Tag retrieval is implemented to consume at most one thread through thread-reuse across several service-policies updates
Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/801d3326 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/801d3326 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/801d3326 Branch: refs/heads/master Commit: 801d332640a32fe5d018aff6673657a9e866385c Parents: 03083e7 Author: Abhay Kulkarni <[email protected]> Authored: Wed Sep 2 14:40:47 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Fri Sep 4 23:28:54 2015 -0700 ---------------------------------------------------------------------- .../RangerAbstractContextEnricher.java | 6 + .../RangerAdminTagRetriever.java | 59 ++-- .../contextenricher/RangerContextEnricher.java | 2 + .../contextenricher/RangerTagEnricher.java | 322 +++++++++++++++++++ .../RangerTagFileStoreRetriever.java | 60 ++-- .../contextenricher/RangerTagProvider.java | 219 ------------- .../contextenricher/RangerTagRefresher.java | 110 ------- .../contextenricher/RangerTagRetriever.java | 55 +++- .../policyengine/RangerPolicyEngineCache.java | 2 +- .../policyengine/RangerPolicyEngineImpl.java | 8 +- .../policyengine/RangerPolicyRepository.java | 12 +- .../ranger/plugin/service/RangerBasePlugin.java | 2 +- .../plugin/policyengine/TestPolicyDb.java | 2 +- .../plugin/policyengine/TestPolicyEngine.java | 12 +- .../test_policyengine_tag_hdfs.json | 4 +- .../test_policyengine_tag_hive.json | 4 +- 16 files changed, 467 insertions(+), 412 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java index bd45ce6..f869d58 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java @@ -36,6 +36,7 @@ public abstract class RangerAbstractContextEnricher implements RangerContextEnri protected RangerContextEnricherDef enricherDef; protected String serviceName; + protected String appId; protected RangerServiceDef serviceDef; @Override @@ -64,6 +65,11 @@ public abstract class RangerAbstractContextEnricher implements RangerContextEnri this.serviceDef = serviceDef; } + @Override + public void setAppId(String appId) { + this.appId = appId; + } + public String getOption(String name) { String ret = null; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java index 889fbbc..9db8f0a 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java @@ -19,68 +19,57 @@ package org.apache.ranger.plugin.contextenricher; -import org.apache.commons.collections.CollectionUtils; -import org.apache.commons.collections.MapUtils; +import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.admin.client.RangerAdminClient; -import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.service.RangerBasePlugin; import org.apache.ranger.plugin.util.ServiceTags; -import org.apache.ranger.services.tag.RangerServiceTag; -import java.util.Date; -import java.util.List; +import java.nio.channels.ClosedByInterruptException; import java.util.Map; -public class RangerAdminTagRetriever extends RangerTagRefresher { +public class RangerAdminTagRetriever extends RangerTagRetriever { private static final Log LOG = LogFactory.getLog(RangerAdminTagRetriever.class); - private static String propertyPrefixPreamble = "ranger.plugin."; - private static String appId = "tag-retriever"; - private final String serviceName; - private final String propertyPrefix; - - private RangerTagReceiver receiver; private RangerAdminClient adminClient; - private long lastKnownVersion; - - public RangerAdminTagRetriever(final String serviceName, final RangerServiceDef serviceDef, final long pollingIntervalMs, final RangerTagReceiver enricher) { - super(pollingIntervalMs); - this.serviceName = serviceName; - setReceiver(enricher); - propertyPrefix = propertyPrefixPreamble + serviceDef.getName(); - this.lastKnownVersion = -1L; - } @Override public void init(Map<String, String> options) { + if (StringUtils.isNotBlank(serviceName) && serviceDef != null && StringUtils.isNotBlank(appId) && tagReceiver != null) { + String propertyPrefix = "ranger.plugin." + serviceDef.getName(); - if (adminClient == null) { adminClient = RangerBasePlugin.createAdminClient(serviceName, appId, propertyPrefix); - } + } else { + LOG.error("FATAL: Cannot find service/serviceDef to use for retrieving tags. Will NOT be able to retrieve tags."); + } } @Override - public void setReceiver(RangerTagReceiver receiver) { - this.receiver = receiver; - } + public void retrieveTags() throws InterruptedException { - @Override - public void retrieveTags() { - if (adminClient != null && receiver != null) { + if (adminClient != null && tagReceiver != null) { ServiceTags serviceTags = null; try { serviceTags = adminClient.getServiceTagsIfUpdated(lastKnownVersion); - } catch (Exception exp) { - LOG.error("RangerAdminTagRetriever.retrieveTags() - Error retrieving resources, exception=", exp); + } + catch (InterruptedException interruptedException) { + LOG.error("Tag-retriever