ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [1/2] incubator-ranger git commit: RANGER-881: sample application and its Ranger plugin to help understand Ranger authorization addition to an application
Date Wed, 09 Mar 2016 19:16:12 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master 13e6b9586 -> f06795e2e


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
----------------------------------------------------------------------
diff --git a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
b/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
deleted file mode 100644
index 198dc5f..0000000
--- a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.contextenricher;
-
-import java.util.Map;
-import java.util.Properties;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-
-/**
- * This is a sample implementation of a Context Enricher.  It works in conjunction with a
sample Condition Evaluator
- * <code>RangerSampleSimpleMatcher</code>. It This is how it would be used in
service definition:
-	{
-		... service def
-		...
-		"contextEnrichers": [
-		{
-			"itemId": 1, "name": "country-provider",
-			"enricher": "org.apache.ranger.plugin.contextenricher.RangerSampleCountryProvider",
-			"enricherOptions": { "contextName" : "COUNTRY", "dataFile":"/etc/ranger/data/userCountry.txt"}
-		}
-		...
-	}
-
- contextName: is used to specify the name under which the enricher would push value into
context.
-	 For purposes of this example the default value of this parameter, if unspecified is COUNTRY.
 This default
-	 can be seen specified in <code>init()</code>.
- dataFile: is the file which contains the lookup data that this particular enricher would
use to
-	 ascertain which value to insert into the context.  For purposes of this example the default
value of
-	 this parameter, if unspecified is /etc/ranger/data/userCountry.txt.  This default can be
seen specified
-	 in <code>init()</code>.  Format of lookup data is in the form of standard java
properties list.
-
- @see <a href="http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html#load(java.io.Reader)">Java
Properties List</a>
- *
- * This Context Enricher is almost identical to another sample enricher <code>RangerSampleProjectProvider</code>.
- */
-public class RangerSampleCountryProvider extends RangerAbstractContextEnricher {
-	private static final Log LOG = LogFactory.getLog(RangerSampleCountryProvider.class);
-
-	private String     contextName    = "COUNTRY";
-	private Properties userCountryMap = null;
-	
-	@Override
-	public void init() {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerSampleCountryProvider.init(" + enricherDef + ")");
-		}
-		
-		super.init();
-		
-		contextName = getOption("contextName", "COUNTRY");
-
-		String dataFile = getOption("dataFile", "/etc/ranger/data/userCountry.txt");
-
-		userCountryMap = readProperties(dataFile);
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerSampleCountryProvider.init(" + enricherDef + ")");
-		}
-	}
-
-	@Override
-	public void enrich(RangerAccessRequest request) {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerSampleCountryProvider.enrich(" + request + ")");
-		}
-		
-		if(request != null && userCountryMap != null) {
-			Map<String, Object> context = request.getContext();
-			String              country = userCountryMap.getProperty(request.getUser());
-	
-			if(context != null && !StringUtils.isEmpty(country)) {
-				request.getContext().put(contextName, country);
-			} else {
-				if(LOG.isDebugEnabled()) {
-					LOG.debug("RangerSampleCountryProvider.enrich(): skipping due to unavailable context
or country. context=" + context + "; country=" + country);
-				}
-			}
-		}
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerSampleCountryProvider.enrich(" + request + ")");
-		}
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java
----------------------------------------------------------------------
diff --git a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java
b/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java
deleted file mode 100644
index d3de690..0000000
--- a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.contextenricher;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-
-import java.util.Map;
-import java.util.Properties;
-
-/**
- * This is a sample implementation of a Context Enricher.  It works in conjunction with a
sample Condition Evaluator
- * <code>RangerSampleSimpleMatcher</code>. It This is how it would be used in
service definition:
- {
-    ... service def
-    ...
-    "contextEnrichers": [
-		{
-		 "itemId": 1, "name": "project-provider",
-		 "enricher": "org.apache.ranger.plugin.contextenricher.RangerSampleProjectProvider",
-		 "enricherOptions": { "contextName" : "PROJECT", "dataFile":"/etc/ranger/data/userProject.txt"}
-		}
- 	...
- }
-
- contextName: is used to specify the name under which the enricher would push value into
context.
-           For purposes of this example the default value of this parameter, if unspecified
is PROJECT.  This default
-           can be seen specified in <code>init()</code>.
- dataFile: is the file which contains the lookup data that this particular enricher would
use to
-           ascertain which value to insert into the context.  For purposes of this example
the default value of
-           this parameter, if unspecified is /etc/ranger/data/userProject.txt.  This default
can be seen specified
-           in <code>init()</code>.  Format of lookup data is in the form of standard
java properties list.
