RANGER-203: Framework to extend Ranger security to new components in a pluggable way
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/e99d911d Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/e99d911d Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/e99d911d Branch: refs/heads/stack Commit: e99d911dc94fd70ad46e6c2e5568aa64d9eb1bab Parents: 06ca853 Author: Madhan Neethiraj <[email protected]> Authored: Thu Dec 18 14:47:56 2014 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Thu Dec 18 14:47:56 2014 -0800 ---------------------------------------------------------------------- plugin-common/pom.xml | 42 + .../plugin/manager/ServiceDefManager.java | 141 +++ .../ranger/plugin/manager/ServiceManager.java | 250 ++++ .../plugin/model/RangerBaseModelObject.java | 166 +++ .../ranger/plugin/model/RangerPolicy.java | 633 ++++++++++ .../ranger/plugin/model/RangerService.java | 190 +++ .../ranger/plugin/model/RangerServiceDef.java | 1146 ++++++++++++++++++ .../policyengine/RangerAccessRequest.java | 42 + .../policyengine/RangerAccessRequestImpl.java | 98 ++ .../plugin/policyengine/RangerPolicyEngine.java | 32 + .../policyengine/RangerPolicyEngineImpl.java | 114 ++ .../plugin/policyengine/RangerResource.java | 31 + .../plugin/policyengine/RangerResourceImpl.java | 137 +++ .../ranger/plugin/store/ServiceDefStore.java | 38 + .../ranger/plugin/store/ServiceStore.java | 56 + .../ranger/plugin/store/file/BaseFileStore.java | 354 ++++++ .../plugin/store/file/ServiceDefFileStore.java | 357 ++++++ .../plugin/store/file/ServiceFileStore.java | 577 +++++++++ .../service-defs/ranger-servicedef-hbase.json | 51 + .../service-defs/ranger-servicedef-hdfs.json | 61 + .../service-defs/ranger-servicedef-hive.json | 45 + .../service-defs/ranger-servicedef-knox.json | 34 + .../service-defs/ranger-servicedef-storm.json | 46 + .../plugin/manager/TestServiceManager.java | 203 ++++ pom.xml | 1 + security-admin/pom.xml | 5 + 26 files changed, 4850 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/pom.xml ---------------------------------------------------------------------- diff --git a/plugin-common/pom.xml b/plugin-common/pom.xml new file mode 100644 index 0000000..f0d4efe --- /dev/null +++ b/plugin-common/pom.xml @@ -0,0 +1,42 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger</artifactId> + <version>0.4.0</version> + </parent> + <artifactId>plugin-common</artifactId> + <name>ranger-plugin-common</name> + <description>Ranger Plugin Common Library</description> + <dependencies> + <dependency> + <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-core-asl</artifactId> + <version>${codehaus.jackson.version}</version> + </dependency> + <dependency> + <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-mapper-asl</artifactId> + <version>${codehaus.jackson.version}</version> + </dependency> + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + <version>${log4j.version}</version> + </dependency> + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + <version>${commons.logging.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hadoop</groupId> + <artifactId>hadoop-common</artifactId> + <version>${hadoop-common.version}</version> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + </dependency> + </dependencies> +</project> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceDefManager.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceDefManager.java b/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceDefManager.java new file mode 100644 index 0000000..ce7dbf0 --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceDefManager.java @@ -0,0 +1,141 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.manager; + +import java.util.List; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.store.ServiceDefStore; +import org.apache.ranger.plugin.store.file.ServiceDefFileStore; + + +public class ServiceDefManager { + private static final Log LOG = LogFactory.getLog(ServiceDefManager.class); + + private ServiceDefStore sdStore = null; + + public ServiceDefManager() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefManager.ServiceDefManager()"); + } + + init(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefManager.ServiceDefManager()"); + } + } + + public RangerServiceDef create(RangerServiceDef serviceDef) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefManager.create(" + serviceDef + ")"); + } + + RangerServiceDef ret = sdStore.create(serviceDef); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefManager.create(" + serviceDef + "): " + ret); + } + + return ret; + } + + public RangerServiceDef update(RangerServiceDef serviceDef) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefManager.update(" + serviceDef + ")"); + } + + RangerServiceDef ret = sdStore.update(serviceDef); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefManager.update(" + serviceDef + "): " + ret); + } + + return ret; + } + + public void delete(Long id) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefManager.delete(" + id + ")"); + } + + sdStore.delete(id); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefManager.delete(" + id + ")"); + } + } + + public RangerServiceDef get(Long id) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefManager.get(" + id + ")"); + } + + RangerServiceDef ret = sdStore.get(id); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefManager.get(" + id + ")"); + } + + return ret; + } + + public RangerServiceDef getByName(String name) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefManager.getByName(" + name + ")"); + } + + RangerServiceDef ret = sdStore.getByName(name); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefManager.getByName(" + name + "): " + ret); + } + + return ret; + } + + public List<RangerServiceDef> getAll() throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefManager.getAll()"); + } + + List<RangerServiceDef> ret = sdStore.getAll(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefManager.getAll(): count=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + private void init() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDefManager.init()"); + } + + sdStore = new ServiceDefFileStore(); // TODO: store type should be configurable + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDefManager.init()"); + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceManager.