RANGER-2646: replace static references to static configuration instance, RangerConfiguration.getInstance()
diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java
index 2bc7557..87d0190 100644
--- a/agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java
@@ -19,16 +19,32 @@
package org.apache.ranger.admin.client;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.plugin.util.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import java.util.List;
public abstract class AbstractRangerAdminClient implements RangerAdminClient {
+ private static final Logger LOG = LoggerFactory.getLogger(AbstractRangerAdminClient.class);
+
+ protected Gson gson;
@Override
- public void init(String serviceName, String appId, String configPropertyPrefix) {
+ public void init(String serviceName, String appId, String configPropertyPrefix, Configuration config) {
+ Gson gson = null;
+ try {
+ gson = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
+ } catch(Throwable excp) {
+ LOG.error("AbstractRangerAdminClient: failed to create GsonBuilder object", excp);
+ }
+
+ this.gson = gson;
}
@Override
diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java
index 9510888..58eb00a 100644
--- a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java
@@ -20,6 +20,7 @@
package org.apache.ranger.admin.client;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.GrantRevokeRoleRequest;
@@ -32,7 +33,7 @@
public interface RangerAdminClient {
- void init(String serviceName, String appId, String configPropertyPrefix);
+ void init(String serviceName, String appId, String configPropertyPrefix, Configuration config);
ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception;
diff --git a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
index 86469fd..e5f9747 100644
--- a/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
@@ -25,11 +25,11 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.admin.client.datatype.RESTResponse;
import org.apache.ranger.audit.provider.MiscUtil;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.plugin.util.*;
@@ -76,21 +76,23 @@
}
@Override
- public void init(String serviceName, String appId, String propertyPrefix) {
+ public void init(String serviceName, String appId, String propertyPrefix, Configuration config) {
+ super.init(serviceName, appId, propertyPrefix, config);
+
this.serviceName = serviceName;
this.pluginId = restUtils.getPluginId(serviceName, appId);
String url = "";
- String tmpUrl = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.rest.url");
- String sslConfigFileName = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.rest.ssl.config.file");
- clusterName = RangerConfiguration.getInstance().get(propertyPrefix + ".access.cluster.name", "");
+ String tmpUrl = config.get(propertyPrefix + ".policy.rest.url");
+ String sslConfigFileName = config.get(propertyPrefix + ".policy.rest.ssl.config.file");
+ clusterName = config.get(propertyPrefix + ".access.cluster.name", "");
if(StringUtil.isEmpty(clusterName)){
- clusterName = RangerConfiguration.getInstance().get(propertyPrefix + ".ambari.cluster.name", "");
+ clusterName =config.get(propertyPrefix + ".ambari.cluster.name", "");
}
- int restClientConnTimeOutMs = RangerConfiguration.getInstance().getInt(propertyPrefix + ".policy.rest.client.connection.timeoutMs", 120 * 1000);
- int restClientReadTimeOutMs = RangerConfiguration.getInstance().getInt(propertyPrefix + ".policy.rest.client.read.timeoutMs", 30 * 1000);
- supportsPolicyDeltas = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.rest.supports.policy.deltas", "false");
- supportsTagDeltas = RangerConfiguration.getInstance().get(propertyPrefix + ".tag.rest.supports.tag.deltas", "false");
+ int restClientConnTimeOutMs = config.getInt(propertyPrefix + ".policy.rest.client.connection.timeoutMs", 120 * 1000);
+ int restClientReadTimeOutMs = config.getInt(propertyPrefix + ".policy.rest.client.read.timeoutMs", 30 * 1000);
+ supportsPolicyDeltas = config.get(propertyPrefix + ".policy.rest.supports.policy.deltas", "false");
+ supportsTagDeltas = config.get(propertyPrefix + ".tag.rest.supports.tag.deltas", "false");
if (!StringUtil.isEmpty(tmpUrl)) {
url = tmpUrl.trim();
@@ -105,7 +107,7 @@
supportsTagDeltas = "false";
}
- init(url, sslConfigFileName, restClientConnTimeOutMs , restClientReadTimeOutMs);
+ init(url, sslConfigFileName, restClientConnTimeOutMs , restClientReadTimeOutMs, config);
try {
this.serviceNameUrlParam = URLEncoderUtil.encodeURIParam(serviceName);
@@ -762,12 +764,12 @@
}
}
- private void init(String url, String sslConfigFileName, int restClientConnTimeOutMs , int restClientReadTimeOutMs ) {
+ private void init(String url, String sslConfigFileName, int restClientConnTimeOutMs , int restClientReadTimeOutMs, Configuration config) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAdminRESTClient.init(" + url + ", " + sslConfigFileName + ")");
}
- restClient = new RangerRESTClient(url, sslConfigFileName);
+ restClient = new RangerRESTClient(url, sslConfigFileName, config);
restClient.setRestClientConnTimeOutMs(restClientConnTimeOutMs);
restClient.setRestClientReadTimeOutMs(restClientReadTimeOutMs);
diff --git a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerAdminConfig.java b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerAdminConfig.java
new file mode 100644
index 0000000..8783142
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerAdminConfig.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authorization.hadoop.config;
+
+import org.apache.log4j.Logger;
+
+public class RangerAdminConfig extends RangerConfiguration {
+ private static final Logger LOG = Logger.getLogger(RangerAdminConfig.class);
+
+ public RangerAdminConfig() {
+ super();
+
+ addAdminResources();
+ }
+
+
+ private boolean addAdminResources() {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> addAdminResources()");
+ }
+
+ String defaultCfg = "ranger-admin-default-site.xml";
+ String addlCfg = "ranger-admin-site.xml";
+ String coreCfg = "core-site.xml";
+
+ boolean ret = true;
+
+ if (!addResourceIfReadable(defaultCfg)) {
+ ret = false;
+ }
+
+ if (!addResourceIfReadable(addlCfg)) {
+ ret = false;
+ }
+
+ if (!addResourceIfReadable(coreCfg)){
+ ret = false;
+ }
+
+ if (! ret) {
+ LOG.error("Could not add ranger-admin resources to RangerAdminConfig.");
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== addAdminResources(), result=" + ret);
+ }
+
+ return ret;
+ }
+}
diff --git a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerAuditConfig.java b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerAuditConfig.java
new file mode 100644
index 0000000..70928be
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerAuditConfig.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authorization.hadoop.config;
+
+import org.apache.log4j.Logger;
+
+public class RangerAuditConfig extends RangerConfiguration {
+ private static final Logger LOG = Logger.getLogger(RangerAuditConfig.class);
+
+ private final boolean initSuccess;
+
+ public RangerAuditConfig() {
+ super();
+
+ initSuccess = addAuditResources();
+ }
+
+ public boolean isInitSuccess() { return initSuccess; }
+
+ private boolean addAuditResources() {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> addAuditResources()");
+ }
+
+ String defaultCfg = "ranger-standalone-audit.xml";
+
+ boolean ret = true;
+
+ if (!addResourceIfReadable(defaultCfg)) {
+ LOG.error("Could not add " + defaultCfg + " to RangerAuditConfig.");
+ ret = false;
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== addAuditResources(), result=" + ret);
+ }
+
+ return ret;
+ }
+}
diff --git a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfiguration.java b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfiguration.java
index 481fbcc..43ddf0b 100644
--- a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfiguration.java
+++ b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfiguration.java
@@ -20,7 +20,6 @@
package org.apache.ranger.authorization.hadoop.config;
-import java.io.File;
import java.net.URL;
import java.util.Properties;
@@ -30,63 +29,14 @@
public class RangerConfiguration extends Configuration {
private static final Logger LOG = Logger.getLogger(RangerConfiguration.class);
-
- private static volatile RangerConfiguration config;
-
- private RangerConfiguration() {
+
+ protected RangerConfiguration() {
super(false);
}
- public void addResourcesForServiceType(String serviceType) {
- String auditCfg = "ranger-" + serviceType + "-audit.xml";
- String securityCfg = "ranger-" + serviceType + "-security.xml";
- String sslCfg = "ranger-" + serviceType + "-policymgr-ssl.xml";
-
- if ( !addResourceIfReadable(auditCfg)) {
- addAuditResource(serviceType);
- }
-
- if ( !addResourceIfReadable(securityCfg)) {
- addSecurityResource(serviceType);
- }
-
- if ( !addResourceIfReadable(sslCfg)) {
- addSslConfigResource(serviceType);
- }
-
- }
-
- public boolean addAdminResources() {
- String defaultCfg = "ranger-admin-default-site.xml";
- String addlCfg = "ranger-admin-site.xml";
- String coreCfg = "core-site.xml";
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> addAdminResources()");
- }
- boolean ret = true;
-
- if (! addResourceIfReadable(defaultCfg)) {
- ret = false;
- }
-
- if (! addResourceIfReadable(addlCfg)) {
- ret = false;
- }
-
- if(! addResourceIfReadable(coreCfg)){
- ret = false;
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== addAdminResources(), result=" + ret);
- }
- return ret;
- }
-
public boolean addResourceIfReadable(String aResourceName) {
-
boolean ret = false;
+
if(LOG.isDebugEnabled()) {
LOG.debug("==> addResourceIfReadable(" + aResourceName + ")");
}
@@ -116,24 +66,11 @@
return ret;
}
-
- public static RangerConfiguration getInstance() {
- RangerConfiguration result = config;
- if (result == null) {
- synchronized (RangerConfiguration.class) {
- result = config;
- if (result == null) {
- config = result = new RangerConfiguration();
- }
- }
- }
- return result;
- }
-
public Properties getProperties() {
return getProps();
}
+
private URL getFileLocation(String fileName) {
URL lurl = RangerConfiguration.class.getClassLoader().getResource(fileName);
@@ -142,94 +79,4 @@
}
return lurl;
}
-
- private void addSecurityResource(String serviceType) {
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> addSecurityResource(Service Type: " + serviceType );
- }
-
- Configuration rangerConf = RangerLegacyConfigBuilder.getSecurityConfig(serviceType);
-
- if ( rangerConf != null ) {
- addResource(rangerConf);
- } else {
- if(LOG.isDebugEnabled()) {
- LOG.debug("Unable to add the Security Config for " + serviceType + ". Plugin won't be enabled!");
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<= addSecurityResource(Service Type: " + serviceType );
- }
- }
-
- private void addAuditResource(String serviceType) {
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> addAuditResource(Service Type: " + serviceType );
- }
-
- try {
- URL url = RangerLegacyConfigBuilder.getAuditConfig(serviceType);
-
- if( url != null) {
- addResource(url);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> addAuditResource() URL" + url.getPath());
- }
- }
-
- } catch (Throwable t) {
- LOG.warn(" Unable to find Audit Config for " + serviceType + " Auditing not enabled !" );
- if(LOG.isDebugEnabled()) {
- LOG.debug(" Unable to find Audit Config for " + serviceType + " Auditing not enabled !" + t);
- }
- }
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== addAuditResource(Service Type: " + serviceType + ")");
- }
- }
-
- private void addSslConfigResource(String serviceType) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("==> addSslConfigResource(Service Type: " + serviceType);
- }
- try {
- String sslConfigFile = config.get(RangerLegacyConfigBuilder.getPropertyName(RangerConfigConstants.RANGER_PLUGIN_REST_SSL_CONFIG_FILE, serviceType));
- URL url = getSSLConfigResource(sslConfigFile);
- if (url != null) {
- addResource(url);
- if (LOG.isDebugEnabled()) {
- LOG.debug("SSL config file URL:" + url.getPath());
- }
- }
- } catch (Throwable t) {
- LOG.warn(" Unable to find SSL Configs");
- if (LOG.isDebugEnabled()) {
- LOG.debug(" Unable to find SSL Configs");
- }
- }
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== addSslConfigResource(Service Type: " + serviceType + ")");
