ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a...@apache.org
Subject incubator-ranger git commit: RANGER-712 Create a sub-project to serve as not only a repository for samples for ranger extensions but also a template project for someone wanting to write extensions
Date Sun, 01 Nov 2015 22:18:34 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master 1b3e6c6df -> 433ab8523


RANGER-712 Create a sub-project to serve as not only a repository for samples for ranger extensions but also a template project for someone wanting to write extensions


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/433ab852
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/433ab852
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/433ab852

Branch: refs/heads/master
Commit: 433ab85239f3969c445903f992b982a66d455cf6
Parents: 1b3e6c6
Author: Alok Lal <alok@apache.org>
Authored: Fri Oct 30 16:26:47 2015 -0700
Committer: Alok Lal <alok@apache.org>
Committed: Sun Nov 1 14:17:08 2015 -0800

----------------------------------------------------------------------
 .../conditionevaluator/RangerSimpleMatcher.java | 133 ---------------
 .../contextenricher/RangerCountryProvider.java  |  79 ---------
 .../RangerFileBasedGeolocationProvider.java     |  35 ----
 .../contextenricher/RangerProjectProvider.java  |  79 ---------
 .../conditionevaluator/RangerSimpleMatcher.java | 133 +++++++++++++++
 .../RangerSimpleMatcherTest.java                | 146 ----------------
 .../RangerFileBasedGeolocationProvider.java     |  35 ++++
 pom.xml                                         |   1 +
 ranger-examples/pom.xml                         |  45 +++++
 .../RangerSampleSimpleMatcher.java              | 170 +++++++++++++++++++
 .../RangerSampleCountryProvider.java            | 105 ++++++++++++
 .../RangerSampleProjectProvider.java            | 103 +++++++++++
 .../RangerSampleSimpleMatcherTest.java          | 139 +++++++++++++++
 13 files changed, 731 insertions(+), 472 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/433ab852/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
deleted file mode 100644
index d9f6158..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.conditionevaluator;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.collections.MapUtils;
-import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-
-public class RangerSimpleMatcher extends RangerAbstractConditionEvaluator {
-
-	private static final Log LOG = LogFactory.getLog(RangerSimpleMatcher.class);
-
-	public static final String CONTEXT_NAME = "CONTEXT_NAME";
-
-	private boolean _allowAny = false;
-	private String _contextName = null;
-	private List<String> _values = new ArrayList<String>();
-	
-	@Override
-	public void init() {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerSimpleMatcher.init(" + condition + ")");
-		}
-
-		super.init();
-
-		if (condition == null) {
-			LOG.debug("init: null policy condition! Will match always!");
-			_allowAny = true;
-		} else if (conditionDef == null) {
-			LOG.debug("init: null policy condition definition! Will match always!");
-			_allowAny = true;
-		} else if (CollectionUtils.isEmpty(condition.getValues())) {
-			LOG.debug("init: empty conditions collection on policy condition!  Will match always!");
-			_allowAny = true;
-		} else if (MapUtils.isEmpty(conditionDef.getEvaluatorOptions())) {
-			LOG.debug("init: Evaluator options were empty.  Can't determine what value to use from context.  Will match always.");
-			_allowAny = true;
-		} else if (StringUtils.isEmpty(conditionDef.getEvaluatorOptions().get(CONTEXT_NAME))) {
-			LOG.debug("init: CONTEXT_NAME is not specified in evaluator options.  Can't determine what value to use from context.  Will match always.");
-			_allowAny = true;
-		} else {
-			_contextName = conditionDef.getEvaluatorOptions().get(CONTEXT_NAME);
-			for (String value : condition.getValues()) {
-				_values.add(value);
-			}
-		}
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerSimpleMatcher.init(" + condition + "): countries[" + _values + "]");
-		}
-	}
-
-	@Override
-	public boolean isMatched(RangerAccessRequest request) {
-		
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerSimpleMatcher.isMatched(" + request + ")");
-		}
-
-		boolean matched = false;
-
-		if (_allowAny) {
-			matched = true;
-		} else {
-			String requestValue = extractValue(request, _contextName);
-			if (StringUtils.isNotBlank(requestValue)) {
-				for (String policyValue : _values) {
-					if (FilenameUtils.wildcardMatch(requestValue, policyValue)) {
-						matched = true;
-						break;
-					}
-				}
-			}
-		}
-		
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerSimpleMatcher.isMatched(" + request+ "): " + matched);
-		}
-
-		return matched;
-	}
-
-	String extractValue(final RangerAccessRequest request, String key) {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerSimpleMatcher.extractValue(" + request+ ")");
-		}
-
-		String value = null;
-		if (request == null) {
-			LOG.debug("isMatched: Unexpected: null request.  Returning null!");
-		} else if (request.getContext() == null) {
-			LOG.debug("isMatched: Context map of request is null.  Ok. Returning null!");
-		} else if (CollectionUtils.isEmpty(request.getContext().entrySet())) {
