[ranger] branch master updated: RANGER-3082: User with delegated-admin is unable to create policy
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 6b5d5fb RANGER-3082: User with delegated-admin is unable to create
policy
6b5d5fb is described below
commit 6b5d5fb3469df532df4528e1c4cd8cb503f44eba
Author: Abhay Kulkarni
AuthorDate: Wed Nov 25 22:42:06 2020 -0800
RANGER-3082: User with delegated-admin is unable to create policy
---
.../ranger/plugin/policyengine/PolicyEngine.java | 25 +++-
.../RangerDefaultPolicyEvaluator.java | 8 +--
.../policyevaluator/RangerPolicyEvaluator.java | 2 +-
.../org/apache/ranger/biz/RangerPolicyAdmin.java | 2 +-
.../apache/ranger/biz/RangerPolicyAdminImpl.java | 72 --
.../java/org/apache/ranger/rest/ServiceREST.java | 11 +++-
6 files changed, 106 insertions(+), 14 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
index 3250719..2742312 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
@@ -40,12 +40,14 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.validation.RangerZoneResourceMatcher;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
import
org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher;
+import org.apache.ranger.plugin.resourcematcher.RangerAbstractResourceMatcher;
import org.apache.ranger.plugin.service.RangerAuthContext;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.apache.ranger.plugin.util.RangerPolicyDeltaUtil;
import org.apache.ranger.plugin.util.RangerRoles;
import org.apache.ranger.plugin.util.ServicePolicies;
+import org.apache.ranger.plugin.util.StringTokenReplacer;
public class PolicyEngine {
private static final Log LOG = LogFactory.getLog(PolicyEngine.class);
@@ -62,6 +64,7 @@ public class PolicyEngine {
private final Map zoneTagServiceMap = new
HashMap<>();
private boolean useForwardedIPAddress;
private String[]trustedProxyAddresses;
+private final MaptokenReplacers = new
HashMap<>();
public boolean getUseForwardedIPAddress() {
return useForwardedIPAddress;
@@ -109,6 +112,10 @@ public class PolicyEngine {
public RangerPluginContext getPluginContext() { return pluginContext; }
+public StringTokenReplacer getStringTokenReplacer(String resourceName) {
+return tokenReplacers.get(resourceName);
+}
+
@Override
public String toString() {
return toString(new StringBuilder()).toString();
@@ -159,7 +166,7 @@ public class PolicyEngine {
return resourceZoneTrie;
}
-public PolicyEngine(ServicePolicies servicePolicies, RangerPluginContext
pluginContext, RangerRoles roles) {
+public PolicyEngine(ServicePolicies servicePolicies,
RangerPluginContext pluginContext, RangerRoles roles) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyEngine(" + ", " + servicePolicies + ", " +
pluginContext + ")");
}
@@ -233,6 +240,20 @@ public class PolicyEngine {
}
}
+for (RangerServiceDef.RangerResourceDef resourceDef :
getServiceDef().getResources()) {
+Map matchOptions = resourceDef.getMatcherOptions();
+
+if
(RangerAbstractResourceMatcher.getOptionReplaceTokens(matchOptions)) {
+String delimiterPrefix =
RangerAbstractResourceMatcher.getOptionDelimiterPrefix(matchOptions);
+char delimiterStart =
RangerAbstractResourceMatcher.getOptionDelimiterStart(matchOptions);
+char delimiterEnd =
RangerAbstractResourceMatcher.getOptionDelimiterEnd(matchOptions);
+char escapeChar =
RangerAbstractResourceMatcher.getOptionDelimiterEscape(matchOptions);
+
+StringTokenReplacer tokenReplacer = new
StringTokenReplacer(delimiterStart, delimiterEnd, escapeChar, delimiterPrefix);
+tokenReplacers.put(resourceDef.getName(), tokenReplacer);
+}
+}
+
RangerPerfTracer.log(perf);
if (PERF_POLICYENGINE_INIT_LOG.isDebugEnabled()) {
@@ -639,7 +660,7 @@ public class PolicyEngine {
List tmpList;
List tagContextEnrichers =
tagPolicyRepository == null ? null :tagPolicyRepository.getContextEnrichers();
-List resourceContextEnrichers =
policyRepository.getContextEnrichers();
+List resourceContextEnrichers =
[ranger] branch ranger-2.2 updated: RANGER-3082: User with delegated-admin is unable to create policy
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new af38489 RANGER-3082: User with delegated-admin is unable to create
