Repository: incubator-ranger Updated Branches: refs/heads/master b1bfbc572 -> f88382b6f
RANGER-346: Service-def files updated to use map for *Options fields, instead of a string with custom format Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ca40e35c Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ca40e35c Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ca40e35c Branch: refs/heads/master Commit: ca40e35c7aa499dd8e87514814b86bb2fe854d73 Parents: b1bfbc5 Author: Madhan Neethiraj <[email protected]> Authored: Fri Mar 27 17:31:07 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Fri Mar 27 17:31:07 2015 -0700 ---------------------------------------------------------------------- .../conditionevaluator/RangerSimpleMatcher.java | 16 ++- .../RangerAbstractContextEnricher.java | 25 +---- .../ranger/plugin/model/RangerServiceDef.java | 100 +++++++++---------- .../RangerDefaultPolicyEvaluator.java | 2 - .../RangerPathResourceMatcher.java | 22 ++-- .../service-defs/ranger-servicedef-hbase.json | 14 +-- .../service-defs/ranger-servicedef-hdfs.json | 4 +- .../service-defs/ranger-servicedef-hive.json | 61 ++--------- .../service-defs/ranger-servicedef-knox.json | 12 +-- .../service-defs/ranger-servicedef-storm.json | 13 ++- .../service-defs/ranger-servicedef-yarn.json | 19 ++-- .../RangerSimpleMatcherTest.java | 14 ++- .../RangerDefaultPolicyEvaluatorTest.java | 17 +++- .../policyengine/test_policyengine_hbase.json | 6 +- .../policyengine/test_policyengine_hdfs.json | 2 +- .../policyengine/test_policyengine_hive.json | 8 +- .../service/RangerServiceDefServiceBase.java | 44 ++++++-- 17 files changed, 183 insertions(+), 196 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java index e0bcefc..de4baf4 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java @@ -23,6 +23,7 @@ import java.util.ArrayList; import java.util.List; import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections.MapUtils; import org.apache.commons.io.FilenameUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; @@ -34,8 +35,11 @@ import org.apache.ranger.plugin.policyengine.RangerAccessRequest; public class RangerSimpleMatcher implements RangerConditionEvaluator { private static final Log LOG = LogFactory.getLog(RangerSimpleMatcher.class); + + public static final String CONTEXT_NAME = "CONTEXT_NAME"; + private boolean _allowAny = false; - private String ConditionName = null; + private String _contextName = null; private List<String> _values = new ArrayList<String>(); @Override @@ -53,11 +57,14 @@ public class RangerSimpleMatcher implements RangerConditionEvaluator { } else if (CollectionUtils.isEmpty(condition.getValues())) { LOG.debug("init: empty conditions collection on policy condition! Will match always!"); _allowAny = true; - } else if (StringUtils.isEmpty(conditionDef.getEvaluatorOptions())) { + } else if (MapUtils.isEmpty(conditionDef.getEvaluatorOptions())) { LOG.debug("init: Evaluator options were empty. Can't determine what value to use from context. Will match always."); _allowAny = true; + } else if (StringUtils.isEmpty(conditionDef.getEvaluatorOptions().get(CONTEXT_NAME))) { + LOG.debug("init: CONTEXT_NAME is not specified in evaluator options. Can't determine what value to use from context. Will match always."); + _allowAny = true; } else { - ConditionName = conditionDef.getEvaluatorOptions(); + _contextName = conditionDef.getEvaluatorOptions().get(CONTEXT_NAME); for (String value : condition.getValues()) { _values.add(value); } @@ -66,7 +73,6 @@ public class RangerSimpleMatcher implements RangerConditionEvaluator { if(LOG.isDebugEnabled()) { LOG.debug("<== RangerSimpleMatcher.init(" + condition + "): countries[" + _values + "]"); } - } @Override @@ -80,7 +86,7 @@ public class RangerSimpleMatcher implements RangerConditionEvaluator { if (_allowAny) { LOG.debug("isMatched: allowAny flag is true. Matched!"); } else { - String requestValue = extractValue(request, ConditionName); + String requestValue = extractValue(request, _contextName); if (requestValue == null) { LOG.debug("isMatched: couldn't get value from request. Ok. Implicitly matched!"); } else { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java index 3229bd8..af4b560 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java @@ -37,8 +37,7 @@ public abstract class RangerAbstractContextEnricher implements RangerContextEnri public final static String OPTIONS_SEP = ";"; public final static String OPTION_NV_SEP = "="; - private String optionsString = null; - private Map<String, String> options = null; + private Map<String, String> options = null; @Override public void init(RangerContextEnricherDef enricherDef) { @@ -46,27 +45,7 @@ public abstract class RangerAbstractContextEnricher implements RangerContextEnri LOG.debug("==> RangerAbstractContextEnricher.init(" + enricherDef + ")"); } - this.optionsString = enricherDef.getEnricherOptions(); - options = new HashMap<String, String>(); - - if(optionsString != null) { - for(String optionString : optionsString.split(OPTIONS_SEP)) { - if(StringUtils.isEmpty(optionString)) { - continue; - } - - String[] nvArr = optionString.split(OPTION_NV_SEP); - - String name = (nvArr != null && nvArr.length > 0) ? nvArr[0].trim() : null; - String value = (nvArr != null && nvArr.length > 1) ? nvArr[1].trim() : null; - - if(StringUtils.isEmpty(name)) { - continue; - } - - options.put(name, value); - } - } + options = enricherDef.getEnricherOptions(); if(LOG.isDebugEnabled()) { LOG.debug("<== RangerAbstractContextEnricher.init(" + enricherDef + ")"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java index e7d1a1c..62be788 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java @@ -21,7 +21,9 @@ package org.apache.ranger.plugin.model; import java.util.ArrayList; import java.util.Collection; +import java.util.HashMap; import java.util.List; +import java.util.Map; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; @@ -581,7 +583,6 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return false; return true; } - } @@ -701,7 +702,6 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return false; return true; } - } @@ -1069,38 +1069,37 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return false; return true; } - } public static class RangerResourceDef implements java.io.Serializable { private static final long serialVersionUID = 1L; - private String name = null; - private String type = null; - private Integer level = null; - private String parent = null; - private Boolean mandatory = null; - private Boolean lookupSupported = null; - private Boolean recursiveSupported = null; - private Boolean excludesSupported = null; - private String matcher = null; - private String matcherOptions = null; - private String validationRegEx = null; - private String validationMessage = null; - private String uiHint = null; - private String label = null; - private String description = null; - private String rbKeyLabel = null; - private String rbKeyDescription = null; - private String rbKeyValidationMessage = null; + private String name = null; + private String type = null; + private Integer level = null; + private String parent = null; + private Boolean mandatory = null; + private Boolean lookupSupported = null; + private Boolean recursiveSupported = null; + private Boolean excludesSupported = null; + private String matcher = null; + private Map<String, String> matcherOptions = null; + private String validationRegEx = null; + private String validationMessage = null; + private String uiHint = null; + private String label = null; + private String description = null; + private String rbKeyLabel = null; + private String rbKeyDescription = null; + private String rbKeyValidationMessage = null; public RangerResourceDef() { this(null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null); } - public RangerResourceDef(String name, String type, Integer level, String parent, Boolean mandatory, Boolean lookupSupported, Boolean recursiveSupported, Boolean excludesSupported, String matcher, String matcherOptions, String validationRegEx, String validationMessage, String uiHint, String label, String description, String rbKeyLabel, String rbKeyDescription, String rbKeyValidationMessage) { + public RangerResourceDef(String name, String type, Integer level, String parent, Boolean mandatory, Boolean lookupSupported, Boolean recursiveSupported, Boolean excludesSupported, String matcher, Map<String, String> matcherOptions, String validationRegEx, String validationMessage, String uiHint, String label, String description, String rbKeyLabel, String rbKeyDescription, String rbKeyValidationMessage) { setName(name); setType(type); setLevel(level); @@ -1110,7 +1109,7 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S