Repository: incubator-ranger Updated Branches: refs/heads/ranger-0.5 f15f87aea -> 801ec6657
RANGER-713:Knox-plugin failed to enable after plugin modification for not to add dependent libraries to component's CLASSPATH Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/801ec665 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/801ec665 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/801ec665 Branch: refs/heads/ranger-0.5 Commit: 801ec6657281ee64293745046a6a353f1543efa5 Parents: f15f87a Author: rmani <[email protected]> Authored: Sat Oct 31 09:53:00 2015 -0700 Committer: rmani <[email protected]> Committed: Sat Oct 31 11:04:33 2015 -0700 ---------------------------------------------------------------------- .../RangerPDPKnoxDeploymentContributor.java | 74 -------------------- ...gateway.deploy.ProviderDeploymentContributor | 18 ----- .../authorization/knox/RangerPDPKnoxFilter.java | 7 +- .../RangerPDPKnoxDeploymentContributor.java | 74 ++++++++++++++++++++ ...gateway.deploy.ProviderDeploymentContributor | 18 +++++ 5 files changed, 95 insertions(+), 96 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801ec665/knox-agent/src/main/java/org/apache/ranger/authorization/knox/deploy/RangerPDPKnoxDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/deploy/RangerPDPKnoxDeploymentContributor.java b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/deploy/RangerPDPKnoxDeploymentContributor.java deleted file mode 100644 index e927ba6..0000000 --- a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/deploy/RangerPDPKnoxDeploymentContributor.java +++ /dev/null @@ -1,74 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.ranger.authorization.knox.deploy; - -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; - -import org.apache.hadoop.gateway.deploy.DeploymentContext; -import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase; -import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor; -import org.apache.hadoop.gateway.descriptor.ResourceDescriptor; -import org.apache.hadoop.gateway.topology.Provider; -import org.apache.hadoop.gateway.topology.Service; - -public class RangerPDPKnoxDeploymentContributor extends ProviderDeploymentContributorBase { - - private static final String FILTER_CLASSNAME = "org.apache.ranger.authorization.knox.RangerPDPKnoxFilter"; - - @Override - public String getRole() { - return "authorization"; - } - - @Override - public String getName() { - // This MUST match a corresponding change in the topology file. For upgrade purposes this name remains as is, i.e. XASecure* and not Ranger*. - return "XASecurePDPKnox"; - } - - @Override - public void initializeContribution(DeploymentContext context) { - super.initializeContribution(context); - } - - @Override - public void contributeProvider( DeploymentContext context, Provider provider ) { - } - - @Override - public void contributeFilter( DeploymentContext context, Provider provider, Service service, - ResourceDescriptor resource, List<FilterParamDescriptor> params ) { - if (params == null) { - params = new ArrayList<FilterParamDescriptor>(); - } - // add resource role to params so that we can determine the acls to enforce at runtime - params.add( resource.createFilterParam().name( "resource.role" ).value(resource.role() ) ); - - // blindly add all the provider params as filter init params - // this will include any {resource.role}-ACLS parameters to be enforced - such as NAMENODE-ACLS - Map<String, String> providerParams = provider.getParams(); - for(Entry<String, String> entry : providerParams.entrySet()) { - params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) ); - } - - resource.addFilter().name( getName() ).role( getRole() ).impl( FILTER_CLASSNAME ).params( params ); - } -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801ec665/knox-agent/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor ---------------------------------------------------------------------- diff --git a/knox-agent/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/knox-agent/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor deleted file mode 100644 index c0c4576..0000000 --- a/knox-agent/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor +++ /dev/null @@ -1,18 +0,0 @@ -########################################################################## -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -########################################################################## -org.apache.ranger.authorization.knox.deploy.RangerPDPKnoxDeploymentContributor http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801ec665/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java ---------------------------------------------------------------------- diff --git