Repository: incubator-ranger Updated Branches: refs/heads/master ff4e2e7b6 -> 9918c8d25
RANGER-1162: updated to create resource-trie only when needed Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/9918c8d2 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/9918c8d2 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/9918c8d2 Branch: refs/heads/master Commit: 9918c8d25c35633c86b2a641a29ff1a83dfe51a0 Parents: ff4e2e7 Author: Madhan Neethiraj <mad...@apache.org> Authored: Tue Aug 30 11:14:49 2016 -0700 Committer: Madhan Neethiraj <mad...@apache.org> Committed: Tue Aug 30 11:26:06 2016 -0700 ---------------------------------------------------------------------- .../policyengine/RangerPolicyRepository.java | 107 +++++++++---------- 1 file changed, 52 insertions(+), 55 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9918c8d2/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java index d0b3f09..0fd8ed4 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java @@ -87,7 +87,6 @@ class RangerPolicyRepository { private final String componentServiceName; private final RangerServiceDef componentServiceDef; - private final boolean disableTrieLookupPrefilter; private final Map<String, RangerResourceTrie> policyResourceTrie; private final Map<String, RangerResourceTrie> dataMaskResourceTrie; private final Map<String, RangerResourceTrie> rowFilterResourceTrie; @@ -132,24 +131,22 @@ class RangerPolicyRepository { this.accessAuditCache = null; } - this.disableTrieLookupPrefilter = options.disableTrieLookupPrefilter; - - if(this.disableTrieLookupPrefilter) { - policyResourceTrie = null; - dataMaskResourceTrie = null; - rowFilterResourceTrie = null; - } else { - policyResourceTrie = new HashMap<String, RangerResourceTrie>(); - dataMaskResourceTrie = new HashMap<String, RangerResourceTrie>(); - rowFilterResourceTrie = new HashMap<String, RangerResourceTrie>(); - } - if(LOG.isDebugEnabled()) { LOG.debug("RangerPolicyRepository : building policy-repository for service[" + serviceName + "] with auditMode[" + auditModeEnum + "]"); } init(options); + + if(options.disableTrieLookupPrefilter) { + policyResourceTrie = null; + dataMaskResourceTrie = null; + rowFilterResourceTrie = null; + } else { + policyResourceTrie = createResourceTrieMap(policyEvaluators); + dataMaskResourceTrie = createResourceTrieMap(dataMaskPolicyEvaluators); + rowFilterResourceTrie = createResourceTrieMap(rowFilterPolicyEvaluators); + } } RangerPolicyRepository(String appId, ServicePolicies.TagPolicies tagPolicies, RangerPolicyEngineOptions options, @@ -179,24 +176,22 @@ class RangerPolicyRepository { this.accessAuditCache = null; - this.disableTrieLookupPrefilter = options.disableTrieLookupPrefilter; - - if(this.disableTrieLookupPrefilter) { - policyResourceTrie = null; - dataMaskResourceTrie = null; - rowFilterResourceTrie = null; - } else { - policyResourceTrie = new HashMap<String, RangerResourceTrie>(); - dataMaskResourceTrie = new HashMap<String, RangerResourceTrie>(); - rowFilterResourceTrie = new HashMap<String, RangerResourceTrie>(); - } - if(LOG.isDebugEnabled()) { LOG.debug("RangerPolicyRepository : building tag-policy-repository for tag service[" + serviceName + "] with auditMode[" + auditModeEnum +"]"); } init(options); + + if(options.disableTrieLookupPrefilter) { + policyResourceTrie = null; + dataMaskResourceTrie = null; + rowFilterResourceTrie = null; + } else { + policyResourceTrie = createResourceTrieMap(policyEvaluators); + dataMaskResourceTrie = createResourceTrieMap(dataMaskPolicyEvaluators); + rowFilterResourceTrie = createResourceTrieMap(rowFilterPolicyEvaluators); + } } public String getServiceName() { return serviceName; } @@ -220,7 +215,7 @@ class RangerPolicyRepository { } List<RangerPolicyEvaluator> getPolicyEvaluators(RangerAccessResource resource) { - return disableTrieLookupPrefilter ? getPolicyEvaluators() : getPolicyEvaluators(policyResourceTrie, resource); + return policyResourceTrie == null ? getPolicyEvaluators() : getPolicyEvaluators(policyResourceTrie, resource); } List<RangerPolicyEvaluator> getDataMaskPolicyEvaluators() { @@ -228,7 +223,7 @@ class RangerPolicyRepository { } List<RangerPolicyEvaluator> getDataMaskPolicyEvaluators(RangerAccessResource resource) { - return disableTrieLookupPrefilter ? getDataMaskPolicyEvaluators() : getPolicyEvaluators(dataMaskResourceTrie, resource); + return dataMaskResourceTrie == null ? getDataMaskPolicyEvaluators() : getPolicyEvaluators(dataMaskResourceTrie, resource); } List<RangerPolicyEvaluator> getRowFilterPolicyEvaluators() { @@ -236,7 +231,7 @@ class RangerPolicyRepository { } List<RangerPolicyEvaluator> getRowFilterPolicyEvaluators(RangerAccessResource resource) { - return disableTrieLookupPrefilter ? getRowFilterPolicyEvaluators() : getPolicyEvaluators(rowFilterResourceTrie, resource); + return rowFilterResourceTrie == null ? getRowFilterPolicyEvaluators() : getPolicyEvaluators(rowFilterResourceTrie, resource); } private List<RangerPolicyEvaluator> getPolicyEvaluators(Map<String, RangerResourceTrie> resourceTrie, RangerAccessResource resource) { @@ -529,8 +524,6 @@ class RangerPolicyRepository { } this.contextEnrichers = Collections.unmodifiableList(contextEnrichers); - initResourceTries(); - if(LOG.isDebugEnabled()) { LOG.debug("policy evaluation order: " + this.policyEvaluators.size() + " policies"); @@ -556,26 +549,6 @@ class RangerPolicyRepository { LOG.debug("rowFilter policy evaluation order: #" + (++order) + " - policy id=" + policy.getId() + "; name=" + policy.getName() + "; evalOrder=" + policyEvaluator.getEvalOrder()); } - - LOG.debug("policyResourceTrie: " + this.policyResourceTrie); - LOG.debug("dataMaskResourceTrie: " + this.dataMaskResourceTrie); - LOG.debug("rowFilterResourceTrie: " + this.rowFilterResourceTrie); - } - } - - private void initResourceTries() { - if(! this.disableTrieLookupPrefilter) { - policyResourceTrie.clear(); - dataMaskResourceTrie.clear(); - rowFilterResourceTrie.clear(); - - if (serviceDef != null && serviceDef.getResources() != null) { - for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) { - policyResourceTrie.put(resourceDef.getName(), new RangerResourceTrie(resourceDef, policyEvaluators)); - dataMaskResourceTrie.put(resourceDef.getName(), new RangerResourceTrie(resourceDef, dataMaskPolicyEvaluators)); - rowFilterResourceTrie.put(resourceDef.getName(), new RangerResourceTrie(resourceDef, rowFilterPolicyEvaluators)); - } - } } } @@ -732,14 +705,22 @@ class RangerPolicyRepository { LOG.debug("==> reorderEvaluators()"); } - if(disableTrieLookupPrefilter) { - policyEvaluators = getReorderedPolicyEvaluators(policyEvaluators); - dataMaskPolicyEvaluators = getReorderedPolicyEvaluators(dataMaskPolicyEvaluators); - rowFilterPolicyEvaluators = getReorderedPolicyEvaluators(rowFilterPolicyEvaluators); - } else { + if(policyResourceTrie != null) { reorderPolicyEvaluators(policyResourceTrie); + } else { + policyEvaluators = getReorderedPolicyEvaluators(policyEvaluators); + } + + if(dataMaskResourceTrie != null) { reorderPolicyEvaluators(dataMaskResourceTrie); + } else { + dataMaskPolicyEvaluators = getReorderedPolicyEvaluators(dataMaskPolicyEvaluators); + } + + if(rowFilterResourceTrie != null) { reorderPolicyEvaluators(rowFilterResourceTrie); + } else { + rowFilterPolicyEvaluators = getReorderedPolicyEvaluators(rowFilterPolicyEvaluators); } if (LOG.isDebugEnabled()) { @@ -773,6 +754,22 @@ class RangerPolicyRepository { return ret; } + private Map<String, RangerResourceTrie> createResourceTrieMap(List<RangerPolicyEvaluator> evaluators) { + final Map<String, RangerResourceTrie> ret; + + if (CollectionUtils.isNotEmpty(evaluators) && serviceDef != null && CollectionUtils.isNotEmpty(serviceDef.getResources())) { + ret = new HashMap<String, RangerResourceTrie>(); + + for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) { + ret.put(resourceDef.getName(), new RangerResourceTrie(resourceDef, evaluators)); + } + } else { + ret = null; + } + + return ret; + } + @Override public String toString( ) { StringBuilder sb = new StringBuilder();