-			LOG.debug("isMatched: Missing context on request.  Ok. Condition isn't applicable.  Returning null!");
-		} else if (!request.getContext().containsKey(key)) {
-			if (LOG.isDebugEnabled()) {
-				LOG.debug("isMatched: Unexpected: Context did not have data for condition[" + key + "]. Returning null!");
-			}
-		} else {
-			value = (String)request.getContext().get(key);
-		}
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerSimpleMatcher.extractValue(" + request+ "): " + value);
-		}
-		return value;
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/433ab852/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java
deleted file mode 100644
index 64f5023..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.contextenricher;
-
-import java.util.Map;
-import java.util.Properties;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-
-
-public class RangerCountryProvider extends RangerAbstractContextEnricher {
-	private static final Log LOG = LogFactory.getLog(RangerCountryProvider.class);
-
-	private String     contextName    = "COUNTRY";
-	private Properties userCountryMap = null;
-	
-	@Override
-	public void init() {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerCountryProvider.init(" + enricherDef + ")");
-		}
-		
-		super.init();
-		
-		contextName = getOption("contextName", "COUNTRY");
-
-		String dataFile = getOption("dataFile", "/etc/ranger/data/userCountry.txt");
-
-		userCountryMap = readProperties(dataFile);
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerCountryProvider.init(" + enricherDef + ")");
-		}
-	}
-
-	@Override
-	public void enrich(RangerAccessRequest request) {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerCountryProvider.enrich(" + request + ")");
-		}
-		
-		if(request != null && userCountryMap != null) {
-			Map<String, Object> context = request.getContext();
-			String              country = userCountryMap.getProperty(request.getUser());
-	
-			if(context != null && !StringUtils.isEmpty(country)) {
-				request.getContext().put(contextName, country);
-			} else {
-				if(LOG.isDebugEnabled()) {
-					LOG.debug("RangerCountryProvider.enrich(): skipping due to unavailable context or country. context=" + context + "; country=" + country);
-				}
-			}
-		}
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerCountryProvider.enrich(" + request + ")");
-		}
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/433ab852/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedGeolocationProvider.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedGeolocationProvider.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedGeolocationProvider.java
deleted file mode 100644
index ea599c7..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedGeolocationProvider.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.contextenricher;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-public class RangerFileBasedGeolocationProvider extends RangerAbstractGeolocationProvider {
-
-	private static final Log LOG = LogFactory.getLog(RangerFileBasedGeolocationProvider.class);
-
-	public static final String GEOLOCATION_SOURCE_LOADER_FILELOADER = "org.apache.ranger.plugin.store.file.GeolocationFileStore";
-
-	@Override
-	public String getGeoSourceLoader() {
-		return GEOLOCATION_SOURCE_LOADER_FILELOADER;
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/433ab852/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java
deleted file mode 100644
index 4df53cb..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.contextenricher;
-
-import java.util.Map;
-import java.util.Properties;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-
-
-public class RangerProjectProvider extends RangerAbstractContextEnricher {
-	private static final Log LOG = LogFactory.getLog(RangerProjectProvider.class);
-
-	private String     contextName    = "PROJECT";
-	private Properties userProjectMap = null;
-	
-	@Override
-	public void init() {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerProjectProvider.init(" + enricherDef + ")");
-		}
-		
-		super.init();
-		
-		contextName = getOption("contextName", "PROJECT");
-
-		String dataFile = getOption("dataFile", "/etc/ranger/data/userProject.txt");
-
-		userProjectMap = readProperties(dataFile);
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerProjectProvider.init(" + enricherDef + ")");
-		}
-	}
-
-	@Override
-	public void enrich(RangerAccessRequest request) {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerProjectProvider.enrich(" + request + ")");
-		}
-		
-		if(request != null && userProjectMap != null) {
-			Map<String, Object> context = request.getContext();
-			String              project = userProjectMap.getProperty(request.getUser());
-	
-			if(context != null && !StringUtils.isEmpty(project)) {
-				request.getContext().put(contextName, project);
-			} else {
-				if(LOG.isDebugEnabled()) {
-					LOG.debug("RangerProjectProvider.enrich(): skipping due to unavailable context or project. context=" + context + "; project=" + project);
-				}
-			}
-		}
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerProjectProvider.enrich(" + request + ")");
-		}
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/433ab852/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
