ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject ranger git commit: RANGER-1834: row filter policies are not being returned by policy search
Date Fri, 13 Oct 2017 20:49:17 GMT
Repository: ranger
Updated Branches:
  refs/heads/ranger-0.7 c2e1ec9c7 -> 448182cd3


RANGER-1834: row filter policies are not being returned by policy search

Signed-off-by: Madhan Neethiraj <madhan@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/448182cd
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/448182cd
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/448182cd

Branch: refs/heads/ranger-0.7
Commit: 448182cd3789a69b23fcb9bf09a65935e23740dc
Parents: c2e1ec9
Author: Abhay Kulkarni <akulkarni@hortonworks.com>
Authored: Wed Oct 11 17:06:22 2017 -0700
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Fri Oct 13 13:35:05 2017 -0700

----------------------------------------------------------------------
 .../RangerDefaultPolicyResourceMatcher.java     | 21 ++++++--
 .../RangerPolicyResourceMatcher.java            |  2 +
 .../org/apache/ranger/biz/ServiceDBStore.java   | 53 ++++++++++----------
 3 files changed, 44 insertions(+), 32 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/448182cd/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
index be10b95..8f1e102 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
@@ -46,7 +46,7 @@ public class RangerDefaultPolicyResourceMatcher implements RangerPolicyResourceM
 	private static final Log LOG = LogFactory.getLog(RangerDefaultPolicyResourceMatcher.class);
 
 	protected RangerServiceDef                  serviceDef      = null;
-	protected RangerPolicy                      policy          = null;
+	protected int                               policyType;
 	protected Map<String, RangerPolicyResource> policyResources = null;
 
 	private Map<String, RangerResourceMatcher> matchers = null;
@@ -70,14 +70,23 @@ public class RangerDefaultPolicyResourceMatcher implements RangerPolicyResourceM
 
 	@Override
 	public void setPolicy(RangerPolicy policy) {
-		this.policy = policy;
 
-		setPolicyResources(policy == null ? null : policy.getResources());
+		if (policy == null) {
+			setPolicyResources(null, RangerPolicy.POLICY_TYPE_ACCESS);
+		} else {
+			setPolicyResources(policy.getResources(), policy.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS
: policy.getPolicyType());
+		}
 	}
 
 	@Override
 	public void setPolicyResources(Map<String, RangerPolicyResource> policyResources)
{
+		setPolicyResources(policyResources, RangerPolicy.POLICY_TYPE_ACCESS);
+	}
+
+	@Override
+	public void setPolicyResources(Map<String, RangerPolicyResource> policyResources,
int policyType) {
 		this.policyResources = policyResources;
+		this.policyType = policyType;
 	}
 
 	@Override
@@ -98,7 +107,6 @@ public class RangerDefaultPolicyResourceMatcher implements RangerPolicyResourceM
 			Set<String> policyResourceKeySet = policyResources.keySet();
 
 			RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef, false);
-			int policyType = policy != null && policy.getPolicyType() != null ? policy.getPolicyType()
: RangerPolicy.POLICY_TYPE_ACCESS;
 			Set<List<RangerResourceDef>> validResourceHierarchies = serviceDefHelper.getResourceHierarchies(policyType);
 
 			for (List<RangerResourceDef> validResourceHierarchy : validResourceHierarchies)
{
@@ -371,6 +379,10 @@ public class RangerDefaultPolicyResourceMatcher implements RangerPolicyResourceM
 		boolean ret = false;
 		MatchType matchType = MatchType.NONE;
 
+		if (policy.getPolicyType() != policyType) {
+			return ret;
+		}
+
 		Map<String, RangerPolicyResource> resources = policy.getResources();
 
 		if (MapUtils.isNotEmpty(resources)) {
@@ -539,7 +551,6 @@ public class RangerDefaultPolicyResourceMatcher implements RangerPolicyResourceM
 						aValidHierarchy = firstValidResourceDefHierarchy;
 					} else {
 						RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef, false);
-						int policyType = policy != null && policy.getPolicyType() != null ? policy.getPolicyType()
: RangerPolicy.POLICY_TYPE_ACCESS;
 						Set<List<RangerResourceDef>> validResourceHierarchies = serviceDefHelper.getResourceHierarchies(policyType);
 
 						for (List<RangerResourceDef> resourceHierarchy : validResourceHierarchies) {

http://git-wip-us.apache.org/repos/asf/ranger/blob/448182cd/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java
index b4dc2c5..9cc4bd6 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java
@@ -37,6 +37,8 @@ public interface RangerPolicyResourceMatcher {
 
 	void setPolicyResources(Map<String, RangerPolicyResource> policyResources);
 
