incubator-ranger git commit: RANGER-737 Kafka plugin: add create/delete operation types added as via RANGER-737 to service-def

Fri, 04 Dec 2015 11:15:24 -0800 

Repository: incubator-ranger
Updated Branches:
  refs/heads/ranger-0.5 740fa9514 -> 56c91929c


RANGER-737 Kafka plugin: add create/delete operation types added as via 
RANGER-737 to service-def


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/56c91929
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/56c91929
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/56c91929

Branch: refs/heads/ranger-0.5
Commit: 56c91929c400a12cd478407d52e2be880d395240
Parents: 740fa95
Author: Alok Lal <[email protected]>
Authored: Fri Dec 4 00:08:32 2015 -0800
Committer: Alok Lal <[email protected]>
Committed: Fri Dec 4 10:57:21 2015 -0800

----------------------------------------------------------------------
 .../service-defs/ranger-servicedef-kafka.json        | 15 +++++++++++++--
 .../kafka/authorizer/RangerKafkaAuthorizer.java      |  3 +++
 .../kafka/authorizer/RangerKafkaAuthorizer.java      |  4 ++--
 3 files changed, 18 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/56c91929/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
----------------------------------------------------------------------
diff --git 
a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json 
b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
index bf7a4df..839d780 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
@@ -61,6 +61,16 @@
                        "label":"Describe"
                },
                {
+                       "itemId":8,
+                       "name":"create",
+                       "label":"Create"
+               },
+               {
+                       "itemId":9,
+                       "name":"delete",
+                       "label":"Delete"
+               },
+               {
                        "itemId":7,
                        "name":"kafka_admin",
                        "label":"Kafka Admin",
@@ -68,11 +78,12 @@
                                "publish",
                                "consume",
                                "configure",
-                               "describe"
+                               "describe",
+                               "create",
+                               "delete"
                        ]
                        
                }
-               
        ],
        "configs":[
                {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/56c91929/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
----------------------------------------------------------------------
diff --git 
a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
 
b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
index 7ca12ce..2adf5d5 100644
--- 
a/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
+++ 
b/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
@@ -125,6 +125,9 @@ public class RangerKafkaAuthorizer implements Authorizer {
 
                // TODO: If resource type if consumer group, then allow it by 
default
                if (resource.resourceType().equals(Group$.MODULE$)) {
+                       if (logger.isDebugEnabled()) {
+                               logger.debug("If resource type if consumer 
group, then we allow it by default!  Returning true");
+                       }
                        return true;
                }
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/56c91929/ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
----------------------------------------------------------------------
diff --git 
a/ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
 
b/ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
index 90b1ab0..644a223 100644
--- 
a/ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
+++ 
b/ranger-kafka-plugin-shim/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
@@ -126,7 +126,7 @@ public class RangerKafkaAuthorizer implements Authorizer {
        @Override
        public boolean authorize(Session session, Operation operation,Resource 
resource) {      
                if(LOG.isDebugEnabled()) {
-                       LOG.debug("==> RangerKafkaAuthorizer.authorize(Session, 
Operation, Resource)");
+                       LOG.debug(String.format("==> 
RangerKafkaAuthorizer.authorize(Session=%s, Operation=%s, Resource=%s)", 
session, operation, resource));
                }
 
                boolean ret = false;
@@ -140,7 +140,7 @@ public class RangerKafkaAuthorizer implements Authorizer {
                }
 
                if(LOG.isDebugEnabled()) {
-                       LOG.debug("<== RangerKafkaAuthorizer.authorize(Session, 
Operation, Resource)");
+                       LOG.debug("<== RangerKafkaAuthorizer.authorize: " + 
ret);
                }
                
                return ret;

Reply via email to