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceManager.java b/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceManager.java new file mode 100644 index 0000000..7b947ea --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/manager/ServiceManager.java @@ -0,0 +1,250 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.manager; + +import java.util.List; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerService; +import org.apache.ranger.plugin.store.ServiceStore; +import org.apache.ranger.plugin.store.file.ServiceFileStore; + + +public class ServiceManager { + private static final Log LOG = LogFactory.getLog(ServiceManager.class); + + private ServiceStore svcStore = null; + + public ServiceManager() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.ServiceManager()"); + } + + init(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.ServiceManager()"); + } + } + + public RangerService create(RangerService service) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.create(" + service + ")"); + } + + RangerService ret = svcStore.create(service); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.create(" + service + "): " + ret); + } + + return ret; + } + + public RangerService update(RangerService service) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.update(" + service + ")"); + } + + RangerService ret = svcStore.update(service); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.update(" + service + "): " + ret); + } + + return ret; + } + + public void delete(Long id) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.delete(" + id + ")"); + } + + svcStore.delete(id); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.delete(" + id + ")"); + } + } + + public RangerService get(Long id) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.get(" + id + ")"); + } + + RangerService ret = svcStore.get(id); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.get(" + id + "): " + ret); + } + + return ret; + } + + public RangerService getByName(String name) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.getByName(" + name + ")"); + } + + RangerService ret = svcStore.getByName(name); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.getByName(" + name + "): " + ret); + } + + return ret; + } + + public List<RangerService> getAll() throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.getAll()"); + } + + List<RangerService> ret = svcStore.getAll(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.getAll(): count=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + public void validateConfig(RangerService service) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.validateConfig(" + service + ")"); + } + + // TODO: call validateConfig() on the implClass + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.validateConfig(" + service + ")"); + } + } + + public RangerPolicy createPolicy(RangerPolicy policy) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.createPolicy(" + policy + ")"); + } + + RangerPolicy ret = svcStore.createPolicy(policy); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.createPolicy(" + policy + "): " + ret); + } + + return ret; + } + + public RangerPolicy updatePolicy(RangerPolicy policy) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.updatePolicy(" + policy + ")"); + } + + RangerPolicy ret = svcStore.updatePolicy(policy); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.updatePolicy(" + policy + "): " + ret); + } + + return ret; + } + + public void deletePolicy(Long id) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.deletePolicy(" + id + ")"); + } + + svcStore.deletePolicy(id); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.deletePolicy(" + id + ")"); + } + } + + public RangerPolicy getPolicy(Long id) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.getPolicy(" + id + ")"); + } + + RangerPolicy ret = svcStore.getPolicy(id); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.getPolicy(" + id + "): " + ret); + } + + return ret; + } + + public List<RangerPolicy> getPolicies(Long svcId) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.getPolicies(" + svcId + ")"); + } + + List<RangerPolicy> ret = svcStore.getServicePolicies(svcId); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.getPolicies(" + svcId + "): count=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + public RangerPolicy getPolicyByName(String svcName, String policyName) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.getPolicyByName(" + svcName + "," + policyName + ")"); + } + + RangerPolicy ret = svcStore.getPolicyByName(svcName, policyName); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.getPolicyByName(" + svcName + "," + policyName + "): " + ret); + } + + return ret; + } + + public List<RangerPolicy> getAllPolicies() throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.getAllPolicies()"); + } + + List<RangerPolicy> ret = svcStore.getAllPolicies(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== getAllPolicies.getAll(): count=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + private void init() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceManager.init()"); + } + + svcStore = new ServiceFileStore(); // TODO: store type should be configurable + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceManager.init()"); + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java new file mode 100644 index 0000000..85bbb3e --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerBaseModelObject.java @@ -0,0 +1,166 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.model; + +import java.util.Date; +import java.util.Map; +import java.util.UUID; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.annotate.JsonIgnoreProperties; +import org.codehaus.jackson.map.annotate.JsonSerialize; + +@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY) +@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL ) +@JsonIgnoreProperties(ignoreUnknown=true) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerBaseModelObject implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private Long id = null; + private String guid = null; + private String createdBy = null; + private String updatedBy = null; + private Date createTime = null; + private Date updateTime = null; + private Long version = null; + + /** + * + */ + public RangerBaseModelObject() { + } + + public void updateFrom(RangerBaseModelObject other) { + // Nothing to copy + } + + /** + * @return the id + */ + public Long getId() { + return id; + } + /** + * @param id the id to set + */ + public void setId(Long id) { + this.id = id; + } + /** + * @return the guid + */ + public String getGuid() { + return guid; + } + /** + * @param guid the guid to set + */ + public void setGuid(String guid) { + this.guid = guid; + } + /** + * @return the createdBy + */ + public String getCreatedBy() { + return createdBy; + } + /** + * @param createdBy the createdBy to set + */ + public void setCreatedBy(String createdBy) { + this.createdBy = createdBy; + } + /** + * @return the updatedBy + */ + public String getUpdatedBy() { + return updatedBy; + } + /** + * @param updatedBy the updatedBy to set + */ + public void setUpdatedBy(String updatedBy) { + this.updatedBy = updatedBy; + } + /** + * @return the createTime + */ + public Date getCreateTime() { + return createTime; + } + /** + * @param createTime the createTime to set + */ + public void setCreateTime(Date createTime) { + this.createTime = createTime; + } + /** + * @return the updateTime + */ + public Date getUpdateTime() { + return updateTime; + } + /** + * @param updateTime the updateTime to set + */ + public void setUpdateTime(Date updateTime) { + this.updateTime = updateTime; + } + /** + * @return the version + */ + public Long getVersion() { + return version; + } + /** + * @param version the version to set + */ + public void setVersion(Long version) { + this.version = version; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("id={").append(id).append("} "); + sb.append("guid={").append(guid).append("} "); + sb.append("createdBy={").append(createdBy).append("} "); + sb.append("updatedBy={").append(updatedBy).append("} "); + sb.append("createTime={").append(createTime).append("} "); + sb.append("updateTime={").append(updateTime).append("} "); + sb.append("version={").append(version).append("} "); + + return sb; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java new file mode 100644 index 0000000..13a9c4d --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java @@ -0,0 +1,633 