RANGER-203: deleted agent-impl project as it is no more used. Renamed HBaseSecurityAgent to "HBase Security Plugin" - to be consistent with other plugins.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/fb1a99a9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/fb1a99a9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/fb1a99a9 Branch: refs/heads/stack Commit: fb1a99a965294d8b0485c011221cbb1bc8d4d030 Parents: 091677b Author: Madhan Neethiraj <[email protected]> Authored: Thu Feb 12 11:13:18 2015 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Thu Feb 12 11:13:18 2015 -0800 ---------------------------------------------------------------------- agents-impl/.gitignore | 3 - .../.settings/org.eclipse.core.resources.prefs | 3 - .../.settings/org.eclipse.jdt.core.prefs | 5 - .../.settings/org.eclipse.m2e.core.prefs | 4 - agents-impl/pom.xml | 157 ------ .../apache/ranger/pdp/config/ConfigWatcher.java | 543 ------------------ .../ranger/pdp/config/Jersey2ConfigWatcher.java | 565 ------------------- .../pdp/config/Jersey2PolicyRefresher.java | 207 ------- .../ranger/pdp/config/PolicyChangeListener.java | 26 - .../ranger/pdp/config/PolicyRefresher.java | 233 -------- .../pdp/config/gson/ExcludeSerialization.java | 32 -- .../config/gson/PolicyExclusionStrategy.java | 37 -- .../ranger/pdp/constants/RangerConstants.java | 89 --- .../org/apache/ranger/pdp/model/Policy.java | 326 ----------- .../ranger/pdp/model/PolicyContainer.java | 55 -- .../apache/ranger/pdp/model/ResourcePath.java | 43 -- .../apache/ranger/pdp/model/RolePermission.java | 71 --- hbase-agent/pom.xml | 4 +- hive-agent/pom.xml | 4 +- pom.xml | 1 - 20 files changed, 4 insertions(+), 2404 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/.gitignore ---------------------------------------------------------------------- diff --git a/agents-impl/.gitignore b/agents-impl/.gitignore deleted file mode 100644 index 20e1ada..0000000 --- a/agents-impl/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -/target/ -/bin/ -/target http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/.settings/org.eclipse.core.resources.prefs ---------------------------------------------------------------------- diff --git a/agents-impl/.settings/org.eclipse.core.resources.prefs b/agents-impl/.settings/org.eclipse.core.resources.prefs deleted file mode 100644 index e9441bb..0000000 --- a/agents-impl/.settings/org.eclipse.core.resources.prefs +++ /dev/null @@ -1,3 +0,0 @@ -eclipse.preferences.version=1 -encoding//src/main/java=UTF-8 -encoding/<project>=UTF-8 http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/.settings/org.eclipse.jdt.core.prefs ---------------------------------------------------------------------- diff --git a/agents-impl/.settings/org.eclipse.jdt.core.prefs b/agents-impl/.settings/org.eclipse.jdt.core.prefs deleted file mode 100644 index ec4300d..0000000 --- a/agents-impl/.settings/org.eclipse.jdt.core.prefs +++ /dev/null @@ -1,5 +0,0 @@ -eclipse.preferences.version=1 -org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7 -org.eclipse.jdt.core.compiler.compliance=1.7 -org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning -org.eclipse.jdt.core.compiler.source=1.7 http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/.settings/org.eclipse.m2e.core.prefs ---------------------------------------------------------------------- diff --git a/agents-impl/.settings/org.eclipse.m2e.core.prefs b/agents-impl/.settings/org.eclipse.m2e.core.prefs deleted file mode 100644 index f897a7f..0000000 --- a/agents-impl/.settings/org.eclipse.m2e.core.prefs +++ /dev/null @@ -1,4 +0,0 @@ -activeProfiles= -eclipse.preferences.version=1 -resolveWorkspaceProjects=true -version=1 http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/pom.xml ---------------------------------------------------------------------- diff --git a/agents-impl/pom.xml b/agents-impl/pom.xml deleted file mode 100644 index f8580d7..0000000 --- a/agents-impl/pom.xml +++ /dev/null @@ -1,157 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> - <modelVersion>4.0.0</modelVersion> - <groupId>security_plugins.ranger-plugins-impl</groupId> - <artifactId>ranger-plugins-impl</artifactId> - <name>Agent Implementation Libary</name> - <description>Security Plugins Implementation</description> - <packaging>jar</packaging> - <parent> - <groupId>org.apache.ranger</groupId> - <artifactId>ranger</artifactId> - <version>0.4.0</version> - <relativePath>..</relativePath> - </parent> - <dependencies> - - <dependency> - <groupId>org.apache.calcite</groupId> - <artifactId>calcite-core</artifactId> - <version>${calcite.version}</version> - </dependency> - <dependency> - <groupId>org.apache.calcite</groupId> - <artifactId>calcite-avatica</artifactId> - <version>${calcite.version}</version> - </dependency> - <dependency> - <groupId>org.apache.tez</groupId> - <artifactId>tez-api</artifactId> - <version>${tez.version}</version> - <optional>true</optional> - </dependency> - <dependency> - <groupId>org.apache.tez</groupId> - <artifactId>tez-runtime-library</artifactId> - <version>${tez.version}</version> - <optional>true</optional> - </dependency> - <dependency> - <groupId>org.apache.tez</groupId> - <artifactId>tez-runtime-internals</artifactId> - <version>${tez.version}</version> - <optional>true</optional> - </dependency> - <dependency> - <groupId>org.apache.tez</groupId> - <artifactId>tez-mapreduce</artifactId> - <version>${tez.version}</version> - <optional>true</optional> - </dependency> - - - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - </dependency> - <dependency> - <groupId>org.mockito</groupId> - <artifactId>mockito-core</artifactId> - </dependency> - <dependency> - <groupId>org.hamcrest</groupId> - <artifactId>hamcrest-integration</artifactId> - </dependency> - <dependency> - <groupId>org.glassfish.jersey.core</groupId> - <artifactId>jersey-client</artifactId> - <version>2.6</version> - </dependency> - <dependency> - <groupId>commons-logging</groupId> - <artifactId>commons-logging</artifactId> - <version>${commons.logging.version}</version> - </dependency> - <dependency> - <groupId>org.apache.hadoop</groupId> - <artifactId>hadoop-hdfs</artifactId> - <version>${hadoop.version}</version> - </dependency> - <dependency> - <groupId>org.apache.hbase</groupId> - <artifactId>hbase-server</artifactId> - <version>${hbase.version}</version> - </dependency> - <dependency> - <groupId>org.apache.hive</groupId> - <artifactId>hive-common</artifactId> - <version>${hive.version}</version> - </dependency> - <dependency> - <groupId>org.apache.hive</groupId> - <artifactId>hive-service</artifactId> - <version>${hive.version}</version> - </dependency> - <dependency> - <groupId>org.apache.hive</groupId> - <artifactId>hive-exec</artifactId> - <version>${hive.version}</version> - </dependency> - <dependency> - <groupId>org.apache.hive</groupId> - <artifactId>hive-metastore</artifactId> - <version>${hive.version}</version> - </dependency> - <dependency> - <groupId>security_plugins.ranger-plugins-audit</groupId> - <artifactId>ranger-plugins-audit</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> - <groupId>security_plugins.ranger-plugins-common</groupId> - <artifactId>ranger-plugins-common</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> - <groupId>security_plugins.ranger-hdfs-plugin</groupId> - <artifactId>ranger-hdfs-plugin</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> - <groupId>security_plugins.ranger-hive-plugin</groupId> - <artifactId>ranger-hive-plugin</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> - <groupId>security_plugins.ranger-hbase-plugin</groupId> - <artifactId>ranger-hbase-plugin</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> - <groupId>security_plugins.ranger-knox-plugin</groupId> - <artifactId>ranger-knox-plugin</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> - <groupId>security_plugins.ranger-storm-plugin</groupId> - <artifactId>ranger-storm-plugin</artifactId> - <version>${project.version}</version> - </dependency> - </dependencies> -</project> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/src/main/java/org/apache/ranger/pdp/config/ConfigWatcher.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/config/ConfigWatcher.java b/agents-impl/src/main/java/org/apache/ranger/pdp/config/ConfigWatcher.java deleted file mode 100644 index 63b6733..