policy
af38489 is described below
commit af384899abda5888414700beff26fc67a518b7e3
Author: Abhay Kulkarni
AuthorDate: Wed Nov 25 22:42:06 2020 -0800
RANGER-3082: User with delegated-admin is unable to create policy
---
.../ranger/plugin/policyengine/PolicyEngine.java | 25 +++-
.../RangerDefaultPolicyEvaluator.java | 8 +--
.../policyevaluator/RangerPolicyEvaluator.java | 2 +-
.../org/apache/ranger/biz/RangerPolicyAdmin.java | 2 +-
.../apache/ranger/biz/RangerPolicyAdminImpl.java | 72 --
.../java/org/apache/ranger/rest/ServiceREST.java | 11 +++-
6 files changed, 106 insertions(+), 14 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
index 3250719..2742312 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
@@ -40,12 +40,14 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.validation.RangerZoneResourceMatcher;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
import
org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher;
+import org.apache.ranger.plugin.resourcematcher.RangerAbstractResourceMatcher;
import org.apache.ranger.plugin.service.RangerAuthContext;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.apache.ranger.plugin.util.RangerPolicyDeltaUtil;
import org.apache.ranger.plugin.util.RangerRoles;
import org.apache.ranger.plugin.util.ServicePolicies;
+import org.apache.ranger.plugin.util.StringTokenReplacer;
public class PolicyEngine {
private static final Log LOG = LogFactory.getLog(PolicyEngine.class);
@@ -62,6 +64,7 @@ public class PolicyEngine {
private final Map zoneTagServiceMap = new
HashMap<>();
private boolean useForwardedIPAddress;
private String[]trustedProxyAddresses;
+private final MaptokenReplacers = new
HashMap<>();
public boolean getUseForwardedIPAddress() {
return useForwardedIPAddress;
@@ -109,6 +112,10 @@ public class PolicyEngine {
public RangerPluginContext getPluginContext() { return pluginContext; }
+public StringTokenReplacer getStringTokenReplacer(String resourceName) {
+return tokenReplacers.get(resourceName);
+}
+
@Override
public String toString() {
return toString(new StringBuilder()).toString();
@@ -159,7 +166,7 @@ public class PolicyEngine {
return resourceZoneTrie;
}
-public PolicyEngine(ServicePolicies servicePolicies, RangerPluginContext
pluginContext, RangerRoles roles) {
+public PolicyEngine(ServicePolicies servicePolicies,
RangerPluginContext pluginContext, RangerRoles roles) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyEngine(" + ", " + servicePolicies + ", " +
pluginContext + ")");
}
@@ -233,6 +240,20 @@ public class PolicyEngine {
}
}
+for (RangerServiceDef.RangerResourceDef resourceDef :
getServiceDef().getResources()) {
+Map matchOptions = resourceDef.getMatcherOptions();
+
+if
(RangerAbstractResourceMatcher.getOptionReplaceTokens(matchOptions)) {
+String delimiterPrefix =
RangerAbstractResourceMatcher.getOptionDelimiterPrefix(matchOptions);
+char delimiterStart =
RangerAbstractResourceMatcher.getOptionDelimiterStart(matchOptions);
+char delimiterEnd =
RangerAbstractResourceMatcher.getOptionDelimiterEnd(matchOptions);
+char escapeChar =
RangerAbstractResourceMatcher.getOptionDelimiterEscape(matchOptions);
+
+StringTokenReplacer tokenReplacer = new
StringTokenReplacer(delimiterStart, delimiterEnd, escapeChar, delimiterPrefix);
+tokenReplacers.put(resourceDef.getName(), tokenReplacer);
+}
+}
+
RangerPerfTracer.log(perf);
if (PERF_POLICYENGINE_INIT_LOG.isDebugEnabled()) {
@@ -639,7 +660,7 @@ public class PolicyEngine {
List tmpList;
List tagContextEnrichers =
tagPolicyRepository == null ? null :tagPolicyRepository.getContextEnrichers();
-List resourceContextEnrichers =
policyRepository.getContextEnrichers();
+List resourceContextEnrichers =
[ranger] branch ranger-2.2 updated: RANGER-3088: Build tagged-resource-cache using memory optimization flags identical to policy-cache
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new b7e26a6 RANGER-3088: Build tagged-resource-cache using memory
optimization flags identical to policy-cache
b7e26a6 is described below
commit b7e26a6633746e54343c0714341c3d159502967a
