RANGER-274: TagREST, TagStore, TagDBStore updates; renamed RangerTag.name to RangerTag.type
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/da832711 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/da832711 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/da832711 Branch: refs/heads/tag-policy Commit: da8327114a50ba664ee9c652ff889be22d88fbeb Parents: f8bea62 Author: Madhan Neethiraj <[email protected]> Authored: Sun Aug 30 23:50:06 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Mon Aug 31 17:27:28 2015 -0700 ---------------------------------------------------------------------- .../ranger/admin/client/RangerAdminClient.java | 2 +- .../admin/client/RangerAdminRESTClient.java | 10 +- .../plugin/audit/RangerDefaultAuditHandler.java | 2 +- .../RangerScriptExecutionContext.java | 70 +-- .../contextenricher/RangerTagProvider.java | 2 +- .../plugin/model/RangerServiceResource.java | 30 +- .../apache/ranger/plugin/model/RangerTag.java | 38 +- .../plugin/model/RangerTagResourceMap.java | 14 +- .../policyengine/RangerPolicyEngineImpl.java | 22 +- .../store/RangerServiceResourceSignature.java | 8 +- .../ranger/plugin/store/TagPredicateUtil.java | 47 +- .../apache/ranger/plugin/store/TagStore.java | 33 +- .../ranger/plugin/store/TagValidator.java | 89 ++-- .../ranger/plugin/store/file/TagFileStore.java | 201 ++++--- .../apache/ranger/plugin/util/SearchFilter.java | 4 +- .../ranger/services/tag/RangerServiceTag.java | 18 +- .../ranger/plugin/store/TestTagStore.java | 66 +-- .../test_policyengine_tag_hdfs.json | 2 +- .../test_policyengine_tag_hive.json | 24 +- .../client/RangerAdminJersey2RESTClient.java | 4 +- .../016-updated-schema-for-tag-based-policy.sql | 11 +- .../org/apache/ranger/biz/ServiceDBStore.java | 8 +- .../java/org/apache/ranger/biz/TagDBStore.java | 183 ++++--- .../apache/ranger/db/XXServiceResourceDao.java | 8 +- .../java/org/apache/ranger/db/XXTagDao.java | 4 +- .../java/org/apache/ranger/db/XXTagDefDao.java | 8 +- .../apache/ranger/db/XXTagResourceMapDao.java | 12 + .../java/org/apache/ranger/entity/XXTag.java | 28 +- .../java/org/apache/ranger/rest/TagREST.java | 519 ++++++++++++++----- .../apache/ranger/rest/TagRESTConstants.java | 5 +- .../service/RangerServiceResourceService.java | 20 +- .../RangerServiceResourceServiceBase.java | 6 +- .../ranger/service/RangerTagDefService.java | 18 +- .../service/RangerTagResourceMapService.java | 12 + .../apache/ranger/service/RangerTagService.java | 9 +- .../ranger/service/RangerTagServiceBase.java | 25 +- .../resources/META-INF/jpa_named_queries.xml | 24 +- 37 files changed, 981 insertions(+), 605 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java index c083a98..a2fce08 100644 --- a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java +++ b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java @@ -38,6 +38,6 @@ public interface RangerAdminClient { ServiceTags getServiceTagsIfUpdated(long lastKnownVersion) throws Exception; - List<String> getTagNames(String tagNamePattern) throws Exception; + List<String> getTagTypes(String tagTypePattern) throws Exception; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java index de138ed..7420830 100644 --- a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java +++ b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java @@ -228,9 +228,9 @@ public class RangerAdminRESTClient implements RangerAdminClient { } @Override - public List<String> getTagNames(String tagNamePattern) throws Exception { + public List<String> getTagTypes(String pattern) throws Exception { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerAdminRESTClient.getTagNames(" + tagNamePattern + "): "); + LOG.debug("==> RangerAdminRESTClient.getTagTypes(" + pattern + "): "); } List<String> ret = null; @@ -238,7 +238,7 @@ public class RangerAdminRESTClient implements RangerAdminClient { WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_LOOKUP_TAG_NAMES) .queryParam(RangerRESTUtils.SERVICE_NAME_PARAM, serviceName) - .queryParam(RangerRESTUtils.PATTERN_PARAM, tagNamePattern); + .queryParam(RangerRESTUtils.PATTERN_PARAM, pattern); ClientResponse response = webResource.accept(RangerRESTUtils.REST_MIME_TYPE_JSON).get(ClientResponse.class); @@ -248,12 +248,12 @@ public class RangerAdminRESTClient implements RangerAdminClient { RESTResponse resp = RESTResponse.fromClientResponse(response); LOG.error("Error getting taggedResources. request=" + webResource.toString() + ", response=" + resp.toString() + ", serviceName=" + serviceName - + ", " + "tagNamePattern=" + tagNamePattern); + + ", " + "pattern=" + pattern); throw new Exception(resp.getMessage()); } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerAdminRESTClient.getTagNames(" + tagNamePattern + "): " + ret); + LOG.debug("<== RangerAdminRESTClient.getTagTypes(" + pattern + "): " + ret); } return ret; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java index 0153d27..35d0731 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java @@ -220,7 +220,7 @@ public class RangerDefaultAuditHandler implements RangerAccessResultProcessor { tags = new HashSet<String>(); for (RangerTag resourceTag : resourceTags) { - tags.add(resourceTag.getName()); + tags.add(resourceTag.getType()); } } } catch (Throwable t) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java index 6fe5262..44bd03f 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java @@ -86,46 +86,46 @@ public final class RangerScriptExecutionContext { return tagObject; } - public final String getCurrentTagName() { + public final String getCurrentTagType() { RangerTag tagObject = getCurrentTag(); - return (tagObject != null) ? tagObject.getName() : null; + return (tagObject != null) ? tagObject.getType() : null; } - public final Set<String> getAllTagNames() { + public final Set<String> getAllTagTypes() { - Set<String> allTagNames = null; + Set<String> allTagTypes = null; List<RangerTag> tagObjectList = getAllTags(); if (CollectionUtils.isNotEmpty(tagObjectList)) { for (RangerTag tag : tagObjectList) { - String tagName = tag.getName(); - if (allTagNames == null) { - allTagNames = new HashSet<String>(); + String tagType = tag.getType(); + if (allTagTypes == null) { + allTagTypes = new HashSet<String>(); } - allTagNames.add(tagName); + allTagTypes.add(tagType); } } - return allTagNames; + return allTagTypes; } - public final Map<String, String> getTagAttributeValues(final String tagName) { + public final Map<String, String> getTagAttributes(final String tagType) { Map<String, String> ret = null; - if (StringUtils.isNotBlank(tagName)) { + if (StringUtils.isNotBlank(tagType)) { List<RangerTag> tagObjectList = getAllTags(); - // Assumption: There is exactly one tag with given tagName in the list of tags - may not be true ***TODO*** - // This will get attributeValues of the first tagName that matches + // Assumption: There is exactly one tag with given tagType in the list of tags - may not be true ***TODO*** + // This will get attributes of the first tagType that matches if (CollectionUtils.isNotEmpty(tagObjectList)) { for (RangerTag tag : tagObjectList) { - if (tag.getName().equals(tagName)) { - ret = tag.getAttributeValues(); + if (tag.getType().equals(tagType)) { + ret = tag.getAttributes(); break; } } @@ -135,29 +135,29 @@ public final class RangerScriptExecutionContext { return ret; } - public final Set<String> getAttributeNames(final String tagName) { + public final Set<String> getAttributeNames(final String tagType) { Set<String> ret = null; - Map<String, String> attributeValues = getTagAttributeValues(tagName); + Map<String, String> attributes = getTagAttributes(tagType); - if (attributeValues != null) { - ret = attributeValues.keySet(); + if (attributes != null) { + ret = attributes.keySet(); } return ret; } - public final String getAttributeValue(final String tagName, final String attributeName) { + public final String getAttributeValue(final String tagType, final String attributeName) { String ret = null; - Map<String, String> attributeValues; + Map<String, String> attributes; - if (StringUtils.isNotBlank(tagName) || StringUtils.isNotBlank(attributeName)) { - attributeValues = getTagAttributeValues(tagName); + if (StringUtils.isNotBlank(tagType) || StringUtils.isNotBlank(attributeName)) { + attributes = getTagAttributes(tagType); - if (attributeValues != null) { - ret = attributeValues.get(attributeName); + if (attributes != null) { + ret = attributes.get(attributeName); } } return ret; @@ -169,12 +169,12 @@ public final class RangerScriptExecutionContext { if (StringUtils.isNotBlank(attributeName)) { RangerTag tag = getCurrentTag(); - Map<String, String> attributeValues = null; + Map<String, String> attributes = null; if (tag != null) { - attributeValues = tag.getAttributeValues(); + attributes = tag.getAttributes(); } - if (attributeValues != null) { - ret = attributeValues.get(attributeName); + if (attributes != null) { + ret = attributes.get(attributeName); } } return ret; @@ -207,7 +207,7 @@ public final class RangerScriptExecutionContext { return ret; } - public final Date getTagAttributeAsDate(String tagName, String attributeName) { + public final Date getTagAttributeAsDate(String tagType, String attributeName) { // sample JavaScript to demonstrate use of this helper method /* @@ -219,19 +219,19 @@ public final class RangerScriptExecutionContext { */ - String attrValue = getAttributeValue(tagName, attributeName); + String attrValue = getAttributeValue(tagType, attributeName); return getAsDate(attrValue); } - public final boolean isAccessedAfter(String tagName, String attributeName) { + public final boolean isAccessedAfter(String tagType, String attributeName) { boolean ret = false; Date accessDate = getAccessTime(); - Date expiryDate = getTagAttributeAsDate(tagName, attributeName); + Date expiryDate = getTagAttributeAsDate(tagType, attributeName); if (expiryDate == null || accessDate.after(expiryDate) || accessDate.equals(expiryDate)) { ret = true; @@ -255,13 +255,13 @@ public final class RangerScriptExecutionContext { return ret; } - public final boolean isAccessedBefore(String tagName, String attributeName) { + public final boolean isAccessedBefore(String tagType, String attributeName) { boolean ret = true; Date accessDate = getAccessTime(); - Date expiryDate = getTagAttributeAsDate(tagName, attributeName); + Date expiryDate = getTagAttributeAsDate(tagType, attributeName); if (expiryDate == null || accessDate.after(expiryDate)) { ret = false; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagProvider.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagProvider.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagProvider.java index 83600c9..ccb78f6 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagProvider.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagProvider.java @@ -128,7 +128,7 @@ public class RangerTagProvider extends RangerAbstractContextEnricher implements RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher(); matcher.setServiceDef(this.serviceDef); - matcher.setPolicyResources(serviceResource.getResourceSpec()); + matcher.setPolicyResources(serviceResource.getResourceElements()); if (LOG.isDebugEnabled()) { LOG.debug("RangerTagProvider.setServiceTags() - Initializing matcher with (resource=" + serviceResource http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java index c9e07eb..6acb2b6 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java @@ -38,23 +38,23 @@ import java.util.Map; public class RangerServiceResource extends RangerBaseModelObject { private static final long serialVersionUID = 1L; - private String serviceName = null; - private Map<String, RangerPolicy.RangerPolicyResource> resourceSpec = null; - private String resourceSignature = null; + private String serviceName = null; + private Map<String, RangerPolicy.RangerPolicyResource> resourceElements = null; + private String resourceSignature = null; - public RangerServiceResource(String guid, String serviceName, Map<String, RangerPolicy.RangerPolicyResource> resourceSpec, String resourceSignature) { + public RangerServiceResource(String guid, String serviceName, Map<String, RangerPolicy.RangerPolicyResource> resourceElements, String resourceSignature) { super(); setGuid(guid); setServiceName(serviceName); - setResourceSpec(resourceSpec); + setResourceElements(resourceElements); setResourceSignature(resourceSignature); } - public RangerServiceResource(String guid, String serviceName, Map<String, RangerPolicy.RangerPolicyResource> resourceSpec) { - this(guid, serviceName, resourceSpec, null); + public RangerServiceResource(String guid, String serviceName, Map<String, RangerPolicy.RangerPolicyResource> resourceElements) { + this(guid, serviceName, resourceElements, null); } - public RangerServiceResource(String serviceName, Map<String, RangerPolicy.RangerPolicyResource> resourceSpec) { - this(null, serviceName, resourceSpec, null); + public RangerServiceResource(String serviceName, Map<String, RangerPolicy.RangerPolicyResource> resourceElements) { + this(null, serviceName, resourceElements, null); } public RangerServiceResource() { @@ -63,7 +63,7 @@ public class RangerServiceResource extends RangerBaseModelObject { public String getServiceName() { return serviceName; } - public Map<String, RangerPolicy.RangerPolicyResource> getResourceSpec() { return resourceSpec; } + public Map<String, RangerPolicy.RangerPolicyResource> getResourceElements() { return resourceElements; } public String getResourceSignature() { return resourceSignature; @@ -73,8 +73,8 @@ public class RangerServiceResource extends RangerBaseModelObject { this.serviceName = serviceName; } - public void setResourceSpec(Map<String, RangerPolicy.RangerPolicyResource> resourceSpec) { - this.resourceSpec = resourceSpec == null ? new HashMap<String, RangerPolicy.RangerPolicyResource>() : resourceSpec; + public void setResourceElements(Map<String, RangerPolicy.RangerPolicyResource> resource) { + this.resourceElements = resource == null ? new HashMap<String, RangerPolicy.RangerPolicyResource>() : resource; } public void setResourceSignature(String resourceSignature) { @@ -97,9 +97,9 @@ public class RangerServiceResource extends RangerBaseModelObject { sb.append("guid={").append(getGuid()).append("} "); sb.append("serviceName={").append(serviceName).append("} "); - sb.append("resourceSpec={"); - if(resourceSpec != null) { - for(Map.Entry<String, RangerPolicy.RangerPolicyResource> e : resourceSpec.entrySet()) { + sb.append("resourceElements={"); + if(resourceElements != null) { + for(Map.Entry<String, RangerPolicy.RangerPolicyResource> e : resourceElements.entrySet()) { sb.append(e.getKey()).append("={"); e.getValue().toString(sb); sb.append("} "); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTag.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTag.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTag.java index 6e4685a..a57f986 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTag.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTag.java @@ -38,39 +38,39 @@ import java.util.Map; public class RangerTag extends RangerBaseModelObject { private static final long serialVersionUID = 1L; - private String name; - private Map<String, String> attributeValues; + private String type; + private Map<String, String> attributes; - public RangerTag(String guid, String name, Map<String, String> attributeValues) { + public RangerTag(String guid, String type, Map<String, String> attributes) { super(); setGuid(guid); - setName(name); - setAttributeValues(attributeValues); + setType(type); + setAttributes(attributes); } - public RangerTag(String name, Map<String, String> attributeValues) { - this(null, name, attributeValues); + public RangerTag(String type, Map<String, String> attributes) { + this(null, type, attributes); } public RangerTag() { this(null, null, null); } - public String getName() { - return name; + public String getType() { + return type; } - public void setName(String name) { - this.name = name; + public void setType(String type) { + this.type = type; } - public Map<String, String> getAttributeValues() { - return attributeValues; + public Map<String, String> getAttributes() { + return attributes; } - public void setAttributeValues(Map<String, String> attributeValues) { - this.attributeValues = attributeValues == null ? new HashMap<String, String>() : attributeValues; + public void setAttributes(Map<String, String> attributes) { + this.attributes = attributes == null ? new HashMap<String, String>() : attributes; } @Override @@ -87,11 +87,11 @@ public class RangerTag extends RangerBaseModelObject { super.toString(sb); - sb.append("name={").append(name).append("} "); + sb.append("type={").append(type).append("} "); - sb.append("attributeValues={"); - if (attributeValues != null) { - for (Map.Entry<String, String> e : attributeValues.entrySet()) { + sb.append("attributes={"); + if (attributes != null) { + for (Map.Entry<String, String> e : attributes.entrySet()) { sb.append(e.getKey()).append("={"); sb.append(e.getValue()); sb.append("} "); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagResourceMap.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagResourceMap.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagResourceMap.java index 8fca4c7..3b69ee7 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagResourceMap.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagResourceMap.java @@ -36,20 +36,20 @@ import javax.xml.bind.annotation.XmlRootElement; public class RangerTagResourceMap extends RangerBaseModelObject { private static final long serialVersionUID = 1L; - private Long resourceId; private Long tagId; + private Long resourceId; public RangerTagResourceMap() { } - public Long getResourceId() { - return resourceId; - } - public Long getTagId() { return tagId; } + public Long getResourceId() { + return resourceId; + } + public void setTagId(Long tagId) { this.tagId = tagId; } @@ -71,10 +71,10 @@ public class RangerTagResourceMap extends RangerBaseModelObject { sb.append("{ "); - sb.append("resourceId={").append(resourceId).append("} "); - sb.append("tagId=").append(tagId).append("} "); + sb.append("resourceId={").append(resourceId).append("} "); + sb.append(" }"); return sb; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java index c763da4..63ae385 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java @@ -383,7 +383,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { for (RangerTag resourceTag : resourceTags) { if (LOG.isDebugEnabled()) { - LOG.debug("RangerPolicyEngineImpl.isAccessAllowedForTagPolicies: Evaluating policies for tag (" + resourceTag.getName() + ")"); + LOG.debug("RangerPolicyEngineImpl.isAccessAllowedForTagPolicies: Evaluating policies for tag (" + resourceTag.getType() + ")"); } RangerAccessRequest tagEvalRequest = new RangerTagAccessRequest(resourceTag, tagPolicyRepository.getServiceDef(), request); @@ -396,7 +396,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { if (tagEvalResult.getIsAccessDetermined() && tagEvalResult.getIsAuditedDetermined()) { if (LOG.isDebugEnabled()) { - LOG.debug("RangerPolicyEngineImpl.isAccessAllowedForTagPolicies: concluding eval of tag (" + resourceTag.getName() + ") with authorization=" + tagEvalResult.getIsAllowed()); + LOG.debug("RangerPolicyEngineImpl.isAccessAllowedForTagPolicies: concluding eval of tag (" + resourceTag.getType() + ") with authorization=" + tagEvalResult.getIsAllowed()); } break; // Break out of policy-evaluation loop for this tag } @@ -406,7 +406,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { someTagAllowedAudit = true; // And generate an audit event if (tagEvalResult.getIsAccessDetermined()) { - RangerTagAuditEvent event = new RangerTagAuditEvent(resourceTag.getName(), tagEvalResult); + RangerTagAuditEvent event = new RangerTagAuditEvent(resourceTag.getType(), tagEvalResult); tagAuditEvents.add(event); } } @@ -417,7 +417,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { if (!tagEvalResult.getIsAllowed()) { if (LOG.isDebugEnabled()) { - LOG.debug("RangerPolicyEngineImpl.isAccessAllowedForTagPolicies: concluding eval of tag-policies as tag (" + resourceTag.getName() + "), tag-policy-id=" + tagEvalResult.getPolicyId() + " denied access."); + LOG.debug("RangerPolicyEngineImpl.isAccessAllowedForTagPolicies: concluding eval of tag-policies as tag (" + resourceTag.getType() + "), tag-policy-id=" + tagEvalResult.getPolicyId() + " denied access."); } break; // Break out of tags evaluation loop altogether } @@ -488,15 +488,15 @@ class RangerTagResource extends RangerAccessResourceImpl { private static final String KEY_TAG = "tag"; - public RangerTagResource(String tagName, RangerServiceDef tagServiceDef) { - super.setValue(KEY_TAG, tagName); + public RangerTagResource(String tagType, RangerServiceDef tagServiceDef) { + super.setValue(KEY_TAG, tagType); super.setServiceDef(tagServiceDef); } } class RangerTagAccessRequest extends RangerAccessRequestImpl { public RangerTagAccessRequest(RangerTag resourceTag, RangerServiceDef tagServiceDef, RangerAccessRequest request) { - super.setResource(new RangerTagResource(resourceTag.getName(), tagServiceDef)); + super.setResource(new RangerTagResource(resourceTag.getType(), tagServiceDef)); super.setUser(request.getUser()); super.setUserGroups(request.getUserGroups()); super.setAction(request.getAction()); @@ -519,11 +519,11 @@ class RangerTagAccessRequest extends RangerAccessRequestImpl { class RangerTagAuditEvent { - private final String tagName; + private final String tagType; private final RangerAccessResult result; - RangerTagAuditEvent(String tagName, RangerAccessResult result) { - this.tagName = tagName; + RangerTagAuditEvent(String tagType, RangerAccessResult result) { + this.tagType = tagType; this.result = result; } @Override @@ -538,7 +538,7 @@ class RangerTagAuditEvent { public void toString(StringBuilder sb) { sb.append("RangerTagAuditEvent={"); - sb.append("tagName={").append(this.tagName).append("} "); + sb.append("tagType={").append(this.tagType).append("} "); sb.append("isAccessDetermined={").append(this.result.getIsAccessDetermined()).append("}"); sb.append("isAllowed={").append(this.result.getIsAllowed()).append("}"); sb.append("policyId={").append(this.result.getPolicyId()).append("}"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java index 1affec5..1ff39b1 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java @@ -30,7 +30,7 @@ public class RangerServiceResourceSignature { private final String _hash; public RangerServiceResourceSignature(RangerServiceResource serviceResource) { - _string = ServiceResourceSpecSerializer.toString(serviceResource); + _string = ServiceResourceSerializer.toString(serviceResource); _hash = DigestUtils.md5Hex(_string); } @@ -42,16 +42,16 @@ public class RangerServiceResourceSignature { return _hash; } - static class ServiceResourceSpecSerializer { + static class ServiceResourceSerializer { static final int _SignatureVersion = 1; static public String toString(final RangerServiceResource serviceResource) { // invalid/empty serviceResource gets a deterministic signature as if it had an // empty resource string - Map<String, RangerPolicy.RangerPolicyResource> serviceResourceSpec = serviceResource.getResourceSpec(); + Map<String, RangerPolicy.RangerPolicyResource> resource = serviceResource.getResourceElements(); Map<String, ResourceSerializer> resources = new TreeMap<String, ResourceSerializer>(); - for (Map.Entry<String, RangerPolicy.RangerPolicyResource> entry : serviceResourceSpec.entrySet()) { + for (Map.Entry<String, RangerPolicy.RangerPolicyResource> entry : resource.entrySet()) { String resourceName = entry.getKey(); ResourceSerializer resourceView = new ResourceSerializer(entry.getValue()); resources.put(resourceName, resourceView); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/plugin/store/TagPredicateUtil.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagPredicateUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagPredicateUtil.java index de48240..ecfbecd 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagPredicateUtil.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagPredicateUtil.java @@ -39,11 +39,10 @@ public class TagPredicateUtil extends AbstractPredicateUtil { addPredicateForTagDefId(filter.getParam(SearchFilter.TAG_DEF_ID), predicates); addPredicateForTagDefGuid(filter.getParam(SearchFilter.TAG_DEF_GUID), predicates); - addPredicateForTagDefName(filter.getParam(SearchFilter.TAG_DEF_NAME), predicates); addPredicateForTagId(filter.getParam(SearchFilter.TAG_ID), predicates); addPredicateForTagGuid(filter.getParam(SearchFilter.TAG_GUID), predicates); - addPredicateForTagName(filter.getParam(SearchFilter.TAG_NAME), predicates); + addPredicateForTagType(filter.getParam(SearchFilter.TAG_TYPE), predicates); addPredicateForResourceId(filter.getParam(SearchFilter.TAG_RESOURCE_ID), predicates); addPredicateForResourceGuid(filter.getParam(SearchFilter.TAG_RESOURCE_GUID), predicates); @@ -117,38 +116,6 @@ public class TagPredicateUtil extends AbstractPredicateUtil { return ret; } - private Predicate addPredicateForTagDefName(final String name, List<Predicate> predicates) { - if (name == null || StringUtils.isEmpty(name)) { - return null; - } - - Predicate ret = new Predicate() { - @Override - public boolean evaluate(Object object) { - - boolean ret = false; - - if (object == null) { - return ret; - } - - if (object instanceof RangerTagDef) { - RangerTagDef tagDef = (RangerTagDef) object; - - ret = StringUtils.equals(name, tagDef.getName()); - } - - return ret; - } - }; - - if (predicates != null) { - predicates.add(ret); - } - - return ret; - } - private Predicate addPredicateForTagId(final String id, List<Predicate> predicates) { if (StringUtils.isEmpty(id)) { return null; @@ -216,8 +183,8 @@ public class TagPredicateUtil extends AbstractPredicateUtil { return ret; } - private Predicate addPredicateForTagName(final String name, List<Predicate> predicates) { - if (StringUtils.isEmpty(name)) { + private Predicate addPredicateForTagType(final String type, List<Predicate> predicates) { + if (StringUtils.isEmpty(type)) { return null; } @@ -231,10 +198,14 @@ public class TagPredicateUtil extends AbstractPredicateUtil { return ret; } - if (object instanceof RangerTag) { + if (object instanceof RangerTagDef) { + RangerTagDef tagDef = (RangerTagDef) object; + + ret = StringUtils.equals(type, tagDef.getName()); + } else if (object instanceof RangerTag) { RangerTag tag = (RangerTag) object; - ret = StringUtils.equals(name, tag.getName()); + ret = StringUtils.equals(type, tag.getType()); } return ret; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/plugin/store/TagStore.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagStore.java index f9d1086..e27947f 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagStore.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagStore.java @@ -24,7 +24,6 @@ import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.plugin.util.ServiceTags; import java.util.List; -import java.util.Map; /** * Interface to backing store for the top-level TAG model objects @@ -40,15 +39,15 @@ public interface TagStore { RangerTagDef updateTagDef(RangerTagDef TagDef) throws Exception; - void deleteTagDef(String name) throws Exception; + void deleteTagDefByName(String name) throws Exception; - void deleteTagDefById(Long id) throws Exception; + void deleteTagDef(Long id) throws Exception; - RangerTagDef getTagDefById(Long id) throws Exception; + RangerTagDef getTagDef(Long id) throws Exception; RangerTagDef getTagDefByGuid(String guid) throws Exception; - List<RangerTagDef> getTagDefsByName(String name) throws Exception; + RangerTagDef getTagDefByName(String name) throws Exception; List<RangerTagDef> getTagDefs(SearchFilter filter) throws Exception; @@ -59,13 +58,13 @@ public interface TagStore { RangerTag updateTag(RangerTag tag) throws Exception; - void deleteTagById(Long id) throws Exception; + void deleteTag(Long id) throws Exception; - RangerTag getTagById(Long id) throws Exception; + RangerTag getTag(Long id) throws Exception; RangerTag getTagByGuid(String guid) throws Exception; - List<RangerTag> getTagsByName(String name) throws Exception; + List<RangerTag> getTagsByType(String name) throws Exception; List<RangerTag> getTagsForResourceId(Long resourceId) throws Exception; @@ -80,13 +79,15 @@ public interface TagStore { RangerServiceResource updateServiceResource(RangerServiceResource resource) throws Exception; - void deleteServiceResourceById(Long id) throws Exception; + void deleteServiceResource(Long id) throws Exception; - RangerServiceResource getServiceResourceById(Long id) throws Exception; + RangerServiceResource getServiceResource(Long id) throws Exception; RangerServiceResource getServiceResourceByGuid(String guid) throws Exception; - List<RangerServiceResource> getServiceResourcesByServiceAndResourceSpec(String serviceName, Map<String, RangerPolicy.RangerPolicyResource> resourceSpec) throws Exception; + List<RangerServiceResource> getServiceResourcesByService(String serviceName) throws Exception; + + RangerServiceResource getServiceResourceByResourceSignature(String resourceSignature) throws Exception; List<RangerServiceResource> getServiceResources(SearchFilter filter) throws Exception; @@ -95,9 +96,11 @@ public interface TagStore { RangerTagResourceMap createTagResourceMap(RangerTagResourceMap tagResourceMap) throws Exception; - void deleteTagResourceMapById(Long id) throws Exception; + void deleteTagResourceMap(Long id) throws Exception; + + RangerTagResourceMap getTagResourceMap(Long id) throws Exception; - RangerTagResourceMap getTagResourceMapById(Long id) throws Exception; + RangerTagResourceMap getTagResourceMapByGuid(String guid) throws Exception; List<RangerTagResourceMap> getTagResourceMapsForTagId(Long tagId) throws Exception; @@ -118,7 +121,7 @@ public interface TagStore { ServiceTags getServiceTagsIfUpdated(String serviceName, Long lastKnownVersion) throws Exception; - List<String> getTags(String serviceName) throws Exception; + List<String> getTagTypes(String serviceName) throws Exception; - List<String> lookupTags(String serviceName, String tagNamePattern) throws Exception; + List<String> lookupTagTypes(String serviceName, String pattern) throws Exception; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java index 8c2b230..4eda166 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java @@ -20,6 +20,7 @@ package org.apache.ranger.plugin.store; import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.StringUtils; import org.apache.ranger.plugin.model.*; @@ -35,21 +36,21 @@ public class TagValidator { } public void preCreateTag(final RangerTag tag) throws Exception { - if (StringUtils.isBlank(tag.getName())) { - throw new Exception("Tag has no name"); + if (StringUtils.isBlank(tag.getType())) { + throw new Exception("Tag has no type"); } } - public void preUpdateTagById(final Long id, final RangerTag tag) throws Exception { - if (StringUtils.isBlank(tag.getName())) { - throw new Exception("Tag has no name"); + public void preUpdateTag(final Long id, final RangerTag tag) throws Exception { + if (StringUtils.isBlank(tag.getType())) { + throw new Exception("Tag has no type"); } if (id == null) { throw new Exception("Invalid/null id"); } - RangerTag exist = tagStore.getTagById(id); + RangerTag exist = tagStore.getTag(id); if (exist == null) { throw new Exception("Attempt to update nonexistant tag, id=" + id); @@ -58,8 +59,8 @@ public class TagValidator { } public void preUpdateTagByGuid(String guid, final RangerTag tag) throws Exception { - if (StringUtils.isBlank(tag.getName())) { - throw new Exception("Tag has no name"); + if (StringUtils.isBlank(tag.getType())) { + throw new Exception("Tag has no type"); } RangerTag existing = tagStore.getTagByGuid(guid); @@ -72,11 +73,11 @@ public class TagValidator { } public void preUpdateTagByName(String name, final RangerTag tag) throws Exception { - if (StringUtils.isNotBlank(tag.getName())) { - throw new Exception("tag has no name"); + if (StringUtils.isNotBlank(tag.getType())) { + throw new Exception("tag has no type"); } - List<RangerTag> exist = tagStore.getTagsByName(name); + List<RangerTag> exist = tagStore.getTagsByType(name); if (CollectionUtils.isEmpty(exist) || CollectionUtils.size(exist) != 1) { throw new Exception("Attempt to update nonexistent or multiple tags, name=" + name); } @@ -84,13 +85,13 @@ public class TagValidator { RangerTag onlyTag = exist.get(0); tag.setId(onlyTag.getId()); - tag.setName(name); + tag.setType(name); } - public RangerTag preDeleteTagById(Long id) throws Exception { + public RangerTag preDeleteTag(Long id) throws Exception { RangerTag exist; - exist = tagStore.getTagById(id); + exist = tagStore.getTag(id); if (exist == null) { throw new Exception("Attempt to delete nonexistent tag, id=" + id); } @@ -117,7 +118,7 @@ public class TagValidator { public RangerTag preDeleteTagByName(String name) throws Exception { List<RangerTag> exist; - exist = tagStore.getTagsByName(name); + exist = tagStore.getTagsByType(name); if (CollectionUtils.isEmpty(exist) || CollectionUtils.size(exist) != 1) { throw new Exception("Attempt to delete nonexistent or multiple tags, name=" + name); } @@ -131,33 +132,33 @@ public class TagValidator { } public void preCreateServiceResource(RangerServiceResource resource) throws Exception { - if (StringUtils.isBlank(resource.getServiceName()) - || resource.getResourceSpec() == null - || CollectionUtils.size(resource.getResourceSpec()) == 0) { - throw new Exception("No serviceName or resourceSpec in RangerServiceResource"); + if (StringUtils.isBlank(resource.getServiceName()) || MapUtils.isEmpty(resource.getResourceElements())) { + throw new Exception("No serviceName or resource in RangerServiceResource"); } - List<RangerServiceResource> exist; - exist = tagStore.getServiceResourcesByServiceAndResourceSpec(resource.getServiceName(), resource.getResourceSpec()); - if (CollectionUtils.isNotEmpty(exist)) { + RangerServiceResourceSignature serializer = new RangerServiceResourceSignature(resource); + + String resourceSignature = serializer.getSignature(); + + RangerServiceResource exist = tagStore.getServiceResourceByResourceSignature(resourceSignature); + + if (exist != null) { throw new Exception("Attempt to create existing resource, serviceName=" + resource.getServiceName()); } - RangerServiceResourceSignature serializer = new RangerServiceResourceSignature(resource); - resource.setResourceSignature(serializer.getSignature()); + + resource.setResourceSignature(resourceSignature); } - public void preUpdateServiceResourceById(Long id, RangerServiceResource resource) throws Exception { - if (StringUtils.isBlank(resource.getServiceName()) - || resource.getResourceSpec() == null - || CollectionUtils.size(resource.getResourceSpec()) == 0) { - throw new Exception("No serviceName or resourceSpec in RangerServiceResource"); + public void preUpdateServiceResource(Long id, RangerServiceResource resource) throws Exception { + if (StringUtils.isBlank(resource.getServiceName()) || MapUtils.isEmpty(resource.getResourceElements())) { + throw new Exception("No serviceName or resource in RangerServiceResource"); } if (id == null) { throw new Exception("Invalid/null id"); } - RangerServiceResource exist = tagStore.getServiceResourceById(id); + RangerServiceResource exist = tagStore.getServiceResource(id); if (exist == null) { throw new Exception("Attempt to update nonexistent resource, id=" + id); } @@ -169,10 +170,8 @@ public class TagValidator { } public void preUpdateServiceResourceByGuid(String guid, RangerServiceResource resource) throws Exception { - if (StringUtils.isBlank(resource.getServiceName()) - || resource.getResourceSpec() == null - || CollectionUtils.size(resource.getResourceSpec()) == 0) { - throw new Exception("No serviceName or resourceSpec in RangerServiceResource"); + if (StringUtils.isBlank(resource.getServiceName()) || MapUtils.isEmpty(resource.getResourceElements())) { + throw new Exception("No serviceName or resource in RangerServiceResource"); } RangerServiceResource existing = tagStore.getServiceResourceByGuid(guid); @@ -187,9 +186,9 @@ public class TagValidator { resource.setResourceSignature(serializer.getSignature()); } - public RangerServiceResource preDeleteServiceResourceById(Long id) throws Exception { + public RangerServiceResource preDeleteServiceResource(Long id) throws Exception { RangerServiceResource exist; - exist = tagStore.getServiceResourceById(id); + exist = tagStore.getServiceResource(id); if (exist == null) { throw new Exception("Attempt to delete nonexistent resource, id=" + id); } @@ -241,6 +240,24 @@ public class TagValidator { return newTagResourceMap; } + public RangerTagResourceMap preDeleteTagResourceMap(Long id) throws Exception { + RangerTagResourceMap existing = tagStore.getTagResourceMap(id); + if (existing == null) { + throw new Exception("Attempt to delete nonexistent tagResourceMap(id=" + id + ")"); + } + + return existing; + } + + public RangerTagResourceMap preDeleteTagResourceMapByGuid(String guid) throws Exception { + RangerTagResourceMap existing = tagStore.getTagResourceMapByGuid(guid); + if (existing == null) { + throw new Exception("Attempt to delete nonexistent tagResourceMap(guid=" + guid + ")"); + } + + return existing; + } + public RangerTagResourceMap preDeleteTagResourceMap(String tagGuid, String resourceGuid) throws Exception { RangerTagResourceMap existing = tagStore.getTagResourceMapForTagAndResourceGuid(tagGuid, resourceGuid); if (existing == null) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java index 0b4f0ca..dd8fd5c 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java @@ -20,7 +20,6 @@ package org.apache.ranger.plugin.store.file; import org.apache.commons.collections.CollectionUtils; -import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.ObjectUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; @@ -119,10 +118,10 @@ public class TagFileStore extends AbstractTagStore { LOG.debug("==> TagFileStore.createTagDef(" + tagDef + ")"); } - List<RangerTagDef> existing = getTagDefsByName(tagDef.getName()); + RangerTagDef existing = getTagDefByName(tagDef.getName()); - if (CollectionUtils.isNotEmpty(existing)) { - throw new Exception(tagDef.getName() + ": tag-def already exists (id=" + existing.get(0).getId() + ")"); + if (existing != null) { + throw new Exception(tagDef.getName() + ": tag-def already exists (id=" + existing.getId() + ")"); } RangerTagDef ret = null; @@ -157,15 +156,13 @@ public class TagFileStore extends AbstractTagStore { RangerTagDef existing = null; if(tagDef.getId() == null) { - List<RangerTagDef> existingDefs = getTagDefsByName(tagDef.getName()); + existing = getTagDefByName(tagDef.getName()); - if (CollectionUtils.isEmpty(existingDefs)) { + if (existing == null) { throw new Exception("tag-def does not exist: name=" + tagDef.getName()); } - - existing = existingDefs.get(0); } else { - existing = this.getTagDefById(tagDef.getId()); + existing = this.getTagDef(tagDef.getId()); if (existing == null) { throw new Exception("tag-def does not exist: id=" + tagDef.getId()); @@ -197,18 +194,16 @@ public class TagFileStore extends AbstractTagStore { } @Override - public void deleteTagDef(String name) throws Exception { + public void deleteTagDefByName(String name) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> TagFileStore.deleteTagDef(" + name + ")"); } - List<RangerTagDef> existingDefs = getTagDefsByName(name); + RangerTagDef existing = getTagDefByName(name); - if (CollectionUtils.isNotEmpty(existingDefs)) { + if (existing == null) { try { - for(RangerTagDef existing : existingDefs) { - deleteTagDef(existing); - } + deleteTagDef(existing); } catch (Exception excp) { throw new Exception("failed to delete tag-def with ID=" + name, excp); } @@ -220,26 +215,26 @@ public class TagFileStore extends AbstractTagStore { } @Override - public void deleteTagDefById(Long id) throws Exception { + public void deleteTagDef(Long id) throws Exception { if (LOG.isDebugEnabled()) { - LOG.debug("==> TagFileStore.deleteTagDefById(" + id + ")"); + LOG.debug("==> TagFileStore.deleteTagDef(" + id + ")"); } - RangerTagDef existing = getTagDefById(id); + RangerTagDef existing = getTagDef(id); if(existing != null) { deleteTagDef(existing); } if (LOG.isDebugEnabled()) { - LOG.debug("<== TagFileStore.deleteTagDefById(" + id + ")"); + LOG.debug("<== TagFileStore.deleteTagDef(" + id + ")"); } } @Override - public RangerTagDef getTagDefById(Long id) throws Exception { + public RangerTagDef getTagDef(Long id) throws Exception { if (LOG.isDebugEnabled()) { - LOG.debug("==> TagFileStore.getTagDefById(" + id + ")"); + LOG.debug("==> TagFileStore.getTagDef(" + id + ")"); } RangerTagDef ret = null; @@ -253,7 +248,7 @@ public class TagFileStore extends AbstractTagStore { } if (LOG.isDebugEnabled()) { - LOG.debug("<== TagFileStore.getTagDefById(" + id + "): " + ret); + LOG.debug("<== TagFileStore.getTagDef(" + id + "): " + ret); } return ret; @@ -285,23 +280,23 @@ public class TagFileStore extends AbstractTagStore { } @Override - public List<RangerTagDef> getTagDefsByName(String name) throws Exception { + public RangerTagDef getTagDefByName(String name) throws Exception { if (LOG.isDebugEnabled()) { - LOG.debug("==> TagFileStore.getTagDef(" + name + ")"); + LOG.debug("==> TagFileStore.getTagDefByName(" + name + ")"); } - List<RangerTagDef> ret = null; + RangerTagDef ret = null; if (StringUtils.isNotBlank(name)) { - SearchFilter filter = new SearchFilter(SearchFilter.TAG_DEF_NAME, name); + SearchFilter filter = new SearchFilter(SearchFilter.TAG_TYPE, name); List<RangerTagDef> tagDefs = getTagDefs(filter); - ret = CollectionUtils.isEmpty(tagDefs) ? null : tagDefs; + ret = CollectionUtils.isEmpty(tagDefs) ? null : tagDefs.get(0); } if (LOG.isDebugEnabled()) { - LOG.debug("<== TagFileStore.getTagDef(" + name + "): " + ret); + LOG.debug("<== TagFileStore.getTagDefByName(" + name + "): " + ret); } return ret; @@ -364,9 +359,9 @@ public class TagFileStore extends AbstractTagStore { postCreate(ret); } catch (Exception excp) { - LOG.warn("TagFileStore.createTag(): failed to save tag '" + tag.getName() + "'", excp); + LOG.warn("TagFileStore.createTag(): failed to save tag '" + tag.getType() + "'", excp); - throw new Exception("failed to save tag '" + tag.getName() + "'", excp); + throw new Exception("failed to save tag '" + tag.getType() + "'", excp); } if (LOG.isDebugEnabled()) { @@ -391,9 +386,9 @@ public class TagFileStore extends AbstractTagStore { postUpdate(tag); } catch (Exception excp) { - LOG.warn("TagFileStore.updateTag(): failed to save tag '" + tag.getName() + "'", excp); + LOG.warn("TagFileStore.updateTag(): failed to save tag '" + tag.getType() + "'", excp); - throw new Exception("failed to save tag '" + tag.getName() + "'", excp); + throw new Exception("failed to save tag '" + tag.getType() + "'", excp); } if (LOG.isDebugEnabled()) { @@ -404,13 +399,13 @@ public class TagFileStore extends AbstractTagStore { } @Override - public void deleteTagById(Long id) throws Exception { + public void deleteTag(Long id) throws Exception { if (LOG.isDebugEnabled()) { - LOG.debug("==> TagFileStore.deleteTagById(" + id + ")"); + LOG.debug("==> TagFileStore.deleteTag(" + id + ")"); } try { - RangerTag tag = getTagById(id); + RangerTag tag = getTag(id); deleteTag(tag); } catch (Exception excp) { @@ -418,14 +413,14 @@ public class TagFileStore extends AbstractTagStore { } if (LOG.isDebugEnabled()) { - LOG.debug("<== TagFileStore.deleteTagById(" + id + ")"); + LOG.debug("<== TagFileStore.deleteTag(" + id + ")"); } } @Override - public RangerTag getTagById(Long id) throws Exception { + public RangerTag getTag(Long id) throws Exception { if (LOG.isDebugEnabled()) { - LOG.debug("==> TagFileStore.getTagById(" + id + ")"); + LOG.debug("==> TagFileStore.getTag(" + id + ")"); } RangerTag ret = null; @@ -441,7 +436,7 @@ public class TagFileStore extends AbstractTagStore { } if (LOG.isDebugEnabled()) { - LOG.debug("<== TagFileStore.getTagDefById(" + id + "): " + ret); + LOG.debug("<== TagFileStore.getTagDef(" + id + "): " + ret); } return ret; @@ -473,17 +468,17 @@ public class TagFileStore extends AbstractTagStore { } @Override - public List<RangerTag> getTagsByName(String name) throws Exception { + public List<RangerTag> getTagsByType(String type) throws Exception { if (LOG.isDebugEnabled()) { - LOG.debug("==> TagFileStore.getTagsByName(" + name + ")"); + LOG.debug("==> TagFileStore.getTagsByType(" + type + ")"); } - SearchFilter filter = new SearchFilter(SearchFilter.TAG_NAME, name); + SearchFilter filter = new SearchFilter(SearchFilter.TAG_TYPE, type); List<RangerTag> ret = getTags(filter); if (LOG.isDebugEnabled()) { - LOG.debug("<== TagFileStore.getTagsByName(" + name + "): count=" + (ret == null ? 0 : ret.size())); + LOG.debug("<== TagFileStore.getTagsByType(" + type + "): count=" + (ret == null ? 