Repository: incubator-ranger Updated Branches: refs/heads/master 13e6b9586 -> f06795e2e
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java ---------------------------------------------------------------------- diff --git a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java b/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java deleted file mode 100644 index 198dc5f..0000000 --- a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.contextenricher; - -import java.util.Map; -import java.util.Properties; - -import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.policyengine.RangerAccessRequest; - -/** - * This is a sample implementation of a Context Enricher. It works in conjunction with a sample Condition Evaluator - * <code>RangerSampleSimpleMatcher</code>. It This is how it would be used in service definition: - { - ... service def - ... - "contextEnrichers": [ - { - "itemId": 1, "name": "country-provider", - "enricher": "org.apache.ranger.plugin.contextenricher.RangerSampleCountryProvider", - "enricherOptions": { "contextName" : "COUNTRY", "dataFile":"/etc/ranger/data/userCountry.txt"} - } - ... - } - - contextName: is used to specify the name under which the enricher would push value into context. - For purposes of this example the default value of this parameter, if unspecified is COUNTRY. This default - can be seen specified in <code>init()</code>. - dataFile: is the file which contains the lookup data that this particular enricher would use to - ascertain which value to insert into the context. For purposes of this example the default value of - this parameter, if unspecified is /etc/ranger/data/userCountry.txt. This default can be seen specified - in <code>init()</code>. Format of lookup data is in the form of standard java properties list. - - @see <a href="http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html#load(java.io.Reader)">Java Properties List</a> - * - * This Context Enricher is almost identical to another sample enricher <code>RangerSampleProjectProvider</code>. - */ -public class RangerSampleCountryProvider extends RangerAbstractContextEnricher { - private static final Log LOG = LogFactory.getLog(RangerSampleCountryProvider.class); - - private String contextName = "COUNTRY"; - private Properties userCountryMap = null; - - @Override - public void init() { - if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerSampleCountryProvider.init(" + enricherDef + ")"); - } - - super.init(); - - contextName = getOption("contextName", "COUNTRY"); - - String dataFile = getOption("dataFile", "/etc/ranger/data/userCountry.txt"); - - userCountryMap = readProperties(dataFile); - - if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerSampleCountryProvider.init(" + enricherDef + ")"); - } - } - - @Override - public void enrich(RangerAccessRequest request) { - if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerSampleCountryProvider.enrich(" + request + ")"); - } - - if(request != null && userCountryMap != null) { - Map<String, Object> context = request.getContext(); - String country = userCountryMap.getProperty(request.getUser()); - - if(context != null && !StringUtils.isEmpty(country)) { - request.getContext().put(contextName, country); - } else { - if(LOG.isDebugEnabled()) { - LOG.debug("RangerSampleCountryProvider.enrich(): skipping due to unavailable context or country. context=" + context + "; country=" + country); - } - } - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerSampleCountryProvider.enrich(" + request + ")"); - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java ---------------------------------------------------------------------- diff --git a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java b/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java deleted file mode 100644 index d3de690..0000000 --- a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.contextenricher; - -import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.policyengine.RangerAccessRequest; - -import java.util.Map; -import java.util.Properties; - -/** - * This is a sample implementation of a Context Enricher. It works in conjunction with a sample Condition Evaluator - * <code>RangerSampleSimpleMatcher</code>. It This is how it would be used in service definition: - { - ... service def - ... - "contextEnrichers": [ - { - "itemId": 1, "name": "project-provider", - "enricher": "org.apache.ranger.plugin.contextenricher.RangerSampleProjectProvider", - "enricherOptions": { "contextName" : "PROJECT", "dataFile":"/etc/ranger/data/userProject.txt"} - } - ... - } - - contextName: is used to specify the name under which the enricher would push value into context. - For purposes of this example the default value of this parameter, if unspecified is PROJECT. This default - can be seen specified in <code>init()</code>. - dataFile: is the file which contains the lookup data that this particular enricher would use to - ascertain which value to insert into the context. For purposes of this example the default value of - this parameter, if unspecified is /etc/ranger/data/userProject.txt. This default can be seen specified - in <code>init()</code>. Format of lookup data is in the form of standard java properties list. - - @see <a href="http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html#load(java.io.Reader)">Java Properties List</a> - */ -public class RangerSampleProjectProvider extends RangerAbstractContextEnricher { - private static final Log LOG = LogFactory.getLog(RangerSampleProjectProvider.class); - - private String contextName = "PROJECT"; - private Properties userProjectMap = null; - - @Override - public void init() { - if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerSampleProjectProvider.init(" + enricherDef + ")"); - } - - super.init(); - - contextName = getOption("contextName", "PROJECT"); - - String dataFile = getOption("dataFile", "/etc/ranger/data/userProject.txt"); - - userProjectMap = readProperties(dataFile); - - if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerSampleProjectProvider.init(" + enricherDef + ")"); - } - } - - @Override - public void enrich(RangerAccessRequest request) { - if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerSampleProjectProvider.enrich(" + request + ")"); - } - - if(request != null && userProjectMap != null) { - Map<String, Object> context = request.getContext(); - String project = userProjectMap.getProperty(request.getUser()); - - if(context != null && !StringUtils.isEmpty(project)) { - request.getContext().put(contextName, project); - } else { - if(LOG.isDebugEnabled()) { - LOG.debug("RangerSampleProjectProvider.enrich(): skipping due to unavailable context or project. context=" + context + "; project=" + project); - } - } - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerSampleProjectProvider.enrich(" + request + ")"); - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java ---------------------------------------------------------------------- diff --git a/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java b/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java deleted file mode 100644 index 3e683ba..0000000 --- a/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.conditionevaluator; - - -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; -import org.apache.ranger.plugin.policyengine.RangerAccessRequest; -import org.junit.Assert; -import org.junit.Test; -import org.mockito.Mockito; - -import java.util.*; - -public class RangerSampleSimpleMatcherTest { - - final Map<String, String> _conditionOptions = new HashMap<String, String>(); - - { - _conditionOptions.put(RangerSampleSimpleMatcher.CONTEXT_NAME, RangerSampleSimpleMatcher.CONTEXT_NAME); - } - - @Test - public void testIsMatched_happyPath() { - // this documents some unexpected behavior of the ip matcher - RangerSampleSimpleMatcher ipMatcher = createMatcher(new String[]{"US", "C*"} ); - Assert.assertTrue(ipMatcher.isMatched(createRequest("US"))); - Assert.assertTrue(ipMatcher.isMatched(createRequest("CA"))); - Assert.assertTrue(ipMatcher.isMatched(createRequest("C---"))); - Assert.assertFalse(ipMatcher.isMatched(createRequest(" US "))); - Assert.assertFalse(ipMatcher.isMatched(createRequest("Us"))); - Assert.assertFalse(ipMatcher.isMatched(createRequest("ca"))); - } - - @Test - public void test_firewallings() { - - // create a request for some policyValue, say, country and use it to match against matcher initialized with all sorts of bad data - RangerAccessRequest request = createRequest("AB"); - - RangerSampleSimpleMatcher matcher = new RangerSampleSimpleMatcher(); - // Matcher initialized with null policy should behave sensibly! It matches everything! - matcher.setConditionDef(null); - matcher.setPolicyItemCondition(null); - matcher.init(); - Assert.assertTrue(matcher.isMatched(request)); - - RangerPolicyItemCondition policyItemCondition = Mockito.mock(RangerPolicyItemCondition.class); - matcher.setConditionDef(null); - matcher.setPolicyItemCondition(policyItemCondition); - matcher.init(); - Assert.assertTrue(matcher.isMatched(request)); - - RangerPolicyConditionDef conditionDef = Mockito.mock(RangerPolicyConditionDef.class); - matcher.setConditionDef(conditionDef); - matcher.setPolicyItemCondition(null); - matcher.init(); - Assert.assertTrue(matcher.isMatched(request)); - - // so should a policy item condition with initialized with null list of values - Mockito.when(policyItemCondition.getValues()).thenReturn(null); - matcher.setConditionDef(conditionDef); - matcher.setPolicyItemCondition(policyItemCondition); - matcher.init(); - Assert.assertTrue(matcher.isMatched(request)); - - // not null item condition with empty condition list - List<String> values = new ArrayList<String>(); - Mockito.when(policyItemCondition.getValues()).thenReturn(values); - matcher.setConditionDef(conditionDef); - matcher.setPolicyItemCondition(policyItemCondition); - matcher.init(); - Assert.assertTrue(matcher.isMatched(request)); - - // values as sensible items in it, however, the conditionDef has null evaluator option, so that too suppresses any check - values.add("AB"); - Mockito.when(policyItemCondition.getValues()).thenReturn(values); - Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(null); - matcher.setConditionDef(conditionDef); - matcher.setPolicyItemCondition(policyItemCondition); - matcher.init(); - Assert.assertTrue(matcher.isMatched(request)); - - // If evaluator option on the condition def is non-null then it starts to evaluate for real - Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions); - matcher.setConditionDef(conditionDef); - matcher.setPolicyItemCondition(policyItemCondition); - matcher.init(); - Assert.assertTrue(matcher.isMatched(request)); - } - - RangerSampleSimpleMatcher createMatcher(String[] ipArray) { - RangerSampleSimpleMatcher matcher = new RangerSampleSimpleMatcher(); - - if (ipArray == null) { - matcher.setConditionDef(null); - matcher.setPolicyItemCondition(null); - matcher.init(); - } else { - RangerPolicyItemCondition condition = Mockito.mock(RangerPolicyItemCondition.class); - List<String> addresses = Arrays.asList(ipArray); - Mockito.when(condition.getValues()).thenReturn(addresses); - - RangerPolicyConditionDef conditionDef = Mockito.mock(RangerPolicyConditionDef.class); - - Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions); - matcher.setConditionDef(conditionDef); - matcher.setPolicyItemCondition(condition); - matcher.init(); - } - - return matcher; - } - - RangerAccessRequest createRequest(String value) { - Map<String, Object> context = new HashMap<String, Object>(); - context.put(RangerSampleSimpleMatcher.CONTEXT_NAME, value); - RangerAccessRequest request = Mockito.mock(RangerAccessRequest.class); - Mockito.when(request.getContext()).thenReturn(context); - return request; - } -}