setRecursiveSupported(recursiveSupported); setExcludesSupported(excludesSupported); setMatcher(matcher); - setMatcher(matcherOptions); + setMatcherOptions(matcherOptions); setValidationRegEx(validationRegEx); setValidationMessage(validationMessage); setUiHint(uiHint); @@ -1250,15 +1249,15 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S /** * @return the matcher */ - public String getMatcherOptions() { + public Map<String, String> getMatcherOptions() { return matcherOptions; } /** * @param matcher the matcher to set */ - public void setMatcherOptions(String matcherOptions) { - this.matcherOptions = matcherOptions; + public void setMatcherOptions(Map<String, String> matcherOptions) { + this.matcherOptions = matcherOptions == null ? new HashMap<String, String>() : matcherOptions; } /** @@ -1731,35 +1730,34 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return false; return true; } - } public static class RangerPolicyConditionDef implements java.io.Serializable { private static final long serialVersionUID = 1L; - private String name = null; - private String evaluator = null; - private String evaluatorOptions = null; - private String validationRegEx = null; - private String validationMessage = null; - private String uiHint = null; - private String label = null; - private String description = null; - private String rbKeyLabel = null; - private String rbKeyDescription = null; - private String rbKeyValidationMessage = null; + private String name = null; + private String evaluator = null; + private Map<String, String> evaluatorOptions = null; + private String validationRegEx = null; + private String validationMessage = null; + private String uiHint = null; + private String label = null; + private String description = null; + private String rbKeyLabel = null; + private String rbKeyDescription = null; + private String rbKeyValidationMessage = null; public RangerPolicyConditionDef() { this(null, null, null, null, null, null, null, null, null, null, null); } - public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions) { + public RangerPolicyConditionDef(String name, String evaluator, Map<String, String> evaluatorOptions) { this(name, evaluator, evaluatorOptions, null, null, null, null, null, null, null, null); } - public RangerPolicyConditionDef(String name, String evaluator, String evaluatorOptions, String validationRegEx, String vaidationMessage, String uiHint, String label, String description, String rbKeyLabel, String rbKeyDescription, String rbKeyValidationMessage) { + public RangerPolicyConditionDef(String name, String evaluator, Map<String, String> evaluatorOptions, String validationRegEx, String vaidationMessage, String uiHint, String label, String description, String rbKeyLabel, String rbKeyDescription, String rbKeyValidationMessage) { setName(name); setEvaluator(evaluator); setEvaluatorOptions(evaluatorOptions); @@ -1804,15 +1802,15 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S /** * @return the evaluator */ - public String getEvaluatorOptions() { + public Map<String, String> getEvaluatorOptions() { return evaluatorOptions; } /** * @param evaluator the evaluator to set */ - public void setEvaluatorOptions(String evaluatorOptions) { - this.evaluatorOptions = evaluatorOptions; + public void setEvaluatorOptions(Map<String, String> evaluatorOptions) { + this.evaluatorOptions = evaluatorOptions == null ? new HashMap<String, String>() : evaluatorOptions; } /** @@ -2058,22 +2056,21 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return false; return true; } - } public static class RangerContextEnricherDef implements java.io.Serializable { private static final long serialVersionUID = 1L; - private String name = null; - private String enricher = null; - private String enricherOptions = null; + private String name = null; + private String enricher = null; + private Map<String, String> enricherOptions = null; public RangerContextEnricherDef() { this(null, null, null); } - public RangerContextEnricherDef(String name, String enricher, String enricherOptions) { + public RangerContextEnricherDef(String name, String enricher, Map<String, String> enricherOptions) { setName(name); setEnricher(enricher); setEnricherOptions(enricherOptions); @@ -2110,15 +2107,15 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S /** * @return the evaluator */ - public String getEnricherOptions() { + public Map<String, String> getEnricherOptions() { return enricherOptions; } /** * @param evaluator the evaluator to