This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 0298b7e RANGER-2653: Refactor product code to move out APIs used only
by test code
0298b7e is described below
commit 0298b7ed15c2a864cdd97a81a3983cba0358b07b
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Tue Nov 26 22:46:43 2019 -0800
RANGER-2653: Refactor product code to move out APIs used only by test code
---
.../plugin/contextenricher/RangerTagEnricher.java | 65 +-----
.../validation/RangerSecurityZoneValidator.java | 2 +-
.../ranger/plugin/policyengine/PolicyEngine.java | 54 +----
.../policyengine/RangerPolicyEngineImpl.java | 8 +-
.../policyengine/RangerPolicyRepository.java | 32 +--
.../{util => policyengine}/RangerResourceTrie.java | 154 ++++-----------
.../plugin/policyengine/TestPolicyEngine.java | 217 +++++++++++++++++++++
.../policyengine/TestPolicyEngineComparison.java | 4 +-
8 files changed, 272 insertions(+), 264 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
index 75b0bf4..95a0bed 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
@@ -34,6 +34,7 @@ import
org.apache.ranger.plugin.model.validation.RangerServiceDefHelper;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerResourceTrie;
import
org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher;
import
org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher;
import org.apache.ranger.plugin.util.DownloadTrigger;
@@ -42,7 +43,6 @@ import org.apache.ranger.plugin.service.RangerAuthContext;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
import org.apache.ranger.plugin.util.RangerPerfTracer;
-import org.apache.ranger.plugin.util.RangerResourceTrie;
import org.apache.ranger.plugin.util.RangerServiceNotFoundException;
import org.apache.ranger.plugin.util.RangerServiceTagsDeltaUtil;
import org.apache.ranger.plugin.util.ServiceTags;
@@ -344,55 +344,8 @@ public class RangerTagEnricher extends
RangerAbstractContextEnricher {
token.waitForCompletion();
}
- public boolean compare(RangerTagEnricher other) {
- boolean ret;
-
- if (enrichedServiceTags == null || other == null ||
other.enrichedServiceTags == null) {
- return false;
- }
-
- if (enrichedServiceTags.getServiceResourceTrie() != null &&
other.enrichedServiceTags.getServiceResourceTrie() != null) {
- ret =
enrichedServiceTags.getServiceResourceTrie().size() ==
other.enrichedServiceTags.getServiceResourceTrie().size();
-
- if (ret &&
enrichedServiceTags.getServiceResourceTrie().size() > 0) {
- for (Map.Entry<String,
RangerResourceTrie<RangerServiceResourceMatcher>> entry :
enrichedServiceTags.getServiceResourceTrie().entrySet()) {
- ret =
entry.getValue().compareSubtree(other.enrichedServiceTags.getServiceResourceTrie().get(entry.getKey()));
- if (!ret) {
- break;
- }
- }
- }
- } else {
- ret = enrichedServiceTags.getServiceResourceTrie() ==
other.enrichedServiceTags.getServiceResourceTrie();
- }
-
- if (ret) {
- // Compare mappings
- ServiceTags myServiceTags =
enrichedServiceTags.getServiceTags();
- ServiceTags otherServiceTags =
other.enrichedServiceTags.getServiceTags();
-
- ret =
StringUtils.equals(myServiceTags.getServiceName(),
otherServiceTags.getServiceName()) &&
-
//myServiceTags.getTagVersion().equals(otherServiceTags.getTagVersion()) &&
- myServiceTags.getTags().size() ==
otherServiceTags.getTags().size() &&
-
myServiceTags.getServiceResources().size() ==
otherServiceTags.getServiceResources().size() &&
-
myServiceTags.getResourceToTagIds().size() ==
otherServiceTags.getResourceToTagIds().size();
- if (ret) {
- for (RangerServiceResource serviceResource :
myServiceTags.getServiceResources()) {
- Long serviceResourceId =
serviceResource.getId();
-
- List<Long> myTagsForResource =
myServiceTags.getResourceToTagIds().get(serviceResourceId);