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/config/ConfigWatcher.java +++ /dev/null @@ -1,543 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ranger.pdp.config; - -import java.io.BufferedReader; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.FileReader; -import java.io.IOException; -import java.io.InputStream; -import java.net.InetAddress; -import java.net.UnknownHostException; -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.conf.Configuration; -import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; -import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider; -import org.apache.ranger.pdp.config.gson.PolicyExclusionStrategy; -import org.apache.ranger.pdp.constants.RangerConstants; -import org.apache.ranger.pdp.model.PolicyContainer; - -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.sun.jersey.api.client.Client; -import com.sun.jersey.api.client.ClientResponse; -import com.sun.jersey.api.client.WebResource; -import com.sun.jersey.api.client.config.ClientConfig; -import com.sun.jersey.api.client.config.DefaultClientConfig; -import com.sun.jersey.client.urlconnection.HTTPSProperties; - -public abstract class ConfigWatcher extends Thread { - - private static final Log LOG = LogFactory.getLog(ConfigWatcher.class); - - public static final String EXPECTED_MIME_TYPE = "application/json" ; - - // public static final String EXPECTED_MIME_TYPE = "application/octet-stream"; - - private static final String LASTUPDATED_PARAM = "epoch"; - private static final String POLICY_COUNT_PARAM = "policyCount"; - private static final String AGENT_NAME_PARAM = "agentId" ; - - private static final int MAX_AGENT_NAME_LEN = 255 ; - - - private String url; - - private long intervalInMilliSeconds; - - private long lastModifiedTime = 0; - - private boolean shutdownFlag = false; - - private String lastStoredFileName = null; - - protected PolicyContainer policyContainer = null; - - private static PolicyExclusionStrategy policyExclusionStrategy = new PolicyExclusionStrategy(); - - private static RangerCredentialProvider rangerCp = null; - - - public abstract void doOnChange(); - - private String keyStoreFile = null ; - private String keyStoreFilepwd = null; - private String keyStoreURL = null; - private String keyStoreAlias = null; - private String trustStoreFile = null ; - private String trustStoreFilepwd = null ; - private String trustStoreURL = null; - private String trustStoreAlias = null; - private String keyStoreType = null ; - private String trustStoreType = null ; - private SSLContext sslContext = null ; - private HostnameVerifier hv = null ; - private String agentName = "unknown" ; - - private String sslConfigFileName = null ; - - public boolean policyCacheLoadedOnce = false; - - public boolean cacheModfied = false; - - public ConfigWatcher(String url, long aIntervalInMilliSeconds,String sslConfigFileName,String lastStoredFileName) { - super("RangerConfigURLWatcher"); - setDaemon(true); - this.url = url; - intervalInMilliSeconds = aIntervalInMilliSeconds; - this.sslConfigFileName = sslConfigFileName ; - this.agentName = getAgentName(this.url) ; - this.lastStoredFileName = lastStoredFileName; - if (LOG.isInfoEnabled()) { - LOG.info("Creating PolicyRefreshser with url: " + url + - ", refreshInterval(milliSeconds): " + aIntervalInMilliSeconds + - ", sslConfigFileName: " + sslConfigFileName + - ", lastStoredFileName: " + lastStoredFileName); - } - init(); - validateAndRun(); - LOG.debug("Created new ConfigWatcher for URL [" + url + "]"); - } - - - public void init() { - if (sslConfigFileName != null) { - LOG.debug("Loading SSL Configuration from [" + sslConfigFileName + "]"); - InputStream in = null ; - try { - Configuration conf = new Configuration() ; - in = getFileInputStream(sslConfigFileName) ; - if (in != null) { - conf.addResource(in); - } - - rangerCp = RangerCredentialProvider.getInstance(); - - keyStoreFile = conf.get(RangerConstants.RANGER_POLICYMGR_CLIENT_KEY_FILE); - - keyStoreURL=conf.get(RangerConstants.RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL); - keyStoreAlias=RangerConstants.RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS; - - char[] v_keyStoreFilePwd = getCredential(keyStoreURL,keyStoreAlias); - if ( v_keyStoreFilePwd == null ) { - keyStoreFilepwd = null; - } else { - keyStoreFilepwd = new String(v_keyStoreFilePwd); - } - - trustStoreFile = conf.get(RangerConstants.RANGER_POLICYMGR_TRUSTSTORE_FILE); - - trustStoreURL=conf.get(RangerConstants.RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL); - trustStoreAlias=RangerConstants.RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS; - - char[] v_TrustStoreFilePwd = getCredential(trustStoreURL,trustStoreAlias); - if ( v_TrustStoreFilePwd == null ) { - trustStoreFilepwd = null; - } else { - trustStoreFilepwd = new String(v_TrustStoreFilePwd); - } - - - keyStoreType = conf.get(RangerConstants.RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE, RangerConstants.RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT); - trustStoreType = conf.get(RangerConstants.RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE, RangerConstants.RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT); - } - catch(IOException ioe) { - LOG.error("Unable to load SSL Config FileName: [" + sslConfigFileName + "]", ioe); - } - finally { - if (in != null) { - try { - in.close() ; - } catch (IOException e) { - LOG.error("Unable to close SSL Config FileName: [" + sslConfigFileName + "]", e) ; - } - } - } - - LOG.debug("Keystore filename:[" + keyStoreFile + "]"); - LOG.debug("TrustStore filename:[" + trustStoreFile + "]"); - - } - } - - public String getURL() { - return url; - } - - public long getIntervalInMilliSeconds() { - return intervalInMilliSeconds; - } - - public long getLastModifiedTime() { - return lastModifiedTime; - } - - public void run() { - while (!shutdownFlag) { - validateAndRun(); - try { - Thread.sleep(intervalInMilliSeconds); - } catch (InterruptedException e) { - LOG.error("Unable to complete sleep for [" + intervalInMilliSeconds + "]", e); - } - } - } - - private void validateAndRun() { - if (isFileChanged()) { - LOG.debug("Policy has been changed from " + url + " ... RELOADING"); - try { - doOnChange(); - } catch (Exception e) { - LOG.error("Unable to complete doOnChange() method on file change [" + url + "]", e); - } - } else { - LOG.debug("No Change found in the policy from " + url); - } - } - - public boolean iscacheModfied() { - return cacheModfied; - } - - private boolean isFileChanged() { - boolean isChanged = false; - - cacheModfied = false; - try { - - Client client = null; - ClientResponse response = null; - - try { - - int policyCount = getPolicyCount(policyContainer); - - if (url.contains("https")) { - // build SSL Client - client = buildSSLClient(); - } - - if (client == null) { - client = Client.create(); - } - - WebResource webResource = client.resource(url) - .queryParam(LASTUPDATED_PARAM, String.valueOf(lastModifiedTime)) - .queryParam(POLICY_COUNT_PARAM, String.valueOf(policyCount)) - .queryParam(AGENT_NAME_PARAM, agentName); - - response = webResource.accept(EXPECTED_MIME_TYPE).get(ClientResponse.class); - - - if (response != null) { - - boolean responsePresent = true; - int responseStatus = response.getStatus(); - - if ( fetchPolicyfromCahce(responsePresent,responseStatus,lastStoredFileName) ) { - /* If the response is other than 200 and 304 load the policy from the cache */ - isChanged = true; - - } else { - /* If Policy Manager is available fetch the policy from it */ - if (response.getStatus() == 200) { - String jsonString = response.getEntity(String.class); - Gson gson = new GsonBuilder().setPrettyPrinting().addDeserializationExclusionStrategy(policyExclusionStrategy).create(); - PolicyContainer newPolicyContainer = gson.fromJson(jsonString, PolicyContainer.class); - if ((newPolicyContainer.getLastUpdatedTimeInEpoc() > lastModifiedTime) || (getPolicyCount(newPolicyContainer) != policyCount)) { - policyContainer = newPolicyContainer; - lastModifiedTime = policyContainer.getLastUpdatedTimeInEpoc(); - isChanged = true; - policyCacheLoadedOnce = false; - cacheModfied = true; - if (LOG.isDebugEnabled()) { - LOG.debug("Got response: 200 with {change in lastupdatedTime}\n" + gson.toJson(newPolicyContainer)); - } - } else { - if (LOG.isDebugEnabled()) { - LOG.debug("Got response: 200 with {no-change in lastupdatedTime}\n" + gson.toJson(newPolicyContainer)); - } - isChanged = false; - } - } else if (response.getStatus() == 304) { - if (LOG.isDebugEnabled()) { - LOG.debug("Got response: 304 "); - } - isChanged = false; // No Change has been there since our - // earlier request - } else { - LOG.error("Unable to get a valid response for isFileChanged() call for [" + url + "] = response code found [" + response.getStatus() + "]"); - } - } - - } else { - LOG.error("Unable to get a valid response for isFileChanged() call for [" + url + "] - got null response."); - // force the policy update to get fresh copy - lastModifiedTime = 0; - } - - } finally { - if (response != null) { - response.close(); - } - if (client != null) { - client.destroy(); - } - } - } catch (Throwable t) { - - boolean responsePresent = false; - int responseStatus = -1; - if (LOG.isDebugEnabled()) { - LOG.debug("Policy Manager Failed",t); - } - if ( fetchPolicyfromCahce(responsePresent,responseStatus,lastStoredFileName) ) { - /* Successfully found the Policy Cache file and loaded */ - isChanged = false; - } else { - LOG.error("Unable to complete isFileChanged() call for [" + url + "]", t); - // force the policy update to get fresh copy - lastModifiedTime = 0; - LOG.error("Policy file Cache not found.."); - throw new RuntimeException("Unable to find Enterprise Policy Storage"); - } - - } finally { - if (isChanged) { - LOG.info("URL: [" + url + "], isModified: " + isChanged + ", lastModifiedTime:" + lastModifiedTime); - } else if (LOG.isDebugEnabled()) { - LOG.debug("URL: [" + url + "], isModified: " + isChanged + ", lastModifiedTime:" + lastModifiedTime); - } - } - return isChanged; - } - - public PolicyContainer getPolicyContainer() { - return policyContainer; - } - - private int getPolicyCount(PolicyContainer aPolicyContainer) { - return (aPolicyContainer == null ? 