This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 6087539  RANGER-3295: Update Ranger Policy Engine capability matrix
6087539 is described below

commit 60875395f76a4bbe810989220b1ae3126755dbfa
Author: Abhay Kulkarni <[email protected]>
AuthorDate: Mon May 24 16:43:22 2021 -0700

    RANGER-3295: Update Ranger Policy Engine capability matrix
---
 .../ranger/plugin/util/RangerPluginCapability.java | 27 +++++++++++++++++-----
 .../plugin/test_plugin_capability.json             |  4 ++--
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPluginCapability.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPluginCapability.java
index 53e1a9b..b2cecc1 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPluginCapability.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPluginCapability.java
@@ -28,11 +28,11 @@ import java.util.List;
 public class RangerPluginCapability {
 
     /*
-       - tag-policies
+    - tag-policies
        - allowExceptions/deny/denyExceptions
        - masking/row-filtering
        - Macros - like ${USER}
-               - tag-based masking/row-filtering
+       - tag-based masking/row-filtering
        - audit mode support
        - service-def changes - isValidLeaf
        - validity periods
@@ -42,6 +42,11 @@ public class RangerPluginCapability {
        - deny AllElse policies
        - roles
        - role download timer
+       - Audit-excluded-users
+       - Chained plugins
+       - Super-user permission
+       - UserStore download
+       - Audit-policies
      */
     private final long pluginCapabilities;
     private static final String baseRangerCapabilities = 
computeBaseCapabilities();
@@ -59,9 +64,14 @@ public class RangerPluginCapability {
         RANGER_PLUGIN_CAPABILITY_POLICY_LEVEL_CONDITION("Policy-level 
Condition"),
         RANGER_PLUGIN_CAPABILITY_DENY_ALL_ELSE_POLICY("Deny-all-else Policy"),
         RANGER_PLUGIN_CAPABILITY_ROLE("Role"),
-        RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER("Role Timer");
-
-        private String name;
+        RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER("Role Timer"),
+        RANGER_PLUGIN_CAPABILITY_AUDIT_EXCLUDED_USERS("Audit-Excluded Users"),
+        RANGER_PLUGIN_CAPABILITY_CHAINED_PLUGINS("Chained Plugins"),
+        RANGER_PLUGIN_CAPABILITY_SUPERUSER_PERMISSIONS("Super-user 
Permissions"),
+        RANGER_PLUGIN_CAPABILITY_USERSTORE_DOWNLOAD("UserStore Download"),
+        RANGER_PLUGIN_CAPABILITY_AUDIT_POLICY("Audit Policy");
+
+        private final String name;
         RangerPluginFeature(String name) {
             this.name = name;
         }
@@ -160,7 +170,12 @@ public class RangerPluginCapability {
                 , 
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_POLICY_LEVEL_CONDITION.getName()
                 , 
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_DENY_ALL_ELSE_POLICY.getName()
                 , RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_ROLE.getName()
-                , 
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER.getName());
+                , 
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER.getName()
+                , 
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_AUDIT_EXCLUDED_USERS.getName()
+                , 
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_CHAINED_PLUGINS.getName()
+                , 
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_SUPERUSER_PERMISSIONS.getName()
+                , 
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_USERSTORE_DOWNLOAD.getName()
+                , 
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_AUDIT_POLICY.getName());
 
         return Long.toHexString(new 
RangerPluginCapability(baseCapabilities).getPluginCapabilities());
     }
diff --git 
a/agents-common/src/test/resources/policyengine/plugin/test_plugin_capability.json
 
b/agents-common/src/test/resources/policyengine/plugin/test_plugin_capability.json
index a9f741b..b968743 100644
--- 
a/agents-common/src/test/resources/policyengine/plugin/test_plugin_capability.json
+++ 
b/agents-common/src/test/resources/policyengine/plugin/test_plugin_capability.json
@@ -21,14 +21,14 @@
     {
       "name": "Using all existing capabilities",
       "myCapabilities": [],
-      "otherCapabilities": ["RANGER_PLUGIN_CAPABILITY_TAG_POLICIES", 
"RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER","RANGER_PLUGIN_CAPABILITY_MASKING_AND_ROW_FILTERING",
 "RANGER_PLUGIN_CAPABILITY_MACROS", "RANGER_PLUGIN_CAPABILITY_AUDIT_MODE", 
"RANGER_PLUGIN_CAPABILITY_RESOURCE_IS_VALID_LEAF", 
"RANGER_PLUGIN_CAPABILITY_VALIDITY_PERIOD", 
"RANGER_PLUGIN_CAPABILITY_POLICY_PRIORITY","RANGER_PLUGIN_CAPABILITY_SECURITY_ZONE","RANGER_PLUGIN_CAPABILITY_POLICY_LEVEL_CONDITION",
 "RANGER_PLUGIN_CAP [...]
+      "otherCapabilities": 
["RANGER_PLUGIN_CAPABILITY_TAG_POLICIES","RANGER_PLUGIN_CAPABILITY_MASKING_AND_ROW_FILTERING",
 "RANGER_PLUGIN_CAPABILITY_MACROS", "RANGER_PLUGIN_CAPABILITY_AUDIT_MODE", 
"RANGER_PLUGIN_CAPABILITY_RESOURCE_IS_VALID_LEAF", 
"RANGER_PLUGIN_CAPABILITY_VALIDITY_PERIOD", 
"RANGER_PLUGIN_CAPABILITY_POLICY_PRIORITY","RANGER_PLUGIN_CAPABILITY_SECURITY_ZONE","RANGER_PLUGIN_CAPABILITY_POLICY_LEVEL_CONDITION",
 "RANGER_PLUGIN_CAPABILITY_DENY_ALL_ELSE_POLICY","RANGER_PLUGIN_CAP [...]
       "difference": []
     },
     {
       "name": "Using all existing capabilities, other has fewer",
       "myCapabilities": [],
       "otherCapabilities": 
["RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER","RANGER_PLUGIN_CAPABILITY_MASKING_AND_ROW_FILTERING",
 "RANGER_PLUGIN_CAPABILITY_MACROS", "RANGER_PLUGIN_CAPABILITY_AUDIT_MODE", 
"RANGER_PLUGIN_CAPABILITY_RESOURCE_IS_VALID_LEAF", 
"RANGER_PLUGIN_CAPABILITY_VALIDITY_PERIOD", 
"RANGER_PLUGIN_CAPABILITY_POLICY_PRIORITY","RANGER_PLUGIN_CAPABILITY_SECURITY_ZONE","RANGER_PLUGIN_CAPABILITY_POLICY_LEVEL_CONDITION",
 "RANGER_PLUGIN_CAPABILITY_DENY_ALL_ELSE_POLICY","RANGER_PLU [...]
-      "difference": ["RANGER_PLUGIN_CAPABILITY_TAG_POLICIES"]
+      "difference": ["RANGER_PLUGIN_CAPABILITY_TAG_POLICIES", 
"RANGER_PLUGIN_CAPABILITY_AUDIT_EXCLUDED_USERS", 
"RANGER_PLUGIN_CAPABILITY_CHAINED_PLUGINS", 
"RANGER_PLUGIN_CAPABILITY_SUPERUSER_PERMISSIONS", 
"RANGER_PLUGIN_CAPABILITY_USERSTORE_DOWNLOAD", 
"RANGER_PLUGIN_CAPABILITY_AUDIT_POLICY"]
     }
   ]
 }
\ No newline at end of file

Reply via email to