- }
- }
-
- private URL getSSLConfigResource(String fileName) throws Throwable {
- URL ret = null;
- try {
- if (fileName != null) {
- File f = new File(fileName);
- if (f.exists() && f.canRead()) {
- ret = f.toURI().toURL();
- }
- }
- } catch (Throwable t) {
- LOG.error("Unable to read SSL configuration file:" + fileName);
- throw t;
- }
- return ret;
- }
-
}
diff --git a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java
new file mode 100644
index 0000000..78e8533
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java
@@ -0,0 +1,152 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authorization.hadoop.config;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.log4j.Logger;
+
+import java.io.File;
+import java.net.URL;
+
+public class RangerPluginConfig extends RangerConfiguration {
+ private static final Logger LOG = Logger.getLogger(RangerPluginConfig.class);
+
+ public RangerPluginConfig(String serviceType) {
+ super();
+
+ addResourcesForServiceType(serviceType);
+ }
+
+
+ private void addResourcesForServiceType(String serviceType) {
+ String auditCfg = "ranger-" + serviceType + "-audit.xml";
+ String securityCfg = "ranger-" + serviceType + "-security.xml";
+ String sslCfg = "ranger-" + serviceType + "-policymgr-ssl.xml";
+
+ if (!addResourceIfReadable(auditCfg)) {
+ addAuditResource(serviceType);
+ }
+
+ if (!addResourceIfReadable(securityCfg)) {
+ addSecurityResource(serviceType);
+ }
+
+ if (!addResourceIfReadable(sslCfg)) {
+ addSslConfigResource(serviceType);
+ }
+ }
+
+ private void addSecurityResource(String serviceType) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> addSecurityResource(Service Type: " + serviceType );
+ }
+
+ Configuration rangerConf = RangerLegacyConfigBuilder.getSecurityConfig(serviceType);
+
+ if (rangerConf != null ) {
+ addResource(rangerConf);
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Unable to add the Security Config for " + serviceType + ". Plugin won't be enabled!");
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<= addSecurityResource(Service Type: " + serviceType );
+ }
+ }
+
+ private void addAuditResource(String serviceType) {
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> addAuditResource(Service Type: " + serviceType );
+ }
+
+ try {
+ URL url = RangerLegacyConfigBuilder.getAuditConfig(serviceType);
+
+ if (url != null) {
+ addResource(url);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> addAuditResource() URL" + url.getPath());
+ }
+ }
+
+ } catch (Throwable t) {
+ LOG.warn("Unable to find Audit Config for " + serviceType + " Auditing not enabled !" );
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("Unable to find Audit Config for " + serviceType + " Auditing not enabled !" + t);
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== addAuditResource(Service Type: " + serviceType + ")");
+ }
+ }
+
+ private void addSslConfigResource(String serviceType) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> addSslConfigResource(Service Type: " + serviceType);
+ }
+
+ try {
+ String sslConfigFile = this.get(RangerLegacyConfigBuilder.getPropertyName(RangerConfigConstants.RANGER_PLUGIN_REST_SSL_CONFIG_FILE, serviceType));
+
+ URL url = getSSLConfigResource(sslConfigFile);
+ if (url != null) {
+ addResource(url);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SSL config file URL:" + url.getPath());
+ }
+ }
+ } catch (Throwable t) {
+ LOG.warn(" Unable to find SSL Configs");
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(" Unable to find SSL Configs");
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== addSslConfigResource(Service Type: " + serviceType + ")");
+ }
+ }
+
+ private URL getSSLConfigResource(String fileName) throws Throwable {
+ URL ret = null;
+
+ try {
+ if (fileName != null) {
+ File f = new File(fileName);
+ if (f.exists() && f.canRead()) {
+ ret = f.toURI().toURL();
+ }
+ }
+ } catch (Throwable t) {
+ LOG.error("Unable to read SSL configuration file:" + fileName);
+
+ throw t;
+ }
+
+ return ret;
+ }
+}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
index 6b6e91d..137fd1f 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
@@ -27,10 +27,10 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.audit.provider.AuditHandler;
import org.apache.ranger.audit.provider.MiscUtil;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
import org.apache.ranger.plugin.contextenricher.RangerTagForEval;
import org.apache.ranger.plugin.policyengine.*;
@@ -41,20 +41,36 @@
public class RangerDefaultAuditHandler implements RangerAccessResultProcessor {
-
- protected static final String RangerModuleName = RangerConfiguration.getInstance().get(RangerHadoopConstants.AUDITLOG_RANGER_MODULE_ACL_NAME_PROP , RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME);
-
private static final Log LOG = LogFactory.getLog(RangerDefaultAuditHandler.class);
+
static long sequenceNumber;
private static String UUID = MiscUtil.generateUniqueId();
private static AtomicInteger counter = new AtomicInteger(0);
+ protected String moduleName = RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME;
+
RangerRESTUtils restUtils = new RangerRESTUtils();
public RangerDefaultAuditHandler() {
}
+ public RangerDefaultAuditHandler(Configuration config) {
+ init(config);
+ }
+
+ public void init(Configuration config) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerDefaultAuditHandler.init()");
+ }
+
+ moduleName = config.get(RangerHadoopConstants.AUDITLOG_RANGER_MODULE_ACL_NAME_PROP , RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerDefaultAuditHandler.init()");
+ }
+ }
+
@Override
public void processResult(RangerAccessResult result) {
if(LOG.isDebugEnabled()) {
@@ -119,7 +135,7 @@
ret.setClientIP(request.getClientIPAddress());
ret.setClientType(request.getClientType());
ret.setSessionId(request.getSessionId());
- ret.setAclEnforcer(RangerModuleName);
+ ret.setAclEnforcer(moduleName);
Set<String> tags = getTags(request);
if (tags != null) {
ret.setTags(tags);
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
index 0c078a8..dc4ede9 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
@@ -23,7 +23,7 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.contextenricher.RangerTagForEval;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
@@ -57,21 +57,7 @@
private static String[] dateFormatStrings = null;
static {
- StringBuilder sb = new StringBuilder(DEFAULT_RANGER_TAG_ATTRIBUTE_DATE_FORMAT);
- sb.append(TAG_ATTR_DATE_FORMAT_SEPARATOR).append(DEFAULT_ATLAS_TAG_ATTRIBUTE_DATE_FORMAT_NAME);
-
- String additionalDateFormatsValue = RangerConfiguration.getInstance().get(TAG_ATTR_DATE_FORMAT_PROP);
- if (StringUtils.isNotBlank(additionalDateFormatsValue)) {
- sb.append(TAG_ATTR_DATE_FORMAT_SEPARATOR).append(additionalDateFormatsValue);
- }
-
- dateFormatStrings = sb.toString().split(TAG_ATTR_DATE_FORMAT_SEPARATOR_REGEX);
- Arrays.sort(dateFormatStrings, new Comparator<String>() {
- @Override
- public int compare(String first, String second) {
- return Integer.compare(second.length(), first.length());
- }
- });
+ init(null);
}
private static final ThreadLocal<List<SimpleDateFormat>> THREADLOCAL_DATE_FORMATS =
@@ -102,6 +88,29 @@
this.accessRequest = accessRequest;
}
+ public static void init(Configuration config) {
+ StringBuilder sb = new StringBuilder(DEFAULT_RANGER_TAG_ATTRIBUTE_DATE_FORMAT);
+
+ sb.append(TAG_ATTR_DATE_FORMAT_SEPARATOR).append(DEFAULT_ATLAS_TAG_ATTRIBUTE_DATE_FORMAT_NAME);
+
+ String additionalDateFormatsValue = config != null ? config.get(TAG_ATTR_DATE_FORMAT_PROP) : null;
+
+ if (StringUtils.isNotBlank(additionalDateFormatsValue)) {
+ sb.append(TAG_ATTR_DATE_FORMAT_SEPARATOR).append(additionalDateFormatsValue);
+ }
+
+ String[] formatStrings = sb.toString().split(TAG_ATTR_DATE_FORMAT_SEPARATOR_REGEX);
+
+ Arrays.sort(formatStrings, new Comparator<String>() {
+ @Override
+ public int compare(String first, String second) {
+ return Integer.compare(second.length(), first.length());
+ }
+ });
+
+ RangerScriptExecutionContext.dateFormatStrings = formatStrings;
+ }
+
public String getResource() {
String ret = null;
Object val = getRequestContext().get(RangerAccessRequestUtil.KEY_CONTEXT_RESOURCE);
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
index 737ce04..6a12d63 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
@@ -31,9 +31,11 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.policyengine.RangerPluginContext;
import org.apache.ranger.plugin.service.RangerAuthContext;
@@ -44,7 +46,7 @@
protected String serviceName;
protected String appId;
protected RangerServiceDef serviceDef;
- protected RangerAuthContext authContext;
+ private RangerPluginContext pluginContext;
@Override
public void setEnricherDef(RangerContextEnricherDef enricherDef) {
@@ -71,9 +73,13 @@
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAbstractContextEnricher.init(" + enricherDef + ")");
}
+
+ RangerAuthContext authContext = getAuthContext();
+
if (authContext != null) {
authContext.addOrReplaceRequestContextEnricher(this, null);
}
+
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerAbstractContextEnricher.init(" + enricherDef + ")");
}
@@ -89,9 +95,13 @@
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAbstractContextEnricher.preCleanup(" + enricherDef + ")");
}
+
+ RangerAuthContext authContext = getAuthContext();
+
if (authContext != null) {
authContext.cleanupRequestContextEnricher(this);
}
+
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerAbstractContextEnricher.preCleanup(" + enricherDef + ")");
}
@@ -147,12 +157,48 @@
return ret;
}
- public void setAuthContext(RangerAuthContext authContext) {
- this.authContext = authContext;
+ public RangerAuthContext getAuthContext() {
+ return pluginContext != null ? pluginContext.getAuthContext() : null;
}
- public RangerAuthContext getAuthContext() {
- return authContext;
+ final public void setPluginContext(RangerPluginContext pluginContext) {
+ this.pluginContext = pluginContext;
+ }
+
+ public String getConfig(String configName, String defaultValue) {
+ String ret = defaultValue;
+
+ Configuration config = pluginContext != null ? pluginContext.getConfig() : null;
+
+ if (config != null) {
+ ret = config.get(configName, defaultValue);
+ }
+
+ return ret;
+ }
+
+ public int getIntConfig(String configName, int defaultValue) {
+ int ret = defaultValue;
+
+ Configuration config = pluginContext != null ? pluginContext.getConfig() : null;
+
+ if (config != null) {
+ ret = config.getInt(configName, defaultValue);
+ }
+
+ return ret;
+ }
+
+ public boolean getBooleanConfig(String configName, boolean defaultValue) {
+ boolean ret = defaultValue;
+
+ Configuration config = pluginContext != null ? pluginContext.getConfig() : null;
+
+ if (config != null) {
+ ret = config.getBoolean(configName, defaultValue);
+ }
+
+ return ret;
}
public String getOption(String name, String defaultValue) {
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java
index f766e05..632a573 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java
@@ -23,6 +23,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.admin.client.RangerAdminClient;
+import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.apache.ranger.plugin.util.ServiceTags;
@@ -40,7 +41,9 @@
if (StringUtils.isNotBlank(serviceName) && serviceDef != null && StringUtils.isNotBlank(appId)) {
String propertyPrefix = "ranger.plugin." + serviceDef.getName();
- adminClient = RangerBasePlugin.createAdminClient(serviceName, appId, propertyPrefix);
+ RangerPluginConfig config = new RangerPluginConfig(serviceDef.getName());
+
+ adminClient = RangerBasePlugin.createAdminClient(serviceName, appId, propertyPrefix, config);
} else {
LOG.error("FATAL: Cannot find service/serviceDef to use for retrieving tags. Will NOT be able to retrieve tags.");
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
index 4e56f5c..6963995 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
@@ -26,7 +26,6 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceResource;
@@ -120,9 +119,10 @@
if (tagRetriever != null) {
String propertyPrefix = "ranger.plugin." + serviceDef.getName();
- disableCacheIfServiceNotFound = RangerConfiguration.getInstance().getBoolean(propertyPrefix + ".disable.cache.if.servicenotfound", true);
