This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 2c71271 RANGER-2412:Policy Condition Evaluators existing and newly
created should work in both policy level and policy item level
2c71271 is described below
commit 2c71271223176413f95a9adb82ee72ea82f83881
Author: rmani <rm...@hortonworks.com>
AuthorDate: Wed May 1 13:33:56 2019 -0700
RANGER-2412:Policy Condition Evaluators existing and newly created should
work in both policy level and policy item level
---
.../RangerAbstractConditionEvaluator.java | 9 ------
.../RangerConditionEvaluator.java | 3 --
.../apache/ranger/plugin/model/RangerPolicy.java | 34 ++++++----------------
.../model/RangerPolicyResourceSignature.java | 8 ++---
.../RangerCustomConditionEvaluator.java | 4 +--
.../RangerDefaultPolicyEvaluator.java | 2 +-
.../RangerPolicyConditionSampleSimpleMatcher.java | 10 +++----
.../org/apache/ranger/biz/PolicyRefUpdater.java | 4 +--
8 files changed, 23 insertions(+), 51 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java
index 51691ad..ddd1a54 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java
@@ -18,7 +18,6 @@
*/
package org.apache.ranger.plugin.conditionevaluator;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyCondition;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
import org.apache.ranger.plugin.model.RangerServiceDef;
import
org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
@@ -27,7 +26,6 @@ public abstract class RangerAbstractConditionEvaluator
implements RangerConditio
protected RangerServiceDef serviceDef;
protected RangerPolicyConditionDef conditionDef;
protected RangerPolicyItemCondition condition;
- protected RangerPolicyCondition policyCondition;
@Override
public void setServiceDef(RangerServiceDef serviceDef) {
@@ -50,11 +48,4 @@ public abstract class RangerAbstractConditionEvaluator
implements RangerConditio
public RangerPolicyItemCondition getPolicyItemCondition() { return
condition; }
- @Override
- public void setPolicyCondition(RangerPolicyCondition policyCondition) {
- this.policyCondition = policyCondition;
- }
-
- public RangerPolicyCondition getPolicyCondition() { return
policyCondition; }
-
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java
index 54c0b40..16f9a3c 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java
@@ -19,7 +19,6 @@
package org.apache.ranger.plugin.conditionevaluator;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyCondition;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
import org.apache.ranger.plugin.model.RangerServiceDef;
import
org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
@@ -30,8 +29,6 @@ public interface RangerConditionEvaluator {
void setPolicyItemCondition(RangerPolicyItemCondition condition);
- void setPolicyCondition(RangerPolicyCondition policyCondition);
-
void setServiceDef(RangerServiceDef serviceDef);
void init();
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
index 9146a88..3cf509d 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
@@ -75,7 +75,7 @@ public class RangerPolicy extends RangerBaseModelObject
implements java.io.Seria
private String
resourceSignature;
private Boolean isAuditEnabled;
private Map<String, RangerPolicyResource> resources;
- private List<RangerPolicyCondition> conditions;
+ private List<RangerPolicyItemCondition> conditions;
private List<RangerPolicyItem> policyItems;
private List<RangerPolicyItem> denyPolicyItems;
private List<RangerPolicyItem> allowExceptions;
@@ -109,7 +109,7 @@ public class RangerPolicy extends RangerBaseModelObject
implements java.io.Seria
* @param policyItems
* @param resourceSignature TODO
*/
- public RangerPolicy(String service, String name, Integer policyType,
Integer policyPriority, String description, Map<String, RangerPolicyResource>
resources, List<RangerPolicyItem> policyItems, String resourceSignature,
Map<String, Object> options, List<RangerValiditySchedule> validitySchedules,
List<String> policyLables, String zoneName, List<RangerPolicyCondition>
conditions) {
+ public RangerPolicy(String service, String name, Integer policyType,
Integer policyPriority, String description, Map<String, RangerPolicyResource>
resources, List<RangerPolicyItem> policyItems, String resourceSignature,
Map<String, Object> options, List<RangerValiditySchedule> validitySchedules,
