date:20180409

ranger git commit: RANGER-2057: ranger-ugsync-default file not found and Log message

2018-04-09 Thread pradeep

Repository: ranger
Updated Branches:
  refs/heads/master 6cb7e82f4 -> 50e88f2ee


RANGER-2057: ranger-ugsync-default file not found and Log message


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/50e88f2e
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/50e88f2e
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/50e88f2e

Branch: refs/heads/master
Commit: 50e88f2ee6b0100ddd76d35cb25dfbd73f2767b8
Parents: 6cb7e82
Author: pradeep 
Authored: Thu Mar 8 10:03:10 2018 +0530
Committer: pradeep 
Committed: Tue Apr 10 09:33:56 2018 +0530

--
 .../org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/ranger/blob/50e88f2e/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
--
diff --git 
a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
 
b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index 3efcb86..e9e356a 100644
--- 
a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ 
b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -39,7 +39,7 @@ public class UserGroupSyncConfig  {
public static final String CONFIG_FILE = "ranger-ugsync-site.xml";
private static final Logger LOG = 
Logger.getLogger(UserGroupSyncConfig.class);
 
-   public static final String DEFAULT_CONFIG_FILE = 
"ranger-ugsync-default-site.xml";
+   public static final String DEFAULT_CONFIG_FILE = 
"ranger-ugsync-default.xml";
 
private static final String CORE_SITE_CONFIG_FILE = "core-site.xml";

ranger git commit: RANGER-2063: Audit log shows multiple table names when only one table is accessed

2018-04-09 Thread abhay

Repository: ranger
Updated Branches:
  refs/heads/master 3b510f8c0 -> 6cb7e82f4


RANGER-2063: Audit log shows multiple table names when only one table is 
accessed


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/6cb7e82f
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/6cb7e82f
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/6cb7e82f

Branch: refs/heads/master
Commit: 6cb7e82f4926c407028cd9374001e7059a4c5a43
Parents: 3b510f8
Author: Abhay Kulkarni 
Authored: Mon Apr 9 15:15:23 2018 -0700
Committer: Abhay Kulkarni 
Committed: Mon Apr 9 15:15:23 2018 -0700

--
 .../hbase/HbaseAuditHandlerImpl.java| 15 +
 .../hbase/RangerHBaseResource.java  | 65 
 2 files changed, 54 insertions(+), 26 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/ranger/blob/6cb7e82f/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
--
diff --git 
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
 
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
index 1dc06eb..bbf7db3 100644
--- 
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
+++ 
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
@@ -25,6 +25,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.ranger.audit.model.AuthzAuditEvent;
 import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
 import org.apache.ranger.plugin.policyengine.RangerAccessResult;
 
 public class HbaseAuditHandlerImpl extends RangerDefaultAuditHandler 
implements HbaseAuditHandler {
@@ -42,6 +43,7 @@ public class HbaseAuditHandlerImpl extends 
RangerDefaultAuditHandler implements
LOG.debug("==> HbaseAuditHandlerImpl.getAuthzEvents(" + 
result + ")");
}
 
+   resetResourceForAudit(result.getAccessRequest());
AuthzAuditEvent event = super.getAuthzEvents(result);
// first accumulate last set of events and then capture these 
as the most recent ones
if (_mostRecentEvent != null) {
@@ -147,4 +149,17 @@ public class HbaseAuditHandlerImpl extends 
RangerDefaultAuditHandler implements
LOG.debug("<== 
HbaseAuditHandlerImpl.applySuperUserOverride(...)");
}
}
+
+   private void resetResourceForAudit(RangerAccessRequest request) {
+   if (LOG.isDebugEnabled()) {
+   LOG.debug("==> 
HbaseAuditHandlerImpl.resetResourceForAudit(" + request + ")");
+   }
+   if (request != null && request.getResource() instanceof 
RangerHBaseResource) {
+   RangerHBaseResource hbaseResource = 
(RangerHBaseResource) request.getResource();
+   hbaseResource.resetValue(RangerHBaseResource.KEY_TABLE);
+   }
+   if(LOG.isDebugEnabled()) {
+   LOG.debug("<== 
HbaseAuditHandlerImpl.resetResourceForAudit(" + request + ")");
+   }
+   }
 }

http://git-wip-us.apache.org/repos/asf/ranger/blob/6cb7e82f/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java
--
diff --git 
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java
 