set */ - public void setEnricherOptions(String enricherOptions) { - this.enricherOptions = enricherOptions; + public void setEnricherOptions(Map<String, String> enricherOptions) { + this.enricherOptions = enricherOptions == null ? new HashMap<String, String>() : enricherOptions; } @Override @@ -2180,6 +2177,5 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return false; return true; } - } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java index d5332b2..191b370 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java @@ -573,7 +573,6 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator String resName = resourceDef != null ? resourceDef.getName() : null; String clsName = resourceDef != null ? resourceDef.getMatcher() : null; - String options = resourceDef != null ? resourceDef.getMatcherOptions() : null; if(! StringUtils.isEmpty(clsName)) { try { @@ -591,7 +590,6 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator } if(ret != null) { - ret.initOptions(options); ret.init(resourceDef, resource); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java index f372294..3640b38 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java @@ -31,11 +31,11 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher { private static final Log LOG = LogFactory.getLog(RangerPathResourceMatcher.class); - public static final String OPTION_PATH_SEPERATOR = "pathSeperatorChar"; + public static final String OPTION_PATH_SEPERATOR = "pathSeparatorChar"; public static final char DEFAULT_PATH_SEPERATOR_CHAR = org.apache.hadoop.fs.Path.SEPARATOR_CHAR; private boolean policyIsRecursive = false; - private char pathSeperatorChar = DEFAULT_PATH_SEPERATOR_CHAR; + private char pathSeparatorChar = DEFAULT_PATH_SEPERATOR_CHAR; @Override public void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource) { @@ -44,7 +44,7 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher { } policyIsRecursive = policyResource == null ? false : policyResource.getIsRecursive(); - pathSeperatorChar = getCharOption(OPTION_PATH_SEPERATOR, DEFAULT_PATH_SEPERATOR_CHAR); + pathSeparatorChar = getCharOption(OPTION_PATH_SEPERATOR, DEFAULT_PATH_SEPERATOR_CHAR); super.init(resourceDef, policyResource); @@ -69,7 +69,7 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher { for(String policyValue : policyValues) { if(policyIsRecursive) { if(optWildCard) { - ret = isRecursiveWildCardMatch(resource, policyValue, pathSeperatorChar) ; + ret = isRecursiveWildCardMatch(resource, policyValue, pathSeparatorChar) ; } else { ret = StringUtils.startsWith(resource, policyValue); } @@ -100,9 +100,9 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher { return ret; } - private boolean isRecursiveWildCardMatch(String pathToCheck, String wildcardPath, char pathSeperatorChar) { + private boolean isRecursiveWildCardMatch(String pathToCheck, String wildcardPath, char pathSeparatorChar) { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + ", " + pathSeperatorChar + ")"); + LOG.debug("==> RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + ", " + pathSeparatorChar + ")"); } boolean ret = false; @@ -110,11 +110,11 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher { if (! StringUtils.isEmpty(pathToCheck)) { StringBuilder sb = new StringBuilder(); - if(pathToCheck.charAt(0) == pathSeperatorChar) { - sb.append(pathSeperatorChar); // preserve the initial seperator + if(pathToCheck.charAt(0) == pathSeparatorChar) { + sb.append(pathSeparatorChar); // preserve the initial seperator } - for(String p : StringUtils.split(pathToCheck, pathSeperatorChar)) { + for(String p : StringUtils.split(pathToCheck, pathSeparatorChar)) { sb.append(p); boolean matchFound = FilenameUtils.wildcardMatch(sb.toString(), wildcardPath) ; @@ -125,14 +125,14 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher { break; } - sb.append(pathSeperatorChar) ; + sb.append(pathSeparatorChar) ; } sb = null; } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + ", " + pathSeperatorChar + "): " + ret); + LOG.debug("<== RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + ", " + pathSeparatorChar + "): " + ret); } return ret; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json index 0376189..e611895 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json @@ -13,14 +13,14 @@ { "name": "table", "type": "string", - "level": 1, + "level": 