0 : (aPolicyContainer.getAcl() == null ? 0 : aPolicyContainer.getAcl().size())); - } - - - public synchronized Client buildSSLClient() { - Client client = null; - try { - - ClientConfig config = new DefaultClientConfig(); - - if (sslContext == null) { - - KeyManager[] kmList = null; - TrustManager[] tmList = null; - - if (keyStoreFile != null && keyStoreFilepwd != null) { - - KeyStore keyStore = KeyStore.getInstance(keyStoreType); - InputStream in = null ; - try { - in = getFileInputStream(keyStoreFile) ; - if (in == null) { - LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]"); - return client ; - } - keyStore.load(in, keyStoreFilepwd.toCharArray()); - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RangerConstants.RANGER_SSL_KEYMANAGER_ALGO_TYPE); - keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray()); - kmList = keyManagerFactory.getKeyManagers(); - } - finally { - if (in != null) { - in.close(); - } - } - - } - - if (trustStoreFile != null && trustStoreFilepwd != null) { - - KeyStore trustStore = KeyStore.getInstance(trustStoreType); - InputStream in = null ; - try { - in = getFileInputStream(trustStoreFile) ; - if (in == null) { - LOG.error("Unable to obtain keystore from file [" + trustStoreFile + "]"); - return client ; - } - trustStore.load(in, trustStoreFilepwd.toCharArray()); - TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RangerConstants.RANGER_SSL_TRUSTMANAGER_ALGO_TYPE); - trustManagerFactory.init(trustStore); - tmList = trustManagerFactory.getTrustManagers(); - } - finally { - if (in != null) { - in.close() ; - } - } - } - - sslContext = SSLContext.getInstance(RangerConstants.RANGER_SSL_CONTEXT_ALGO_TYPE); - - sslContext.init(kmList, tmList, new SecureRandom()); - - hv = new HostnameVerifier() { - public boolean verify(String urlHostName, SSLSession session) { - return session.getPeerHost().equals(urlHostName); - } - }; - - } - - config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext)); - - client = Client.create(config); - - } catch (KeyStoreException e) { - LOG.error("Unable to obtain from KeyStore", e); - } catch (NoSuchAlgorithmException e) { - LOG.error("SSL algorithm is available in the environment", e); - } catch (CertificateException e) { - LOG.error("Unable to obtain the requested certification ", e); - } catch (FileNotFoundException e) { - LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e); - } catch (IOException e) { - LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e); - } catch (KeyManagementException e) { - LOG.error("Unable to initials the SSLContext", e); - } catch (UnrecoverableKeyException e) { - LOG.error("Unable to recover the key from keystore", e); - } - return client; - } - - private InputStream getFileInputStream(String fileName) throws IOException { - InputStream in = null ; - - File f = new File(fileName) ; - - if (f.exists()) { - in = new FileInputStream(f) ; - } - else { - in = ClassLoader.getSystemResourceAsStream(fileName) ; - } - return in ; - } - - public static String getAgentName(String aUrl) { - String hostName = null ; - String repoName = null ; - try { - hostName = InetAddress.getLocalHost().getHostName() ; - } catch (UnknownHostException e) { - LOG.error("ERROR: Unable to find hostname for the agent ", e); - hostName = "unknownHost" ; - } - - String[] tokens = aUrl.split("/") ; - - if ( tokens.length > 0 ) { - repoName = tokens[tokens.length-1] ; - } - else { - repoName = "unknownRepo" ; - } - - String agentName = hostName + "-" + repoName ; - - if (agentName.length() > MAX_AGENT_NAME_LEN ) { - agentName = agentName.substring(0,MAX_AGENT_NAME_LEN) ; - } - - return agentName ; - } - - private boolean fetchPolicyfromCahce( boolean responsePresent, int responseStatus, String lastStoredFileName){ - - boolean cacheFound = false; - - if ( ( responsePresent == false ) || ( responseStatus != 200 && responseStatus != 304) ) { - - /* Policy Manager not available read the policy from the last enforced one */ - - if (policyCacheLoadedOnce) { - cacheFound = true; - return cacheFound; - } - - try { - /* read the last stored policy file and load the PolicyContainer */ - LOG.info("Policy Manager not available, using the last stored Policy File" + this.lastStoredFileName ); - LOG.debug("LastStoredFileName when policymgr was available" + this.lastStoredFileName); - - BufferedReader jsonString = new BufferedReader(new FileReader(this.lastStoredFileName)); - Gson gson = new GsonBuilder().setPrettyPrinting().addDeserializationExclusionStrategy(policyExclusionStrategy).create(); - PolicyContainer newPolicyContainer = gson.fromJson(jsonString, PolicyContainer.class); - policyContainer = newPolicyContainer; - lastModifiedTime = policyContainer.getLastUpdatedTimeInEpoc(); - if (LOG.isDebugEnabled()) { - LOG.debug("Policy Manager not available.Got response =" + responseStatus +"\n" + gson.toJson(newPolicyContainer)); - } - - cacheFound = true; - policyCacheLoadedOnce = true; - - } catch( FileNotFoundException fe ){ - - /* unable to get the last stored policy, raise warning for unavailability of policy cache file and continue...*/ - if ( this.lastStoredFileName == null ) { - LOG.info("Policy cache file not found...XAagent authorization not enabled"); - } - else { - LOG.info("Unable to access Policy cache file...XAagent authorization not enabled"); - } - } - - } - - return cacheFound; - } - - private char[] getCredential(String url, String alias) { - char[] credStr=rangerCp.getCredentialString(url,alias); - return credStr; - } -} - http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/src/main/java/org/apache/ranger/pdp/config/Jersey2ConfigWatcher.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/config/Jersey2ConfigWatcher.java b/agents-impl/src/main/java/org/apache/ranger/pdp/config/Jersey2ConfigWatcher.java deleted file mode 100644 index 4fcb489..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/config/Jersey2ConfigWatcher.java +++ /dev/null @@ -1,565 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ranger.pdp.config; - -import java.io.BufferedReader; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.FileReader; -import java.io.IOException; -import java.io.InputStream; -import java.net.InetAddress; -import java.net.UnknownHostException; -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.ws.rs.client.Client; -import javax.ws.rs.client.ClientBuilder; -import javax.ws.rs.client.WebTarget; -import javax.ws.rs.core.Response; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.conf.Configuration; -import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider; -import org.apache.ranger.pdp.config.gson.PolicyExclusionStrategy; -import org.apache.ranger.pdp.constants.RangerConstants; -import org.apache.ranger.pdp.model.PolicyContainer; -import org.glassfish.jersey.client.ClientConfig; - -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.sun.jersey.client.urlconnection.HTTPSProperties; - -public abstract class Jersey2ConfigWatcher extends Thread { - - private static final Log LOG = LogFactory.getLog(Jersey2ConfigWatcher.class); - - public static final String EXPECTED_MIME_TYPE = "application/json" ; - - // public static final String EXPECTED_MIME_TYPE = "application/octet-stream"; - - private static final String LASTUPDATED_PARAM = "epoch"; - private static final String POLICY_COUNT_PARAM = "policyCount"; - private static final String AGENT_NAME_PARAM = "agentId" ; - - private static final int MAX_AGENT_NAME_LEN = 255 ; - - private static final String RANGER_KNOX_CREDENTIAL_PROVIDER_FILE - = "xasecure.knox.credential.provider.file"; - - private String url; - - private long intervalInMilliSeconds; - - private long lastModifiedTime = 0; - - private boolean shutdownFlag = false; - - private String lastStoredFileName = null; - - protected PolicyContainer policyContainer = null; - - private static PolicyExclusionStrategy policyExclusionStrategy = new PolicyExclusionStrategy(); - - private static RangerCredentialProvider rangerCp = null; - - public abstract void doOnChange(); - - private String credentialProviderFile = null; - private String keyStoreFile = null ; - private String keyStorePassword = null; - private String trustStoreFile = null ; - private String trustStorePassword = null ; - private String keyStoreType = null ; - private String trustStoreType = null ; - private SSLContext sslContext = null ; - private HostnameVerifier hv = null ; - private String agentName = "unknown" ; - - private String sslConfigFileName = null ; - - boolean policyCacheLoadedOnce = false; - - public Jersey2ConfigWatcher(String url, long aIntervalInMilliSeconds,String sslConfigFileName,String lastStoredFileName) { - super("RangerConfigURLWatcher"); - setDaemon(true); - this.url = url; - intervalInMilliSeconds = aIntervalInMilliSeconds; - this.sslConfigFileName = sslConfigFileName ; - this.agentName = getAgentName(this.url) ; - this.lastStoredFileName = lastStoredFileName; - if (LOG.isInfoEnabled()) { - LOG.info("Creating PolicyRefreshser with url: " + url + - ", refreshInterval(milliSeconds): " + aIntervalInMilliSeconds + - ", sslConfigFileName: " + sslConfigFileName + - ", lastStoredFileName: " + lastStoredFileName); - } - init(); - validateAndRun(); - LOG.debug("Created new ConfigWatcher for URL [" + url + "]"); - } - - - public void init() { - if (sslConfigFileName != null) { - LOG.debug("Loading SSL Configuration from [" + sslConfigFileName - + "]"); - InputStream in = null; - try { - Configuration conf = new Configuration(); - in = getFileInputStream(sslConfigFileName); - if (in != null) { - conf.addResource(in); - } - - if (url.startsWith("https")) { - rangerCp = RangerCredentialProvider.getInstance(); - - keyStoreFile = conf - .get(RangerConstants.RANGER_POLICYMGR_CLIENT_KEY_FILE); - - credentialProviderFile = conf - .get(RANGER_KNOX_CREDENTIAL_PROVIDER_FILE); - String keyStorePasswordAlias = RangerConstants.RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS; - - char[] v_keyStorePassword = getCredential(credentialProviderFile, - keyStorePasswordAlias); - if (v_keyStorePassword == null) { - keyStorePassword = null; - } else { - keyStorePassword = new String(v_keyStorePassword); - } - - trustStoreFile = conf - .get(RangerConstants.RANGER_POLICYMGR_TRUSTSTORE_FILE); - - //trustStoreURL = conf - // .get(RangerConstants.RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL); - String trustStorePasswordAlias = RangerConstants.RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS; - - char[] v_trustStorePassword = getCredential(credentialProviderFile, - trustStorePasswordAlias); - if (v_trustStorePassword == null) { - trustStorePassword = null; - } else { - trustStorePassword = new String(v_trustStorePassword); - } - - keyStoreType = conf - .get(RangerConstants.RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE, - RangerConstants.RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT); - trustStoreType = conf - .get(RangerConstants.RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE, - RangerConstants.RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT); - } - } catch (IOException ioe) { - LOG.error("Unable to load SSL Config FileName: [" - + sslConfigFileName + "]", ioe); - } finally { - if (in != null) { - try { - in.close(); - } catch (IOException e) { - LOG.error("Unable to close SSL Config FileName: [" - + sslConfigFileName + "]", e); - } - } - } - - LOG.debug("Keystore filename:[" + keyStoreFile + "]"); - LOG.debug("TrustStore filename:[" + trustStoreFile + "]"); - - } - } - - public String getURL() { - return url; - } - - public long getIntervalInMilliSeconds() { - return intervalInMilliSeconds; - } - - public long getLastModifiedTime() { - return lastModifiedTime; - } - - public void run() { - while (!shutdownFlag) { - validateAndRun(); - try { - Thread.sleep(intervalInMilliSeconds); - } catch (InterruptedException e) { - LOG.error("Unable to complete sleep for [" + intervalInMilliSeconds + "]", e); - } - } - } - - private void validateAndRun() { - if (isFileChanged()) { - LOG.debug("Policy has been changed from " + url + " ... RELOADING"); - try { - doOnChange(); - } catch (Exception e) { - LOG.error("Unable to complete doOnChange() method on file change [" + url + "]", e); - } - } else { - LOG.debug("No Change found in the policy from " + url); - } - } - - private boolean isFileChanged() { - boolean isChanged = false; - - - try { - - Client client = null; - Response response = null; - - try { - - int policyCount = getPolicyCount(policyContainer); - - if (url.contains("https")) { - // build SSL Client - client = buildSSLClient(); - } - - if (client == null) { - client = ClientBuilder.newClient(); - } - - WebTarget webTarget = client.target(url) - .queryParam(LASTUPDATED_PARAM, String.valueOf(lastModifiedTime)) - .queryParam(POLICY_COUNT_PARAM, String.valueOf(policyCount)) - .queryParam(AGENT_NAME_PARAM, agentName); - - response = webTarget.request().accept(EXPECTED_MIME_TYPE).get(); - - - if (response != null) { - - Boolean responsePresent = true; - int responseStatus = response.getStatus(); - - if ( fetchPolicyfromCahce(responsePresent,responseStatus,lastStoredFileName) ) { - /* If the response is other than 200 and 304 load the policy from the cache */ - isChanged = true; - - } else { - /* - * If Policy Manager is available fetch the policy from - * it - */ - if (response.getStatus() == 200) { - - String entityString = response - .readEntity(String.class); - if (LOG.isDebugEnabled()) { - LOG.debug("JSON response from server: " - + entityString); - } - - Gson gson = new GsonBuilder() - .setPrettyPrinting() - .addDeserializationExclusionStrategy( - policyExclusionStrategy).create(); - PolicyContainer newPolicyContainer = gson.fromJson( - entityString, PolicyContainer.class); - if ((newPolicyContainer.getLastUpdatedTimeInEpoc() > lastModifiedTime) - || (getPolicyCount(newPolicyContainer) != policyCount)) { - policyContainer = newPolicyContainer; - lastModifiedTime = policyContainer - .getLastUpdatedTimeInEpoc(); - isChanged = true; - if (LOG.isDebugEnabled()) { - LOG.debug("Got response: 200 with {change in lastupdatedTime}\n" - + gson.toJson(newPolicyContainer)); - } - } else { - if (LOG.isDebugEnabled()) { - LOG.debug("Got response: 200 with {no-change in lastupdatedTime}\n" - + gson.toJson(newPolicyContainer)); - } - isChanged = false; - } - } else if (response.getStatus() == 304) { - if (LOG.isDebugEnabled()) { - LOG.debug("Got response: 304 "); - } - isChanged = false; // No Change has been there since - // our - // earlier request - } else { - LOG.error("Unable to get a valid response for isFileChanged() call for [" - + url - + "] = response code found [" - + response.getStatus() + "]"); - } - } - - } else { - LOG.error("Unable to get a valid response for isFileChanged() call for [" + url + "] - got null response."); - // force the policy update to get fresh copy - lastModifiedTime = 0; - } - - } finally { - if (response != null) { - response.close(); - } - if (client != null) { - client.close(); - } - } - } catch (Throwable t) { - - Boolean responsePresent = false; - int responseStatus = -1; - - if ( fetchPolicyfromCahce(responsePresent,responseStatus,lastStoredFileName) ) { - /* Successfully found the Policy Cache file and loaded */ - isChanged = true; - } else { - LOG.error("Unable to complete isFileChanged() call for [" + url + "]", t); - // force the policy update to get fresh copy - lastModifiedTime = 0; - LOG.error("Policy file Cache not found.."); - throw new RuntimeException("Unable to find Enterprise Policy Storage"); - } - - } finally { - if (isChanged) { - LOG.info("URL: [" + url + "], isModified: " + isChanged + ", lastModifiedTime:" + lastModifiedTime); - } else if (LOG.isDebugEnabled()) { - LOG.debug("URL: [" + url + "], isModified: " + isChanged + ", lastModifiedTime:" + lastModifiedTime); - } - } - return isChanged; - } - - public PolicyContainer getPolicyContainer() { - return policyContainer; - } - - private int getPolicyCount(PolicyContainer aPolicyContainer) { - return (aPolicyContainer == null ? 0 : (aPolicyContainer.getAcl() == null ? 