thread was interrupted"); + throw interruptedException; + } + catch (ClosedByInterruptException closedByInterruptException) { + LOG.error("Tag-retriever thread was interrupted while blocked on I/O"); + throw new InterruptedException(); + } + catch (Exception exception) { + LOG.error("RangerAdminTagRetriever.retrieveTags() - Error retrieving resources, exception=", exception); } if (serviceTags != null) { - LOG.info("RangerAdminTagRetriever.retrieveTags() - Updating tags-cache to new version of tags, lastKnownVersion=" + lastKnownVersion + "; newVersion=" + serviceTags.getTagVersion()); - lastKnownVersion = serviceTags.getTagVersion(); - receiver.setServiceTags(serviceTags); + tagReceiver.setServiceTags(serviceTags); + LOG.info("RangerAdminTagRetriever.retrieveTags() - Updated tags-cache to new version of tags, lastKnownVersion=" + lastKnownVersion + "; newVersion=" + serviceTags.getTagVersion()); + setLastKnownVersion(serviceTags.getTagVersion()); } else { if (LOG.isDebugEnabled()) { LOG.debug("RangerAdminTagRetriever.retrieveTags() - No need to update tags-cache. lastKnownVersion=" + lastKnownVersion); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java index 7653789..10fed69 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java @@ -31,6 +31,8 @@ public interface RangerContextEnricher { void setContextServiceDef(RangerServiceDef serviceDef); + void setAppId(String appId); + //void setContextComponentServiceName(String componentServiceName); //void setContextComponentServiceDef(RangerServiceDef componentServiceDef); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java new file mode 100644 index 0000000..37732a6 --- /dev/null +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java @@ -0,0 +1,322 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.contextenricher; + +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections.MapUtils; +import org.apache.commons.lang.StringUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.plugin.model.RangerServiceResource; +import org.apache.ranger.plugin.model.RangerTag; +import org.apache.ranger.plugin.policyengine.RangerAccessRequest; +import org.apache.ranger.plugin.policyengine.RangerAccessResource; +import org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher; +import org.apache.ranger.plugin.util.RangerAccessRequestUtil; +import org.apache.ranger.plugin.util.ServiceTags; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +public class RangerTagEnricher extends RangerAbstractContextEnricher implements RangerTagReceiver { + private static final Log LOG = LogFactory.getLog(RangerTagEnricher.class); + + public static final String TAG_REFRESHER_POLLINGINTERVAL_OPTION = "tagRefresherPollingInterval"; + + public static final String TAG_RETRIEVER_CLASSNAME_OPTION = "tagRetrieverClassName"; + + private RangerTagRefresher tagRefresher = null; + + private RangerTagRetriever tagRetriever = null; + + private long lastKnownVersion = -1L; + + ServiceTags serviceTags = null; + + List<RangerServiceResourceMatcher> serviceResourceMatchers; + + @Override + public void init() { + if (LOG.isDebugEnabled()) { + LOG.debug("==> RangerTagEnricher.init()"); + } + + super.init(); + + String tagRetrieverClassName = getOption(TAG_RETRIEVER_CLASSNAME_OPTION); + + long pollingIntervalMs = getLongOption(TAG_REFRESHER_POLLINGINTERVAL_OPTION, 60 * 1000); + + if (StringUtils.isNotBlank(tagRetrieverClassName)) { + + cleanup(); + + try { + @SuppressWarnings("unchecked") + Class<RangerTagRetriever> tagRetriverClass = (Class<RangerTagRetriever>) Class.forName(tagRetrieverClassName); + + tagRetriever = tagRetriverClass.newInstance(); + + } catch (ClassNotFoundException exception) { + LOG.error("Class " + tagRetrieverClassName + " not found, exception=" + exception); + } catch (ClassCastException exception) { + LOG.error("Class " + tagRetrieverClassName + " is not a type of RangerTagRetriever, exception=" + exception); + } catch (IllegalAccessException exception) { + LOG.error("Class " + tagRetrieverClassName + " could not be instantiated, exception=" + exception); + } catch (InstantiationException exception) { + LOG.error("Class " + tagRetrieverClassName + " could not be instantiated, exception=" + exception); + } + + if (tagRetriever != null) { + tagRetriever.setServiceName(serviceName); + tagRetriever.setServiceDef(serviceDef); + tagRetriever.setAppId(appId); + tagRetriever.setLastKnownVersion(lastKnownVersion); + tagRetriever.setTagReceiver(this); + tagRetriever.init(enricherDef.getEnricherOptions()); + + try { + tagRetriever.retrieveTags(); + } catch (Exception exception) { + // Ignore + } + + tagRefresher = new RangerTagRefresher(tagRetriever, pollingIntervalMs); + + tagRefresher.startRefresher(); + } + } else { + LOG.error("No value specified for " + TAG_RETRIEVER_CLASSNAME_OPTION + " in the RangerTagEnricher