Merge branch 'master' into tag-policy
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/0d37d980 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/0d37d980 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/0d37d980 Branch: refs/heads/tag-policy Commit: 0d37d980eca3e182ea8c597120c584ea4384b8f7 Parents: e25baa7 016f0f6 Author: Madhan Neethiraj <[email protected]> Authored: Thu Jun 4 19:40:20 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Thu Jun 4 19:40:20 2015 -0700 ---------------------------------------------------------------------- .../model/validation/RangerPolicyValidator.java | 129 ++++-- .../validation/RangerServiceDefHelper.java | 20 +- .../ranger/plugin/service/RangerBasePlugin.java | 6 +- .../plugin/store/EmbeddedServiceDefsUtil.java | 8 +- .../ranger/plugin/store/ServiceStore.java | 5 +- .../plugin/store/file/ServiceFileStore.java | 11 + .../plugin/store/rest/ServiceRESTStore.java | 12 + .../service-defs/ranger-servicedef-hbase.json | 1 + .../service-defs/ranger-servicedef-hdfs.json | 1 + .../service-defs/ranger-servicedef-hive.json | 13 +- .../service-defs/ranger-servicedef-kafka.json | 1 + .../service-defs/ranger-servicedef-kms.json | 1 + .../service-defs/ranger-servicedef-knox.json | 1 + .../service-defs/ranger-servicedef-solr.json | 1 + .../service-defs/ranger-servicedef-storm.json | 1 + .../service-defs/ranger-servicedef-yarn.json | 1 + .../validation/TestRangerPolicyValidator.java | 30 +- .../validation/TestRangerServiceDefHelper.java | 4 +- .../hbase/RangerAuthorizationCoprocessor.java | 25 +- .../hive/authorizer/RangerHiveAuthorizer.java | 3 + .../org/apache/ranger/biz/ServiceDBStore.java | 22 +- .../org/apache/ranger/common/AppConstants.java | 8 +- .../apache/ranger/db/RangerDaoManagerBase.java | 10 + .../db/XXServiceDefWithAssignedIdDao.java | 29 ++ .../org/apache/ranger/entity/XXServiceDef.java | 401 +----------------- .../apache/ranger/entity/XXServiceDefBase.java | 403 +++++++++++++++++++ .../entity/XXServiceDefWithAssignedId.java | 76 ++++ .../ranger/service/RangerServiceDefService.java | 139 +------ .../service/RangerServiceDefServiceBase.java | 131 +++++- .../RangerServiceDefWithAssignedIdService.java | 58 +++ 30 files changed, 962 insertions(+), 589 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0d37d980/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0d37d980/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java ---------------------------------------------------------------------- diff --cc agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java index 959e3f4,8513230..29e5096 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java @@@ -179,8 -169,13 +179,14 @@@ public class EmbeddedServiceDefsUtil ret = loadEmbeddedServiceDef(serviceDefName); LOG.info("creating embedded service-def " + serviceDefName); - ret = store.createServiceDef(ret); + if (ret.getId() != null) { + store.setPopulateExistingBaseFields(true); - store.createServiceDef(ret); ++ ret = store.createServiceDef(ret); + store.setPopulateExistingBaseFields(false); + } else { - store.createServiceDef(ret); ++ ret = store.createServiceDef(ret); + } + LOG.info("created embedded service-def " + serviceDefName); } } catch(Exception excp) { LOG.fatal("EmbeddedServiceDefsUtil.getOrCreateServiceDef(): failed to load/create serviceType " + serviceDefName, excp); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0d37d980/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java ---------------------------------------------------------------------- diff --cc agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java index cbf6022,7957dbf..8013262 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java @@@ -80,20 -70,11 +80,23 @@@ public interface ServiceStore List<RangerPolicy> getServicePolicies(Long serviceId, SearchFilter filter) throws Exception; + + PList<RangerPolicy> getPaginatedServicePolicies(Long serviceId, SearchFilter filter) throws Exception; + List<RangerPolicy> getServicePolicies(String serviceName, SearchFilter filter) throws Exception; + PList<RangerPolicy> getPaginatedServicePolicies(String serviceName, SearchFilter filter) throws Exception; + ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long lastKnownVersion) throws Exception; + RangerPolicy getPolicyFromEventTime(String eventTimeStr, Long policyId); + + RangerPolicy