Repository: incubator-ranger Updated Branches: refs/heads/stack 4701f98c5 -> 7771e7efb
RANGER-203: added ResourceDef.type field to capture the type of the resource (int, string, enum, ..). Currently all resources are of type string; however, it is possible that a future service might have a resource of type enum/int. Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/7771e7ef Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/7771e7ef Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/7771e7ef Branch: refs/heads/stack Commit: 7771e7efbbb71198f88974022d18117b2872a669 Parents: 4701f98 Author: Madhan Neethiraj <[email protected]> Authored: Mon Jan 5 22:06:13 2015 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Mon Jan 5 22:06:13 2015 -0800 ---------------------------------------------------------------------- .../ranger/plugin/model/RangerServiceDef.java | 21 ++++++- .../policyengine/RangerMutableResource.java | 2 +- .../policyengine/RangerPolicyEngineImpl.java | 66 ++++++++++++++++++-- .../plugin/policyengine/RangerResource.java | 8 +-- .../plugin/policyengine/RangerResourceImpl.java | 53 +++------------- .../RangerDefaultPolicyEvaluator.java | 22 +++---- .../service-defs/ranger-servicedef-hbase.json | 6 +- .../service-defs/ranger-servicedef-hdfs.json | 2 +- .../service-defs/ranger-servicedef-hive.json | 8 +-- .../service-defs/ranger-servicedef-knox.json | 4 +- .../service-defs/ranger-servicedef-storm.json | 2 +- .../plugin/policyengine/TestPolicyEngine.java | 6 +- 12 files changed, 115 insertions(+), 85 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7771e7ef/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java index 5f8cf22..4bc50c7 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java @@ -707,6 +707,7 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S private static final long serialVersionUID = 1L; private String name = null; + private String type = null; private Integer level = null; private String parent = null; private Boolean mandatory = null; @@ -722,11 +723,12 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S public RangerResourceDef() { - this(null, null, null, null, null, null, null, null, null, null, null, null, null); + this(null, null, null, null, null, null, null, null, null, null, null, null, null, null); } - public RangerResourceDef(String name, Integer level, String parent, Boolean mandatory, Boolean lookupSupported, Boolean recursiveSupported, Boolean excludesSupported, String matcher, String matcherOptions, String label, String description, String rbKeyLabel, String rbKeyDescription) { + public RangerResourceDef(String name, String type, Integer level, String parent, Boolean mandatory, Boolean lookupSupported, Boolean recursiveSupported, Boolean excludesSupported, String matcher, String matcherOptions, String label, String description, String rbKeyLabel, String rbKeyDescription) { setName(name); + setType(type); setLevel(level); setParent(parent); setMandatory(mandatory); @@ -756,6 +758,20 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S } /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** * @return the level */ public Integer getLevel() { @@ -935,6 +951,7 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S public StringBuilder toString(StringBuilder sb) { sb.append("RangerResourceDef={"); sb.append("name={").append(name).append("} "); + sb.append("type={").append(type).append("} "); sb.append("level={").append(level).append("} "); sb.append("parent={").append(parent).append("} "); sb.append("mandatory={").append(mandatory).append("} "); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7771e7ef/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java index 98ff4ba..f49bf8c 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java @@ -23,5 +23,5 @@ package org.apache.ranger.plugin.policyengine; public interface RangerMutableResource extends RangerResource { void setOwnerUser(String ownerUser); - void setElement(String type, String value); + void setValue(String type, String value); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7771e7ef/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java index 1df9298..b0104df 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java @@ -24,11 +24,9 @@ import java.util.List; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.manager.ServiceDefManager; -import org.apache.ranger.plugin.manager.ServiceManager; import org.apache.ranger.plugin.model.RangerPolicy; -import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyEvaluator; import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator; @@ -36,7 +34,10 @@ import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator; public class RangerPolicyEngineImpl implements RangerPolicyEngine { private static final Log LOG = LogFactory.getLog(RangerPolicyEngineImpl.class); + private static final String RESOURCE_SEP = "/"; + private boolean autoAuditEnabled = true; + private RangerServiceDef serviceDef = null; private List<RangerPolicyEvaluator> policyEvaluators = null; @@ -61,7 +62,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerPolicyEngineImpl.setPolicies(" + serviceDef + ", " + policies + ")"); } - + if(serviceDef != null && policies != null) { List<RangerPolicyEvaluator> evaluators = new ArrayList<RangerPolicyEvaluator>(); @@ -74,7 +75,8 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { } } } - + + this.serviceDef = serviceDef; this.policyEvaluators = evaluators; } else { LOG.error("RangerPolicyEngineImpl.setPolicies(): invalid arguments - null serviceDef/policies"); @@ -109,6 +111,10 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { } } + if(autoAuditEnabled) { + // TODO: generate access audit + } + if(LOG.isDebugEnabled()) { LOG.debug("<== RangerPolicyEngineImpl.isAccessAllowed(" + request + "): " + ret); } @@ -140,6 +146,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { } + /* public void