0 : aPolicyContainer.getAcl().size())); - } - - - public synchronized Client buildSSLClient() { - Client client = null; - try { - - ClientConfig config = new ClientConfig(); - - if (sslContext == null) { - - KeyManager[] kmList = null; - TrustManager[] tmList = null; - - if (keyStoreFile != null && keyStorePassword != null) { - - KeyStore keyStore = KeyStore.getInstance(keyStoreType); - InputStream in = null ; - try { - in = getFileInputStream(keyStoreFile) ; - if (in == null) { - LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]"); - return client ; - } - keyStore.load(in, keyStorePassword.toCharArray()); - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RangerConstants.RANGER_SSL_KEYMANAGER_ALGO_TYPE); - keyManagerFactory.init(keyStore, keyStorePassword.toCharArray()); - kmList = keyManagerFactory.getKeyManagers(); - } - finally { - if (in != null) { - in.close(); - } - } - - } - - if (trustStoreFile != null && trustStorePassword != null) { - - KeyStore trustStore = KeyStore.getInstance(trustStoreType); - InputStream in = null ; - try { - in = getFileInputStream(trustStoreFile) ; - if (in == null) { - LOG.error("Unable to obtain keystore from file [" + trustStoreFile + "]"); - return client ; - } - trustStore.load(in, trustStorePassword.toCharArray()); - TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RangerConstants.RANGER_SSL_TRUSTMANAGER_ALGO_TYPE); - trustManagerFactory.init(trustStore); - tmList = trustManagerFactory.getTrustManagers(); - } - finally { - if (in != null) { - in.close() ; - } - } - } - - sslContext = SSLContext.getInstance(RangerConstants.RANGER_SSL_CONTEXT_ALGO_TYPE); - - sslContext.init(kmList, tmList, new SecureRandom()); - - hv = new HostnameVerifier() { - public boolean verify(String urlHostName, SSLSession session) { - return session.getPeerHost().equals(urlHostName); - } - }; - - } - - config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext)); - - client = ClientBuilder.newClient(config); - - } catch (KeyStoreException e) { - LOG.error("Unable to obtain from KeyStore", e); - } catch (NoSuchAlgorithmException e) { - LOG.error("SSL algorithm is available in the environment", e); - } catch (CertificateException e) { - LOG.error("Unable to obtain the requested certification ", e); - } catch (FileNotFoundException e) { - LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e); - } catch (IOException e) { - LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e); - } catch (KeyManagementException e) { - LOG.error("Unable to initials the SSLContext", e); - } catch (UnrecoverableKeyException e) { - LOG.error("Unable to recover the key from keystore", e); - } - return client; - } - - private InputStream getFileInputStream(String fileName) throws IOException { - InputStream in = null ; - - File f = new File(fileName) ; - - if (f.exists()) { - in = new FileInputStream(f) ; - } - else { - in = ClassLoader.getSystemResourceAsStream(fileName) ; - } - return in ; - } - - public static String getAgentName(String aUrl) { - String hostName = null ; - String repoName = null ; - try { - hostName = InetAddress.getLocalHost().getHostName() ; - } catch (UnknownHostException e) { - LOG.error("ERROR: Unable to find hostname for the agent ", e); - hostName = "unknownHost" ; - } - - String[] tokens = aUrl.split("/") ; - - if ( tokens.length > 0 ) { - repoName = tokens[tokens.length-1] ; - } - else { - repoName = "unknownRepo" ; - } - - String agentName = hostName + "-" + repoName ; - - if (agentName.length() > MAX_AGENT_NAME_LEN ) { - agentName = agentName.substring(0,MAX_AGENT_NAME_LEN) ; - } - - return agentName ; - } - - private boolean fetchPolicyfromCahce( Boolean responsePresent, int responseStatus, String lastStoredFileName){ - - boolean cacheFound = false; - - if ( ( responsePresent == false ) || ( responseStatus != 200 && responseStatus != 304) ) { - - /* Policy Manager not available read the policy from the last enforced one */ - - if (policyCacheLoadedOnce) { - cacheFound = true; - return cacheFound; - } - - try { - /* read the last stored policy file and load the PolicyContainer */ - LOG.info("Policy Manager not available, using the last stored Policy File" + this.lastStoredFileName ); - LOG.debug("LastStoredFileName when policymgr was available" + this.lastStoredFileName); - - BufferedReader jsonString = new BufferedReader(new FileReader(this.lastStoredFileName)); - Gson gson = new GsonBuilder().setPrettyPrinting().addDeserializationExclusionStrategy(policyExclusionStrategy).create(); - PolicyContainer newPolicyContainer = gson.fromJson(jsonString, PolicyContainer.class); - policyContainer = newPolicyContainer; - lastModifiedTime = policyContainer.getLastUpdatedTimeInEpoc(); - if (LOG.isDebugEnabled()) { - LOG.debug("Policy Manager not available.Got response =" + responseStatus +"\n" + gson.toJson(newPolicyContainer)); - } - - cacheFound = true; - policyCacheLoadedOnce = true; - - } catch( FileNotFoundException fe ){ - - /* unable to get the last stored policy, raise warning for unavailability of policy cache file and continue...*/ - if ( this.lastStoredFileName == null ) { - LOG.info("Policy cache file not found...XAagent authorization not enabled"); - } - else { - LOG.info("Unable to access Policy cache file...XAagent authorization not enabled"); - } - } - - } - - return cacheFound; - } - - private char[] getCredential(String url, String alias) { - char[] credStr=rangerCp.getCredentialString(url,alias); - return credStr; - } - -} - http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/src/main/java/org/apache/ranger/pdp/config/Jersey2PolicyRefresher.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/config/Jersey2PolicyRefresher.java b/agents-impl/src/main/java/org/apache/ranger/pdp/config/Jersey2PolicyRefresher.java deleted file mode 100644 index 112b89a..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/config/Jersey2PolicyRefresher.java +++ /dev/null @@ -1,207 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.pdp.config; - -import java.io.File; -import java.io.FileWriter; -import java.io.IOException; -import java.io.PrintWriter; -import java.text.SimpleDateFormat; -import java.util.Date; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.ranger.pdp.config.gson.PolicyExclusionStrategy; -import org.apache.ranger.pdp.model.PolicyContainer; - -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; - -public class Jersey2PolicyRefresher { - - private static final Log LOG = LogFactory.getLog(Jersey2PolicyRefresher.class); - - private String url ; - private long refreshInterval ; - - private Jersey2ConfigWatcher watcherDaemon = null; - - protected PolicyContainer policyContainer = null ; - - private PolicyChangeListener policyChangeListener = null ; - - private String saveAsFileName = null ; - - private String sslConfigFileName = null ; - - private String lastStoredFileName = null; - - private PolicyExclusionStrategy policyExclusionStrategy = new PolicyExclusionStrategy() ; - - public Jersey2PolicyRefresher(String url, long refreshInterval, String sslConfigFileName, String lastStoredFileName) { - if (LOG.isInfoEnabled()) { - LOG.info("Creating PolicyRefreshser with url: " + url + - ", refreshInterval: " + refreshInterval + - ", sslConfigFileName: " + sslConfigFileName + - ", lastStoredFileName: " + lastStoredFileName); - } - this.url = url ; - this.refreshInterval = refreshInterval ; - this.sslConfigFileName = sslConfigFileName ; - this.lastStoredFileName = lastStoredFileName; - checkFileWatchDogThread(); - } - - public PolicyChangeListener getPolicyChangeListener() { - return policyChangeListener; - } - - public synchronized void setPolicyChangeListener(PolicyChangeListener policyChangeListener) { - this.policyChangeListener = policyChangeListener; - if (this.policyContainer != null) { - savePolicyToFile() ; - notifyPolicyChange() ; - } - } - - private void setPolicyContainer(PolicyContainer aPolicyContainer) { - this.policyContainer = aPolicyContainer ; - } - - public PolicyContainer getPolicyContainer() { - return policyContainer ; - } - - public String getSaveAsFileName() { - return saveAsFileName; - } - - public void setSaveAsFileName(String saveAsFileName) { - this.saveAsFileName = saveAsFileName; - } - - public String getSslConfigFileName() { - return sslConfigFileName; - } - - public String getLastStoredFileName() { - return lastStoredFileName; - } - - public void setLastStoredFileName(String lastStoredFileName) { - this.lastStoredFileName = lastStoredFileName; - } - - public void setSslConfigFileName(String sslConfigFileName) { - this.sslConfigFileName = sslConfigFileName; - } - - - private synchronized void checkFileWatchDogThread() { - if (watcherDaemon == null) { - try { - if (LOG.isDebugEnabled()) { - LOG.debug("Starting WatchDog for the Path [" + url + "] ...."); - } - watcherDaemon = new Jersey2ConfigWatcher(url, refreshInterval,sslConfigFileName,this.getLastStoredFileName()) { - public void doOnChange() { - PolicyContainer newPolicyContainer = getPolicyContainer() ; - setPolicyContainer(newPolicyContainer) ; - savePolicyToFile() ; - notifyPolicyChange(); - }; - }; - watcherDaemon.start(); - if (LOG.isDebugEnabled()) { - LOG.debug("Completed