mneethiraj commented on code in PR #584:
URL: https://github.com/apache/ranger/pull/584#discussion_r2226391712
##########
security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java:
##########
@@ -358,12 +358,13 @@ ServicePolicies getLatestOrCached(String serviceName,
ServiceStore serviceStore,
if (servicePoliciesForDeltas != null &&
servicePoliciesForDeltas.getPolicyDeltas() != null) {
LOG.debug("Deltas were requested. Returning
deltas from lastKnownVersion:[{}]", lastKnownVersion);
-
if (isDeltaCacheReinitialized) {
this.deltaCache = new
ServicePolicyDeltasCache(lastKnownVersion, servicePoliciesForDeltas);
}
+ LOG.debug("servicePoliciesForDeltas = " +
servicePoliciesForDeltas.getServiceConfig());
ret = servicePoliciesForDeltas;
+ LOG.debug("ret = " + ret.getServiceConfig());
Review Comment:
replace string concat with parameterized log message.
```
LOG.debug("ret = {}", ret.getServiceConfig());
```
##########
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java:
##########
@@ -2672,6 +2672,9 @@ public ServicePolicies
getSecureServicePoliciesIfUpdated(@PathParam("serviceName
throw restErrorUtil.createRESTException(httpCode, logMsg,
logError);
}
+ if (ret != null) {
+ LOG.debug("<== ServiceREST.getSecureServicePoliciesIfUpdated():
configs =" + ret.getServiceConfig());
Review Comment:
- to be consistent, remove `<== ` from the log message
- replace string concat with parameterized message; also replace `if (ret !=
null)` at line 2675 with an inline check:
```
LOG.debug("getSecureServicePoliciesIfUpdated(): configs ={}", ret == null ?
ret : ret.getServiceConfig());
```
##########
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java:
##########
@@ -222,147 +222,113 @@
@Component
public class ServiceDBStore extends AbstractServiceStore {
- private static final Logger LOG =
LoggerFactory.getLogger(ServiceDBStore.class);
-
- public static final String SERVICE_ADMIN_USERS =
"service.admin.users";
- public static final String SERVICE_ADMIN_GROUPS =
"service.admin.groups";
- public static final String GDS_SERVICE_NAME = "_gds";
- public static final String CRYPT_ALGO =
PropertiesUtil.getProperty("ranger.password.encryption.algorithm",
PasswordUtils.DEFAULT_CRYPT_ALGO);
- public static final String ENCRYPT_KEY =
PropertiesUtil.getProperty("ranger.password.encryption.key",
PasswordUtils.DEFAULT_ENCRYPT_KEY);
- public static final String SALT =
PropertiesUtil.getProperty("ranger.password.salt", PasswordUtils.DEFAULT_SALT);
- public static final Integer ITERATION_COUNT =
PropertiesUtil.getIntProperty("ranger.password.iteration.count",
PasswordUtils.DEFAULT_ITERATION_COUNT);
- public static final String RANGER_PLUGIN_AUDIT_FILTERS =
"ranger.plugin.audit.filters";
- public static final String HIDDEN_PASSWORD_STR = "*****";
- public static final String CONFIG_KEY_PASSWORD = "password";
- public static final String ACCESS_TYPE_DECRYPT_EEK = "decrypteek";
- public static final String ACCESS_TYPE_GENERATE_EEK = "generateeek";
- public static final String ACCESS_TYPE_GET_METADATA = "getmetadata";
-
- private static final String POLICY_ALLOW_EXCLUDE = "Policy
Allow:Exclude";
- private static final String POLICY_ALLOW_INCLUDE = "Policy
Allow:Include";
- private static final String POLICY_DENY_EXCLUDE = "Policy
Deny:Exclude";
- private static final String POLICY_DENY_INCLUDE = "Policy
Deny:Include";
- private static final String POLICY_TYPE_ACCESS = "Access";
- private static final String POLICY_TYPE_DATAMASK = "Masking";
- private static final String POLICY_TYPE_ROWFILTER = "Row Level
Filter";
- private static final String HOSTNAME = "Host name";