- String cacheDir = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.cache.dir");
+ disableCacheIfServiceNotFound = getBooleanConfig(propertyPrefix + ".disable.cache.if.servicenotfound", true);
+ String cacheDir = getConfig(propertyPrefix + ".policy.cache.dir", null);
String cacheFilename = String.format("%s_%s_tag.json", appId, serviceName);
+
cacheFilename = cacheFilename.replace(File.separatorChar, '_');
cacheFilename = cacheFilename.replace(File.pathSeparatorChar, '_');
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPluginContext.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPluginContext.java
index df21c5d..42f57f3 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPluginContext.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPluginContext.java
@@ -21,23 +21,31 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.service.RangerAuthContext;
import org.apache.ranger.plugin.service.RangerBasePlugin;
public class RangerPluginContext {
-
private static final Log LOG = LogFactory.getLog(RangerBasePlugin.class);
+
+ private final RangerPluginConfig config;
private String clusterName;
private String clusterType;
private RangerAuthContext authContext;
- public RangerPluginContext(String serviceType){
+ public RangerPluginContext(String serviceType) {
+ this(serviceType, new RangerPluginConfig(serviceType));
+ }
+
+ public RangerPluginContext(String serviceType, RangerPluginConfig config) {
+ this.config = config;
this.clusterName = findClusterName(serviceType);
this.clusterType = findClusterType(serviceType);
}
+ public RangerPluginConfig getConfig() { return config; }
+
public String getClusterName() {
return clusterName;
}
@@ -64,9 +72,9 @@
}
String propertyPrefix = "ranger.plugin." + serviceType;
- String clusterName = RangerConfiguration.getInstance().get(propertyPrefix + ".access.cluster.name", "");
+ String clusterName = config.get(propertyPrefix + ".access.cluster.name", "");
if(StringUtil.isEmpty(clusterName)){
- clusterName = RangerConfiguration.getInstance().get(propertyPrefix + ".ambari.cluster.name", "");
+ clusterName = config.get(propertyPrefix + ".ambari.cluster.name", "");
}
if(LOG.isDebugEnabled()) {
@@ -82,9 +90,9 @@
}
String propertyPrefix = "ranger.plugin." + serviceType;
- String clusterType = RangerConfiguration.getInstance().get(propertyPrefix + ".access.cluster.type", "");
+ String clusterType = config.get(propertyPrefix + ".access.cluster.type", "");
if(StringUtil.isEmpty(clusterType)){
- clusterType = RangerConfiguration.getInstance().get(propertyPrefix + ".ambari.cluster.type", "");
+ clusterType = config.get(propertyPrefix + ".ambari.cluster.type", "");
}
if(LOG.isDebugEnabled()) {
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index 45b223d..7c48ef7 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -25,7 +25,6 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.contextenricher.RangerContextEnricher;
import org.apache.ranger.plugin.contextenricher.RangerTagForEval;
import org.apache.ranger.plugin.model.RangerPolicy;
@@ -274,7 +273,7 @@
String serviceType = servicePolicies.getServiceDef().getName();
String propertyName = "ranger.plugin." + serviceType + ".policyengine.evaluator.auto.maximum.policycount.for.cache.type";
- int thresholdForUsingOptimizedEvaluator = RangerConfiguration.getInstance().getInt(propertyName, MAX_POLICIES_FOR_CACHE_TYPE_EVALUATOR);
+ int thresholdForUsingOptimizedEvaluator = pluginContext.getConfig().getInt(propertyName, MAX_POLICIES_FOR_CACHE_TYPE_EVALUATOR);
int servicePoliciesCount = servicePolicies.getPolicies().size() + (servicePolicies.getTagPolicies() != null ? servicePolicies.getTagPolicies().getPolicies().size() : 0);
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index 065120f..68f7791 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -23,7 +23,6 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.contextenricher.RangerAbstractContextEnricher;
import org.apache.ranger.plugin.contextenricher.RangerContextEnricher;
import org.apache.ranger.plugin.contextenricher.RangerTagEnricher;
@@ -33,6 +32,7 @@
import org.apache.ranger.plugin.model.RangerPolicyDelta;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.validation.RangerServiceDefHelper;
+import org.apache.ranger.plugin.policyevaluator.RangerAbstractPolicyEvaluator;
import org.apache.ranger.plugin.policyevaluator.RangerCachedPolicyEvaluator;
import org.apache.ranger.plugin.policyevaluator.RangerOptimizedPolicyEvaluator;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
@@ -296,7 +296,7 @@
if (options.cacheAuditResults) {
final int RANGER_POLICYENGINE_AUDITRESULT_CACHE_SIZE = 64 * 1024;
- int auditResultCacheSize = RangerConfiguration.getInstance().getInt(propertyName, RANGER_POLICYENGINE_AUDITRESULT_CACHE_SIZE);
+ int auditResultCacheSize = pluginContext.getConfig().getInt(propertyName, RANGER_POLICYENGINE_AUDITRESULT_CACHE_SIZE);
accessAuditCache = Collections.synchronizedMap(new CacheMap<String, AuditInfo>(auditResultCacheSize));
} else {
accessAuditCache = null;
@@ -982,7 +982,7 @@
ret.setAppId(appId);
if (ret instanceof RangerAbstractContextEnricher) {
RangerAbstractContextEnricher abstractContextEnricher = (RangerAbstractContextEnricher) ret;
- abstractContextEnricher.setAuthContext(pluginContext.getAuthContext());
+ abstractContextEnricher.setPluginContext(pluginContext);
}
ret.init();
}
@@ -1001,7 +1001,7 @@
}
scrubPolicy(policy);
- RangerPolicyEvaluator ret;
+ RangerAbstractPolicyEvaluator ret;
if(StringUtils.equalsIgnoreCase(options.evaluatorType, RangerPolicyEvaluator.EVALUATOR_TYPE_CACHED)) {
ret = new RangerCachedPolicyEvaluator();
@@ -1009,6 +1009,7 @@
ret = new RangerOptimizedPolicyEvaluator();
}
+ ret.setPluginContext(pluginContext);
ret.init(policy, serviceDef, options);
if(LOG.isDebugEnabled()) {
@@ -1099,7 +1100,7 @@
ret = new HashMap<>();
for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
- ret.put(resourceDef.getName(), new RangerResourceTrie(resourceDef, evaluators, RangerPolicyEvaluator.EVAL_ORDER_COMPARATOR, optimizeTrieForRetrieval));
+ ret.put(resourceDef.getName(), new RangerResourceTrie(resourceDef, evaluators, RangerPolicyEvaluator.EVAL_ORDER_COMPARATOR, optimizeTrieForRetrieval, pluginContext));
}
} else {
ret = null;
@@ -1122,7 +1123,7 @@
if (RangerPolicyDelta.CHANGE_TYPE_POLICY_DELETE == policyDeltaType || RangerPolicyDelta.CHANGE_TYPE_POLICY_UPDATE == policyDeltaType) {
LOG.warn("policyDeltaType is not for POLICY_CREATE and trie for resourceDef:[" + resourceDefName + "] was null! Should not have happened!!");
}
- trie = new RangerResourceTrie<>(resourceDef, new ArrayList<>(), RangerPolicyEvaluator.EVAL_ORDER_COMPARATOR, true);
+ trie = new RangerResourceTrie<>(resourceDef, new ArrayList<>(), RangerPolicyEvaluator.EVAL_ORDER_COMPARATOR, true, pluginContext);
trieMap.put(resourceDefName, trie);
}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java
index 689985c..fd20d63 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java
@@ -27,6 +27,7 @@
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.policyengine.RangerPluginContext;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions;
import org.apache.ranger.plugin.util.ServiceDefUtil;
@@ -41,8 +42,13 @@
private int evalOrder;
protected long usageCount;
protected boolean usageCountMutable = true;
+ protected RangerPluginContext pluginContext = null;
+ public void setPluginContext(RangerPluginContext pluginContext) { this.pluginContext = pluginContext; }
+
+ public RangerPluginContext getPluginContext() { return pluginContext; }
+
@Override
public void init(RangerPolicy policy, RangerServiceDef serviceDef, RangerPolicyEngineOptions options) {
if(LOG.isDebugEnabled()) {
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index 8469605..843fabc 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -1058,7 +1058,7 @@
if(policyItemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY ||
policyItemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS ||
policyItemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS) {
- ret = ServiceDefUtil.getOption_enableDenyAndExceptionsInPolicies(serviceDef);
+ ret = ServiceDefUtil.getOption_enableDenyAndExceptionsInPolicies(serviceDef, pluginContext);
}
return ret;
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerResourceAccessCache.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerResourceAccessCache.java
deleted file mode 100644
index 55f3a04..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerResourceAccessCache.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.ranger.plugin.policyevaluator;
-
-import org.apache.ranger.plugin.policyengine.RangerAccessResource;
-
-public interface RangerResourceAccessCache {
- public enum LookupResult {
- IN_MATCHED_CACHE,
- IN_NOTMATCHED_CACHE,
- NOT_FOUND,
- ERROR
- }
-
- public enum CacheType {
- MATCHED_CACHE,
- NOTMATCHED_CACHE
- }
-
- LookupResult lookup(RangerAccessResource resource);
-
- void add(RangerAccessResource resource, CacheType cacheType);
-}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerResourceAccessCacheImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerResourceAccessCacheImpl.java
deleted file mode 100644
index bde65b8..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerResourceAccessCacheImpl.java
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.ranger.plugin.policyevaluator;
-
-
-import java.util.Map;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.policyengine.CacheMap;
-import org.apache.ranger.plugin.policyengine.RangerAccessResource;
-
-
-public class RangerResourceAccessCacheImpl implements RangerResourceAccessCache {
- private static final Log LOG = LogFactory.getLog(RangerResourceAccessCacheImpl.class);
-
- public synchronized static RangerResourceAccessCache getInstance(RangerServiceDef serviceDef, RangerPolicy policy) {
- return new RangerResourceAccessCacheImpl(policy);
- }
-
- private Map<String, String> matchedResourceCache;
- private Map<String, String> notMatchedResourceCache;
-
- private RangerResourceAccessCacheImpl(RangerPolicy policy) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerResourceAccessCacheImpl.constructor(), policyName:" + policy.getName());
- }
-
- int matchedCacheSize = RangerConfiguration.getInstance().getInt("ranger.policyengine.matched.cached.count", 1000);
- int notMatchedCacheSize = RangerConfiguration.getInstance().getInt("ranger.policyengine.not.matched.cached.count", matchedCacheSize * 10);
-
- matchedResourceCache = new CacheMap<String, String>(matchedCacheSize);
- notMatchedResourceCache = new CacheMap<String, String>(notMatchedCacheSize);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerResourceAccessCacheImpl.constructor(), policyName:" + policy.getName());
- }
- }
-
- @Override
- public LookupResult lookup(RangerAccessResource resource) {
- String strResource = resource.getCacheKey();
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerResourceAccessCacheImpl.lookup(" + strResource + ")");
- }
-
- LookupResult result = LookupResult.NOT_FOUND;
-
- try {
- synchronized(this) {
- if (matchedResourceCache.containsKey(strResource)) {
- result = LookupResult.IN_MATCHED_CACHE;
- } else if(notMatchedResourceCache.containsKey(strResource)) {
- result = LookupResult.IN_NOTMATCHED_CACHE;
- }
- }
- } catch (Exception exception) {
- result = LookupResult.ERROR;
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerResourceAccessCacheImpl.lookup(" + strResource + "): " + result);
- }
-
- return result;
- }
-
- @Override
- public void add(RangerAccessResource resource, CacheType cacheType) {
- String strResource = resource.getCacheKey();
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerResourceAccessCacheImpl.add(" + strResource + ", " + cacheType + ")");
- }
-
- synchronized(this) {
- switch (cacheType) {
- case MATCHED_CACHE:
- matchedResourceCache.put(strResource, strResource);
- break;
-
- case NOTMATCHED_CACHE:
- notMatchedResourceCache.put(strResource, strResource);
- break;
- default:
- break;
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerResourceAccessCacheImpl.add(" + strResource + ", " + cacheType + ")");
- }
- }
-}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index df09b15..fbed32c 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -28,13 +28,16 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.admin.client.RangerAdminClient;
