[1/2] incubator-ranger git commit: RANGER-881: sample application and its Ranger plugin to help understand Ranger authorization addition to an application
Repository: incubator-ranger Updated Branches: refs/heads/ranger-0.5 9a0614b28 -> f7e0e0793 http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f7e0e079/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java -- diff --git a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java b/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java deleted file mode 100644 index 198dc5f..000 --- a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.contextenricher; - -import java.util.Map; -import java.util.Properties; - -import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.policyengine.RangerAccessRequest; - -/** - * This is a sample implementation of a Context Enricher. It works in conjunction with a sample Condition Evaluator - * RangerSampleSimpleMatcher. It This is how it would be used in service definition: - { - ... service def - ... - "contextEnrichers": [ - { - "itemId": 1, "name": "country-provider", - "enricher": "org.apache.ranger.plugin.contextenricher.RangerSampleCountryProvider", - "enricherOptions": { "contextName" : "COUNTRY", "dataFile":"/etc/ranger/data/userCountry.txt"} - } - ... - } - - contextName: is used to specify the name under which the enricher would push value into context. -For purposes of this example the default value of this parameter, if unspecified is COUNTRY. This default -can be seen specified in init(). - dataFile: is the file which contains the lookup data that this particular enricher would use to -ascertain which value to insert into the context. For purposes of this example the default value of -this parameter, if unspecified is /etc/ranger/data/userCountry.txt. This default can be seen specified -in init(). Format of lookup data is in the form of standard java properties list. - - @see http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html#load(java.io.Reader)">Java Properties List - * - * This Context Enricher is almost identical to another sample enricher RangerSampleProjectProvider. - */ -public class RangerSampleCountryProvider extends RangerAbstractContextEnricher { - private static final Log LOG = LogFactory.getLog(RangerSampleCountryProvider.class); - - private String contextName= "COUNTRY"; - private Properties userCountryMap = null; - - @Override - public void init() { - if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerSampleCountryProvider.init(" + enricherDef + ")"); - } - - super.init(); - - contextName = getOption("contextName", "COUNTRY"); - - String dataFile = getOption("dataFile", "/etc/ranger/data/userCountry.txt"); - - userCountryMap = readProperties(dataFile); - - if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerSampleCountryProvider.init(" + enricherDef + ")"); - } - } - - @Override - public void enrich(RangerAccessRequest request) { - if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerSampleCountryProvider.enrich(" + request + ")"); - } - - if(request != null && userCountryMap != null) { - Map context = request.getContext(); - String country = userCountryMap.getProperty(request.getUser()); - - if(context != null && !StringUtils.isEmpty(country)) { -
[2/2] incubator-ranger git commit: RANGER-881: sample application and its Ranger plugin to help understand Ranger authorization addition to an application
RANGER-881: sample application and its Ranger plugin to help understand Ranger authorization addition to an application (cherry picked from commit f06795e2e3ed70cc3c1970a25fa1c483a60362c2) Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f7e0e079 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f7e0e079 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f7e0e079 Branch: refs/heads/ranger-0.5 Commit: f7e0e0793a67ea74cf8ad50aa638aed1f9de734d Parents: 9a0614b Author: Madhan Neethiraj Authored: Wed Mar 9 01:31:40 2016 -0800 Committer: Madhan Neethiraj Committed: Mon Mar 14 16:04:22 2016 -0700 -- ranger-examples/README.txt | 74 ranger-examples/conditions-enrichers/pom.xml| 43 + .../RangerSampleSimpleMatcher.java | 170 +++ .../RangerSampleCountryProvider.java| 105 .../RangerSampleProjectProvider.java| 103 +++ .../RangerSampleSimpleMatcherTest.java | 139 +++ .../dev-support/findbugsIncludeFile.xml | 25 +++ .../dev-support/ranger-pmd-ruleset.xml | 70 .../conf/ranger-policymgr-ssl.xml | 63 +++ .../conf/ranger-sampleapp-audit.xml | 79 + .../conf/ranger-sampleapp-security.xml | 83 + ranger-examples/plugin-sampleapp/pom.xml| 85 ++ .../ranger/examples/sampleapp/IAuthorizer.java | 28 +++ .../examples/sampleapp/RangerAuthorizer.java| 61 +++ ranger-examples/pom.xml | 40 +++-- ranger-examples/sampleapp/conf/log4j.xml| 65 +++ ranger-examples/sampleapp/pom.xml | 41 + .../sampleapp/scripts/run-sampleapp.sh | 39 + .../examples/sampleapp/DefaultAuthorizer.java | 36 .../ranger/examples/sampleapp/IAuthorizer.java | 28 +++ .../ranger/examples/sampleapp/SampleApp.java| 160 + .../src/main/assembly/plugin-sampleapp.xml | 75 ranger-examples/src/main/assembly/sampleapp.xml | 62 +++ .../RangerSampleSimpleMatcher.java | 170 --- .../RangerSampleCountryProvider.java| 