new file mode 100644
index 0000000..7ad7252
--- /dev/null
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java
@@ -0,0 +1,133 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.conditionevaluator;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class RangerSimpleMatcher extends RangerAbstractConditionEvaluator {
+
+	private static final Log LOG = LogFactory.getLog(RangerSimpleMatcher.class);
+
+	public static final String CONTEXT_NAME = "CONTEXT_NAME";
+
+	private boolean _allowAny = false;
+	private String _contextName = null;
+	private List<String> _values = new ArrayList<String>();
+	
+	@Override
+	public void init() {
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerSimpleMatcher.init(" + condition + ")");
+		}
+
+		super.init();
+
+		if (condition == null) {
+			LOG.debug("init: null policy condition! Will match always!");
+			_allowAny = true;
+		} else if (conditionDef == null) {
+			LOG.debug("init: null policy condition definition! Will match always!");
+			_allowAny = true;
+		} else if (CollectionUtils.isEmpty(condition.getValues())) {
+			LOG.debug("init: empty conditions collection on policy condition!  Will match always!");
+			_allowAny = true;
+		} else if (MapUtils.isEmpty(conditionDef.getEvaluatorOptions())) {
+			LOG.debug("init: Evaluator options were empty.  Can't determine what value to use from context.  Will match always.");
+			_allowAny = true;
+		} else if (StringUtils.isEmpty(conditionDef.getEvaluatorOptions().get(CONTEXT_NAME))) {
+			LOG.debug("init: CONTEXT_NAME is not specified in evaluator options.  Can't determine what value to use from context.  Will match always.");
+			_allowAny = true;
+		} else {
+			_contextName = conditionDef.getEvaluatorOptions().get(CONTEXT_NAME);
+			for (String value : condition.getValues()) {
+				_values.add(value);
+			}
+		}
+
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerSimpleMatcher.init(" + condition + "): countries[" + _values + "]");
+		}
+	}
+
+	@Override
+	public boolean isMatched(RangerAccessRequest request) {
+		
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerSimpleMatcher.isMatched(" + request + ")");
+		}
+
+		boolean matched = false;
+
+		if (_allowAny) {
+			matched = true;
+		} else {
+			String requestValue = extractValue(request, _contextName);
+			if (StringUtils.isNotBlank(requestValue)) {
+				for (String policyValue : _values) {
+					if (FilenameUtils.wildcardMatch(requestValue, policyValue)) {
+						matched = true;
+						break;
+					}
+				}
+			}
+		}
+		
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerSimpleMatcher.isMatched(" + request+ "): " + matched);
+		}
+
+		return matched;
+	}
+
+	String extractValue(final RangerAccessRequest request, String key) {
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerSimpleMatcher.extractValue(" + request+ ")");
+		}
+
+		String value = null;
+		if (request == null) {
+			LOG.debug("isMatched: Unexpected: null request.  Returning null!");
+		} else if (request.getContext() == null) {
+			LOG.debug("isMatched: Context map of request is null.  Ok. Returning null!");
+		} else if (CollectionUtils.isEmpty(request.getContext().entrySet())) {
+			LOG.debug("isMatched: Missing context on request.  Ok. Condition isn't applicable.  Returning null!");
+		} else if (!request.getContext().containsKey(key)) {
+			if (LOG.isDebugEnabled()) {
+				LOG.debug("isMatched: Unexpected: Context did not have data for condition[" + key + "]. Returning null!");
+			}
+		} else {
+			value = (String)request.getContext().get(key);
+		}
+
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerSimpleMatcher.extractValue(" + request+ "): " + value);
+		}
+		return value;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/433ab852/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
deleted file mode 100644
index 8d0bc75..0000000
--- a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.conditionevaluator;
-
-
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-import org.junit.Test;
-
-public class RangerSimpleMatcherTest {
-
-	final Map<String, String> _conditionOptions = new HashMap<String, String>();
-
-	{
-		_conditionOptions.put(RangerSimpleMatcher.CONTEXT_NAME, RangerSimpleMatcher.CONTEXT_NAME);
-	}
-
-	@Test
-	public void testIsMatched_happyPath() {
-		// this documents some unexpected behavior of the ip matcher
-		RangerSimpleMatcher ipMatcher = createMatcher(new String[]{"US", "C*"} );
-		assertTrue(ipMatcher.isMatched(createRequest("US")));
-		assertTrue(ipMatcher.isMatched(createRequest("CA")));
-		assertTrue(ipMatcher.isMatched(createRequest("C---")));
-		assertFalse(ipMatcher.isMatched(createRequest(" US ")));
-		assertFalse(ipMatcher.isMatched(createRequest("Us")));
-		assertFalse(ipMatcher.isMatched(createRequest("ca")));
-	}
-	
-	@Test
-	public void test_firewallings() {
-		
-		// create a request for some policyValue, say, country and use it to match against matcher initialized with all sorts of bad data
-		RangerAccessRequest request = createRequest("AB");
-
-		RangerSimpleMatcher matcher = new RangerSimpleMatcher();
-		// Matcher initialized with null policy should behave sensibly!  It matches everything!