- List<Long> otherTagsForResource =
otherServiceTags.getResourceToTagIds().get(serviceResourceId);
-
- ret =
CollectionUtils.size(myTagsForResource) ==
CollectionUtils.size(otherTagsForResource);
-
- if (ret &&
CollectionUtils.size(myTagsForResource) > 0) {
- ret = myTagsForResource.size()
== CollectionUtils.intersection(myTagsForResource, otherTagsForResource).size();
- }
- }
- }
- }
-
- return ret;
+ public EnrichedServiceTags getEnrichedServiceTags() {
+ return enrichedServiceTags;
}
private void processServiceTags(ServiceTags serviceTags) {
@@ -830,7 +783,7 @@ public class RangerTagEnricher extends
RangerAbstractContextEnricher {
return ret;
}
- static private final class EnrichedServiceTags {
+ static public final class EnrichedServiceTags {
final private ServiceTags
serviceTags;
final private List<RangerServiceResourceMatcher>
serviceResourceMatchers;
final private Map<String,
RangerResourceTrie<RangerServiceResourceMatcher>> serviceResourceTrie;
@@ -844,11 +797,11 @@ public class RangerTagEnricher extends
RangerAbstractContextEnricher {
this.tagsForEmptyResourceAndAnyAccess =
createTagsForEmptyResourceAndAnyAccess();
this.resourceTrieVersion =
serviceTags.getTagVersion();
}
- ServiceTags
getServiceTags() {return serviceTags;}
- List<RangerServiceResourceMatcher>
getServiceResourceMatchers() { return serviceResourceMatchers;}
- Map<String, RangerResourceTrie<RangerServiceResourceMatcher>>
getServiceResourceTrie() { return serviceResourceTrie;}
- Long
getResourceTrieVersion() { return resourceTrieVersion;}
- Set<RangerTagForEval>
getTagsForEmptyResourceAndAnyAccess() { return
tagsForEmptyResourceAndAnyAccess;}
+ public ServiceTags
getServiceTags() {return serviceTags;}
+ public List<RangerServiceResourceMatcher>
getServiceResourceMatchers() { return serviceResourceMatchers;}
+ public Map<String,
RangerResourceTrie<RangerServiceResourceMatcher>> getServiceResourceTrie() {
return serviceResourceTrie;}
+ public Long
getResourceTrieVersion() { return resourceTrieVersion;}
+ public Set<RangerTagForEval>
getTagsForEmptyResourceAndAnyAccess() { return
tagsForEmptyResourceAndAnyAccess;}
private Set<RangerTagForEval>
createTagsForEmptyResourceAndAnyAccess() {
Set<RangerTagForEval> tagsForEmptyResourceAndAnyAccess
= new HashSet<>();
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java
index d892676..ba25f13 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java
@@ -31,12 +31,12 @@ import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import
org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerResourceTrie;
import
org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher;
import
org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.store.SecurityZoneStore;
import org.apache.ranger.plugin.store.ServiceStore;
-import org.apache.ranger.plugin.util.RangerResourceTrie;
import org.apache.ranger.plugin.util.SearchFilter;
import java.util.ArrayList;
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
index 38b1c93..a41d2c8 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
@@ -25,7 +25,6 @@ import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
-import java.util.Objects;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
@@ -45,7 +44,6 @@ import org.apache.ranger.plugin.service.RangerAuthContext;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.apache.ranger.plugin.util.RangerPolicyDeltaUtil;
-import org.apache.ranger.plugin.util.RangerResourceTrie;
import org.apache.ranger.plugin.util.RangerRoles;
import org.apache.ranger.plugin.util.ServicePolicies;
@@ -153,60 +151,16 @@ public class PolicyEngine {
return sb;
}
- public boolean compare(PolicyEngine other) {
- boolean ret;
-
- if (policyRepository != null && other.policyRepository != null) {