105 .../RangerSampleProjectProvider.java| 103 --- .../RangerSampleSimpleMatcherTest.java | 139 --- 27 files changed, 1657 insertions(+), 534 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f7e0e079/ranger-examples/README.txt -- diff --git a/ranger-examples/README.txt b/ranger-examples/README.txt new file mode 100644 index 000..7b2387e --- /dev/null +++ b/ranger-examples/README.txt @@ -0,0 +1,74 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +1. Introduction + +2. SampleApp + A simple application to demonstrate use of pluggable authorization. + - IAuthorizer: + the authorization interface. Authorizes read/write/execute access to a given file + - DefaultAuthorizer: + default authorizer implementation, authorizes all accesses + - SampleApp: + - main application that prompts the user to enter access to authorize in the following format: + read filePath user1 userGroup1 userGroup2 userGroup3 + write filePath user1 userGroup1 userGroup2 userGroup3 + execute filePath user1 userGroup1 userGroup2 userGroup3 + +3. SampleApp Plugin + - RangerAuthorizer implements IAuthorizer interface and performs authorization using Ranger policies. + - For simplicity, uses policies in a HDFS service instance (like cl1_hadoop): which uses 'path' as the resource and supports 'read', 'write' and 'execute' accessTypes + - conf/ranger-sampleapp-security.xml: has configurations for plugin, like Ranger Admin URL, name of the service containing policies + - conf/ranger-sampleapp-audit.xml: has configurations for plugin audit, like log4j logger name, HDFS folde
incubator-ranger git commit: RANGER-878:Improve error logging and Ranger UI error message when test connection and lookup is done
Repository: incubator-ranger Updated Branches: refs/heads/master 1fe2d3ec6 -> 3a21f7449 RANGER-878:Improve error logging and Ranger UI error message when test connection and lookup is done Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/3a21f744 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/3a21f744 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/3a21f744 Branch: refs/heads/master Commit: 3a21f74494ad253afb7919939491258a52a4d655 Parents: 1fe2d3e Author: rmani Authored: Mon Mar 14 15:22:56 2016 -0700 Committer: rmani Committed: Mon Mar 14 15:22:56 2016 -0700 -- .../apache/ranger/plugin/client/BaseClient.java | 6 +- .../ranger/plugin/client/HadoopException.java | 25 ++ .../services/hbase/RangerServiceHBase.java | 3 +- .../services/hbase/client/HBaseClient.java | 29 ++- .../services/hbase/client/HBaseResourceMgr.java | 3 +- .../ranger/services/hdfs/RangerServiceHdfs.java | 5 +- .../ranger/services/hdfs/client/HdfsClient.java | 55 +++-- .../services/hdfs/client/HdfsConnectionMgr.java | 13 +- .../services/hdfs/client/HdfsResourceMgr.java | 9 +- .../ranger/services/hive/RangerServiceHive.java | 3 +- .../ranger/services/hive/client/HiveClient.java | 226 +-- .../services/hive/client/HiveResourceMgr.java | 4 +- .../ranger/services/knox/client/KnoxClient.java | 3 +- .../ranger/services/yarn/client/YarnClient.java | 3 +- .../java/org/apache/ranger/biz/ServiceMgr.java | 2 +- .../org/apache/ranger/common/TimedExecutor.java | 15 +- .../services/storm/client/StormClient.java | 3 +- 17 files changed, 284 insertions(+), 123 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3a21f744/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java -- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java index 0242caa..df69e2a 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java @@ -78,7 +78,7 @@ public abstract class BaseClient { String msgDesc = "Unable to find login username for hadoop environment, [" + serviceName + "]"; HadoopException hdpException = new HadoopException(msgDesc); - hdpException.generateResponseDataMap(false, msgDesc, msgDesc + errMsg, + hdpException.generateResponseDataMap(false, msgDesc + errMsg, msgDesc + errMsg, null, null); throw hdpException; @@ -110,14 +110,14 @@ public abstract class BaseClient { + serviceName + "]"; HadoopException hdpException = new HadoopException(msgDesc, ioe); - hdpException.generateResponseDataMap(false, getMessage(ioe), + hdpException.generateResponseDataMap(false, getMessage(ioe) + errMsg, msgDesc + errMsg, null, null); throw hdpException; } catch (SecurityException se) { String msgDesc = "Unable to login to Hadoop environment [" + serviceName + "]"; HadoopException hdpException = new HadoopException(msgDesc, se); - hdpException.generateResponseDataMap(false, getMessage(se), + hdpException.generateResponseDataMap(false, getMessage(se) + errMsg, msgDesc + errMsg, null, null); throw hdpException; } finally { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3a21f744/agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopException.java -- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopException.java b/agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopException.java index 1ab2d4b..0f561d0 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopException.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopException.java @@ -19,7 +19,11 @@ package org.apache.ranger.plugin.client; +import java.util.ArrayList; import java.util.HashMap; +
