Repository: ranger Updated Branches: refs/heads/ranger-0.7 c2e1ec9c7 -> 448182cd3
RANGER-1834: row filter policies are not being returned by policy search Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/448182cd Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/448182cd Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/448182cd Branch: refs/heads/ranger-0.7 Commit: 448182cd3789a69b23fcb9bf09a65935e23740dc Parents: c2e1ec9 Author: Abhay Kulkarni <[email protected]> Authored: Wed Oct 11 17:06:22 2017 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Fri Oct 13 13:35:05 2017 -0700 ---------------------------------------------------------------------- .../RangerDefaultPolicyResourceMatcher.java | 21 ++++++-- .../RangerPolicyResourceMatcher.java | 2 + .../org/apache/ranger/biz/ServiceDBStore.java | 53 ++++++++++---------- 3 files changed, 44 insertions(+), 32 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/448182cd/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java index be10b95..8f1e102 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java @@ -46,7 +46,7 @@ public class RangerDefaultPolicyResourceMatcher implements RangerPolicyResourceM private static final Log LOG = LogFactory.getLog(RangerDefaultPolicyResourceMatcher.class); protected RangerServiceDef serviceDef = null; - protected RangerPolicy policy = null; + protected int policyType; protected Map<String, RangerPolicyResource> policyResources = null; private Map<String, RangerResourceMatcher> matchers = null; @@ -70,14 +70,23 @@ public class RangerDefaultPolicyResourceMatcher implements RangerPolicyResourceM @Override public void setPolicy(RangerPolicy policy) { - this.policy = policy; - setPolicyResources(policy == null ? null : policy.getResources()); + if (policy == null) { + setPolicyResources(null, RangerPolicy.POLICY_TYPE_ACCESS); + } else { + setPolicyResources(policy.getResources(), policy.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS : policy.getPolicyType()); + } } @Override public void setPolicyResources(Map<String, RangerPolicyResource> policyResources) { + setPolicyResources(policyResources, RangerPolicy.POLICY_TYPE_ACCESS); + } + + @Override + public void setPolicyResources(Map<String, RangerPolicyResource> policyResources, int policyType) { this.policyResources = policyResources; + this.policyType = policyType; } @Override @@ -98,7 +107,6 @@ public class RangerDefaultPolicyResourceMatcher implements RangerPolicyResourceM Set<String> policyResourceKeySet = policyResources.keySet(); RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef, false); - int policyType = policy != null && policy.getPolicyType() != null ? policy.getPolicyType() : RangerPolicy.POLICY_TYPE_ACCESS; Set<List<RangerResourceDef>> validResourceHierarchies = serviceDefHelper.getResourceHierarchies(policyType); for (List<RangerResourceDef> validResourceHierarchy : validResourceHierarchies) { @@ -371,6 +379,10 @@ public class RangerDefaultPolicyResourceMatcher implements RangerPolicyResourceM boolean ret = false; MatchType matchType = MatchType.NONE; + if (policy.getPolicyType() != policyType) { + return ret; + } + Map<String, RangerPolicyResource> resources = policy.getResources(); if (MapUtils.isNotEmpty(resources)) { @@ -539,7 +551,6 @@ public class RangerDefaultPolicyResourceMatcher implements RangerPolicyResourceM aValidHierarchy = firstValidResourceDefHierarchy; } else { RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef, false); - int policyType = policy != null && policy.getPolicyType() != null ? policy.getPolicyType() : RangerPolicy.POLICY_TYPE_ACCESS; Set<List<RangerResourceDef>> validResourceHierarchies = serviceDefHelper.getResourceHierarchies(policyType); for (List<RangerResourceDef> resourceHierarchy : validResourceHierarchies) { http://git-wip-us.apache.org/repos/asf/ranger/blob/448182cd/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java index b4dc2c5..9cc4bd6 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java @@ -37,6 +37,8 @@ public interface RangerPolicyResourceMatcher { void setPolicyResources(Map<String, RangerPolicyResource> policyResources); + void setPolicyResources(Map<String, RangerPolicyResource> policyResources, int policyType); + void init(); RangerServiceDef getServiceDef(); http://git-wip-us.apache.org/repos/asf/ranger/blob/448182cd/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 9de40d9..d951090 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -2320,48 +2320,47 @@ public class ServiceDBStore extends AbstractServiceStore { String policyTypeStr = filter.getParam(SearchFilter.POLICY_TYPE); - int policyType = RangerPolicy.POLICY_TYPE_ACCESS; + List<Integer> policyTypes = new ArrayList<>(); if (StringUtils.isNotBlank(policyTypeStr)) { - policyType = Integer.parseInt(policyTypeStr); - } - - Set<List<RangerResourceDef>> validResourceHierarchies = serviceDefHelper.getResourceHierarchies(policyType, filterResources.keySet()); - - if (LOG.isDebugEnabled()) { - LOG.debug("Found " + validResourceHierarchies.size() + " valid resource hierarchies for key-set " + filterResources.keySet()); + policyTypes.add(Integer.parseInt(policyTypeStr)); + } else { + policyTypes.add(RangerPolicy.POLICY_TYPE_ACCESS); + policyTypes.add(RangerPolicy.POLICY_TYPE_DATAMASK); + policyTypes.add(RangerPolicy.POLICY_TYPE_ROWFILTER); } - List<List<RangerResourceDef>> resourceHierarchies = new ArrayList<List<RangerResourceDef>>(validResourceHierarchies); - - for (List<RangerResourceDef> validResourceHierarchy : resourceHierarchies) { + for (Integer policyType : policyTypes) { + Set<List<RangerResourceDef>> validResourceHierarchies = serviceDefHelper.getResourceHierarchies(policyType, filterResources.keySet()); if (LOG.isDebugEnabled()) { - LOG.debug("validResourceHierarchy:[" + validResourceHierarchy + "]"); + LOG.debug("Found " + validResourceHierarchies.size() + " valid resource hierarchies for key-set " + filterResources.keySet()); } - Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>(); - - for (RangerResourceDef resourceDef : validResourceHierarchy) { + List<List<RangerResourceDef>> resourceHierarchies = new ArrayList<List<RangerResourceDef>>(validResourceHierarchies); - String resourceValue = filterResources.get(resourceDef.getName()); + for (List<RangerResourceDef> validResourceHierarchy : resourceHierarchies) { - if (StringUtils.isBlank(resourceValue)) { - resourceValue = RangerAbstractResourceMatcher.WILDCARD_ASTERISK; + if (LOG.isDebugEnabled()) { + LOG.debug("validResourceHierarchy:[" + validResourceHierarchy + "]"); } - policyResources.put(resourceDef.getName(), new RangerPolicyResource(resourceValue, false, resourceDef.getRecursiveSupported())); - } + Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>(); - RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher(); - matcher.setServiceDef(serviceDef); - matcher.setPolicyResources(policyResources); - matcher.init(); + for (RangerResourceDef resourceDef : validResourceHierarchy) { + policyResources.put(resourceDef.getName(), new RangerPolicyResource(filterResources.get(resourceDef.getName()), false, resourceDef.getRecursiveSupported())); + } - ret.add(matcher); + RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher(); + matcher.setServiceDef(serviceDef); + matcher.setPolicyResources(policyResources, policyType); + matcher.init(); - if (LOG.isDebugEnabled()) { - LOG.debug("Added matcher:[" + matcher + "]"); + ret.add(matcher); + + if (LOG.isDebugEnabled()) { + LOG.debug("Added matcher:[" + matcher + "]"); + } } }