init(String svcName) throws Exception { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerPolicyEngineImpl.init(" + svcName + ")"); @@ -183,6 +190,55 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { LOG.debug("<== RangerPolicyEngineImpl.init(" + svcName + ")"); } } + */ + + public String getResourceName(RangerResource resource) { + String ret = null; + + if(resource != null && serviceDef != null && serviceDef.getResources() != null) { + List<RangerResourceDef> resourceDefs = serviceDef.getResources(); + + for(int idx = resourceDefs.size() - 1; idx >= 0; idx--) { + RangerResourceDef resourceDef = resourceDefs.get(idx); + + if(resourceDef == null || !resource.exists(resourceDef.getName())) { + continue; + } + + ret = resourceDef.getName(); + + break; + } + } + + return ret; + } + + public String getResourceValueAsString(RangerResource resource) { + String ret = null; + + if(resource != null && serviceDef != null && serviceDef.getResources() != null) { + StringBuilder sb = new StringBuilder(); + + for(RangerResourceDef resourceDef : serviceDef.getResources()) { + if(resourceDef == null || !resource.exists(resourceDef.getName())) { + continue; + } + + if(sb.length() > 0) { + sb.append(RESOURCE_SEP); + } + + sb.append(resource.getValue(resourceDef.getName())); + } + + if(sb.length() > 0) { + ret = sb.toString(); + } + } + + return ret; + } private RangerPolicyEvaluator getPolicyEvaluator(RangerPolicy policy, RangerServiceDef serviceDef) { if(LOG.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7771e7ef/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java index 366837d..f79aba8 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java @@ -19,15 +19,11 @@ package org.apache.ranger.plugin.policyengine; -import org.apache.ranger.plugin.model.RangerServiceDef; - public interface RangerResource { public abstract String getOwnerUser(); - public abstract boolean elementExists(String type); - - public abstract String getElementValue(String type); + public abstract boolean exists(String name); - public abstract String getValueAsString(RangerServiceDef serviceDef); + public abstract String getValue(String name); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7771e7ef/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java index 684afb8..529ac5f 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java @@ -22,14 +22,8 @@ package org.apache.ranger.plugin.policyengine; import java.util.HashMap; import java.util.Map; -import org.apache.commons.lang.StringUtils; -import org.apache.ranger.plugin.model.RangerServiceDef; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; - public class RangerResourceImpl implements RangerMutableResource { - private static final String RESOURCE_SEP = "/"; - private String ownerUser = null; private Map<String, String> elements = null; @@ -43,49 +37,16 @@ public class RangerResourceImpl implements RangerMutableResource { } @Override - public boolean elementExists(String type) { - return elements != null && elements.containsKey(type); - } - - @Override - public String getElementValue(String type) { - String ret = null; - - if(elements != null && elements.containsKey(type)) { - ret = elements.get(type); - } - - return ret; + public boolean exists(String name) { + return elements != null && elements.containsKey(name); } @Override - public String getValueAsString(RangerServiceDef serviceDef) { + public String getValue(String name) { String ret = null; - if(elements != null && serviceDef != null && serviceDef.getResources() != null) { - StringBuilder sb = new StringBuilder(); - - for(RangerResourceDef resourceDef : serviceDef.getResources()) { - if(resourceDef == null) { - continue; - } - - String value = getElementValue(resourceDef.getName()); - - if(StringUtils.isEmpty(value)) { - continue; - } - - if(sb.length() > 0) { - sb.append(RESOURCE_SEP); - } - - sb.append(value); - } - - if(sb.length() > 0) { - ret = sb.toString(); - } + if(elements != null && elements.containsKey(name)) { + ret = elements.get(name); } return ret; @@ -97,12 +58,12 @@ public class RangerResourceImpl implements RangerMutableResource { } @Override - public void setElement(String type, String value) { + public void setValue(String name, String value) { if(elements == null) { elements = new HashMap<String, String>(); } - elements.put(type, value); + elements.put(name, value); } @Override http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7771e7ef/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java index de8bdd1..99c45d3 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java @@ -59,16 +59,16 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator if(policy != null && policy.getResources() != null) { for(Map.Entry<String, RangerPolicyResource> e : policy.getResources().entrySet()) { - String resourceType = e.getKey(); + String resourceName = e.getKey(); RangerPolicyResource policyResource = e.getValue(); - RangerResourceDef resourceDef = getResourceDef(resourceType); + RangerResourceDef resourceDef = getResourceDef(resourceName); RangerResourceMatcher matcher = createResourceMatcher(resourceDef, policyResource); if(matcher != null) { matchers.add(new ResourceDefMatcher(resourceDef, matcher)); } else { - // TODO: ERROR: no matcher found for resourceType + // TODO: ERROR: no matcher found for resourceName } } } @@ -143,8 +143,8 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator ret = true; for(ResourceDefMatcher matcher : matchers) { - String resourceType = matcher.getResourceType(); - String resourceValue = resource.getElementValue(resourceType); + String resourceName = matcher.getResourceName(); + String resourceValue = resource.getValue(resourceName); if(resourceValue != null) { ret = matcher.isMatch(resourceValue); @@ -229,18 +229,18 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator return ret; } - protected RangerResourceDef getResourceDef(String