Repository: incubator-ranger Updated Branches: refs/heads/tag-policy da8327114 -> 92c96502a
RANGER-274: Updated date format for tag attributes Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/92c96502 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/92c96502 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/92c96502 Branch: refs/heads/tag-policy Commit: 92c96502a89dfad8471e7c7c4abb20e8d1ad92bf Parents: da83271 Author: Abhay Kulkarni <[email protected]> Authored: Mon Aug 31 17:33:18 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Mon Aug 31 18:14:35 2015 -0700 ---------------------------------------------------------------------- .../ranger/authorization/utils/StringUtil.java | 12 +++++++++ .../RangerScriptExecutionContext.java | 11 +++++++-- .../test_policyengine_tag_hive.json | 26 +++++++++++--------- 3 files changed, 35 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/92c96502/agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java b/agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java index f6f3d2d..765d65f 100644 --- a/agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java +++ b/agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java @@ -273,4 +273,16 @@ public class StringUtil { return utc.getTime(); } + + public static Date getUTCDateForLocalDate(Date date) { + Calendar local = Calendar.getInstance(); + int offset = local.getTimeZone().getOffset(local.getTimeInMillis()); + + GregorianCalendar utc = new GregorianCalendar(gmtTimeZone); + + utc.setTimeInMillis(date.getTime()); + utc.add(Calendar.MILLISECOND, -offset); + + return utc.getTime(); + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/92c96502/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java index 44bd03f..418021c 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java @@ -23,17 +23,19 @@ import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.ranger.authorization.utils.StringUtil; import org.apache.ranger.plugin.model.RangerTag; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; import org.apache.ranger.plugin.policyengine.RangerAccessResource; import org.apache.ranger.plugin.policyengine.RangerPolicyEngine; +import java.text.ParsePosition; import java.text.SimpleDateFormat; import java.util.*; public final class RangerScriptExecutionContext { private static final Log LOG = LogFactory.getLog(RangerScriptExecutionContext.class); - public static final String DATETIME_FORMAT_PATTERN = "EEE MMM dd HH:mm:ss z yyyy"; + public static final String DATETIME_FORMAT_PATTERN = "yyyy/MM/dd"; private final RangerAccessRequest accessRequest; private Boolean result = false; @@ -198,7 +200,12 @@ public final class RangerScriptExecutionContext { if (StringUtils.isNotBlank(value)) { SimpleDateFormat df = new SimpleDateFormat(DATETIME_FORMAT_PATTERN); try { - ret = df.parse(value); + Date expiryDate = df.parse(value); + if (expiryDate == null) { + LOG.error("Could not parse provided expiry_date into a valid date, expiry_date=" + value + ", Format-String=" + DATETIME_FORMAT_PATTERN); + } else { + ret = StringUtil.getUTCDateForLocalDate(expiryDate); + } } catch (Exception ex) { LOG.error("RangerScriptExecutionContext.getAsDate() - Could not convert " + value + " to Date, exception=" + ex); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/92c96502/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json index 1b5f345..6507809 100644 --- a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json +++ b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json @@ -216,7 +216,8 @@ "request":{ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1", - "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + + "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"2026/06/15\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":5} }, @@ -224,7 +225,8 @@ "request":{ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1", - "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"Mon Aug 10 13:00:00 PDT 2015\"}}]"} + + "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"2015/08/10\"}}]"} }, "result":{"isAudited":true,"isAllowed":false,"policyId":5} }, @@ -232,7 +234,7 @@ "request":{ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1", - "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"Mon Aug 10 13:00:00 PDT 2015\"}}]"} + "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"2015/08/10\"}}]"} }, "result":{"isAudited":true,"isAllowed":false,"policyId":5} }, @@ -240,7 +242,7 @@ "request":{ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, "accessType":"select","user":"dataloader","userGroups":[],"requestData":"select ssn from employee.personal;' for dataloader", - "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"Mon Aug 10 13:00:00 PDT 2015\"}}]"} + "context": {"TAGS":"[{\"type\":\"EXPIRES_ON\", \"attributes\":{\"expiry_date\":\"2015/08/10\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":5} }, @@ -248,7 +250,7 @@ "request":{ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, "accessType":"select","user":"user1","userGroups":[],"requestData":"select ssn from employee.personal;' for user1", - "context": {"TAGS":"[{\"type\":\"RESTRICTED\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"RESTRICTED\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":1} }, @@ -256,7 +258,7 @@ "request":{ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, "accessType":"select","user":"user2","userGroups":[],"requestData":"select ssn from employee.personal;' for user2", - "context": {"TAGS":"[{\"type\":\"RESTRICTED-FINAL\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"RESTRICTED-FINAL\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"} }, "result":{"isAudited":true,"isAllowed":false,"policyId":4} }, @@ -281,7 +283,7 @@ "request":{ "resource":{"elements":{"database":"default", "table":"table1", "column":"name"}}, "accessType":"select","user":"hive","userGroups":[],"requestData":"select name from default.table1;' for hive", - "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":2} }, @@ -289,7 +291,7 @@ "request":{ "resource":{"elements":{"database":"default", "table":"table1"}}, "accessType":"","user":"hive","userGroups":[],"requestData":"desc default.table1;' for hive", - "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":2} }, @@ -297,7 +299,7 @@ "request":{ "resource":{"elements":{"database":"default", "table":"table1"}}, "accessType":"","user":"user1","userGroups":[],"requestData":"desc default.table1;' for user1", - "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"} }, "result":{"isAudited":true,"isAllowed":false,"policyId":3} }, @@ -305,7 +307,7 @@ "request":{ "resource":{"elements":{"database":"default"}}, "accessType":"","user":"hive","userGroups":[],"requestData":"use default", - "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":3} }, @@ -313,7 +315,7 @@ "request":{ "resource":{"elements":{"database":"default"}}, "accessType":"","user":"user1","userGroups":[],"requestData":"use default for user1", - "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"PII-FINAL\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"} }, "result":{"isAudited":true,"isAllowed":false,"policyId":3} }, @@ -321,7 +323,7 @@ "request":{ "resource":{"elements":{"database":"default", "table":"table1", "column":"name"}}, "accessType":"select","user":"hive","userGroups":[],"requestData":"select * from default.table1", - "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"Mon Jun 15 13:00:00 PDT 2026\"}}]"} + "context": {"TAGS":"[{\"type\":\"PII\", \"attributes\":{\"expiry\":\"2026/06/15\"}}]"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":2} }