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.model; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonIgnoreProperties; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.map.annotate.JsonSerialize; + + +@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY) +@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL ) +@JsonIgnoreProperties(ignoreUnknown=true) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerPolicy extends RangerBaseModelObject implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String service = null; + private String name = null; + private String description = null; + private Boolean isEnabled = null; + private Boolean isAuditEnabled = null; + private List<RangerPolicyResource> resources = null; + private List<RangerPolicyItem> policyItems = null; + + + /** + * @param type + */ + public RangerPolicy() { + this(null, null, null, null, null, null); + } + + /** + * @param type + * @param name + * @param description + * @param isEnabled + * @param configs + */ + public RangerPolicy(String service, String name, String description, Boolean isEnabled, List<RangerPolicyResource> resources, List<RangerPolicyItem> policyItems) { + super(); + + setService(service); + setName(name); + setDescription(description); + setIsEnabled(isEnabled); + setIsAuditEnabled(null); + setResources(resources); + setPolicyItems(policyItems); + } + + public void updateFrom(RangerPolicy other) { + super.updateFrom(other); + + setService(other.getService()); + setName(other.getName()); + setDescription(other.getDescription()); + setIsEnabled(other.getIsEnabled()); + setIsAuditEnabled(other.getIsAuditEnabled()); + setResources(other.getResources()); + setPolicyItems(other.getPolicyItems()); + } + + /** + * @return the type + */ + public String getService() { + return service; + } + + /** + * @param type the type to set + */ + public void setService(String service) { + this.service = service; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the isEnabled + */ + public Boolean getIsEnabled() { + return isEnabled; + } + + /** + * @param isEnabled the isEnabled to set + */ + public void setIsEnabled(Boolean isEnabled) { + this.isEnabled = isEnabled == null ? Boolean.TRUE : isEnabled; + } + + /** + * @return the isAuditEnabled + */ + public Boolean getIsAuditEnabled() { + return isAuditEnabled; + } + + /** + * @param isEnabled the isEnabled to set + */ + public void setIsAuditEnabled(Boolean isAuditEnabled) { + this.isAuditEnabled = isAuditEnabled == null ? Boolean.TRUE : isAuditEnabled; + } + + /** + * @return the resources + */ + public List<RangerPolicyResource> getResources() { + return resources; + } + + /** + * @param configs the resources to set + */ + public void setResources(List<RangerPolicyResource> resources) { + this.resources = new ArrayList<RangerPolicyResource>(); + + if(resources != null) { + for(RangerPolicyResource resource : resources) { + this.resources.add(resource); + } + } + } + + /** + * @return the policyItems + */ + public List<RangerPolicyItem> getPolicyItems() { + return policyItems; + } + + /** + * @param policyItems the policyItems to set + */ + public void setPolicyItems(List<RangerPolicyItem> policyItems) { + this.policyItems = new ArrayList<RangerPolicyItem>(); + + if(policyItems != null) { + for(RangerPolicyItem policyItem : policyItems) { + this.policyItems.add(policyItem); + } + } + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicy={"); + + super.toString(sb); + + sb.append("service={").append(service).append("} "); + sb.append("name={").append(name).append("} "); + sb.append("description={").append(description).append("} "); + sb.append("isEnabled={").append(isEnabled).append("} "); + sb.append("isAuditEnabled={").append(isAuditEnabled).append("} "); + + sb.append("resources={"); + if(resources != null) { + for(RangerPolicyResource resource : resources) { + if(resource != null) { + resource.toString(sb); + } + } + } + sb.append("} "); + + sb.append("policyItems={"); + if(policyItems != null) { + for(RangerPolicyItem policyItem : policyItems) { + if(policyItem != null) { + policyItem.toString(sb); + } + } + } + sb.append("} "); + + sb.append("}"); + + return sb; + } + + + public static class RangerPolicyResource implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String type = null; + private String value = null; + private Boolean isExcludes = null; + private Boolean isRecursive = null; + + + public RangerPolicyResource() { + this(null, null, null, null); + } + + public RangerPolicyResource(String type, String value, Boolean isExcludes, Boolean isRecursive) { + setType(type); + setValue(value); + setIsExcludes(isExcludes); + setIsRecursive(isRecursive); + } + + /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** + * @return the value + */ + public String getValue() { + return value; + } + + /** + * @param value the value to set + */ + public void setValue(String value) { + this.value = value; + } + + /** + * @return the isExcludes + */ + public Boolean getIsExcludes() { + return isExcludes; + } + + /** + * @param isExcludes the isExcludes to set + */ + public void setIsExcludes(Boolean isExcludes) { + this.isExcludes = isExcludes == null ? Boolean.FALSE : isExcludes; + } + + /** + * @return the isRecursive + */ + public Boolean getIsRecursive() { + return isRecursive; + } + + /** + * @param isRecursive the isRecursive to set + */ + public void setIsRecursive(Boolean isRecursive) { + this.isRecursive = isRecursive == null ? Boolean.FALSE : isRecursive; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyResource={"); + sb.append("type={").append(type).append("} "); + sb.append("value={").append(value).append("} "); + sb.append("isExcludes={").append(isExcludes).append("} "); + sb.append("isRecursive={").append(isRecursive).append("} "); + sb.append("}"); + + return sb; + } + } + + public static class RangerPolicyItem implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private List<RangerPolicyItemAccess> accesses = null; + private List<String> users = null; + private List<String> groups = null; + private List<RangerPolicyItemCondition> conditions = null; + private Boolean delegateAdmin = null; + + public RangerPolicyItem() { + this(null, null, null, null, null); + } + + public RangerPolicyItem(List<RangerPolicyItemAccess> accessTypes, List<String> users, List<String> groups, List<RangerPolicyItemCondition> conditions, Boolean delegateAdmin) { + setAccesses(accessTypes); + setUsers(users); + setGroups(groups); + setConditions(conditions); + setDelegateAdmin(delegateAdmin); + } + + /** + * @return the accesses + */ + public List<RangerPolicyItemAccess> getAccesses() { + return accesses; + } + /** + * @param accesses the accesses to set + */ + public void setAccesses(List<RangerPolicyItemAccess> accesses) { + this.accesses = new ArrayList<RangerPolicyItemAccess>(); + + if(accesses != null) { + for(RangerPolicyItemAccess access : accesses) { + this.accesses.add(access); + } + } + } + /** + * @return the users + */ + public List<String> getUsers() { + return users; + } + /** + * @param users the users to set + */ + public void setUsers(List<String> users) { + this.users = new ArrayList<String>(); + + if(users != null) { + for(String user : users) { + this.users.add(user); + } + } + } + /** + * @return the groups + */ + public List<String> getGroups() { + return groups; + } + /** + * @param groups the groups to set + */ + public void setGroups(List<String> groups) { + this.groups = new ArrayList<String>(); + + if(groups != null) { + for(String group : groups) { + this.groups.add(group); + } + } + } + /** + * @return the conditions + */ + public List<RangerPolicyItemCondition> getConditions() { + return conditions; + } + /** + * @param conditions the conditions to set + */ + public void setConditions(List<RangerPolicyItemCondition> conditions) { + this.conditions = new ArrayList<RangerPolicyItemCondition>(); + + if(conditions != null) { + for(RangerPolicyItemCondition condition : conditions) { + this.conditions.add(condition); + } + } + } + + /** + * @return the delegateAdmin + */ + public Boolean getDelegateAdmin() { + return delegateAdmin; + } + + /** + * @param delegateAdmin the delegateAdmin to set + */ + public void setDelegateAdmin(Boolean delegateAdmin) { + this.delegateAdmin = delegateAdmin == null ? Boolean.FALSE : delegateAdmin; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyItem={"); + + sb.append("accessTypes={"); + if(accesses != null) { + for(RangerPolicyItemAccess access : accesses) { + if(access != null) { + access.toString(sb); + } + } + } + sb.append("} "); + + sb.append("users={"); + if(users != null) { + for(String user : users) { + if(user != null) { + sb.append(user).append(" "); + } + } + } + sb.append("} "); + + sb.append("groups={"); + if(groups != null) { + for(String group : groups) { + if(group != null) { + sb.append(group).append(" "); + } + } + } + sb.append("} "); + + sb.append("conditions={"); + if(conditions != null) { + for(RangerPolicyItemCondition condition : conditions) { + if(condition != null) { + condition.toString(sb); + } + } + } + sb.append("} "); + + sb.append("delegateAdmin={").append(delegateAdmin).append("} "); + sb.append("}"); + + return sb; + } + } + + public static class RangerPolicyItemAccess implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String type = null; + private Boolean isAllowed = null; + + public RangerPolicyItemAccess() { + this(null, null); + } + + public RangerPolicyItemAccess(String type, Boolean value) { + setType(type); + setValue(value); + } + + /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** + * @return the value + */ + public Boolean getValue() { + return isAllowed; + } + + /** + * @param value the value to set + */ + public void setValue(Boolean isAllowed) { + this.isAllowed = isAllowed == null ? Boolean.FALSE : isAllowed; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyItemAccess={"); + sb.append("type={").append(type).append("} "); + sb.append("isAllowed={").append(isAllowed).append("} "); + sb.append("}"); + + return sb; + } + } + + public static class RangerPolicyItemCondition implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String type = null; + private String value = null; + + public RangerPolicyItemCondition() { + this(null, null); + } + + public RangerPolicyItemCondition(String type, String value) { + setType(type); + setValue(value); + } + + /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** + * @return the value + */ + public String getValue() { + return value; + } + + /** + * @param value the value to set + */ + public void setValue(String value) { + this.value = value; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyItemCondition={"); + sb.append("type={").append(type).append("} "); + sb.append("value={").append(value).append("} "); + sb.append("}"); + + return sb; + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java new file mode 100644 index 0000000..9bdb086 --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java @@ -0,0 +1,190 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.model; + +import java.util.HashMap; +import java.util.Map; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonIgnoreProperties; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.map.annotate.JsonSerialize; + + +@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY) +@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL ) +@JsonIgnoreProperties(ignoreUnknown=true) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerService extends RangerBaseModelObject implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String type = null; + private String name = null; + private String description = null; + private Boolean isEnabled = null; + private Map<String, String> configs = null; + + + /** + * @param type + */ + public RangerService() { + this(null, null, null, null, null); + } + + /** + * @param type + * @param name + * @param description + * @param isEnabled + * @param configs + */ + public RangerService(String type, String name, String description, Boolean isEnabled, Map<String, String> configs) { + super(); + + setType(type); + setName(name); + setDescription(description); + setIsEnabled(isEnabled); + setConfigs(configs); + } + + public void updateFrom(RangerService other) { + super.updateFrom(other); + + setType(other.getType()); + setName(other.getName()); + setDescription(other.getDescription()); + setIsEnabled(other.getIsEnabled()); + setConfigs(other.getConfigs()); + } + + /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the isEnabled + */ + public Boolean getIsEnabled() { + return isEnabled; + } + + /** + * @param isEnabled the isEnabled to set + */ + public void setIsEnabled(Boolean isEnabled) { + this.isEnabled = isEnabled == null ? Boolean.TRUE : isEnabled; + } + + /** + * @return the configs + */ + public Map<String, String> getConfigs() { + return configs; + } + + /** + * @param configs the configs to set + */ + public void setConfigs(Map<String, String> configs) { + this.configs = new HashMap<String, String>(); + + if(configs != null) { + for(Map.Entry<String, String> e : configs.entrySet()) { + this.configs.put(e.getKey(), e.getValue()); + } + } + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerService={"); + + super.toString(sb); + sb.append("name={").append(name).append("} "); + sb.append("type={").append(type).append("} "); + sb.append("description={").append(description).append("} "); + sb.append("isEnabled={").append(isEnabled).append("} "); + + sb.append("configs={"); + if(configs != null) { + for(Map.Entry<String, String> e : configs.entrySet()) { + sb.append(e.getKey()).append("={").append(e.getValue()).append("} "); + } + } + sb.append("} "); + + sb.append("}"); + + return sb; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java new file mode 100644 index 0000000..524abea --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java @@ -0,0 +1,1146 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.model; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonIgnoreProperties; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.map.annotate.JsonSerialize; + + +@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY) +@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL ) +@JsonIgnoreProperties(ignoreUnknown=true) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerServiceDef extends RangerBaseModelObject implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String name = null; + private String implClass = null; + private String label = null; + private String description = null; + private String rbKeyLabel = null; + private String rbKeyDescription = null; + private List<RangerServiceConfigDef> configs = null; + private List<RangerResourceDef> resources = null; + private List<RangerAccessTypeDef> accessTypes = null; + private List<RangerPolicyConditionDef> policyConditions = null; + private