resourceType) { + protected RangerResourceDef getResourceDef(String resourceName) { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerDefaultPolicyEvaluator.getResourceDef(" + resourceType + ")"); + LOG.debug("==> RangerDefaultPolicyEvaluator.getResourceDef(" + resourceName + ")"); } RangerResourceDef ret = null; RangerServiceDef serviceDef = getServiceDef(); - if(serviceDef != null && resourceType != null) { + if(serviceDef != null && resourceName != null) { for(RangerResourceDef resourceDef : serviceDef.getResources()) { - if(StringUtils.equalsIgnoreCase(resourceType, resourceDef.getName())) { + if(StringUtils.equalsIgnoreCase(resourceName, resourceDef.getName())) { ret = resourceDef; break; @@ -249,7 +249,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerDefaultPolicyEvaluator.getResourceDef(" + resourceType + "): " + ret); + LOG.debug("<== RangerDefaultPolicyEvaluator.getResourceDef(" + resourceName + "): " + ret); } return ret; @@ -325,7 +325,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator this.resourceMatcher = resourceMatcher; } - String getResourceType() { + String getResourceName() { return resourceDef.getName(); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7771e7ef/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json index 3faaf3a..070ba2a 100644 --- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json @@ -33,9 +33,9 @@ ], "resources": [ - {"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"}, - {"name":"column-family","level":2,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-family","description":"HBase Column-family"}, - {"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":false,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"} + {"name":"table","type":"string","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"}, + {"name":"column-family","type":"string","level":2,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-family","description":"HBase Column-family"}, + {"name":"column","type":"string","level":3,"parent":"column-family","mandatory":true,"lookupSupported":false,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"} ], "accessTypes": [ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7771e7ef/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json index ee461d2..8387268 100644 --- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json @@ -45,7 +45,7 @@ ], "resources": [ - {"name":"path","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Resource Path","description":"HDFS file or directory path"} + {"name":"path","type":"string","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Resource Path","description":"HDFS file or directory path"} ], "accessTypes": [ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7771e7ef/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json index 6029d2c..1831810 100644 --- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json @@ -21,10 +21,10 @@ ], "resources": [ - {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"}, - {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"}, - {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"}, - {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"} + {"name":"database","type":"string","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"}, + {"name":"table","type":"string","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"}, + {"name":"udf","type":"string","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"}, + {"name":"column","type":"string","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"} ], "accessTypes": [ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7771e7ef/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json index 2116d92..7ce09ff 100644 --- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json @@ -20,8 +20,8 @@ ], "resources": [ - {"name":"topology","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Topology","description":"Knox Topology"}, - {"name":"service","level":2,"parent":"topology","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Service","description":"Knox Service"} + {"name":"topology","type":"string","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Topology","description":"Knox Topology"}, + {"name":"service","type":"string","level":2,"parent":"topology","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Service","description":"Knox Service"} ], "accessTypes": [ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7771e7ef/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json index a753002..6a7d8bb 100644 --- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json @@ -20,7 +20,7 @@ ], "resources": [ - {"name":"topology","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Storm Topology","description":"Storm Topology"} + {"name":"topology","type":"string","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Storm Topology","description":"Storm Topology"} ], "accessTypes": [ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7771e7ef/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java index b7d156a..5d495a0 100644 --- a/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java +++ b/plugin-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java @@ -24,8 +24,8 @@ import com.google.gson.JsonParseException; public class TestPolicyEngine { - static RangerPolicyEngine policyEngine = null; - static Gson gsonBuilder = null; + static RangerPolicyEngineImpl policyEngine = null; + static Gson gsonBuilder = null; @BeforeClass @@ -58,7 +58,7 @@ public class TestPolicyEngine { assertTrue("invalid input: " + testName, testCase != null && testCase.serviceDef != null && testCase.policies != null && testCase.tests != null); policyEngine.setPolicies(testCase.serviceDef, testCase.policies); - + for(TestData test : testCase.tests) { RangerAccessResult expected = test.result; RangerAccessResult result = policyEngine.isAccessAllowed(test.request);