kick-off of FileWatchDog for the Path [" + url + "] interval in millisecond:" + refreshInterval); - } - } catch (Throwable t) { - LOG.error("Unable to start the FileWatchDog for path [" + url + "]", t); - } - } - } - - private void notifyPolicyChange() { - if (policyChangeListener != null) { - try { - policyChangeListener.OnPolicyChange(policyContainer); - } - catch(Throwable t) { - LOG.error("Error during notification of policy changes to listener [" + policyChangeListener + "]", t) ; - } - finally { - LOG.debug("Completed notification of policy changes to listener [" + policyChangeListener + "]") ; - } - } - } - - - private void savePolicyToFile() { - - LOG.debug("savePolicyToFile() is called with [" + saveAsFileName + "] - START") ; - String fileName = null; - if (saveAsFileName != null) { - String currentDateTime = new SimpleDateFormat("yyyyMMddHHmmss").format(new Date()) ; - fileName = saveAsFileName + "." + currentDateTime ; - File saveFile = new File(fileName) ; - Gson gson = new GsonBuilder().setPrettyPrinting().setExclusionStrategies(policyExclusionStrategy).create() ; - String policyAsJson = gson.toJson(policyContainer) ; - PrintWriter writer = null ; - try { - writer = new PrintWriter(new FileWriter(saveFile)) ; - writer.println(policyAsJson) ; - } - catch(IOException ioe) { - LOG.error("Unable to save policy into file: [" + saveFile.getAbsolutePath() + "]", ioe); - } - finally { - if (writer != null) { - writer.close(); - } - } - - if (lastStoredFileName != null) { - File lastSaveFileName = new File(lastStoredFileName); - - try { - writer = new PrintWriter(new FileWriter(lastSaveFileName)); - writer.println(policyAsJson); - - } - catch(IOException ioe){ - LOG.error("Unable to save the policy into Last Stored Policy File [" + lastSaveFileName.getAbsolutePath() + "]", ioe ); - } - finally { - //make the policy file cache to be 600 permission when it gets created and updated - lastSaveFileName.setReadable(false,false); - lastSaveFileName.setReadable(true,true); - if (writer != null) { - writer.close(); - } - } - - } - } - - LOG.debug("savePolicyToFile() is called with [" + fileName + "] - END") ; - - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/src/main/java/org/apache/ranger/pdp/config/PolicyChangeListener.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/config/PolicyChangeListener.java b/agents-impl/src/main/java/org/apache/ranger/pdp/config/PolicyChangeListener.java deleted file mode 100644 index a403e54..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/config/PolicyChangeListener.java +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package org.apache.ranger.pdp.config; - -import org.apache.ranger.pdp.model.PolicyContainer; - -public interface PolicyChangeListener { - public void OnPolicyChange(PolicyContainer aPolicyContainer) ; -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/src/main/java/org/apache/ranger/pdp/config/PolicyRefresher.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/config/PolicyRefresher.java b/agents-impl/src/main/java/org/apache/ranger/pdp/config/PolicyRefresher.java deleted file mode 100644 index 5c94c91..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/config/PolicyRefresher.java +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.pdp.config; - -import java.io.File; -import java.io.FileWriter; -import java.io.IOException; -import java.io.PrintWriter; -import java.text.SimpleDateFormat; -import java.util.Date; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.ranger.pdp.config.gson.PolicyExclusionStrategy; -import org.apache.ranger.pdp.model.PolicyContainer; - -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; - -public class PolicyRefresher { - - private static final Log LOG = LogFactory.getLog(PolicyRefresher.class); - - private String url ; - private long refreshInterval ; - - private ConfigWatcher watcherDaemon = null; - - protected PolicyContainer policyContainer = null ; - - private PolicyChangeListener policyChangeListener = null ; - - private String saveAsFileName = null ; - - private String sslConfigFileName = null ; - - private String lastStoredFileName = null; - - private PolicyExclusionStrategy policyExclusionStrategy = new PolicyExclusionStrategy() ; - - public PolicyRefresher(String url, long refreshInterval, String sslConfigFileName, String lastStoredFileName) { - if (LOG.isInfoEnabled()) { - LOG.info("Creating PolicyRefreshser with url: " + url + - ", refreshInterval: " + refreshInterval + - ", sslConfigFileName: " + sslConfigFileName + - ", lastStoredFileName: " + lastStoredFileName); - } - this.url = url ; - this.refreshInterval = refreshInterval ; - this.sslConfigFileName = sslConfigFileName ; - this.lastStoredFileName = lastStoredFileName; - checkFileWatchDogThread(); - } - - public PolicyChangeListener getPolicyChangeListener() { - return policyChangeListener; - } - - public synchronized void setPolicyChangeListener(PolicyChangeListener policyChangeListener) { - this.policyChangeListener = policyChangeListener; - if (this.policyContainer != null) { - savePolicyToFile() ; - savePolicyToCacheFile(); - notifyPolicyChange() ; - } - } - - public void setPolicyContainer(PolicyContainer aPolicyContainer) { - this.policyContainer = aPolicyContainer ; - } - - public PolicyContainer getPolicyContainer() { - return policyContainer ; - } - - public String getSaveAsFileName() { - return saveAsFileName; - } - - public void setSaveAsFileName(String saveAsFileName) { - this.saveAsFileName = saveAsFileName; - } - - public String getSslConfigFileName() { - return sslConfigFileName; - } - - public String getLastStoredFileName() { - return lastStoredFileName; - } - - public void setLastStoredFileName(String lastStoredFileName) { - this.lastStoredFileName = lastStoredFileName; - } - - public void setSslConfigFileName(String sslConfigFileName) { - this.sslConfigFileName = sslConfigFileName; - } - - - private synchronized void checkFileWatchDogThread() { - if (watcherDaemon == null) { - try { - if (LOG.isDebugEnabled()) { - LOG.debug("Starting WatchDog for the Path [" + url + "] ...."); - } - watcherDaemon = new ConfigWatcher(url, refreshInterval,sslConfigFileName,this.getLastStoredFileName()) { - public void doOnChange() { - PolicyContainer newPolicyContainer = getPolicyContainer() ; - setPolicyContainer(newPolicyContainer) ; - savePolicyToFile() ; - savePolicyToCacheFile(); - notifyPolicyChange(); - }; - }; - watcherDaemon.start(); - if (LOG.isDebugEnabled()) { - LOG.debug("Completed kick-off of FileWatchDog for the Path [" + url + "] interval in millisecond:" + refreshInterval); - } - } catch (Throwable t) { - LOG.error("Unable to start the FileWatchDog for path [" + url + "]", t); - } - } - } - - private void notifyPolicyChange() { - if (policyChangeListener != null) { - try { - policyChangeListener.OnPolicyChange(policyContainer); - } - catch(Throwable t) { - LOG.error("Error during notification of policy changes to listener [" + policyChangeListener + "]", t) ; - } - finally { - LOG.debug("Completed notification of policy changes to listener [" + policyChangeListener + "]") ; - } - } - } - - - private void savePolicyToFile() { - if (watcherDaemon != null && !watcherDaemon.iscacheModfied()) { - // Do not Save the file if the policy is not modified. - return; - } - LOG.debug("savePolicyToFile() is called with [" + saveAsFileName + "] - START") ; - String fileName = null; - if (saveAsFileName != null) { - String currentDateTime = new SimpleDateFormat("yyyyMMddHHmmss").format(new Date()) ; - fileName = saveAsFileName + "." + currentDateTime ; - File saveFile = new File(fileName) ; - Gson gson = new GsonBuilder().setPrettyPrinting().setExclusionStrategies(policyExclusionStrategy).create() ; - String policyAsJson = gson.toJson(policyContainer) ; - PrintWriter writer = null ; - try { - writer = new PrintWriter(new FileWriter(saveFile)) ; - writer.println(policyAsJson) ; - } - catch(IOException ioe) { - LOG.warn("Unable to save policy into file: [" + saveFile.getAbsolutePath() + "]"); - } - finally { - if (writer != null) { - writer.close(); - } - } - LOG.debug("savePolicyToFile() is called with [" + fileName + "] - END") ; - } - } - - private void savePolicyToCacheFile() { - - if (watcherDaemon != null && !watcherDaemon.iscacheModfied()) { - // Don't Save the file if the policy is not modified. - return; - } - - LOG.debug("savePolicyToCacheFile() is called with [" + lastStoredFileName + "] - START") ; - - if (lastStoredFileName != null) { - - File lastSaveFile = new File(lastStoredFileName) ; - Gson gson = new GsonBuilder().setPrettyPrinting().setExclusionStrategies(policyExclusionStrategy).create() ; - String policyAsJson = gson.toJson(policyContainer) ; - PrintWriter writer = null ; - - try { - writer = new PrintWriter(new FileWriter(lastSaveFile)); - writer.println(policyAsJson); - - } - catch(IOException ioe){ - LOG.warn("Unable to save the policy into Last Stored Policy File [" + lastSaveFile.getAbsolutePath() + "]"); - } - finally { - //make the policy file cache to be 600 permission when it gets created and updated - boolean result = true; - result = lastSaveFile.setReadable(false,false) && result; - result = lastSaveFile.setWritable(false,false) && result; - result = lastSaveFile.setReadable(true,true) && result; - result = lastSaveFile.setWritable(true,true) && result; - if (!result) { - LOG.warn("Setting access permission to 600 on policy file [" + lastStoredFileName + "] failed!"); - } - if (writer != null) { - writer.close(); - } - } - - } - - LOG.debug("savePolicyToCacheFile() is called with [" + lastStoredFileName + "] - END") ; - - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/src/main/java/org/apache/ranger/pdp/config/gson/ExcludeSerialization.