options"); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== RangerTagEnricher.init()"); + } + } + + public void cleanup() { + + if (tagRefresher != null) { + tagRefresher.cleanup(); + tagRefresher = null; + } + } + + @Override + public void enrich(RangerAccessRequest request) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> RangerTagEnricher.enrich(" + request + ")"); + } + + List<RangerServiceResourceMatcher> serviceResourceMatchersCopy = serviceResourceMatchers; + + List<RangerTag> matchedTags = findMatchingTags(request.getResource(), serviceResourceMatchersCopy); + + if (CollectionUtils.isNotEmpty(matchedTags)) { + RangerAccessRequestUtil.setRequestTagsInContext(request.getContext(), matchedTags); + + if (LOG.isDebugEnabled()) { + LOG.debug("RangerTagEnricher.enrich(" + request + ") - " + matchedTags.size() + " tags found by enricher."); + } + } else { + if (LOG.isDebugEnabled()) { + LOG.debug("RangerTagEnricher.enrich(" + request + ") - no tags found by enricher."); + } + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== RangerTagEnricher.enrich(" + request + ")"); + } + } + + @Override + public void setServiceTags(final ServiceTags serviceTags) { + this.serviceTags = serviceTags; + this.lastKnownVersion = serviceTags.getTagVersion(); + + List<RangerServiceResourceMatcher> resourceMatchers = new ArrayList<RangerServiceResourceMatcher>(); + + List<RangerServiceResource> serviceResources = this.serviceTags.getServiceResources(); + + if (CollectionUtils.isNotEmpty(serviceResources)) { + + for (RangerServiceResource serviceResource : serviceResources) { + RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher(); + + matcher.setServiceDef(this.serviceDef); + matcher.setPolicyResources(serviceResource.getResourceElements()); + + if (LOG.isDebugEnabled()) { + LOG.debug("RangerTagEnricher.setServiceTags() - Initializing matcher with (resource=" + serviceResource + + ", serviceDef=" + this.serviceDef.getName() + ")"); + + } + matcher.init(); + + RangerServiceResourceMatcher serviceResourceMatcher = new RangerServiceResourceMatcher(serviceResource, matcher); + resourceMatchers.add(serviceResourceMatcher); + + } + } + + serviceResourceMatchers = resourceMatchers; + + } + + private List<RangerTag> findMatchingTags(final RangerAccessResource resource, final List<RangerServiceResourceMatcher> resourceMatchers) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> RangerTagEnricher.findMatchingTags(" + resource + ")"); + } + + List<RangerTag> ret = null; + + if (CollectionUtils.isNotEmpty(resourceMatchers)) { + + for (RangerServiceResourceMatcher resourceMatcher : resourceMatchers) { + + boolean matchResult = resourceMatcher.isMatch(resource); + + if (matchResult) { + if (ret == null) { + ret = new ArrayList<RangerTag>(); + } + // Find tags from serviceResource + ret.addAll(getTagsForServiceResource(serviceTags, resourceMatcher.getServiceResource())); + } + } + } + + if (LOG.isDebugEnabled()) { + if (CollectionUtils.isEmpty(ret)) { + LOG.debug("RangerTagEnricher.findMatchingTags(" + resource + ") - No tags Found "); + } else { + LOG.debug("RangerTagEnricher.findMatchingTags(" + resource + ") - " + ret.size() + " tags Found "); + } + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== RangerTagEnricher.findMatchingTags(" + resource + ")"); + } + + return ret; + } + + static private List<RangerTag> getTagsForServiceResource(ServiceTags serviceTags, RangerServiceResource serviceResource) { + + List<RangerTag> ret = new ArrayList<RangerTag>(); + + Long resourceId = serviceResource.getId(); + + Map<Long, List<Long>> resourceToTagIds = serviceTags.getResourceToTagIds(); + Map<Long, RangerTag> tags = serviceTags.getTags(); + + if (resourceId != null && MapUtils.isNotEmpty(resourceToTagIds) && MapUtils.isNotEmpty(tags)) { + + List<Long> tagIds = resourceToTagIds.get(resourceId); + + if (CollectionUtils.isNotEmpty(tagIds)) { + + for (Long tagId : tagIds) { + + RangerTag tag = tags.get(tagId); + + if (tag != null) { + ret.add(tag); + } + } + } + } + + return ret; + } + + static class RangerTagRefresher extends Thread { + private static final Log LOG = LogFactory.getLog(RangerTagRefresher.class); + + private final RangerTagRetriever tagRetriever; + + private final long pollingIntervalMs; + + final long getPollingIntervalMs() { + return pollingIntervalMs; + } + + RangerTagRefresher(RangerTagRetriever tagRetriever, long pollingIntervalMs) { + this.tagRetriever = tagRetriever; + this.pollingIntervalMs = pollingIntervalMs; + } + + @Override + public void run() { + + if (LOG.isDebugEnabled()) { + LOG.debug("==> RangerTagRefresher(pollingIntervalMs=" + pollingIntervalMs + ").run()"); + } + + while (true) { + + try { + + tagRetriever.retrieveTags(); + + if (pollingIntervalMs > 0) { + Thread.sleep(pollingIntervalMs); + } else { + break; + } + } catch (InterruptedException excp) { + LOG.info("RangerTagRefresher(pollingIntervalMs=" + pollingIntervalMs + ").run() : interrupted! Exiting thread", excp); + break; + } + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== RangerTagRefresher().run()"); + } + } + + void cleanup() { + stopRefresher(); + } + + final void startRefresher() { + try { + super.start(); + } catch (Exception excp) { + LOG.error("RangerTagRefresher.startRetriever() - failed to start, exception=" + excp); + } + } + + private void stopRefresher() { + + if (super.isAlive()) { + super.interrupt(); + + try { + super.join(); + } catch (InterruptedException excp) { + LOG.error("RangerTagRefresher(): error while waiting for thread to exit", excp); + } + } + } + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagFileStoreRetriever.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagFileStoreRetriever.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagFileStoreRetriever.java index eda8d7c..0259bdf 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagFileStoreRetriever.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagFileStoreRetriever.java @@ -19,63 +19,67 @@ package org.apache.ranger.plugin.contextenricher; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.plugin.store.TagStore; import org.apache.ranger.plugin.store.file.TagFileStore; import org.apache.ranger.plugin.util.ServiceTags; -import java.util.Date; -import java.util.List; +import java.nio.channels.ClosedByInterruptException; import java.util.Map; -public class RangerTagFileStoreRetriever extends RangerTagRefresher { +public class RangerTagFileStoreRetriever extends RangerTagRetriever { private static final Log LOG = LogFactory.getLog(RangerTagFileStoreRetriever.class); - private final String serviceName; - private RangerTagReceiver receiver; - private TagStore tagStore; - private long lastKnownVersion; - public RangerTagFileStoreRetriever(final String serviceName, final long pollingIntervalMs, final RangerTagReceiver enricher) { - super(pollingIntervalMs); - this.serviceName = serviceName; - this.lastKnownVersion = -1L; - setReceiver(enricher); + public RangerTagFileStoreRetriever() { } @Override public void init(Map<String, String> options) { - tagStore = TagFileStore.getInstance(); - } + if (StringUtils.isNotBlank(serviceName) && serviceDef != null && StringUtils.isNotBlank(appId) && tagReceiver != null) { - @Override - public void setReceiver(RangerTagReceiver receiver) { - this.receiver = receiver; + tagStore = TagFileStore.getInstance(); + + } else { + LOG.error("FATAL: Cannot find service-name to use for retrieving tags. Will NOT be able to retrieve tags."); + } } @Override - public void retrieveTags() { - if (tagStore != null) { + public void retrieveTags() throws InterruptedException { + + if (tagStore != null && tagReceiver != null) { ServiceTags serviceTags = null; try { serviceTags = tagStore.getServiceTagsIfUpdated(serviceName, lastKnownVersion); - lastKnownVersion = serviceTags.getTagVersion(); - } catch (Exception exp) { - LOG.error("RangerTagFileStoreRetriever.retrieveTags() - Error retrieving resources"); + } + catch (InterruptedException interruptedException) { + LOG.error("Tag-retriever thread was interrupted"); + throw interruptedException; + } + catch (ClosedByInterruptException closedByInterruptException) { + LOG.error("Tag-retriever thread was interrupted while blocked on I/O"); + throw new InterruptedException(); + } + catch (Exception exception) { + LOG.error("RangerTagFileStoreRetriever.retrieveTags() - Error retrieving resources, exception=", exception); } - if (receiver != null && serviceTags != null) { - receiver.setServiceTags(serviceTags); + if (serviceTags != null) { + tagReceiver.setServiceTags(serviceTags); + LOG.info("RangerTagFileStoreRetriever.retrieveTags() - Updated tags-cache to new version of tags, lastKnownVersion=" + lastKnownVersion + "; newVersion=" + serviceTags.getTagVersion()); + setLastKnownVersion(serviceTags.getTagVersion()); } else { - LOG.error("RangerAdminTagRetriever.retrieveTags() - No receiver to send resources to .. OR .. no updates to tagged resources!!"); + if (LOG.isDebugEnabled()) { + LOG.debug("RangerTagFileStoreRetriever.retrieveTags() - No need to update tags-cache. lastKnownVersion=" + lastKnownVersion); + } } } else { - LOG.error("RangerTagFileStoreRetriever.retrieveTags() - No TagFileStore ..."); + LOG.error("RangerTagFileStoreRetriever.retrieveTags() - No tag-store to get tags from or no tag receiver to update tag-cache..."); } } - } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagProvider.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagProvider.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagProvider.java deleted file mode 100644 index 86630d3..0000000 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagProvider.java +++ /dev/null @@ -1,219 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.contextenricher; - -import org.apache.commons.collections.CollectionUtils; -import org.apache.commons.collections.MapUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.model.RangerServiceResource; -import org.apache.ranger.plugin.model.RangerTag; -import org.apache.ranger.plugin.policyengine.RangerAccessRequest; -import org.apache.ranger.plugin.policyengine.RangerAccessResource; -import org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher; -import org.apache.ranger.plugin.util.RangerAccessRequestUtil; -import org.apache.ranger.plugin.util.ServiceTags; - -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - -public class RangerTagProvider extends RangerAbstractContextEnricher implements RangerTagReceiver { - private static final Log LOG = LogFactory.getLog(RangerTagProvider.class); - - public enum TagProviderTypeEnum { - INVALID_TAG_PROVIDER, - FILESTORE_BASED_TAG_PROVIDER, - RANGER_ADMIN_TAG_PROVIDER, - EXTERNAL_SYSTEM_TAG_PROVIDER - } - - protected TagProviderTypeEnum tagProviderType = TagProviderTypeEnum.INVALID_TAG_PROVIDER; - protected RangerTagRefresher tagRefresher; - ServiceTags serviceTags; - List<RangerServiceResourceMatcher> serviceResourceMatchers; - - @Override - public void init() { - if (LOG.isDebugEnabled()) { - LOG.debug("==> RangerTagProvider.init()"); - } - - super.init(); - - Map<String, String> options = enricherDef != null ? enricherDef.getEnricherOptions() : null; - - String tagProviderTypeString = getOption("tagProviderType", "RANGER_ADMIN_TAG_PROVIDER"); - long pollingIntervalMs = getLongOption("pollingInterval", 60 * 1000); - - if (tagProviderTypeString.equals(TagProviderTypeEnum.FILESTORE_BASED_TAG_PROVIDER.toString())) { - tagRefresher = new RangerTagFileStoreRetriever(serviceName, pollingIntervalMs, this); - tagProviderType = TagProviderTypeEnum.FILESTORE_BASED_TAG_PROVIDER; - } else if (tagProviderTypeString.equals(TagProviderTypeEnum.RANGER_ADMIN_TAG_PROVIDER.toString())) { - tagRefresher = new RangerAdminTagRetriever(serviceName, serviceDef, pollingIntervalMs, this); - tagProviderType = TagProviderTypeEnum.RANGER_ADMIN_TAG_PROVIDER; - } else if (tagProviderTypeString.equals(TagProviderTypeEnum.EXTERNAL_SYSTEM_TAG_PROVIDER.toString())) { - // TODO - tagProviderType = TagProviderTypeEnum.EXTERNAL_SYSTEM_TAG_PROVIDER; - } else { - LOG.error("RangerTagProvider.init() - Invalid Tag Provider.. "); - } - - // Provide additional options - if (tagRefresher != null) { - tagRefresher.init(options); - tagRefresher.retrieveTags(); - } - - if (LOG.isDebugEnabled()) { - LOG.debug("<== RangerTagProvider.init() - Tag Provider Type:" + tagProviderType); - } - } - - @Override - public void enrich(RangerAccessRequest request) { - if (LOG.isDebugEnabled()) { - LOG.debug("==> RangerTagProvider.enrich(" + request + ")"); - } - - List<RangerServiceResourceMatcher> serviceResourceMatchersCopy = serviceResourceMatchers; - - List<RangerTag> matchedTags = findMatchingTags(request.getResource(), serviceResourceMatchersCopy); - - if (CollectionUtils.isNotEmpty(matchedTags)) { - RangerAccessRequestUtil.setRequestTagsInContext(request.getContext(), matchedTags); - - if (LOG.isDebugEnabled()) { - LOG.debug("RangerTagProvider.enrich(" + request + ") - " + matchedTags.size() + " tags found by enricher."); - } - } else { - if (LOG.isDebugEnabled()) { - LOG.debug("RangerTagProvider.enrich(" + request + ") - no tags found by enricher."); - } - } - - if (LOG.isDebugEnabled()) { - LOG.debug("<== RangerTagProvider.enrich(" + request + ")"); - } - } - - @Override - public void setServiceTags(final ServiceTags serviceTags) { - this.serviceTags = serviceTags; - - List<RangerServiceResourceMatcher> resourceMatchers = new ArrayList<RangerServiceResourceMatcher>(); - - List<RangerServiceResource> serviceResources = this.serviceTags.getServiceResources(); - - if (CollectionUtils.isNotEmpty(serviceResources)) { - - for (RangerServiceResource serviceResource : serviceResources) { - RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher(); - - matcher.setServiceDef(this.serviceDef); - matcher.setPolicyResources(serviceResource.getResourceElements()); - - if (LOG.isDebugEnabled()) { - LOG.debug("RangerTagProvider.setServiceTags() - Initializing matcher with (resource=" + serviceResource - + ", serviceDef=" + this.serviceDef.getName() + ")" ); - - } - matcher.init(); - - RangerServiceResourceMatcher serviceResourceMatcher = new RangerServiceResourceMatcher(serviceResource, matcher); - resourceMatchers.add(serviceResourceMatcher); - - } - } - - serviceResourceMatchers = resourceMatchers; - - if (tagRefresher != null && !tagRefresher.getIsStarted()) { - tagRefresher.startRetriever(); - } - } - - private List<RangerTag> findMatchingTags(final RangerAccessResource resource, final List<RangerServiceResourceMatcher> resourceMatchers) { - if (LOG.isDebugEnabled()) { - LOG.debug("==> RangerTagProvider.findMatchingTags(" + resource + ")"); - } - - List<RangerTag> ret = null; - - if (CollectionUtils.isNotEmpty(resourceMatchers)) { - - for (RangerServiceResourceMatcher resourceMatcher : resourceMatchers) { - - boolean matchResult = resourceMatcher.isMatch(resource); - - if (matchResult) { - if (ret == null) { - ret = new ArrayList<RangerTag>(); - } - // Find tags from serviceResource - ret.addAll(getTagsForServiceResource(serviceTags, resourceMatcher.getServiceResource())); - } - } - } - - if (LOG.isDebugEnabled()) { - if (CollectionUtils.isEmpty(ret)) { - LOG.debug("RangerTagProvider.findMatchingTags(" + resource + ") - No tags Found "); - } else { - LOG.debug("RangerTagProvider.findMatchingTags(" + resource + ") - " + ret.size() + " tags Found "); - } - } - - if (LOG.isDebugEnabled()) { - LOG.debug("<== RangerTagProvider.findMatchingTags(" + resource + ")"); - } - - return ret; - } - - static private List<RangerTag> getTagsForServiceResource(ServiceTags serviceTags, RangerServiceResource serviceResource) { - - List<RangerTag> ret = new ArrayList<RangerTag>(); - - Long resourceId = serviceResource.getId(); - - Map<Long, List<Long>> resourceToTagIds = serviceTags.getResourceToTagIds(); - Map<Long, RangerTag> tags = serviceTags.getTags(); - - if (resourceId != null && MapUtils.isNotEmpty(resourceToTagIds) && MapUtils.isNotEmpty(tags)) { - - List<Long> tagIds = resourceToTagIds.get(resourceId); - - if (CollectionUtils.isNotEmpty(tagIds)) { - - for (Long tagId : tagIds) { - - RangerTag tag = tags.get(tagId); - - if (tag != null) { - ret.add(tag); - } - } - } - } - - return ret; - } -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRefresher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRefresher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRefresher.java deleted file mode 100644 index f174cc8..0000000 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRefresher.java +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.contextenricher; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -public abstract class RangerTagRefresher extends Thread implements RangerTagRetriever { - private static final Log LOG = LogFactory.getLog(RangerTagRefresher.class); - - private long pollingIntervalMs; - private volatile boolean isStarted = false; - - protected RangerTagRefresher(final long pollingIntervalMs) { - this.pollingIntervalMs = pollingIntervalMs; - } - - public final long getPollingIntervalMs() { - return pollingIntervalMs; - } - - public final void setPollingIntervalMs(long pollingIntervalMs) { - this.pollingIntervalMs = pollingIntervalMs; - } - - public boolean getIsStarted() { return isStarted; } - - public final void cleanup() { this.stopRetriever(); } - - @Override - public void run() { - - if (LOG.isDebugEnabled()) { - LOG.debug("==> RangerTagRefresher(pollingIntervalMs=" + pollingIntervalMs + ").run()"); - } - - while (true) { - - retrieveTags(); - - if (pollingIntervalMs > 0) { - try { - Thread.sleep(pollingIntervalMs); - } catch (InterruptedException excp) { - LOG.info("RangerTagRefresher(pollingIntervalMs=" + pollingIntervalMs + ").run() : interrupted! Exiting thread", excp); - break; - } - } else { - break; - } - - } - - if (LOG.isDebugEnabled()) { - LOG.debug("<== RangerTagRefresher().run()"); - } - } - - public final boolean startRetriever() { - - boolean ret = isStarted; - - if (!ret) { - synchronized (this) { - - ret = isStarted; - - if (!ret) { - try { - super.start(); - ret = isStarted = true; - } catch (Exception excp) { - LOG.error("RangerTagRefresher.startRetriever() - failed to start, exception=" + excp); - } - } - } - } - - return ret; - } - - public final void stopRetriever() { - - super.interrupt(); - - try { - super.join(); - } catch (InterruptedException excp) { - LOG.error("RangerTagRefresher(): error while waiting for thread to exit", excp); - } - } -} - http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRetriever.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRetriever.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRetriever.java index 9384256..4967cbe 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRetriever.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRetriever.java @@ -19,13 +19,60 @@ package org.apache.ranger.plugin.contextenricher; +import org.apache.ranger.plugin.model.RangerServiceDef; + import java.util.Map; -public interface RangerTagRetriever { +public abstract class RangerTagRetriever { + + protected String serviceName; + protected RangerServiceDef serviceDef; + protected String appId; + protected long lastKnownVersion; + protected RangerTagReceiver tagReceiver; + + public abstract void init(Map<String, String> options); + + public abstract void retrieveTags() throws InterruptedException; + + public String getServiceName() { + return serviceName; + } + + public void setServiceName(String serviceName) { + this.serviceName = serviceName; + } + + public