getPolicyForVersionNumber(Long policyId, Integer versionNo); + + String getPolicyForVersionNumber(Long policyId); + + - } + void setPopulateExistingBaseFields(Boolean populateExistingBaseFields); + + Boolean getPopulateExistingBaseFields(); + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0d37d980/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java ---------------------------------------------------------------------- diff --cc agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java index 23dd0c0,751c3b3..d71436f --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java @@@ -58,7 -54,7 +58,8 @@@ public class ServiceFileStore extends A private long nextPolicyId = 0; private ServicePredicateUtil predicateUtil = null; + private FileStoreUtil fileStoreUtil = null; + private Boolean populateExistingBaseFields = false; public ServiceFileStore() { if(LOG.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0d37d980/agents-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0d37d980/agents-common/src/main/resources/service-defs/ranger-servicedef-kms.json ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0d37d980/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0d37d980/security-admin/src/main/java/org/apache/ranger/entity/XXServiceDef.java ---------------------------------------------------------------------- diff --cc security-admin/src/main/java/org/apache/ranger/entity/XXServiceDef.java index 6f79432,af495e5..bac5cba --- a/security-admin/src/main/java/org/apache/ranger/entity/XXServiceDef.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXServiceDef.java @@@ -410,48 -83,4 +83,4 @@@ public class XXServiceDef extends XXSer return true; } - /* - * (non-Javadoc) - * - * @see java.lang.Object#toString() - */ - @Override - public String toString() { - return "XXServiceDef [" + super.toString() + " id=" + id + ", guid=" - + guid + ", version=" + version + ", name=" + name - + ", implClassName=" + implClassName + ", label=" + label - + ", description=" + description + ", rbKeyLabel=" + rbKeyLabel - + ", rbKeyDescription=" + rbKeyDescription + ", isEnabled" - + isEnabled + "]"; - } - --} ++} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0d37d980/security-admin/src/main/java/org/apache/ranger/entity/XXServiceDefBase.java ---------------------------------------------------------------------- diff --cc security-admin/src/main/java/org/apache/ranger/entity/XXServiceDefBase.java index 0000000,93a0372..4a6a7f1 mode 000000,100644..100644 --- a/security-admin/src/main/java/org/apache/ranger/entity/XXServiceDefBase.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXServiceDefBase.java @@@ -1,0 -1,375 +1,403 @@@ + /* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + package org.apache.ranger.entity; + + import java.io.Serializable; + + import javax.persistence.Column; + import javax.persistence.MappedSuperclass; + import javax.xml.bind.annotation.XmlRootElement; + + @MappedSuperclass + @XmlRootElement + public abstract class XXServiceDefBase extends XXDBBase implements Serializable { + private static final long serialVersionUID = 1L; + + /** + * Global Id for the object + * <ul> + * <li>The maximum length for this attribute is <b>512</b>. + * </ul> + * + */ + @Column(name = "guid", unique = true, nullable = false, length = 512) + protected String guid; + /** + * version of the XXServiceDef + * <ul> + * </ul> + * + */ + @Column(name = "version") + protected Long version; + + /** + * name of the XXServiceDef + * <ul> + * </ul> + * + */ + @Column(name = "name") + protected String name; + + /** + * implClassName of the XXServiceDef + * <ul> + * </ul> + * + */ + @Column(name = "impl_class_name") + protected String implClassName; + + /** + * label of the XXServiceDef + * <ul> + * </ul> + * + */ + @Column(name = "label") + protected String label; + + /** + * description of the XXServiceDef + * <ul> + * </ul> + * + */ + @Column(name = "description") + protected String description; + + /** ++ * options of the XXServiceDef ++ * <ul> ++ * </ul> ++ * ++ */ ++ @Column(name = "options") ++ protected String options; ++ ++ /** + * rbKeyLabel of the XXServiceDef + * <ul> + * </ul> + * + */ + @Column(name = "rb_key_label") + protected String rbKeyLabel; + + /** + * rbKeyDescription of the XXServiceDef + * <ul> + * </ul> + * + */ + @Column(name = "rb_key_description") + protected