10, "parent": "", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions": "wildCard=true;ignoreCase=true", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, "validationRegEx":"", "validationMessage": "", "uiHint":"", @@ -31,14 +31,14 @@ { "name": "column-family", "type": "string", - "level": 2, + "level": 20, "parent": "table", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions": "wildCard=true;ignoreCase=true", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, "validationRegEx":"", "validationMessage": "", "uiHint":"", @@ -49,14 +49,14 @@ { "name": "column", "type": "string", - "level": 3, + "level": 30, "parent": "column-family", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions": "wildCard=true;ignoreCase=true", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, "validationRegEx":"", "validationMessage": "", "uiHint":"", @@ -222,4 +222,4 @@ [ ] -} \ No newline at end of file +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json index 925cc77..b279f0c 100755 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json @@ -13,14 +13,14 @@ { "name": "path", "type": "path", - "level": 1, + "level": 10, "parent": "", "mandatory": true, "lookupSupported": true, "recursiveSupported": true, "excludesSupported": false, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions": "wildCard=true;ignoreCase=true", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, "validationRegEx":"", "validationMessage": "", "uiHint":"", http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json index 704ae60..aabc73b 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json @@ -13,14 +13,14 @@ { "name": "database", "type": "string", - "level": 1, + "level": 10, "parent": "", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions": "wildCard=true;ignoreCase=true", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, "validationRegEx":"", "validationMessage": "", "uiHint":"", @@ -31,14 +31,14 @@ { "name": "table", "type": "string", - "level": 2, + "level": 20, "parent": "database", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions": "wildCard=true;ignoreCase=true", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, "validationRegEx":"", "validationMessage": "", "uiHint":"", @@ -49,14 +49,14 @@ { "name": "udf", "type": "string", - "level": 2, + "level": 20, "parent": "database", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions": "wildCard=true;ignoreCase=true", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, "validationRegEx":"", "validationMessage": "", "uiHint":"", @@ -67,14 +67,14 @@ { "name": "column", "type": "string", - "level": 3, + "level": 30, "parent": "table", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions": "wildCard=true;ignoreCase=true", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, "validationRegEx":"", "validationMessage": "", "uiHint":"", @@ -186,52 +186,9 @@ "contextEnrichers": [ - { - "name": "country-provider", - "enricher": "org.apache.ranger.plugin.contextenricher.RangerCountryProvider", - "enricherOptions": "contextName=COUNTRY;dataFile=/etc/ranger/data/userCountry.properties" - }, - - { - "name": "project-provider", - "enricher": "org.apache.ranger.plugin.contextenricher.RangerProjectProvider", - "enricherOptions": "contextName=PROJECT;dataFile=/etc/ranger/data/userProject.properties" - } ], "policyConditions": [ - { - "name": "country", - "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerSimpleMatcher", - "evaluatorOptions": "COUNTRY", - "validationRegEx":"", - "validationMessage": "", - "uiHint":"", - "label": "Countries", - "description": "Countries" - }, - - { - "name": "project", - "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerSimpleMatcher", - "evaluatorOptions": "PROJECT", - "validationRegEx":"", - "validationMessage": "", - "uiHint":"", - "label": "Projects", - "description": "Projects" - }, - - { - "name": "timeOfDay", - "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerTimeOfDayMatcher", - "evaluatorOptions": "", - "validationRegEx":"", - "validationMessage": "", - "uiHint":"", - "label": "Time of Day", - "description": "Time of Day" - } ] -} \ No newline at end of file +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json index 947b109..0174e96 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json @@ -13,14 +13,14 @@ { "name": "topology", "type": "string", - "level": 1, + "level": 