Repository: incubator-ranger Updated Branches: refs/heads/stack d7bf8e09d -> 4130d7a5c
RANGER-203: Added RangerPolicyConditionDef.evaluatorOptions. Renamed internal permission name "any" to "_any". Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/4130d7a5 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/4130d7a5 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/4130d7a5 Branch: refs/heads/stack Commit: 4130d7a5c4418376ab2942f95b6de43ef9976d2f Parents: d7bf8e0 Author: Madhan Neethiraj <[email protected]> Authored: Tue Jan 27 10:47:16 2015 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Tue Jan 27 10:47:16 2015 -0800 ---------------------------------------------------------------------- .../ranger/plugin/model/RangerPolicy.java | 2 +- .../ranger/plugin/model/RangerServiceDef.java | 51 +++++++++++++------- .../plugin/policyengine/RangerPolicyEngine.java | 3 +- .../service-defs/ranger-servicedef-knox.json | 2 +- .../policyengine/test_policyengine_hive.json | 14 +++--- 5 files changed, 45 insertions(+), 27 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4130d7a5/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java index 15f6be8..1a674f2 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java @@ -657,7 +657,7 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria public static class RangerPolicyItemCondition implements java.io.Serializable { private static final long serialVersionUID = 1L; - private String type = null; + private String type = null; private String value = null; public RangerPolicyItemCondition() { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4130d7a5/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java index eb40a56..64c2ea9 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java @@ -1163,7 +1163,8 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S private static final long serialVersionUID = 1L; private String name = null; - private String evalClass = null; + private String evaluator = null; + private String evaluatorOptions = null; private String label = null; private String description = null; private String rbKeyLabel = null; @@ -1171,24 +1172,25 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S public RangerPolicyConditionDef() { - this(null, null, null, null, null, null); + this(null, null, null, null, null, null, null); } - public RangerPolicyConditionDef(String name, String evalClass) { - this(name, evalClass, null, null, null, null); + public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions) { + this(name, evaluator, evaluatorOptions, null, null, null, null); } - public RangerPolicyConditionDef(String name, String evalClass, String label) { - this(name, evalClass, label, null, null, null); + public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String label) { + this(name, evaluator, evaluatorOptions, label, null, null, null); } - public RangerPolicyConditionDef(String name, String evalClass, String label, String description) { - this(name, evalClass, label, description, null, null); + public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String label, String description) { + this(name, evaluator, evaluatorOptions, label, description, null, null); } - public RangerPolicyConditionDef(String name, String evalClass, String label, String description, String rbKeyLabel, String rbKeyDescription) { + public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String label, String description, String rbKeyLabel, String rbKeyDescription) { setName(name); - setEvalClass(evalClass); + setEvaluator(evaluator); + setEvaluatorOptions(evaluatorOptions); setLabel(label); setDescription(description); setRbKeyLabel(rbKeyLabel); @@ -1210,17 +1212,31 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S } /** - * @return the evalClass + * @return the evaluator */ - public String getEvalClass() { - return evalClass; + public String getEvaluator() { + return evaluator; } /** - * @param evalClass the evalClass to set + * @param evaluator the evaluator to set */ - public void setEvalClass(String evalClass) { - this.evalClass = evalClass; + public void setEvaluator(String evaluator) { + this.evaluator = evaluator; + } + + /** + * @return the evaluator + */ + public String getEvaluatorOptions() { + return evaluatorOptions; + } + + /** + * @param evaluator the evaluator to set + */ + public void setEvaluatorOptions(String evaluatorOptions) { + this.evaluatorOptions = evaluatorOptions; } /** @@ -1291,7 +1307,8 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S public StringBuilder toString(StringBuilder