String rbKeyDescription; + /** + * isEnabled of the XXPolicy + * <ul> + * </ul> + * + */ + @Column(name = "is_enabled") + protected Boolean isEnabled; + + /** + * @return the gUID + */ + public String getGuid() { + return this.guid; + } + + /** + * @param guid + * the gUID to set + */ + public void setGuid(String guid) { + this.guid = guid; + } + + /** + * This method sets the value to the member attribute <b> version</b> . You cannot set null to the attribute. + * + * @param version + * Value to set member attribute <b> version</b> + */ + public void setVersion(Long version) { + this.version = version; + } + + /** + * Returns the value for the member attribute <b>version</b> + * + * @return Date - value of member attribute <b>version</b> . + */ + public Long getVersion() { + return this.version; + } + + /** + * This method sets the value to the member attribute <b> name</b> . You cannot set null to the attribute. + * + * @param name + * Value to set member attribute <b> name</b> + */ + public void setName(String name) { + this.name = name; + } + + /** + * Returns the value for the member attribute <b>name</b> + * + * @return Date - value of member attribute <b>name</b> . + */ + public String getName() { + return this.name; + } + + /** + * This method sets the value to the member attribute <b> implClassName</b> . You cannot set null to the attribute. + * + * @param implClassName + * Value to set member attribute <b> implClassName</b> + */ + public void setImplclassname(String implClassName) { + this.implClassName = implClassName; + } + + /** + * Returns the value for the member attribute <b>implClassName</b> + * + * @return Date - value of member attribute <b>implClassName</b> . + */ + public String getImplclassname() { + return this.implClassName; + } + + /** + * This method sets the value to the member attribute <b> label</b> . You cannot set null to the attribute. + * + * @param label + * Value to set member attribute <b> label</b> + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * Returns the value for the member attribute <b>label</b> + * + * @return Date - value of member attribute <b>label</b> . + */ + public String getLabel() { + return this.label; + } + + /** + * This method sets the value to the member attribute <b> description</b> . You cannot set null to the attribute. + * + * @param description + * Value to set member attribute <b> description</b> + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * Returns the value for the member attribute <b>description</b> + * + * @return Date - value of member attribute <b>description</b> . + */ + public String getDescription() { + return this.description; + } + + /** ++ * This method sets the value to the member attribute <b> options</b> . ++ * ++ * @param options ++ * Value to set member attribute <b> options</b> ++ */ ++ public void setOptions(String options) { ++ this.options = options; ++ } ++ ++ /** ++ * Returns the value for the member attribute <b>options</b> ++ * ++ * @return String - value of member attribute <b>options</b> . ++ */ ++ public String getOptions() { ++ return this.options; ++ } ++ ++ /** + * This method sets the value to the member attribute <b> rbKeyLabel</b> . You cannot set null to the attribute. + * + * @param rbKeyLabel + * Value to set member attribute <b> rbKeyLabel</b> + */ + public void setRbkeylabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + /** + * Returns the value for the member attribute <b>rbKeyLabel</b> + * + * @return Date - value of member attribute <b>rbKeyLabel</b> . + */ + public String getRbkeylabel() { + return this.rbKeyLabel; + } + + /** + * This method sets the value to the member attribute <b> rbKeyDescription</b> . You cannot set null to the + * attribute. + * + * @param rbKeyDescription + * Value to set member attribute <b> rbKeyDescription</b> + */ + public void setRbkeydescription(String rbKeyDescription) { + this.rbKeyDescription = rbKeyDescription; + } + + /** + * Returns the value for the member attribute <b>rbKeyDescription</b> + * + * @return Date - value of member attribute <b>rbKeyDescription</b> . + */ + public String getRbkeydescription() { + return this.rbKeyDescription; + } + + /** + * This method sets the value to the member attribute <b> isEnabled</b> . You cannot set null to the attribute. + * + * @param isEnabled + * Value