import org.apache.ranger.admin.client.RangerAdminRESTClient;
import org.apache.ranger.audit.provider.AuditHandler;
import org.apache.ranger.audit.provider.AuditProviderFactory;
import org.apache.ranger.audit.provider.StandAloneAuditProviderFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerAuditConfig;
+import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.authorization.utils.StringUtil;
+import org.apache.ranger.plugin.conditionevaluator.RangerScriptExecutionContext;
import org.apache.ranger.plugin.contextenricher.RangerContextEnricher;
import org.apache.ranger.plugin.contextenricher.RangerTagEnricher;
import org.apache.ranger.plugin.model.RangerPolicy;
@@ -61,8 +64,9 @@
private static Map<String, RangerBasePlugin> servicePluginMap = new ConcurrentHashMap<>();
- private String serviceType;
- private String appId;
+ private final String serviceType;
+ private final String appId;
+ private final RangerPluginConfig config;
private String serviceName;
private String clusterName;
private PolicyRefresher refresher;
@@ -113,16 +117,16 @@
if (useStandaloneAuditProvider) {
StandAloneAuditProviderFactory factory = StandAloneAuditProviderFactory.getInstance();
+
if (factory.isInitDone()) {
ret = factory.getAuditProvider();
} else {
- RangerConfiguration conf = RangerConfiguration.getInstance();
- String auditCfg = "ranger-standalone-audit.xml";
- if (conf.addResourceIfReadable(auditCfg)) {
+ RangerAuditConfig conf = new RangerAuditConfig();
+
+ if (conf.isInitSuccess()) {
factory.init(conf.getProperties(), "StandAlone");
+
ret = factory.getAuditProvider();
- } else {
- LOG.error("StandAlone audit handler configuration not readable:[" + auditCfg + "]");
}
}
}
@@ -133,12 +137,23 @@
public RangerBasePlugin(String serviceType, String appId) {
this.serviceType = serviceType;
this.appId = appId;
+ this.config = new RangerPluginConfig(serviceType);
+
+ RangerScriptExecutionContext.init(config);
}
public String getServiceType() {
return serviceType;
}
+ public String getAppId() {
+ return appId;
+ }
+
+ public RangerPluginConfig getConfig() {
+ return config;
+ }
+
public String getClusterName() {
return clusterName;
}
@@ -173,10 +188,6 @@
return serviceDef != null && serviceDef.getId() != null ? serviceDef.getId().intValue() : -1;
}
- public String getAppId() {
- return appId;
- }
-
public String getServiceName() {
return serviceName;
}
@@ -186,19 +197,16 @@
public void init() {
cleanup();
- RangerConfiguration configuration = RangerConfiguration.getInstance();
- configuration.addResourcesForServiceType(serviceType);
-
String propertyPrefix = "ranger.plugin." + serviceType;
- long pollingIntervalMs = configuration.getLong(propertyPrefix + ".policy.pollIntervalMs", 30 * 1000);
- String cacheDir = configuration.get(propertyPrefix + ".policy.cache.dir");
- serviceName = configuration.get(propertyPrefix + ".service.name");
- clusterName = RangerConfiguration.getInstance().get(propertyPrefix + ".access.cluster.name", "");
+ long pollingIntervalMs = config.getLong(propertyPrefix + ".policy.pollIntervalMs", 30 * 1000);
+ String cacheDir = config.get(propertyPrefix + ".policy.cache.dir");
+ serviceName = config.get(propertyPrefix + ".service.name");
+ clusterName = config.get(propertyPrefix + ".access.cluster.name", "");
if(StringUtil.isEmpty(clusterName)){
- clusterName = RangerConfiguration.getInstance().get(propertyPrefix + ".ambari.cluster.name", "");
+ clusterName = config.get(propertyPrefix + ".ambari.cluster.name", "");
}
- useForwardedIPAddress = configuration.getBoolean(propertyPrefix + ".use.x-forwarded-for.ipaddress", false);
- String trustedProxyAddressString = configuration.get(propertyPrefix + ".trusted.proxy.ipaddresses");
+ useForwardedIPAddress = config.getBoolean(propertyPrefix + ".use.x-forwarded-for.ipaddress", false);
+ String trustedProxyAddressString = config.get(propertyPrefix + ".trusted.proxy.ipaddresses");
trustedProxyAddresses = StringUtils.split(trustedProxyAddressString, RANGER_TRUSTED_PROXY_IPADDRESSES_SEPARATOR_CHAR);
if (trustedProxyAddresses != null) {
for (int i = 0; i < trustedProxyAddresses.length; i++) {
@@ -216,26 +224,26 @@
LOG.warn("Ranger plugin will trust RemoteIPAddress and treat first X-Forwarded-Address in the access-request as the clientIPAddress");
}
- if (configuration.getProperties() != null) {
+ if (config.getProperties() != null) {
auditProviderFactory = new AuditProviderFactory();
- auditProviderFactory.init(configuration.getProperties(), appId);
+ auditProviderFactory.init(config.getProperties(), appId);
} else {
LOG.error("Audit subsystem is not initialized correctly. Please check audit configuration. ");
LOG.error("No authorization audits will be generated. ");
auditProviderFactory = null;
}
- rangerPluginContext = new RangerPluginContext(serviceType);
+ rangerPluginContext = new RangerPluginContext(serviceType, config);
- policyEngineOptions.configureForPlugin(configuration, propertyPrefix);
+ policyEngineOptions.configureForPlugin(config, propertyPrefix);
LOG.info(policyEngineOptions);
servicePluginMap.put(serviceName, this);
- RangerAdminClient admin = createAdminClient(serviceName, appId, propertyPrefix);
+ RangerAdminClient admin = createAdminClient(serviceName, appId, propertyPrefix, config);
- rangerRolesProvider = new RangerRolesProvider(serviceType, appId, serviceName, admin, cacheDir);
+ rangerRolesProvider = new RangerRolesProvider(serviceType, appId, serviceName, admin, cacheDir, config);
refresher = new PolicyRefresher(this, serviceType, appId, serviceName, admin, policyDownloadQueue, cacheDir, rangerRolesProvider);
refresher.setDaemon(true);
@@ -254,7 +262,7 @@
policyDownloadTimer = null;
}
- long policyReorderIntervalMs = configuration.getLong(propertyPrefix + ".policy.policyReorderInterval", 60 * 1000);
+ long policyReorderIntervalMs = config.getLong(propertyPrefix + ".policy.policyReorderInterval", 60 * 1000);
if (policyReorderIntervalMs >= 0 && policyReorderIntervalMs < 15 * 1000) {
policyReorderIntervalMs = 15 * 1000;
}
@@ -655,7 +663,7 @@
this.authContextListener = null;
}
- public static RangerAdminClient createAdminClient(String rangerServiceName, String applicationId, String propertyPrefix) {
+ public static RangerAdminClient createAdminClient(String rangerServiceName, String applicationId, String propertyPrefix, Configuration config) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerBasePlugin.createAdminClient(" + rangerServiceName + ", " + applicationId + ", " + propertyPrefix + ")");
}
@@ -663,7 +671,7 @@
RangerAdminClient ret = null;
String propertyName = propertyPrefix + ".policy.source.impl";
- String policySourceImpl = RangerConfiguration.getInstance().get(propertyName);
+ String policySourceImpl = config.get(propertyName);
if(StringUtils.isEmpty(policySourceImpl)) {
if (LOG.isDebugEnabled()) {
@@ -687,7 +695,7 @@
ret = new RangerAdminRESTClient();
}
- ret.init(rangerServiceName, applicationId, propertyPrefix);
+ ret.init(rangerServiceName, applicationId, propertyPrefix, config);
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerBasePlugin.createAdminClient(" + rangerServiceName + ", " + applicationId + ", " + propertyPrefix + "): policySourceImpl=" + policySourceImpl + ", client=" + ret);
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
index 65734f4..1df3824 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
@@ -36,6 +36,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.hadoop.security.authentication.util.KerberosName;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
@@ -66,6 +67,12 @@
protected String serviceName;
protected String serviceType;
+ private final RangerAdminConfig config;
+
+ public RangerBaseService() {
+ this.config = new RangerAdminConfig();
+ }
+
public void init(RangerServiceDef serviceDef, RangerService service) {
this.serviceDef = serviceDef;
this.service = service;
@@ -112,6 +119,8 @@
this.serviceType = serviceType;
}
+ public RangerAdminConfig getConfig() { return config; }
+
public abstract Map<String, Object> validateConfig() throws Exception;
public abstract List<String> lookupResource(ResourceLookupContext context) throws Exception;
@@ -403,7 +412,7 @@
List<String> ret = new ArrayList<>();
HashSet<String> uniqueUsers = new HashSet<String>();
- String[] users = RangerConfiguration.getInstance().getStrings("ranger.default.policy.users");
+ String[] users = config.getStrings("ranger.default.policy.users");
if (users != null) {
for (String user : users) {
@@ -425,9 +434,9 @@
}
}
}
- String authType = RangerConfiguration.getInstance().get(RANGER_AUTH_TYPE,"simple");
- String lookupPrincipal = RangerConfiguration.getInstance().get(LOOKUP_PRINCIPAL);
- String lookupKeytab = RangerConfiguration.getInstance().get(LOOKUP_KEYTAB);
+ String authType = config.get(RANGER_AUTH_TYPE,"simple");
+ String lookupPrincipal = config.get(LOOKUP_PRINCIPAL);
+ String lookupKeytab = config.get(LOOKUP_KEYTAB);
String lookUpUser = getLookupUser(authType, lookupPrincipal, lookupKeytab);
@@ -441,7 +450,7 @@
List<String> ret = new ArrayList<>();
HashSet<String> uniqueGroups = new HashSet<String>();
- String[] groups = RangerConfiguration.getInstance().getStrings("ranger.default.policy.groups");
+ String[] groups = config.getStrings("ranger.default.policy.groups");
if (groups != null) {
for (String group : groups) {
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
index 82c769f..3b54960 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
@@ -23,7 +23,7 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.plugin.model.RangerBaseModelObject;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
@@ -48,10 +48,16 @@
private static final int MAX_ACCESS_TYPES_IN_SERVICE_DEF = 1000;
+ private final RangerAdminConfig config;
+
// when a service-def is updated, the updated service-def should be made available to plugins
// this is achieved by incrementing policyVersion of all its services
protected abstract void updateServicesForServiceDefUpdate(RangerServiceDef serviceDef) throws Exception;
+ protected AbstractServiceStore() {
+ this.config = new RangerAdminConfig();
+ }
+
@Override
public void updateTagServiceDefForAccessTypes() throws Exception {
if (LOG.isDebugEnabled()) {
@@ -515,7 +521,7 @@
}
boolean ret = false;
- boolean autopropagateRowfilterdefToTag = RangerConfiguration.getInstance().getBoolean(AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP, AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP_DEFAULT);
+ boolean autopropagateRowfilterdefToTag = config.getBoolean(AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP, AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP_DEFAULT);
if (autopropagateRowfilterdefToTag) {
RangerServiceDef.RangerRowFilterDef svcRowFilterDef = serviceDef.getRowFilterDef();
@@ -600,7 +606,7 @@
RangerServiceDef.RangerRowFilterDef rowFilterDef = tagServiceDef.getRowFilterDef();
if (rowFilterDef != null) {
- boolean autopropagateRowfilterdefToTag = RangerConfiguration.getInstance().getBoolean(AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP, AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP_DEFAULT);
+ boolean autopropagateRowfilterdefToTag = config.getBoolean(AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP, AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP_DEFAULT);
if (autopropagateRowfilterdefToTag) {
if (CollectionUtils.isNotEmpty(rowFilterDef.getAccessTypes())) {
if (CollectionUtils.isEmpty(rowFilterDef.getResources())) {
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
index c7ea948..543d13f 100755
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
@@ -27,7 +27,7 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.plugin.model.RangerServiceDef;
import com.google.gson.Gson;
@@ -113,11 +113,13 @@
private RangerServiceDef tagServiceDef;
- private Gson gsonBuilder;
+ private final Gson gsonBuilder;
+ private final RangerAdminConfig config;
/** Private constructor to restrict instantiation of this singleton utility class. */
private EmbeddedServiceDefsUtil() {
gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
+ config = new RangerAdminConfig();
}
public static EmbeddedServiceDefsUtil instance() {
@@ -128,7 +130,7 @@
LOG.info("==> EmbeddedServiceDefsUtil.init()");