-
- @see <a href="http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html#load(java.io.Reader)">Java
Properties List</a>
- */
-public class RangerSampleProjectProvider extends RangerAbstractContextEnricher {
-	private static final Log LOG = LogFactory.getLog(RangerSampleProjectProvider.class);
-
-	private String     contextName    = "PROJECT";
-	private Properties userProjectMap = null;
-	
-	@Override
-	public void init() {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerSampleProjectProvider.init(" + enricherDef + ")");
-		}
-		
-		super.init();
-		
-		contextName = getOption("contextName", "PROJECT");
-
-		String dataFile = getOption("dataFile", "/etc/ranger/data/userProject.txt");
-
-		userProjectMap = readProperties(dataFile);
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerSampleProjectProvider.init(" + enricherDef + ")");
-		}
-	}
-
-	@Override
-	public void enrich(RangerAccessRequest request) {
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("==> RangerSampleProjectProvider.enrich(" + request + ")");
-		}
-		
-		if(request != null && userProjectMap != null) {
-			Map<String, Object> context = request.getContext();
-			String              project = userProjectMap.getProperty(request.getUser());
-	
-			if(context != null && !StringUtils.isEmpty(project)) {
-				request.getContext().put(contextName, project);
-			} else {
-				if(LOG.isDebugEnabled()) {
-					LOG.debug("RangerSampleProjectProvider.enrich(): skipping due to unavailable context
or project. context=" + context + "; project=" + project);
-				}
-			}
-		}
-
-		if(LOG.isDebugEnabled()) {
-			LOG.debug("<== RangerSampleProjectProvider.enrich(" + request + ")");
-		}
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java
----------------------------------------------------------------------
diff --git a/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java
b/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java
deleted file mode 100644
index 3e683ba..0000000
--- a/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.conditionevaluator;
-
-
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-import org.junit.Assert;
-import org.junit.Test;
-import org.mockito.Mockito;
-
-import java.util.*;
-
-public class RangerSampleSimpleMatcherTest {
-
-	final Map<String, String> _conditionOptions = new HashMap<String, String>();
-
-	{
-		_conditionOptions.put(RangerSampleSimpleMatcher.CONTEXT_NAME, RangerSampleSimpleMatcher.CONTEXT_NAME);
-	}
-
-	@Test
-	public void testIsMatched_happyPath() {
-		// this documents some unexpected behavior of the ip matcher
-		RangerSampleSimpleMatcher ipMatcher = createMatcher(new String[]{"US", "C*"} );
-		Assert.assertTrue(ipMatcher.isMatched(createRequest("US")));
-		Assert.assertTrue(ipMatcher.isMatched(createRequest("CA")));
-		Assert.assertTrue(ipMatcher.isMatched(createRequest("C---")));
-		Assert.assertFalse(ipMatcher.isMatched(createRequest(" US ")));
-		Assert.assertFalse(ipMatcher.isMatched(createRequest("Us")));
-		Assert.assertFalse(ipMatcher.isMatched(createRequest("ca")));
-	}
-	
-	@Test
-	public void test_firewallings() {
-		
-		// create a request for some policyValue, say, country and use it to match against matcher
initialized with all sorts of bad data
-		RangerAccessRequest request = createRequest("AB");
-
-		RangerSampleSimpleMatcher matcher = new RangerSampleSimpleMatcher();
-		// Matcher initialized with null policy should behave sensibly!  It matches everything!
-		matcher.setConditionDef(null);
-		matcher.setPolicyItemCondition(null);
-		matcher.init();
-		Assert.assertTrue(matcher.isMatched(request));
-		
-		RangerPolicyItemCondition policyItemCondition = Mockito.mock(RangerPolicyItemCondition.class);
-		matcher.setConditionDef(null);
-		matcher.setPolicyItemCondition(policyItemCondition);
-		matcher.init();
-		Assert.assertTrue(matcher.isMatched(request));
-		
-		RangerPolicyConditionDef conditionDef = Mockito.mock(RangerPolicyConditionDef.class);
-		matcher.setConditionDef(conditionDef);
-		matcher.setPolicyItemCondition(null);
-		matcher.init();
-		Assert.assertTrue(matcher.isMatched(request));
-		
-		// so should a policy item condition with initialized with null list of values 
-		Mockito.when(policyItemCondition.getValues()).thenReturn(null);
-		matcher.setConditionDef(conditionDef);
-		matcher.setPolicyItemCondition(policyItemCondition);
-		matcher.init();
-		Assert.assertTrue(matcher.isMatched(request));
-
-		// not null item condition with empty condition list
-		List<String> values = new ArrayList<String>();
-		Mockito.when(policyItemCondition.getValues()).thenReturn(values);
-		matcher.setConditionDef(conditionDef);
-		matcher.setPolicyItemCondition(policyItemCondition);
-		matcher.init();
-		Assert.assertTrue(matcher.isMatched(request));
-
-		// values as sensible items in it, however, the conditionDef has null evaluator option,
so that too suppresses any check
-		values.add("AB");
-		Mockito.when(policyItemCondition.getValues()).thenReturn(values);
-		Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(null);
-		matcher.setConditionDef(conditionDef);
-		matcher.setPolicyItemCondition(policyItemCondition);
-		matcher.init();
-		Assert.assertTrue(matcher.isMatched(request));
-
-		// If evaluator option on the condition def is non-null then it starts to evaluate for
real
-		Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
-		matcher.setConditionDef(conditionDef);
-		matcher.setPolicyItemCondition(policyItemCondition);
-		matcher.init();
-		Assert.assertTrue(matcher.isMatched(request));
-	}
-	
-	RangerSampleSimpleMatcher createMatcher(String[] ipArray) {
-		RangerSampleSimpleMatcher matcher = new RangerSampleSimpleMatcher();
-
-		if (ipArray == null) {
-			matcher.setConditionDef(null);
-			matcher.setPolicyItemCondition(null);
-			matcher.init();
-		} else {
-			RangerPolicyItemCondition condition = Mockito.mock(RangerPolicyItemCondition.class);
-			List<String> addresses = Arrays.asList(ipArray);
-			Mockito.when(condition.getValues()).thenReturn(addresses);
-			
-			RangerPolicyConditionDef conditionDef = Mockito.mock(RangerPolicyConditionDef.class);
-
-			Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
-			matcher.setConditionDef(conditionDef);
-			matcher.setPolicyItemCondition(condition);
-			matcher.init();
-		}
-		
-		return matcher;
-	}
-	
-	RangerAccessRequest createRequest(String value) {
-		Map<String, Object> context = new HashMap<String, Object>();
-		context.put(RangerSampleSimpleMatcher.CONTEXT_NAME, value);
-		RangerAccessRequest request = Mockito.mock(RangerAccessRequest.class);
-		Mockito.when(request.getContext()).thenReturn(context);
-		return request;
-	}
-}


Mime
View raw message