0 : ret.size())); } return ret; @@ -622,13 +617,13 @@ public class TagFileStore extends AbstractTagStore { } @Override - public void deleteServiceResourceById(Long id) throws Exception { + public void deleteServiceResource(Long id) throws Exception { if (LOG.isDebugEnabled()) { - LOG.debug("==> TagFileStore.deleteServiceResourceById(" + id + ")"); + LOG.debug("==> TagFileStore.deleteServiceResource(" + id + ")"); } try { - RangerServiceResource resource = getServiceResourceById(id); + RangerServiceResource resource = getServiceResource(id); deleteServiceResource(resource); } catch (Exception excp) { @@ -636,14 +631,14 @@ public class TagFileStore extends AbstractTagStore { } if (LOG.isDebugEnabled()) { - LOG.debug("<== TagFileStore.deleteServiceResourceById(" + id + ")"); + LOG.debug("<== TagFileStore.deleteServiceResource(" + id + ")"); } } @Override - public RangerServiceResource getServiceResourceById(Long id) throws Exception { + public RangerServiceResource getServiceResource(Long id) throws Exception { if (LOG.isDebugEnabled()) { - LOG.debug("==> TagFileStore.getServiceResourceById(" + id + ")"); + LOG.debug("==> TagFileStore.getServiceResource(" + id + ")"); } RangerServiceResource ret = null; @@ -657,7 +652,7 @@ public class TagFileStore extends AbstractTagStore { } if (LOG.isDebugEnabled()) { - LOG.debug("<== TagFileStore.getServiceResourceById(" + id + "): " + ret); + LOG.debug("<== TagFileStore.getServiceResource(" + id + "): " + ret); } return ret; @@ -687,21 +682,44 @@ public class TagFileStore extends AbstractTagStore { } @Override - public List<RangerServiceResource> getServiceResourcesByServiceAndResourceSpec(String serviceName, Map<String, RangerPolicy.RangerPolicyResource> resourceSpec) throws Exception { + public List<RangerServiceResource> getServiceResourcesByService(String serviceName) throws Exception { if (LOG.isDebugEnabled()) { - LOG.debug("==> TagFileStore.getServiceResourcesByServiceAndResourceSpec(" + serviceName + ", " + resourceSpec + ")"); + LOG.debug("==> TagFileStore.getServiceResourcesByService(" + serviceName + ")"); } List<RangerServiceResource> ret = null; - if (MapUtils.isNotEmpty(resourceSpec)) { - RangerServiceResource resource = new RangerServiceResource(serviceName, resourceSpec); + if (StringUtils.isNotBlank(serviceName)) { + SearchFilter filter = new SearchFilter(SearchFilter.SERVICE_NAME, serviceName); - ret = getServiceResources(resource); + ret = getServiceResources(filter); } if (LOG.isDebugEnabled()) { - LOG.debug("<== TagFileStore.getServiceResourcesByServiceAndResourceSpec(" + serviceName + ", " + resourceSpec + "): count=" + (ret == null ? 0 : ret.size())); + LOG.debug("<== TagFileStore.getServiceResourcesByService(" + serviceName + "): count=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + @Override + public RangerServiceResource getServiceResourceByResourceSignature(String resourceSignature) throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.getServiceResourceByResourceSignature(" + resourceSignature + ")"); + } + + RangerServiceResource ret = null; + + if (StringUtils.isNotBlank(resourceSignature)) { + SearchFilter filter = new SearchFilter(SearchFilter.TAG_RESOURCE_SIGNATURE, resourceSignature); + + List<RangerServiceResource> resources = getServiceResources(filter); + + ret = CollectionUtils.isNotEmpty(resources) ? resources.get(0) : null; + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.getServiceResourceByResourceSignature(" + resourceSignature + "): " + ret); } return ret; @@ -770,13 +788,13 @@ public class TagFileStore extends AbstractTagStore { } @Override - public void deleteTagResourceMapById(Long id) throws Exception { + public void deleteTagResourceMap(Long id) throws Exception { if (LOG.isDebugEnabled()) { - LOG.debug("==> TagFileStore.deleteTagResourceMapById(" + id + ")"); + LOG.debug("==> TagFileStore.deleteTagResourceMap(" + id + ")"); } try { - RangerTagResourceMap tagResourceMap = getTagResourceMapById(id); + RangerTagResourceMap tagResourceMap = getTagResourceMap(id); deleteTagResourceMap(tagResourceMap); } catch (Exception excp) { @@ -784,14 +802,14 @@ public class TagFileStore extends AbstractTagStore { } if (LOG.isDebugEnabled()) { - LOG.debug("<== TagFileStore.deleteTagResourceMapById(" + id + ")"); + LOG.debug("<== TagFileStore.deleteTagResourceMap(" + id + ")"); } } @Override - public RangerTagResourceMap getTagResourceMapById(Long id) throws Exception { + public RangerTagResourceMap getTagResourceMap(Long id) throws Exception { if (LOG.isDebugEnabled()) { - LOG.debug("==> TagFileStore.getTagResourceMapById(" + id + ")"); + LOG.debug("==> TagFileStore.getTagResourceMap(" + id + ")"); } RangerTagResourceMap ret = null; @@ -807,7 +825,32 @@ public class TagFileStore extends AbstractTagStore { } if (LOG.isDebugEnabled()) { - LOG.debug("<== TagFileStore.getTagResourceMapById(" + id + "): " + ret); + LOG.debug("<== TagFileStore.getTagResourceMap(" + id + "): " + ret); + } + + return ret; + } + + @Override + public RangerTagResourceMap getTagResourceMapByGuid(String guid) throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.getTagResourceMapByGuid(" + guid + ")"); + } + + RangerTagResourceMap ret = null; + + SearchFilter filter = new SearchFilter(); + + filter.setParam(SearchFilter.TAG_MAP_GUID, guid.toString()); + + List<RangerTagResourceMap> list = getTagResourceMaps(filter); + + if (CollectionUtils.isNotEmpty(list)) { + ret = list.get(0); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.getTagResourceMapByGuid(" + guid + "): " + ret); } return ret; @@ -859,7 +902,7 @@ public class TagFileStore extends AbstractTagStore { @Override public List<RangerTagResourceMap> getTagResourceMapsForResourceId(Long resourceId) throws Exception { if (LOG.isDebugEnabled()) { - LOG.debug("==> TagFileStore.getTagResourceMapById(" + resourceId + ")"); + LOG.debug("==> TagFileStore.getTagResourceMap(" + resourceId + ")"); } SearchFilter filter = new SearchFilter(); @@ -869,7 +912,7 @@ public class TagFileStore extends AbstractTagStore { List<RangerTagResourceMap> ret = getTagResourceMaps(filter); if (LOG.isDebugEnabled()) { - LOG.debug("<== TagFileStore.getTagResourceMapById(" + resourceId + "): " + ret); + LOG.debug("<== TagFileStore.getTagResourceMap(" + resourceId + "): " + ret); } return ret; @@ -1076,7 +1119,7 @@ public class TagFileStore extends AbstractTagStore { } @Override - public List<String> getTags(String serviceName) throws Exception { + public List<String> getTagTypes(String serviceName) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> TagFileStore.getTags(" + serviceName + ")"); } @@ -1087,7 +1130,7 @@ public class TagFileStore extends AbstractTagStore { List<RangerTag> allTags = getAllTags(); for (RangerTag tag : allTags) { - ret.add(tag.getName()); + ret.add(tag.getType()); } if (LOG.isDebugEnabled()) { @@ -1098,35 +1141,35 @@ public class TagFileStore extends AbstractTagStore { } @Override - public List<String> lookupTags(String serviceName, String tagNamePattern) throws Exception { + public List<String> lookupTagTypes(String serviceName, String pattern) throws Exception { if (LOG.isDebugEnabled()) { - LOG.debug("==> TagFileStore.lookupTags(" + serviceName + ", " + tagNamePattern + ")"); + LOG.debug("==> TagFileStore.lookupTags(" + serviceName + ", " + pattern + ")"); } List<String> ret = new ArrayList<String>(); - List<String> tags = getTags(serviceName); + List<String> tags = getTagTypes(serviceName); if (CollectionUtils.isNotEmpty(tags)) { - Pattern p = Pattern.compile(tagNamePattern); - for (String tagName : tags) { - Matcher m = p.matcher(tagName); + Pattern p = Pattern.compile(pattern); + for (String tagType : tags) { + Matcher m = p.matcher(tagType); if (LOG.isDebugEnabled()) { - LOG.debug("TagFileStore.lookupTags) - Trying to match .... tagNamePattern=" + tagNamePattern + ", tagName=" + tagName); + LOG.debug("TagFileStore.lookupTags) - Trying to match .... pattern=" + pattern + ", tagType=" + tagType); } if (m.matches()) { if (LOG.isDebugEnabled()) { - LOG.debug("TagFileStore.lookupTags) - Match found.... tagNamePattern=" + tagNamePattern + ", tagName=" + tagName); + LOG.debug("TagFileStore.lookupTags) - Match found.... pattern=" + pattern + ", tagType=" + tagType); } - ret.add(tagName); + ret.add(tagType); } } } if (LOG.isDebugEnabled()) { - LOG.debug("<== TagFileStore.lookupTags(" + serviceName + ", " + tagNamePattern + "): count=" + ret.size()); + LOG.debug("<== TagFileStore.lookupTags(" + serviceName + ", " + pattern + "): count=" + ret.size()); } return ret; @@ -1144,7 +1187,7 @@ public class TagFileStore extends AbstractTagStore { if (CollectionUtils.isNotEmpty(associations)) { for (RangerTagResourceMap association : associations) { - RangerTag tag = getTagById(association.getTagId()); + RangerTag tag = getTag(association.getTagId()); if (tag != null) { tagList.add(tag); } @@ -1211,7 +1254,7 @@ public class TagFileStore extends AbstractTagStore { for (int i = 0; i < ret.size(); i++) { RangerTag currSd = ret.get(i); - if (StringUtils.equals(currSd.getName(), sd.getName()) || + if (StringUtils.equals(currSd.getType(), sd.getType()) || ObjectUtils.equals(currSd.getId(), sd.getId())) { ret.remove(i); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java index 743df88..25d69f0 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java @@ -53,15 +53,15 @@ public class SearchFilter { public static final String TAG_DEF_ID = "tagDefId"; // search public static final String TAG_DEF_GUID = "tagDefGuid"; // search - public static final String TAG_DEF_NAME = "tagDefName"; // search + public static final String TAG_TYPE = "tagType"; // search public static final String TAG_ID = "tagId"; // search public static final String TAG_GUID = "tagGuid"; // search - public static final String TAG_NAME = "tagName"; // search public static final String TAG_RESOURCE_ID = "resourceId"; // search public static final String TAG_RESOURCE_GUID = "resourceGuid"; // search public static final String TAG_RESOURCE_SERVICE_NAME = "resourceServiceName"; // search public static final String TAG_RESOURCE_SIGNATURE = "resourceSignature"; // search public static final String TAG_MAP_ID = "tagResourceMapId"; // search + public static final String TAG_MAP_GUID = "tagResourceMapGuid"; // search private Map<String, String> params = null; private int startIndex = 0; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java b/agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java index 2e282ab..375f0b8 100644 --- a/agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java +++ b/agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java @@ -63,7 +63,7 @@ public class RangerServiceTag extends RangerBaseService { RangerAdminClient adminClient = createAdminClient(serviceName); try { - adminClient.getTagNames(".