- ret = policyRepository .compare(other.policyRepository);
- } else {
- ret = policyRepository == other.policyRepository;
- }
-
- if (ret) {
- if (tagPolicyRepository != null && other.tagPolicyRepository !=
null) {
- ret = tagPolicyRepository.compare(other.tagPolicyRepository);
- } else {
- ret = tagPolicyRepository == other.tagPolicyRepository;
- }
- }
-
- if (ret) {
- ret = Objects.equals(resourceZoneTrie.keySet(),
other.resourceZoneTrie.keySet());
-
- if (ret) {
- for (Map.Entry<String, RangerResourceTrie> entry :
resourceZoneTrie.entrySet()) {
- ret =
entry.getValue().compareSubtree(other.resourceZoneTrie.get(entry.getKey()));
-
- if (!ret) {
- break;
- }
- }
- }
- }
-
- if (ret) {
- ret = Objects.equals(zonePolicyRepositories.keySet(),
other.zonePolicyRepositories.keySet());
-
- if (ret) {
- for (Map.Entry<String, RangerPolicyRepository> entry :
zonePolicyRepositories.entrySet()) {
- ret =
entry.getValue().compare(other.zonePolicyRepositories.get(entry.getKey()));
-
- if (!ret) {
- break;
- }
- }
- }
- }
-
- return ret;
- }
-
public List<RangerPolicy> getResourcePolicies(String zoneName) {
RangerPolicyRepository zoneResourceRepository =
zonePolicyRepositories.get(zoneName);
return zoneResourceRepository == null ? ListUtils.EMPTY_LIST :
zoneResourceRepository.getPolicies();
}
+ Map<String, RangerResourceTrie> getResourceZoneTrie() {
+ return resourceZoneTrie;
+ }
+
public RangerAccessResult createAccessResult(RangerAccessRequest request,
int policyType) {
RangerAccessResult ret = new RangerAccessResult(policyType,
getServiceName(), getPolicyRepository().getServiceDef(), request);
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index 5709fd8..dff54ac 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -357,6 +357,10 @@ public class RangerPolicyEngineImpl implements
RangerPolicyEngine {
return ret;
}
+ PolicyEngine getPolicyEngine() {
+ return policyEngine;
+ }
+
// This API is used only used by test code
@Override
public RangerResourceAccessInfo
getResourceAccessInfo(RangerAccessRequest request) {
@@ -529,10 +533,6 @@ public class RangerPolicyEngineImpl implements
RangerPolicyEngine {
}
}
- public boolean compare(RangerPolicyEngineImpl other) {
- return policyEngine.compare(other.policyEngine);
- }
-
private RangerPolicyEngineImpl(final PolicyEngine policyEngine) {
this.policyEngine = policyEngine;
this.requestProcessor = new
RangerDefaultRequestProcessor(policyEngine);
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index 3a78eab..d2d1722 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -38,7 +38,6 @@ import
org.apache.ranger.plugin.policyevaluator.RangerOptimizedPolicyEvaluator;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
import org.apache.ranger.plugin.store.AbstractServiceStore;
import org.apache.ranger.plugin.util.RangerPerfTracer;
-import org.apache.ranger.plugin.util.RangerResourceTrie;
import org.apache.ranger.plugin.util.ServiceDefUtil;
import org.apache.ranger.plugin.util.ServicePolicies;
@@ -1404,7 +1403,7 @@ public class RangerPolicyRepository {
return ret;
}
- private Map<String, RangerResourceTrie> getTrie(final int policyType) {
+ Map<String, RangerResourceTrie> getTrie(final int policyType) {
final Map<String, RangerResourceTrie> ret;
switch (policyType) {
case RangerPolicy.POLICY_TYPE_ACCESS:
@@ -1422,33 +1421,4 @@ public class RangerPolicyRepository {
return ret;
}
- public boolean compare(RangerPolicyRepository other) {
- return compareTrie(RangerPolicy.POLICY_TYPE_ACCESS, other) &&
- compareTrie(RangerPolicy.POLICY_TYPE_DATAMASK, other) &&
- compareTrie(RangerPolicy.POLICY_TYPE_ROWFILTER, other);
- }
-
- private boolean compareTrie(final int policyType, RangerPolicyRepository
other) {
- boolean ret;
-