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/config/gson/ExcludeSerialization.java b/agents-impl/src/main/java/org/apache/ranger/pdp/config/gson/ExcludeSerialization.java deleted file mode 100644 index cbb460e..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/config/gson/ExcludeSerialization.java +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package org.apache.ranger.pdp.config.gson; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -@Retention(RetentionPolicy.RUNTIME) -@Target({ElementType.FIELD}) - -public @interface ExcludeSerialization { - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/src/main/java/org/apache/ranger/pdp/config/gson/PolicyExclusionStrategy.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/config/gson/PolicyExclusionStrategy.java b/agents-impl/src/main/java/org/apache/ranger/pdp/config/gson/PolicyExclusionStrategy.java deleted file mode 100644 index ad3a354..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/config/gson/PolicyExclusionStrategy.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package org.apache.ranger.pdp.config.gson; - -import com.google.gson.ExclusionStrategy; -import com.google.gson.FieldAttributes; - -public class PolicyExclusionStrategy implements ExclusionStrategy { - - @Override - public boolean shouldSkipClass(Class<?> objectClass) { - return (objectClass.getAnnotation(ExcludeSerialization.class) != null) ; - } - - @Override - public boolean shouldSkipField(FieldAttributes aFieldAttributes) { - return (aFieldAttributes.getAnnotation(ExcludeSerialization.class) != null) ; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/src/main/java/org/apache/ranger/pdp/constants/RangerConstants.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/constants/RangerConstants.java b/agents-impl/src/main/java/org/apache/ranger/pdp/constants/RangerConstants.java deleted file mode 100644 index 466e00f..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/constants/RangerConstants.java +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package org.apache.ranger.pdp.constants; - -public class RangerConstants { - public static final String PUBLIC_ACCESS_ROLE = "public" ; - - public static final String RANGER_HBASE_POLICYMGR_URL_PROP = "xasecure.hbase.policymgr.url"; - public static final String RANGER_HBASE_POLICYMGR_URL_SAVE_FILE_PROP = "xasecure.hbase.policymgr.url.saveAsFile"; - public static final String RANGER_HBASE_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP = "xasecure.hbase.policymgr.url.reloadIntervalInMillis"; - public static final String RANGER_HBASE_POLICYMGR_SSL_CONFIG_FILE_PROP = "xasecure.hbase.policymgr.ssl.config"; - public static final long RANGER_HBASE_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT = 60000L ; - public static final String RANGER_HBASE_LAST_SAVED_POLICY_FILE_PROP = "xasecure.hbase.policymgr.url.laststoredfile"; - - public static final String RANGER_HDFS_POLICYMGR_URL_PROP = "xasecure.hdfs.policymgr.url"; - public static final String RANGER_HDFS_POLICYMGR_URL_SAVE_FILE_PROP = "xasecure.hdfs.policymgr.url.saveAsFile"; - public static final String RANGER_HDFS_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP = "xasecure.hdfs.policymgr.url.reloadIntervalInMillis"; - public static final String RANGER_HDFS_POLICYMGR_SSL_CONFIG_FILE_PROP = "xasecure.hdfs.policymgr.ssl.config"; - public static final long RANGER_HDFS_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT = 60000L ; - public static final String RANGER_HDFS_LAST_SAVED_POLICY_FILE_PROP = "xasecure.hdfs.policymgr.url.laststoredfile"; - - - public static final String RANGER_KNOX_POLICYMGR_URL_PROP = "xasecure.knox.policymgr.url"; - public static final String RANGER_KNOX_POLICYMGR_URL_SAVE_FILE_PROP = "xasecure.knox.policymgr.url.saveAsFile"; - public static final String RANGER_KNOX_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP = "xasecure.knox.policymgr.url.reloadIntervalInMillis"; - public static final String RANGER_KNOX_POLICYMGR_SSL_CONFIG_FILE_PROP = "xasecure.knox.policymgr.ssl.config"; - public static final long RANGER_KNOX_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT = 60000L ; - public static final String RANGER_KNOX_LAST_SAVED_POLICY_FILE_PROP = "xasecure.knox.policymgr.url.laststoredfile"; - - - public static final String RANGER_HIVE_POLICYMGR_URL_PROP = "xasecure.hive.policymgr.url"; - public static final String RANGER_HIVE_POLICYMGR_URL_SAVE_FILE_PROP = "xasecure.hive.policymgr.url.saveAsFile"; - public static final String RANGER_HIVE_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP = "xasecure.hive.policymgr.url.reloadIntervalInMillis"; - public static final String RANGER_HIVE_POLICYMGR_SSL_CONFIG_FILE_PROP = "xasecure.hive.policymgr.ssl.config"; - public static final long RANGER_HIVE_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT = 60000L ; - public static final String RANGER_HIVE_LAST_SAVED_POLICY_FILE_PROP = "xasecure.hive.policymgr.url.laststoredfile"; - - - // xasecure 2-way ssl configuration - - public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE = "xasecure.policymgr.clientssl.keystore"; - public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password"; - public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE = "xasecure.policymgr.clientssl.keystore.type"; - public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.keystore.credential.file"; - public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS = "sslKeyStore"; - - public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT = "jks"; - - public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE = "xasecure.policymgr.clientssl.truststore"; - public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password"; - public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE = "xasecure.policymgr.clientssl.truststore.type"; - public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.truststore.credential.file"; - public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS = "sslTrustStore"; - - public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT = "jks"; - - - public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = "SunX509" ; - public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = "SunX509" ; - public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "SSL" ; - - - - public static final String RANGER_STORM_POLICYMGR_URL_PROP = "xasecure.storm.policymgr.url"; - public static final String RANGER_STORM_POLICYMGR_URL_SAVE_FILE_PROP = "xasecure.storm.policymgr.url.saveAsFile"; - public static final String RANGER_STORM_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_PROP = "xasecure.storm.policymgr.url.reloadIntervalInMillis"; - public static final String RANGER_STORM_POLICYMGR_SSL_CONFIG_FILE_PROP = "xasecure.storm.policymgr.ssl.config"; - public static final long RANGER_STORM_POLICYMGR_URL_RELOAD_INTERVAL_IN_MILLIS_DEFAULT = 60000L ; - public static final String RANGER_STORM_LAST_SAVED_POLICY_FILE_PROP = "xasecure.storm.policymgr.url.laststoredfile"; - - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/src/main/java/org/apache/ranger/pdp/model/Policy.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/model/Policy.java b/agents-impl/src/main/java/org/apache/ranger/pdp/model/Policy.java deleted file mode 100644 index 46ca26b..