try {
- createEmbeddedServiceDefs = RangerConfiguration.getInstance().getBoolean(PROPERTY_CREATE_EMBEDDED_SERVICE_DEFS, true);
+ createEmbeddedServiceDefs = config.getBoolean(PROPERTY_CREATE_EMBEDDED_SERVICE_DEFS, true);
supportedServiceDefs =getSupportedServiceDef();
/*
@@ -308,7 +310,7 @@
private Set<String> getSupportedServiceDef(){
Set<String> supportedServiceDef =new HashSet<>();
try{
- String ranger_supportedcomponents=RangerConfiguration.getInstance().get(PROPERTY_SUPPORTED_SERVICE_DEFS, DEFAULT_BOOTSTRAP_SERVICEDEF_LIST);
+ String ranger_supportedcomponents = config.get(PROPERTY_SUPPORTED_SERVICE_DEFS, DEFAULT_BOOTSTRAP_SERVICEDEF_LIST);
if(StringUtils.isBlank(ranger_supportedcomponents) || "all".equalsIgnoreCase(ranger_supportedcomponents)){
ranger_supportedcomponents=DEFAULT_BOOTSTRAP_SERVICEDEF_LIST;
}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
index 7ec8495..34de568 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
@@ -30,7 +30,6 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.admin.client.RangerAdminClient;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import com.google.gson.Gson;
@@ -91,7 +90,7 @@
this.gson = gson;
String propertyPrefix = "ranger.plugin." + serviceType;
- disableCacheIfServiceNotFound = RangerConfiguration.getInstance().getBoolean(propertyPrefix + ".disable.cache.if.servicenotfound", true);
+ disableCacheIfServiceNotFound = plugIn.getConfig().getBoolean(propertyPrefix + ".disable.cache.if.servicenotfound", true);
if(LOG.isDebugEnabled()) {
LOG.debug("<== PolicyRefresher(serviceName=" + serviceName + ").PolicyRefresher()");
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
index fe8712d..0e1808f 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
@@ -50,7 +50,7 @@
import org.apache.commons.lang.Validate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider;
import org.codehaus.jackson.jaxrs.JacksonJsonProvider;
@@ -111,16 +111,14 @@
private int lastKnownActiveUrlIndex;
private final List<String> configuredURLs;
+ private final Configuration config;
- public RangerRESTClient() {
- this(RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_URL),
- RangerConfiguration.getInstance().get(RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME));
- }
- public RangerRESTClient(String url, String sslConfigFileName) {
+ public RangerRESTClient(String url, String sslConfigFileName, Configuration config) {
mUrl = url;
mSslConfigFileName = sslConfigFileName;
this.configuredURLs = getURLs(mUrl);
+ this.config = config;
this.setLastKnownActiveUrlIndex((new Random()).nextInt(getConfiguredURLs().size()));
init();
}
@@ -250,23 +248,21 @@
InputStream in = null;
try {
- RangerConfiguration conf = RangerConfiguration.getInstance();
-
in = getFileInputStream(mSslConfigFileName);
if (in != null) {
- conf.addResource(in);
+ config.addResource(in);
}
- mKeyStoreURL = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL);
+ mKeyStoreURL = config.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL);
mKeyStoreAlias = RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS;
- mKeyStoreType = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE, RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT);
- mKeyStoreFile = conf.get(RANGER_POLICYMGR_CLIENT_KEY_FILE);
+ mKeyStoreType = config.get(RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE, RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT);
+ mKeyStoreFile = config.get(RANGER_POLICYMGR_CLIENT_KEY_FILE);
- mTrustStoreURL = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL);
+ mTrustStoreURL = config.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL);
mTrustStoreAlias = RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS;
- mTrustStoreType = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE, RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT);
- mTrustStoreFile = conf.get(RANGER_POLICYMGR_TRUSTSTORE_FILE);
+ mTrustStoreType = config.get(RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE, RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT);
+ mTrustStoreFile = config.get(RANGER_POLICYMGR_TRUSTSTORE_FILE);
} catch (IOException ioe) {
LOG.error("Unable to load SSL Config FileName: [" + mSslConfigFileName + "]", ioe);
} finally {
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
index 52cea4d..0b492ab 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
@@ -26,7 +26,7 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.hadoop.conf.Configuration;
import com.kstruct.gethostname4j.Hostname;
/**
@@ -99,8 +99,8 @@
}
}
- public String getPolicyRestUrl(String propertyPrefix) {
- String url = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.rest.url");
+ public String getPolicyRestUrl(String propertyPrefix, Configuration config) {
+ String url = config.get(propertyPrefix + ".policy.rest.url");
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerRESTUtils.getPolicyRestUrl(" + url + ")");
@@ -109,8 +109,8 @@
return url;
}
- public String getSsslConfigFileName(String propertyPrefix) {
- String sslConfigFileName = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.rest.ssl.config.file");
+ public String getSsslConfigFileName(String propertyPrefix, Configuration config) {
+ String sslConfigFileName = config.get(propertyPrefix + ".policy.rest.ssl.config.file");
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerRESTUtils.getSsslConfigFileName(" + sslConfigFileName + ")");
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java
index 1afd07d..ccd51cb 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java
@@ -24,9 +24,10 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.policyengine.RangerPluginContext;
import org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceEvaluator;
import org.apache.ranger.plugin.resourcematcher.RangerAbstractResourceMatcher;
import org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher;
@@ -59,10 +60,10 @@
private final boolean isOptimizedForRetrieval;
public RangerResourceTrie(RangerServiceDef.RangerResourceDef resourceDef, List<T> evaluators) {
- this(resourceDef, evaluators, null, true);
+ this(resourceDef, evaluators, null, true, null);
}
- public RangerResourceTrie(RangerServiceDef.RangerResourceDef resourceDef, List<T> evaluators, Comparator<T> comparator, boolean isOptimizedForRetrieval) {
+ public RangerResourceTrie(RangerServiceDef.RangerResourceDef resourceDef, List<T> evaluators, Comparator<T> comparator, boolean isOptimizedForRetrieval, RangerPluginContext pluginContext) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerResourceTrie(" + resourceDef.getName() + ", evaluatorCount=" + evaluators.size() + ", isOptimizedForRetrieval=" + isOptimizedForRetrieval + ")");
}
@@ -73,7 +74,8 @@
perf = RangerPerfTracer.getPerfTracer(PERF_TRIE_INIT_LOG, "RangerResourceTrie.init(name=" + resourceDef.getName() + ")");
}
- int builderThreadCount = RangerConfiguration.getInstance().getInt(TRIE_BUILDER_THREAD_COUNT, 1);
+ Configuration config = pluginContext != null ? pluginContext.getConfig() : null;
+ int builderThreadCount = config != null ? config.getInt(TRIE_BUILDER_THREAD_COUNT, 1) : 1;
if (builderThreadCount < 1) {
builderThreadCount = 1;
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesProvider.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesProvider.java
index 38ba6cf..1e2d74d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesProvider.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesProvider.java
@@ -24,8 +24,8 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.admin.client.RangerAdminClient;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import java.io.File;
@@ -57,7 +57,7 @@
private boolean rangerUserGroupRolesSetInPlugin;
private boolean serviceDefSetInPlugin;
- public RangerRolesProvider(String serviceType, String appId, String serviceName, RangerAdminClient rangerAdmin, String cacheDir) {
+ public RangerRolesProvider(String serviceType, String appId, String serviceName, RangerAdminClient rangerAdmin, String cacheDir, Configuration config) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerRolesProvider(serviceName=" + serviceName + ").RangerRolesProvider()");
}
@@ -88,7 +88,7 @@
this.gson = gson;
String propertyPrefix = "ranger.plugin." + serviceType;
- disableCacheIfServiceNotFound = RangerConfiguration.getInstance().getBoolean(propertyPrefix + ".disable.cache.if.servicenotfound", true);
+ disableCacheIfServiceNotFound = config.getBoolean(propertyPrefix + ".disable.cache.if.servicenotfound", true);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerRolesProvider(serviceName=" + serviceName + ").RangerRolesProvider()");
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
index f82f65f..c6cb22b 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
@@ -22,12 +22,13 @@
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskTypeDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
+import org.apache.ranger.plugin.policyengine.RangerPluginContext;
import org.apache.ranger.plugin.store.AbstractServiceStore;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
@@ -39,11 +40,12 @@
public class ServiceDefUtil {
- public static boolean getOption_enableDenyAndExceptionsInPolicies(RangerServiceDef serviceDef) {
+ public static boolean getOption_enableDenyAndExceptionsInPolicies(RangerServiceDef serviceDef, RangerPluginContext pluginContext) {
boolean ret = false;
if(serviceDef != null) {
- boolean enableDenyAndExceptionsInPoliciesHiddenOption = RangerConfiguration.getInstance().getBoolean("ranger.servicedef.enableDenyAndExceptionsInPolicies", true);
+ Configuration config = pluginContext != null ? pluginContext.getConfig() : null;
+ boolean enableDenyAndExceptionsInPoliciesHiddenOption = config != null ? config.getBoolean("ranger.servicedef.enableDenyAndExceptionsInPolicies", true) : true;
boolean defaultValue = enableDenyAndExceptionsInPoliciesHiddenOption || StringUtils.equalsIgnoreCase(serviceDef.getName(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME);
ret = ServiceDefUtil.getBooleanValue(serviceDef.getOptions(), RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, defaultValue);
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
index 83bbffc..c7c59cec 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
@@ -31,7 +31,6 @@
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.audit.provider.AuditHandler;
import org.apache.ranger.audit.provider.AuditProviderFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.contextenricher.RangerTagForEval;
import org.apache.ranger.plugin.model.RangerPolicy;
@@ -71,11 +70,14 @@
import static org.junit.Assert.*;
public class TestPolicyEngine {
+ static RangerPluginContext pluginContext;
static Gson gsonBuilder;
long requestCount = 0L;
@BeforeClass
public static void setUpBeforeClass() throws Exception {
+ pluginContext = new RangerPluginContext("hive");
+
gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSSZ")
.setPrettyPrinting()
.registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer())
@@ -173,8 +175,7 @@
"</configuration>\n");
writer.close();
- RangerConfiguration config = RangerConfiguration.getInstance();
- config.addResource(new org.apache.hadoop.fs.Path(file.toURI()));
+ pluginContext.getConfig().addResource(new org.apache.hadoop.fs.Path(file.toURI()));
}
@AfterClass
@@ -437,15 +438,14 @@
policyEngineOptions.disableAccessEvaluationWithPolicyACLSummary = false;
policyEngineOptions.optimizeTrieForRetrieval = false;
- boolean useForwardedIPAddress = RangerConfiguration.getInstance().getBoolean("ranger.plugin.hive.use.x-forwarded-for.ipaddress", false);
- String trustedProxyAddressString = RangerConfiguration.getInstance().get("ranger.plugin.hive.trusted.proxy.ipaddresses");
+ boolean useForwardedIPAddress = pluginContext.getConfig().getBoolean("ranger.plugin.hive.use.x-forwarded-for.ipaddress", false);
+ String trustedProxyAddressString = pluginContext.getConfig().get("ranger.plugin.hive.trusted.proxy.ipaddresses");
String[] trustedProxyAddresses = StringUtils.split(trustedProxyAddressString, ';');
if (trustedProxyAddresses != null) {
for (int i = 0; i < trustedProxyAddresses.length; i++) {
trustedProxyAddresses[i] = trustedProxyAddresses[i].trim();
}
}
- RangerPluginContext pluginContext = new RangerPluginContext("hive");
