Repository: incubator-ranger Updated Branches: refs/heads/stack 7c4ff133b -> 8d0378c56
RANGER-203: log level changes and misc fixes in pluggable service model Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/8d0378c5 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/8d0378c5 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/8d0378c5 Branch: refs/heads/stack Commit: 8d0378c567aac7701d388c6be96c6e5794bb9a52 Parents: 7c4ff13 Author: Madhan Neethiraj <[email protected]> Authored: Mon Jan 26 01:03:19 2015 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Mon Jan 26 01:03:19 2015 -0800 ---------------------------------------------------------------------- .../hdfs/server/namenode/RangerFSPermissionChecker.java | 12 ++---------- .../plugin/policyengine/RangerAccessRequestImpl.java | 10 ++++++++++ .../ranger/plugin/policyengine/RangerPolicyEngine.java | 4 ++++ .../plugin/policyengine/RangerPolicyEngineImpl.java | 12 +++++++++++- .../resourcematcher/RangerAbstractResourceMatcher.java | 11 +++++++---- .../org/apache/ranger/plugin/util/PolicyRefresher.java | 4 +++- 6 files changed, 37 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8d0378c5/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java ---------------------------------------------------------------------- diff --git a/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java b/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java index a4339af..fcf710c 100644 --- a/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java +++ b/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java @@ -270,16 +270,8 @@ class RangerHdfsAuditHandler extends RangerDefaultAuditHandler { @Override public void logAudit(RangerAccessResult result) { - if(! isAuditEnabled) { - for(Map.Entry<String, RangerAccessResult.ResultDetail> e : result.getAccessTypeResults().entrySet()) { - RangerAccessResult.ResultDetail resDetail = e.getValue(); - - if(resDetail.isAudited()) { - isAuditEnabled = true; - - break; - } - } + if(! isAuditEnabled && result.getIsAudited()) { + isAuditEnabled = true; } RangerAccessRequest request = result.getAccessRequest(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8d0378c5/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java index 649bb7b..083f861 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java @@ -25,6 +25,8 @@ import java.util.HashSet; import java.util.Map; import java.util.Set; +import org.apache.commons.lang.StringUtils; + public class RangerAccessRequestImpl implements RangerAccessRequest { private RangerResource resource = null; @@ -120,6 +122,14 @@ public class RangerAccessRequestImpl implements RangerAccessRequest { this.resource = resource; } + public void setAccessType(String accessType) { + this.accessTypes = new HashSet<String>(); + + if(! StringUtils.isEmpty(accessType)) { + this.accessTypes.add(accessType); + } + } + public void setAccessTypes(Set<String> accessTypes) { this.accessTypes = (accessTypes == null) ? new HashSet<String>() : accessTypes; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8d0378c5/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java index bd58e48..3c340ae 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java @@ -31,6 +31,10 @@ public interface RangerPolicyEngine { public static final String ANY_ACCESS = "any"; public static final long UNKNOWN_POLICY = -1; + String getServiceName(); + + RangerServiceDef getServiceDef(); + void setPolicies(String serviceName, RangerServiceDef serviceDef, List<RangerPolicy> policies); void setDefaultAuditHandler(RangerAuditHandler auditHandler); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8d0378c5/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java index 3bb98ca..e18c63e 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java @@ -53,9 +53,19 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { } @Override + public String getServiceName() { + return serviceName; + } + + @Override + public RangerServiceDef getServiceDef() { + return serviceDef; + } + + @Override public void setPolicies(String serviceName, RangerServiceDef serviceDef, List<RangerPolicy> policies) { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerPolicyEngineImpl.setPolicies(" + serviceName + ", " + serviceDef + ", " + policies + ")"); + LOG.debug("==> RangerPolicyEngineImpl.setPolicies(" + serviceName + ", " + serviceDef + ", policies.count=" + (policies == null ? 0 : policies.size()) + ")"); } if(serviceName != null && serviceDef != null && policies != null) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8d0378c5/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java b/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java index e194e54..9fb248a 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java @@ -92,7 +92,7 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat if(policyResource != null && policyResource.getValues() != null) { for(String policyValue : policyResource.getValues()) { - if(policyValue == null) { + if(StringUtils.isEmpty(policyValue)) { continue; } @@ -150,7 +150,7 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat public String getOption(String name, String defaultValue) { String ret = getOption(name); - if(ret == null) { + if(StringUtils.isEmpty(ret)) { ret = defaultValue; } @@ -160,7 +160,7 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat public boolean getBooleanOption(String name) { String val = getOption(name); - boolean ret = (val == null) ? false : Boolean.parseBoolean(val); + boolean ret = StringUtils.isEmpty(val) ? false : Boolean.parseBoolean(val); return ret; } @@ -168,7 +168,7 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat public boolean getBooleanOption(String name, boolean defaultValue) { String strVal = getOption(name); - boolean ret = (strVal == null) ? defaultValue : Boolean.parseBoolean(strVal); + boolean ret = StringUtils.isEmpty(strVal) ? defaultValue : Boolean.parseBoolean(strVal); return ret; } @@ -207,6 +207,9 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat sb.append("optionsString={").append(optionsString).append("} "); sb.append("optIgnoreCase={").append(optIgnoreCase).append("} "); sb.append("optWildCard={").append(optWildCard).append("} "); + sb.append("policyValues={").append(StringUtils.join(policyValues, ",")).append("} "); + sb.append("policyIsExcludes={").append(policyIsExcludes).append("} "); + sb.append("isMatchAny={").append(isMatchAny).append("} "); sb.append("options={"); if(options != null) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8d0378c5/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java b/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java index 575798f..1ff87ce 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java @@ -108,7 +108,9 @@ public class PolicyRefresher extends Thread { boolean isUpdated = newVersion != 0 && lastKnownVersion != newVersion; if(isUpdated) { - LOG.info("PolicyRefresher(serviceName=" + serviceName + ").run(): found updated version. lastKnownVersion=" + lastKnownVersion + "; newVersion=" + newVersion); + if(LOG.isDebugEnabled()) { + LOG.debug("PolicyRefresher(serviceName=" + serviceName + ").run(): found updated version. lastKnownVersion=" + lastKnownVersion + "; newVersion=" + newVersion); + } policyEngine.setPolicies(serviceName, svcPolicies.getServiceDef(), svcPolicies.getPolicies());
