From commits-return-4681-archive-asf-public=cust-asf.ponee.io@ranger.apache.org Tue Sep 4 14:58:22 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id C45F218077A for ; Tue, 4 Sep 2018 14:58:18 +0200 (CEST) Received: (qmail 51865 invoked by uid 500); 4 Sep 2018 12:58:13 -0000 Mailing-List: contact commits-help@ranger.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ranger.apache.org Delivered-To: mailing list commits@ranger.apache.org Received: (qmail 51538 invoked by uid 99); 4 Sep 2018 12:58:12 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Sep 2018 12:58:12 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 094BFE1181; Tue, 4 Sep 2018 12:58:12 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: mehul@apache.org To: commits@ranger.apache.org Date: Tue, 04 Sep 2018 12:58:31 -0000 Message-Id: <5fe62ebcaafb49d78a3e5573789f9c0e@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [21/28] ranger git commit: RANGER-2167 - Upgrade to Apache parent pom version 20 RANGER-2167 - Upgrade to Apache parent pom version 20 Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/b66e98dc Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/b66e98dc Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/b66e98dc Branch: refs/heads/ranger-1.1 Commit: b66e98dc94c9a298d68cad13d120406e1c0802d0 Parents: 6dcf1a9 Author: Colm O hEigeartaigh Authored: Wed Aug 15 17:29:21 2018 +0100 Committer: Mehul Parikh Committed: Tue Sep 4 11:43:44 2018 +0530 ---------------------------------------------------------------------- .../plugin/model/RangerValiditySchedule.java | 4 - .../validation/RangerServiceValidator.java | 18 ++-- .../model/validation/RangerValidator.java | 1 - .../RangerValidityScheduleValidator.java | 1 - .../plugin/policyengine/RangerResourceACLs.java | 10 +- .../RangerDefaultPolicyEvaluator.java | 9 +- .../RangerValidityScheduleEvaluator.java | 1 - .../model/validation/TestRangerValidator.java | 3 - dev-support/ranger-pmd-ruleset.xml | 4 +- .../hadoop/RangerHdfsAuthorizer.java | 12 +-- .../hadoop/crypto/key/RangerKeyStore.java | 26 ++--- .../atlas/authorizer/RangerAtlasAuthorizer.java | 3 +- .../KafkaRangerAuthorizerGSSTest.java | 3 +- .../kms/authorizer/RangerKmsAuthorizer.java | 4 +- .../ranger/services/kms/client/KMSClient.java | 7 +- .../services/nifi/client/NiFiConnectionMgr.java | 1 - pom.xml | 2 +- .../RangerPolicyEnginePerformanceTest.java | 1 - .../org/apache/ranger/rest/ServiceREST.java | 5 +- .../filter/RangerKRBAuthenticationFilter.java | 6 +- .../security/web/filter/RangerKrbFilter.java | 2 - .../ranger/service/RangerPolicyService.java | 106 +++++++++---------- .../ranger/service/RangerServiceService.java | 28 +++-- .../apache/ranger/biz/TestServiceDBStore.java | 13 --- 24 files changed, 118 insertions(+), 152 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerValiditySchedule.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerValiditySchedule.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerValiditySchedule.java index 55f787d..d2271ae 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerValiditySchedule.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerValiditySchedule.java @@ -24,8 +24,6 @@ import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlRootElement; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.codehaus.jackson.annotate.JsonAutoDetect; import org.codehaus.jackson.annotate.JsonIgnoreProperties; import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; @@ -44,8 +42,6 @@ import java.util.List; public class RangerValiditySchedule implements Serializable { - private static final Log LOG = LogFactory.getLog(RangerValiditySchedule.class); - public static final String VALIDITY_SCHEDULE_DATE_STRING_SPECIFICATION = "yyyy/MM/dd HH:mm:ss"; private String startTime; http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java index b64de32..9b5d8d5 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java @@ -37,12 +37,12 @@ import com.google.common.collect.Sets; public class RangerServiceValidator extends RangerValidator { private static final Log LOG = LogFactory.getLog(RangerServiceValidator.class); static final public String VALIDATION_SERVICE_NAME = "^[a-zA-Z0-9_-][a-zA-Z0-9\\s_-]{0,254}"; - - static Pattern serviceNameCompiledRegEx; + + static