- private static final String USER_NAME = "Exported by";
- private static final String RANGER_VERSION = "Ranger apache
version";
- private static final String TIMESTAMP = "Export time";
- private static final String EXPORT_COUNT = "Exported count";
- private static final String SERVICE_CHECK_USER =
"service.check.user";
- private static final String AMBARI_SERVICE_CHECK_USER =
"ambari.service.check.user";
- private static final String RANGER_PLUGIN_CONFIG_PREFIX = "ranger.plugin.";
- private static final String LINE_SEPARATOR = "\n";
- private static final String FILE_HEADER =
"ID|Name|Resources|Roles|Groups|Users|Accesses|Service Type|Status|Policy
Type|Delegate Admin|isRecursive|isExcludes|Service
Name|Description|isAuditEnabled|Policy Conditions|Policy Condition Type|Masking
Options|Row Filter Expr|Policy Label Name";
- private static final String COMMA_DELIMITER = "|";
-
- private static final String DEFAULT_CSV_SANITIZATION_PATTERN =
"^[=+\\-@\\t\\r]";
- private static final Pattern CSV_SANITIZATION_PATTERN =
Pattern.compile(PropertiesUtil.getProperty("ranger.admin.csv.sanitization.pattern",
DEFAULT_CSV_SANITIZATION_PATTERN));
-
- private static final Comparator<RangerPolicyDelta>
POLICY_DELTA_ID_COMPARATOR = new RangerPolicyDeltaComparator();
-
- public static boolean SUPPORTS_POLICY_DELTAS;
- public static boolean SUPPORTS_IN_PLACE_POLICY_UPDATES;
- public static Integer RETENTION_PERIOD_IN_DAYS = 7;
- public static Integer TAG_RETENTION_PERIOD_IN_DAYS = 3;
- public static boolean SUPPORTS_PURGE_LOGIN_RECORDS;
- public static Integer LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS;
- public static boolean SUPPORTS_PURGE_TRANSACTION_RECORDS;
- public static Integer TRANSACTION_RECORDS_RETENTION_PERIOD_IN_DAYS;
- public static boolean SUPPORTS_PURGE_POLICY_EXPORT_LOGS;
- public static Integer POLICY_EXPORT_LOGS_RETENTION_PERIOD_IN_DAYS;
-
- private static String LOCAL_HOSTNAME;
- private static boolean isRolesDownloadedByService;
-
- private static volatile boolean legacyServiceDefsInitDone;
-
+ public static final String SERVICE_ADMIN_USERS
= "service.admin.users";
+ public static final String SERVICE_ADMIN_GROUPS
= "service.admin.groups";
+ public static final String GDS_SERVICE_NAME
= "_gds";
+ public static final String CRYPT_ALGO
=
PropertiesUtil.getProperty("ranger.password.encryption.algorithm",
PasswordUtils.DEFAULT_CRYPT_ALGO);
+ public static final String ENCRYPT_KEY
= PropertiesUtil.getProperty("ranger.password.encryption.key",
PasswordUtils.DEFAULT_ENCRYPT_KEY);
+ public static final String SALT
= PropertiesUtil.getProperty("ranger.password.salt",
PasswordUtils.DEFAULT_SALT);
+ public static final Integer ITERATION_COUNT
= PropertiesUtil.getIntProperty("ranger.password.iteration.count",
PasswordUtils.DEFAULT_ITERATION_COUNT);
+ public static final String
RANGER_PLUGIN_AUDIT_FILTERS = "ranger.plugin.audit.filters";
+ public static final String
RANGER_PLUGINS_CONFIG_CONF_PREFIX = "ranger.plugins.conf.";
+ public static final String HIDDEN_PASSWORD_STR
= "*****";
+ public static final String CONFIG_KEY_PASSWORD
= "password";
+ public static final String
ACCESS_TYPE_DECRYPT_EEK = "decrypteek";
+ public static final String
ACCESS_TYPE_GENERATE_EEK = "generateeek";
+ public static final String
ACCESS_TYPE_GET_METADATA = "getmetadata";
+ private static final Logger LOG
= LoggerFactory.getLogger(ServiceDBStore.class);
Review Comment:
@dhavalshah9131 - to be consistent with rest of the code base, I suggest
keeping instantiation of Logger instances at start of the class, even if they
are private static.