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/model/Policy.java +++ /dev/null @@ -1,326 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package org.apache.ranger.pdp.model; - -import java.util.ArrayList; -import java.util.List; - -import org.apache.ranger.pdp.config.gson.ExcludeSerialization; - -import com.google.gson.annotations.SerializedName; - -public class Policy { - - public static final String RESOURCE_SPLITER = "," ; - public static final String POLICY_ENABLED_STATUS = "Enabled" ; - public static final String SELECTION_TYPE_INCLUSIVE = "Inclusion" ; - public static final String SELECTION_TYPE_EXCLUSIVE = "Exclusion" ; - - // - // Only for HDFS policies - // - private String resource ; - @SerializedName("isRecursive") - private int recursiveInd; - - // Only for Knox Policies - // - - @SerializedName("topology_name") - private String topologies ; - - @SerializedName("service_name") - private String services ; - - - // - // Only for Hive Policies - // - - @SerializedName("database_name") - private String databases ; - - @SerializedName("table_name") - private String tables ; - - @SerializedName("udf_name") - private String udfs ; - - @SerializedName("column_name") - private String columns ; - - @SerializedName("column_families") - private String columnfamilies ; - - // - // Neede for all Policies - // - @SerializedName("permission") - private List<RolePermission> permissions ; - - @SerializedName("audit") - private int auditInd ; - - @SerializedName("encrypt") - private int encryptInd ; - - @SerializedName("policyStatus") - private String policyStatus; - - @SerializedName("tablePolicyType") - private String tableSelectionType ; - - @SerializedName("columnPolicyType") - private String columnSelectionType ; - - // Derived fields for PolicyAnalysis - @ExcludeSerialization - private List<ResourcePath> resourceList ; - @ExcludeSerialization - private List<String> databaseList ; - @ExcludeSerialization - private List<String> tableList ; - @ExcludeSerialization - private List<String> udfList ; - @ExcludeSerialization - private List<String> columnList ; - @ExcludeSerialization - private List<String> columnFamilyList ; - @ExcludeSerialization - private List<String> topologyList ; - @ExcludeSerialization - private List<String> serviceList ; - - public Policy() { - permissions = new ArrayList<RolePermission>() ; - } - - - public String getResource() { - return resource; - } - - public void setResource(String resource) { - this.resource = resource; - } - - public String getDatabases() { - return databases; - } - - public void setDatabases(String databases) { - this.databases = databases; - } - - public String getTables() { - return tables; - } - - public void setTables(String tables) { - this.tables = tables; - } - - public String gettopologies() { - return topologies; - } - - public void setTopologies(String topologies) { - this.topologies = topologies; - } - - public String getServices() { - return services; - } - - public void setServices(String services) { - this.services = services; - } - public String getUdfs() { - return udfs; - } - - public void setUdfs(String udfs) { - this.udfs = udfs; - } - - - public String getColumns() { - return columns; - } - public void setColumns(String columns) { - this.columns = columns; - } - public String getColumnfamilies() { - return columnfamilies; - } - public void setColumnfamilies(String columnfamilies) { - this.columnfamilies = columnfamilies; - } - - public List<RolePermission> getPermissions() { - return permissions; - } - public void setPermissions(List<RolePermission> permissions) { - this.permissions = permissions; - } - - public int getRecursiveInd() { - return recursiveInd; - } - public void setRecursiveInd(int recursiveInd) { - this.recursiveInd = recursiveInd; - } - - public int getAuditInd() { - return auditInd; - } - - - public void setAuditInd(int auditInd) { - this.auditInd = auditInd; - } - - - public int getEncryptInd() { - return encryptInd; - } - - - public void setEncryptInd(int encryptInd) { - this.encryptInd = encryptInd; - } - - public String getPolicyStatus() { - return policyStatus; - } - - - public void setPolicyStatus(String policyStatus) { - this.policyStatus = policyStatus; - } - - public String getTableSelectionType() { - return tableSelectionType; - } - - - public void setTableSelectionType(String tableSelectionType) { - this.tableSelectionType = tableSelectionType; - } - - - public String getColumnSelectionType() { - return columnSelectionType; - } - - - public void setColumnSelectionType(String columnSelectionType) { - this.columnSelectionType = columnSelectionType; - } - - public boolean isTableSelectionExcluded() { - return (this.tableSelectionType != null && SELECTION_TYPE_EXCLUSIVE.equalsIgnoreCase(this.tableSelectionType)) ; - } - - public boolean isColumnSelectionExcluded() { - return (this.columnSelectionType != null && SELECTION_TYPE_EXCLUSIVE.equalsIgnoreCase(this.columnSelectionType)) ; - } - - - // An older version of policy manager would show policyStatus as NULL (considered that as Enabled) - public boolean isEnabled() { - return (this.policyStatus == null || POLICY_ENABLED_STATUS.equalsIgnoreCase(this.policyStatus)) ; - } - - public List<ResourcePath> getResourceList() { - if (this.resourceList == null) { - this.resourceList = getResourceList(resource) ; - } - return this.resourceList; - } - public List<String> getDatabaseList() { - if (this.databaseList == null) { - this.databaseList = getList(this.databases) ; - } - return this.databaseList; - } - public List<String> getTableList() { - if (this.tableList == null) { - this.tableList = getList(this.tables) ; - } - return this.tableList; - } - public List<String> getColumnList() { - if (this.columnList == null) { - this.columnList = getList(this.columns) ; - } - return this.columnList; - } - public List<String> getColumnFamilyList() { - if (this.columnFamilyList == null) { - this.columnFamilyList = getList(this.columnfamilies) ; - } - return this.columnFamilyList; - } - public List<String> getUDFList() { - if (this.udfList == null && this.udfList != null) { - this.udfList = getList(this.udfs) ; - } - return this.udfList; - } - - public List<String> getTopologyList() { - if (this.topologyList == null) { - this.topologyList = getList(this.topologies) ; - } - return this.topologyList; - } - - public List<String> getServiceList() { - if (this.serviceList == null) { - this.serviceList = getList(this.services) ; - } - return this.serviceList; - } - - - private List<String> getList(String resource) { - List<String> ret = new ArrayList<String>() ; - if (resource == null || resource.trim().isEmpty()) { - resource = "*" ; - } - for(String r : resource.split(RESOURCE_SPLITER)) { - ret.add(r) ; - } - - return ret; - } - - private List<ResourcePath> getResourceList(String resource) { - List<ResourcePath> ret = new ArrayList<ResourcePath>() ; - if (resource != null && ! resource.isEmpty()) { - for(String path : resource.split(RESOURCE_SPLITER)) { - ret.add(new ResourcePath(path)) ; - } - } - return ret ; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/src/main/java/org/apache/ranger/pdp/model/PolicyContainer.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/model/PolicyContainer.java b/agents-impl/src/main/java/org/apache/ranger/pdp/model/PolicyContainer.java deleted file mode 100644 index 3674102..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/model/PolicyContainer.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package org.apache.ranger.pdp.model; - -import java.util.List; - -import com.google.gson.annotations.SerializedName; - -public class PolicyContainer { - - @SerializedName("repository_name") - private String repositoryName ; - - @SerializedName("last_updated") - private long lastUpdatedTimeInEpoc ; - - @SerializedName("acl") - private List<Policy> acl; - - public String getRepositoryName() { - return repositoryName; - } - public void setRepositoryName(String repositoryName) { - this.repositoryName = repositoryName; - } - public long getLastUpdatedTimeInEpoc() { - return lastUpdatedTimeInEpoc; - } - public void setLastUpdatedTimeInEpoc(long lastUpdatedTimeInEpoc) { - this.lastUpdatedTimeInEpoc = lastUpdatedTimeInEpoc; - } - public List<Policy> getAcl() { - return acl; - } - public void setAcl(List<Policy> acl) { - this.acl = acl; - } -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fb1a99a9/agents-impl/src/main/java/org/apache/ranger/pdp/model/ResourcePath.java ---------------------------------------------------------------------- diff --git a/agents-impl/src/main/java/org/apache/ranger/pdp/model/ResourcePath.java b/agents-impl/src/main/java/org/apache/ranger/pdp/model/ResourcePath.java deleted file mode 100644 index fa32ed8..0000000 --- a/agents-impl/src/main/java/org/apache/ranger/pdp/model/ResourcePath.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package org.apache.ranger.pdp.model; - -public class ResourcePath { - - String path ; - boolean wildcardPath ; - - public ResourcePath(String path) { - this.path = path ; - if (this.path.contains("*") || this.path.contains("?")) { - this.wildcardPath = true ; - } - } - - public String getPath() { - return path; - } - - public boolean isWildcardPath() { - return wildcardPath; - } - - -}
