http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hbase-plugin-shim/src/main/test/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java ---------------------------------------------------------------------- diff --git a/ranger-hbase-plugin-shim/src/main/test/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java b/ranger-hbase-plugin-shim/src/main/test/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java new file mode 100644 index 0000000..aa66d08 --- /dev/null +++ b/ranger-hbase-plugin-shim/src/main/test/org/apache/hadoop/hbase/security/access/RangerAccessControlListsTest.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.hadoop.hbase.security.access; + +import java.io.IOException; + +import org.apache.hadoop.hbase.master.MasterServices; +import org.junit.After; +import org.junit.Assert; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +public class RangerAccessControlListsTest { + + @BeforeClass + public static void setUpBeforeClass() throws Exception { + } + + @AfterClass + public static void tearDownAfterClass() throws Exception { + } + + @Before + public void setUp() throws Exception { + } + + @After + public void tearDown() throws Exception { + } + + @Test + public void testInit() { + IOException exceptionFound = null ; + try { + MasterServices service = null ; + RangerAccessControlLists.init(service) ; + } catch (IOException e) { + exceptionFound = e ; + } + Assert.assertFalse("Expected to get a NullPointerExecution after init method Execution - Found [" + exceptionFound + "]", (!(exceptionFound != null && exceptionFound.getCause() instanceof NullPointerException))) ; + } + +}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hdfs-plugin-shim/pom.xml ---------------------------------------------------------------------- diff --git a/ranger-hdfs-plugin-shim/pom.xml b/ranger-hdfs-plugin-shim/pom.xml new file mode 100644 index 0000000..a44abb3 --- /dev/null +++ b/ranger-hdfs-plugin-shim/pom.xml @@ -0,0 +1,74 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>security_plugins.ranger-hdfs-plugin-shim</groupId> + <artifactId>ranger-hdfs-plugin-shim</artifactId> + <name>Hdfs Security Plugin Shim</name> + <description>Hdfs Security Plugins Shim</description> + <packaging>jar</packaging> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <parent> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger</artifactId> + <version>0.5.0</version> + <relativePath>..</relativePath> + </parent> + <dependencies> + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + <version>${commons.logging.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hadoop</groupId> + <artifactId>hadoop-common</artifactId> + <version>${hadoop.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hadoop</groupId> + <artifactId>hadoop-hdfs</artifactId> + <version>${hadoop.version}</version> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + </dependency> + <dependency> + <groupId>org.mockito</groupId> + <artifactId>mockito-core</artifactId> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugins-audit</groupId> + <artifactId>ranger-plugins-audit</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugins-common</groupId> + <artifactId>ranger-plugins-common</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugin-classloader</groupId> + <artifactId>ranger-plugin-classloader</artifactId> + <version>${project.version}</version> + </dependency> + </dependencies> +</project> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hdfs-plugin-shim/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java ---------------------------------------------------------------------- diff --git a/ranger-hdfs-plugin-shim/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/ranger-hdfs-plugin-shim/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java new file mode 100644 index 0000000..a19d072 --- /dev/null +++ b/ranger-hdfs-plugin-shim/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java @@ -0,0 +1,191 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.authorization.hadoop; + + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider; +import org.apache.hadoop.hdfs.server.namenode.INodeAttributes; +import org.apache.ranger.plugin.classloader.RangerPluginClassLoader; + +public class RangerHdfsAuthorizer extends INodeAttributeProvider { + private static final Log LOG = LogFactory.getLog(RangerHdfsAuthorizer.class); + + private static final String RANGER_PLUGIN_TYPE = "hdfs"; + private static final String[] RANGER_PLUGIN_LIB_DIR = new String[] {"lib/ranger-hdfs-plugin"}; + private static final String RANGER_HDFS_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer"; + + private INodeAttributeProvider rangerHdfsAuthorizerImpl = null; + private static RangerPluginClassLoader rangerPluginClassLoader = null; + + public RangerHdfsAuthorizer() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerHdfsAuthorizer.RangerHdfsAuthorizer()"); + } + + this.init(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerHdfsAuthorizer.RangerHdfsAuthorizer()"); + } + } + + public void init(){ + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerHdfsAuthorizer.init()"); + } + + try { + + rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass()); + + @SuppressWarnings("unchecked") + Class<INodeAttributeProvider> cls = (Class<INodeAttributeProvider>) Class.forName(RANGER_HDFS_AUTHORIZER_IMPL_CLASSNAME, true, rangerPluginClassLoader); + + activatePluginClassLoader(); + + rangerHdfsAuthorizerImpl = cls.newInstance(); + } catch (Exception e) { + // check what need to be done + LOG.error("Error Enabling RangerHdfsPluing", e); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerHdfsAuthorizer.init()"); + } + } + + @Override + public void start() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerHdfsAuthorizer.start()"); + } + + try { + activatePluginClassLoader(); + + rangerHdfsAuthorizerImpl.start(); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerHdfsAuthorizer.start()"); + } + } + + @Override + public void stop() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerHdfsAuthorizer.stop()"); + } + + try { + activatePluginClassLoader(); + + rangerHdfsAuthorizerImpl.stop(); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerHdfsAuthorizer.stop()"); + } + } + + @Override + public INodeAttributes getAttributes(String fullPath, INodeAttributes inode) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerHdfsAuthorizer.getAttributes(" + fullPath + ")"); + } + + INodeAttributes ret = null; + + try { + activatePluginClassLoader(); + + ret = rangerHdfsAuthorizerImpl.getAttributes(fullPath,inode); // return default attributes + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerHdfsAuthorizer.getAttributes(" + fullPath + "): " + ret); + } + + return ret; + } + + @Override + public INodeAttributes getAttributes(String[] pathElements, INodeAttributes inode) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerHdfsAuthorizer.getAttributes(pathElementsCount=" + (pathElements == null ? 