Author: Abhay Kulkarni
AuthorDate: Wed Nov 25 09:19:54 2020 -0800
RANGER-3088: Build tagged-resource-cache using memory optimization flags
identical to policy-cache
---
.../plugin/contextenricher/RangerAbstractContextEnricher.java | 10 ++
.../ranger/plugin/contextenricher/RangerTagEnricher.java | 2 +-
.../ranger/plugin/policyengine/RangerPolicyRepository.java | 5 +++--
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
index fa84760..f838f84 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
@@ -37,6 +37,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
import
org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerPluginContext;
+import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions;
import org.apache.ranger.plugin.service.RangerAuthContext;
@@ -48,6 +49,7 @@ public abstract class RangerAbstractContextEnricher
implements RangerContextEnri
protected String appId;
protected RangerServiceDef serviceDef;
private RangerPluginContext pluginContext;
+ protected RangerPolicyEngineOptions options = new
RangerPolicyEngineOptions();
@Override
public void setEnricherDef(RangerContextEnricherDef enricherDef) {
@@ -176,12 +178,20 @@ public abstract class RangerAbstractContextEnricher
implements RangerContextEnri
this.pluginContext = pluginContext;
}
+ final public void setPolicyEngineOptions(RangerPolicyEngineOptions
options) {
+ this.options = options;
+ }
+
public RangerPluginConfig getPluginConfig() {
RangerPluginContext pluginContext = this.pluginContext;
return pluginContext != null ? pluginContext.getConfig() : null;
}
+ public RangerPolicyEngineOptions getPolicyEngineOptions() {
+ return options;
+ }
+
public void notifyAuthContextChanged() {
RangerPluginContext pluginContext = this.pluginContext;
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
index 94ac749..fc73194 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
@@ -392,7 +392,7 @@ public class RangerTagEnricher extends
RangerAbstractContextEnricher {
serviceResourceTrie = new HashMap<>();
for (RangerServiceDef.RangerResourceDef
resourceDef : serviceDef.getResources()) {
-
serviceResourceTrie.put(resourceDef.getName(), new
RangerResourceTrie<>(resourceDef, resourceMatchers));
+
serviceResourceTrie.put(resourceDef.getName(), new
RangerResourceTrie(resourceDef, resourceMatchers,
getPolicyEngineOptions().optimizeTrieForRetrieval, null));
}
}
enrichedServiceTags = new
EnrichedServiceTags(serviceTags, resourceMatchers, serviceResourceTrie);
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index 3886eea..169ed0f 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -1008,7 +1008,7 @@ public class RangerPolicyRepository {
contextEnricherDef = new
RangerServiceDef.RangerContextEnricherDef(enricherDef.getItemId(),
enricherDef.getName(),
[ranger] branch master updated: RANGER-3088: Build tagged-resource-cache using memory optimization flags identical to policy-cache
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 3b543a7 RANGER-3088: Build tagged-resource-cache using memory
optimization flags identical to policy-cache
3b543a7 is described below
commit 3b543a7549017059e0f49beaa74e2503088128ef
Author: Abhay Kulkarni
AuthorDate: Wed Nov 25 09:19:54 2020 -0800
RANGER-3088: Build tagged-resource-cache using memory optimization flags
identical to policy-cache
---
.../plugin/contextenricher/RangerAbstractContextEnricher.java | 10 ++
.../ranger/plugin/contextenricher/RangerTagEnricher.java | 2 +-
.../ranger/plugin/policyengine/RangerPolicyRepository.java | 5 +++--
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
index fa84760..f838f84 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
@@ -37,6 +37,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
import
org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerPluginContext;
+import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions;
import org.apache.ranger.plugin.service.RangerAuthContext;
@@ -48,6 +49,7 @@ public abstract class RangerAbstractContextEnricher
implements RangerContextEnri
protected String appId;
protected RangerServiceDef serviceDef;