- Map<String, RangerResourceTrie> myTrie = getTrie(policyType);
- Map<String, RangerResourceTrie> otherTrie = other.getTrie(policyType);
-
- ret = myTrie.size() == otherTrie.size();
-
- if (ret) {
- for (Map.Entry<String, RangerResourceTrie> entry :
myTrie.entrySet()) {
- RangerResourceTrie myResourceTrie = entry.getValue();
- RangerResourceTrie otherResourceTrie =
otherTrie.get(entry.getKey());
-
- ret = otherResourceTrie != null &&
myResourceTrie.compareSubtree(otherResourceTrie);
-
- if (!ret) {
- break;
- }
- }
- }
-
- return ret;
- }
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
similarity index 91%
rename from
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java
rename to
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
index ea92e3c..88d3b97 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.ranger.plugin.util;
+package org.apache.ranger.plugin.policyengine;
import org.apache.commons.collections.CollectionUtils;
@@ -27,10 +27,10 @@ import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.policyengine.RangerPluginContext;
import
org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceEvaluator;
import org.apache.ranger.plugin.resourcematcher.RangerAbstractResourceMatcher;
import org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher;
+import org.apache.ranger.plugin.util.RangerPerfTracer;
import java.util.ArrayList;
import java.util.Collection;
@@ -62,7 +62,33 @@ public class RangerResourceTrie<T extends
RangerPolicyResourceEvaluator> {
this(resourceDef, evaluators, true, null);
}
- public RangerResourceTrie(RangerServiceDef.RangerResourceDef resourceDef,
List<T> evaluators, boolean isOptimizedForRetrieval, RangerPluginContext
pluginContext) {
+ public RangerResourceTrie(RangerResourceTrie<T> other) {
+ RangerPerfTracer perf = null;
+
+ if(RangerPerfTracer.isPerfTraceEnabled(PERF_TRIE_INIT_LOG)) {
+ perf = RangerPerfTracer.getPerfTracer(PERF_TRIE_INIT_LOG,
"RangerResourceTrie.copyTrie(name=" + other.resourceDef.getName() + ")");
+ }
+
+ this.resourceDef = other.resourceDef;
+ this.optIgnoreCase = other.optIgnoreCase;
+ this.optWildcard = other.optWildcard;
+ this.wildcardChars = other.wildcardChars;
+ this.isOptimizedForRetrieval = false;
+ this.root = copyTrieSubtree(other.root, null);
+
+ RangerPerfTracer.logAlways(perf);
+
+ if (PERF_TRIE_INIT_LOG.isDebugEnabled()) {
+ PERF_TRIE_INIT_LOG.debug(toString());
+ }
+ if (TRACE_LOG.isTraceEnabled()) {
+ StringBuilder sb = new StringBuilder();
+ root.toString("", sb);
+ TRACE_LOG.trace("Trie Dump from RangerResourceTrie.copyTrie(name="
+ other.resourceDef.getName() + "):\n{" + sb.toString() + "}");
+ }
+ }
+
+ RangerResourceTrie(RangerServiceDef.RangerResourceDef resourceDef, List<T>
evaluators, boolean isOptimizedForRetrieval, RangerPluginContext pluginContext)
{
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerResourceTrie(" + resourceDef.getName() + ",
evaluatorCount=" + evaluators.size() + ", isOptimizedForRetrieval=" +
isOptimizedForRetrieval + ")");
}
@@ -133,10 +159,6 @@ public class RangerResourceTrie<T extends
RangerPolicyResourceEvaluator> {
}
}
- public String getResourceName() {
- return resourceDef.getName();
- }
-
public Set<T> getEvaluatorsForResource(Object resource) {
if (resource instanceof String) {
return getEvaluatorsForResource((String) resource);
@@ -221,83 +243,8 @@ public class RangerResourceTrie<T extends
RangerPolicyResourceEvaluator> {
}
}
- public boolean compareSubtree(RangerResourceTrie<T> other) {
-
- final boolean ret;
- List<TrieNode<T>> mismatchedNodes = new ArrayList<>();
-
- if (this.root == null || other.root == null) {
- ret = this.root == other.root;
- if (!ret) {
- mismatchedNodes.add(this.root);
- }
- } else {
- ret = compareSubtree(this.root, other.root, mismatchedNodes);