to set member attribute <b> isEnabled</b> + */ + public void setIsEnabled(boolean isEnabled) { + this.isEnabled = isEnabled; + } + + /** + * Returns the value for the member attribute <b>isEnabled</b> + * + * @return Date - value of member attribute <b>isEnabled</b> . + */ + public boolean getIsEnabled() { + return this.isEnabled; + } + + /* + * (non-Javadoc) + * + * @see java.lang.Object#equals(java.lang.Object) + */ + @Override + public boolean equals(Object obj) { + if (!super.equals(obj)) { + return false; + } + if (this == obj) { + return true; + } + if (getClass() != obj.getClass()) { + return false; + } + XXServiceDefBase other = (XXServiceDefBase) obj; + if (description == null) { + if (other.description != null) { + return false; + } + } else if (!description.equals(other.description)) { + return false; + } + if (guid == null) { + if (other.guid != null) { + return false; + } + } else if (!guid.equals(other.guid)) { + return false; + } + if (implClassName == null) { + if (other.implClassName != null) { + return false; + } + } else if (!implClassName.equals(other.implClassName)) { + return false; + } + if (label == null) { + if (other.label != null) { + return false; + } + } else if (!label.equals(other.label)) { + return false; + } + if (name == null) { + if (other.name != null) { + return false; + } + } else if (!name.equals(other.name)) { + return false; + } + if (rbKeyDescription == null) { + if (other.rbKeyDescription != null) { + return false; + } + } else if (!rbKeyDescription.equals(other.rbKeyDescription)) { + return false; + } + if (rbKeyLabel == null) { + if (other.rbKeyLabel != null) { + return false; + } + } else if (!rbKeyLabel.equals(other.rbKeyLabel)) { + return false; + } + if (version == null) { + if (other.version != null) { + return false; + } + } else if (!version.equals(other.version)) { + return false; + } + if (isEnabled == null) { + if (other.isEnabled != null) { + return false; + } + } else if (!isEnabled.equals(other.isEnabled)) { + return false; + } + return true; + } + + /* + * (non-Javadoc) + * + * @see java.lang.Object#toString() + */ + @Override + public String toString() { + return "XXServiceDefBase [" + super.toString() + " guid=" + guid + ", version=" + version + ", name=" + name + + ", implClassName=" + implClassName + ", label=" + label + ", description=" + description + + ", rbKeyLabel=" + rbKeyLabel + ", rbKeyDescription=" + rbKeyDescription + ", isEnabled" + isEnabled + + "]"; + } + + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0d37d980/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java ---------------------------------------------------------------------- diff --cc security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java index 398a48d,9f9761c..e80ba01 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java @@@ -20,26 -20,9 +20,18 @@@ package org.apache.ranger.service import java.util.ArrayList; import java.util.List; - import org.apache.ranger.common.*; +import org.apache.ranger.common.SearchField.DATA_TYPE; +import org.apache.ranger.common.SearchField.SEARCH_TYPE; +import org.apache.ranger.common.UserSessionBase; +import org.apache.ranger.entity.XXContextEnricherDef; +import org.apache.ranger.entity.XXAccessTypeDef; +import org.apache.ranger.entity.XXEnumDef; +import org.apache.ranger.entity.XXPolicyConditionDef; +import org.apache.ranger.entity.XXResourceDef; +import org.apache.ranger.entity.XXServiceConfigDef; import org.apache.ranger.entity.XXServiceDef; + import org.apache.ranger.entity.XXServiceDefBase; import org.apache.ranger.plugin.model.RangerServiceDef; - import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef; - import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef; - import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef; - import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; - import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; - import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; - import org.apache.ranger.plugin.util.SearchFilter; - import org.apache.ranger.view.RangerServiceDefList; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Service; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0d37d980/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java ----------------------------------------------------------------------