List<String> policyLables, String zoneName, List<RangerPolicyItemCondition>
conditions) {
super();
setService(service);
@@ -501,11 +501,11 @@ public class RangerPolicy extends RangerBaseModelObject
implements java.io.Seria
/**
* @return the conditions
*/
- public List<RangerPolicyCondition> getConditions() { return conditions;
}
+ public List<RangerPolicyItemCondition> getConditions() { return
conditions; }
/**
* @param conditions the conditions to set
*/
- public void setConditions(List<RangerPolicyCondition> conditions) {
+ public void setConditions(List<RangerPolicyItemCondition> conditions) {
this.conditions = conditions;
}
@@ -553,7 +553,7 @@ public class RangerPolicy extends RangerBaseModelObject
implements java.io.Seria
sb.append("policyConditions={");
if(conditions != null) {
- for(RangerPolicyCondition condition : conditions) {
+ for(RangerPolicyItemCondition condition : conditions) {
if(condition != null) {
condition.toString(sb);
}
@@ -1351,38 +1351,22 @@ public class RangerPolicy extends RangerBaseModelObject
implements java.io.Seria
}
- // Shell class for backward compatibility
@JsonAutoDetect(fieldVisibility=Visibility.ANY)
@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL)
@JsonIgnoreProperties(ignoreUnknown=true)
@XmlRootElement
@XmlAccessorType(XmlAccessType.FIELD)
- public static class RangerPolicyItemCondition extends
RangerPolicyCondition implements java.io.Serializable {
- public RangerPolicyItemCondition() {
- this(null, null);
- }
-
- public RangerPolicyItemCondition(String type, List<String>
values) {
- super(type,values);
- }
- }
-
- @JsonAutoDetect(fieldVisibility=Visibility.ANY)
- @JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL)
- @JsonIgnoreProperties(ignoreUnknown=true)
- @XmlRootElement
- @XmlAccessorType(XmlAccessType.FIELD)
- public static class RangerPolicyCondition implements
java.io.Serializable {
+ public static class RangerPolicyItemCondition implements
java.io.Serializable {
private static final long serialVersionUID = 1L;
private String type;
private List<String> values;
- public RangerPolicyCondition() {
+ public RangerPolicyItemCondition() {
this(null, null);
}
- public RangerPolicyCondition(String type, List<String> values) {
+ public RangerPolicyItemCondition(String type, List<String>
values) {
setType(type);
setValues(values);
}
@@ -1469,7 +1453,7 @@ public class RangerPolicy extends RangerBaseModelObject
implements java.io.Seria
return false;
if (getClass() != obj.getClass())
return false;
- RangerPolicyCondition other = (RangerPolicyCondition)
obj;
+ RangerPolicyItemCondition other =
(RangerPolicyItemCondition) obj;
if (type == null) {
if (other.type != null)
return false;
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
index 40b5ddd..2bb6589 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
@@ -32,7 +32,7 @@ import org.apache.commons.collections.MapUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyCondition;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
import org.apache.solr.common.StringUtils;
public class RangerPolicyResourceSignature {
@@ -198,9 +198,9 @@ public class RangerPolicyResourceSignature {
}
static class CustomConditionSerialiser {
- final List<RangerPolicyCondition> rangerPolicyConditions;
+ final List<RangerPolicy.RangerPolicyItemCondition>
rangerPolicyConditions;
- CustomConditionSerialiser(List<RangerPolicyCondition>
rangerPolicyConditions) {
+ CustomConditionSerialiser(List<RangerPolicyItemCondition>
rangerPolicyConditions) {
this.rangerPolicyConditions = rangerPolicyConditions;
}
@@ -209,7 +209,7 @@ public class RangerPolicyResourceSignature {
StringBuilder builder = new StringBuilder();
Map<String, List<String>> conditionMap = new
TreeMap<>();
- for(RangerPolicyCondition rangerPolicyCondition :
rangerPolicyConditions) {
+ for(RangerPolicyItemCondition rangerPolicyCondition :
rangerPolicyConditions) {
if (rangerPolicyCondition.getType() != null) {
String type =
rangerPolicyCondition.getType();
List<String> values = new ArrayList<>();
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerCustomConditionEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerCustomConditionEvaluator.java
index 1d08718..cc250b5 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerCustomConditionEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerCustomConditionEvaluator.java