-		matcher.setConditionDef(null);
-		matcher.setPolicyItemCondition(null);
-		matcher.init();
-		assertTrue(matcher.isMatched(request));
-		
-		RangerPolicyItemCondition policyItemCondition = mock(RangerPolicyItemCondition.class);
-		matcher.setConditionDef(null);
-		matcher.setPolicyItemCondition(policyItemCondition);
-		matcher.init();
-		assertTrue(matcher.isMatched(request));
-		
-		RangerPolicyConditionDef conditionDef = mock(RangerPolicyConditionDef.class);
-		matcher.setConditionDef(conditionDef);
-		matcher.setPolicyItemCondition(null);
-		matcher.init();
-		assertTrue(matcher.isMatched(request));
-		
-		// so should a policy item condition with initialized with null list of values 
-		when(policyItemCondition.getValues()).thenReturn(null);
-		matcher.setConditionDef(conditionDef);
-		matcher.setPolicyItemCondition(policyItemCondition);
-		matcher.init();
-		assertTrue(matcher.isMatched(request));
-
-		// not null item condition with empty condition list
-		List<String> values = new ArrayList<String>();
-		when(policyItemCondition.getValues()).thenReturn(values);
-		matcher.setConditionDef(conditionDef);
-		matcher.setPolicyItemCondition(policyItemCondition);
-		matcher.init();
-		assertTrue(matcher.isMatched(request));
-
-		// values as sensible items in it, however, the conditionDef has null evaluator option, so that too suppresses any check
-		values.add("AB");
-		when(policyItemCondition.getValues()).thenReturn(values);
-		when(conditionDef.getEvaluatorOptions()).thenReturn(null);
-		matcher.setConditionDef(conditionDef);
-		matcher.setPolicyItemCondition(policyItemCondition);
-		matcher.init();
-		assertTrue(matcher.isMatched(request));
-
-		// If evaluator option on the condition def is non-null then it starts to evaluate for real
-		when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
-		matcher.setConditionDef(conditionDef);
-		matcher.setPolicyItemCondition(policyItemCondition);
-		matcher.init();
-		assertTrue(matcher.isMatched(request));
-	}
-	
-	RangerSimpleMatcher createMatcher(String[] ipArray) {
-		RangerSimpleMatcher matcher = new RangerSimpleMatcher();
-
-		if (ipArray == null) {
-			matcher.setConditionDef(null);
-			matcher.setPolicyItemCondition(null);
-			matcher.init();
-		} else {
-			RangerPolicyItemCondition condition = mock(RangerPolicyItemCondition.class);
-			List<String> addresses = Arrays.asList(ipArray);
-			when(condition.getValues()).thenReturn(addresses);
-			
-			RangerPolicyConditionDef conditionDef = mock(RangerPolicyConditionDef.class);
-
-			when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
-			matcher.setConditionDef(conditionDef);
-			matcher.setPolicyItemCondition(condition);
-			matcher.init();
-		}
-		
-		return matcher;
-	}
-	
-	RangerAccessRequest createRequest(String value) {
-		Map<String, Object> context = new HashMap<String, Object>();
-		context.put(RangerSimpleMatcher.CONTEXT_NAME, value);
-		RangerAccessRequest request = mock(RangerAccessRequest.class);
-		when(request.getContext()).thenReturn(context);
-		return request;
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/433ab852/agents-common/src/test/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedGeolocationProvider.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedGeolocationProvider.java b/agents-common/src/test/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedGeolocationProvider.java
new file mode 100644
index 0000000..ea599c7
--- /dev/null
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedGeolocationProvider.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.contextenricher;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class RangerFileBasedGeolocationProvider extends RangerAbstractGeolocationProvider {
+
+	private static final Log LOG = LogFactory.getLog(RangerFileBasedGeolocationProvider.class);
+
