RANGER-502: Add abstract implementation and parameterless init for easier extension of interfaces ConditionEvaluator, ContextEnricher, ResourceMatcher
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f31274b8 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f31274b8 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f31274b8 Branch: refs/heads/ranger-0.5 Commit: f31274b8694563655691734ed74f6617109dc794 Parents: 14ec7d5 Author: Madhan Neethiraj <[email protected]> Authored: Thu May 21 20:28:15 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Fri May 22 17:55:34 2015 -0700 ---------------------------------------------------------------------- .../RangerAbstractConditionEvaluator.java | 43 ++++++++++ .../RangerConditionEvaluator.java | 7 +- .../conditionevaluator/RangerIpMatcher.java | 8 +- .../conditionevaluator/RangerSimpleMatcher.java | 8 +- .../RangerTimeOfDayMatcher.java | 8 +- .../RangerAbstractContextEnricher.java | 10 ++- .../contextenricher/RangerContextEnricher.java | 4 +- .../contextenricher/RangerCountryProvider.java | 5 +- .../contextenricher/RangerProjectProvider.java | 5 +- .../policyengine/RangerPolicyRepository.java | 3 +- .../RangerDefaultPolicyEvaluator.java | 8 +- .../RangerAbstractResourceMatcher.java | 26 +++--- .../RangerPathResourceMatcher.java | 10 +-- .../resourcematcher/RangerResourceMatcher.java | 9 ++- .../conditionevaluator/RangerIpMatcherTest.java | 8 +- .../RangerSimpleMatcherTest.java | 36 ++++++--- .../RangerTimeOfDayMatcherTest.java | 4 +- .../RangerDefaultPolicyEvaluatorTest.java | 13 +-- .../resourcematcher/TestResourceMatcher.java | 15 ++-- .../test_resourcematcher_default.json | 78 ++++++++++++------ .../test_resourcematcher_path.json | 84 +++++++++++++------- 21 files changed, 270 insertions(+), 122 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java new file mode 100644 index 0000000..be05144 --- /dev/null +++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAbstractConditionEvaluator.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.conditionevaluator; + +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; + + +public abstract class RangerAbstractConditionEvaluator implements RangerConditionEvaluator { + protected RangerPolicyConditionDef conditionDef = null; + protected RangerPolicyItemCondition condition = null; + + @Override + public void setConditionDef(RangerPolicyConditionDef conditionDef) { + this.conditionDef = conditionDef; + } + + @Override + public void setPolicyItemCondition(RangerPolicyItemCondition condition) { + this.condition = condition; + } + + @Override + public void init() { + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java index 10eb04b..3ad8781 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerConditionEvaluator.java @@ -24,7 +24,12 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; public interface RangerConditionEvaluator { + void setConditionDef(RangerPolicyConditionDef conditionDef); + + void setPolicyItemCondition(RangerPolicyItemCondition condition); + + + void init(); - void init(RangerPolicyConditionDef conditionDef, RangerPolicyItemCondition condition); boolean isMatched(RangerAccessRequest request); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcher.java index cb476b5..ba28e4a 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcher.java @@ -29,8 +29,6 @@ import java.util.regex.Pattern; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; /** @@ -38,7 +36,7 @@ import org.apache.ranger.plugin.policyengine.RangerAccessRequest; * @author alal * */ -public class RangerIpMatcher implements RangerConditionEvaluator { +public class RangerIpMatcher extends RangerAbstractConditionEvaluator { private static final Log LOG = LogFactory.getLog(RangerIpMatcher.class); private List<String> _exactIps = new ArrayList<String>(); @@ -46,11 +44,13 @@ public class RangerIpMatcher implements RangerConditionEvaluator { private boolean _allowAny = false; @Override - public void init(final RangerPolicyConditionDef conditionDef, final RangerPolicyItemCondition condition) { + public void init() { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerIpMatcher.init(" + condition + ")"); } + super.init(); + // NOTE: this evaluator does not use conditionDef! if (condition == null) { LOG.debug("init: null policy condition! Will match always!"