- }
- return ret;
- }
-
- private boolean compareSubtree(TrieNode<T> me, TrieNode<T> other,
List<TrieNode<T>> misMatched) {
- boolean ret = StringUtils.equals(me.getStr(), other.getStr());
-
- if (ret) {
- Map<Character, TrieNode<T>> myChildren = me.getChildren();
- Map<Character, TrieNode<T>> otherChildren = other.getChildren();
-
- ret = myChildren.size() == otherChildren.size() &&
- compareLists(me.getEvaluators(), other.getEvaluators()) &&
- compareLists(me.getWildcardEvaluators(),
other.getWildcardEvaluators()) &&
- myChildren.keySet().size() ==
otherChildren.keySet().size();
- if (ret) {
- // Check if subtrees match
- for (Map.Entry<Character, TrieNode<T>> entry :
myChildren.entrySet()) {
- Character c = entry.getKey();
- TrieNode<T> myNode = entry.getValue();
- TrieNode<T> otherNode = otherChildren.get(c);
- ret = otherNode != null && compareSubtree(myNode,
otherNode, misMatched);
- if (!ret) {
- break;
- }
- }
- }
- }
-
- if (!ret) {
- misMatched.add(me);
- }
-
- return ret;
- }
-
- private boolean compareLists(Set<? extends RangerPolicyResourceEvaluator>
me, Set<? extends RangerPolicyResourceEvaluator> other) {
- boolean ret;
-
- if (me == null || other == null) {
- ret = me == other;
- } else {
- ret = me.size() == other.size();
-
- if (ret) {
- List<? extends RangerPolicyResourceEvaluator> meAsList
= new ArrayList<>(me);
- List<? extends RangerPolicyResourceEvaluator>
otherAsList = new ArrayList<>(other);
-
- List<Long> myIds = new ArrayList<>();
- List<Long> otherIds = new ArrayList<>();
- for (RangerPolicyResourceEvaluator evaluator : meAsList) {
- myIds.add(evaluator.getId());
- }
- for (RangerPolicyResourceEvaluator evaluator : otherAsList) {
- otherIds.add(evaluator.getId());
- }
-
- ret = compareLongLists(myIds, otherIds);
- }
- }
- return ret;
- }
-
- private boolean compareLongLists(List<Long> me, List<Long> other) {
- return me.size() == CollectionUtils.intersection(me, other).size();
+ TrieNode<T> getRoot() {
+ return root;
}
private TrieNode<T> copyTrieSubtree(final TrieNode<T> source, final
TrieNode<T> parent) {
@@ -352,32 +299,6 @@ public class RangerResourceTrie<T extends
RangerPolicyResourceEvaluator> {
return dest;
}
- public RangerResourceTrie(RangerResourceTrie<T> other) {
- RangerPerfTracer perf = null;
-
- if(RangerPerfTracer.isPerfTraceEnabled(PERF_TRIE_INIT_LOG)) {
- perf = RangerPerfTracer.getPerfTracer(PERF_TRIE_INIT_LOG,
"RangerResourceTrie.copyTrie(name=" + other.resourceDef.getName() + ")");
- }
-
- this.resourceDef = other.resourceDef;
- this.optIgnoreCase = other.optIgnoreCase;
- this.optWildcard = other.optWildcard;
- this.wildcardChars = other.wildcardChars;
- this.isOptimizedForRetrieval = false;
- this.root = copyTrieSubtree(other.root, null);
-
- RangerPerfTracer.logAlways(perf);
-
- if (PERF_TRIE_INIT_LOG.isDebugEnabled()) {
- PERF_TRIE_INIT_LOG.debug(toString());
- }
- if (TRACE_LOG.isTraceEnabled()) {
- StringBuilder sb = new StringBuilder();
- root.toString("", sb);
- TRACE_LOG.trace("Trie Dump from RangerResourceTrie.copyTrie(name="
+ other.resourceDef.getName() + "):\n{" + sb.toString() + "}");
- }
- }
-
private TrieNode<T> buildTrie(RangerServiceDef.RangerResourceDef
resourceDef, List<T> evaluators, int builderThreadCount) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> buildTrie(" + resourceDef.getName() + ",
evaluatorCount=" + evaluators.size() + ", isMultiThreaded=" +
(builderThreadCount > 1) + ")");
@@ -817,7 +738,7 @@ public class RangerResourceTrie<T extends
RangerPolicyResourceEvaluator> {
int wildcardEvaluatorListRefCount;
}
- private class TrieNode<U extends T> {
+ class TrieNode<U extends T> {
private String str;
private TrieNode<U> parent;