List<RangerEnumDef> enums = null; + + + public RangerServiceDef() { + this(null, null, null, null, null, null, null, null, null); + } + + public RangerServiceDef(String name, String implClass, String label, String description, List<RangerServiceConfigDef> configs, List<RangerResourceDef> resources, List<RangerAccessTypeDef> accessTypes, List<RangerPolicyConditionDef> policyConditions, List<RangerEnumDef> enums) { + super(); + + setName(name); + setImplClass(implClass); + setLabel(label); + setDescription(description); + setConfigs(configs); + setResources(resources); + setAccessTypes(accessTypes); + setPolicyConditions(policyConditions); + setEnums(enums); + } + + public void updateFrom(RangerServiceDef other) { + setName(other.getName()); + setImplClass(other.getImplClass()); + setLabel(other.getLabel()); + setDescription(other.getDescription()); + setConfigs(other.getConfigs()); + setResources(other.getResources()); + setAccessTypes(other.getAccessTypes()); + setPolicyConditions(other.getPolicyConditions()); + setEnums(other.getEnums()); + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the implClass + */ + public String getImplClass() { + return implClass; + } + + /** + * @param implClass the implClass to set + */ + public void setImplClass(String implClass) { + this.implClass = implClass; + } + + /** + * @return the label + */ + public String getLabel() { + return label; + } + + /** + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the rbKeyLabel + */ + public String getRbKeyLabel() { + return rbKeyLabel; + } + + /** + * @param rbKeyLabel the rbKeyLabel to set + */ + public void setRbKeyLabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + /** + * @return the rbKeyDescription + */ + public String getRbKeyDescription() { + return rbKeyDescription; + } + + /** + * @param rbKeyDescription the rbKeyDescription to set + */ + public void setRbKeyDescription(String rbKeyDescription) { + this.rbKeyDescription = rbKeyDescription; + } + + /** + * @return the configs + */ + public List<RangerServiceConfigDef> getConfigs() { + return configs; + } + + /** + * @param configs the configs to set + */ + public void setConfigs(List<RangerServiceConfigDef> configs) { + this.configs = new ArrayList<RangerServiceConfigDef>(); + + if(configs != null) { + for(RangerServiceConfigDef config : configs) { + this.configs.add(config); + } + } + } + + /** + * @return the resources + */ + public List<RangerResourceDef> getResources() { + return resources; + } + + /** + * @param resources the resources to set + */ + public void setResources(List<RangerResourceDef> resources) { + this.resources = new ArrayList<RangerResourceDef>(); + + if(resources != null) { + for(RangerResourceDef resource : resources) { + this.resources.add(resource); + } + } + } + + /** + * @return the accessTypes + */ + public List<RangerAccessTypeDef> getAccessTypes() { + return accessTypes; + } + + /** + * @param accessTypes the accessTypes to set + */ + public void setAccessTypes(List<RangerAccessTypeDef> accessTypes) { + this.accessTypes = new ArrayList<RangerAccessTypeDef>(); + + if(accessTypes != null) { + for(RangerAccessTypeDef accessType : accessTypes) { + this.accessTypes.add(accessType); + } + } + } + + /** + * @return the policyConditions + */ + public List<RangerPolicyConditionDef> getPolicyConditions() { + return policyConditions; + } + + /** + * @param policyConditions the policyConditions to set + */ + public void setPolicyConditions(List<RangerPolicyConditionDef> policyConditions) { + this.policyConditions = new ArrayList<RangerPolicyConditionDef>(); + + if(policyConditions != null) { + for(RangerPolicyConditionDef policyCondition : policyConditions) { + this.policyConditions.add(policyCondition); + } + } + } + + /** + * @return the enums + */ + public List<RangerEnumDef> getEnums() { + return enums; + } + + /** + * @param enums the enums to set + */ + public void setEnums(List<RangerEnumDef> enums) { + this.enums = new ArrayList<RangerEnumDef>(); + + if(enums != null) { + for(RangerEnumDef enum1 : enums) { + this.enums.add(enum1); + } + } + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerServiceDef={"); + + super.toString(sb); + + sb.append("name={").append(name).append("} "); + sb.append("implClass={").append(implClass).append("} "); + sb.append("label={").append(label).append("} "); + sb.append("description={").append(description).append("} "); + sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); + sb.append("rbKeyDescription={").append(rbKeyDescription).append("} "); + + sb.append("configs={"); + if(configs != null) { + for(RangerServiceConfigDef config : configs) { + if(config != null) { + config.toString(sb); + } + } + } + sb.append("} "); + + sb.append("resources={"); + if(resources != null) { + for(RangerResourceDef resource : resources) { + if(resource != null) { + resource.toString(sb); + } + } + } + sb.append("} "); + + sb.append("accessTypes={"); + if(accessTypes != null) { + for(RangerAccessTypeDef accessType : accessTypes) { + if(accessType != null) { + accessType.toString(sb); + } + } + } + sb.append("} "); + + sb.append("policyConditions={"); + if(policyConditions != null) { + for(RangerPolicyConditionDef policyCondition : policyConditions) { + if(policyCondition != null) { + policyCondition.toString(sb); + } + } + } + sb.append("} "); + + sb.append("enums={"); + if(enums != null) { + for(RangerEnumDef e : enums) { + if(e != null) { + e.toString(sb); + } + } + } + sb.append("} "); + + sb.append("}"); + + return sb; + } + + + public static class RangerEnumDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String name = null; + private List<RangerEnumElementDef> elements = null; + private Integer defaultIndex = null; + + + public RangerEnumDef() { + this(null, null, null); + } + + public RangerEnumDef(String name, List<RangerEnumElementDef> elements, Integer defaultIndex) { + setName(name); + setElements(elements); + setDefaultIndex(defaultIndex); + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the elements + */ + public List<RangerEnumElementDef> getElements() { + return elements; + } + + /** + * @param elements the elements to set + */ + public void setElements(List<RangerEnumElementDef> elements) { + this.elements = new ArrayList<RangerEnumElementDef>(); + + if(elements != null) { + for(RangerEnumElementDef element : elements) { + this.elements.add(element); + } + } + } + + /** + * @return the defaultIndex + */ + public Integer getDefaultIndex() { + return defaultIndex; + } + + /** + * @param defaultIndex the defaultIndex to set + */ + public void setDefaultIndex(Integer defaultIndex) { + this.defaultIndex = (defaultIndex != null && this.elements.size() > defaultIndex) ? defaultIndex : 0; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerEnumDef={"); + sb.append("name={").append(name).append("} "); + sb.append("elements={"); + if(elements != null) { + for(RangerEnumElementDef element : elements) { + if(element != null) { + element.toString(sb); + } + } + } + sb.append("} "); + sb.append("defaultIndex={").append(defaultIndex).append("} "); + sb.append("}"); + + return sb; + } + } + + + public static class RangerEnumElementDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String name = null; + private String label = null; + private String rbKeyLabel = null; + + + public RangerEnumElementDef() { + this(null, null, null); + } + + public RangerEnumElementDef(String name, String label, String