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java index de4baf4..48f806d 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcher.java @@ -28,11 +28,9 @@ import org.apache.commons.io.FilenameUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; -public class RangerSimpleMatcher implements RangerConditionEvaluator { +public class RangerSimpleMatcher extends RangerAbstractConditionEvaluator { private static final Log LOG = LogFactory.getLog(RangerSimpleMatcher.class); @@ -43,11 +41,13 @@ public class RangerSimpleMatcher implements RangerConditionEvaluator { private List<String> _values = new ArrayList<String>(); @Override - public void init(RangerPolicyConditionDef conditionDef, RangerPolicyItemCondition condition) { + public void init() { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerSimpleMatcher.init(" + condition + ")"); } + super.init(); + if (condition == null) { LOG.debug("init: null policy condition! Will match always!"); _allowAny = true; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcher.java index e8bb8db..40d86a5 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcher.java @@ -31,22 +31,22 @@ import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; -public class RangerTimeOfDayMatcher implements RangerConditionEvaluator { +public class RangerTimeOfDayMatcher extends RangerAbstractConditionEvaluator { private static final Log LOG = LogFactory.getLog(RangerTimeOfDayMatcher.class); boolean _allowAny = false; List<int[]> _durations = new ArrayList<int[]>(); @Override - public void init(RangerPolicyConditionDef conditionDef, RangerPolicyItemCondition condition) { + public void init() { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerTimeOfDayMatcher.init(" + condition + ")"); } + super.init(); + if (condition == null) { LOG.debug("init: null policy condition! Will match always!"); _allowAny = true; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java index f14360d..0e18494 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java @@ -21,7 +21,6 @@ package org.apache.ranger.plugin.contextenricher; import java.io.FileInputStream; import java.io.InputStream; -import java.util.HashMap; import java.util.Map; import java.util.Properties; @@ -34,10 +33,17 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef; public abstract class RangerAbstractContextEnricher implements RangerContextEnricher { private static final Log LOG = LogFactory.getLog(RangerAbstractContextEnricher.class); + protected RangerContextEnricherDef enricherDef; + private Map<String, String> options = null; @Override - public void init(RangerContextEnricherDef enricherDef) { + public void setContextEnricherDef(RangerContextEnricherDef enricherDef) { + this.enricherDef = enricherDef; + } + + @Override + public void init() { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerAbstractContextEnricher.init(" + enricherDef + ")"); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java index 98b72bd..073225b 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java @@ -24,7 +24,9 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; public interface RangerContextEnricher { - void init(RangerContextEnricherDef enricherDef); + void setContextEnricherDef(RangerContextEnricherDef enricherDef); + + void init(); void enrich(RangerAccessRequest request); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java index 0c40ec9..64f5023 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerCountryProvider.java @@ -25,7 +25,6 @@ import java.util.Properties; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; @@ -36,12 +35,12 @@ public class RangerCountryProvider extends RangerAbstractContextEnricher { private Properties userCountryMap = null; @Override - public void init(RangerContextEnricherDef enricherDef) { + public void init() { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerCountryProvider.init(" + enricherDef + ")"); } - super.init(enricherDef); + super.init(); contextName = getOption("contextName", "COUNTRY"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java index 01022c4..4df53cb 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerProjectProvider.java @@ -25,7 +25,6 @@ import java.util.Properties; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; @@ -36,12 +35,12 @@ public class RangerProjectProvider extends RangerAbstractContextEnricher { private Properties userProjectMap = null; @Override - public void init(RangerContextEnricherDef enricherDef) { + public void init() { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerProjectProvider.init(" + enricherDef + ")"); } - super.init(enricherDef); + super.init(); contextName = getOption("contextName", "PROJECT"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java index 8e3d17c..6a355ff 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java @@ -147,7 +147,8 @@ public class RangerPolicyRepository { } if(ret != null) { - ret.init(enricherDef); + ret.setContextEnricherDef(enricherDef); + ret.init(); } if(LOG.