*"); + adminClient.getTagTypes(".*"); connectivityStatus = true; } catch (Exception e) { LOG.error("RangerServiceTag.validateConfig() Error:" + e); @@ -90,7 +90,7 @@ public class RangerServiceTag extends RangerBaseService { LOG.debug("==> RangerServiceTag.lookupResource - Context: (" + context + ")"); } - List<String> tagNameList = new ArrayList<>(); + List<String> tagTypeList = new ArrayList<>(); if (context != null) { @@ -106,25 +106,25 @@ public class RangerServiceTag extends RangerBaseService { } String suffix = ".*"; - String tagNamePattern; + String pattern; if (userInput == null) { - tagNamePattern = suffix; + pattern = suffix; } else { - tagNamePattern = userInput + suffix; + pattern = userInput + suffix; } if (LOG.isDebugEnabled()) { - LOG.debug("RangerServiceTag.lookupResource - tagNamePattern : (" + tagNamePattern + ")"); + LOG.debug("RangerServiceTag.lookupResource - pattern : (" + pattern + ")"); } try { RangerAdminClient adminClient = createAdminClient(serviceName); - tagNameList = adminClient.getTagNames(tagNamePattern); + tagTypeList = adminClient.getTagTypes(pattern); - tagNameList.removeAll(userProvidedTagList); + tagTypeList.removeAll(userProvidedTagList); } catch (Exception e) { LOG.error("RangerServiceTag.lookupResource - Exception={" + e + "}. " + "Please check " + @@ -137,7 +137,7 @@ public class RangerServiceTag extends RangerBaseService { LOG.debug("<== RangerServiceTag.lookupResource()"); } - return tagNameList; + return tagTypeList; } public static RangerAdminClient createAdminClient( String tagServiceName ) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/test/java/org/apache/ranger/plugin/store/TestTagStore.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/store/TestTagStore.java b/agents-common/src/test/java/org/apache/ranger/plugin/store/TestTagStore.java index 5424158..5b867ad 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/store/TestTagStore.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/store/TestTagStore.java @@ -149,38 +149,38 @@ public class TestTagStore { @Test public void testTagStore_tag() throws Exception { - String tagName = "ssn"; - String newTagName = "new-ssn"; + String tagType = "ssn"; + String newTagType = "new-ssn"; List<RangerTag> tags = tagStore.getTags(filter); int initTagCount = tags == null ? 0 : tags.size(); - RangerTag tag = new RangerTag(tagName, new HashMap<String, String>()); + RangerTag tag = new RangerTag(tagType, new HashMap<String, String>()); tag.setGuid("GUID_TAG_TEST"); validator.preCreateTag(tag); RangerTag createdTag = tagStore.createTag(tag); assertNotNull("createTag() failed", createdTag); - assertTrue("createTag() name mismatch", createdTag.getName().equals(tag.getName())); + assertTrue("createTag() type mismatch", createdTag.getType().equals(tag.getType())); assertTrue("createTag() GUID mismatch", createdTag.getGuid().equals(tag.getGuid())); tags = tagStore.getTags(filter); assertEquals("createTag() failed", initTagCount + 1, tags == null ? 0 : tags.size()); - createdTag.setName(newTagName); - validator.preUpdateTagById(createdTag.getId(), createdTag); + createdTag.setType(newTagType); + validator.preUpdateTag(createdTag.getId(), createdTag); RangerTag updatedTag = tagStore.updateTag(createdTag); - tag = tagStore.getTagById(updatedTag.getId()); + tag = tagStore.getTag(updatedTag.getId()); - assertTrue("updateTag() name mismatch", tag.getName().equals(updatedTag.getName())); + assertTrue("updateTag() type mismatch", tag.getType().equals(updatedTag.getType())); assertTrue("updatedTag() GUID mismatch", tag.getGuid().equals(updatedTag.getGuid())); - validator.preDeleteTagById(createdTag.getId()); - tagStore.deleteTagById(createdTag.getId()); + validator.preDeleteTag(createdTag.getId()); + tagStore.deleteTag(createdTag.getId()); tags = tagStore.getTags(filter); @@ -188,8 +188,8 @@ public class TestTagStore { // Try deleting it again try { - validator.preDeleteTagById(createdTag.getId()); - tagStore.deleteTagById(createdTag.getId()); + validator.preDeleteTag(createdTag.getId()); + tagStore.deleteTag(createdTag.getId()); assertTrue("deleteTag() failed. Deleted tag again successfully? ", false); } catch (Exception exception) { assertTrue(true); @@ -202,11 +202,11 @@ public class TestTagStore { String guid = "GUID_SERVICERESOURCE_TEST"; String newGuid = "NEW_GUID_SERVICERESOURCE_TEST"; - Map<String, RangerPolicyResource> resourceResources = new HashMap<String, RangerPolicyResource>(); + Map<String, RangerPolicyResource> resourceElements = new HashMap<String, RangerPolicyResource>(); - RangerPolicyResource resource = new RangerPolicyResource(); - resource.setValue("*"); - resourceResources.put("database", resource); + RangerPolicyResource resourceElement = new RangerPolicyResource(); + resourceElement.setValue("*"); + resourceElements.put("database", resourceElement); List<RangerServiceResource> serviceResources = tagStore.getServiceResources(filter); @@ -214,7 +214,7 @@ public class TestTagStore { RangerServiceResource serviceResource = new RangerServiceResource(); serviceResource.setServiceName(serviceName); - serviceResource.setResourceSpec(resourceResources); + serviceResource.setResourceElements(resourceElements); serviceResource.setGuid(guid); validator.preCreateServiceResource(serviceResource); @@ -228,15 +228,15 @@ public class TestTagStore { assertEquals("createServiceResource() failed", initServiceResourceCount + 1, serviceResources == null ? 0 : serviceResources.size()); createdServiceResource.setGuid(newGuid); - validator.preUpdateServiceResourceById(createdServiceResource.getId(), createdServiceResource); + validator.preUpdateServiceResource(createdServiceResource.getId(), createdServiceResource); RangerServiceResource updatedServiceResource = tagStore.updateServiceResource(createdServiceResource); - serviceResource = tagStore.getServiceResourceById(updatedServiceResource.getId()); + serviceResource = tagStore.getServiceResource(updatedServiceResource.getId()); assertTrue("updatedServiceResource() GUID mismatch", serviceResource.getGuid().equals(updatedServiceResource.getGuid())); - validator.preDeleteServiceResourceById(updatedServiceResource.getId()); - tagStore.deleteServiceResourceById(updatedServiceResource.getId()); + validator.preDeleteServiceResource(updatedServiceResource.getId()); + tagStore.deleteServiceResource(updatedServiceResource.getId()); serviceResources = tagStore.getServiceResources(filter); @@ -244,8 +244,8 @@ public class TestTagStore { // Try deleting it again try { - validator.preDeleteServiceResourceById(createdServiceResource.getId()); - tagStore.deleteServiceResourceById(createdServiceResource.getId()); + validator.preDeleteServiceResource(createdServiceResource.getId()); + tagStore.deleteServiceResource(createdServiceResource.getId()); assertTrue("deleteServiceResource() failed. Deleted serviceResource again successfully? ", false); } catch (Exception exception) { assertTrue(true); @@ -255,7 +255,7 @@ public class TestTagStore { @Test public void testTagStore_tagResourceMap() throws Exception { - String tagName = "ssn"; + String tagType = "ssn"; String resourceGuid = "GUID_SERVICERESOURCE_TEST"; String tagGuid = "GUID_TAG_TEST"; @@ -264,7 +264,7 @@ public class TestTagStore { int initTagCount = tags == null ? 0 : tags.size(); - RangerTag tag = new RangerTag(tagName, new HashMap<String, String>()); + RangerTag tag = new RangerTag(tagType, new HashMap<String, String>()); tag.setGuid(tagGuid); validator.preCreateTag(tag); @@ -275,11 +275,11 @@ public class TestTagStore { assertEquals("createTag() failed", initTagCount + 1, tags == null ? 