ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ab...@apache.org
Subject ranger git commit: RANGER-1581: Ranger plugins need to support additional date formats for tag attribute values
Date Wed, 17 May 2017 04:28:08 GMT
Repository: ranger
Updated Branches:
  refs/heads/master e05276f05 -> a6daa264b


RANGER-1581: Ranger plugins need to support additional date formats for tag attribute values


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/a6daa264
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/a6daa264
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/a6daa264

Branch: refs/heads/master
Commit: a6daa264b6752ecd64473462799b774f621a2f6f
Parents: e05276f
Author: Abhay Kulkarni <akulkarni@hortonworks.com>
Authored: Tue May 16 21:08:11 2017 -0700
Committer: Abhay Kulkarni <akulkarni@hortonworks.com>
Committed: Tue May 16 21:08:11 2017 -0700

----------------------------------------------------------------------
 .../RangerScriptExecutionContext.java           | 83 +++++++++++++++++---
 .../plugin/policyengine/TestPolicyEngine.java   |  4 +
 .../test_policyengine_tag_hive.json             |  2 +-
 3 files changed, 77 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/a6daa264/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
index 923c188..c46f527 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
@@ -23,22 +23,69 @@ import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
 import org.apache.ranger.authorization.utils.StringUtil;
 import org.apache.ranger.plugin.contextenricher.RangerTagForEval;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
 import org.apache.ranger.plugin.policyengine.RangerAccessResource;
 import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
 
+import java.text.DateFormat;
 import java.text.SimpleDateFormat;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
 
 public final class RangerScriptExecutionContext {
 	private static final Log LOG = LogFactory.getLog(RangerScriptExecutionContext.class);
-	public static final String DATETIME_FORMAT_PATTERN = "yyyy/MM/dd";
+	private static final String TAG_ATTR_DATE_FORMAT_PROP                   = "ranger.plugin.tag.attr.additional.date.formats";
+	private static final String DEFAULT_RANGER_TAG_ATTRIBUTE_DATE_FORMAT    = "yyyy/MM/dd";
+	private static final String DEFAULT_ATLAS_TAG_ATTRIBUTE_DATE_FORMAT_NAME = "ATLAS_DATE_FORMAT";
+	private static final String DEFAULT_ATLAS_TAG_ATTRIBUTE_DATE_FORMAT     = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'";
 
 	private final RangerAccessRequest accessRequest;
 	private Boolean result = false;
 
+	private static String[] dateFormatStrings = null;
+
+	static {
+		StringBuilder sb = new StringBuilder(DEFAULT_RANGER_TAG_ATTRIBUTE_DATE_FORMAT);
+
+		String additionalDateFormatsValue = RangerConfiguration.getInstance().get(TAG_ATTR_DATE_FORMAT_PROP);
+		if (StringUtils.isNotBlank(additionalDateFormatsValue)) {
+			sb.append(", ").append(additionalDateFormatsValue);
+		}
+
+		dateFormatStrings = sb.toString().split(", ");
+	}
+
+	private static final ThreadLocal<List<DateFormat>> THREADLOCAL_DATE_FORMATS
=
+			new ThreadLocal<List<DateFormat>>() {
+				@Override protected List<DateFormat> initialValue() {
+					List<DateFormat> ret = new ArrayList<>();
+
+					for (String dateFormatString : dateFormatStrings) {
+						try {
+							if (StringUtils.isNotBlank(dateFormatString)) {
+								if (StringUtils.equalsIgnoreCase(dateFormatString, DEFAULT_ATLAS_TAG_ATTRIBUTE_DATE_FORMAT_NAME))
{
+									dateFormatString = DEFAULT_ATLAS_TAG_ATTRIBUTE_DATE_FORMAT;
+								}
+								DateFormat df = new SimpleDateFormat(dateFormatString);
+								ret.add(df);
+							}
+						} catch (Exception exception) {
+							// Ignore
+						}
+					}
+
+					return ret;
+				}
+			};
+
 	RangerScriptExecutionContext(final RangerAccessRequest accessRequest) {
 		this.accessRequest = accessRequest;
 	}
@@ -205,23 +252,37 @@ public final class RangerScriptExecutionContext {
 
 	// Utilities - TODO
 
+	public Date getAsDate(String value, DateFormat df) {
+		Date ret = null;
+
+		try {
+			if (df != null) {
+				ret = df.parse(value);
+			}
+		} catch (Exception ex) {
+		}
+
+		return ret;
+	}
+
 	public Date getAsDate(String value) {
 		Date ret = null;
 
 		if (StringUtils.isNotBlank(value)) {
-			SimpleDateFormat df = new SimpleDateFormat(DATETIME_FORMAT_PATTERN);
-			try {
-				Date expiryDate = df.parse(value);
-				if (expiryDate == null) {
-					LOG.error("Could not parse provided expiry_date into a valid date, expiry_date=" + value
+ ", Format-String=" + DATETIME_FORMAT_PATTERN);
-				} else {
-					ret = StringUtil.getUTCDateForLocalDate(expiryDate);
+			for (DateFormat dateFormat : THREADLOCAL_DATE_FORMATS.get()) {
+				ret = getAsDate(value, dateFormat);
+				if (ret != null) {
+					break;
 				}
-			} catch (Exception ex) {
-				LOG.error("RangerScriptExecutionContext.getAsDate() - Could not convert " + value + "
to Date, exception=" + ex);
 			}
 		}
 
+		if (ret == null) {
+			LOG.error("RangerScriptExecutionContext.getAsDate() - Could not convert [" + value + "]
to Date using any of the Format-Strings: " + Arrays.toString(dateFormatStrings));
+		} else {
+			ret = StringUtil.getUTCDateForLocalDate(ret);
+		}
+
 		return ret;
 	}
 

http://git-wip-us.apache.org/repos/asf/ranger/blob/a6daa264/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
index 5948a74..e556f16 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
@@ -147,6 +147,10 @@ public class TestPolicyEngine {
 				"                <name>ranger.plugin.hive.trusted.proxy.ipaddresses</name>\n"
+
 				"                <value>255.255.255.255; 128.101.101.101;128.101.101.99</value>\n"
+
 				"        </property>\n" +
+				"        <property>\n" +
+				"                <name>ranger.plugin.tag.attr.additional.date.formats</name>\n"
+
+				"                <value>abcd, ATLAS_DATE_FORMAT</value>\n" +
+				"        </property>\n" +
 				"</configuration>\n");
 		writer.close();
 

http://git-wip-us.apache.org/repos/asf/ranger/blob/a6daa264/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json
b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json
index 1c7662d..34ccaac 100644
--- a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json
+++ b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json
@@ -224,7 +224,7 @@
         "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}},
         "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from
employee.personal;' for user1",
 
-        "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"2026/06/15\"},
\"matchType\":1}]"}
+        "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"2026-06-15T15:05:15.000Z\"},
\"matchType\":1}]"}
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":101}
     },


Mime
View raw message