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java index 3f9ab84..ede91f0 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java @@ -145,7 +145,9 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator if (anEvaluator == null) { LOG.error("initializeConditionEvaluators: Serious Configuration error: Couldn't instantiate condition evaluator for class[" + evaluatorClassName + "]. All checks for condition[" + conditionName + "] disabled."); } else { - anEvaluator.init(conditionDef, condition); + anEvaluator.setConditionDef(conditionDef); + anEvaluator.setPolicyItemCondition(condition); + anEvaluator.init(); result.put(conditionName, anEvaluator); } } @@ -649,7 +651,9 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator } if (ret != null) { - ret.init(resourceDef.getMatcherOptions(), resource); + ret.setResourceDef(resourceDef); + ret.setPolicyResource(resource); + ret.init(); } } else { LOG.error("RangerDefaultPolicyEvaluator: RangerResourceDef is null"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java index 95dd214..9e547f1 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java @@ -41,9 +41,9 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat public final static String OPTION_IGNORE_CASE = "ignoreCase"; public final static String OPTION_WILD_CARD = "wildCard"; - private RangerResourceDef resourceDef = null; - private RangerPolicyResource policyResource = null; - private Map<String, String> options = null; + protected RangerResourceDef resourceDef = null; + protected RangerPolicyResource policyResource = null; + protected Map<String, String> options = null; protected boolean optIgnoreCase = false; protected boolean optWildCard = false; @@ -53,13 +53,21 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat protected boolean isMatchAny = false; @Override - public void init(Map<String, String> options, RangerPolicyResource policyResource) { - if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerAbstractResourceMatcher.init(" + resourceDef + ", " + policyResource + ")"); - } + public void setResourceDef(RangerResourceDef resourceDef) { + this.resourceDef = resourceDef; + this.options = resourceDef != null ? resourceDef.getMatcherOptions() : null; + } - this.options = options; + @Override + public void setPolicyResource(RangerPolicyResource policyResource) { this.policyResource = policyResource; + } + + @Override + public void init() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerAbstractResourceMatcher.init()"); + } optIgnoreCase = getBooleanOption(OPTION_IGNORE_CASE, true); optWildCard = getBooleanOption(OPTION_WILD_CARD, true); @@ -86,7 +94,7 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerAbstractResourceMatcher.init(" + resourceDef + ", " + policyResource + ")"); + LOG.debug("<== RangerAbstractResourceMatcher.init()"); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java index 6096c8d..79ab394 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java @@ -22,7 +22,6 @@ package org.apache.ranger.plugin.resourcematcher; import java.util.ArrayList; import java.util.List; -import java.util.Map; import org.apache.commons.io.FilenameUtils; import org.apache.commons.io.IOCase; @@ -30,7 +29,6 @@ import org.apache.commons.lang.ArrayUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher { @@ -44,12 +42,12 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher { private List<String> policyValuesForMatch = null; @Override - public void init(Map<String, String> options, RangerPolicyResource policyResource) { + public void init() { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerPathResourceMatcher.init(" + options + ", " + policyResource + ")"); + LOG.debug("==> RangerPathResourceMatcher.init()"); } - super.init(options, policyResource); + super.init(); policyIsRecursive = policyResource == null ? false : policyResource.getIsRecursive(); pathSeparatorChar = getCharOption(OPTION_PATH_SEPERATOR, DEFAULT_PATH_SEPERATOR_CHAR); @@ -69,7 +67,7 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher { } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerPathResourceMatcher.init(" + options + ", " + policyResource + ")"); + LOG.debug("<== RangerPathResourceMatcher.init()"); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java index 3c4e99b..609d59d 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java @@ -19,12 +19,15 @@ package org.apache.ranger.plugin.resourcematcher; -import java.util.Map; - import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; public interface RangerResourceMatcher { - void init(Map<String, String> options, RangerPolicyResource policyResource); + void setResourceDef(RangerResourceDef resourceDef); + + void setPolicyResource(RangerPolicyResource