pluginContext.setClusterName("cl1");
pluginContext.setClusterType("on-prem");
diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
index 311d3eb..a27c43d 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
@@ -55,7 +55,6 @@
import org.apache.hadoop.hbase.wal.WALEdit;
import org.apache.hadoop.security.AccessControlException;
import org.apache.ranger.audit.model.AuthzAuditEvent;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
@@ -534,7 +533,7 @@
perf = RangerPerfTracer.getPerfTracer(PERF_HBASEAUTH_REQUEST_LOG, "RangerAuthorizationCoprocessor.authorizeAccess(request=Operation[" + operation + "]");
ColumnFamilyAccessResult accessResult = evaluateAccess(ctx, operation, action, env, familyMap);
- RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler();
+ RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler(hbasePlugin.getConfig());
if (accessResult._everythingIsAccessible) {
auditHandler.logAuthzAudits(accessResult._accessAllowedEvents);
auditHandler.logAuthzAudits(accessResult._familyLevelAccessEvents);
@@ -577,7 +576,7 @@
perf = RangerPerfTracer.getPerfTracer(PERF_HBASEAUTH_REQUEST_LOG, "RangerAuthorizationCoprocessor.requirePermission(request=Operation[" + operation + "]");
}
ColumnFamilyAccessResult accessResult = evaluateAccess(ctx, operation, action, regionServerEnv, familyMap);
- RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler();
+ RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler(hbasePlugin.getConfig());
if (accessResult._everythingIsAccessible) {
auditHandler.logAuthzAudits(accessResult._accessAllowedEvents);
auditHandler.logAuthzAudits(accessResult._familyLevelAccessEvents);
@@ -1101,7 +1100,7 @@
plugin.init();
- UpdateRangerPoliciesOnGrantRevoke = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.HBASE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_PROP, RangerHadoopConstants.HBASE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_DEFAULT_VALUE);
+ UpdateRangerPoliciesOnGrantRevoke = plugin.getConfig().getBoolean(RangerHadoopConstants.HBASE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_PROP, RangerHadoopConstants.HBASE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_DEFAULT_VALUE);
hbasePlugin = plugin;
}
@@ -1237,7 +1236,7 @@
if(plugin != null) {
- RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler();
+ RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler(hbasePlugin.getConfig());
plugin.grantAccess(grData, auditHandler);
@@ -1277,7 +1276,7 @@
if(plugin != null) {
- RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler();
+ RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler(hbasePlugin.getConfig());
plugin.revokeAccess(grData, auditHandler);
diff --git a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAdminClientImpl.java b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAdminClientImpl.java
index 48c0410..b7b0442 100644
--- a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAdminClientImpl.java
+++ b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAdminClientImpl.java
@@ -25,30 +25,13 @@
import org.apache.ranger.admin.client.AbstractRangerAdminClient;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
/**
* A test implementation of the RangerAdminClient interface that just reads policies in from a file and returns them
*/
public class RangerAdminClientImpl extends AbstractRangerAdminClient {
- private static final Logger LOG = LoggerFactory.getLogger(RangerAdminClientImpl.class);
private final static String cacheFilename = "hbase-policies.json";
private final static String tagFilename = "hbase-policies-tag.json";
- private Gson gson;
-
- public void init(String serviceName, String appId, String configPropertyPrefix) {
- Gson gson = null;
- try {
- gson = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
- } catch(Throwable excp) {
- LOG.error("RangerAdminClientImpl: failed to create GsonBuilder object", excp);
- }
- this.gson = gson;
- }
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
diff --git a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
index 919920d..5eba4a8 100644
--- a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
+++ b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
@@ -108,7 +108,7 @@
pluginContext.setClusterType("on-prem");
RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl(testName, servicePolicies, policyEngineOptions, pluginContext);
- RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler();
+ RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler(pluginContext.getConfig());
for(TestData test : testCase.tests) {
RangerAccessResult expected = test.result;
diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index 52df2db..5998d46 100644
--- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -26,17 +26,14 @@
import java.net.InetAddress;
import java.security.SecureRandom;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.Stack;
+import java.util.*;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.hdfs.DFSUtil;
import org.apache.hadoop.hdfs.server.namenode.INode;
@@ -49,7 +46,7 @@
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.audit.model.AuthzAuditEvent;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
import org.apache.ranger.authorization.hadoop.exceptions.RangerAccessControlException;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
@@ -80,12 +77,19 @@
private RangerHdfsPlugin rangerPlugin = null;
private Map<FsAction, Set<String>> access2ActionListMapper = new HashMap<FsAction, Set<String>>();
+ private final Path addlConfigFile;
public RangerHdfsAuthorizer() {
+ this(null);
+ }
+
+ public RangerHdfsAuthorizer(Path addlConfigFile) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerHdfsAuthorizer.RangerHdfsAuthorizer()");
}
+ this.addlConfigFile = addlConfigFile;
+
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerHdfsAuthorizer.RangerHdfsAuthorizer()");
}
@@ -96,10 +100,11 @@
LOG.debug("==> RangerHdfsAuthorizer.start()");
}
- RangerHdfsPlugin plugin = new RangerHdfsPlugin();
+ RangerHdfsPlugin plugin = new RangerHdfsPlugin(addlConfigFile);
+
plugin.init();
- if (RangerHdfsPlugin.isOptimizeSubAccessAuthEnabled()) {
+ if (plugin.isOptimizeSubAccessAuthEnabled()) {
LOG.info(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP + " is enabled");
}
@@ -181,6 +186,10 @@
return rangerAce;
}
+ // for testing
+ public Configuration getConfig() {
+ return rangerPlugin.getConfig();
+ }
private enum AuthzStatus { ALLOW, DENY, NOT_DETERMINED };
@@ -311,7 +320,7 @@
parent = inodes.length > 1 ? inodes[inodes.length - 2] : null;
inode = inodes[inodes.length - 1]; // could be null while creating a new file
- auditHandler = doNotGenerateAuditRecord ? null : new RangerHdfsAuditHandler(resourcePath, isTraverseOnlyCheck);
+ auditHandler = doNotGenerateAuditRecord ? null : new RangerHdfsAuditHandler(resourcePath, isTraverseOnlyCheck, rangerPlugin.getHadoopModuleName(), rangerPlugin.getExcludedUsers());
/* Hadoop versions prior to 2.8.0 didn't ask for authorization of parent/ancestor traversal for
* reading or writing a file. However, Hadoop version 2.8.0 and later ask traversal authorization for
@@ -400,7 +409,7 @@
AuthzStatus subDirAuthStatus = AuthzStatus.NOT_DETERMINED;
- boolean optimizeSubAccessAuthEnabled = RangerHdfsPlugin.isOptimizeSubAccessAuthEnabled();
+ boolean optimizeSubAccessAuthEnabled = rangerPlugin.isOptimizeSubAccessAuthEnabled();
if (optimizeSubAccessAuthEnabled) {
subDirAuthStatus = isAccessAllowedForHierarchy(data.dir, dirAttribs, data.resourcePath, subAccess, user, groups, plugin);
@@ -576,7 +585,7 @@
}
AuthzStatus authzStatus = AuthzStatus.NOT_DETERMINED;
- if(RangerHdfsPlugin.isHadoopAuthEnabled() && defaultEnforcer != null) {
+ if(rangerPlugin.isHadoopAuthEnabled() && defaultEnforcer != null) {
RangerPerfTracer hadoopAuthPerf = null;
@@ -718,7 +727,7 @@
if (subDirPath.charAt(subDirPath.length() - 1) != org.apache.hadoop.fs.Path.SEPARATOR_CHAR) {
subDirPath = subDirPath + Character.toString(org.apache.hadoop.fs.Path.SEPARATOR_CHAR);
}
- subDirPath = subDirPath + RangerHdfsPlugin.getRandomizedWildcardPathName();
+ subDirPath = subDirPath + rangerPlugin.getRandomizedWildcardPathName();
for (String accessType : accessTypes) {
RangerHdfsAccessRequest request = new RangerHdfsAccessRequest(null, subDirPath, pathOwner, access, accessType, user, groups);
@@ -754,24 +763,47 @@
class RangerHdfsPlugin extends RangerBasePlugin {
- private static boolean hadoopAuthEnabled = RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT;
- private static String fileNameExtensionSeparator;
- private static boolean optimizeSubAccessAuthEnabled = RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT;
- private static String randomizedWildcardPathName;
+ private static final Log LOG = LogFactory.getLog(RangerHdfsPlugin.class);
- public RangerHdfsPlugin() {
+ private static String fileNameExtensionSeparator = RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR;
+
+ private final boolean hadoopAuthEnabled;
+ private final boolean optimizeSubAccessAuthEnabled;
+ private final String randomizedWildcardPathName;
+ private final String hadoopModuleName;
+ private final Set<String> excludeUsers = new HashSet<>();
+
+ public RangerHdfsPlugin(Path addlConfigFile) {
super("hdfs", "hdfs");
- }
- public void init() {
- super.init();
+ RangerPluginConfig config = getConfig();
- RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
- RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
- RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
+ if (addlConfigFile != null) {
+ config.addResource(addlConfigFile);
+ }
String random = generateString("^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
- randomizedWildcardPathName = RangerPathResourceMatcher.WILDCARD_ASTERISK + random + RangerPathResourceMatcher.WILDCARD_ASTERISK;
+
+ RangerHdfsPlugin.fileNameExtensionSeparator = config.get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
+
+ this.hadoopAuthEnabled = config.getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
+ this.optimizeSubAccessAuthEnabled = config.getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
+ this.randomizedWildcardPathName = RangerPathResourceMatcher.WILDCARD_ASTERISK + random + RangerPathResourceMatcher.WILDCARD_ASTERISK;
+ this.hadoopModuleName = config.get(RangerHadoopConstants.AUDITLOG_HADOOP_MODULE_ACL_NAME_PROP , RangerHadoopConstants.DEFAULT_HADOOP_MODULE_ACL_NAME);
+
+ String excludeUserList = config.get(RangerHadoopConstants.AUDITLOG_HDFS_EXCLUDE_LIST_PROP, RangerHadoopConstants.AUDITLOG_EMPTY_STRING);
+
+ if (excludeUserList != null && excludeUserList.trim().length() > 0) {
+ for(String excludeUser : excludeUserList.trim().split(",")) {
+ excludeUser = excludeUser.trim();
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Adding exclude user [" + excludeUser + "]");
+ }
+
+ excludeUsers.add(excludeUser);
+ }
+ }
}
// Build random string of length between 56 and 112 characters
@@ -794,18 +826,21 @@
return new String(text);
}
- public static boolean isHadoopAuthEnabled() {
- return RangerHdfsPlugin.hadoopAuthEnabled;
- }
public static String getFileNameExtensionSeparator() {
- return RangerHdfsPlugin.fileNameExtensionSeparator;
+ return fileNameExtensionSeparator;
}
- public static boolean isOptimizeSubAccessAuthEnabled() {
- return RangerHdfsPlugin.optimizeSubAccessAuthEnabled;
+
+ public boolean isHadoopAuthEnabled() {
+ return hadoopAuthEnabled;
}
- public static String getRandomizedWildcardPathName() {
- return RangerHdfsPlugin.randomizedWildcardPathName;
+ public boolean isOptimizeSubAccessAuthEnabled() {
+ return optimizeSubAccessAuthEnabled;
}
+ public String getRandomizedWildcardPathName() {
+ return randomizedWildcardPathName;
+ }
+ public String getHadoopModuleName() { return hadoopModuleName; }
+ public Set<String> getExcludedUsers() { return excludeUsers; }
}
class RangerHdfsResource extends RangerAccessResourceImpl {
@@ -863,26 +898,14 @@
private final String pathToBeValidated;
private final boolean auditOnlyIfDenied;
- private static final String HadoopModuleName = RangerConfiguration.getInstance().get(RangerHadoopConstants.AUDITLOG_HADOOP_MODULE_ACL_NAME_PROP , RangerHadoopConstants.DEFAULT_HADOOP_MODULE_ACL_NAME);
