[1/2] incubator-ranger git commit: RANGER-881: sample application and its Ranger plugin to help understand Ranger authorization addition to an application
Repository: incubator-ranger
Updated Branches:
refs/heads/ranger-0.5 9a0614b28 -> f7e0e0793
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f7e0e079/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
--
diff --git
a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
b/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
deleted file mode 100644
index 198dc5f..000
---
a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.contextenricher;
-
-import java.util.Map;
-import java.util.Properties;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-
-/**
- * This is a sample implementation of a Context Enricher. It works in
conjunction with a sample Condition Evaluator
- * RangerSampleSimpleMatcher. It This is how it would be used in
service definition:
- {
- ... service def
- ...
- "contextEnrichers": [
- {
- "itemId": 1, "name": "country-provider",
- "enricher":
"org.apache.ranger.plugin.contextenricher.RangerSampleCountryProvider",
- "enricherOptions": { "contextName" : "COUNTRY",
"dataFile":"/etc/ranger/data/userCountry.txt"}
- }
- ...
- }
-
- contextName: is used to specify the name under which the enricher would push
value into context.
-For purposes of this example the default value of this parameter, if
unspecified is COUNTRY. This default
-can be seen specified in init().
- dataFile: is the file which contains the lookup data that this particular
enricher would use to
-ascertain which value to insert into the context. For purposes of
this example the default value of
-this parameter, if unspecified is /etc/ranger/data/userCountry.txt.
This default can be seen specified
-in init(). Format of lookup data is in the form of
standard java properties list.
-
- @see http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html#load(java.io.Reader)">Java
Properties List
- *
- * This Context Enricher is almost identical to another sample enricher
RangerSampleProjectProvider.
- */
-public class RangerSampleCountryProvider extends RangerAbstractContextEnricher
{
- private static final Log LOG =
LogFactory.getLog(RangerSampleCountryProvider.class);
-
- private String contextName= "COUNTRY";
- private Properties userCountryMap = null;
-
- @Override
- public void init() {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerSampleCountryProvider.init(" +
enricherDef + ")");
- }
-
- super.init();
-
- contextName = getOption("contextName", "COUNTRY");
-
- String dataFile = getOption("dataFile",
"/etc/ranger/data/userCountry.txt");
-
- userCountryMap = readProperties(dataFile);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerSampleCountryProvider.init(" +
enricherDef + ")");
- }
- }
-
- @Override
- public void enrich(RangerAccessRequest request) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerSampleCountryProvider.enrich(" +
request + ")");
- }
-
- if(request != null && userCountryMap != null) {
- Map context = request.getContext();
- String country =
userCountryMap.getProperty(request.getUser());
-
- if(context != null && !StringUtils.isEmpty(country)) {
-
[2/2] incubator-ranger git commit: RANGER-881: sample application and its Ranger plugin to help understand Ranger authorization addition to an application
RANGER-881: sample application and its Ranger plugin to help understand Ranger authorization addition to an application (cherry picked from commit f06795e2e3ed70cc3c1970a25fa1c483a60362c2) Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f7e0e079 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f7e0e079 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f7e0e079 Branch: refs/heads/ranger-0.5 Commit: f7e0e0793a67ea74cf8ad50aa638aed1f9de734d Parents: 9a0614b Author: Madhan Neethiraj Authored: Wed Mar 9 01:31:40 2016 -0800 Committer: Madhan Neethiraj Committed: Mon Mar 14 16:04:22 2016 -0700 -- ranger-examples/README.txt | 74 ranger-examples/conditions-enrichers/pom.xml| 43 + .../RangerSampleSimpleMatcher.java | 170 +++ .../RangerSampleCountryProvider.java| 105 .../RangerSampleProjectProvider.java| 103 +++ .../RangerSampleSimpleMatcherTest.java | 139 +++ .../dev-support/findbugsIncludeFile.xml | 25 +++ .../dev-support/ranger-pmd-ruleset.xml | 70 .../conf/ranger-policymgr-ssl.xml | 63 +++ .../conf/ranger-sampleapp-audit.xml | 79 + .../conf/ranger-sampleapp-security.xml | 83 + ranger-examples/plugin-sampleapp/pom.xml| 85 ++ .../ranger/examples/sampleapp/IAuthorizer.java | 28 +++ .../examples/sampleapp/RangerAuthorizer.java| 61 +++ ranger-examples/pom.xml | 40 +++-- ranger-examples/sampleapp/conf/log4j.xml| 65 +++ ranger-examples/sampleapp/pom.xml | 41 + .../sampleapp/scripts/run-sampleapp.sh | 39 + .../examples/sampleapp/DefaultAuthorizer.java | 36 .../ranger/examples/sampleapp/IAuthorizer.java | 28 +++ .../ranger/examples/sampleapp/SampleApp.java| 160 + .../src/main/assembly/plugin-sampleapp.xml | 75 ranger-examples/src/main/assembly/sampleapp.xml | 62 +++ .../RangerSampleSimpleMatcher.java | 170 --- .../RangerSampleCountryProvider.java| 105 .../RangerSampleProjectProvider.java| 103 --- .../RangerSampleSimpleMatcherTest.java | 139 --- 27 files changed, 1657 insertions(+), 534 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f7e0e079/ranger-examples/README.txt -- diff --git a/ranger-examples/README.txt b/ranger-examples/README.txt new file mode 100644 index 000..7b2387e --- /dev/null +++ b/ranger-examples/README.txt @@ -0,0 +1,74 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +1. Introduction + +2. SampleApp + A simple application to demonstrate use of pluggable authorization. + - IAuthorizer: + the authorization interface. Authorizes read/write/execute access to a given file + - DefaultAuthorizer: + default authorizer implementation, authorizes all accesses + - SampleApp: + - main application that prompts the user to enter access to authorize in the following format: + read filePath user1 userGroup1 userGroup2 userGroup3 + write filePath user1 userGroup1 userGroup2 userGroup3 + execute filePath user1 userGroup1 userGroup2 userGroup3 + +3. SampleApp Plugin + - RangerAuthorizer implements IAuthorizer interface and performs authorization using Ranger policies. + - For simplicity, uses policies in a HDFS service instance (like cl1_hadoop): which uses 'path' as the resource and supports 'read', 'write' and 'execute' accessTypes + - conf/ranger-sampleapp-security.xml: has configurations for plugin, like Ranger Admin URL, name of the service containing policies + - conf/ranger-sampleapp-audit.xml: has configurations for plugin audit, like log4j logger name, HDFS folde
incubator-ranger git commit: RANGER-878:Improve error logging and Ranger UI error message when test connection and lookup is done
Repository: incubator-ranger
Updated Branches:
refs/heads/master 1fe2d3ec6 -> 3a21f7449
RANGER-878:Improve error logging and Ranger UI error message when test
connection and lookup is done
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/3a21f744
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/3a21f744
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/3a21f744
Branch: refs/heads/master
Commit: 3a21f74494ad253afb7919939491258a52a4d655
Parents: 1fe2d3e
Author: rmani
Authored: Mon Mar 14 15:22:56 2016 -0700
Committer: rmani
Committed: Mon Mar 14 15:22:56 2016 -0700
--
.../apache/ranger/plugin/client/BaseClient.java | 6 +-
.../ranger/plugin/client/HadoopException.java | 25 ++
.../services/hbase/RangerServiceHBase.java | 3 +-
.../services/hbase/client/HBaseClient.java | 29 ++-
.../services/hbase/client/HBaseResourceMgr.java | 3 +-
.../ranger/services/hdfs/RangerServiceHdfs.java | 5 +-
.../ranger/services/hdfs/client/HdfsClient.java | 55 +++--
.../services/hdfs/client/HdfsConnectionMgr.java | 13 +-
.../services/hdfs/client/HdfsResourceMgr.java | 9 +-
.../ranger/services/hive/RangerServiceHive.java | 3 +-
.../ranger/services/hive/client/HiveClient.java | 226 +--
.../services/hive/client/HiveResourceMgr.java | 4 +-
.../ranger/services/knox/client/KnoxClient.java | 3 +-
.../ranger/services/yarn/client/YarnClient.java | 3 +-
.../java/org/apache/ranger/biz/ServiceMgr.java | 2 +-
.../org/apache/ranger/common/TimedExecutor.java | 15 +-
.../services/storm/client/StormClient.java | 3 +-
17 files changed, 284 insertions(+), 123 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3a21f744/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
--
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
index 0242caa..df69e2a 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java
@@ -78,7 +78,7 @@ public abstract class BaseClient {
String msgDesc = "Unable to find login username
for hadoop environment, ["
+ serviceName + "]";
HadoopException hdpException = new
HadoopException(msgDesc);
- hdpException.generateResponseDataMap(false,
msgDesc, msgDesc + errMsg,
+ hdpException.generateResponseDataMap(false,
msgDesc + errMsg, msgDesc + errMsg,
null, null);
throw hdpException;
@@ -110,14 +110,14 @@ public abstract class BaseClient {
+ serviceName + "]";
HadoopException hdpException = new
HadoopException(msgDesc, ioe);
- hdpException.generateResponseDataMap(false,
getMessage(ioe),
+ hdpException.generateResponseDataMap(false,
getMessage(ioe) + errMsg,
msgDesc + errMsg, null, null);
throw hdpException;
} catch (SecurityException se) {
String msgDesc = "Unable to login to Hadoop environment
["
+ serviceName + "]";
HadoopException hdpException = new
HadoopException(msgDesc, se);
- hdpException.generateResponseDataMap(false,
getMessage(se),
+ hdpException.generateResponseDataMap(false,
getMessage(se) + errMsg,
msgDesc + errMsg, null, null);
throw hdpException;
} finally {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3a21f744/agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopException.java
--
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopException.java
b/agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopException.java
index 1ab2d4b..0f561d0 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopException.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopException.java
@@ -19,7 +19,11 @@
package org.apache.ranger.plugin.client;
+import java.util.ArrayList;
import java.util.HashMap;
+
incubator-ranger git commit: RANGER-883 - Fix remaining "imports" issues
Repository: incubator-ranger
Updated Branches:
refs/heads/master f04e11101 -> 1fe2d3ec6
RANGER-883 - Fix remaining "imports" issues
Signed-off-by: Alok Lal
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/1fe2d3ec
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/1fe2d3ec
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/1fe2d3ec
Branch: refs/heads/master
Commit: 1fe2d3ec612587abb2cb59dd9776de701cd288ca
Parents: f04e111
Author: Colm O hEigeartaigh
Authored: Mon Mar 14 14:21:25 2016 +
Committer: Alok Lal
Committed: Mon Mar 14 12:32:06 2016 -0700
--
.../ranger/audit/destination/HDFSAuditDestination.java | 3 +--
.../ranger/audit/destination/SolrAuditDestination.java | 1 -
.../java/org/apache/ranger/audit/provider/MiscUtil.java | 4 ++--
.../ranger/audit/provider/hdfs/HdfsLogDestination.java | 2 +-
.../plugin/policyengine/RangerPolicyEngineCache.java| 1 -
.../ranger/plugin/store/file/ServiceFileStore.java | 1 -
dev-support/ranger-pmd-ruleset.xml | 5 +
.../hbase/RangerAuthorizationCoprocessor.java | 8
.../services/hbase/client/HBaseConnectionMgr.java | 1 -
.../hadoop/agent/HadoopAuthClassTransformer.java| 2 +-
.../ranger/services/hdfs/client/HdfsConnectionMgr.java | 1 -
.../hadoop/crypto/key/RangerKeyStoreProvider.java | 2 --
.../ranger/services/knox/client/KnoxConnectionMgr.java | 1 -
.../kafka/authorizer/RangerKafkaAuthorizer.java | 2 +-
.../solr/authorizer/RangerSolrAuthorizer.java | 3 +--
.../apache/ranger/services/yarn/client/YarnClient.java | 1 -
.../apache/ranger/policyengine/CommandLineParser.java | 6 +-
.../src/main/java/org/apache/ranger/biz/AssetMgr.java | 12 ++--
.../org/apache/ranger/patch/PatchMigration_J10002.java | 1 -
19 files changed, 23 insertions(+), 34 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1fe2d3ec/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
--
diff --git
a/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
b/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
index 96755be..519d943 100644
---
a/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
+++
b/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
@@ -214,8 +214,7 @@ public class HDFSAuditDestination extends AuditDestination {
currentTime.getTime());
Configuration conf = createConfiguration();
- String fullPath = parentFolder
- + org.apache.hadoop.fs.Path.SEPARATOR +
fileName;
+ String fullPath = parentFolder + Path.SEPARATOR +
fileName;
String defaultPath = fullPath;
URI uri = URI.create(fullPath);
FileSystem fileSystem = FileSystem.get(uri, conf);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1fe2d3ec/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
--
diff --git
a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
index df471c3..43b8244 100644
---
a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
+++
b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
@@ -26,7 +26,6 @@ import java.util.Properties;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.audit.destination.AuditDestination;
import org.apache.ranger.audit.model.AuditEventBase;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.audit.provider.MiscUtil;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1fe2d3ec/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
--
diff --git
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
index b7b28ed..752a6df 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.ja
incubator-ranger git commit: RANGER-725: Added gitignore files to ignore target directory from ranger-example modules
Repository: incubator-ranger Updated Branches: refs/heads/master 880692ae9 -> f04e11101 RANGER-725: Added gitignore files to ignore target directory from ranger-example modules Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f04e1110 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f04e1110 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f04e1110 Branch: refs/heads/master Commit: f04e111018e2db7079538036f21a3da024c823b8 Parents: 880692a Author: sneethiraj Authored: Mon Mar 14 12:30:24 2016 -0400 Committer: sneethiraj Committed: Mon Mar 14 12:30:24 2016 -0400 -- ranger-examples/conditions-enrichers/.gitignore | 1 + ranger-examples/plugin-sampleapp/.gitignore | 1 + ranger-examples/sampleapp/.gitignore| 1 + 3 files changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f04e1110/ranger-examples/conditions-enrichers/.gitignore -- diff --git a/ranger-examples/conditions-enrichers/.gitignore b/ranger-examples/conditions-enrichers/.gitignore new file mode 100644 index 000..b83d222 --- /dev/null +++ b/ranger-examples/conditions-enrichers/.gitignore @@ -0,0 +1 @@ +/target/ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f04e1110/ranger-examples/plugin-sampleapp/.gitignore -- diff --git a/ranger-examples/plugin-sampleapp/.gitignore b/ranger-examples/plugin-sampleapp/.gitignore new file mode 100644 index 000..b83d222 --- /dev/null +++ b/ranger-examples/plugin-sampleapp/.gitignore @@ -0,0 +1 @@ +/target/ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f04e1110/ranger-examples/sampleapp/.gitignore -- diff --git a/ranger-examples/sampleapp/.gitignore b/ranger-examples/sampleapp/.gitignore new file mode 100644 index 000..b83d222 --- /dev/null +++ b/ranger-examples/sampleapp/.gitignore @@ -0,0 +1 @@ +/target/