10, "parent": "", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions": "wildCard=true;ignoreCase=true", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, "validationRegEx":"", "validationMessage": "", "uiHint":"", @@ -31,14 +31,14 @@ { "name": "service", "type": "string", - "level": 2, + "level": 20, "parent": "topology", "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions": "wildCard=true;ignoreCase=true", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, "validationRegEx":"", "validationMessage": "", "uiHint":"", @@ -113,7 +113,7 @@ { "name": "ip-range", "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher", - "evaluatorOptions": "", + "evaluatorOptions": { }, "validationRegEx":"", "validationMessage": "", "uiHint":"", @@ -121,4 +121,4 @@ "description": "IP Address Range" } ] -} \ No newline at end of file +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json index 506c9d3..bcc4394 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json @@ -13,13 +13,13 @@ { "name": "topology", "type": "string", - "level": 1, + "level": 10, "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions": "wildCard=true;ignoreCase=true", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, "validationRegEx":"", "validationMessage": "", "uiHint":"", @@ -32,7 +32,12 @@ [ { "name": "submitTopology", - "label": "Submit Topology" + "label": "Submit Topology", + "impliedGrants": + [ + "fileUpload", + "fileDownload" + ] }, { @@ -159,4 +164,4 @@ [ ] -} \ No newline at end of file +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json index a28ea50..8af8f9d 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json @@ -13,12 +13,12 @@ { "name": "queue", "type": "string", - "level": 1, + "level": 10, "mandatory": true, "lookupSupported": true, "recursiveSupported": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions": "wildCard=true;ignoreCase=true;pathSeperatorChar=.", + "matcherOptions": { "wildCard":true, "ignoreCase":true, "pathSeparatorChar":"." }, "validationRegEx":"", "validationMessage": "", "uiHint":"", @@ -36,12 +36,11 @@ { "name": "admin-queue", - "label": "admin-queue" - }, - - { - "name": "admin", - "label": "admin" + "label": "admin-queue", + "impliedGrants": + [ + "submit-app" + ] } ], @@ -104,7 +103,7 @@ { "name": "ip-range", "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher", - "evaluatorOptions": "", + "evaluatorOptions": { }, "validationRegEx":"", "validationMessage": "", "uiHint":"", @@ -112,4 +111,4 @@ "description": "IP Address Range" } ] -} \ No newline at end of file +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java index 4bd2a43..99c8df0 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java @@ -38,7 +38,12 @@ import org.junit.Test; public class RangerSimpleMatcherTest { - final String _conditionOption = "key1"; + final Map<String, String> _conditionOptions = new HashMap<String, String>(); + + { + _conditionOptions.put(RangerSimpleMatcher.CONTEXT_NAME, RangerSimpleMatcher.CONTEXT_NAME); + } + @Test public void testIsMatched_happyPath() { // this documents some unexpected behavior of the ip matcher @@ -89,7 +94,7 @@ public class RangerSimpleMatcherTest { assertTrue(matcher.isMatched(request)); // If evaluator option on the condition def is non-null then it starts to evaluate for real - when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOption); + when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions); matcher.init(conditionDef, policyItemCondition); assertTrue(matcher.isMatched(request)); } @@ -105,7 +110,8 @@ public class RangerSimpleMatcherTest { when(condition.getValues()).thenReturn(addresses); RangerPolicyConditionDef conditionDef = mock(RangerPolicyConditionDef.class); - when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOption); + + when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions); matcher.init(conditionDef, condition); } @@ -114,7 +120,7 @@ public class RangerSimpleMatcherTest { RangerAccessRequest createRequest(String value) { Map<String, Object> context = new HashMap<String, Object>(); - context.put(_conditionOption, value); + context.put(RangerSimpleMatcher.CONTEXT_NAME, value); RangerAccessRequest request = mock(RangerAccessRequest.class); when(request.getContext()).thenReturn(context); return request; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java index 9efbcaf..88e668e 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java @@ -98,7 +98,11 @@ public class RangerDefaultPolicyEvaluatorTest { // if service has