- private static final String excludeUserList = RangerConfiguration.getInstance().get(RangerHadoopConstants.AUDITLOG_HDFS_EXCLUDE_LIST_PROP, RangerHadoopConstants.AUDITLOG_EMPTY_STRING);
- private static HashSet<String> excludeUsers = null;
+ private final String hadoopModuleName;
+ private final Set<String> excludeUsers;
- static {
- if (excludeUserList != null && excludeUserList.trim().length() > 0) {
- excludeUsers = new HashSet<String>();
- for(String excludeUser : excludeUserList.trim().split(",")) {
- excludeUser = excludeUser.trim();
- if (LOG.isDebugEnabled()) {
- LOG.debug("Adding exclude user [" + excludeUser + "]");
- }
- excludeUsers.add(excludeUser);
- }
- }
- }
-
- public RangerHdfsAuditHandler(String pathToBeValidated, boolean auditOnlyIfDenied) {
+ public RangerHdfsAuditHandler(String pathToBeValidated, boolean auditOnlyIfDenied, String hadoopModuleName, Set<String> excludedUsers) {
this.pathToBeValidated = pathToBeValidated;
this.auditOnlyIfDenied = auditOnlyIfDenied;
+ this.hadoopModuleName = hadoopModuleName;
+ this.excludeUsers = excludedUsers;
}
@Override
@@ -934,7 +957,7 @@
auditEvent.setResultReason(path);
auditEvent.setAccessResult((short) (accessGranted ? 1 : 0));
auditEvent.setAccessType(action == null ? null : action.toString());
- auditEvent.setAclEnforcer(HadoopModuleName);
+ auditEvent.setAclEnforcer(hadoopModuleName);
auditEvent.setPolicyId(-1);
}
diff --git a/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerAdminClientImpl.java b/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerAdminClientImpl.java
index 3f8d1c8..c3b8038 100644
--- a/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerAdminClientImpl.java
+++ b/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerAdminClientImpl.java
@@ -23,33 +23,23 @@
import java.util.List;
import org.apache.commons.lang.StringUtils;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.admin.client.AbstractRangerAdminClient;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
/**
* A test implementation of the RangerAdminClient interface that just reads policies in from a file and returns them
*/
public class RangerAdminClientImpl extends AbstractRangerAdminClient {
- private static final Logger LOG = LoggerFactory.getLogger(RangerAdminClientImpl.class);
private final static String cacheFilename = "hdfs-policies.json";
private final static String tagFilename = "hdfs-policies-tag.json";
- private Gson gson;
+ private String hdfsVersion = null;
- public void init(String serviceName, String appId, String configPropertyPrefix) {
- Gson gson = null;
- try {
- gson = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
- } catch(Throwable excp) {
- LOG.error("RangerAdminClientImpl: failed to create GsonBuilder object", excp);
- }
- this.gson = gson;
+ public void init(String serviceName, String appId, String configPropertyPrefix, Configuration config) {
+ super.init(serviceName, appId, configPropertyPrefix, config);
+
+ this.hdfsVersion = config.get("hdfs.version", "");
}
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
@@ -58,7 +48,6 @@
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
- String hdfsVersion = RangerConfiguration.getInstance().get("hdfs.version", "");
final String relativePath;
if (StringUtils.isNotBlank(hdfsVersion)) {
@@ -78,7 +67,6 @@
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
- String hdfsVersion = RangerConfiguration.getInstance().get("hdfs.version", "");
final String relativePath;
if (StringUtils.isNotBlank(hdfsVersion)) {
diff --git a/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java b/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
index ac53dcf..61afa47 100644
--- a/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
+++ b/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
@@ -144,7 +144,6 @@
@BeforeClass
public static void setup() {
-
try {
File file = File.createTempFile("hdfs-version-site", ".xml");
file.deleteOnExit();
@@ -152,21 +151,19 @@
try(final FileOutputStream outStream = new FileOutputStream(file);
final OutputStreamWriter writer = new OutputStreamWriter(outStream, StandardCharsets.UTF_8)) {
writer.write("<configuration>\n" +
- " <property>\n" +
- " <name>hdfs.version</name>\n" +
- " <value>hdfs_version_3.0</value>\n" +
- " </property>\n" +
- "</configuration>\n");
+ " <property>\n" +
+ " <name>hdfs.version</name>\n" +
+ " <value>hdfs_version_3.0</value>\n" +
+ " </property>\n" +
+ "</configuration>\n");
}
- RangerConfiguration config = RangerConfiguration.getInstance();
- config.addResource(new org.apache.hadoop.fs.Path(file.toURI()));
+ authorizer = new RangerHdfsAuthorizer(new org.apache.hadoop.fs.Path(file.toURI()));
+ authorizer.start();
} catch (Exception exception) {
Assert.fail("Cannot create hdfs-version-site file:[" + exception.getMessage() + "]");
}
- authorizer = new RangerHdfsAuthorizer();
- authorizer.start();
AccessControlEnforcer accessControlEnforcer = Mockito.mock(AccessControlEnforcer.class);
rangerControlEnforcer = authorizer.getExternalAccessControlEnforcer(accessControlEnforcer);
}
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
index 765da59..c6a9c66 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
@@ -196,7 +196,7 @@
public void logAuditEventForDfs(String userName, String dfsCommand, boolean accessGranted, int repositoryType, String repositoryName) {
AuthzAuditEvent auditEvent = new AuthzAuditEvent();
- auditEvent.setAclEnforcer(RangerDefaultAuditHandler.RangerModuleName);
+ auditEvent.setAclEnforcer(moduleName);
auditEvent.setResourceType("@dfs"); // to be consistent with earlier release
auditEvent.setAccessType("DFS");
auditEvent.setAction("DFS");
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index f10bde4..c077ce3 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -62,7 +62,6 @@
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.model.RangerPolicy;
@@ -2548,11 +2547,11 @@
public void init() {
super.init();
- RangerHivePlugin.UpdateXaPoliciesOnGrantRevoke = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.HIVE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_PROP, RangerHadoopConstants.HIVE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_DEFAULT_VALUE);
- RangerHivePlugin.BlockUpdateIfRowfilterColumnMaskSpecified = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.HIVE_BLOCK_UPDATE_IF_ROWFILTER_COLUMNMASK_SPECIFIED_PROP, RangerHadoopConstants.HIVE_BLOCK_UPDATE_IF_ROWFILTER_COLUMNMASK_SPECIFIED_DEFAULT_VALUE);
- RangerHivePlugin.DescribeShowTableAuth = RangerConfiguration.getInstance().get(RangerHadoopConstants.HIVE_DESCRIBE_TABLE_SHOW_COLUMNS_AUTH_OPTION_PROP, RangerHadoopConstants.HIVE_DESCRIBE_TABLE_SHOW_COLUMNS_AUTH_OPTION_PROP_DEFAULT_VALUE);
+ RangerHivePlugin.UpdateXaPoliciesOnGrantRevoke = getConfig().getBoolean(RangerHadoopConstants.HIVE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_PROP, RangerHadoopConstants.HIVE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_DEFAULT_VALUE);
+ RangerHivePlugin.BlockUpdateIfRowfilterColumnMaskSpecified = getConfig().getBoolean(RangerHadoopConstants.HIVE_BLOCK_UPDATE_IF_ROWFILTER_COLUMNMASK_SPECIFIED_PROP, RangerHadoopConstants.HIVE_BLOCK_UPDATE_IF_ROWFILTER_COLUMNMASK_SPECIFIED_DEFAULT_VALUE);
+ RangerHivePlugin.DescribeShowTableAuth = getConfig().get(RangerHadoopConstants.HIVE_DESCRIBE_TABLE_SHOW_COLUMNS_AUTH_OPTION_PROP, RangerHadoopConstants.HIVE_DESCRIBE_TABLE_SHOW_COLUMNS_AUTH_OPTION_PROP_DEFAULT_VALUE);
- String fsSchemesString = RangerConfiguration.getInstance().get(RANGER_PLUGIN_HIVE_ULRAUTH_FILESYSTEM_SCHEMES, RANGER_PLUGIN_HIVE_ULRAUTH_FILESYSTEM_SCHEMES_DEFAULT);
+ String fsSchemesString = getConfig().get(RANGER_PLUGIN_HIVE_ULRAUTH_FILESYSTEM_SCHEMES, RANGER_PLUGIN_HIVE_ULRAUTH_FILESYSTEM_SCHEMES_DEFAULT);
fsScheme = StringUtils.split(fsSchemesString, FILESYSTEM_SCHEMES_SEPARATOR_CHAR);
if (fsScheme != null) {
diff --git a/hive-agent/src/test/java/org/apache/ranger/services/hive/RangerAdminClientImpl.java b/hive-agent/src/test/java/org/apache/ranger/services/hive/RangerAdminClientImpl.java
index 9440016..ce40e34 100644
--- a/hive-agent/src/test/java/org/apache/ranger/services/hive/RangerAdminClientImpl.java
+++ b/hive-agent/src/test/java/org/apache/ranger/services/hive/RangerAdminClientImpl.java
@@ -25,30 +25,13 @@
import org.apache.ranger.admin.client.AbstractRangerAdminClient;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
/**
* A test implementation of the RangerAdminClient interface that just reads policies in from a file and returns them
*/
public class RangerAdminClientImpl extends AbstractRangerAdminClient {
- private static final Logger LOG = LoggerFactory.getLogger(RangerAdminClientImpl.class);
private final static String cacheFilename = "hive-policies.json";
private final static String tagFilename = "hive-policies-tag.json";
- private Gson gson;
-
- public void init(String serviceName, String appId, String configPropertyPrefix) {
- Gson gson = null;
- try {
- gson = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
- } catch(Throwable excp) {
- LOG.error("RangerAdminClientImpl: failed to create GsonBuilder object", excp);
- }
- this.gson = gson;
- }
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
diff --git a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
index 0fafa6e..cba2c8f 100644
--- a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
+++ b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
@@ -41,6 +41,7 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.plugin.util.*;
@@ -81,26 +82,28 @@
private final String pluginCapabilities = Long.toHexString(new RangerPluginCapability().getPluginCapabilities());
@Override
- public void init(String serviceName, String appId, String configPropertyPrefix) {
+ public void init(String serviceName, String appId, String configPropertyPrefix, Configuration config) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerAdminJersey2RESTClient.init(" + configPropertyPrefix + ")");
}
+ super.init(serviceName, appId, configPropertyPrefix, config);
+
_serviceName = serviceName;
_pluginId = _utils.getPluginId(serviceName, appId);
- String tmpUrl = _utils.getPolicyRestUrl(configPropertyPrefix);
- _sslConfigFileName = _utils.getSsslConfigFileName(configPropertyPrefix);
- _restClientConnTimeOutMs = RangerConfiguration.getInstance().getInt(configPropertyPrefix + ".policy.rest.client.connection.timeoutMs", 120 * 1000);
- _restClientReadTimeOutMs = RangerConfiguration.getInstance().getInt(configPropertyPrefix + ".policy.rest.client.read.timeoutMs", 30 * 1000);
- _clusterName = RangerConfiguration.getInstance().get(configPropertyPrefix + ".access.cluster.name", "");
+ String tmpUrl = _utils.getPolicyRestUrl(configPropertyPrefix, config);
+ _sslConfigFileName = _utils.getSsslConfigFileName(configPropertyPrefix, config);
+ _restClientConnTimeOutMs = config.getInt(configPropertyPrefix + ".policy.rest.client.connection.timeoutMs", 120 * 1000);
+ _restClientReadTimeOutMs = config.getInt(configPropertyPrefix + ".policy.rest.client.read.timeoutMs", 30 * 1000);
+ _clusterName = config.get(configPropertyPrefix + ".access.cluster.name", "");
if(StringUtil.isEmpty(_clusterName)){
- _clusterName = RangerConfiguration.getInstance().get(configPropertyPrefix + ".ambari.cluster.name", "");
+ _clusterName =config.get(configPropertyPrefix + ".ambari.cluster.name", "");
}
- _supportsPolicyDeltas = RangerConfiguration.getInstance().get(configPropertyPrefix + ".policy.rest.supports.policy.deltas", "false");
+ _supportsPolicyDeltas = config.get(configPropertyPrefix + ".policy.rest.supports.policy.deltas", "false");
if (!"true".equalsIgnoreCase(_supportsPolicyDeltas)) {
_supportsPolicyDeltas = "false";
}
- _supportsTagDeltas = RangerConfiguration.getInstance().get(configPropertyPrefix + ".tag.rest.supports.tag.deltas", "false");
+ _supportsTagDeltas = config.get(configPropertyPrefix + ".tag.rest.supports.tag.deltas", "false");
if (!"true".equalsIgnoreCase(_supportsTagDeltas)) {
_supportsTagDeltas = "false";
}
diff --git a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java
index 94a47b3..5ce5a53 100644
--- a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java
+++ b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java
@@ -45,7 +45,7 @@
// mandatory call to base plugin
super.init();
// One time call to register the audit hander with the policy engine.