##########
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java:
##########
@@ -1818,6 +1785,10 @@ public ServicePolicies
getServicePoliciesIfUpdated(String serviceName, Long last
}
}
+ if (ret != null) {
Review Comment:
- replace `if (ret != null)` with inline check as shown below
- remove `<==` in the log message
```
LOG.debug("getServicePoliciesIfUpdated({}, {}, {}): configs = {}",
serviceName, lastKnownVersion, needsBackwardCompatibility, ret == null ? null ?
ret.getServiceConfig());
```
##########
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java:
##########
@@ -1274,6 +1275,76 @@ private RangerAdminClient getAdminClient() throws
Exception {
return admin;
}
+ private void
configurePluginContextFromServicePoliciesForUserGroupName(ServicePolicies
servicePolicies) {
+ if (servicePolicies != null) {
+ Map<String, String> serviceConfigMap =
servicePolicies.getServiceConfig();
+ if (MapUtils.isNotEmpty(serviceConfigMap)) {
+ LOG.debug("==> RangerBasePlugin({})",
serviceConfigMap.keySet());
+
pluginContext.setUserNameCaseConversion(serviceConfigMap.get(RangerCommonConstants.PLUGINS_CONF_USERNAME_CASE_CONVERSION_PARAM));
+
pluginContext.setGroupNameCaseConversion(serviceConfigMap.get(RangerCommonConstants.PLUGINS_CONF_GROUPNAME_CASE_CONVERSION_PARAM));
+ String mappingUserNameHandler =
serviceConfigMap.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME_HANDLER);
+ try {
+ if (mappingUserNameHandler != null) {
+ Class<Mapper> regExClass = (Class<Mapper>)
Class.forName(mappingUserNameHandler);
+ Mapper userNameRegExInst =
regExClass.newInstance();
+ if (userNameRegExInst != null) {
+ String baseProperty =
RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME;
+ userNameRegExInst.init(baseProperty,
getAllRegexPatterns(baseProperty, serviceConfigMap),
+
serviceConfigMap.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR));
+
pluginContext.setUserNameTransformInst(userNameRegExInst);
+ } else {
+ LOG.error("RegEx handler instance for username is
null!");
+ }
+ }
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load " + mappingUserNameHandler + "
", cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate " +
mappingUserNameHandler + " ", te);
+ }
+ String mappingGroupNameHandler =
serviceConfigMap.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME_HANDLER);
+ try {
+ if (mappingGroupNameHandler != null) {
+ Class<Mapper> regExClass = (Class<Mapper>)
Class.forName(mappingGroupNameHandler);
+ Mapper groupNameRegExInst =
regExClass.newInstance();
+ if (groupNameRegExInst != null) {
+ String baseProperty =
RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME;
+ groupNameRegExInst.init(baseProperty,
getAllRegexPatterns(baseProperty, serviceConfigMap),
+
serviceConfigMap.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR));
+
pluginContext.setGroupNameTransformInst(groupNameRegExInst);
+ } else {
+ LOG.error("RegEx handler instance for groupname is
null!");
+ }
+ }
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load " + mappingGroupNameHandler + "
", cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate " +
mappingGroupNameHandler + " ", te);
+ }
+ }
+ }
+ }
+
+ private List<String> getAllRegexPatterns(String baseProperty, Map<String,
String> serviceConfig) throws Throwable {
+ List<String> regexPatterns = new ArrayList<String>();
+ String baseRegex = serviceConfig.get(baseProperty);
+ LOG.debug("==> getAllRegexPatterns({})", baseProperty);
+ LOG.debug("baseRegex = {}", baseRegex);
+ LOG.debug("pluginConfig = {}", serviceConfig != null ?
serviceConfig.keySet() : "null");
+ if (baseRegex == null) {
+ return regexPatterns;
Review Comment:
I suggest avoiding multiple `return` statements in a method.
```
if (baseRegEx != null) {
...