a condition then sensible answer should come back RangerPolicyConditionDef aConditionDef = getMockPolicyConditionDef("type1", "com.company.SomeEvaluator", null); - RangerPolicyConditionDef anotherConditionDef = getMockPolicyConditionDef("type2", "com.company.AnotherEvaluator", "key1"); + + Map<String, String> evaluatorOptions = new HashMap<String, String>(); + evaluatorOptions.put("key1", "key1"); + + RangerPolicyConditionDef anotherConditionDef = getMockPolicyConditionDef("type2", "com.company.AnotherEvaluator", evaluatorOptions); List<RangerPolicyConditionDef> conditionDefs = Lists.newArrayList(aConditionDef, anotherConditionDef); serviceDef = getMockServiceDef(conditionDefs); @@ -344,18 +348,23 @@ public class RangerDefaultPolicyEvaluatorTest { RangerPolicyConditionDef aCondition = mock(RangerPolicyConditionDef.class); when(aCondition.getName()).thenReturn(anEntry.getKey()); when(aCondition.getEvaluator()).thenReturn(anEntry.getValue()[0]); - when(aCondition.getEvaluatorOptions()).thenReturn(anEntry.getValue()[1]); + + Map<String, String> evaluatorOptions = new HashMap<String, String>(); + evaluatorOptions.put(anEntry.getValue()[1], anEntry.getValue()[1]); + + when(aCondition.getEvaluatorOptions()).thenReturn(evaluatorOptions); + conditions.add(aCondition); } return conditions; } - RangerPolicyConditionDef getMockPolicyConditionDef(String name, String evaluatorClassName, String evaluatorOption) { + RangerPolicyConditionDef getMockPolicyConditionDef(String name, String evaluatorClassName, Map<String, String> evaluatorOptions) { // null policy condition def collection should behave sensibly RangerPolicyConditionDef aCondition = mock(RangerPolicyConditionDef.class); when(aCondition.getName()).thenReturn(name); when(aCondition.getEvaluator()).thenReturn(evaluatorClassName); - when(aCondition.getEvaluatorOptions()).thenReturn(evaluatorOption); + when(aCondition.getEvaluatorOptions()).thenReturn(evaluatorOptions); return aCondition; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json b/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json index 35768cb..338d4cf 100644 --- a/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json +++ b/agents-common/src/test/resources/policyengine/test_policyengine_hbase.json @@ -5,9 +5,9 @@ "name":"hbase", "id":2, "resources":[ - {"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"}, - {"name":"column-family","level":2,"table":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-Family","description":"HBase Column-Family"}, - {"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"} + {"name":"table","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"HBase Table","description":"HBase Table"}, + {"name":"column-family","level":2,"table":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"HBase Column-Family","description":"HBase Column-Family"}, + {"name":"column","level":3,"parent":"column-family","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"HBase Column","description":"HBase Column"} ], "accessTypes":[ {"name":"read","label":"Read"}, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json index 2acf868..eed71be 100644 --- a/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json +++ b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json @@ -5,7 +5,7 @@ "name":"hdfs", "id":1, "resources":[ - {"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Resource Path","description":"HDFS file or directory path"} + {"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Resource Path","description":"HDFS file or directory path"} ], "accessTypes":[ {"name":"read","label":"Read"}, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/agents-common/src/test/resources/policyengine/test_policyengine_hive.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hive.json b/agents-common/src/test/resources/policyengine/test_policyengine_hive.json index 2ac90ae..8ca7071 100644 --- a/agents-common/src/test/resources/policyengine/test_policyengine_hive.json +++ b/agents-common/src/test/resources/policyengine/test_policyengine_hive.json @@ -5,10 +5,10 @@ "name":"hive", "id":3, "resources":[ - {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"}, - {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"}, - {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"}, - {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"} + {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Database","description":"Hive