Pattern serviceNameCompiledRegEx; public RangerServiceValidator(ServiceStore store) { super(store); } - + public void validate(RangerService service, Action action) throws Exception { if(LOG.isDebugEnabled()) { LOG.debug(String.format("==> RangerServiceValidator.validate(%s, %s)", service, action)); @@ -62,7 +62,7 @@ public class RangerServiceValidator extends RangerValidator { } } } - + boolean isValid(Long id, Action action, List failures) { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerServiceValidator.isValid(" + id + ")"); @@ -97,7 +97,7 @@ public class RangerServiceValidator extends RangerValidator { } return valid; } - + boolean isValid(RangerService service, Action action, List failures) { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerServiceValidator.isValid(" + service + ")"); @@ -105,7 +105,7 @@ public class RangerServiceValidator extends RangerValidator { if (!(action == Action.CREATE || action == Action.UPDATE)) { throw new IllegalArgumentException("isValid(RangerService, ...) is only supported for CREATE/UPDATE"); } - + boolean valid = true; if (service == null) { ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_NULL_SERVICE_OBJECT; @@ -272,15 +272,15 @@ public class RangerServiceValidator extends RangerValidator { } return valid; } - + public boolean regExPatternMatch(String expression, String inputStr) { Pattern pattern = serviceNameCompiledRegEx; if (pattern == null) { pattern = Pattern.compile(expression, Pattern.CASE_INSENSITIVE); serviceNameCompiledRegEx = pattern; } - - return pattern != null ? pattern.matcher(inputStr).matches() : false; + + return pattern != null && pattern.matcher(inputStr).matches(); } public boolean validateString(String regExStr, String str) { http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java index ed5aa8d..c7062dd 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java @@ -45,7 +45,6 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; import org.apache.ranger.plugin.store.ServiceStore; import org.apache.ranger.plugin.util.RangerObjectFactory; -import org.apache.ranger.plugin.util.SearchFilter; public abstract class RangerValidator { http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidityScheduleValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidityScheduleValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidityScheduleValidator.java index f34d124..3bfdf93 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidityScheduleValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidityScheduleValidator.java @@ -24,7 +24,6 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import java.io.Serializable; import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java index 34098fa..adee37e 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java @@ -20,7 +20,6 @@ package org.apache.ranger.plugin.policyengine; import org.apache.commons.lang.StringUtils; -import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator; import org.codehaus.jackson.annotate.JsonAutoDetect; import org.codehaus.jackson.annotate.JsonIgnoreProperties; import org.codehaus.jackson.map.annotate.JsonSerialize; @@ -33,6 +32,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import static org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator.ACCESS_ALLOWED; import static org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator.ACCESS_DENIED; public class RangerResourceACLs { @@ -59,7 +59,7 @@ public class RangerResourceACLs { AccessResult accessResult = entry.getValue(); int access = accessResult.getResult(); - if (access == RangerPolicyEvaluator.ACCESS_DENIED || access == RangerPolicyEvaluator.ACCESS_ALLOWED) { + if (access == ACCESS_DENIED || access == ACCESS_ALLOWED) { for (Map.Entry> mapEntry : userACLs.entrySet()) { Map mapValue = mapEntry.getValue(); AccessResult savedAccessResult = mapValue.get(accessType); @@ -223,10 +223,12 @@ public class RangerResourceACLs { } @Override public String toString() { - if (result == RangerPolicyEvaluator.ACCESS_ALLOWED) + if (result == ACCESS_ALLOWED) { return "ALLOWED, final=" + isFinal; - if (result == RangerPolicyEvaluator.ACCESS_DENIED) + } + if (result == ACCESS_DENIED) { return "NOT_ALLOWED, final=" + isFinal; + } return "CONDITIONAL_ALLOWED, final=" + isFinal; } } http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java index 05a9f40..2a5ee54 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java @@ -651,7 +651,6 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator int allowedAccessCount = 0; int deniedAccessCount = 0; - int deniedWithException = 0; int undeterminedAccessCount = 0; int accessesSize = 0; @@ -665,12 +664,8 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator allowedAccessCount++; } else if (accessResult.getResult() == RangerPolicyEvaluator.ACCESS_DENIED) { deniedAccessCount++; - } else if (accessResult.getResult() == RangerPolicyEvaluator.ACCESS_UNDETERMINED) { - if (accessResult.getHasSeenDeny()) { - deniedWithException++; - } else { - undeterminedAccessCount++; - } + } else if (accessResult.getResult() == RangerPolicyEvaluator.ACCESS_UNDETERMINED && !accessResult.getHasSeenDeny()) { + undeterminedAccessCount++; } accessesSize++; } http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerValidityScheduleEvaluator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerValidityScheduleEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerValidityScheduleEvaluator.java index b48ff3b..6715e2b 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerValidityScheduleEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerValidityScheduleEvaluator.java @@ -32,7 +32,6 @@ import org.apache.ranger.plugin.resourcematcher.ScheduledTimeRangeMatcher; import org.apache.ranger.plugin.util.RangerPerfTracer; import javax.annotation.Nonnull; -import java.io.Serializable; import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerValidator.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerValidator.java index f9b3428..5bdffda 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerValidator.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerValidator.java @@ -21,7 +21,6 @@ package org.apache.ranger.plugin.model.validation; import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import java.util.ArrayList; @@ -43,7 +42,6 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; import org.apache.ranger.plugin.model.validation.RangerValidator.Action; import org.apache.ranger.plugin.store.ServiceStore; -import org.apache.ranger.plugin.util.SearchFilter; import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -59,7 +57,6 @@ public class TestRangerValidator { } boolean isValid(String behavior) { - boolean valid; return "valid".equals(behavior); } } http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/dev-support/ranger-pmd-ruleset.xml ---------------------------------------------------------------------- diff --git a/dev-support/ranger-pmd-ruleset.xml b/dev-support/ranger-pmd-ruleset.xml index f03cda3..65a4f1d 100644 --- a/dev-support/ranger-pmd-ruleset.xml +++ b/dev-support/ranger-pmd-ruleset.xml @@ -31,7 +31,9 @@ - + + + http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java ---------------------------------------------------------------------- diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java index cccc759..65a397d 100644 --- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java +++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java @@ -495,7 +495,7 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider { } if (RangerHadoopConstants.HDFS_ROOT_FOLDER_PATH_ALT.equals(path)) { - path = RangerHadoopConstants.HDFS_ROOT_FOLDER_PATH; + path = HDFS_ROOT_FOLDER_PATH; } if (LOG.isDebugEnabled()) { @@ -612,7 +612,7 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider { } if (RangerHadoopConstants.HDFS_ROOT_FOLDER_PATH_ALT.equals(path)) { - path = RangerHadoopConstants.HDFS_ROOT_FOLDER_PATH; + path = HDFS_ROOT_FOLDER_PATH; } if(LOG.isDebugEnabled()) { @@ -666,7 +666,7 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider { } if (RangerHadoopConstants.HDFS_ROOT_FOLDER_PATH_ALT.equals(path)) { - path = RangerHadoopConstants.HDFS_ROOT_FOLDER_PATH; + path = HDFS_ROOT_FOLDER_PATH; } if (LOG.isDebugEnabled()) { @@ -731,10 +731,10 @@ class RangerHdfsPlugin extends RangerBasePlugin { public RangerHdfsPlugin() { super("hdfs", "hdfs"); } - + public void init() { super.init(); - + RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT); RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR); RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT); @@ -801,7 +801,7 @@ class RangerHdfsAccessRequest extends RangerAccessRequestImpl { buildRequestContext(inode); } } - + private static String getRemoteIp() { String ret = null; InetAddress ip = Server.getRemoteIp(); http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java index cd5a8c2..86f1a29 100644 --- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java @@ -45,10 +45,13 @@ import java.security.SecureRandom; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import java.security.cert.CertificateException; +import java.util.Collections; import java.util.Date; import java.util.Enumeration; -import java.util.Hashtable; import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.concurrent.ConcurrentHashMap; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -97,8 +100,8 @@ public class RangerKeyStore extends KeyStoreSpi { int version; } - private Hashtable keyEntries = new Hashtable(); - private Hashtable deltaEntries = new Hashtable(); + private Map keyEntries = new ConcurrentHashMap<>(); + private Map deltaEntries = new ConcurrentHashMap<>(); RangerKeyStore() { } @@ -265,7 +268,7 @@ public class RangerKeyStore extends KeyStoreSpi { @Override public Enumeration engineAliases() { - return keyEntries.keys(); + return Collections.enumeration(keyEntries.keySet()); } @Override @@ -293,24 +296,23 @@ public class RangerKeyStore extends KeyStoreSpi { MessageDigest md = getKeyedMessageDigest(password); byte digest[] = md.digest(); - for (Enumeration e = deltaEntries.keys(); e.hasMoreElements(); ) { + for (Entry entry : deltaEntries.entrySet()) { ByteArrayOutputStream baos = new ByteArrayOutputStream(); DataOutputStream dos = new DataOutputStream(new DigestOutputStream(baos, md)); ObjectOutputStream oos = null; try { - String alias = e.nextElement(); - Object entry = deltaEntries.get(alias); - oos = new ObjectOutputStream(dos); - oos.writeObject(((SecretKeyEntry) entry).sealedKey); + oos.writeObject(((SecretKeyEntry) entry.getValue()).sealedKey); dos.write(digest); dos.flush(); - Long creationDate = ((SecretKeyEntry) entry).date.getTime(); - SecretKeyEntry secretKey = (SecretKeyEntry) entry; - XXRangerKeyStore xxRangerKeyStore = mapObjectToEntity(alias, creationDate, baos.toByteArray(), secretKey.cipher_field, secretKey.bit_length, secretKey.description, secretKey.version, secretKey.attributes); + Long creationDate = ((SecretKeyEntry) entry.getValue()).date.getTime(); + SecretKeyEntry secretKey = (SecretKeyEntry) entry.getValue(); + XXRangerKeyStore xxRangerKeyStore = mapObjectToEntity(entry.getKey(), creationDate, baos.toByteArray(), + secretKey.cipher_field, secretKey.bit_length, secretKey.description, + secretKey.version, secretKey.attributes); dbOperationStore(xxRangerKeyStore); } finally { if (oos != null) { http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java ---------------------------------------------------------------------- diff --git a/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java b/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java index c02e9e6..bf588e2 100644 --- a/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java +++ b/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java @@ -44,7 +44,6 @@ import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl; import org.apache.ranger.plugin.policyengine.RangerAccessResult; import org.apache.ranger.plugin.service.RangerBasePlugin; import org.apache.ranger.plugin.util.RangerPerfTracer; -import org.apache.ranger.services.atlas.RangerServiceAtlas; import java.util.*; @@ -373,7 +372,7 @@ public class RangerAtlasAuthorizer implements AtlasAuthorizer { } } } else { - rangerResource.setValue(RESOURCE_ENTITY_CLASSIFICATION, RangerServiceAtlas.ENTITY_NOT_CLASSIFIED); + rangerResource.setValue(RESOURCE_ENTITY_CLASSIFICATION, ENTITY_NOT_CLASSIFIED); ret = checkAccess(rangerRequest, auditHandler); } http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerGSSTest.java ---------------------------------------------------------------------- diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerGSSTest.java b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerGSSTest.java index 2624478..c1386fe 100644 --- a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerGSSTest.java +++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerGSSTest.java @@ -333,8 +333,7 @@ public class KafkaRangerAuthorizerGSSTest { final Producer producer = new KafkaProducer<>(producerProps); // Send a message - Future record = - producer.send(new ProducerRecord("test", "somekey", "somevalue")); + producer.send(new ProducerRecord("test", "somekey", "somevalue")); producer.flush(); producer.close(); } http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java ---------------------------------------------------------------------- diff --git a/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java b/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java index c3d75a1..07921a9 100755 --- a/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java +++ b/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java @@ -222,7 +222,7 @@ public class RangerKmsAuthorizer implements Runnable, KeyACLs { if(plugin != null && ret) { RangerKMSAccessRequest request = new RangerKMSAccessRequest("", rangerAccessType, ugi, clientIp, clusterName); RangerAccessResult result = plugin.isAccessAllowed(request); - ret = result == null ? false : result.getIsAllowed(); + ret = result != null && result.getIsAllowed(); } RangerPerfTracer.log(perf); if(LOG.isDebugEnabled()) { @@ -249,7 +249,7 @@ public class RangerKmsAuthorizer implements Runnable, KeyACLs { if(plugin != null && ret) { RangerKMSAccessRequest request = new RangerKMSAccessRequest(keyName, rangerAccessType, ugi, clientIp, clusterName); RangerAccessResult result = plugin.isAccessAllowed(request); - ret = result == null ? false : result.getIsAllowed(); + ret = result != null && result.getIsAllowed(); } if(LOG.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java ---------------------------------------------------------------------- diff --git a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java index af0ac71..4a958d4 100755 --- a/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java +++ b/plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java @@ -41,7 +41,6 @@ import org.apache.log4j.Logger; import org.apache.ranger.plugin.client.BaseClient; import org.apache.ranger.plugin.util.PasswordUtils; import org.apache.ranger.plugin.client.HadoopException; -import org.apache.ranger.services.kms.client.KMSClient; import com.google.common.base.Strings; import com.google.gson.Gson; @@ -113,7 +112,7 @@ public class KMSClient { } hostsPart = t[0]; } - return createProvider(providerUri, origUrl, port, hostsPart); + return createProvider(origUrl, port, hostsPart); } private static Path extractKMSPath(URI uri) throws MalformedURLException, @@ -121,7 +120,7 @@ public class KMSClient { return ProviderUtils.unnestUri(uri); } - private String[] createProvider(URI providerUri, URL origUrl, int port, + private String[] createProvider(URL origUrl, int port, String hostsPart) throws IOException { String[] hosts = hostsPart.split(";"); String[] providers = new String[hosts.length]; @@ -305,7 +304,7 @@ public class KMSClient { return lret; } - public static Map testConnection(String serviceName, + public static Map testConnection(String serviceName, //NOPMD Map configs) { List strList = new ArrayList(); http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/plugin-nifi/src/main/java/org/apache/ranger/services/nifi/client/NiFiConnectionMgr.java ---------------------------------------------------------------------- diff --git a/plugin-nifi/src/main/java/org/apache/ranger/services/nifi/client/NiFiConnectionMgr.java b/plugin-nifi/src/main/java/org/apache/ranger/services/nifi/client/NiFiConnectionMgr.java index 739bef6..19cb1a9 100644 --- a/plugin-nifi/src/main/java/org/apache/ranger/services/nifi/client/NiFiConnectionMgr.java +++ b/plugin-nifi/src/main/java/org/apache/ranger/services/nifi/client/NiFiConnectionMgr.java @@ -30,7 +30,6 @@ import java.io.IOException; import java.io.InputStream; import java.net.URI; import java.net.URISyntaxException; -import java.net.URL; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 472199d..4d7eddc 100644 --- a/pom.xml +++ b/pom.xml @@ -19,7 +19,7 @@ org.apache apache - 19 + 20 org.apache.ranger ranger http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java ---------------------------------------------------------------------- diff --git a/ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java b/ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java index 11af0a8..7a39396 100644 --- a/ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java +++ b/ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java @@ -34,7 +34,6 @@ import java.util.concurrent.CountDownLatch; import org.apache.commons.lang.text.StrSubstitutor; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; -import org.apache.ranger.plugin.policyengine.RangerPolicyEngine; import org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl; import org.apache.ranger.plugin.util.PerfDataRecorder; import org.apache.ranger.plugin.util.PerfDataRecorder.PerfStatistic; http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 5f8a05a..59741d3 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -122,7 +122,6 @@ import org.apache.ranger.view.RangerPluginInfoList; import org.apache.ranger.view.RangerPolicyList; import org.apache.ranger.view.RangerServiceDefList; import org.apache.ranger.view.RangerServiceList; -import org.apache.ranger.view.VXPolicyLabelList; import org.apache.ranger.view.VXResponse; import org.apache.ranger.view.VXString; import org.apache.ranger.view.VXUser; @@ -2130,7 +2129,7 @@ public class ServiceREST { LOG.debug("Deleting Policy from provided services in servicesMapJson file for specific resource..."); } if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)){ - deletePoliciesForResource(sourceServices, destinationServices, polResource, request, policies); + deletePoliciesForResource(sourceServices, destinationServices, request, policies); } } if (policies != null && !CollectionUtils.sizeIsEmpty(policies)){ @@ -2373,7 +2372,7 @@ public class ServiceREST { } } - private void deletePoliciesForResource(List sourceServices, List destinationServices, String resource, HttpServletRequest request, List exportPolicies) { + private void deletePoliciesForResource(List sourceServices, List destinationServices, HttpServletRequest request, List exportPolicies) { int totalDeletedPilicies = 0; if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)) { http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java index b4a3f93..d20a203 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java @@ -556,19 +556,19 @@ public class RangerKRBAuthenticationFilter extends RangerKrbFilter { } @Override - public javax.servlet.ServletRegistration.Dynamic addServlet( + public ServletRegistration.Dynamic addServlet( String servletName, Class servletClass) { return null; } @Override - public javax.servlet.ServletRegistration.Dynamic addServlet( + public ServletRegistration.Dynamic addServlet( String servletName, Servlet servlet) { return null; } @Override - public javax.servlet.ServletRegistration.Dynamic addServlet( + public ServletRegistration.Dynamic addServlet( String servletName, String className) { return null; } http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java index ca0d17e..0be0e68 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java @@ -44,8 +44,6 @@ import java.io.IOException; import java.security.Principal; import java.text.SimpleDateFormat; import java.util.*; -import java.util.regex.Matcher; -import java.util.regex.Pattern; @InterfaceAudience.Private @InterfaceStability.Unstable http://git-wip-us.apache.org/repos/asf/ranger/blob/b66e98dc/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java index a3ff825..ad3984d 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java @@ -157,7 +157,7 @@ public class RangerPolicyService extends RangerPolicyServiceBase xDataMaskDef = daoMgr.getXXDataMaskTypeDef().getAll(); - if(CollectionUtils.isNotEmpty(xDataMaskDef) && xDataMaskDef != null ) { - for (XXDataMaskTypeDef xxDataMaskTypeDef : xDataMaskDef) { - if(xxDataMaskTypeDef.getName().equalsIgnoreCase(policyItem.getDataMaskInfo().getDataMaskType())) { - String label = xxDataMaskTypeDef.getLabel(); - StringBuilder sbValue = new StringBuilder(value); - label = ",\"DataMasklabel\":\""+label+"\""; - int sbValueIndex = sbValue.lastIndexOf("}]"); - sbValue.insert(sbValueIndex, label); - value = sbValue.toString(); - break; - } - } - } - } - } - } - } else if (ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { - value = processRowFilterPolicyItemForTrxLog(field.get(vObj)); - } else if (IS_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { - value = String.valueOf(processIsEnabledClassFieldNameForTrxLog(field.get(vObj))); - } else if (POLICY_LABELS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { - value = processPolicyLabelsClassFieldNameForTrxLog(field.get(vObj)); - } else if (POLICY_VALIDITYSCHEDULES_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { - value = processValiditySchedulesClassFieldNameForTrxLog(field.get(vObj)); - } else if (POLICY_PRIORITY_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { - value = processPriorityClassFieldNameForTrxLog(field.get(vObj)); - } else { - value = "" + field.get(vObj); + if (!isEnum) { + if (POLICY_RESOURCE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { + value = processPolicyResourcesForTrxLog(field.get(vObj)); + } else if (POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { + value = processPolicyItemsForTrxLog(field.get(vObj)); + } else if (DENYPOLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { + value = processPolicyItemsForTrxLog(field.get(vObj)); + } else if (POLICY_NAME_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { + value = processPolicyNameForTrxLog(field.get(vObj)); + } else if (ALLOW_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { + value = processPolicyItemsForTrxLog(field.get(vObj)); + } else if (DENY_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { + value = processPolicyItemsForTrxLog(field.get(vObj)); + } else if (DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { + value = processDataMaskPolicyItemsForTrxLog(field.get(vObj)); + if(vObj.getDataMaskPolicyItems() != null && CollectionUtils.isNotEmpty(vObj.getDataMaskPolicyItems())) { + for(RangerDataMaskPolicyItem policyItem : vObj.getDataMaskPolicyItems()) { + if(policyItem.getDataMaskInfo() != null && policyItem.getDataMaskInfo().getDataMaskType() != null) { + List xDataMaskDef = daoMgr.getXXDataMaskTypeDef().getAll(); + if(CollectionUtils.isNotEmpty(xDataMaskDef) && xDataMaskDef != null ) { + for (XXDataMaskTypeDef xxDataMaskTypeDef : xDataMaskDef) { + if(xxDataMaskTypeDef.getName().equalsIgnoreCase(policyItem.getDataMaskInfo().getDataMaskType())) { + String label = xxDataMaskTypeDef.getLabel(); + StringBuilder sbValue = new StringBuilder(value); + label = ",\"DataMasklabel\":\""+label+"\""; + int sbValueIndex = sbValue.lastIndexOf("}]"); + sbValue.insert(sbValueIndex, label); + value = sbValue.toString(); + break; + } + } + } + } + } + } + } else if (ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { + value = processRowFilterPolicyItemForTrxLog(field.get(vObj)); + } else if (IS_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { + value = String.valueOf(processIsEnabledClassFieldNameForTrxLog(field.get(vObj))); + } else if (POLICY_LABELS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { + value = processPolicyLabelsClassFieldNameForTrxLog(field.get(vObj)); + } else if (POLICY_VALIDITYSCHEDULES_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { + value = processValiditySchedulesClassFieldNameForTrxLog(field.get(vObj)); + } else if (POLICY_PRIORITY_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) { + value = processPriorityClassFieldNameForTrxLog(field.get(vObj)); + } else { + value = "" + field.get(vObj); + } } if (action == OPERATION_CREATE_CONTEXT) { @@ -266,9 +266,7 @@ public class RangerPolicyService extends RangerPolicyServiceBase configs = (field.get(vObj) != null) ? (Map) field - .get(vObj) : new HashMap(); - - value = jsonUtil.readMapToString(configs); - } else { - value = "" + field.get(vObj); + if (!isEnum) { + if ("configs".equalsIgnoreCase(fieldName)) { + Map configs = (field.get(vObj) != null) ? (Map) field + .get(vObj) : new HashMap(); + + value = jsonUtil.readMapToString(configs); + } else { + value = "" + field.get(vObj); + } } if (action == OPERATION_CREATE_CONTEXT) { @@ -219,9 +219,7 @@ public class RangerServiceService extends RangerServiceServiceBase xxPolicyLabelMapList = new ArrayList<>(); List xServiceConfigDefList = new ArrayList(); XXServiceConfigDef serviceConfigDefObj = new XXServiceConfigDef(); serviceConfigDefObj.setId(Id);