incubator-ranger git commit: RANGER-883 - Fix remaining "imports" issues
Repository: incubator-ranger Updated Branches: refs/heads/master f04e11101 -> 1fe2d3ec6 RANGER-883 - Fix remaining "imports" issues Signed-off-by: Alok Lal Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/1fe2d3ec Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/1fe2d3ec Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/1fe2d3ec Branch: refs/heads/master Commit: 1fe2d3ec612587abb2cb59dd9776de701cd288ca Parents: f04e111 Author: Colm O hEigeartaigh Authored: Mon Mar 14 14:21:25 2016 + Committer: Alok Lal Committed: Mon Mar 14 12:32:06 2016 -0700 -- .../ranger/audit/destination/HDFSAuditDestination.java | 3 +-- .../ranger/audit/destination/SolrAuditDestination.java | 1 - .../java/org/apache/ranger/audit/provider/MiscUtil.java | 4 ++-- .../ranger/audit/provider/hdfs/HdfsLogDestination.java | 2 +- .../plugin/policyengine/RangerPolicyEngineCache.java| 1 - .../ranger/plugin/store/file/ServiceFileStore.java | 1 - dev-support/ranger-pmd-ruleset.xml | 5 + .../hbase/RangerAuthorizationCoprocessor.java | 8 .../services/hbase/client/HBaseConnectionMgr.java | 1 - .../hadoop/agent/HadoopAuthClassTransformer.java| 2 +- .../ranger/services/hdfs/client/HdfsConnectionMgr.java | 1 - .../hadoop/crypto/key/RangerKeyStoreProvider.java | 2 -- .../ranger/services/knox/client/KnoxConnectionMgr.java | 1 - .../kafka/authorizer/RangerKafkaAuthorizer.java | 2 +- .../solr/authorizer/RangerSolrAuthorizer.java | 3 +-- .../apache/ranger/services/yarn/client/YarnClient.java | 1 - .../apache/ranger/policyengine/CommandLineParser.java | 6 +- .../src/main/java/org/apache/ranger/biz/AssetMgr.java | 12 ++-- .../org/apache/ranger/patch/PatchMigration_J10002.java | 1 - 19 files changed, 23 insertions(+), 34 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1fe2d3ec/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java -- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java b/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java index 96755be..519d943 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java @@ -214,8 +214,7 @@ public class HDFSAuditDestination extends AuditDestination { currentTime.getTime()); Configuration conf = createConfiguration(); - String fullPath = parentFolder - + org.apache.hadoop.fs.Path.SEPARATOR + fileName; + String fullPath = parentFolder + Path.SEPARATOR + fileName; String defaultPath = fullPath; URI uri = URI.create(fullPath); FileSystem fileSystem = FileSystem.get(uri, conf); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1fe2d3ec/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java -- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java index df471c3..43b8244 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java @@ -26,7 +26,6 @@ import java.util.Properties; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.ranger.audit.destination.AuditDestination; import org.apache.ranger.audit.model.AuditEventBase; import org.apache.ranger.audit.model.AuthzAuditEvent; import org.apache.ranger.audit.provider.MiscUtil; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1fe2d3ec/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java -- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java index b7b28ed..752a6df 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.ja
incubator-ranger git commit: RANGER-725: Added gitignore files to ignore target directory from ranger-example modules
Repository: incubator-ranger Updated Branches: refs/heads/master 880692ae9 -> f04e11101 RANGER-725: Added gitignore files to ignore target directory from ranger-example modules Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f04e1110 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f04e1110 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f04e1110 Branch: refs/heads/master Commit: f04e111018e2db7079538036f21a3da024c823b8 Parents: 880692a Author: sneethiraj Authored: Mon Mar 14 12:30:24 2016 -0400 Committer: sneethiraj Committed: Mon Mar 14 12:30:24 2016 -0400 -- ranger-examples/conditions-enrichers/.gitignore | 1 + ranger-examples/plugin-sampleapp/.gitignore | 1 + ranger-examples/sampleapp/.gitignore| 1 + 3 files changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f04e1110/ranger-examples/conditions-enrichers/.gitignore -- diff --git a/ranger-examples/conditions-enrichers/.gitignore b/ranger-examples/conditions-enrichers/.gitignore new file mode 100644 index 000..b83d222 --- /dev/null +++ b/ranger-examples/conditions-enrichers/.gitignore @@ -0,0 +1 @@ +/target/ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f04e1110/ranger-examples/plugin-sampleapp/.gitignore -- diff --git a/ranger-examples/plugin-sampleapp/.gitignore b/ranger-examples/plugin-sampleapp/.gitignore new file mode 100644 index 000..b83d222 --- /dev/null +++ b/ranger-examples/plugin-sampleapp/.gitignore @@ -0,0 +1 @@ +/target/ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f04e1110/ranger-examples/sampleapp/.gitignore -- diff --git a/ranger-examples/sampleapp/.gitignore b/ranger-examples/sampleapp/.gitignore new file mode 100644 index 000..b83d222 --- /dev/null +++ b/ranger-examples/sampleapp/.gitignore @@ -0,0 +1 @@ +/target/