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java
index e705d97..1055618 100644
--- 
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java
+++ 
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java
@@ -39,40 +39,53 @@ public class RangerHBaseResource extends 
RangerAccessResourceImpl {
 public RangerHBaseResource() {
 }
 
-   public RangerHBaseResource(Map elements) {
-   super(elements);
-   setValue(KEY_TABLE, getValue(KEY_TABLE));
-   }
+public RangerHBaseResource(Map elements) {
+super(elements);
+setValue(KEY_TABLE, getValue(KEY_TABLE));
+}
 
-   public RangerHBaseResource(Map elements, String 
ownerUser) {
-   super(elements, ownerUser);
-   setValue(KEY_TABLE, getValue(KEY_TABLE));
-   }
+public RangerHBaseResource(Map elements, String ownerUser) 
{
+super(elements, ownerUser);
+setValue(KEY_TABLE, getValue(KEY_TABLE));
+}
 
 @Override
 public void setValue(String key,

[1/2] ranger git commit: RANGER-2061: Add policy engine support to get summary user and group ACLs for a resource

2018-04-09 Thread abhay

Repository: ranger
Updated Branches:
  refs/heads/master c8f67ce7c -> 3b510f8c0


http://git-wip-us.apache.org/repos/asf/ranger/blob/3b510f8c/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
--
diff --git 
a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
 
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
new file mode 100644
index 000..e92a2e6
--- /dev/null
+++ 
b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
@@ -0,0 +1,211 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import static org.junit.Assert.*;
+
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.lang.reflect.Type;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import com.google.gson.JsonDeserializationContext;
+import com.google.gson.JsonDeserializer;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParseException;
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.plugin.util.ServicePolicies;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+
+public class TestPolicyACLs {
+   private static Gson gsonBuilder;
+
+   @BeforeClass
+   public static void setUpBeforeClass() throws Exception {
+   gsonBuilder = new 
GsonBuilder().setDateFormat("MMdd-HH:mm:ss.SSS-Z")
+   .setPrettyPrinting()
+   
.registerTypeAdapter(RangerAccessResource.class, new 
RangerResourceDeserializer())
+   .create();
+
+   }
+
+   @AfterClass
+   public static void tearDownAfterClass() throws Exception {
+   }
+
+   @Before
+   public void setUp() throws Exception {
+   }
+
+   @After
+   public void tearDown() throws Exception {
+   }
+
+   @Test
+   public void testResourceMatcher_default() throws Exception {
+   String[] tests = { 
"/policyengine/test_aclprovider_default.json" };
+
+   runTestsFromResourceFiles(tests);
+   }
+
+   private void runTestsFromResourceFiles(String[] resourceNames) throws 
Exception {
+   for(String resourceName : resourceNames) {
+   InputStream   inStream = 
this.getClass().getResourceAsStream(resourceName);
+   InputStreamReader reader   = new 
InputStreamReader(inStream);
+
+   runTests(reader, resourceName);
+   }
+   }
+
+   private void runTests(InputStreamReader reader, String testName) throws 
Exception {
+   PolicyACLsTests testCases = gsonBuilder.fromJson(reader, 
PolicyACLsTests.class);
+
+   assertTrue("invalid input: " + testName, testCases != null && 
testCases.testCases != null);
+
+   for(PolicyACLsTests.TestCase testCase : testCases.testCases) {
+   RangerPolicyEngineOptions policyEngineOptions = new 
RangerPolicyEngineOptions();
+   RangerPolicyEngine policyEngine = new 
RangerPolicyEngineImpl("test-policy-acls", testCase.servicePolicies, 
policyEngineOptions);
+
+   for(PolicyACLsTests.TestCase.OneTest oneTest : 
testCase.tests) {
+   if(oneTest == null) {
+   continue;
+   }
+   RangerAccessRequestImpl request = new 
RangerAccessRequestImpl(oneTest.resource, RangerPolicyEngine.ANY_ACCESS, null, 
null);
+   policyEngine.preProcess(request);
+   RangerResourceACLs acls = 
policyEngine.getResourceACLs(request);
+
+   boolean userACLsMatched = true, 
groupACLsMatched = true;
+
+   if (MapUtils.isNo