+	void setPolicyResources(Map<String, RangerPolicyResource> policyResources, int policyType);
+
 	void init();
 
 	RangerServiceDef getServiceDef();

http://git-wip-us.apache.org/repos/asf/ranger/blob/448182cd/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 9de40d9..d951090 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -2320,48 +2320,47 @@ public class ServiceDBStore extends AbstractServiceStore {
 
 		String policyTypeStr = filter.getParam(SearchFilter.POLICY_TYPE);
 
-		int policyType = RangerPolicy.POLICY_TYPE_ACCESS;
+		List<Integer> policyTypes = new ArrayList<>();
 
 		if (StringUtils.isNotBlank(policyTypeStr)) {
-			policyType = Integer.parseInt(policyTypeStr);
-		}
-
-		Set<List<RangerResourceDef>> validResourceHierarchies = serviceDefHelper.getResourceHierarchies(policyType,
filterResources.keySet());
-
-		if (LOG.isDebugEnabled()) {
-			LOG.debug("Found " + validResourceHierarchies.size() + " valid resource hierarchies for
key-set " + filterResources.keySet());
+			policyTypes.add(Integer.parseInt(policyTypeStr));
+		} else {
+			policyTypes.add(RangerPolicy.POLICY_TYPE_ACCESS);
+			policyTypes.add(RangerPolicy.POLICY_TYPE_DATAMASK);
+			policyTypes.add(RangerPolicy.POLICY_TYPE_ROWFILTER);
 		}
 
-		List<List<RangerResourceDef>> resourceHierarchies = new ArrayList<List<RangerResourceDef>>(validResourceHierarchies);
-
-		for (List<RangerResourceDef> validResourceHierarchy : resourceHierarchies) {
+		for (Integer policyType : policyTypes) {
+			Set<List<RangerResourceDef>> validResourceHierarchies = serviceDefHelper.getResourceHierarchies(policyType,
filterResources.keySet());
 
 			if (LOG.isDebugEnabled()) {
-				LOG.debug("validResourceHierarchy:[" + validResourceHierarchy + "]");
+				LOG.debug("Found " + validResourceHierarchies.size() + " valid resource hierarchies for
key-set " + filterResources.keySet());
 			}
 
-			Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
-
-			for (RangerResourceDef resourceDef : validResourceHierarchy) {
+			List<List<RangerResourceDef>> resourceHierarchies = new ArrayList<List<RangerResourceDef>>(validResourceHierarchies);
 
-				String resourceValue = filterResources.get(resourceDef.getName());
+			for (List<RangerResourceDef> validResourceHierarchy : resourceHierarchies) {
 
-				if (StringUtils.isBlank(resourceValue)) {
-					resourceValue = RangerAbstractResourceMatcher.WILDCARD_ASTERISK;
+				if (LOG.isDebugEnabled()) {
+					LOG.debug("validResourceHierarchy:[" + validResourceHierarchy + "]");
 				}
 
-				policyResources.put(resourceDef.getName(), new RangerPolicyResource(resourceValue, false,
resourceDef.getRecursiveSupported()));
-			}
+				Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
 
-			RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher();
-			matcher.setServiceDef(serviceDef);
-			matcher.setPolicyResources(policyResources);
-			matcher.init();
+				for (RangerResourceDef resourceDef : validResourceHierarchy) {
+					policyResources.put(resourceDef.getName(), new RangerPolicyResource(filterResources.get(resourceDef.getName()),
false, resourceDef.getRecursiveSupported()));
+				}
 
-			ret.add(matcher);
+				RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher();
+				matcher.setServiceDef(serviceDef);
+				matcher.setPolicyResources(policyResources, policyType);
+				matcher.init();
 
-			if (LOG.isDebugEnabled()) {
-				LOG.debug("Added matcher:[" + matcher + "]");
+				ret.add(matcher);
+
+				if (LOG.isDebugEnabled()) {
+					LOG.debug("Added matcher:[" + matcher + "]");
+				}
 			}
 		}
 


Mime
View raw message