private final Map<Character, TrieNode<U>> children = new
HashMap<>();
@@ -1132,7 +1053,7 @@ public class RangerResourceTrie<T extends
RangerPolicyResourceEvaluator> {
}
- public void toString(StringBuilder sb) {
+ void toString(StringBuilder sb) {
String nodeValue = this.str;
sb.append("nodeValue=").append(nodeValue);
@@ -1155,7 +1076,7 @@ public class RangerResourceTrie<T extends
RangerPolicyResourceEvaluator> {
}
}
- public void toString(String prefix, StringBuilder sb) {
+ void toString(String prefix, StringBuilder sb) {
String nodeValue = prefix + (str != null ? str : "");
sb.append(prefix);
@@ -1169,12 +1090,5 @@ public class RangerResourceTrie<T extends
RangerPolicyResourceEvaluator> {
}
}
-
- public void clear() {
- children.clear();
-
- evaluators = null;
- wildcardEvaluators = null;
- }
}
}
diff --git
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
index b4c3060..28f7314 100644
---
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
+++
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
@@ -32,20 +32,25 @@ import org.apache.commons.lang.StringUtils;
import org.apache.ranger.audit.provider.AuditHandler;
import org.apache.ranger.audit.provider.AuditProviderFactory;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
+import org.apache.ranger.plugin.contextenricher.RangerServiceResourceMatcher;
+import org.apache.ranger.plugin.contextenricher.RangerTagEnricher;
import org.apache.ranger.plugin.contextenricher.RangerTagForEval;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicyDelta;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceResource;
import org.apache.ranger.plugin.model.RangerValiditySchedule;
import
org.apache.ranger.plugin.model.validation.RangerValidityScheduleValidator;
import org.apache.ranger.plugin.model.validation.ValidationFailureDetails;
import
org.apache.ranger.plugin.policyengine.TestPolicyEngine.PolicyEngineTestCase.TestData;
import
org.apache.ranger.plugin.policyevaluator.RangerValidityScheduleEvaluator;
+import
org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceEvaluator;
import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
import org.apache.ranger.plugin.util.RangerRequestedResources;
import org.apache.ranger.plugin.util.RangerRoles;
import org.apache.ranger.plugin.util.ServicePolicies;
+import org.apache.ranger.plugin.util.ServiceTags;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -63,6 +68,7 @@ import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import java.util.TimeZone;
@@ -766,5 +772,216 @@ public class TestPolicyEngine {
return gsonBuilder.fromJson(jsonObj,
RangerAccessResourceImpl.class);
}
}
+
+ // Test utility functions
+ public static boolean compare(PolicyEngine me, PolicyEngine other) {
+ boolean ret;
+
+ if (me.getPolicyRepository() != null &&
other.getPolicyRepository() != null) {
+ ret = compare(me.getPolicyRepository(),
other.getPolicyRepository());
+ } else {
+ ret = me.getPolicyRepository() ==
other.getPolicyRepository();
+ }
+
+ if (ret) {
+ if (me.getTagPolicyRepository() != null &&
other.getTagPolicyRepository() != null) {
+ ret = compare(me.getTagPolicyRepository(),
other.getTagPolicyRepository());
+ } else {
+ ret = me.getTagPolicyRepository() ==
other.getTagPolicyRepository();
+ }
+ }
+
+ if (ret) {
+ ret = Objects.equals(me.getResourceZoneTrie().keySet(),
other.getResourceZoneTrie().keySet());
+
+ if (ret) {
+ for (Map.Entry<String, RangerResourceTrie>
entry : me.getResourceZoneTrie().entrySet()) {
+ ret = compareSubtree(entry.getValue(),
other.getResourceZoneTrie().get(entry.getKey()));
+
+ if (!ret) {
+ break;
+ }
+ }
+ }
+ }
+
+ if (ret) {
+ ret =
Objects.equals(me.getZonePolicyRepositories().keySet(),
other.getZonePolicyRepositories().keySet());
+
+ if (ret) {
