Repository: incubator-ranger Updated Branches: refs/heads/stack 0d7f8dea8 -> 1e590f35d
RANGER-203: PolicyEngine interface updated with additional methods - to set/get defaultAuditHandler, isAccessAllowed methods without auditHandler parameter, createAccessResult method. Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/1e590f35 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/1e590f35 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/1e590f35 Branch: refs/heads/stack Commit: 1e590f35d1761804f077da03dab0cd1d8eacde5d Parents: 0d7f8de Author: Madhan Neethiraj <[email protected]> Authored: Tue Jan 20 13:44:15 2015 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Tue Jan 20 13:44:15 2015 -0800 ---------------------------------------------------------------------- .../plugin/policyengine/RangerPolicyEngine.java | 10 +++ .../policyengine/RangerPolicyEngineImpl.java | 94 +++++++++----------- 2 files changed, 53 insertions(+), 51 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1e590f35/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java index c0d30c1..435ffaa 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java @@ -32,6 +32,16 @@ public interface RangerPolicyEngine { void setPolicies(String serviceName, RangerServiceDef serviceDef, List<RangerPolicy> policies); + void setDefaultAuditHandler(RangerAuditHandler auditHandler); + + RangerAuditHandler getDefaultAuditHandler(); + + RangerAccessResult createAccessResult(); + + RangerAccessResult isAccessAllowed(RangerAccessRequest request); + + List<RangerAccessResult> isAccessAllowed(List<RangerAccessRequest> requests); + RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler); List<RangerAccessResult> isAccessAllowed(List<RangerAccessRequest> requests, RangerAuditHandler auditHandler); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1e590f35/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java index 351d8bd..abac54f 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java @@ -35,9 +35,10 @@ import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator; public class RangerPolicyEngineImpl implements RangerPolicyEngine { private static final Log LOG = LogFactory.getLog(RangerPolicyEngineImpl.class); - private String serviceName = null; - private RangerServiceDef serviceDef = null; - private List<RangerPolicyEvaluator> policyEvaluators = null; + private String serviceName = null; + private RangerServiceDef serviceDef = null; + private List<RangerPolicyEvaluator> policyEvaluators = null; + private RangerAuditHandler defaultAuditHandler = null; public RangerPolicyEngineImpl() { @@ -71,6 +72,16 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { } } + /* TODO: + * sort evaluators list for faster completion of isAccessAllowed() method + * 1. Global policies: the policies that cover for any resource (for example: database=*; table=*; column=*) + * 2. Policies that cover all resources under level-1 (for example: every thing in one or more databases) + * 3. Policies that cover all resources under level-2 (for example: every thing in one or more tables) + * ... + * 4. Policies that cover all resources under level-n (for example: one or more columns) + * + */ + this.serviceName = serviceName; this.serviceDef = serviceDef; this.policyEvaluators = evaluators; @@ -84,6 +95,31 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { } @Override + public void setDefaultAuditHandler(RangerAuditHandler auditHandler) { + this.defaultAuditHandler = auditHandler; + } + + @Override + public RangerAuditHandler getDefaultAuditHandler() { + return defaultAuditHandler; + } + + @Override + public RangerAccessResult createAccessResult() { + return new RangerAccessResult(serviceName, serviceDef); + } + + @Override + public RangerAccessResult isAccessAllowed(RangerAccessRequest request) { + return isAccessAllowed(request, defaultAuditHandler); + } + + @Override + public List<RangerAccessResult> isAccessAllowed(List<RangerAccessRequest> requests) { + return isAccessAllowed(requests, defaultAuditHandler); + } + + @Override public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler) { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowed(" + request + ")"); @@ -134,7 +170,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowedNoAudit(" + request + ")"); } - RangerAccessResult ret = new RangerAccessResult(serviceName, serviceDef); + RangerAccessResult ret = createAccessResult(); if(request != null) { if(CollectionUtils.isEmpty(request.getAccessTypes())) { @@ -195,6 +231,9 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { public StringBuilder toString(StringBuilder sb) { sb.append("RangerPolicyEngineImpl={"); + sb.append("serviceName={").append(serviceName).append("} "); + sb.append("serviceDef={").append(serviceDef).append("} "); + sb.append("policyEvaluators={"); if(policyEvaluators != null) { for(RangerPolicyEvaluator policyEvaluator : policyEvaluators) { @@ -209,51 +248,4 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { return sb; } - - - /* - public void init(String svcName) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerPolicyEngineImpl.init(" + svcName + ")"); - } - - ServiceManager svcMgr = new ServiceManager(); - ServiceDefManager sdMgr = new ServiceDefManager(); - - RangerServiceDef serviceDef = null; - List<RangerPolicy> policies = null; - - RangerService service = svcMgr.getByName(svcName); - - if(service == null) { - String msg = svcName + ": service not found"; - - LOG.error(msg); - - throw new Exception(msg); - } else { - serviceDef = sdMgr.getByName(service.getType()); - - if(serviceDef == null) { - String msg = service.getType() + ": service-def not found"; - - LOG.error(msg); - - throw new Exception(msg); - } - - policies = svcMgr.getPolicies(service.getId()); - - if(LOG.isDebugEnabled()) { - LOG.debug("RangerPolicyEngineImpl.init(): found " + (policyEvaluators == null ? 0 : policyEvaluators.size()) + " policies in service '" + svcName + "'"); - } - } - - setPolicies(serviceDef, policies); - - if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerPolicyEngineImpl.init(" + svcName + ")"); - } - } - */ }