RangerServiceDef getServiceDef() { + return serviceDef; + } + + public void setServiceDef(RangerServiceDef serviceDef) { + this.serviceDef = serviceDef; + } + + public String getAppId() { + return appId; + } + + public void setAppId(String appId) { + this.appId = appId; + } + + public long getLastKnownVersion() { + return lastKnownVersion; + } + + public void setLastKnownVersion(long lastKnownVersion) { + this.lastKnownVersion = lastKnownVersion; + } - void init (Map<String, String> options); + public RangerTagReceiver getTagReceiver() { + return tagReceiver; + } - void setReceiver(RangerTagReceiver receiver); + public void setTagReceiver(RangerTagReceiver tagReceiver) { + this.tagReceiver = tagReceiver; + } - void retrieveTags(); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java index 09b9f3f..f345ca2 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java @@ -79,7 +79,7 @@ public class RangerPolicyEngineCache { } private RangerPolicyEngine addPolicyEngine(ServicePolicies policies) { - RangerPolicyEngine ret = new RangerPolicyEngineImpl(policies, options); + RangerPolicyEngine ret = new RangerPolicyEngineImpl("ranger-admin", policies, options); policyEngineCache.put(policies.getServiceName(), ret); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java index 8251878..c7d2a28 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java @@ -42,16 +42,16 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { private final List<RangerContextEnricher> allContextEnrichers; - public RangerPolicyEngineImpl(ServicePolicies servicePolicies, RangerPolicyEngineOptions options) { + public RangerPolicyEngineImpl(String appId, ServicePolicies servicePolicies, RangerPolicyEngineOptions options) { if (LOG.isDebugEnabled()) { - LOG.debug("==> RangerPolicyEngineImpl(" + servicePolicies + ", " + options + ")"); + LOG.debug("==> RangerPolicyEngineImpl(" + appId + ", " + servicePolicies + ", " + options + ")"); } if (options == null) { options = new RangerPolicyEngineOptions(); } - policyRepository = new RangerPolicyRepository(servicePolicies, options); + policyRepository = new RangerPolicyRepository(appId, servicePolicies, options); ServicePolicies.TagPolicies tagPolicies = servicePolicies.getTagPolicies(); @@ -65,7 +65,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { LOG.debug("RangerPolicyEngineImpl : Building tag-policy-repository for tag-service " + tagPolicies.getServiceName()); } - tagPolicyRepository = new RangerPolicyRepository(tagPolicies, options, servicePolicies.getServiceDef(), servicePolicies.getServiceName()); + tagPolicyRepository = new RangerPolicyRepository(appId, tagPolicies, options, servicePolicies.getServiceDef(), servicePolicies.getServiceName()); } else { if (LOG.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java index 0bbabc8..96fddde 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java @@ -39,6 +39,7 @@ public class RangerPolicyRepository { private static final Log LOG = LogFactory.getLog(RangerPolicyRepository.class); private final String serviceName; + private final String appId; private final RangerServiceDef serviceDef; private final List<RangerPolicy> policies; private final long policyVersion; @@ -49,11 +50,14 @@ public class RangerPolicyRepository { private final String componentServiceName; private final RangerServiceDef componentServiceDef; - RangerPolicyRepository(ServicePolicies servicePolicies, RangerPolicyEngineOptions options) { + RangerPolicyRepository(String appId, ServicePolicies servicePolicies, RangerPolicyEngineOptions options) { super(); this.componentServiceName = this.serviceName = servicePolicies.getServiceName(); this.componentServiceDef = this.serviceDef = servicePolicies.getServiceDef(); + + this.appId = appId; + this.policies = Collections.unmodifiableList(servicePolicies.getPolicies()); this.policyVersion = servicePolicies.getPolicyVersion() != null ? servicePolicies.getPolicyVersion() : -1; @@ -76,7 +80,7 @@ public class RangerPolicyRepository { } - RangerPolicyRepository(ServicePolicies.TagPolicies tagPolicies, RangerPolicyEngineOptions options, + RangerPolicyRepository(String appId, ServicePolicies.TagPolicies tagPolicies, RangerPolicyEngineOptions options, RangerServiceDef componentServiceDef, String componentServiceName) { super(); @@ -86,6 +90,8 @@ public class RangerPolicyRepository { this.serviceDef = normalizeAccessTypeDefs(tagPolicies.getServiceDef(), componentServiceDef.getName()); this.componentServiceDef = componentServiceDef; + this.appId = appId; + this.policies = Collections.unmodifiableList(normalizePolicyItemAccesses(tagPolicies.getPolicies(), componentServiceDef.getName())); this.policyVersion = tagPolicies.getPolicyVersion() != null ? tagPolicies.getPolicyVersion() : -1; this.accessAuditCache = null; @@ -303,6 +309,7 @@ public class RangerPolicyRepository { ret.setContextEnricherDef(enricherDef); ret.setContextServiceName(componentServiceName); ret.setContextServiceDef(componentServiceDef); + ret.setAppId(appId); ret.init(); } @@ -393,6 +400,7 @@ public class RangerPolicyRepository { sb.append("serviceName={").append(serviceName).append("} "); sb.append("serviceDef={").append(serviceDef).append("} "); + sb.append("appId={").append(appId).append("} "); sb.append("policyEvaluators={"); if (policyEvaluators != null) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java index 601dcae..c857484 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java @@ -107,7 +107,7 @@ public class RangerBasePlugin { } public void setPolicies(ServicePolicies policies) { - RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl(policies, policyEngineOptions); + RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl(appId, policies, policyEngineOptions); this.policyEngine = policyEngine; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyDb.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyDb.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyDb.java index 1e34132..f41dde4 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyDb.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyDb.java @@ -85,7 +85,7 @@ public class TestPolicyDb { policyEngineOptions.disableContextEnrichers = true; policyEngineOptions.disableCustomConditions = true; - RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl(testCase.servicePolicies, policyEngineOptions); + RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl("test-policydb", testCase.servicePolicies, policyEngineOptions); for(TestData test : testCase.tests) { boolean expected = test.result; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java index 3a7448f..d7801b9 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java @@ -23,8 +23,13 @@ import com.google.gson.*; import com.google.gson.reflect.TypeToken; import org.apache.commons.lang.StringUtils; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FSDataOutputStream; +import org.apache.hadoop.fs.Path; +import org.apache.hadoop.fs.FileSystem; import org.apache.ranger.audit.provider.AuditHandler; import org.apache.ranger.audit.provider.AuditProviderFactory; +import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerTag; @@ -111,11 +116,11 @@ public class TestPolicyEngine { writer.write("<configuration>\n" + " <property>\n" + " <name>ranger.plugin.tag.policy.rest.url</name>\n" + - " <value>http://node-1.example.com:6080</value>\n" + + " <value>http://os-def:6080</value>\n" + " </property>\n" + " <property>\n" + " <name>ranger.externalurl</name>\n" + - " <value>http://node-1.example.com:6080</value>\n" + + " <value>http://os-def:6080</value>\n" + " </property>\n" + "</configuration>\n"); @@ -124,6 +129,7 @@ public class TestPolicyEngine { RangerConfiguration rangerConfig = RangerConfiguration.getInstance(); rangerConfig.addResource(filePath); */ + } @AfterClass @@ -218,7 +224,7 @@ public class TestPolicyEngine { policyEngineOptions.disableTagPolicyEvaluation = false; - policyEngine = new RangerPolicyEngineImpl(servicePolicies, policyEngineOptions); + policyEngine = new RangerPolicyEngineImpl("test-policyengine", servicePolicies, policyEngineOptions); RangerAccessRequest request = null; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json index 585ef95..454cf51 100644 --- a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json +++ b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json @@ -104,8 +104,8 @@ { "itemId": 1, "name" : "TagEnricher", - "enricher" : "org.apache.ranger.plugin.contextenricher.RangerTagProvider", - "enricherOptions" : {"tagProviderType":"FILESTORE_BASED_TAG_PROVIDER", "pollingInterval":-1, "dataFile":"/etc/ranger/data/resourceTags.txt"} + "enricher" : "org.apache.ranger.plugin.contextenricher.RangerTagEnricher", + "enricherOptions" : {"tagRetrieverClassName":"org.apache.ranger.plugin.contextenricher.RangerAdminTagRetriever", "tagRefresherPollingInterval":60000, "dataFile":"/etc/ranger/data/resourceTags.txt"} } ], "policyConditions": [ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801d3326/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json index f55c0a4..f071cdc 100644 --- a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json +++ b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json @@ -129,8 +129,8 @@ { "itemId": 1, "name" : "TagEnricher", - "enricher" : "org.apache.ranger.plugin.contextenricher.RangerTagProvider", - "enricherOptions" : {"tagProviderType":"FILESTORE_BASED_TAG_PROVIDER", "pollingInterval":-1, "dataFile":"/etc/ranger/data/resourceTags.txt"} + "enricher" : "org.apache.ranger.plugin.contextenricher.RangerTagEnricher", + "enricherOptions" : {"tagRetrieverClassName":"org.apache.ranger.plugin.contextenricher.RangerAdminTagRetriever", "tagRefresherPollingInterval":60000, "dataFile":"/etc/ranger/data/resourceTags.txt"} } ], "policyConditions": [