+	public static final String GEOLOCATION_SOURCE_LOADER_FILELOADER = "org.apache.ranger.plugin.store.file.GeolocationFileStore";
+
+	@Override
+	public String getGeoSourceLoader() {
+		return GEOLOCATION_SOURCE_LOADER_FILELOADER;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/433ab852/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index b7d0239..0648d67 100644
--- a/pom.xml
+++ b/pom.xml
@@ -104,6 +104,7 @@
   <module>ranger-knox-plugin-shim</module>
   <module>ranger-yarn-plugin-shim</module>
   <module>ranger-storm-plugin-shim</module>
+  <module>ranger-examples</module>
   </modules>
   <properties>
         <javac.source.version>1.7</javac.source.version>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/433ab852/ranger-examples/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-examples/pom.xml b/ranger-examples/pom.xml
new file mode 100644
index 0000000..8090170
--- /dev/null
+++ b/ranger-examples/pom.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>ranger</artifactId>
+        <groupId>org.apache.ranger</groupId>
+        <version>0.5.0</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>ranger-examples</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>security_plugins.ranger-plugins-common</groupId>
+            <artifactId>ranger-plugins-common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/433ab852/ranger-examples/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcher.java
----------------------------------------------------------------------
diff --git a/ranger-examples/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcher.java b/ranger-examples/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcher.java
new file mode 100644
index 0000000..50ecb69
--- /dev/null
+++ b/ranger-examples/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcher.java
@@ -0,0 +1,170 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.conditionevaluator;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * This is a sample implementation of a condition Evaluator.  It works in conjunction with the sample context enricher
+ * <code>RangerSampleProjectProvider</code>.  This is how it would be specified in the service definition:
+ 	{
+		...
+		... service definition
+		...
+		"policyConditions": [
+		{
+			"itemId": 1,
+			"name": "user-in-project",
+			"evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerSimpleMatcher",
+			"evaluatorOptions": { CONTEXT_NAME=’PROJECT’},
+			"validationRegEx":"",
+			"validationMessage": "",
+			"uiHint":"",
+			"label": "Project Matcher",
+			"description": "Projects"
+		}
+ 	 }
+ *
+ * Name of this class is specified via the "evaluator" of the policy condition definition.  Significant evaluator option
+ * for this evaluator is the CONTEXT_NAME which indicates the name under which it would look for value for the condition.
+ * It is also use to lookup the condition values specified in the policy.  This example uses CONTEXT_NAME of PROJECT
+ * which matches the value under which context is enriched by its companion class <code>RangerSampleProjectProvider</code>.
+ *
+ * Note that the same Condition Evaluator can be used to process Context enrichment done by <code>RangerSampleCountryProvider</code>
+ * provided the CONTEXT_NAME evaluator option is set to COUNTRY which is same as the value used by its companion Context
+ * Enricher <code>RangerSampleCountryProvider</code>.  Which serves as an example of how a single Condition Evaluator
+ * implementation can be used to model multiple policy conditions.
+ *
+ * For matching context value against policy values it uses <code>FilenameUtils.wildcardMatch()</code> which allows policy authors
+ * flexibility to specify policy conditions using wildcards.  Take a look at
+ * {@link org.apache.ranger.plugin.conditionevaluator.RangerSampleSimpleMatcherTest#testIsMatched_happyPath() testIsMatched_happyPath}
+ * test for examples of what sorts of matching is afforded by this use.