0 : pathElements.length) + ")"); + } + + INodeAttributes ret = null; + + try { + activatePluginClassLoader(); + + ret = rangerHdfsAuthorizerImpl.getAttributes(pathElements,inode); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerHdfsAuthorizer.getAttributes(pathElementsCount=" + (pathElements == null ? 0 : pathElements.length) + "): " + ret); + } + + return ret; + } + + @Override + public AccessControlEnforcer getExternalAccessControlEnforcer(AccessControlEnforcer defaultEnforcer) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerHdfsAuthorizer.getExternalAccessControlEnforcer()"); + } + + AccessControlEnforcer ret = null; + + ret = rangerHdfsAuthorizerImpl.getExternalAccessControlEnforcer(defaultEnforcer); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerHdfsAuthorizer.getExternalAccessControlEnforcer()"); + } + + return ret; + } + + private void activatePluginClassLoader() { + if(rangerPluginClassLoader != null) { + rangerPluginClassLoader.activate(); + } + } + + private void deactivatePluginClassLoader() { + if(rangerPluginClassLoader != null) { + rangerPluginClassLoader.deactivate(); + } + } +} + http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hive-plugin-shim/pom.xml ---------------------------------------------------------------------- diff --git a/ranger-hive-plugin-shim/pom.xml b/ranger-hive-plugin-shim/pom.xml new file mode 100644 index 0000000..1ff8349 --- /dev/null +++ b/ranger-hive-plugin-shim/pom.xml @@ -0,0 +1,105 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>security_plugins.ranger-hive-plugin-shim</groupId> + <artifactId>ranger-hive-plugin-shim</artifactId> + <name>Hive Security Plugin Shim</name> + <description>Hive Security Plugins Shim</description> + <packaging>jar</packaging> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <parent> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger</artifactId> + <version>0.5.0</version> + <relativePath>..</relativePath> + </parent> + <dependencies> + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + <version>${commons.logging.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hadoop</groupId> + <artifactId>hadoop-common</artifactId> + <version>${hadoop.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hadoop</groupId> + <artifactId>hadoop-hdfs</artifactId> + <version>${hadoop.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hive</groupId> + <artifactId>hive-common</artifactId> + <version>${hive.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hive</groupId> + <artifactId>hive-service</artifactId> + <version>${hive.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hive</groupId> + <artifactId>hive-exec</artifactId> + <version>${hive.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hive</groupId> + <artifactId>hive-metastore</artifactId> + <version>${hive.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hive</groupId> + <artifactId>hive-jdbc</artifactId> + <version>${hive.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hive</groupId> + <artifactId>hive-jdbc</artifactId> + <version>${hive.version}</version> + <classifier>standalone</classifier> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugins-audit</groupId> + <artifactId>ranger-plugins-audit</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugins-common</groupId> + <artifactId>ranger-plugins-common</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugin-classloader</groupId> + <artifactId>ranger-plugin-classloader</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + </dependency> + <dependency> + <groupId>org.mockito</groupId> + <artifactId>mockito-core</artifactId> + </dependency> + </dependencies> +</project> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hive-plugin-shim/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java ---------------------------------------------------------------------- diff --git a/ranger-hive-plugin-shim/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java b/ranger-hive-plugin-shim/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java new file mode 100644 index 0000000..592b667 --- /dev/null +++ b/ranger-hive-plugin-shim/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java @@ -0,0 +1,32 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.xasecure.authorization.hive.authorizer; + +import org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory; + +/** + * This class exists only to provide for seamless upgrade/downgrade capabilities. Coprocessor name is in hbase config files in /etc/.../conf which + * is not only out of bounds for any upgrade script but also must be of a form to allow for downgrad! Thus when class names were changed XaSecure* -> Ranger* + * this shell class serves to allow for seamles upgrade as well as downgrade. + * + * This class is final because if one needs to customize coprocessor it is expected that RangerAuthorizationCoprocessor would be modified/extended as that is + * the "real" coprocessor! This class, hence, should NEVER be more than an EMPTY shell! + */ +public final class XaSecureHiveAuthorizerFactory extends RangerHiveAuthorizerFactory { +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-hive-plugin-shim/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerFactory.java ---------------------------------------------------------------------- diff --git a/ranger-hive-plugin-shim/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerFactory.java b/ranger-hive-plugin-shim/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerFactory.java new file mode 100644 index 0000000..02d6db3 --- /dev/null +++ b/ranger-hive-plugin-shim/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerFactory.java @@ -0,0 +1,121 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.authorization.hive.authorizer; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext; +import org.apache.ranger.plugin.classloader.RangerPluginClassLoader; + + +public class RangerHiveAuthorizerFactory implements HiveAuthorizerFactory { + + private static final Log LOG = LogFactory.getLog(RangerHiveAuthorizerFactory.class); + + private static final String RANGER_PLUGIN_TYPE = "hive"; + private static final String[] RANGER_PLUGIN_LIB_DIR = new String[] {"lib/ranger-hive-plugin"}; + private static final String RANGER_HIVE_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory"; + + private HiveAuthorizerFactory rangerHiveAuthorizerFactoryImpl = null; + private RangerPluginClassLoader rangerPluginClassLoader = null; + + + public RangerHiveAuthorizerFactory() { + + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerHiveAuthorizerFactory.RangerHiveAuthorizerFactory()"); + } + + this.init(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerHiveAuthorizerFactory.RangerHiveAuthorizerFactory()"); + } + } + + public void init(){ + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerHiveAuthorizerFactory.init()"); + } + + try { + + rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass()); + + @SuppressWarnings("unchecked") + Class<HiveAuthorizerFactory> cls = (Class<HiveAuthorizerFactory>) Class.forName(RANGER_HIVE_AUTHORIZER_IMPL_CLASSNAME, true, rangerPluginClassLoader); + + activatePluginClassLoader(); + + rangerHiveAuthorizerFactoryImpl = cls.newInstance(); + + } catch (Exception e) { + // check what need to be done + LOG.error("Error Enabling RangerHivePluing", e); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerHiveAuthorizerFactory.init()"); + } + } + + @Override + public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory, + HiveConf conf, + HiveAuthenticationProvider hiveAuthenticator, + HiveAuthzSessionContext sessionContext) + throws HiveAuthzPluginException { + + HiveAuthorizer ret = null; + + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerHiveAuthorizerFactory.createHiveAuthorizer()"); + } + + ret = rangerHiveAuthorizerFactoryImpl.createHiveAuthorizer(metastoreClientFactory, conf, hiveAuthenticator, sessionContext); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerHiveAuthorizerFactory.createHiveAuthorizer()"); + } + + return ret; + } + + private void activatePluginClassLoader() { + if(rangerPluginClassLoader != null) { + rangerPluginClassLoader.activate(); + } + } + + private void deactivatePluginClassLoader() { + if(rangerPluginClassLoader != null) { + rangerPluginClassLoader.deactivate(); + } + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-kafka-plugin-shim/pom.xml ---------------------------------------------------------------------- diff --git a/ranger-kafka-plugin-shim/pom.xml b/ranger-kafka-plugin-shim/pom.xml new file mode 100644 index 0000000..2d29868 --- /dev/null +++ b/ranger-kafka-plugin-shim/pom.xml @@ -0,0 +1,56 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor + license agreements. See the NOTICE file distributed with this work for additional + information regarding copyright ownership. The ASF licenses this file to + You under the Apache License, Version 2.0 (the "License"); you may not use + this file except in compliance with the License. You may obtain a copy of + the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required + by applicable law or agreed to in writing, software distributed under the + License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS + OF ANY KIND, either express or implied. See the License for the specific + language governing permissions and limitations under the License. --> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>security_plugins.ranger-kafka-plugin-shim</groupId> + <artifactId>ranger-kafka-plugin-shim</artifactId> + <name>KAFKA Security Plugin Shim</name> + <description>KAFKA Security Plugin shim</description> + <packaging>jar</packaging> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <parent> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger</artifactId> + <version>0.5.0</version> + <relativePath>..</relativePath> + </parent> + <dependencies> + <dependency> + <groupId>security_plugins.ranger-plugins-common</groupId> + <artifactId>ranger-plugins-common</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugins-audit</groupId> + <artifactId>ranger-plugins-audit</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugin-classloader</groupId> + <artifactId>ranger-plugin-classloader</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>credentialbuilder</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.kafka</groupId> + <artifactId>kafka_2.10</artifactId> + <version>${kafka.version}</version> + </dependency> + </dependencies> +</project> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java ---------------------------------------------------------------------- diff --git a/ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java b/ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java new file mode 100644 index 0000000..d39cac2 --- /dev/null +++ b/ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java @@ -0,0 +1,248 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.authorization.kafka.authorizer; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.plugin.classloader.RangerPluginClassLoader; + +import scala.collection.immutable.Set; +import kafka.network.RequestChannel.Session; +import kafka.security.auth.Acl; +import kafka.security.auth.Authorizer; +import kafka.security.auth.KafkaPrincipal; +import kafka.security.auth.Operation; +import kafka.security.auth.Resource; +import kafka.server.KafkaConfig; + + +//public class RangerKafkaAuthorizer extends Authorizer { +public class RangerKafkaAuthorizer implements Authorizer { + private static final Log LOG = LogFactory.getLog(RangerKafkaAuthorizer.class); + + private static final String RANGER_PLUGIN_TYPE = "kafka"; + private static final String[] RANGER_PLUGIN_LIB_DIR = new String[] {"lib/ranger-kafka-plugin"}; + private static final String RANGER_KAFKA_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer"; + + private Authorizer rangerKakfaAuthorizerImpl = null; + private static RangerPluginClassLoader rangerPluginClassLoader = null; + + public RangerKafkaAuthorizer() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerKafkaAuthorizer.RangerKafkaAuthorizer()"); + } + + this.init(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerKafkaAuthorizer.RangerKafkaAuthorizer()"); + } + } + + private void init(){ + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerKafkaAuthorizer.init()"); + } + + try { + + rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass()); + + @SuppressWarnings("unchecked") + Class<Authorizer> cls = (Class<Authorizer>) Class.forName(RANGER_KAFKA_AUTHORIZER_IMPL_CLASSNAME, true, rangerPluginClassLoader); + + activatePluginClassLoader(); + + rangerKakfaAuthorizerImpl = cls.newInstance(); + } catch (Exception e) { + // check what need to be done + LOG.error("Error Enabling RangerKafkaPluing", e); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerKafkaAuthorizer.init()"); + } + } + + + @Override + public void initialize(KafkaConfig kafkaConfig) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerKafkaAuthorizer.initialize()"); + } + + try { + activatePluginClassLoader(); + + rangerKakfaAuthorizerImpl.initialize(kafkaConfig); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerKafkaAuthorizer.initialize()"); + } + } + + @Override + public boolean authorize(Session session, Operation operation,Resource resource) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerKafkaAuthorizer.authorize()"); + } + + boolean ret = false; + + try { + activatePluginClassLoader(); + + ret = rangerKakfaAuthorizerImpl.authorize(session, operation, resource); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerKafkaAuthorizer.authorize()"); + } + + return ret; + } + + @Override + public void addAcls(Set<Acl> acls, Resource resource) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerKafkaAuthorizer.addAcls()"); + } + + try { + activatePluginClassLoader(); + + rangerKakfaAuthorizerImpl.addAcls(acls, resource); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerKafkaAuthorizer.addAcls()"); + } + } + + @Override + public boolean removeAcls(Set<Acl> acls, Resource resource) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerKafkaAuthorizer.removeAcls()"); + } + boolean ret = false; + try { + activatePluginClassLoader(); + + ret = rangerKakfaAuthorizerImpl.removeAcls(acls, resource); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerKafkaAuthorizer.removeAcls()"); + } + + return ret; + } + + @Override + public boolean removeAcls(Resource resource) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerKafkaAuthorizer.removeAcls()"); + } + boolean ret = false; + try { + activatePluginClassLoader(); + + ret = rangerKakfaAuthorizerImpl.removeAcls(resource); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerKafkaAuthorizer.removeAcls()"); + } + + return ret; + } + + @Override + public Set<Acl> getAcls(Resource resource) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerKafkaAuthorizer.getAcls()"); + } + + Set<Acl> ret = null; + + try { + activatePluginClassLoader(); + + ret = rangerKakfaAuthorizerImpl.getAcls(resource); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerKafkaAuthorizer.getAcls()"); + } + + return ret; + } + + @Override + public Set<Acl> getAcls(KafkaPrincipal principal) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerKafkaAuthorizer.getAcls()"); + } + + Set<Acl> ret = null; + + try { + activatePluginClassLoader(); + + ret = rangerKakfaAuthorizerImpl.getAcls(principal); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerKafkaAuthorizer.getAcls()"); + } + + return ret; + } + + private void activatePluginClassLoader() { + if(rangerPluginClassLoader != null) { + rangerPluginClassLoader.activate(); + } + } + + private void deactivatePluginClassLoader() { + if(rangerPluginClassLoader != null) { + rangerPluginClassLoader.deactivate(); + } + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-knox-plugin-shim/pom.xml ---------------------------------------------------------------------- diff --git a/ranger-knox-plugin-shim/pom.xml b/ranger-knox-plugin-shim/pom.xml new file mode 100644 index 0000000..eef7913 --- /dev/null +++ b/ranger-knox-plugin-shim/pom.xml @@ -0,0 +1,91 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>security_plugins.ranger-knox-plugin-shim</groupId> + <artifactId>ranger-knox-plugin-shim</artifactId> + <name>Knox Security Plugin Shim</name> + <description>Knox Security Plugins Shim</description> + <packaging>jar</packaging> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <parent> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger</artifactId> + <version>0.5.0</version> + <relativePath>..</relativePath> + </parent> + <dependencies> + <dependency> + <groupId>org.apache.knox</groupId> + <artifactId>gateway-spi</artifactId> + <version>0.5.0</version> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <version>${javax.servlet.version}</version> + </dependency> + <dependency> + <groupId>org.glassfish.jersey.core</groupId> + <artifactId>jersey-client</artifactId> + </dependency> + <dependency> + <groupId>com.google.code.gson</groupId> + <artifactId>gson</artifactId> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + </dependency> + <dependency> + <groupId>org.mockito</groupId> + <artifactId>mockito-core</artifactId> + </dependency> + <dependency> + <groupId>org.hamcrest</groupId> + <artifactId>hamcrest-integration</artifactId> + </dependency> + <dependency> + <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-mapper-asl</artifactId> + <version>${codehaus.jackson.version}</version> + </dependency> + <dependency> + <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-core-asl</artifactId> + <version>${codehaus.jackson.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugins-common</groupId> + <artifactId>ranger-plugins-common</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugin-classloader</groupId> + <artifactId>ranger-plugin-classloader</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugins-audit</groupId> + <artifactId>ranger-plugins-audit</artifactId> + <version>${project.version}</version> + </dependency> + </dependencies> +</project> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-knox-plugin-shim/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java ---------------------------------------------------------------------- diff --git a/ranger-knox-plugin-shim/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java b/ranger-knox-plugin-shim/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java new file mode 100644 index 0000000..6b9d6fd --- /dev/null +++ b/ranger-knox-plugin-shim/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java @@ -0,0 +1,25 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package com.xasecure.pdp.knox.filter; + +import org.apache.ranger.authorization.knox.RangerPDPKnoxFilter; + +public class XASecurePDPKnoxFilter extends RangerPDPKnoxFilter { +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java ---------------------------------------------------------------------- diff --git a/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java b/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java new file mode 100644 index 0000000..af4d947 --- /dev/null +++ b/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java @@ -0,0 +1,153 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.authorization.knox; + +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.plugin.classloader.RangerPluginClassLoader; + +public class RangerPDPKnoxFilter implements Filter { + + private static final Log LOG = LogFactory.getLog(RangerPDPKnoxFilter.class); + + private static final String RANGER_PLUGIN_TYPE = "knox"; + private static final String[] RANGER_PLUGIN_LIB_DIR = new String[] {"lib/ranger-hdfs-plugin"}; + private static final String RANGER_PDP_KNOX_FILTER_IMPL_CLASSNAME = "org.apache.ranger.authorization.knox.RangerPDPKnoxFilter"; + + private RangerPDPKnoxFilter rangerPDPKnoxFilteImpl = null; + private static RangerPluginClassLoader rangerPluginClassLoader = null; + + public RangerPDPKnoxFilter() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPDPKnoxFilter.RangerPDPKnoxFilter()"); + } + + this.init0(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPDPKnoxFilter.RangerPDPKnoxFilter()"); + } + } + + private void init0(){ + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPDPKnoxFilter.init()"); + } + + try { + rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass()); + + @SuppressWarnings("unchecked") + Class<Filter> cls = (Class<Filter>) Class.forName(RANGER_PDP_KNOX_FILTER_IMPL_CLASSNAME, true, rangerPluginClassLoader); + + activatePluginClassLoader(); + + rangerPDPKnoxFilteImpl = (RangerPDPKnoxFilter) cls.newInstance(); + } catch (Exception e) { + // check what need to be done + LOG.error("Error Enabling