[ranger] branch master updated: RANGER-4070: Provide mechanism to manage potentially multiple enrichment of an access request
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new df0a778cb RANGER-4070: Provide mechanism to manage potentially
multiple enrichment of an access request
df0a778cb is described below
commit df0a778cb7d14e896c7cc88a4b720645d89668c5
Author: Abhay Kulkarni
AuthorDate: Sat Feb 4 22:09:42 2023 -0800
RANGER-4070: Provide mechanism to manage potentially multiple enrichment of
an access request
---
.../plugin/service/RangerDefaultRequestProcessor.java | 5 +
.../ranger/plugin/util/RangerAccessRequestUtil.java | 19 ---
2 files changed, 21 insertions(+), 3 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerDefaultRequestProcessor.java
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerDefaultRequestProcessor.java
index 636d09038..80d27e8e8 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerDefaultRequestProcessor.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerDefaultRequestProcessor.java
@@ -48,6 +48,11 @@ public class RangerDefaultRequestProcessor implements
RangerAccessRequestProcess
@Override
public void preProcess(RangerAccessRequest request) {
+if
(RangerAccessRequestUtil.getIsRequestPreprocessed(request.getContext())) {
+return;
+}
+RangerAccessRequestUtil.setIsRequestPreprocessed(request.getContext(),
Boolean.TRUE);
+
setResourceServiceDef(request);
RangerAccessRequestImpl reqImpl = null;
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
index 05d9a6007..0ebb9cba5 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
@@ -47,6 +47,7 @@ public class RangerAccessRequestUtil {
public static final String KEY_CONTEXT_ACCESSTYPES = "ACCESSTYPES";
public static final String KEY_CONTEXT_IS_ANY_ACCESS = "ISANYACCESS";
public static final String KEY_CONTEXT_REQUEST = "_REQUEST";
+ public static final String KEY_CONTEXT_IS_REQUEST_PREPROCESSED =
"ISREQUESTPREPROCESSED";
public static void setRequestTagsInContext(Map context,
Set tags) {
if(CollectionUtils.isEmpty(tags)) {
@@ -131,6 +132,9 @@ public class RangerAccessRequestUtil {
ret.remove(KEY_CONTEXT_TAG_OBJECT);
ret.remove(KEY_CONTEXT_RESOURCE);
ret.remove(KEY_CONTEXT_REQUEST);
+ ret.remove(KEY_CONTEXT_ACCESSTYPES);
+ ret.remove(KEY_CONTEXT_IS_ANY_ACCESS);
+ ret.remove(KEY_CONTEXT_IS_REQUEST_PREPROCESSED);
// don't remove REQUESTED_RESOURCES
}
@@ -198,9 +202,18 @@ public class RangerAccessRequestUtil {
context.put(KEY_CONTEXT_IS_ANY_ACCESS, value);
}
- public static Boolean getIsAnyAccessInContext(Map
context) {
- Boolean ret = (Boolean)context.get(KEY_CONTEXT_IS_ANY_ACCESS);
- return ret == null ? Boolean.FALSE : ret;
+ public static boolean getIsAnyAccessInContext(Map
context) {
+ Boolean value = (Boolean)context.get(KEY_CONTEXT_IS_ANY_ACCESS);
+ return value != null && value;
+ }
+
+ public static void setIsRequestPreprocessed(Map
context, Boolean value) {
+ context.put(KEY_CONTEXT_IS_REQUEST_PREPROCESSED, value);
+ }
+
+ public static boolean getIsRequestPreprocessed(Map
context) {
+ Boolean value =
(Boolean)context.get(KEY_CONTEXT_IS_REQUEST_PREPROCESSED);
+ return value != null && value;
}
public static void setAllRequestedAccessTypes(Map
context, Set accessTypes) {
[ranger] branch master updated: RANGER-4057: updated resetCache() APIs to handle invalid service-name with status code 400
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 380ca0bd0 RANGER-4057: updated resetCache() APIs to handle invalid
service-name with status code 400
380ca0bd0 is described below
commit 380ca0bd03a181a1b2b750f27bd1446724ab70f0
Author: Ramachandran Krishnan
AuthorDate: Tue Jan 24 11:12:33 2023 +0530
RANGER-4057: updated resetCache() APIs to handle invalid service-name with
status code 400
Signed-off-by: Madhan Neethiraj
---
.../java/org/apache/ranger/rest/ServiceREST.java | 12 -
.../main/java/org/apache/ranger/rest/TagREST.java | 12 -