+ *
+ */
+public class RangerSampleSimpleMatcher extends RangerAbstractConditionEvaluator {
+
+	private static final Log LOG = LogFactory.getLog(RangerSampleSimpleMatcher.class);
+
+	public static final String CONTEXT_NAME = "CONTEXT_NAME";
+
+	private boolean _allowAny = false;
+	private String _contextName = null;
+	private List<String> _values = new ArrayList<String>();
+	
+	@Override
+	public void init() {
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerSampleSimpleMatcher.init(" + condition + ")");
+		}
+
+		super.init();
+
+		if (condition == null) {
+			LOG.debug("init: null policy condition! Will match always!");
+			_allowAny = true;
+		} else if (conditionDef == null) {
+			LOG.debug("init: null policy condition definition! Will match always!");
+			_allowAny = true;
+		} else if (CollectionUtils.isEmpty(condition.getValues())) {
+			LOG.debug("init: empty conditions collection on policy condition!  Will match always!");
+			_allowAny = true;
+		} else if (MapUtils.isEmpty(conditionDef.getEvaluatorOptions())) {
+			LOG.debug("init: Evaluator options were empty.  Can't determine what value to use from context.  Will match always.");
+			_allowAny = true;
+		} else if (StringUtils.isEmpty(conditionDef.getEvaluatorOptions().get(CONTEXT_NAME))) {
+			LOG.debug("init: CONTEXT_NAME is not specified in evaluator options.  Can't determine what value to use from context.  Will match always.");
+			_allowAny = true;
+		} else {
+			_contextName = conditionDef.getEvaluatorOptions().get(CONTEXT_NAME);
+			for (String value : condition.getValues()) {
+				_values.add(value);
+			}
+		}
+
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerSampleSimpleMatcher.init(" + condition + "): values[" + _values + "]");
+		}
+	}
+
+	@Override
+	public boolean isMatched(RangerAccessRequest request) {
+		
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerSampleSimpleMatcher.isMatched(" + request + ")");
+		}
+
+		boolean matched = false;
+
+		if (_allowAny) {
+			matched = true;
+		} else {
+			String requestValue = extractValue(request, _contextName);
+			if (StringUtils.isNotBlank(requestValue)) {
+				for (String policyValue : _values) {
+					if (FilenameUtils.wildcardMatch(requestValue, policyValue)) {
+						matched = true;
+						break;
+					}
+				}
+			}
+		}
+		
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerSampleSimpleMatcher.isMatched(" + request+ "): " + matched);
+		}
+
+		return matched;
+	}
+
+	String extractValue(final RangerAccessRequest request, String key) {
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerSampleSimpleMatcher.extractValue(" + request+ ")");
+		}
+
+		String value = null;
+		if (request == null) {
+			LOG.debug("isMatched: Unexpected: null request.  Returning null!");
+		} else if (request.getContext() == null) {
+			LOG.debug("isMatched: Context map of request is null.  Ok. Returning null!");
+		} else if (CollectionUtils.isEmpty(request.getContext().entrySet())) {
+			LOG.debug("isMatched: Missing context on request.  Ok. Condition isn't applicable.  Returning null!");
+		} else if (!request.getContext().containsKey(key)) {
+			if (LOG.isDebugEnabled()) {
+				LOG.debug("isMatched: Unexpected: Context did not have data for condition[" + key + "]. Returning null!");
+			}
+		} else {
+			value = (String)request.getContext().get(key);
+		}
+
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerSampleSimpleMatcher.extractValue(" + request+ "): " + value);
+		}
+		return value;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/433ab852/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
----------------------------------------------------------------------
diff --git a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java b/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
new file mode 100644
index 0000000..198dc5f
--- /dev/null
+++ b/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.contextenricher;
+
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+
+/**
+ * This is a sample implementation of a Context Enricher.  It works in conjunction with a sample Condition Evaluator
+ * <code>RangerSampleSimpleMatcher</code>. It This is how it would be used in service definition:
+	{
+		... service def
+		...
+		"contextEnrichers": [
+		{
+			"itemId": 1, "name": "country-provider",
+			"enricher": "org.apache.ranger.plugin.contextenricher.RangerSampleCountryProvider",
+			"enricherOptions": { "contextName" : "COUNTRY", "dataFile":"/etc/ranger/data/userCountry.txt"}
+		}
+		...
+	}
+
+ contextName: is used to specify the name under which the enricher would push value into context.
+	 For purposes of this example the default value of this parameter, if unspecified is COUNTRY.  This default
+	 can be seen specified in <code>init()</code>.
+ dataFile: is the file which contains the lookup data that this particular enricher would use to
+	 ascertain which value to insert into the context.  For purposes of this example the default value of
+	 this parameter, if unspecified is /etc/ranger/data/userCountry.txt.  This default can be seen specified
+	 in <code>init()</code>.  Format of lookup data is in the form of standard java properties list.
+
+ @see <a href="http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html#load(java.io.Reader)">Java Properties List</a>
+ *
+ * This Context Enricher is almost identical to another sample enricher <code>RangerSampleProjectProvider</code>.