RangerKnoxPlugin", e); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPDPKnoxFilter.init()"); + } + } + + @Override + public void destroy() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPDPKnoxFilter.destroy()"); + } + + try { + activatePluginClassLoader(); + + rangerPDPKnoxFilteImpl.destroy(); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPDPKnoxFilter.destroy()"); + } + } + + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPDPKnoxFilter.doFilter()"); + } + + try { + activatePluginClassLoader(); + + rangerPDPKnoxFilteImpl.doFilter(servletRequest, servletResponse, filterChain); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPDPKnoxFilter.doFilter()"); + } + } + + @Override + public void init(FilterConfig fiterConfig) throws ServletException { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPDPKnoxFilter.init()"); + } + + try { + activatePluginClassLoader(); + + rangerPDPKnoxFilteImpl.init(fiterConfig); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPDPKnoxFilter.init()"); + } + } + + + private void activatePluginClassLoader() { + if(rangerPluginClassLoader != null) { + rangerPluginClassLoader.activate(); + } + } + + private void deactivatePluginClassLoader() { + if(rangerPluginClassLoader != null) { + rangerPluginClassLoader.deactivate(); + } + } +} + http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/pom.xml ---------------------------------------------------------------------- diff --git a/ranger-plugin-classloader/pom.xml b/ranger-plugin-classloader/pom.xml new file mode 100644 index 0000000..d8504e6 --- /dev/null +++ b/ranger-plugin-classloader/pom.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"; xmlns="http://maven.apache.org/POM/4.0.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <modelVersion>4.0.0</modelVersion> + <groupId>security_plugins.ranger-plugin-classloader</groupId> + <artifactId>ranger-plugin-classloader</artifactId> + <version>0.5.0</version> + <name>ranger-plugin-classloader</name> + <description>Ranger Plugin ClassLoader</description> + <packaging>jar</packaging> + <url>http://maven.apache.org</url> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <parent> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger</artifactId> + <version>0.5.0</version> + </parent> + <dependencies> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + <!-- + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + <version>${commons.logging.version}</version> + </dependency> + --> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <version>${slf4j-api.version}</version> + </dependency> + </dependencies> +</project> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java ---------------------------------------------------------------------- diff --git a/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java b/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java new file mode 100644 index 0000000..eafcd27 --- /dev/null +++ b/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java @@ -0,0 +1,292 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.classloader; + +import java.io.IOException; +import java.net.URL; +import java.net.URLClassLoader; +import java.util.Enumeration; + +//import org.apache.commons.logging.Log; +//import org.apache.commons.logging.LogFactory; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class RangerPluginClassLoader extends URLClassLoader { + private static Logger LOG = LoggerFactory.getLogger(RangerPluginClassLoader.class); + + private static volatile RangerPluginClassLoader me = null; + private static MyClassLoader componentClassLoader = null; + //private static ThreadLocal<MyClassLoader> componentClassLoader = new ThreadLocal<MyClassLoader>(); + + public RangerPluginClassLoader(String pluginType, Class<?> pluginClass ) throws Exception { + super(RangerPluginClassLoaderUtil.getInstance().getPluginFilesForServiceTypeAndPluginclass(pluginType, pluginClass), null); + //componentClassLoader.set(new MyClassLoader(Thread.currentThread().getContextClassLoader())); + componentClassLoader = new MyClassLoader(Thread.currentThread().getContextClassLoader()); + } + + public static RangerPluginClassLoader getInstance(String pluginType, Class<?> pluginClass ) throws Exception { + RangerPluginClassLoader ret = me; + if ( ret == null) { + synchronized(RangerPluginClassLoader.class) { + ret = me; + if ( ret == null){ + me = ret = new RangerPluginClassLoader(pluginType,pluginClass); + } + } + } + return ret; + } + + @Override + public Class<?> findClass(String name) throws ClassNotFoundException { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPluginClassLoader.findClass(" + name + ")"); + } + + Class<?> ret = null; + + try { + // first we try to find a class inside the child classloader + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPluginClassLoader.findClass(" + name + "): calling childClassLoader().findClass() "); + } + + ret = super.findClass(name); + } catch( Throwable e ) { + // Use the Component ClassLoader findclass to load when childClassLoader fails to find + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPluginClassLoader.findClass(" + name + "): calling componentClassLoader.findClass()"); + } + + MyClassLoader savedClassLoader = getComponentClassLoader(); + if (savedClassLoader != null) { + ret = savedClassLoader.findClass(name); + } + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPluginClassLoader.findClass(" + name + "): " + ret); + } + return ret; + } + + @Override + public synchronized Class<?> loadClass(String name) throws ClassNotFoundException { + if (LOG.isDebugEnabled()) { + LOG.debug("==> RangerPluginClassLoader.loadClass(" + name + ")" ); + } + + Class<?> ret = null; + + try { + // first we try to load a class inside the child classloader + if (LOG.isDebugEnabled()) { + LOG.debug("RangerPluginClassLoader.loadClass(" + name + "): calling childClassLoader.findClass()"); + } + ret = super.loadClass(name); + } catch(Throwable e) { + // Use the Component ClassLoader loadClass to load when childClassLoader fails to find + if (LOG.isDebugEnabled()) { + LOG.debug("RangerPluginClassLoader.loadClass(" + name + "): calling componentClassLoader.loadClass()"); + } + + MyClassLoader savedClassLoader = getComponentClassLoader(); + + if(savedClassLoader != null) { + ret = savedClassLoader.loadClass(name); + } + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPluginClassLoader.loadClass" + name + "): " + ret); + } + + return ret; + } + + @Override + public URL findResource(String name) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPluginClassLoader.findResource(" + name + ") "); + } + + URL ret = super.findResource(name); + + if (ret == null) { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPluginClassLoader.findResource(" + name + "): calling componentClassLoader.getResources()"); + } + + MyClassLoader savedClassLoader = getComponentClassLoader(); + if (savedClassLoader != null) { + ret = savedClassLoader.getResource(name); + } + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPluginClassLoader.findResource(" + name + "): " + ret); + } + + return ret; + } + + @Override + public Enumeration<URL> findResources(String name) throws IOException { + Enumeration<URL> ret = null; + + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPluginClassLoader.findResources(" + name + ") "); + } + + ret = new MergeEnumeration(findResourcesUsingChildClassLoader(name),findResourcesUsingComponentClassLoader(name)); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPluginClassLoader.findResources(" + name + ") "); + } + + return ret; + } + + public Enumeration<URL> findResourcesUsingChildClassLoader(String name) { + + Enumeration<URL> ret = null; + + try { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPluginClassLoader.findResourcesUsingChildClassLoader(" + name + "): calling childClassLoader.findResources()"); + } + + ret = super.findResources(name); + + } catch ( Throwable t) { + //Ignore any exceptions. Null / Empty return is handle in following statements + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPluginClassLoader.findResourcesUsingChildClassLoader(" + name + "): class not found in child. Falling back to componentClassLoader", t); + } + } + return ret; + } + + public Enumeration<URL> findResourcesUsingComponentClassLoader(String name) { + + Enumeration<URL> ret = null; + + try { + + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPluginClassLoader.findResourcesUsingComponentClassLoader(" + name + "): calling componentClassLoader.getResources()"); + } + + MyClassLoader savedClassLoader = getComponentClassLoader(); + + if (savedClassLoader != null) { + ret = savedClassLoader.getResources(name); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPluginClassLoader.findResourcesUsingComponentClassLoader(" + name + "): " + ret); + } + } catch( Throwable t) { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPluginClassLoader.findResourcesUsingComponentClassLoader(" + name + "): class not found in componentClassLoader.", t); + } + } + + return ret; + } + + public void activate() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPluginClassLoader.activate()"); + } + + //componentClassLoader.set(new MyClassLoader(Thread.currentThread().getContextClassLoader())); + + Thread.currentThread().setContextClassLoader(this); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPluginClassLoader.activate()"); + } + } + + public void deactivate() { + + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPluginClassLoader.deactivate()"); + } + + MyClassLoader savedClassLoader = getComponentClassLoader(); + + if(savedClassLoader != null && savedClassLoader.getParent() != null) { + Thread.currentThread().setContextClassLoader(savedClassLoader.getParent()); + } else { + LOG.warn("RangerPluginClassLoader.deactivate() was not successful.Couldn't not get the saved componentClassLoader..."); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPluginClassLoader.deactivate()"); + } + } + + private MyClassLoader getComponentClassLoader() { + return componentClassLoader; + //return componentClassLoader.get(); + } + + static class MyClassLoader extends ClassLoader { + public MyClassLoader(ClassLoader realClassLoader) { + super(realClassLoader); + } + + @Override + public Class<?> findClass(String name) throws ClassNotFoundException { + return super.findClass(name); + } + } + + class MergeEnumeration implements Enumeration<URL> { + + Enumeration<URL> e1 = null; + Enumeration<URL> e2 = null; + + public MergeEnumeration(Enumeration<URL> e1, Enumeration<URL> e2 ) { + this.e1 = e1; + this.e2 = e2; + } + + @Override + public boolean hasMoreElements() { + return ( (e1 != null && e1.hasMoreElements() ) || ( e2 != null && e2.hasMoreElements()) ); + } + + @Override + public URL nextElement() { + URL ret = null; + if (e1 != null && e1.hasMoreElements()) + ret = e1.nextElement(); + else if ( e2 != null && e2.hasMoreElements() ) { + ret = e2.nextElement(); + } + return ret; + } + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoaderUtil.java ---------------------------------------------------------------------- diff --git a/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoaderUtil.java b/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoaderUtil.java new file mode 100644 index 0000000..ea18883 --- /dev/null +++ b/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoaderUtil.java @@ -0,0 +1,150 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.classloader; + + +import java.io.File; +import java.net.URI; +import java.net.URL; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.List; + +//import org.apache.commons.logging.Log; +//import org.apache.commons.logging.LogFactory; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class RangerPluginClassLoaderUtil { + + private static final Logger LOG = LoggerFactory.getLogger(RangerPluginClassLoaderUtil.class) ; + + private static RangerPluginClassLoaderUtil config = null; + private static String rangerPluginLibDir = "ranger-%-plugin-impl"; + + public static RangerPluginClassLoaderUtil getInstance() { + RangerPluginClassLoaderUtil result = config; + if (result == null) { + synchronized (RangerPluginClassLoaderUtil.class) { + result = config; + if (result == null) { + config = result = new RangerPluginClassLoaderUtil(); + } + } + } + return result; + } + + + public URL[] getPluginFilesForServiceTypeAndPluginclass( String serviceType, Class<?> pluginClass) throws Exception { + + URL[] ret = null; + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPluginClassLoaderUtil.getPluginFilesForServiceTypeAndPluginclass(" + serviceType + ")" + " Pluging Class :" + pluginClass.getName()); + } + + String[] libDirs = new String[] { getPluginImplLibPath(serviceType, pluginClass) }; + + ret = getPluginFiles(libDirs); + + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPluginClassLoaderUtil.getPluginFilesForServiceTypeAndPluginclass(" + serviceType + ")" + " Pluging Class :" + pluginClass.getName()); + } + + return ret; + + } + + private URL[] getPluginFiles(String[] libDirs) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPluginClassLoaderUtil.getPluginFiles()"); + } + + List<URL> ret = new ArrayList<URL>(); + for ( String libDir : libDirs) { + getFilesInDirectory(libDir,ret); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPluginClassLoaderUtil.getPluginFilesForServiceType(): " + ret.size() + " files"); + } + + return ret.toArray(new URL[] { }); + } + + private void getFilesInDirectory(String dirPath, List<URL> files) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPluginClassLoaderUtil.getPluginFiles()"); + } + + if ( dirPath != null) { + try { + + File[] dirFiles = new File(dirPath).listFiles(); + + if(dirFiles != null) { + for(File dirFile : dirFiles) { + try { + URL jarPath = dirFile.toURI().toURL(); + + LOG.info("getFilesInDirectory('" + dirPath + "'): adding " + dirFile.getAbsolutePath()); + + files.add(jarPath); + } catch(Exception excp) { + LOG.warn("getFilesInDirectory('" + dirPath + "'): failed to get URI for file " + dirFile.getAbsolutePath(), excp); + } + } + } + } catch(Exception excp) { + LOG.warn("getFilesInDirectory('" + dirPath + "'): error", excp); + } + } else { + LOG.warn("getFilesInDirectory('" + dirPath + "'): could not find directory in path " + dirPath); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPluginClassLoaderUtil.getFilesInDirectory(" + dirPath + ")"); + } + } + + private String getPluginImplLibPath(String serviceType, Class<?