@@ -57,7 +57,7 @@ public class RangerCustomConditionEvaluator {
perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_INIT_LOG,
"RangerCustomConditionEvaluator.init(policyId=" + policyId + ")");
}
- for (RangerPolicy.RangerPolicyCondition condition :
policy.getConditions()) {
+ for (RangerPolicy.RangerPolicyItemCondition condition :
policy.getConditions()) {
RangerServiceDef.RangerPolicyConditionDef conditionDef =
getConditionDef(condition.getType(),serviceDef);
if (conditionDef == null) {
@@ -71,7 +71,7 @@ public class RangerCustomConditionEvaluator {
if (conditionEvaluator != null) {
conditionEvaluator.setServiceDef(serviceDef);
conditionEvaluator.setConditionDef(conditionDef);
- conditionEvaluator.setPolicyCondition(condition);
+ conditionEvaluator.setPolicyItemCondition(condition);
RangerPerfTracer perfConditionInit = null;
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index 580a32c..a57b398 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -1204,7 +1204,7 @@ public class RangerDefaultPolicyEvaluator extends
RangerAbstractPolicyEvaluator
String conditionType = null;
if (conditionEvaluator instanceof
RangerAbstractConditionEvaluator) {
- conditionType =
((RangerAbstractConditionEvaluator)conditionEvaluator).getPolicyCondition().getType();
+ conditionType =
((RangerAbstractConditionEvaluator)conditionEvaluator).getPolicyItemCondition().getType();
}
perf =
RangerPerfTracer.getPerfTracer(PERF_POLICYCONDITION_REQUEST_LOG,
"RangerConditionEvaluator.matchPolicyCustomConditions(policyId=" + getId() +
",policyConditionType=" + conditionType + ")");
diff --git
a/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerPolicyConditionSampleSimpleMatcher.java
b/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerPolicyConditionSampleSimpleMatcher.java
index f0df30d..6e5d90a 100644
---
a/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerPolicyConditionSampleSimpleMatcher.java
+++
b/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerPolicyConditionSampleSimpleMatcher.java
@@ -80,18 +80,18 @@ public class RangerPolicyConditionSampleSimpleMatcher
extends RangerAbstractCond
@Override
public void init() {
if(LOG.isDebugEnabled()) {
- LOG.debug("==>
RangerPolicyConditionSampleSimpleMatcher.init(" + policyCondition + ")");
+ LOG.debug("==>
RangerPolicyConditionSampleSimpleMatcher.init(" + condition + ")");
}
super.init();
- if (policyCondition == null) {
+ if (condition == null) {
LOG.debug("init: null policy condition! Will match
always!");
_allowAny = true;
} else if (conditionDef == null) {
LOG.debug("init: null policy condition definition! Will
match always!");
_allowAny = true;
- } else if
(CollectionUtils.isEmpty(policyCondition.getValues())) {
+ } else if (CollectionUtils.isEmpty(condition.getValues())) {
LOG.debug("init: empty conditions collection on policy
condition! Will match always!");
_allowAny = true;
} else if
(MapUtils.isEmpty(conditionDef.getEvaluatorOptions())) {
@@ -102,13 +102,13 @@ public class RangerPolicyConditionSampleSimpleMatcher
extends RangerAbstractCond
_allowAny = true;
} else {
_contextName =
conditionDef.getEvaluatorOptions().get(CONTEXT_NAME);
- for (String value : policyCondition.getValues()) {
+ for (String value : condition.getValues()) {
_values.add(value);
}
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<==
RangerPolicyConditionSampleSimpleMatcher.init(" + policyCondition + "):
values[" + _values + "]");
+ LOG.debug("<==
RangerPolicyConditionSampleSimpleMatcher.init(" + condition + "): values[" +
_values + "]");
}
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
index 08963f0..921dc37 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
@@ -79,9 +79,9 @@ public class PolicyRefUpdater {
final Set<String> conditionTypes = new HashSet<>();
final Set<String> dataMaskTypes = new HashSet<>();
- List<RangerPolicy.RangerPolicyCondition> rangerPolicyConditions
= policy.getConditions();
+ List<RangerPolicy.RangerPolicyItemCondition>
rangerPolicyConditions = policy.getConditions();
if (CollectionUtils.isNotEmpty(rangerPolicyConditions)) {
- for (RangerPolicy.RangerPolicyCondition condition :
rangerPolicyConditions) {
+ for (RangerPolicy.RangerPolicyItemCondition condition :
rangerPolicyConditions) {
conditionTypes.add(condition.getType());
}
}