+ for (Map.Entry<String, RangerPolicyRepository>
entry : me.getZonePolicyRepositories().entrySet()) {
+ ret = compare(entry.getValue(),
other.getZonePolicyRepositories().get(entry.getKey()));
+
+ if (!ret) {
+ break;
+ }
+ }
+ }
+ }
+
+ return ret;
+ }
+
+ public static boolean compare(RangerPolicyRepository me,
RangerPolicyRepository other) {
+ return compareTrie(RangerPolicy.POLICY_TYPE_ACCESS, me, other)
&&
+ compareTrie(RangerPolicy.POLICY_TYPE_DATAMASK,
me, other) &&
+ compareTrie(RangerPolicy.POLICY_TYPE_ROWFILTER,
me, other);
+ }
+
+ public static boolean compareTrie(final int policyType,
RangerPolicyRepository me, RangerPolicyRepository other) {
+ boolean ret;
+
+ Map<String, RangerResourceTrie> myTrie =
me.getTrie(policyType);
+ Map<String, RangerResourceTrie> otherTrie =
other.getTrie(policyType);
+
+ ret = myTrie.size() == otherTrie.size();
+
+ if (ret) {
+ for (Map.Entry<String, RangerResourceTrie> entry :
myTrie.entrySet()) {
+ RangerResourceTrie myResourceTrie =
entry.getValue();
+ RangerResourceTrie otherResourceTrie =
otherTrie.get(entry.getKey());
+
+ ret = otherResourceTrie != null &&
compareSubtree(myResourceTrie, otherResourceTrie);
+
+ if (!ret) {
+ break;
+ }
+ }
+ }
+
+ return ret;
+ }
+
+ public static boolean compare(RangerTagEnricher me, RangerTagEnricher
other) {
+ boolean ret;
+
+ if (me.getEnrichedServiceTags() == null || other == null ||
other.getEnrichedServiceTags() == null) {
+ return false;
+ }
+
+ if (me.getEnrichedServiceTags().getServiceResourceTrie() !=
null && other.getEnrichedServiceTags().getServiceResourceTrie() != null) {
+ ret =
me.getEnrichedServiceTags().getServiceResourceTrie().size() ==
other.getEnrichedServiceTags().getServiceResourceTrie().size();
+
+ if (ret &&
me.getEnrichedServiceTags().getServiceResourceTrie().size() > 0) {
+ for (Map.Entry<String,
RangerResourceTrie<RangerServiceResourceMatcher>> entry :
me.getEnrichedServiceTags().getServiceResourceTrie().entrySet()) {
+ ret = compareSubtree(entry.getValue(),
other.getEnrichedServiceTags().getServiceResourceTrie().get(entry.getKey()));
+ if (!ret) {
+ break;
+ }
+ }
+ }
+ } else {
+ ret =
me.getEnrichedServiceTags().getServiceResourceTrie() ==
other.getEnrichedServiceTags().getServiceResourceTrie();
+ }
+
+ if (ret) {
+ // Compare mappings
+ ServiceTags myServiceTags =
me.getEnrichedServiceTags().getServiceTags();
+ ServiceTags otherServiceTags =
other.getEnrichedServiceTags().getServiceTags();
+
+ ret =
StringUtils.equals(myServiceTags.getServiceName(),
otherServiceTags.getServiceName()) &&
+
//myServiceTags.getTagVersion().equals(otherServiceTags.getTagVersion()) &&
+ myServiceTags.getTags().size() ==
otherServiceTags.getTags().size() &&
+
myServiceTags.getServiceResources().size() ==
otherServiceTags.getServiceResources().size() &&
+
myServiceTags.getResourceToTagIds().size() ==
otherServiceTags.getResourceToTagIds().size();
+ if (ret) {
+ for (RangerServiceResource serviceResource :
myServiceTags.getServiceResources()) {
+ Long serviceResourceId =
serviceResource.getId();
+
+ List<Long> myTagsForResource =
myServiceTags.getResourceToTagIds().get(serviceResourceId);
+ List<Long> otherTagsForResource =
otherServiceTags.getResourceToTagIds().get(serviceResourceId);
+
+ ret =
CollectionUtils.size(myTagsForResource) ==
CollectionUtils.size(otherTagsForResource);
+
+ if (ret &&
CollectionUtils.size(myTagsForResource) > 0) {
+ ret = myTagsForResource.size()
== CollectionUtils.intersection(myTagsForResource, otherTagsForResource).size();
+ }
+ }
+ }
+ }
+
+ return ret;
+ }
+
+ public static boolean compareSubtree(RangerResourceTrie me,
RangerResourceTrie other) {
+
+ final boolean ret;
+ List<RangerResourceTrie.TrieNode> mismatchedNodes = new
ArrayList<>();
+