> pluginClass) throws Exception { + + String ret = null; + + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPluginClassLoaderUtil.getPluginImplLibPath for Class (" + pluginClass.getName() + ")"); + } + + URI uri = pluginClass.getProtectionDomain().getCodeSource().getLocation().toURI(); + + Path path = Paths.get(URI.create(uri.toString())); + + ret = path.getParent().toString() + File.separatorChar + rangerPluginLibDir.replaceAll("%", serviceType); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPluginClassLoaderUtil.getPluginImplLibPath for Class (" + pluginClass.getName() + " PATH :" + ret + ")"); + } + + return ret; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestChildFistClassLoader.java ---------------------------------------------------------------------- diff --git a/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestChildFistClassLoader.java b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestChildFistClassLoader.java new file mode 100644 index 0000000..de45520 --- /dev/null +++ b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestChildFistClassLoader.java @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.classloader.test.Impl; + +import java.io.File; +import java.net.URL; +import java.net.URLClassLoader; + +import org.apache.ranger.plugin.classloader.RangerPluginClassLoader; +import org.apache.ranger.plugin.classloader.test.TestPlugin; +import org.apache.ranger.plugin.classloader.test.TestPrintParent; + +public class TestChildFistClassLoader { + + public static void main(String [] args){ + TestPrintParent testPrint = new TestPrintParent(); + System.out.println(testPrint.getString()); + File file = null; + URL[] urls = null; + try { + file = new File(".." + File.separatorChar + "TestPluginImpl.class"); + URL url = file.toPath().toUri().toURL(); + urls = new URL[] {url}; + } catch (Exception e) { + e.printStackTrace(); + } + + String[] libdirs = new String[] { file.getAbsolutePath() }; + + try { + @SuppressWarnings("resource") + RangerPluginClassLoader rangerPluginClassLoader = new RangerPluginClassLoader("hdfs", TestChildFistClassLoader.class); + TestPlugin testPlugin = (TestPlugin) rangerPluginClassLoader.loadClass("org.apache.ranger.plugin.classloader.test.Impl.TestPluginImpl").newInstance(); + System.out.println(testPlugin.print()); + } catch (Throwable t) { + t.printStackTrace(); + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPluginImpl.java ---------------------------------------------------------------------- diff --git a/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPluginImpl.java b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPluginImpl.java new file mode 100644 index 0000000..cbb3c67 --- /dev/null +++ b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPluginImpl.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.classloader.test.Impl; + +import org.apache.ranger.plugin.classloader.test.TestPlugin; + +public class TestPluginImpl implements TestPlugin { + + @Override + public String print() { + String ret = new TestPrint().getString(); + return ret; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPrint.java ---------------------------------------------------------------------- diff --git a/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPrint.java b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPrint.java new file mode 100644 index 0000000..8626ec4 --- /dev/null +++ b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/Impl/TestPrint.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.classloader.test.Impl; + +public class TestPrint { + + public String getString(){ + String ret = "Class Loaded by RangerPlugingClassLoader"; + return ret; + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPlugin.java ---------------------------------------------------------------------- diff --git a/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPlugin.java b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPlugin.java new file mode 100644 index 0000000..145d7a5 --- /dev/null +++ b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPlugin.java @@ -0,0 +1,24 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.classloader.test; + +public interface TestPlugin { + public String print(); +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPrintParent.java ---------------------------------------------------------------------- diff --git a/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPrintParent.java b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPrintParent.java new file mode 100644 index 0000000..9524dfa --- /dev/null +++ b/ranger-plugin-classloader/src/test/java/org/apache/ranger/plugin/classloader/test/TestPrintParent.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.classloader.test; + +public class TestPrintParent { + + public String getString(){ + String ret = "Loaded by Component ClassLoader"; + return ret; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-storm-plugin-shim/pom.xml ---------------------------------------------------------------------- diff --git a/ranger-storm-plugin-shim/pom.xml b/ranger-storm-plugin-shim/pom.xml new file mode 100644 index 0000000..397bb2f --- /dev/null +++ b/ranger-storm-plugin-shim/pom.xml @@ -0,0 +1,76 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>security_plugins.ranger-storm-plugin-shim</groupId> + <artifactId>ranger-storm-plugin-shim</artifactId> + <name>Storm Security Plugin shim</name> + <description>Storm Security Plugins shim</description> + <packaging>jar</packaging> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <parent> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger</artifactId> + <version>0.5.0</version> + <relativePath>..</relativePath> + </parent> + <dependencies> + <dependency> + <groupId>org.apache.storm</groupId> + <artifactId>storm-core</artifactId> + <version>${storm.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugins-common</groupId> + <artifactId>ranger-plugins-common</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugins-audit</groupId> + <artifactId>ranger-plugins-audit</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>credentialbuilder</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hadoop</groupId> + <artifactId>hadoop-hdfs</artifactId> + <version>${hadoop.version}</version> + </dependency> + <dependency> + <groupId>commons-cli</groupId> + <artifactId>commons-cli</artifactId> + <version>${commons.cli.version}</version> + </dependency> + <dependency> + <groupId>org.apache.htrace</groupId> + <artifactId>htrace-core</artifactId> + <version>${htrace-core.