policyResource); + + void init(); boolean isMatch(String resource); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java index cc69324..1e82c65 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerIpMatcherTest.java @@ -228,12 +228,16 @@ public class RangerIpMatcherTest { RangerIpMatcher matcher = new RangerIpMatcher(); if (ipArray == null) { - matcher.init(null, null); + matcher.setConditionDef(null); + matcher.setPolicyItemCondition(null); + matcher.init(); } else { RangerPolicyItemCondition condition = mock(RangerPolicyItemCondition.class); List<String> addresses = Arrays.asList(ipArray); when(condition.getValues()).thenReturn(addresses); - matcher.init(null, condition); + matcher.setConditionDef(null); + matcher.setPolicyItemCondition(condition); + matcher.init(); } return matcher; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java index 7ce9cf3..8d0bc75 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSimpleMatcherTest.java @@ -64,38 +64,52 @@ public class RangerSimpleMatcherTest { RangerSimpleMatcher matcher = new RangerSimpleMatcher(); // Matcher initialized with null policy should behave sensibly! It matches everything! - matcher.init(null, null); + matcher.setConditionDef(null); + matcher.setPolicyItemCondition(null); + matcher.init(); assertTrue(matcher.isMatched(request)); RangerPolicyItemCondition policyItemCondition = mock(RangerPolicyItemCondition.class); - matcher.init(null, policyItemCondition); + matcher.setConditionDef(null); + matcher.setPolicyItemCondition(policyItemCondition); + matcher.init(); assertTrue(matcher.isMatched(request)); RangerPolicyConditionDef conditionDef = mock(RangerPolicyConditionDef.class); - matcher.init(conditionDef, null); + matcher.setConditionDef(conditionDef); + matcher.setPolicyItemCondition(null); + matcher.init(); assertTrue(matcher.isMatched(request)); // so should a policy item condition with initialized with null list of values when(policyItemCondition.getValues()).thenReturn(null); - matcher.init(conditionDef, policyItemCondition); + matcher.setConditionDef(conditionDef); + matcher.setPolicyItemCondition(policyItemCondition); + matcher.init(); assertTrue(matcher.isMatched(request)); // not null item condition with empty condition list List<String> values = new ArrayList<String>(); when(policyItemCondition.getValues()).thenReturn(values); - matcher.init(conditionDef, policyItemCondition); + matcher.setConditionDef(conditionDef); + matcher.setPolicyItemCondition(policyItemCondition); + matcher.init(); assertTrue(matcher.isMatched(request)); // values as sensible items in it, however, the conditionDef has null evaluator option, so that too suppresses any check values.add("AB"); when(policyItemCondition.getValues()).thenReturn(values); when(conditionDef.getEvaluatorOptions()).thenReturn(null); - matcher.init(conditionDef, policyItemCondition); + matcher.setConditionDef(conditionDef); + matcher.setPolicyItemCondition(policyItemCondition); + matcher.init(); assertTrue(matcher.isMatched(request)); // If evaluator option on the condition def is non-null then it starts to evaluate for real when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions); - matcher.init(conditionDef, policyItemCondition); + matcher.setConditionDef(conditionDef); + matcher.setPolicyItemCondition(policyItemCondition); + matcher.init(); assertTrue(matcher.isMatched(request)); } @@ -103,7 +117,9 @@ public class RangerSimpleMatcherTest { RangerSimpleMatcher matcher = new RangerSimpleMatcher(); if (ipArray == null) { - matcher.init(null, null); + matcher.setConditionDef(null); + matcher.setPolicyItemCondition(null); + matcher.init(); } else { RangerPolicyItemCondition condition = mock(RangerPolicyItemCondition.class); List<String> addresses = Arrays.asList(ipArray); @@ -112,7 +128,9 @@ public class RangerSimpleMatcherTest { RangerPolicyConditionDef conditionDef = mock(RangerPolicyConditionDef.class); when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions); - matcher.init(conditionDef, condition); + matcher.setConditionDef(conditionDef); + matcher.setPolicyItemCondition(condition); + matcher.init(); } return matcher; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java index 21e4769..b6ca843 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerTimeOfDayMatcherTest.java @@ -178,7 +178,9 @@ public class RangerTimeOfDayMatcherTest { when(itemCondition.getValues()).thenReturn(Arrays.asList("2:45a.m. -7:00 AM", " 9:15AM- 5:30P.M. ")); RangerTimeOfDayMatcher matcher = new RangerTimeOfDayMatcher(); - matcher.init(null, itemCondition); + matcher.setConditionDef(null); + matcher.setPolicyItemCondition(itemCondition); + matcher.init(); Object[][] input = new Object[][] { { 1, 0, false }, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java index 88e668e..943b76a 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluatorTest.java @@ -34,6 +34,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import org.apache.ranger.plugin.conditionevaluator.RangerAbstractConditionEvaluator; import org.apache.ranger.plugin.conditionevaluator.RangerConditionEvaluator; import org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher; import org.apache.ranger.plugin.model.RangerPolicy; @@ -210,11 +211,11 @@ public class RangerDefaultPolicyEvaluatorTest { * @author alal * */ - static class AlwaysPass implements RangerConditionEvaluator { + static class AlwaysPass extends RangerAbstractConditionEvaluator { @Override - public void init(RangerPolicyConditionDef conditionDef, RangerPolicyItemCondition condition) { - // empty body! + public void init() { + super.init(); } @Override public boolean isMatched(RangerAccessRequest request) { @@ -223,11 +224,11 @@ public class RangerDefaultPolicyEvaluatorTest { } - static class AlwaysFail implements RangerConditionEvaluator { + static class AlwaysFail extends RangerAbstractConditionEvaluator { @Override - public void init(RangerPolicyConditionDef conditionDef, RangerPolicyItemCondition condition) { - // empty body + public void init() { + super.init(); } @Override http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java b/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java index 5775d0f..9b870d4 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java @@ -24,9 +24,9 @@ import static org.junit.Assert.*; import java.io.InputStream; import java.io.InputStreamReader; import java.util.List; -import java.util.Map; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.resourcematcher.TestResourceMatcher.ResourceMatcherTestCases.TestCase; import org.apache.ranger.plugin.resourcematcher.TestResourceMatcher.ResourceMatcherTestCases.TestCase.OneTest; import org.junit.After; @@ -89,7 +89,7 @@ public class TestResourceMatcher { assertTrue("invalid input: " + testName, testCases != null && testCases.testCases != null); for(TestCase testCase : testCases.testCases) { - RangerResourceMatcher matcher = createResourceMatcher(testCase.matcher, testCase.matcherOptions, testCase.policyResource); + RangerResourceMatcher matcher = createResourceMatcher(testCase.resourceDef, testCase.policyResource); for(OneTest oneTest : testCase.tests) { if(oneTest == null) { @@ -104,14 +104,16 @@ public class TestResourceMatcher { } } - private RangerResourceMatcher createResourceMatcher(String className, Map<String, String> options, RangerPolicyResource policyResource) throws Exception { + private RangerResourceMatcher createResourceMatcher(RangerResourceDef resourceDef, RangerPolicyResource policyResource) throws Exception { RangerResourceMatcher ret = null; @SuppressWarnings("unchecked") - Class<RangerResourceMatcher> matcherClass = (Class<RangerResourceMatcher>) Class.forName(className); + Class<RangerResourceMatcher> matcherClass = (Class<RangerResourceMatcher>) Class.forName(resourceDef.getMatcher()); ret = matcherClass.newInstance(); - ret.init(options, policyResource); + ret.setResourceDef(resourceDef); + ret.setPolicyResource(policyResource); + ret.init(); return ret; } @@ -121,8 +123,7 @@ public class TestResourceMatcher { class TestCase { public String name; - public String matcher; - public Map<String, String> matcherOptions; + public RangerResourceDef resourceDef; public RangerPolicyResource policyResource; public List<OneTest> tests; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json b/agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json index 24d1e4e..918c30f 100644 --- a/agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json +++ b/agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json @@ -2,8 +2,10 @@ "testCases":[ { "name":"value=simple; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["simple"] }, @@ -19,8 +21,10 @@ , { "name":"value=simple; wildCard=true; ignoreCase=true; isExcludes=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["simple"], "isExcludes":true @@ -37,8 +41,10 @@ , { "name":"value=simple; wildCard=true; ignoreCase=false", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":false}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":false} + }, "policyResource":{ "values": ["simple"] }, @@ -54,8 +60,10 @@ , { "name":"value=SiMpLe; wildCard=true; ignoreCase=false", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":false}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":false} + }, "policyResource":{ "values": ["SiMpLe"] }, @@ -71,8 +79,10 @@ , { "name":"value=simple*; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["simple*"] }, @@ -97,8 +107,10 @@ , { "name":"value=simple*string; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["simple*string"] }, @@ -123,8 +135,10 @@ , { "name":"value=simple*test*string; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["simple*test*string"] }, @@ -152,8 +166,10 @@ , { "name":"value=*simple; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["*simple"] }, @@ -184,8 +200,10 @@ , { "name":"value=simple*; wildCard=true; ignoreCase=false", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":false}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":false} + }, "policyResource":{ "values": ["simple*"] }, @@ -207,8 +225,10 @@ , { "name":"value=simple?; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["simple?"] }, @@ -239,8 +259,10 @@ , { "name":"value=simple?string; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["simple?string"] }, @@ -265,8 +287,10 @@ , { "name":"value=simple?string?; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["simple?string?"] }, @@ -294,8 +318,10 @@ , { "name":"value=simple1,simple2,wild*,onechar?,star*onechar?; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["simple1","simple2","wild*","onechar?","star*onechar?"] }, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f31274b8/agents-common/src/test/resources/resourcematcher/test_resourcematcher_path.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/resourcematcher/test_resourcematcher_path.json b/agents-common/src/test/resources/resourcematcher/test_resourcematcher_path.json index 352ed52..25b0eb7 100644 --- a/agents-common/src/test/resources/resourcematcher/test_resourcematcher_path.json +++ b/agents-common/src/test/resources/resourcematcher/test_resourcematcher_path.json @@ -2,8 +2,10 @@ "testCases":[ { "name":"value=/; isRecursive=false; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["/"], "isRecursive":false @@ -18,8 +20,10 @@ , { "name":"value=/path1; isRecursive=false; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["/path1"], "isRecursive":false @@ -35,8 +39,10 @@ , { "name":"value=/path1/*; isRecursive=false; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["/path1/*"], "isRecursive":false @@ -53,8 +59,10 @@ , { "name":"value=/; isRecursive=true; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["/"], "isRecursive":true @@ -69,8 +77,10 @@ , { "name":"value=/path1; isRecursive=true; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["/path1"], "isRecursive":true @@ -90,8 +100,10 @@ , { "name":"value=/path*; isRecursive=true; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["/path*"], "isRecursive":true @@ -114,8 +126,10 @@ , { "name":"value=/path?; isRecursive=true; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["/path?"], "isRecursive":true @@ -137,8 +151,10 @@ , { "name":"value=/public/*test; isRecursive=true; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["/public/*test"], "isRecursive":true @@ -159,8 +175,10 @@ , { "name":"value=/public/*test/*result; isRecursive=true; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["/public/*test/*result"], "isRecursive":true @@ -188,8 +206,10 @@ , { "name":"value=/public/*test/*result; isRecursive=false; wildCard=true; ignoreCase=true", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true} + }, "policyResource":{ "values": ["/public/*test/*result"], "isRecursive":true @@ -217,8 +237,10 @@ , { "name":"value=root; isRecursive=false; wildCard=true; ignoreCase=true; pathSeparatorChar=.", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."} + }, "policyResource":{ "values": ["root"], "isRecursive":false @@ -233,8 +255,10 @@ , { "name":"value=root.default.mycompany*; isRecursive=false; wildCard=true; ignoreCase=true; pathSeparatorChar=.", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."} + }, "policyResource":{ "values": ["root.default.mycompany*"], "isRecursive":false @@ -253,8 +277,10 @@ , { "name":"value=root; isRecursive=true; wildCard=true; ignoreCase=true; pathSeparatorChar=.", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."} + }, "policyResource":{ "values": ["root"], "isRecursive":true @@ -269,8 +295,10 @@ , { "name":"value=root.default.mycompany*; isRecursive=true; wildCard=true; ignoreCase=true; pathSeparatorChar=.", - "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", - "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."}, + "resourceDef":{ + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher", + "matcherOptions":{"wildCard":true, "ignoreCase":true, "pathSeparatorChar":"."} + }, "policyResource":{ "values": ["root.default.mycompany*"], "isRecursive":true