}
LOG.debug("<== getAllRegexPatterns({})", regexPatterns);
return regexPatterns;
```
##########
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java:
##########
@@ -1842,6 +1813,10 @@ public ServicePolicies getServicePolicyDeltas(String
serviceName, Long lastKnown
ret = getServicePolicies(serviceName, lastKnownVersion, true,
SUPPORTS_POLICY_DELTAS, cachedPolicyVersion);
}
+ if (ret != null) {
Review Comment:
- replace if (ret != null) with inline check as shown below
- replace `<===` with `<==`
```
LOG.debug("<== ServiceDBStore.getServicePolicyDeltas({}, {}): ret = {}",
serviceName, lastKnownVersion, ret == null ? ret : ret.getServiceConfig());
```
##########
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java:
##########
@@ -4112,6 +4099,10 @@ private ServicePolicies getServicePolicies(String
serviceName, Long lastKnownVer
ret.setTagPolicies(tagPolicies);
}
+ if (ret != null) {
Review Comment:
- replace `if (ret != null)` with inline check as shown below
- remove `<==` in the log message
```
LOG.debug("ServiceDBStore.getServicePolicies({}, {}): ret = {}",
serviceName, lastKnownVersion, ret == null ? null : ret.getServiceConfig());
```
##########
ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/RegEx.java:
##########
@@ -17,34 +17,27 @@
* under the License.
*/
-package org.apache.ranger.usergroupsync;
-
-import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
+package org.apache.ranger.ugsyncutil.transform;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class RegEx extends AbstractMapper {
- private final UserGroupSyncConfig config =
UserGroupSyncConfig.getInstance();
- private LinkedHashMap<String, String> replacementPattern;
+ private LinkedHashMap<String, String> replacementPattern;
public LinkedHashMap<String, String> getReplacementPattern() {
return replacementPattern;
}
@Override
- public void init(String baseProperty) {
- logger.info("Initializing for {}", baseProperty);
-
+ public void init(String baseProperty, List<String> regexPatterns, String
regexSeparator) {
+ AbstractMapper.logger.info("Initializing for {}", baseProperty);
Review Comment:
Why is it necessary to add class name qualifier when referencing static
member `logger`? Alternatively, consider adding a static import:
```
import static org.apache.ranger.ugsyncutil.transform.AbstractMapper.logger;
```
##########
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java:
##########
@@ -1274,6 +1275,76 @@ private RangerAdminClient getAdminClient() throws
Exception {
return admin;
}
+ private void
configurePluginContextFromServicePoliciesForUserGroupName(ServicePolicies
servicePolicies) {
+ if (servicePolicies != null) {
+ Map<String, String> serviceConfigMap =
servicePolicies.getServiceConfig();
+ if (MapUtils.isNotEmpty(serviceConfigMap)) {
+ LOG.debug("==> RangerBasePlugin({})",
serviceConfigMap.keySet());
+
pluginContext.setUserNameCaseConversion(serviceConfigMap.get(RangerCommonConstants.PLUGINS_CONF_USERNAME_CASE_CONVERSION_PARAM));
+
pluginContext.setGroupNameCaseConversion(serviceConfigMap.get(RangerCommonConstants.PLUGINS_CONF_GROUPNAME_CASE_CONVERSION_PARAM));
+ String mappingUserNameHandler =
serviceConfigMap.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME_HANDLER);
+ try {
+ if (mappingUserNameHandler != null) {
+ Class<Mapper> regExClass = (Class<Mapper>)
Class.forName(mappingUserNameHandler);
+ Mapper userNameRegExInst =
regExClass.newInstance();
+ if (userNameRegExInst != null) {
+ String baseProperty =
RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME;
+ userNameRegExInst.init(baseProperty,
getAllRegexPatterns(baseProperty, serviceConfigMap),
+
serviceConfigMap.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR));
+
pluginContext.setUserNameTransformInst(userNameRegExInst);
+ } else {
+ LOG.error("RegEx handler instance for username is
null!");
+ }
+ }
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load " + mappingUserNameHandler + "
", cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate " +
mappingUserNameHandler + " ", te);
+ }
+ String mappingGroupNameHandler =
serviceConfigMap.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME_HANDLER);
+ try {
+ if (mappingGroupNameHandler != null) {
+ Class<Mapper> regExClass = (Class<Mapper>)
Class.forName(mappingGroupNameHandler);