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugin-classloader</groupId> + <artifactId>ranger-plugin-classloader</artifactId> + <version>${project.version}</version> + </dependency> + </dependencies> +</project> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-storm-plugin-shim/src/main/java/com/xasecure/authorization/storm/authorizer/XaSecureStormAuthorizer.java ---------------------------------------------------------------------- diff --git a/ranger-storm-plugin-shim/src/main/java/com/xasecure/authorization/storm/authorizer/XaSecureStormAuthorizer.java b/ranger-storm-plugin-shim/src/main/java/com/xasecure/authorization/storm/authorizer/XaSecureStormAuthorizer.java new file mode 100644 index 0000000..723dd79 --- /dev/null +++ b/ranger-storm-plugin-shim/src/main/java/com/xasecure/authorization/storm/authorizer/XaSecureStormAuthorizer.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package com.xasecure.authorization.storm.authorizer; + +import org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer; + +/** + * This class exists only to provide for seamless upgrade/downgrade capabilities. Class name is in storm conf which must allow for seamles upgrade and downgrade. + * Thus when class names were changed XaSecure* -> Ranger* this shell class serves to allow for seamles upgrade as well as downgrade. + * + * This class is final because if one needs to customize coprocessor it is expected that RangerStormAuthorizer would be modified/extended as that is + * the "real" authorizer! This class, hence, should NEVER be more than an EMPTY shell! + */ +final public class XaSecureStormAuthorizer extends RangerStormAuthorizer { +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-storm-plugin-shim/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java ---------------------------------------------------------------------- diff --git a/ranger-storm-plugin-shim/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java b/ranger-storm-plugin-shim/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java new file mode 100644 index 0000000..7c620ec --- /dev/null +++ b/ranger-storm-plugin-shim/src/main/java/org/apache/ranger/authorization/storm/authorizer/RangerStormAuthorizer.java @@ -0,0 +1,138 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.authorization.storm.authorizer; + + + +import java.util.Map; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.apache.ranger.plugin.classloader.RangerPluginClassLoader; + +import backtype.storm.security.auth.IAuthorizer; +import backtype.storm.security.auth.ReqContext; + +public class RangerStormAuthorizer implements IAuthorizer { + private static final Logger LOG = LoggerFactory.getLogger(RangerStormAuthorizer.class); + + private static final String RANGER_PLUGIN_TYPE = "storm"; + private static final String[] RANGER_PLUGIN_LIB_DIR = new String[] {"lib/ranger-storm-plugin"}; + private static final String RANGER_STORM_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer"; + + private IAuthorizer rangerStormAuthorizerImpl = null; + private static RangerPluginClassLoader rangerPluginClassLoader = null; + + public RangerStormAuthorizer() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerStormAuthorizer.RangerStormAuthorizer()"); + } + + this.init(); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerStormAuthorizer.RangerStormAuthorizer()"); + } + } + + private void init(){ + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerStormAuthorizer.init()"); + } + + try { + + rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass()); + + @SuppressWarnings("unchecked") + Class<IAuthorizer> cls = (Class<IAuthorizer>) Class.forName(RANGER_STORM_AUTHORIZER_IMPL_CLASSNAME, true, rangerPluginClassLoader); + + activatePluginClassLoader(); + + rangerStormAuthorizerImpl = cls.newInstance(); + } catch (Exception e) { + // check what need to be done + LOG.error("Error Enabling RangerStormPlugin", e); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerStormAuthorizer.init()"); + } + } + + @Override + public void prepare(Map storm_conf) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerStormAuthorizer.prepare()"); + } + + try { + activatePluginClassLoader(); + + rangerStormAuthorizerImpl.prepare(storm_conf); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerStormAuthorizer.prepare()"); + } + + } + + @Override + public boolean permit(ReqContext context, String operation, Map topology_conf) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerStormAuthorizer.permit()"); + } + + boolean ret = false; + + try { + activatePluginClassLoader(); + + ret = rangerStormAuthorizerImpl.permit(context, operation, topology_conf); + } finally { + deactivatePluginClassLoader(); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerStormAuthorizer.permit()"); + } + + return ret; + } + + + private void activatePluginClassLoader() { + if(rangerPluginClassLoader != null) { + rangerPluginClassLoader.activate(); + } + } + + private void deactivatePluginClassLoader() { + if(rangerPluginClassLoader != null) { + rangerPluginClassLoader.deactivate(); + } + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a2c72902/ranger-yarn-plugin-shim/pom.xml ---------------------------------------------------------------------- diff --git a/ranger-yarn-plugin-shim/pom.xml b/ranger-yarn-plugin-shim/pom.xml new file mode 100644 index 0000000..d461ca5 --- /dev/null +++ b/ranger-yarn-plugin-shim/pom.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>security_plugins.ranger-yarn-plugin-shim</groupId> + <artifactId>ranger-yarn-plugin-shim</artifactId> + <name>YARN Security Plugin Shim</name> + <description>YARN Security Plugin Shim</description> + <packaging>jar</packaging> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <parent> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger</artifactId> + <version>0.5.0</version> + <relativePath>..</relativePath> + </parent> + <dependencies> + <dependency> + <groupId>security_plugins.ranger-plugins-common</groupId> + <artifactId>ranger-plugins-common</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugins-audit</groupId> + <artifactId>ranger-plugins-audit</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>credentialbuilder</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hadoop</groupId> + <artifactId>hadoop-yarn-common</artifactId> + <version>${hadoop.version}</version> + </dependency> + <dependency> + <groupId>org.apache.hadoop</groupId> + <artifactId>hadoop-yarn-api</artifactId> + <version>${hadoop.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugin-classloader</groupId> + <artifactId>ranger-plugin-classloader</artifactId> + <version>${project.version}</version> + </dependency> + </dependencies> +</project>