rbKeyLabel) { + setName(name); + setLabel(label); + setRbKeyLabel(rbKeyLabel); + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the label + */ + public String getLabel() { + return label; + } + + /** + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @return the rbKeyLabel + */ + public String getRbKeyLabel() { + return rbKeyLabel; + } + + /** + * @param rbKeyLabel the rbKeyLabel to set + */ + public void setRbKeyLabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerEnumElementDef={"); + sb.append("name={").append(name).append("} "); + sb.append("label={").append(label).append("} "); + sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); + sb.append("}"); + + return sb; + } + } + + + public static class RangerServiceConfigDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String name = null; + private String type = null; + private String subType = null; + private Boolean mandatory = null; + private String defaultValue = null; + private String label = null; + private String description = null; + private String rbKeyLabel = null; + private String rbKeyDescription = null; + + + public RangerServiceConfigDef() { + this(null, null, null, null, null, null, null, null, null); + } + + public RangerServiceConfigDef(String name, String type, String subType, Boolean mandatory, String defaultValue, String label, String description, String rbKeyLabel, String rbKeyDescription) { + setName(name); + setType(type); + setSubType(subType); + setMandatory(mandatory); + setDefaultValue(defaultValue); + setLabel(label); + setDescription(description); + setRbKeyLabel(rbKeyLabel); + setRbKeyDescription(rbKeyDescription); + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** + * @return the type + */ + public String getSubType() { + return subType; + } + + /** + * @param type the type to set + */ + public void setSubType(String subType) { + this.subType = subType; + } + + /** + * @return the mandatory + */ + public Boolean getMandatory() { + return mandatory; + } + + /** + * @param mandatory the mandatory to set + */ + public void setMandatory(Boolean mandatory) { + this.mandatory = mandatory == null ? Boolean.FALSE : mandatory; + } + + /** + * @return the defaultValue + */ + public String getDefaultValue() { + return defaultValue; + } + + /** + * @param defaultValue the defaultValue to set + */ + public void setDefaultValue(String defaultValue) { + this.defaultValue = defaultValue; + } + + /** + * @return the label + */ + public String getLabel() { + return label; + } + + /** + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the rbKeyLabel + */ + public String getRbKeyLabel() { + return rbKeyLabel; + } + + /** + * @param rbKeyLabel the rbKeyLabel to set + */ + public void setRbKeyLabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + /** + * @return the rbKeyDescription + */ + public String getRbKeyDescription() { + return rbKeyDescription; + } + + /** + * @param rbKeyDescription the rbKeyDescription to set + */ + public void setRbKeyDescription(String rbKeyDescription) { + this.rbKeyDescription = rbKeyDescription; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerServiceConfigDef={"); + sb.append("name={").append(name).append("} "); + sb.append("type={").append(type).append("} "); + sb.append("subType={").append(subType).append("} "); + sb.append("mandatory={").append(mandatory).append("} "); + sb.append("defaultValue={").append(defaultValue).append("} "); + sb.append("label={").append(label).append("} "); + sb.append("description={").append(description).append("} "); + sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); + sb.append("rbKeyDescription={").append(rbKeyDescription).append("} "); + sb.append("}"); + + return sb; + } + } + + + public static class RangerResourceDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String name = null; + private Integer level = null; + private String parent = null; + private Boolean mandatory = null; + private Boolean lookupSupported = null; + private Boolean recursiveSupported = null; + private Boolean excludesSupported = null; + private String label = null; + private String description = null; + private String rbKeyLabel = null; + private String rbKeyDescription = null; + + + public RangerResourceDef() { + this(null, null, null, null, null, null, null, null, null, null, null); + } + + public RangerResourceDef(String name, Integer level, String parent, Boolean mandatory, Boolean lookupSupported, Boolean recursiveSupported, Boolean excludesSupported, String label, String description, String rbKeyLabel, String rbKeyDescription) { + setName(name); + setLevel(level); + setParent(parent); + setMandatory(mandatory); + setLookupSupported(lookupSupported); + setRecursiveSupported(recursiveSupported); + setExcludesSupported(excludesSupported); + setLabel(label); + setDescription(description); + setRbKeyLabel(rbKeyLabel); + setRbKeyDescription(rbKeyDescription); + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the level + */ + public Integer getLevel() { + return level; + } + + /** + * @param level the level to set + */ + public void setLevel(Integer level) { + this.level = level == null ? 1 : level; + } + + /** + * @return the parent + */ + public String getParent() { + return parent; + } + + /** + * @param parent the parent to set + */ + public void setParent(String parent) { + this.parent = parent; + } + + /** + * @return the mandatory + */ + public Boolean getMandatory() { + return mandatory; + } + + /** + * @param mandatory the mandatory to set + */ + public void setMandatory(Boolean mandatory) { + this.mandatory = mandatory == null ? Boolean.FALSE : mandatory; + } + + /** + * @return the lookupSupported + */ + public Boolean getLookupSupported() { + return lookupSupported; + } + + /** + * @param lookupSupported the lookupSupported to set + */ + public void setLookupSupported(Boolean lookupSupported) { + this.lookupSupported = lookupSupported == null ? Boolean.FALSE : lookupSupported; + } + + /** + * @return the recursiveSupported + */ + public Boolean getRecursiveSupported() { + return recursiveSupported; + } + + /** + * @param recursiveSupported the recursiveSupported to set + */ + public void setRecursiveSupported(Boolean recursiveSupported) { + this.recursiveSupported = recursiveSupported == null ? Boolean.FALSE : recursiveSupported; + } + + /** + * @return the excludesSupported + */ + public Boolean getExcludesSupported() { + return excludesSupported; + } + + /** + * @param excludesSupported the excludesSupported to set + */ + public void setExcludesSupported(Boolean excludesSupported) { + this.excludesSupported = excludesSupported == null ? Boolean.FALSE : excludesSupported; + } + + /** + * @return the label + */ + public String getLabel() { + return label; + } + + /** + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the rbKeyLabel + */ + public String getRbKeyLabel() { + return rbKeyLabel; + } + + /** + * @param rbKeyLabel the rbKeyLabel to set + */ + public void setRbKeyLabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + /** + * @return the rbKeyDescription + */ + public String getRbKeyDescription() { + return rbKeyDescription; + } + + /** + * @param rbKeyDescription the rbKeyDescription to set + */ + public void setRbKeyDescription(String rbKeyDescription) { + this.rbKeyDescription = rbKeyDescription; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerResourceDef={"); + sb.append("name={").append(name).append("} "); + sb.append("level={").append(level).append("} "); + sb.append("parent={").append(parent).append("} "); + sb.append("mandatory={").append(mandatory).append("} "); + sb.append("lookupSupported={").append(lookupSupported).append("} "); + sb.append("recursiveSupported={").append(recursiveSupported).append("} "); + sb.append("excludesSupported={").append(excludesSupported).append("} "); + sb.append("label={").append(label).append("} "); + sb.append("description={").append(description).append("} "); + sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); + sb.append("rbKeyDescription={").append(rbKeyDescription).append("} "); + sb.append("}"); + + return sb; + } + } + + + public static class RangerAccessTypeDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String name = null; + private String label = null; + private String rbKeyLabel = null; + + + public RangerAccessTypeDef() { + this(null, null, null); + } + + public RangerAccessTypeDef(String name, String label, String rbKeyLabel) { + setName(name); + setLabel(label); + setRbKeyLabel(rbKeyLabel); + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the label + */ + public String getLabel() { + return label; + } + + /** + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @return the rbKeyLabel + */ + public String getRbKeyLabel() { + return rbKeyLabel; + } + + /** + * @param rbKeyLabel the rbKeyLabel to set + */ + public void setRbKeyLabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerAccessTypeDef={"); + sb.append("name={").append(name).append("} "); + sb.append("label={").append(label).append("} "); + sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); + sb.append("}"); + + return sb; + } + } + + + public static class RangerPolicyConditionDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String name = null; + private String evalClass = null; + private String label = null; + private String description = null; + private String rbKeyLabel = null; + private String rbKeyDescription = null; + + + public RangerPolicyConditionDef() { + this(null, null, null, null, null, null); + } + + public RangerPolicyConditionDef(String name, String evalClass) { + this(name, evalClass, null, null, null, null); + } + + public RangerPolicyConditionDef(String name, String evalClass, String label) { + this(name, evalClass, label, null, null, null); + } + + public RangerPolicyConditionDef(String name, String evalClass, String label, String description) { + this(name, evalClass, label, description, null, null); + } + + public RangerPolicyConditionDef(String name, String evalClass, String label, String description, String rbKeyLabel, String rbKeyDescription) { + setName(name); + setEvalClass(evalClass); + setLabel(label); + setDescription(description); + setRbKeyLabel(rbKeyLabel); + setRbKeyDescription(rbKeyDescription); + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the evalClass + */ + public String getEvalClass() { + return evalClass; + } + + /** + * @param evalClass the evalClass to set + */ + public void setEvalClass(String evalClass) { + this.evalClass = evalClass; + } + + /** + * @return the label + */ + public String getLabel() { + return label; + } + + /** + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the rbKeyLabel + */ + public String getRbKeyLabel() { + return rbKeyLabel; + } + + /** + * @param rbKeyLabel the rbKeyLabel to set + */ + public void setRbKeyLabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + /** + * @return the rbKeyDescription + */ + public String getRbKeyDescription() { + return rbKeyDescription; + } + + /** + * @param rbKeyDescription the rbKeyDescription to set + */ + public void setRbKeyDescription(String rbKeyDescription) { + this.rbKeyDescription = rbKeyDescription; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyConditionDef={"); + sb.append("name={").append(name).append("} "); + sb.append("evalClass={").append(evalClass).append("} "); + sb.append("label={").append(label).append("} "); + sb.append("description={").append(description).append("} "); + sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); + sb.append("rbKeyDescription={").append(rbKeyDescription).append("} "); + sb.append("}"); + + return sb; + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java new file mode 100644 index 0000000..1abc3f2 --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.policyengine; + +import java.util.Collection; + +public interface RangerAccessRequest { + RangerResource getResource(); + + Collection<String> getAccessTypes(); + + String getRequestUser(); + + Collection<String> getRequestUserGroups(); + + String getClientIPAddress(); + + String getClientType(); + + String getAction(); + + String getRequestData(); + + String getSessionId(); +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java new file mode 100644 index 0000000..5867e67 --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java @@ -0,0 +1,98 @@ +package org.apache.ranger.plugin.policyengine; + +import java.util.Collection; + + +public class RangerAccessRequestImpl implements RangerAccessRequest { + private RangerResource resource = null; + private Collection<String> accessTypes = null; + private String requestUser = null; + private Collection<String> requestUserGroups = null; + private String clientIPAddress = null; + private String clientType = null; + private String action = null; + private String requestData = null; + private String sessionId = null; + + @Override + public RangerResource getResource() { + return resource; + } + + @Override + public Collection<String> getAccessTypes() { + return accessTypes; + } + + @Override + public String getRequestUser() { + return requestUser; + } + + @Override + public Collection<String> getRequestUserGroups() { + return requestUserGroups; + } + + @Override + public String getClientIPAddress() { + return clientIPAddress; + } + + @Override + public String getClientType() { + return clientType; + } + + @Override + public String getAction() { + return action; + } + + @Override + public String getRequestData() { + return requestData; + } + + @Override + public String getSessionId() { + return sessionId; + } + + + public void setResource(RangerResource resource) { + this.resource = resource; + } + + public void setAccessTypes(Collection<String> accessTypes) { + this.accessTypes = accessTypes; + } + + public void setRequestUser(String requestUser) { + this.requestUser = requestUser; + } + + public void setRequestUserGroups(Collection<String> requestUserGroups) { + this.requestUserGroups = requestUserGroups; + } + + public void setClientIPAddress(String clientIPAddress) { + this.clientIPAddress = clientIPAddress; + } + + public void setClientType(String clientType) { + this.clientType = clientType; + } + + public void setAction(String action) { + this.action = action; + } + + public void setRequestData(String requestData) { + this.requestData = requestData; + } + + public void setSessionId(String sessionId) { + this.sessionId = sessionId; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java new file mode 100644 index 0000000..aee6716 --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.policyengine; + +import java.util.List; + +public interface RangerPolicyEngine { + boolean isAccessAllowed(RangerAccessRequest request); + + boolean isAccessAllowed(List<RangerAccessRequest> requests, List<Boolean> results); + + void auditAccess(RangerAccessRequest request); + + void auditAccess(List<RangerAccessRequest> requests, List<Boolean> results); +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java