+ if (me.getRoot() == null || other.getRoot() == null) {
+ ret = me.getRoot() == other.getRoot();
+ if (!ret) {
+ mismatchedNodes.add(me.getRoot());
+ }
+ } else {
+ ret = compareSubtree(me.getRoot(), other.getRoot(),
mismatchedNodes);
+ }
+ return ret;
+ }
+
+ private static boolean compareSubtree(RangerResourceTrie.TrieNode me,
RangerResourceTrie.TrieNode other, List<RangerResourceTrie.TrieNode>
misMatched) {
+ boolean ret = StringUtils.equals(me.getStr(), other.getStr());
+
+ if (ret) {
+ Map<Character, RangerResourceTrie.TrieNode> myChildren
= me.getChildren();
+ Map<Character, RangerResourceTrie.TrieNode>
otherChildren = other.getChildren();
+
+ ret = myChildren.size() == otherChildren.size() &&
+ compareLists(me.getEvaluators(),
other.getEvaluators()) &&
+
compareLists(me.getWildcardEvaluators(), other.getWildcardEvaluators()) &&
+ myChildren.keySet().size() ==
otherChildren.keySet().size();
+ if (ret) {
+ // Check if subtrees match
+ for (Map.Entry<Character,
RangerResourceTrie.TrieNode> entry : myChildren.entrySet()) {
+ Character c = entry.getKey();
+ RangerResourceTrie.TrieNode myNode =
entry.getValue();
+ RangerResourceTrie.TrieNode otherNode =
otherChildren.get(c);
+ ret = otherNode != null &&
compareSubtree(myNode, otherNode, misMatched);
+ if (!ret) {
+ break;
+ }
+ }
+ }
+ }
+
+ if (!ret) {
+ misMatched.add(me);
+ }
+
+ return ret;
+ }
+
+ private static boolean compareLists(Set me, Set other) {
+ boolean ret;
+
+ if (me == null || other == null) {
+ ret = me == other;
+ } else {
+ ret = me.size() == other.size();
+
+ if (ret) {
+ List<? extends RangerPolicyResourceEvaluator>
meAsList = new ArrayList<>(me);
+ List<? extends RangerPolicyResourceEvaluator>
otherAsList = new ArrayList<>(other);
+
+ List<Long> myIds = new ArrayList<>();
+ List<Long> otherIds = new ArrayList<>();
+ for (RangerPolicyResourceEvaluator evaluator :
meAsList) {
+ myIds.add(evaluator.getId());
+ }
+ for (RangerPolicyResourceEvaluator evaluator :
otherAsList) {
+ otherIds.add(evaluator.getId());
+ }
+
+ ret = compareLongLists(myIds, otherIds);
+ }
+ }
+ return ret;
+ }
+
+ private static boolean compareLongLists(List<Long> me, List<Long>
other) {
+ return me.size() == CollectionUtils.intersection(me,
other).size();
+ }
+
+
}
diff --git
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngineComparison.java
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngineComparison.java
index 94ba8b9..4ba0fa1 100644
---
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngineComparison.java
+++
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngineComparison.java
@@ -126,7 +126,7 @@ public class TestPolicyEngineComparison {
RangerPolicyEngineImpl myPolicyEngine = new
RangerPolicyEngineImpl("test-compare-my-engine", myServicePolicies, options,
rangerPluginContext, null);
RangerPolicyEngineImpl otherPolicyEngine = new
RangerPolicyEngineImpl("test-compare-other-engine", otherServicePolicies,
options, rangerPluginContext, null);
- isPolicyEnginesEqual =
myPolicyEngine.compare(otherPolicyEngine) &&
otherPolicyEngine.compare(myPolicyEngine);
+ isPolicyEnginesEqual =
TestPolicyEngine.compare(myPolicyEngine.getPolicyEngine(),
otherPolicyEngine.getPolicyEngine()) &&
TestPolicyEngine.compare(otherPolicyEngine.getPolicyEngine(),
myPolicyEngine.getPolicyEngine());
if (myServiceTags != null) {
@@ -143,7 +143,7 @@ public class TestPolicyEngineComparison {
otherTagEnricher.setServiceName(otherServiceTags.getServiceName());
otherTagEnricher.setServiceTags(otherServiceTags);
- isTagsEqual = myTagEnricher.compare(otherTagEnricher) &&
otherTagEnricher.compare(myTagEnricher);
+ isTagsEqual = TestPolicyEngine.compare(myTagEnricher,
otherTagEnricher) && TestPolicyEngine.compare(otherTagEnricher, myTagEnricher);
}
}