.../org/apache/ranger/rest/TestServiceREST.java| 57 +-
.../java/org/apache/ranger/rest/TestTagREST.java | 46 +
4 files changed, 124 insertions(+), 3 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index ec02f47f7..e02b0ea42 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -2004,13 +2004,23 @@ public class ServiceREST {
throw restErrorUtil.createRESTException("Required parameter
[serviceName] is missing.", MessageEnums.INVALID_INPUT_DATA);
}
+ RangerService rangerService = null;
+ try {
+ rangerService = svcStore.getServiceByName(serviceName);
+ } catch (Exception e) {
+ LOG.error( HttpServletResponse.SC_BAD_REQUEST + "No
Service Found for ServiceName:" + serviceName );
+ }
+
+ if (rangerService == null) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Invalid
service name", true);
+ }
+
// check for ADMIN access
if (!bizUtil.isAdmin()) {
boolean isServiceAdmin = false;
String loggedInUser = bizUtil.getCurrentUserLoginId();
try {
-RangerService rangerService =
svcStore.getServiceByName(serviceName);
isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService,
loggedInUser);
} catch (Exception e) {
LOG.warn("Failed to find if user [" + loggedInUser + "] has
service admin privileges on service [" + serviceName + "]", e);
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
index 443188f9a..6d0019f70 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
@@ -623,13 +623,23 @@ public class TagREST {
throw restErrorUtil.createRESTException("Required parameter
[serviceName] is missing.", MessageEnums.INVALID_INPUT_DATA);
}
+RangerService rangerService = null;
+try {
+rangerService = svcStore.getServiceByName(serviceName);
+} catch (Exception e) {
+LOG.error( HttpServletResponse.SC_BAD_REQUEST + "No Service Found
for ServiceName:" + serviceName );
+}
+
+if (rangerService == null) {
+throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Invalid
service name", true);
+}
+
// check for ADMIN access
if (!bizUtil.isAdmin()) {
boolean isServiceAdmin = false;
String loggedInUser = bizUtil.getCurrentUserLoginId();
try {
-RangerService rangerService =
svcStore.getServiceByName(serviceName);
isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService,
loggedInUser);
} catch (Exception e) {
LOG.warn("Failed to find if user [" + loggedInUser + "] has
service admin privileges on service [" + serviceName + "]", e);
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index 8fdcc43c8..5e3b1908d 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -2311,13 +2311,22 @@ public class TestServiceREST {
}
@Test
- public void test67ResetPolicyCache(){
+ public void test67ResetPolicyCacheForAdmin(){
boolean res = true;
String serviceName = "HDFS_1";
Mockito.when(bizUtil.isAdmin()).thenReturn(true);
+ RangerService rangerService = rangerService();
+ try {
+
Mockito.when(svcStore.getService
[ranger] branch ranger-2.4 updated: RANGER-4055: updated to require user's firstName to be non-empty
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 24e743b1d RANGER-4055: updated to require user's firstName to be
non-empty
24e743b1d is described below
commit 24e743b1d659224f6700c331500c4f894f5c7f4d
Author: Ramachandran Krishnan
AuthorDate: Fri Feb 3 17:06:28 2023 +0530
RANGER-4055: updated to require user's firstName to be non-empty
Signed-off-by: Madhan Neethiraj
(cherry picked from commit 08c4cf37639109e44b12b969ae13d36dcd29ff85)
---
.../main/java/org/apache/ranger/biz/XUserMgr.java | 22
.../java/org/apache/ranger/biz/TestXUserMgr.java | 59 ++
2 files changed, 72 insertions(+), 9 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index c5a697995..2955bd513 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -193,6 +193,7 @@ public class XUserMgr extends XUserMgrBase {
xaBizUtil.blockAuditorRoleUser();
validatePassword(vXUser);
String userName = vXUser.getName();
+ String firstName = vXUser.getFirstName();
if (userName == null || "null".equalsIgnoreCase(userName)