new file mode 100644 index 0000000..71274f3 --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java @@ -0,0 +1,114 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.policyengine; + +import java.util.List; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.plugin.manager.ServiceDefManager; +import org.apache.ranger.plugin.manager.ServiceManager; +import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerService; +import org.apache.ranger.plugin.model.RangerServiceDef; + + +public class RangerPolicyEngineImpl implements RangerPolicyEngine { + private static final Log LOG = LogFactory.getLog(RangerPolicyEngineImpl.class); + + private String svcName = null; + private ServiceDefManager sdMgr = null; + private ServiceManager svcMgr = null; + private RangerService service = null; + private RangerServiceDef serviceDef = null; + private List<RangerPolicy> policies = null; + + public RangerPolicyEngineImpl() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPolicyEngine()"); + } + + sdMgr = new ServiceDefManager(); + svcMgr = new ServiceManager(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPolicyEngine()"); + } + } + + public void init(String serviceName) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPolicyEngine.init(" + serviceName + ")"); + } + + svcName = serviceName; + service = svcMgr.getByName(svcName); + + if(service == null) { + LOG.error(svcName + ": service not found"); + } else { + serviceDef = sdMgr.getByName(service.getType()); + + if(serviceDef == null) { + String msg = service.getType() + ": service-def not found"; + + LOG.error(msg); + + throw new Exception(msg); + } + + policies = svcMgr.getPolicies(service.getId()); + + if(LOG.isDebugEnabled()) { + LOG.debug("found " + (policies == null ? 0 : policies.size()) + " policies in service '" + svcName + "'"); + } + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPolicyEngine.init(" + serviceName + ")"); + } + } + + @Override + public boolean isAccessAllowed(RangerAccessRequest request) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isAccessAllowed(List<RangerAccessRequest> requests, + List<Boolean> results) { + // TODO Auto-generated method stub + return false; + } + + @Override + public void auditAccess(RangerAccessRequest request) { + // TODO Auto-generated method stub + + } + + @Override + public void auditAccess(List<RangerAccessRequest> requests, + List<Boolean> results) { + // TODO Auto-generated method stub + + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java new file mode 100644 index 0000000..b07f42a --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.policyengine; + +import java.util.List; + +public interface RangerResource { + public abstract String getOwnerUser(); + + public abstract String getElementValue(String type); + + public abstract List<String> getElementValues(String type); + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java new file mode 100644 index 0000000..5d5a81d --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java @@ -0,0 +1,137 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.policyengine; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + + +public class RangerResourceImpl implements RangerResource { + private String ownerUser = null; + private Map<String, Object> elements = null; + + + public RangerResourceImpl() { + } + + @Override + public String getOwnerUser() { + return ownerUser; + } + + @Override + public String getElementValue(String type) { + String ret = null; + + if(elements != null) { + Object value = elements.get(type); + + if(value != null) { + if(value instanceof String) { + ret = (String)value; + } else { // value must be a List<String> + @SuppressWarnings("unchecked") + List<String> list = (List<String>)value; + + if(list != null && list.size() > 0) { + ret = list.get(0); + } + } + } + } + + return ret; + } + + @Override + public List<String> getElementValues(String type) { + List<String> ret = null; + + if(elements != null) { + Object value = elements.get(type); + + if(value != null) { + if(value instanceof String) { + ret = new ArrayList<String>(); + ret.add((String)value); + } else { // value must be a List<String> + @SuppressWarnings("unchecked") + List<String> tmpList = (List<String>)value; + + ret = tmpList; + } + } + } + + return ret; + } + + public void setOwnerUser(String ownerUser) { + this.ownerUser = ownerUser; + } + + public void setElement(String type, String value) { + if(elements == null) { + elements = new HashMap<String, Object>(); + } + + elements.put(type, value); + } + + public void setElement(String type, List<String> value) { + if(elements == null) { + elements = new HashMap<String, Object>(); + } + + elements.put(type, value); + } + + public void addElement(String type, String value) { + if(elements == null) { + elements = new HashMap<String, Object>(); + } + + Object val = elements.get(type); + + if(val == null) { + elements.put(type, value); + } else { + List<String> list = null; + + if(val instanceof String) { // convert to a list-value + list = new ArrayList<String>(); + + elements.put(type, list); + + list.add((String)val); + } else { // value must be a List<String> + @SuppressWarnings("unchecked") + List<String> tmpList = (List<String>)val; + + list = tmpList; + } + + list.add(value); + } + + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceDefStore.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceDefStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceDefStore.java new file mode 100644 index 0000000..5489031 --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceDefStore.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.store; + +import java.util.List; + +import org.apache.ranger.plugin.model.RangerServiceDef; + +public interface ServiceDefStore { + RangerServiceDef create(RangerServiceDef serviceDef) throws Exception; + + RangerServiceDef update(RangerServiceDef serviceDef) throws Exception; + + void delete(Long id) throws Exception; + + RangerServiceDef get(Long id) throws Exception; + + RangerServiceDef getByName(String name) throws Exception; + + List<RangerServiceDef> getAll() throws Exception; +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e99d911d/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java new file mode 100644 index 0000000..c5b0724 --- /dev/null +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.store; + +import java.util.List; + +import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerService; + +public interface ServiceStore { + RangerService create(RangerService service) throws Exception; + + RangerService update(RangerService service) throws Exception; + + void delete(Long id) throws Exception; + + RangerService get(Long id) throws Exception; + + RangerService getByName(String name) throws Exception; + + List<RangerService> getAll() throws Exception; + + + RangerPolicy createPolicy(RangerPolicy policy) throws Exception; + + RangerPolicy updatePolicy(RangerPolicy policy) throws Exception; + + void deletePolicy(Long id) throws Exception; + + RangerPolicy getPolicy(Long id) throws Exception; + + RangerPolicy getPolicyByName(String serviceName, String policyName) throws Exception; + + List<RangerPolicy> getServicePolicies(String serviceName) throws Exception; + + List<RangerPolicy> getServicePolicies(Long serviceId) throws Exception; + + List<RangerPolicy> getAllPolicies() throws Exception; +}