sb) { sb.append("RangerPolicyConditionDef={"); sb.append("name={").append(name).append("} "); - sb.append("evalClass={").append(evalClass).append("} "); + sb.append("evaluator={").append(evaluator).append("} "); + sb.append("evaluatorOptions={").append(evaluatorOptions).append("} "); sb.append("label={").append(label).append("} "); sb.append("description={").append(description).append("} "); sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4130d7a5/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java index 3c340ae..a66bc23 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java @@ -28,7 +28,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef; public interface RangerPolicyEngine { public static final String GROUP_PUBLIC = "public"; - public static final String ANY_ACCESS = "any"; + public static final String ANY_ACCESS = "_any"; + public static final String ADMIN_ACCESS = "_admin"; public static final long UNKNOWN_POLICY = -1; String getServiceName(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4130d7a5/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json index 7ce09ff..3368bee 100644 --- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json @@ -29,6 +29,6 @@ ], "policyConditions": [ - {"name":"ip-range","evalClass":"org.apache.ranger.knox.IpRangeCondition","label":"IP Address Range","description":"IP Address Range"} + {"name":"ip-range","evaluator":"org.apache.ranger.knox.IpRangeCondition","evaluatorOptions":"","label":"IP Address Range","description":"IP Address Range"} ] } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4130d7a5/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json b/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json index 6c277d1..3fa7cf4 100644 --- a/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json +++ b/plugin-common/src/test/resources/policyengine/test_policyengine_hive.json @@ -46,7 +46,7 @@ "resource":{"elements":{"database":"default"}}, "accessTypes":[],"user":"user1","userGroups":["users"],"requestData":"use default" }, - "result":{"isAudited":true,"accessTypeResults":{"any":{"isAllowed":true,"policyId":2}}} + "result":{"isAudited":true,"accessTypeResults":{"_any":{"isAllowed":true,"policyId":2}}} } , {"name":"ALLOW 'use default;' for user2", @@ -54,7 +54,7 @@ "resource":{"elements":{"database":"default"}}, "accessTypes":[],"user":"user2","userGroups":["users"],"requestData":"use default" }, - "result":{"isAudited":true,"accessTypeResults":{"any":{"isAllowed":true,"policyId":2}}} + "result":{"isAudited":true,"accessTypeResults":{"_any":{"isAllowed":true,"policyId":2}}} } , {"name":"DENY 'use default;' to user3", @@ -62,7 +62,7 @@ "resource":{"elements":{"database":"default"}}, "accessTypes":[],"user":"user3","userGroups":["users"],"requestData":"use default" }, - "result":{"isAudited":true,"accessTypeResults":{"any":{"isAllowed":false,"policyId":-1}}} + "result":{"isAudited":true,"accessTypeResults":{"_any":{"isAllowed":false,"policyId":-1}}} } , {"name":"ALLOW 'use default;' to group1", @@ -70,7 +70,7 @@ "resource":{"elements":{"database":"default"}}, "accessTypes":[],"user":"user3","userGroups":["users", "group1"],"requestData":"use default" }, - "result":{"isAudited":true,"accessTypeResults":{"any":{"isAllowed":true,"policyId":2}}} + "result":{"isAudited":true,"accessTypeResults":{"_any":{"isAllowed":true,"policyId":2}}} } , {"name":"ALLOW 'use default;' to group2", @@ -78,7 +78,7 @@ "resource":{"elements":{"database":"default"}}, "accessTypes":[],"user":"user3","userGroups":["users", "group2"],"requestData":"use default" }, - "result":{"isAudited":true,"accessTypeResults":{"any":{"isAllowed":true,"policyId":2}}} + "result":{"isAudited":true,"accessTypeResults":{"_any":{"isAllowed":true,"policyId":2}}} } , {"name":"DENY 'use default;' to user3/group3", @@ -86,7 +86,7 @@ "resource":{"elements":{"database":"default"}}, "accessTypes":[],"user":"user3","userGroups":["users", "group3"],"requestData":"use default" }, - "result":{"isAudited":true,"accessTypeResults":{"any":{"isAllowed":false,"policyId":-1}}} + "result":{"isAudited":true,"accessTypeResults":{"_any":{"isAllowed":false,"policyId":-1}}} } , {"name":"DENY 'use finance;' to user3/group3", @@ -94,7 +94,7 @@ "resource":{"elements":{"database":"finance"}}, "accessTypes":[],"user":"user1","userGroups":["users"],"requestData":"use finance" }, - "result":{"isAudited":false,"accessTypeResults":{"any":{"isAllowed":false,"policyId":-1}}} + "result":{"isAudited":false,"accessTypeResults":{"_any":{"isAllowed":false,"policyId":-1}}} } , {"name":"ALLOW 'select col1 from default.testtable;' to user1",
