>
+                        <include>commons-logging:commons-logging</include>
+                        <include>com.google.guava:guava:jar:${guava.version}</include>
+                        <include>org.hamcrest:hamcrest-all</include>
+                        <include>junit:junit</include>
+                        <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include>
+                        <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include>
+                        <include>org.apache.hadoop:hadoop-auth:jar:${hadoop-common.version}</include>
+						<include>security_plugins.ranger-plugins-cred:ranger-plugins-cred</include>
+						<include>org.apache.ranger:credentialbuilder</include>
+                    </includes>
+            </dependencySet>
+        </dependencySets>
+        <outputDirectory>/lib</outputDirectory>
+     </binaries>
+     <includes>
+		<include>org.apache.ranger:ranger_solrj</include>
+		<include>security_plugins.ranger-plugins-audit:ranger-plugins-audit</include>
+		<include>security_plugins.ranger-plugins-cred:ranger-plugins-cred</include>
+		<include>security_plugins.ranger-plugins-impl:ranger-plugins-impl</include>
+		<include>security_plugins.ranger-plugins-common:ranger-plugins-common</include>
+		<include>security_plugins.ranger-solr-plugin:ranger-solr-plugin</include>
+     </includes>
+    </moduleSet>
+    <moduleSet>
+     <binaries>
+        <includeDependencies>false</includeDependencies>
+        <outputDirectory>/install/lib</outputDirectory>
+        <unpack>false</unpack>
+     </binaries>
+     <includes>
+		<include>security_plugins.ranger-plugins-installer:ranger-plugins-installer</include>
+		<include>org.apache.ranger:credentialbuilder</include>
+     </includes>
+    </moduleSet>
+   </moduleSets>
+   <fileSets>
+   <!-- conf.templates for enable -->
+    <fileSet>
+        <outputDirectory>/install/conf.templates/enable</outputDirectory>
+        <directory>plugin-solr/conf</directory>
+        <excludes>
+            <exclude>*.sh</exclude>
+        </excludes>
+        <fileMode>700</fileMode>
+    </fileSet>
+    <fileSet>
+        <outputDirectory>/install/conf.templates/disable</outputDirectory>
+        <directory>plugin-solr/disable-conf</directory>
+        <fileMode>700</fileMode>
+    </fileSet>
+    <fileSet>
+        <outputDirectory>/install/conf.templates/default</outputDirectory>
+        <directory>plugin-solr/template</directory>
+        <fileMode>700</fileMode>
+    </fileSet>
+    <!-- version file -->
+    <fileSet>
+        <outputDirectory>/</outputDirectory>
+        <directory>${project.build.outputDirectory}</directory>
+        <includes>
+            <include>version</include>
+        </includes>
+        <fileMode>444</fileMode>
+    </fileSet>
+  </fileSets>
+  <!-- enable/disable script for Plugin -->
+ <files>
+    <file>
+		<source>agents-common/scripts/enable-agent.sh</source>
+        <outputDirectory>/</outputDirectory>
+        <destName>enable-solr-plugin.sh</destName>
+        <fileMode>755</fileMode>
+    </file>
+    <file>
+		<source>agents-common/scripts/enable-agent.sh</source>
+        <outputDirectory>/</outputDirectory>
+        <destName>disable-solr-plugin.sh</destName>
+        <fileMode>755</fileMode>
+    </file>
+    <file>
+        <source>plugin-solr/scripts/install.properties</source>
+        <outputDirectory>/</outputDirectory>
+        <destName>install.properties</destName>
+        <fileMode>755</fileMode>
+    </file>
+    <file>
+        <source>plugin-solr/scripts/solr-plugin-install.properties</source>
+        <outputDirectory>/</outputDirectory>
+        <destName>solr-plugin-install.properties</destName>
+        <fileMode>755</fileMode>
+    </file>
+  </files>
+</assembly>


Mime
View raw message