+ */
+public class RangerSampleCountryProvider extends RangerAbstractContextEnricher {
+	private static final Log LOG = LogFactory.getLog(RangerSampleCountryProvider.class);
+
+	private String     contextName    = "COUNTRY";
+	private Properties userCountryMap = null;
+	
+	@Override
+	public void init() {
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerSampleCountryProvider.init(" + enricherDef + ")");
+		}
+		
+		super.init();
+		
+		contextName = getOption("contextName", "COUNTRY");
+
+		String dataFile = getOption("dataFile", "/etc/ranger/data/userCountry.txt");
+
+		userCountryMap = readProperties(dataFile);
+
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerSampleCountryProvider.init(" + enricherDef + ")");
+		}
+	}
+
+	@Override
+	public void enrich(RangerAccessRequest request) {
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerSampleCountryProvider.enrich(" + request + ")");
+		}
+		
+		if(request != null && userCountryMap != null) {
+			Map<String, Object> context = request.getContext();
+			String              country = userCountryMap.getProperty(request.getUser());
+	
+			if(context != null && !StringUtils.isEmpty(country)) {
+				request.getContext().put(contextName, country);
+			} else {
+				if(LOG.isDebugEnabled()) {
+					LOG.debug("RangerSampleCountryProvider.enrich(): skipping due to unavailable context or country. context=" + context + "; country=" + country);
+				}
+			}
+		}
+
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerSampleCountryProvider.enrich(" + request + ")");
+		}
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/433ab852/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java
----------------------------------------------------------------------
diff --git a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java b/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java
new file mode 100644
index 0000000..d3de690
--- /dev/null
+++ b/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.contextenricher;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+
+import java.util.Map;
+import java.util.Properties;
+
+/**
+ * This is a sample implementation of a Context Enricher.  It works in conjunction with a sample Condition Evaluator
+ * <code>RangerSampleSimpleMatcher</code>. It This is how it would be used in service definition:
+ {
+    ... service def
+    ...
+    "contextEnrichers": [
+		{
+		 "itemId": 1, "name": "project-provider",
+		 "enricher": "org.apache.ranger.plugin.contextenricher.RangerSampleProjectProvider",
+		 "enricherOptions": { "contextName" : "PROJECT", "dataFile":"/etc/ranger/data/userProject.txt"}
+		}
+ 	...
+ }
+
+ contextName: is used to specify the name under which the enricher would push value into context.
+           For purposes of this example the default value of this parameter, if unspecified is PROJECT.  This default
+           can be seen specified in <code>init()</code>.
+ dataFile: is the file which contains the lookup data that this particular enricher would use to
+           ascertain which value to insert into the context.  For purposes of this example the default value of
+           this parameter, if unspecified is /etc/ranger/data/userProject.txt.  This default can be seen specified
+           in <code>init()</code>.  Format of lookup data is in the form of standard java properties list.
+
+ @see <a href="http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html#load(java.io.Reader)">Java Properties List</a>
+ */
+public class RangerSampleProjectProvider extends RangerAbstractContextEnricher {
+	private static final Log LOG = LogFactory.getLog(RangerSampleProjectProvider.class);
+
+	private String     contextName    = "PROJECT";
+	private Properties userProjectMap = null;
+	
+	@Override
+	public void init() {
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerSampleProjectProvider.init(" + enricherDef + ")");
+		}
+		
+		super.init();
+		
+		contextName = getOption("contextName", "PROJECT");
+
+		String dataFile = getOption("dataFile", "/etc/ranger/data/userProject.txt");
+
+		userProjectMap = readProperties(dataFile);
+
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerSampleProjectProvider.init(" + enricherDef + ")");
+		}
+	}
+
+	@Override
+	public void enrich(RangerAccessRequest request) {
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerSampleProjectProvider.enrich(" + request + ")");
+		}
+		
+		if(request != null && userProjectMap != null) {
+			Map<String, Object> context = request.getContext();
+			String              project = userProjectMap.getProperty(request.getUser());
+	
+			if(context != null && !StringUtils.isEmpty(project)) {
+				request.getContext().put(contextName, project);
+			} else {
+				if(LOG.isDebugEnabled()) {
+					LOG.debug("RangerSampleProjectProvider.enrich(): skipping due to unavailable context or project. context=" + context + "; project=" + project);
+				}
+			}
+		}
+
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerSampleProjectProvider.enrich(" + request + ")");
+		}
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/433ab852/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java
----------------------------------------------------------------------
diff --git a/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java b/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java
new file mode 100644
index 0000000..3e683ba
--- /dev/null
+++ b/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java
@@ -0,0 +1,139 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.conditionevaluator;
+
+
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+import java.util.*;
+
+public class RangerSampleSimpleMatcherTest {
+
+	final Map<String, String> _conditionOptions = new HashMap<String, String>();
+
+	{
+		_conditionOptions.put(RangerSampleSimpleMatcher.CONTEXT_NAME, RangerSampleSimpleMatcher.CONTEXT_NAME);
+	}
+
+	@Test
+	public void testIsMatched_happyPath() {
+		// this documents some unexpected behavior of the ip matcher
+		RangerSampleSimpleMatcher ipMatcher = createMatcher(new String[]{"US", "C*"} );
+		Assert.assertTrue(ipMatcher.isMatched(createRequest("US")));
+		Assert.assertTrue(ipMatcher.isMatched(createRequest("CA")));
+		Assert.assertTrue(ipMatcher.isMatched(createRequest("C---")));
+		Assert.assertFalse(ipMatcher.isMatched(createRequest(" US ")));
+		Assert.assertFalse(ipMatcher.isMatched(createRequest("Us")));
+		Assert.assertFalse(ipMatcher.isMatched(createRequest("ca")));
+	}
+	
+	@Test
+	public void test_firewallings() {
+		
+		// create a request for some policyValue, say, country and use it to match against matcher initialized with all sorts of bad data
+		RangerAccessRequest request = createRequest("AB");
+
+		RangerSampleSimpleMatcher matcher = new RangerSampleSimpleMatcher();
+		// Matcher initialized with null policy should behave sensibly!  It matches everything!