|| userName.trim().isEmpty()) {
throw restErrorUtil.createRESTException(
@@ -200,6 +201,13 @@ public class XUserMgr extends XUserMgrBase {
MessageEnums.INVALID_INPUT_DATA);
}
+ if (firstName == null || "null".equalsIgnoreCase(firstName)
+ || firstName.trim().isEmpty()) {
+ throw restErrorUtil.createRESTException(
+ "Please provide a valid first name.",
+ MessageEnums.INVALID_INPUT_DATA);
+ }
+
if (vXUser.getDescription() == null) {
vXUser.setDescription(vXUser.getName());
}
@@ -386,6 +394,12 @@ public class XUserMgr extends XUserMgrBase {
throw restErrorUtil.createRESTException("Please provide
a valid "
+ "username.",
MessageEnums.INVALID_INPUT_DATA);
}
+ String firstName = vXUser.getFirstName();
+ if (firstName == null || "null".equalsIgnoreCase(firstName)
+ || firstName.trim().isEmpty()) {
+ throw restErrorUtil.createRESTException("Please provide
a valid first name.", MessageEnums.INVALID_INPUT_DATA);
+ }
+
checkAccess(vXUser.getName());
xaBizUtil.blockAuditorRoleUser();
VXPortalUser oldUserProfile =
userMgr.getUserProfileByLoginId(vXUser
@@ -2606,6 +2620,14 @@ public class XUserMgr extends XUserMgrBase {
logger.warn("Ignoring invalid username " +
vXUser==null? null : vXUser.getName());
continue;
}
+
+ String firstName = vXUser.getFirstName();
+ if (firstName == null ||
"null".equalsIgnoreCase(firstName)
+ || firstName.trim().isEmpty()) {
+ logger.warn("Ignoring invalid first name " +
vXUser == null ? null : vXUser.getFirstName());
+ continue;
+ }
+
checkAccess(vXUser.getName());
TransactionTemplate txTemplate = new
TransactionTemplate(txManager);
txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
diff --git
a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index 4c1e2e797..027c3b103 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -663,8 +663,7 @@ public class TestXUserMgr {
vxUser.setName(null);
Mockito.when(restErrorUtil.createRESTException("Please provide
a valid username.",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new
WebApplicationException());
thrown.expect(WebApplicationException.class);
- VXUser vXUser=xUserMgr.createXUser(vxUser);
- Assert.assertNull(vXUser);
+ xUserMgr.createXUser(vxUser);
}
@Test
@@ -681,8 +680,33 @@ public class TestXUserMgr {
xUserMgr.createXUser(vxUser);
}
+
[ranger] branch master updated: RANGER-4055: updated to require user's firstName to be non-empty
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 08c4cf376 RANGER-4055: updated to require user's firstName to be
non-empty
08c4cf376 is described below
commit 08c4cf37639109e44b12b969ae13d36dcd29ff85
Author: Ramachandran Krishnan
AuthorDate: Fri Feb 3 17:06:28 2023 +0530
RANGER-4055: updated to require user's firstName to be non-empty
Signed-off-by: Madhan Neethiraj
---
.../main/java/org/apache/ranger/biz/XUserMgr.java | 22
.../java/org/apache/ranger/biz/TestXUserMgr.java | 59 ++
2 files changed, 72 insertions(+), 9 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 0a03da567..bbbf90c52 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -193,6 +193,7 @@ public class XUserMgr extends XUserMgrBase {
xaBizUtil.blockAuditorRoleUser();
validatePassword(vXUser);
String userName = vXUser.getName();
+ String firstName = vXUser.getFirstName();
if (userName == null || "null".equalsIgnoreCase(userName)
|| userName.trim().isEmpty()) {
throw restErrorUtil.createRESTException(
@@ -200,6 +201,13 @@ public class XUserMgr extends XUserMgrBase {
MessageEnums.INVALID_INPUT_DATA);
}
+ if (firstName == null || "null".equalsIgnoreCase(firstName)
+ || firstName.trim().isEmpty()) {
+ throw restErrorUtil.createRESTException(
+ "Please provide a valid first name.",
+ MessageEnums.INVALID_INPUT_DATA);
+ }
+
if (vXUser.getDescription() == null) {
vXUser.setDescription(vXUser.getName());
}
@@ -386,6 +394,12 @@ public class XUserMgr extends XUserMgrBase {
throw restErrorUtil.createRESTException("Please provide
a valid "
+ "username.",