Database"}, + {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Table","description":"Hive Table"}, + {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive UDF","description":"Hive UDF"}, + {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Column","description":"Hive Column"} ], "accessTypes":[ {"name":"select","label":"Select"}, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ca40e35c/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java index afaf2cb..7754077 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java @@ -2,12 +2,14 @@ package org.apache.ranger.service; import java.util.ArrayList; import java.util.List; +import java.util.Map; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.GUIDUtil; +import org.apache.ranger.common.JSONUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.entity.XXAccessTypeDef; import org.apache.ranger.entity.XXContextEnricherDef; @@ -36,6 +38,9 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte @Autowired RangerAuditFields<XXDBBase> rangerAuditFields; + + @Autowired + JSONUtil jsonUtil; @SuppressWarnings("unchecked") @Override @@ -128,7 +133,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte xObj.setRecursivesupported(vObj.getRecursiveSupported()); xObj.setExcludessupported(vObj.getExcludesSupported()); xObj.setMatcher(vObj.getMatcher()); - xObj.setMatcheroptions(vObj.getMatcherOptions()); + xObj.setMatcheroptions(mapToJsonString(vObj.getMatcherOptions())); xObj.setValidationRegEx(vObj.getValidationRegEx()); xObj.setValidationMessage(vObj.getValidationMessage()); xObj.setUiHint(vObj.getUiHint()); @@ -151,7 +156,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte vObj.setRecursiveSupported(xObj.getRecursivesupported()); vObj.setExcludesSupported(xObj.getExcludessupported()); vObj.setMatcher(xObj.getMatcher()); - vObj.setMatcherOptions(xObj.getMatcheroptions()); + vObj.setMatcherOptions(jsonStringToMap(xObj.getMatcheroptions())); vObj.setValidationRegEx(xObj.getValidationRegEx()); vObj.setValidationMessage(xObj.getValidationMessage()); vObj.setUiHint(xObj.getUiHint()); @@ -202,7 +207,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte xObj.setDefid(serviceDef.getId()); xObj.setName(vObj.getName()); xObj.setEvaluator(vObj.getEvaluator()); - xObj.setEvaluatoroptions(vObj.getEvaluatorOptions()); + xObj.setEvaluatoroptions(mapToJsonString(vObj.getEvaluatorOptions())); xObj.setValidationRegEx(vObj.getValidationRegEx()); xObj.setValidationMessage(vObj.getValidationMessage()); xObj.setUiHint(vObj.getUiHint()); @@ -219,7 +224,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte RangerPolicyConditionDef vObj = new RangerPolicyConditionDef(); vObj.setName(xObj.getName()); vObj.setEvaluator(xObj.getEvaluator()); - vObj.setEvaluatorOptions(xObj.getEvaluatoroptions()); + vObj.setEvaluatorOptions(jsonStringToMap(xObj.getEvaluatoroptions())); vObj.setValidationRegEx(xObj.getValidationRegEx()); vObj.setValidationMessage(xObj.getValidationMessage()); vObj.setUiHint(xObj.getUiHint()); @@ -240,7 +245,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte xObj.setDefid(serviceDef.getId()); xObj.setName(vObj.getName()); xObj.setEnricher(vObj.getEnricher()); - xObj.setEnricherOptions(vObj.getEnricherOptions()); + xObj.setEnricherOptions(mapToJsonString(vObj.getEnricherOptions())); xObj.setOrder(AppConstants.DEFAULT_SORT_ORDER); return xObj; } @@ -249,7 +254,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte RangerContextEnricherDef vObj = new RangerContextEnricherDef(); vObj.setName(xObj.getName()); vObj.setEnricher(xObj.getEnricher()); - vObj.setEnricherOptions(xObj.getEnricherOptions()); + vObj.setEnricherOptions(jsonStringToMap(xObj.getEnricherOptions())); return vObj; } @@ -319,4 +324,31 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDef, V exte return retList; } + private String mapToJsonString(Map<String, String> map) { + String ret = null; + + if(map != null) { + try { + ret = jsonUtil.readMapToString(map); + } catch(Exception excp) { + LOG.warn("mapToJsonString() failed to convert map: " + map, excp); + } + } + + return ret; + } + + private Map<String, String> jsonStringToMap(String jsonStr) { + Map<String, String> ret = null; + + if(jsonStr != null) { + try { + ret = jsonUtil.jsonToMap(jsonStr); + } catch(Exception excp) { + LOG.warn("jsonStringToMap() failed to convert string: " + jsonStr, excp); + } + } + + return ret; + } }