[2/2] ranger git commit: RANGER-2061: Add policy engine support to get summary user and group ACLs for a resource

2018-04-09 Thread abhay

RANGER-2061: Add policy engine support to get summary user and group ACLs  for 
a resource


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/3b510f8c
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/3b510f8c
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/3b510f8c

Branch: refs/heads/master
Commit: 3b510f8c07271e2e51b5a9151a0d26f7084e3792
Parents: c8f67ce
Author: Abhay Kulkarni 
Authored: Mon Apr 9 14:29:36 2018 -0700
Committer: Abhay Kulkarni 
Committed: Mon Apr 9 14:29:36 2018 -0700

--
 .../RangerScriptConditionEvaluator.java |   2 +-
 .../RangerAbstractContextEnricher.java  |   6 +
 .../contextenricher/RangerContextEnricher.java  |   2 +
 .../contextenricher/RangerTagEnricher.java  |  45 +-
 .../policyengine/RangerAccessRequestImpl.java   |   2 +-
 .../plugin/policyengine/RangerPolicyEngine.java |   4 +
 .../policyengine/RangerPolicyEngineImpl.java| 158 -
 .../policyengine/RangerPolicyEngineOptions.java |   3 +
 .../plugin/policyengine/RangerResourceACLs.java | 233 
 .../RangerAbstractPolicyEvaluator.java  |   3 +
 .../RangerAbstractPolicyItemEvaluator.java  |   2 +-
 .../RangerDefaultPolicyEvaluator.java   | 319 +-
 .../policyevaluator/RangerPolicyEvaluator.java  | 310 +-
 .../RangerPolicyItemEvaluator.java  |   1 -
 .../plugin/service/RangerAuthContext.java   | 230 
 .../service/RangerAuthContextListener.java  |  25 +
 .../ranger/plugin/service/RangerBasePlugin.java |  40 +-
 .../plugin/policyengine/TestPolicyACLs.java | 211 +++
 .../plugin/policyengine/TestPolicyEngine.java   |  15 +-
 agents-common/src/test/resources/log4j.xml  |  16 +-
 .../resources/policyengine/ACLResourceTags.json | 207 +++
 .../policyengine/test_aclprovider_default.json  | 586 +++
 .../test_policyengine_tag_hive.json |   2 +-
 23 files changed, 2377 insertions(+), 45 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/ranger/blob/3b510f8c/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
--
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
index 5febf95..5b66539 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
@@ -117,7 +117,7 @@ public class RangerScriptConditionEvaluator extends 
RangerAbstractConditionEvalu
}
 
} catch (NullPointerException nullp) {
-   
LOG.error("RangerScriptConditionEvaluator.isMatched(): eval called with NULL 
argument(s)");
+   
LOG.error("RangerScriptConditionEvaluator.isMatched(): eval called with NULL 
argument(s)", nullp);
 
} catch (ScriptException exception) {

LOG.error("RangerScriptConditionEvaluator.isMatched(): failed to evaluate 
script," +

http://git-wip-us.apache.org/repos/asf/ranger/blob/3b510f8c/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
--
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
index f6e462c..a745112 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
@@ -29,6 +29,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.ranger.plugin.model.RangerServiceDef;
 import 
org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
 
 
 public abstract class RangerAbstractContextEnricher implements 
RangerContextEnricher {
@@ -71,6 +72,11 @@ public abstract class RangerAbstractContextEnricher 
implements RangerContextEnri
}
 
@Override
+   public void enrich(RangerAccessRequest request, Object dataStore) {
+   enrich(request);
+   }
+
+   @Override
public boolean

ranger git commit: RANGER-2057: ranger-ugsync-default file not found and Log message

ranger git commit: RANGER-2063: Audit log shows multiple table names when only one table is accessed

[1/2] ranger git commit: RANGER-2061: Add policy engine support to get summary user and group ACLs for a resource

[2/2] ranger git commit: RANGER-2061: Add policy engine support to get summary user and group ACLs for a resource

4 matches

Site Navigation

Mail list logo

Footer information