+		matcher.setConditionDef(null);
+		matcher.setPolicyItemCondition(null);
+		matcher.init();
+		Assert.assertTrue(matcher.isMatched(request));
+		
+		RangerPolicyItemCondition policyItemCondition = Mockito.mock(RangerPolicyItemCondition.class);
+		matcher.setConditionDef(null);
+		matcher.setPolicyItemCondition(policyItemCondition);
+		matcher.init();
+		Assert.assertTrue(matcher.isMatched(request));
+		
+		RangerPolicyConditionDef conditionDef = Mockito.mock(RangerPolicyConditionDef.class);
+		matcher.setConditionDef(conditionDef);
+		matcher.setPolicyItemCondition(null);
+		matcher.init();
+		Assert.assertTrue(matcher.isMatched(request));
+		
+		// so should a policy item condition with initialized with null list of values 
+		Mockito.when(policyItemCondition.getValues()).thenReturn(null);
+		matcher.setConditionDef(conditionDef);
+		matcher.setPolicyItemCondition(policyItemCondition);
+		matcher.init();
+		Assert.assertTrue(matcher.isMatched(request));
+
+		// not null item condition with empty condition list
+		List<String> values = new ArrayList<String>();
+		Mockito.when(policyItemCondition.getValues()).thenReturn(values);
+		matcher.setConditionDef(conditionDef);
+		matcher.setPolicyItemCondition(policyItemCondition);
+		matcher.init();
+		Assert.assertTrue(matcher.isMatched(request));
+
+		// values as sensible items in it, however, the conditionDef has null evaluator option, so that too suppresses any check
+		values.add("AB");
+		Mockito.when(policyItemCondition.getValues()).thenReturn(values);
+		Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(null);
+		matcher.setConditionDef(conditionDef);
+		matcher.setPolicyItemCondition(policyItemCondition);
+		matcher.init();
+		Assert.assertTrue(matcher.isMatched(request));
+
+		// If evaluator option on the condition def is non-null then it starts to evaluate for real
+		Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
+		matcher.setConditionDef(conditionDef);
+		matcher.setPolicyItemCondition(policyItemCondition);
+		matcher.init();
+		Assert.assertTrue(matcher.isMatched(request));
+	}
+	
+	RangerSampleSimpleMatcher createMatcher(String[] ipArray) {
+		RangerSampleSimpleMatcher matcher = new RangerSampleSimpleMatcher();
+
+		if (ipArray == null) {
+			matcher.setConditionDef(null);
+			matcher.setPolicyItemCondition(null);
+			matcher.init();
+		} else {
+			RangerPolicyItemCondition condition = Mockito.mock(RangerPolicyItemCondition.class);
+			List<String> addresses = Arrays.asList(ipArray);
+			Mockito.when(condition.getValues()).thenReturn(addresses);
+			
+			RangerPolicyConditionDef conditionDef = Mockito.mock(RangerPolicyConditionDef.class);
+
+			Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
+			matcher.setConditionDef(conditionDef);
+			matcher.setPolicyItemCondition(condition);
+			matcher.init();
+		}
+		
+		return matcher;
+	}
+	
+	RangerAccessRequest createRequest(String value) {
+		Map<String, Object> context = new HashMap<String, Object>();
+		context.put(RangerSampleSimpleMatcher.CONTEXT_NAME, value);
+		RangerAccessRequest request = Mockito.mock(RangerAccessRequest.class);
+		Mockito.when(request.getContext()).thenReturn(context);
+		return request;
+	}
+}


Mime
View raw message