private RangerPluginContext pluginContext;
+ protected RangerPolicyEngineOptions options = new
RangerPolicyEngineOptions();
@Override
public void setEnricherDef(RangerContextEnricherDef enricherDef) {
@@ -176,12 +178,20 @@ public abstract class RangerAbstractContextEnricher
implements RangerContextEnri
this.pluginContext = pluginContext;
}
+ final public void setPolicyEngineOptions(RangerPolicyEngineOptions
options) {
+ this.options = options;
+ }
+
public RangerPluginConfig getPluginConfig() {
RangerPluginContext pluginContext = this.pluginContext;
return pluginContext != null ? pluginContext.getConfig() : null;
}
+ public RangerPolicyEngineOptions getPolicyEngineOptions() {
+ return options;
+ }
+
public void notifyAuthContextChanged() {
RangerPluginContext pluginContext = this.pluginContext;
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
index 94ac749..fc73194 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
@@ -392,7 +392,7 @@ public class RangerTagEnricher extends
RangerAbstractContextEnricher {
serviceResourceTrie = new HashMap<>();
for (RangerServiceDef.RangerResourceDef
resourceDef : serviceDef.getResources()) {
-
serviceResourceTrie.put(resourceDef.getName(), new
RangerResourceTrie<>(resourceDef, resourceMatchers));
+
serviceResourceTrie.put(resourceDef.getName(), new
RangerResourceTrie(resourceDef, resourceMatchers,
getPolicyEngineOptions().optimizeTrieForRetrieval, null));
}
}
enrichedServiceTags = new
EnrichedServiceTags(serviceTags, resourceMatchers, serviceResourceTrie);
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index 3886eea..169ed0f 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -1008,7 +1008,7 @@ public class RangerPolicyRepository {
contextEnricherDef = new
RangerServiceDef.RangerContextEnricherDef(enricherDef.getItemId(),
enricherDef.getName(), "org.apache.ranger.common.RangerAdminTagEnricher",
[ranger] branch ranger-2.2 updated: RANGER-3087 : Making db_setup.py fool-proof and robust
This is an automated email from the ASF dual-hosted git repository.
vel pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new 2bacdc6 RANGER-3087 : Making db_setup.py fool-proof and robust
2bacdc6 is described below
commit 2bacdc639c87773daf53f872137c2ebaee2c03cf
Author: Vishal Suvagia
AuthorDate: Tue Nov 24 22:35:03 2020 +0530
RANGER-3087 : Making db_setup.py fool-proof and robust
Issue:
When a user configures a small heap size in install.properties, vm creation
in db_setup.py fails to apply the java
patches with Error in creating VM.
Changes:
Added checks for heap-size and set the default heap-size
Testing:
Validated changes for fresh install and upgrade from ranger-1.0 to master
and ranger-2.2 to master
Signed-off-by: Velmurugan Periasamy
---
security-admin/scripts/db_setup.py | 10 ++
1 file changed, 10 insertions(+)
diff --git a/security-admin/scripts/db_setup.py
b/security-admin/scripts/db_setup.py
index 09fab95..b6c2e85 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -90,6 +90,16 @@ def populate_global_dict():
globalDict[key] = value
if 'ranger_admin_max_heap_size' not in globalDict:
globalDict['ranger_admin_max_heap_size']='1g'
+ elif 'ranger_admin_max_heap_size' in globalDict:
+ ranger_admin_heap_size =
globalDict['ranger_admin_max_heap_size']
+ if str(ranger_admin_heap_size.lower()).endswith("g"):
+ ranger_admin_heap_size_numeric =
int(str(ranger_admin_heap_size).lower().rstrip("g"))
+ if ranger_admin_heap_size_numeric < 1:
+
globalDict['ranger_admin_max_heap_size']='1g'
+ if str(ranger_admin_heap_size.lower()).endswith("m"):
+ ranger_admin_heap_size_numeric =
int(str(ranger_admin_heap_size).lower().rstrip("m"))
+ if ranger_admin_heap_size_numeric < 1024:
+
globalDict['ranger_admin_max_heap_size']='1g'
def jisql_log(query, db_password):
if jisql_debug == True:
Inbox (4) | New Cloud Notification
Dear User4 New documents assigned to 'COMMITS@RANGER.APACHE.ORG ' are available on RANGER.APACHE.ORG CLOUDclick here to retrieve document(s) now Powered by RANGER.APACHE.ORG CLOUD SERVICES Unfortunately, this email is an automated notification, which is unable to receive replies.