0 : tags.size()); - Map<String, RangerPolicyResource> resourceResources = new HashMap<String, RangerPolicyResource>(); + Map<String, RangerPolicyResource> resourceElements = new HashMap<String, RangerPolicyResource>(); RangerPolicyResource resource = new RangerPolicyResource(); resource.setValue("*"); - resourceResources.put("database", resource); + resourceElements.put("database", resource); List<RangerServiceResource> serviceResources = tagStore.getServiceResources(filter); @@ -287,7 +287,7 @@ public class TestTagStore { RangerServiceResource serviceResource = new RangerServiceResource(); serviceResource.setServiceName(serviceName); - serviceResource.setResourceSpec(resourceResources); + serviceResource.setResourceElements(resourceElements); serviceResource.setGuid(resourceGuid); validator.preCreateServiceResource(serviceResource); @@ -314,13 +314,13 @@ public class TestTagStore { // Delete all created entities RangerTagResourceMap map = validator.preDeleteTagResourceMap(tagGuid, resourceGuid); - tagStore.deleteTagResourceMapById(map.getId()); + tagStore.deleteTagResourceMap(map.getId()); - validator.preDeleteServiceResourceById(createdServiceResource.getId()); - tagStore.deleteServiceResourceById(createdServiceResource.getId()); + validator.preDeleteServiceResource(createdServiceResource.getId()); + tagStore.deleteServiceResource(createdServiceResource.getId()); - validator.preDeleteTagById(createdTag.getId()); - tagStore.deleteTagById(createdTag.getId()); + validator.preDeleteTag(createdTag.getId()); + tagStore.deleteTag(createdTag.getId()); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json index 86332e3..16dcf6f 100644 --- a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json +++ b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json @@ -139,7 +139,7 @@ "request":{ "resource":{"elements":{"path":"/finance/restricted/sales.db"}}, "accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/sales.db", - "context": {"TAGS":"[{\"name\":\"PII\"}]"} + "context": {"TAGS":"[{\"type\":\"PII\"}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":101} } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json index f7fab3d..1b5f345 100644 --- a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json +++ b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json @@ -216,7 +216,7 @@ "request":{ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1", - "context": {"TAGS":"[{\"name\":\"EXPIRES_ON\", \"attributeValues\":{\"expiry_date\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":5} }, @@ -224,7 +224,7 @@ "request":{ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1", - "context": {"TAGS":"[{\"name\":\"EXPIRES_ON\", \"attributeValues\":{\"expiry_date\":\"Mon Aug 10 13:00:00 PDT 2015\"}}]"} + "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"Mon Aug 10 13:00:00 PDT 2015\"}}]"} }, "result":{"isAudited":true,"isAllowed":false,"policyId":5} }, @@ -232,7 +232,7 @@ "request":{ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1", - "context": {"TAGS":"[{\"name\":\"EXPIRES_ON\", \"attributeValues\":{\"expiry_date\":\"Mon Aug 10 13:00:00 PDT 2015\"}}]"} + "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"Mon Aug 10 13:00:00 PDT 2015\"}}]"} }, "result":{"isAudited":true,"isAllowed":false,"policyId":5} }, @@ -240,7 +240,7 @@ "request":{ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, "accessType":"select","user":"dataloader","userGroups":[],"requestData":"select ssn from employee.personal;' for dataloader", - "context": {"TAGS":"[{\"name\":\"EXPIRES_ON\", \"attributeValues\":{\"expiry_date\":\"Mon Aug 10 13:00:00 PDT 2015\"}}]"} + "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"Mon Aug 10 13:00:00 PDT 2015\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":5} }, @@ -248,7 +248,7 @@ "request":{ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1", - "context": {"TAGS":"[{\"name\":\"RESTRICTED\", \"attributeValues\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"RESTRICTED\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":1} }, @@ -256,7 +256,7 @@ "request":{ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, "accessType":"select","user":"user2","userGroups":[],"requestData":"select ssn from employee.personal;' for user2", - "context": {"TAGS":"[{\"name\":\"RESTRICTED-FINAL\", \"attributeValues\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"RESTRICTED-FINAL\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} }, "result":{"isAudited":true,"isAllowed":false,"policyId":4} }, @@ -281,7 +281,7 @@ "request":{ "resource":{"elements":{"database":"default", "table":"table1", "column":"name"}}, "accessType":"select","user":"hive","userGroups":[],"requestData":"select name from default.table1;' for hive", - "context": {"TAGS":"[{\"name\":\"PII\", \"attributeValues\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":2} }, @@ -289,7 +289,7 @@ "request":{ "resource":{"elements":{"database":"default", "table":"table1"}}, "accessType":"","user":"hive","userGroups":[],"requestData":"desc default.table1;' for hive", - "context": {"TAGS":"[{\"name\":\"PII\", \"attributeValues\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":2} }, @@ -297,7 +297,7 @@ "request":{ "resource":{"elements":{"database":"default", "table":"table1"}}, "accessType":"","user":"user1","userGroups":[],"requestData":"desc default.table1;' for user1", - "context": {"TAGS":"[{\"name\":\"PII-FINAL\", \"attributeValues\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} }, "result":{"isAudited":true,"isAllowed":false,"policyId":3} }, @@ -305,7 +305,7 @@ "request":{ "resource":{"elements":{"database":"default"}}, "accessType":"","user":"hive","userGroups":[],"requestData":"use default", - "context": {"TAGS":"[{\"name\":\"PII-FINAL\", \"attributeValues\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":3} }, @@ -313,7 +313,7 @@ "request":{ "resource":{"elements":{"database":"default"}}, "accessType":"","user":"user1","userGroups":[],"requestData":"use default for user1", - "context": {"TAGS":"[{\"name\":\"PII-FINAL\", \"attributeValues\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} }, "result":{"isAudited":true,"isAllowed":false,"policyId":3} }, @@ -321,7 +321,7 @@ "request":{ "resource":{"elements":{"database":"default", "table":"table1", "column":"name"}}, "accessType":"select","user":"hive","userGroups":[],"requestData":"select * from default.table1", - "context": {"TAGS":"[{\"name\":\"PII\", \"attributeValues\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":2} } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java ---------------------------------------------------------------------- diff --git a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java index b49fb3a..5cb3cb1 100644 --- a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java +++ b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java @@ -208,8 +208,8 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { } @Override - public List<String> getTagNames(String tagNamePattern) throws Exception { - throw new Exception("RangerAdminjersey2RESTClient.getTagNames() -- *** NOT IMPLEMENTED *** "); + public List<String> getTagTypes(String pattern) throws Exception { + throw new Exception("RangerAdminjersey2RESTClient.getTagTypes() -- *** NOT IMPLEMENTED *** "); } // We get date from the policy manager as unix long! This deserializer exists to deal with it. Remove this class once we start send date/time per RFC 3339 http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/security-admin/db/mysql/patches/016-updated-schema-for-tag-based-policy.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/mysql/patches/016-updated-schema-for-tag-based-policy.sql b/security-admin/db/mysql/patches/016-updated-schema-for-tag-based-policy.sql index 629d1c4..79699ce 100644 --- a/security-admin/db/mysql/patches/016-updated-schema-for-tag-based-policy.sql +++ b/security-admin/db/mysql/patches/016-updated-schema-for-tag-based-policy.sql @@ -34,6 +34,7 @@ CREATE TABLE IF NOT EXISTS `x_tag_def` ( `is_enabled` TINYINT NULL DEFAULT 1, PRIMARY KEY (`id`), UNIQUE INDEX `guid_UNIQUE` (`guid` ASC), + UNIQUE INDEX `name_UNIQUE` (`name` ASC), INDEX `fk_X_TAG_DEF_NAME` (`name` ASC), INDEX `fk_X_TAG_DEF_ADDED_BY_ID` (`added_by_id` ASC), INDEX `fk_X_TAG_DEF_UPD_BY_ID` (`upd_by_id` ASC), @@ -62,14 +63,14 @@ CREATE TABLE IF NOT EXISTS `x_tag` ( `update_time` DATETIME NULL, `added_by_id` BIGINT(20) NULL, `upd_by_id` BIGINT(20) NULL, - `name` VARCHAR(512) NOT NULL, + `type` BIGINT(20) NOT NULL, PRIMARY KEY (`id`), - INDEX `fk_X_TAG_NAME` (`name` ASC), + INDEX `fk_X_TAG_TYPE` (`type` ASC), INDEX `fk_X_TAG_ADDED_BY_ID` (`added_by_id` ASC), INDEX `fk_X_TAG_UPD_BY_ID` (`upd_by_id` ASC), - CONSTRAINT `fk_X_TAG_NAME` - FOREIGN KEY (`name`) - REFERENCES `x_tag_def` (`name`) + CONSTRAINT `fk_X_TAG_TYPE` + FOREIGN KEY (`type`) + REFERENCES `x_tag_def` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION, CONSTRAINT `fk_X_TAG_ADDED_BY_ID` http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/da832711/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index a4765ac..e9454f9 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -1819,9 +1819,9 @@ public class ServiceDBStore extends AbstractServiceStore { if (tagResourceDefName != null && isConditionDefFound) { - String tagName = "EXPIRES_ON"; + String tagType = "EXPIRES_ON"; - String policyName = createdService.getName() + "-" + tagName; + String policyName = createdService.getName() + "-" + tagType; RangerPolicy policy = new RangerPolicy(); @@ -1829,7 +1829,7 @@ public class ServiceDBStore extends AbstractServiceStore { policy.setVersion(1L); policy.setName(policyName); policy.setService(createdService.getName()); - policy.setDescription(tagName + " Policy for TAG Service: " + createdService.getName()); + policy.setDescription(tagType + " Policy for TAG Service: " + createdService.getName()); policy.setIsAuditEnabled(true); policy.setPolicyType(RangerPolicy.POLICY_TYPE_EXCLUSIVE_ALLOW); @@ -1838,7 +1838,7 @@ public class ServiceDBStore extends AbstractServiceStore { RangerPolicyResource polRes = new RangerPolicyResource(); polRes.setIsExcludes(false); polRes.setIsRecursive(false); - polRes.setValue(tagName); + polRes.setValue(tagType); resourceMap.put(tagResourceDefName, polRes); policy.setResources(resourceMap);