MessageEnums.INVALID_INPUT_DATA);
}
+ String firstName = vXUser.getFirstName();
+ if (firstName == null || "null".equalsIgnoreCase(firstName)
+ || firstName.trim().isEmpty()) {
+ throw restErrorUtil.createRESTException("Please provide
a valid first name.", MessageEnums.INVALID_INPUT_DATA);
+ }
+
checkAccess(vXUser.getName());
xaBizUtil.blockAuditorRoleUser();
VXPortalUser oldUserProfile =
userMgr.getUserProfileByLoginId(vXUser
@@ -2626,6 +2640,14 @@ public class XUserMgr extends XUserMgrBase {
logger.warn("Ignoring invalid username " +
vXUser==null? null : vXUser.getName());
continue;
}
+
+ String firstName = vXUser.getFirstName();
+ if (firstName == null ||
"null".equalsIgnoreCase(firstName)
+ || firstName.trim().isEmpty()) {
+ logger.warn("Ignoring invalid first name " +
vXUser == null ? null : vXUser.getFirstName());
+ continue;
+ }
+
checkAccess(vXUser.getName());
TransactionTemplate txTemplate = new
TransactionTemplate(txManager);
txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
diff --git
a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index 871857bbf..528f4e511 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -663,8 +663,7 @@ public class TestXUserMgr {
vxUser.setName(null);
Mockito.when(restErrorUtil.createRESTException("Please provide
a valid username.",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new
WebApplicationException());
thrown.expect(WebApplicationException.class);
- VXUser vXUser=xUserMgr.createXUser(vxUser);
- Assert.assertNull(vXUser);
+ xUserMgr.createXUser(vxUser);
}
@Test
@@ -681,8 +680,33 @@ public class TestXUserMgr {
xUserMgr.createXUser(vxUser);
}
+ @Test
+ public void testCreateXUser_WithBlankFirstName() {
+
[ranger] branch master updated: RANGER-4069: Add performance tracing instrumentation to Tag Enricher
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new f9bfc90fb RANGER-4069: Add performance tracing instrumentation to Tag
Enricher
f9bfc90fb is described below
commit f9bfc90fb53f06a752f4190e20be337ed70ec657
Author: Abhay Kulkarni
AuthorDate: Sat Feb 4 11:25:16 2023 -0800
RANGER-4069: Add performance tracing instrumentation to Tag Enricher
---
.../apache/ranger/plugin/contextenricher/RangerTagEnricher.java | 9 +
1 file changed, 9 insertions(+)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
index da06e4161..bbea4cec6 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
@@ -75,6 +75,7 @@ public class RangerTagEnricher extends
RangerAbstractContextEnricher {
private static final Logger PERF_CONTEXTENRICHER_INIT_LOG =
RangerPerfTracer.getPerfLogger("contextenricher.init");
private static final Logger PERF_TRIE_OP_LOG =
RangerPerfTracer.getPerfLogger("resourcetrie.retrieval");
private static final Logger PERF_SET_SERVICETAGS_LOG =
RangerPerfTracer.getPerfLogger("tagenricher.setservicetags");
+ private static final Logger PERF_SERVICETAGS_RETRIEVAL_LOG =
RangerPerfTracer.getPerfLogger("tagenricher.tags.retrieval");
private static final String TAG_REFRESHER_POLLINGINTERVAL_OPTION =
"tagRefresherPollingInterval";
@@ -665,6 +666,12 @@ public class RangerTagEnricher extends
RangerAbstractContextEnricher {
RangerAccessResource resource = request.getResource();
+ RangerPerfTracer perf = null;
+
+ if
(RangerPerfTracer.isPerfTraceEnabled(PERF_SERVICETAGS_RETRIEVAL_LOG)) {
+ perf =
RangerPerfTracer.getPerfTracer(PERF_SERVICETAGS_RETRIEVAL_LOG,
"RangerTagEnricher.findMatchingTags=" + resource.getAsString() + ")");
+ }
+
if ((resource == null || resource.getKeys() == null ||
resource.getKeys().isEmpty()) && request.isAccessTypeAny()) {
ret =
enrichedServiceTags.getTagsForEmptyResourceAndAnyAccess();
} else {
@@ -698,6 +705,8 @@ public class RangerTagEnricher extends
RangerAbstractContextEnricher {
}
}
+ RangerPerfTracer.logAlways(perf);
+
if (CollectionUtils.isEmpty(ret)) {
if (LOG.isDebugEnabled()) {
LOG.debug("RangerTagEnricher.findMatchingTags("
+ resource + ") - No tags Found ");