+ Mapper groupNameRegExInst =
regExClass.newInstance();
+ if (groupNameRegExInst != null) {
+ String baseProperty =
RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME;
+ groupNameRegExInst.init(baseProperty,
getAllRegexPatterns(baseProperty, serviceConfigMap),
+
serviceConfigMap.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR));
+
pluginContext.setGroupNameTransformInst(groupNameRegExInst);
+ } else {
+ LOG.error("RegEx handler instance for groupname is
null!");
+ }
+ }
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load " + mappingGroupNameHandler + "
", cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate " +
mappingGroupNameHandler + " ", te);
+ }
+ }
+ }
+ }
+
+ private List<String> getAllRegexPatterns(String baseProperty, Map<String,
String> serviceConfig) throws Throwable {
+ List<String> regexPatterns = new ArrayList<String>();
+ String baseRegex = serviceConfig.get(baseProperty);
+ LOG.debug("==> getAllRegexPatterns({})", baseProperty);
+ LOG.debug("baseRegex = {}", baseRegex);
Review Comment:
Consider consoldating debug log messages in 1331 and 1332:
```
LOG.debug("baseRegex = {}, pluginConfig = {}", baseRegex, serviceConfig ==
null ? null : serviceConfig.keySet());
``
##########
security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java:
##########
@@ -358,12 +358,13 @@ ServicePolicies getLatestOrCached(String serviceName,
ServiceStore serviceStore,
if (servicePoliciesForDeltas != null &&
servicePoliciesForDeltas.getPolicyDeltas() != null) {
LOG.debug("Deltas were requested. Returning
deltas from lastKnownVersion:[{}]", lastKnownVersion);
-
if (isDeltaCacheReinitialized) {
this.deltaCache = new
ServicePolicyDeltasCache(lastKnownVersion, servicePoliciesForDeltas);
}
+ LOG.debug("servicePoliciesForDeltas = " +
servicePoliciesForDeltas.getServiceConfig());
Review Comment:
replace string concat with parameterized log message.
```
LOG.debug("servicePoliciesForDeltas = {}",
servicePoliciesForDeltas.getServiceConfig());
```
##########
agents-common/src/main/java/org/apache/ranger/plugin/model/UgsyncNameTransformRules.java:
##########
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.model;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import org.apache.ranger.plugin.util.RangerUserStoreUtil;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import java.util.Map;
+
+@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY)
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class UgsyncNameTransformRules extends RangerBaseModelObject implements
java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+ private final String name;
Review Comment:
- are instances of `UgsyncNameTransformRules` serialized/deserialied in REST
API calls i.e. parameters or return values? If not, I suggest removing @Json
annotations.
- why is the member `name` final? If this is necessary, why not
`nameTransformRules` as well?
- Is the default constructor at line 43 necessary, if the members are final?
##########
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java:
##########
@@ -194,7 +191,8 @@ public class ServiceREST {
public static final String PURGE_RECORD_TYPE_LOGIN_LOGS =
"login_records";
public static final String PURGE_RECORD_TYPE_TRX_LOGS =
"trx_records";
public static final String PURGE_RECORD_TYPE_POLICY_EXPORT_LOGS =
"policy_export_logs";
-
+ private static final Logger LOG =
LoggerFactory.getLogger(ServiceREST.class);
Review Comment:
To be consistent with rest of the sources, have initialization of `Logger`
instances at the beginning of the class.
##########
ugsync-util/src/test/java/org/apache/ranger/ugsynutil/transform/TestRegEx.java:
##########
@@ -49,21 +49,21 @@ public void setUp() {
public void testUserNameTransform() {
userRegexPatterns.add("s/\\s/_/");
userNameRegEx.populateReplacementPatterns(userNameBaseProperty,
userRegexPatterns, mappingSeparator);
- assertEquals("test_user", userNameRegEx.transform("test user"));
+ Assert.assertEquals("test_user", userNameRegEx.transform("test user"));
Review Comment:
Instead of qualifying each reference to a static method with the class name,
consider statically importing the methods, like:
```
import static org.junit.Assert.assertEquals;
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