a/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java b/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java index af4d947..c039ff2 100644 --- a/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java +++ b/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java @@ -36,10 +36,9 @@ public class RangerPDPKnoxFilter implements Filter { private static final Log LOG = LogFactory.getLog(RangerPDPKnoxFilter.class); private static final String RANGER_PLUGIN_TYPE = "knox"; - private static final String[] RANGER_PLUGIN_LIB_DIR = new String[] {"lib/ranger-hdfs-plugin"}; private static final String RANGER_PDP_KNOX_FILTER_IMPL_CLASSNAME = "org.apache.ranger.authorization.knox.RangerPDPKnoxFilter"; - - private RangerPDPKnoxFilter rangerPDPKnoxFilteImpl = null; + + private Filter rangerPDPKnoxFilteImpl = null; private static RangerPluginClassLoader rangerPluginClassLoader = null; public RangerPDPKnoxFilter() { @@ -67,7 +66,7 @@ public class RangerPDPKnoxFilter implements Filter { activatePluginClassLoader(); - rangerPDPKnoxFilteImpl = (RangerPDPKnoxFilter) cls.newInstance(); + rangerPDPKnoxFilteImpl = cls.newInstance(); } catch (Exception e) { // check what need to be done LOG.error("Error Enabling RangerKnoxPlugin", e); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801ec665/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/deploy/RangerPDPKnoxDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/deploy/RangerPDPKnoxDeploymentContributor.java b/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/deploy/RangerPDPKnoxDeploymentContributor.java new file mode 100644 index 0000000..e927ba6 --- /dev/null +++ b/ranger-knox-plugin-shim/src/main/java/org/apache/ranger/authorization/knox/deploy/RangerPDPKnoxDeploymentContributor.java @@ -0,0 +1,74 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ranger.authorization.knox.deploy; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import org.apache.hadoop.gateway.deploy.DeploymentContext; +import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase; +import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor; +import org.apache.hadoop.gateway.descriptor.ResourceDescriptor; +import org.apache.hadoop.gateway.topology.Provider; +import org.apache.hadoop.gateway.topology.Service; + +public class RangerPDPKnoxDeploymentContributor extends ProviderDeploymentContributorBase { + + private static final String FILTER_CLASSNAME = "org.apache.ranger.authorization.knox.RangerPDPKnoxFilter"; + + @Override + public String getRole() { + return "authorization"; + } + + @Override + public String getName() { + // This MUST match a corresponding change in the topology file. For upgrade purposes this name remains as is, i.e. XASecure* and not Ranger*. + return "XASecurePDPKnox"; + } + + @Override + public void initializeContribution(DeploymentContext context) { + super.initializeContribution(context); + } + + @Override + public void contributeProvider( DeploymentContext context, Provider provider ) { + } + + @Override + public void contributeFilter( DeploymentContext context, Provider provider, Service service, + ResourceDescriptor resource, List<FilterParamDescriptor> params ) { + if (params == null) { + params = new ArrayList<FilterParamDescriptor>(); + } + // add resource role to params so that we can determine the acls to enforce at runtime + params.add( resource.createFilterParam().name( "resource.role" ).value(resource.role() ) ); + + // blindly add all the provider params as filter init params + // this will include any {resource.role}-ACLS parameters to be enforced - such as NAMENODE-ACLS + Map<String, String> providerParams = provider.getParams(); + for(Entry<String, String> entry : providerParams.entrySet()) { + params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) ); + } + + resource.addFilter().name( getName() ).role( getRole() ).impl( FILTER_CLASSNAME ).params( params ); + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/801ec665/ranger-knox-plugin-shim/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor ---------------------------------------------------------------------- diff --git a/ranger-knox-plugin-shim/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/ranger-knox-plugin-shim/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor new file mode 100644 index 0000000..c0c4576 --- /dev/null +++ b/ranger-knox-plugin-shim/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor @@ -0,0 +1,18 @@ +########################################################################## +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +########################################################################## +org.apache.ranger.authorization.knox.deploy.RangerPDPKnoxDeploymentContributor
