RANGER-274: updated condition labels
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/22859f5b Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/22859f5b Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/22859f5b Branch: refs/heads/master Commit: 22859f5bc6d4b1c708162f5e863e4ddafbf1da04 Parents: 5b5e012 Author: Madhan Neethiraj <[email protected]> Authored: Tue Oct 27 15:55:32 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Tue Oct 27 16:57:25 2015 -0700 ---------------------------------------------------------------------- .../RangerScriptTemplateConditionEvaluator.java | 63 +++++++++----------- .../service-defs/ranger-servicedef-hive.json | 6 +- .../service-defs/ranger-servicedef-tag.json | 5 +- 3 files changed, 34 insertions(+), 40 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22859f5b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptTemplateConditionEvaluator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptTemplateConditionEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptTemplateConditionEvaluator.java index 03f96b8..939107e 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptTemplateConditionEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptTemplateConditionEvaluator.java @@ -24,72 +24,65 @@ import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.ranger.plugin.policyengine.RangerAccessRequest; -import java.util.List; -import java.util.Map; public class RangerScriptTemplateConditionEvaluator extends RangerScriptConditionEvaluator { private static final Log LOG = LogFactory.getLog(RangerScriptTemplateConditionEvaluator.class); - protected String scriptTemplate; - protected String script; + protected String script = null; + private boolean reverseResult = false; @Override public void init() { - if (LOG.isDebugEnabled()) { LOG.debug("==> RangerScriptTemplateConditionEvaluator.init(" + condition + ")"); } super.init(); - Map<String, String> evalOptions = conditionDef. getEvaluatorOptions(); + if(CollectionUtils.isNotEmpty(condition.getValues())) { + String expectedScriptReturn = condition.getValues().get(0); - if (MapUtils.isNotEmpty(evalOptions)) { - scriptTemplate = evalOptions.get("scriptTemplate"); - } + if(StringUtils.isNotBlank(expectedScriptReturn)) { + if(StringUtils.equalsIgnoreCase(expectedScriptReturn, "false") || StringUtils.equalsIgnoreCase(expectedScriptReturn, "no")) { + reverseResult = true; + } - script = formatScript(); + script = MapUtils.getString(conditionDef.getEvaluatorOptions(), "scriptTemplate"); + + if(script != null) { + script = script.trim(); + } + } + } if (LOG.isDebugEnabled()) { - LOG.debug("<== RangerScriptTemplateConditionEvaluator.init(" + condition + ")"); + LOG.debug("<== RangerScriptTemplateConditionEvaluator.init(" + condition + "): script=" + script + "; reverseResult=" + reverseResult); } } @Override - protected String getScript() { - return script; - } - - private String formatScript() { - - String ret = null; - + public boolean isMatched(RangerAccessRequest request) { if (LOG.isDebugEnabled()) { - LOG.debug("==> RangerScriptTemplateConditionEvaluator.formatScript()"); + LOG.debug("==> RangerScriptTemplateConditionEvaluator.isMatched()"); } - List<String> values = condition.getValues(); - - if (CollectionUtils.isNotEmpty(values)) { - - String value = values.get(0); - if (StringUtils.isNotBlank(value)) { + boolean ret = super.isMatched(request); - String s = value.trim().toLowerCase(); - - if (s.equals("no") || s.equals("false")) { - ret = null; - } else { - ret = scriptTemplate == null ? null : scriptTemplate.trim(); - } - } + if(reverseResult) { + ret = !ret; } if (LOG.isDebugEnabled()) { - LOG.debug("<== RangerScriptTemplateConditionEvaluator.formatScript(), ret=" + ret); + LOG.debug("<== RangerScriptTemplateConditionEvaluator.isMatched(): ret=" + ret); } return ret; } + + @Override + protected String getScript() { + return script; + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22859f5b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json index 53b1926..b966be9 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json @@ -216,10 +216,10 @@ [ { "itemId":1, - "name":"not-accessed-together", - "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerHiveResourcesNotAccessedTogetherCondition", + "name":"resources-accessed-together", + "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerHiveResourcesAccessedTogetherCondition", "evaluatorOptions" : {}, - "label":"Not Accessed Together?", + "label":"Hive Resources Accessed Together?", "description": "List of Hive resources" } ] http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/22859f5b/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json index 40f7b66..3bad222 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json @@ -63,10 +63,11 @@ [ { "itemId":1, - "name":"enforce-expiry", + "name":"accessed-after-expiry", "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator", "evaluatorOptions" : { "scriptTemplate":"ctx.isAccessedAfter('expiry_date');" }, - "label":"Accessed after expiry_date?", + "uiHint": "{ \"singleValue\":true }", + "label":"Accessed after expiry_date (yes/no)?", "description": "Accessed after expiry_date? (yes/no)" } ]