- super.setResultProcessor(new RangerDefaultAuditHandler());
+ super.setResultProcessor(new RangerDefaultAuditHandler(getConfig()));
initialized = true;
}
}
diff --git a/knox-agent/src/test/java/org/apache/ranger/services/knox/RangerAdminClientImpl.java b/knox-agent/src/test/java/org/apache/ranger/services/knox/RangerAdminClientImpl.java
index 82444d5..4c51e59 100644
--- a/knox-agent/src/test/java/org/apache/ranger/services/knox/RangerAdminClientImpl.java
+++ b/knox-agent/src/test/java/org/apache/ranger/services/knox/RangerAdminClientImpl.java
@@ -25,30 +25,14 @@
import org.apache.ranger.admin.client.AbstractRangerAdminClient;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import com.google.common.base.Charsets;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
/**
* A test implementation of the RangerAdminClient interface that just reads policies in from a file and returns them
*/
public class RangerAdminClientImpl extends AbstractRangerAdminClient {
- private static final Logger LOG = LoggerFactory.getLogger(RangerAdminClientImpl.class);
private final static String cacheFilename = "knox-policies.json";
- private Gson gson;
-
- public void init(String serviceName, String appId, String configPropertyPrefix) {
- Gson gson = null;
- try {
- gson = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
- } catch(Throwable excp) {
- LOG.error("RangerAdminClientImpl: failed to create GsonBuilder object", excp);
- }
- this.gson = gson;
- }
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
diff --git a/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java b/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
index 1c56589..7f841d4 100644
--- a/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
+++ b/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
@@ -72,7 +72,8 @@
plugin = new RangerAtlasPlugin();
plugin.init();
- plugin.setResultProcessor(new RangerDefaultAuditHandler());
+
+ plugin.setResultProcessor(new RangerDefaultAuditHandler(plugin.getConfig()));
atlasPlugin = plugin;
}
diff --git a/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java b/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
index 31de631..bd0585c 100644
--- a/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
+++ b/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
@@ -115,7 +115,7 @@
public void init() {
super.init();
- RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler();
+ RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler(getConfig());
super.setResultProcessor(auditHandler);
}
diff --git a/plugin-kafka/src/main/java/org/apache/ranger/services/kafka/RangerServiceKafka.java b/plugin-kafka/src/main/java/org/apache/ranger/services/kafka/RangerServiceKafka.java
index 37ac3e4..cf5da97 100644
--- a/plugin-kafka/src/main/java/org/apache/ranger/services/kafka/RangerServiceKafka.java
+++ b/plugin-kafka/src/main/java/org/apache/ranger/services/kafka/RangerServiceKafka.java
@@ -24,7 +24,6 @@
import java.util.Map;
import org.apache.commons.lang.StringUtils;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
@@ -103,7 +102,7 @@
List<RangerPolicy> ret = super.getDefaultRangerPolicies();
- String authType = RangerConfiguration.getInstance().get(RANGER_AUTH_TYPE,"simple");
+ String authType = getConfig().get(RANGER_AUTH_TYPE,"simple");
if (StringUtils.equalsIgnoreCase(authType, KERBEROS_TYPE)) {
if (LOG.isDebugEnabled()) {
diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/RangerAdminClientImpl.java b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/RangerAdminClientImpl.java
index ad3ff0d..9117c64 100644
--- a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/RangerAdminClientImpl.java
+++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/RangerAdminClientImpl.java
@@ -25,30 +25,13 @@
import org.apache.ranger.admin.client.AbstractRangerAdminClient;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
/**
* A test implementation of the RangerAdminClient interface that just reads policies in from a file and returns them
*/
public class RangerAdminClientImpl extends AbstractRangerAdminClient {
- private static final Logger LOG = LoggerFactory.getLogger(RangerAdminClientImpl.class);
private final static String cacheFilename = "kafka-policies.json";
private final static String tagFilename = "kafka-policies-tag.json";
- private Gson gson;
-
- public void init(String serviceName, String appId, String configPropertyPrefix) {
- Gson gson = null;
- try {
- gson = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
- } catch(Throwable excp) {
- LOG.error("RangerAdminClientImpl: failed to create GsonBuilder object", excp);
- }
- this.gson = gson;
- }
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
diff --git a/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java b/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java
index aab4639..da4006a 100755
--- a/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java
+++ b/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java
@@ -346,7 +346,7 @@
public void init() {
super.init();
- RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler();
+ RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler(getConfig());
super.setResultProcessor(auditHandler);
}
diff --git a/plugin-kms/src/main/java/org/apache/ranger/services/kms/RangerServiceKMS.java b/plugin-kms/src/main/java/org/apache/ranger/services/kms/RangerServiceKMS.java
index 579f639..96ab449 100644
--- a/plugin-kms/src/main/java/org/apache/ranger/services/kms/RangerServiceKMS.java
+++ b/plugin-kms/src/main/java/org/apache/ranger/services/kms/RangerServiceKMS.java
@@ -22,7 +22,6 @@
import java.util.List;
import java.util.Map;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
@@ -103,9 +102,9 @@
List<RangerPolicy> ret = super.getDefaultRangerPolicies();
- String adminPrincipal = RangerConfiguration.getInstance().get(ADMIN_USER_PRINCIPAL);
- String adminKeytab = RangerConfiguration.getInstance().get(ADMIN_USER_KEYTAB);
- String authType = RangerConfiguration.getInstance().get(RANGER_AUTH_TYPE,"simple");
+ String adminPrincipal = getConfig().get(ADMIN_USER_PRINCIPAL);
+ String adminKeytab = getConfig().get(ADMIN_USER_KEYTAB);
+ String authType = getConfig().get(RANGER_AUTH_TYPE,"simple");
String adminUser = getLookupUser(authType, adminPrincipal, adminKeytab);
@@ -135,7 +134,7 @@
item.setUsers(users);
}
- String hdfsUser = RangerConfiguration.getInstance().get("ranger.kms.service.user.hdfs", "hdfs");
+ String hdfsUser = getConfig().get("ranger.kms.service.user.hdfs", "hdfs");
if (hdfsUser != null && !hdfsUser.isEmpty()) {
LOG.info("Creating default KMS policy item for " + hdfsUser);
List<String> users = new ArrayList<String>();
@@ -145,7 +144,7 @@
}
- String hiveUser = RangerConfiguration.getInstance().get("ranger.kms.service.user.hive", "hive");
+ String hiveUser = getConfig().get("ranger.kms.service.user.hive", "hive");
if (hiveUser != null && !hiveUser.isEmpty()) {
LOG.info("Creating default KMS policy item for " + hiveUser);
diff --git a/plugin-kms/src/test/java/org/apache/ranger/authorization/kms/authorizer/RangerAdminClientImpl.java b/plugin-kms/src/test/java/org/apache/ranger/authorization/kms/authorizer/RangerAdminClientImpl.java
index 6290f36..b9feb4b 100644
--- a/plugin-kms/src/test/java/org/apache/ranger/authorization/kms/authorizer/RangerAdminClientImpl.java
+++ b/plugin-kms/src/test/java/org/apache/ranger/authorization/kms/authorizer/RangerAdminClientImpl.java
@@ -25,29 +25,13 @@
import org.apache.ranger.admin.client.AbstractRangerAdminClient;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
/**
* A test implementation of the RangerAdminClient interface that just reads policies in from a file and returns them
*/
public class RangerAdminClientImpl extends AbstractRangerAdminClient {
- private static final Logger LOG = LoggerFactory.getLogger(RangerAdminClientImpl.class);
private final static String cacheFilename = "kms-policies.json";
- private Gson gson;
-
- public void init(String serviceName, String appId, String configPropertyPrefix) {
- Gson gson = null;
- try {
- gson = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
- } catch(Throwable excp) {
- LOG.error("RangerAdminClientImpl: failed to create GsonBuilder object", excp);
- }
- this.gson = gson;
- }
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
diff --git a/plugin-kylin/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java b/plugin-kylin/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java
index ed935f8..e084990 100644
--- a/plugin-kylin/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java
+++ b/plugin-kylin/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java
@@ -150,7 +150,7 @@
public void init() {
super.init();
- RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler();
+ RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler(getConfig());
super.setResultProcessor(auditHandler);
}
diff --git a/plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java b/plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java
index 2e361c0..bd80e92 100644
--- a/plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java
+++ b/plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java
@@ -24,31 +24,13 @@
import org.apache.ranger.admin.client.AbstractRangerAdminClient;
import org.apache.ranger.plugin.util.ServicePolicies;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
/**
* A test implementation of the RangerAdminClient interface that just reads
* policies in from a file and returns them.
*/
public class RangerAdminClientImpl extends AbstractRangerAdminClient {
- private static final Logger LOG = LoggerFactory.getLogger(RangerAdminClientImpl.class);
private static final String cacheFilename = "kylin-policies.json";
- private Gson gson;
-
- @Override
- public void init(String serviceName, String appId, String configPropertyPrefix) {
- Gson gson = null;
- try {
- gson = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
- } catch (Throwable excp) {
- LOG.error("RangerAdminClientImpl: failed to create GsonBuilder object", excp);
- }
- this.gson = gson;
- }
@Override
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis)
diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
index 96f6d49..359211c 100644
--- a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
+++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
@@ -18,8 +18,8 @@
*/
package org.apache.ranger.authorization.solr.authorizer;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.audit.model.AuthzAuditEvent;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.audit.RangerMultiResourceAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
@@ -37,8 +37,8 @@
private AuthzAuditEvent auditEvent = null;
- public RangerSolrAuditHandler(){
- String excludeUserList = RangerConfiguration.getInstance().get(PROP_SOLR_PLUGIN_AUDIT_EXCLUDED_USERS, solrUser);
+ public RangerSolrAuditHandler(Configuration config){
+ String excludeUserList = config.get(PROP_SOLR_PLUGIN_AUDIT_EXCLUDED_USERS, solrUser);
excludeUsers = Arrays.asList(excludeUserList.split(","));
}
diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
index 46d0f66..9c419df 100644
--- a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
+++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
@@ -150,22 +150,22 @@
}
}
solrPlugin.init();
- auditHandler = new RangerSolrAuditHandler();
+ auditHandler = new RangerSolrAuditHandler(solrPlugin.getConfig());
solrPlugin.setResultProcessor(auditHandler);
} catch (Throwable t) {
logger.fatal("Error creating and initializing RangerBasePlugin()");
}
try {
- useProxyIP = RangerConfiguration.getInstance().getBoolean(
+ useProxyIP = solrPlugin.getConfig().getBoolean(
PROP_USE_PROXY_IP, useProxyIP);
- proxyIPHeader = RangerConfiguration.getInstance().get(
+ proxyIPHeader = solrPlugin.getConfig().get(
PROP_PROXY_IP_HEADER, proxyIPHeader);
// First get from the -D property
solrAppName = System.getProperty("solr.kerberos.jaas.appname",
solrAppName);
// Override if required from Ranger properties
- solrAppName = RangerConfiguration.getInstance().get(
+ solrAppName = solrPlugin.getConfig().get(
PROP_SOLR_APP_NAME, solrAppName);
logger.info("init(): useProxyIP=" + useProxyIP);
diff --git a/plugin-sqoop/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java b/plugin-sqoop/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java
index d099f00..05c61fb 100644
--- a/plugin-sqoop/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java
+++ b/plugin-sqoop/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java
@@ -145,7 +145,7 @@
public void init() {
super.init();
- RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler();
+ RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler(getConfig());
super.setResultProcessor(auditHandler);
}
diff --git a/plugin-sqoop/src/test/java/org/apache/ranger/authorization/sqoop/authorizer/RangerAdminClientImpl.java b/plugin-sqoop/src/test/java/org/apache/ranger/authorization/sqoop/authorizer/RangerAdminClientImpl.java
index 758d681..cae3973 100644
--- a/plugin-sqoop/src/test/java/org/apache/ranger/authorization/sqoop/authorizer/RangerAdminClientImpl.java
+++ b/plugin-sqoop/src/test/java/org/apache/ranger/authorization/sqoop/authorizer/RangerAdminClientImpl.java
@@ -23,31 +23,13 @@
import org.apache.ranger.admin.client.AbstractRangerAdminClient;
import org.apache.ranger.plugin.util.ServicePolicies;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
/**
* A test implementation of the RangerAdminClient interface that just reads
* policies in from a file and returns them
*/
public class RangerAdminClientImpl extends AbstractRangerAdminClient {
- private static final Logger LOG = LoggerFactory.getLogger(RangerAdminClientImpl.class);
private static final String cacheFilename = "sqoop-policies.json";
- private Gson gson;
-
- @Override
- public void init(String serviceName, String appId, String configPropertyPrefix) {
- Gson gson = null;
- try {
- gson = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
- } catch (Throwable excp) {
- LOG.error("RangerAdminClientImpl: failed to create GsonBuilder object", excp);
- }
- this.gson = gson;
- }
@Override
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis)
diff --git a/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java b/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
index 4f18619..1f96582 100644
--- a/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
+++ b/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
@@ -36,7 +36,6 @@
import org.apache.hadoop.yarn.security.*;
import org.apache.hadoop.yarn.security.PrivilegedEntity.EntityType;
import org.apache.ranger.audit.model.AuthzAuditEvent;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
@@ -49,20 +48,20 @@
import org.apache.ranger.plugin.util.RangerPerfTracer;
public class RangerYarnAuthorizer extends YarnAuthorizationProvider {
- public static final String ACCESS_TYPE_ADMIN_QUEUE = "admin-queue";
- public static final String ACCESS_TYPE_SUBMIT_APP = "submit-app";
- public static final String ACCESS_TYPE_ADMIN = "admin";
-
- public static final String KEY_RESOURCE_QUEUE = "queue";
-
- private static boolean yarnAuthEnabled = RangerHadoopConstants.RANGER_ADD_YARN_PERMISSION_DEFAULT;
-
private static final Log LOG = LogFactory.getLog(RangerYarnAuthorizer.class);
private static final Log PERF_YARNAUTH_REQUEST_LOG = RangerPerfTracer.getPerfLogger("yarnauth.request");
+ public static final String ACCESS_TYPE_ADMIN_QUEUE = "admin-queue";
+ public static final String ACCESS_TYPE_SUBMIT_APP = "submit-app";
+ public static final String ACCESS_TYPE_ADMIN = "admin";
+ public static final String KEY_RESOURCE_QUEUE = "queue";
+
private static volatile RangerYarnPlugin yarnPlugin = null;
+ private boolean yarnAuthEnabled = RangerHadoopConstants.RANGER_ADD_YARN_PERMISSION_DEFAULT;
+ private String yarnModuleName = RangerHadoopConstants.DEFAULT_YARN_MODULE_ACL_NAME;
+
private AccessControlList admins = null;
private Map<PrivilegedEntity, Map<AccessType, AccessControlList>> yarnAcl = new HashMap<PrivilegedEntity, Map<AccessType, AccessControlList>>();
@@ -87,7 +86,9 @@
}
}
- RangerYarnAuthorizer.yarnAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_YARN_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_YARN_PERMISSION_DEFAULT);
+ this.yarnAuthEnabled = yarnPlugin.getConfig().getBoolean(RangerHadoopConstants.RANGER_ADD_YARN_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_YARN_PERMISSION_DEFAULT);
+ this.yarnModuleName = yarnPlugin.getConfig().get(RangerHadoopConstants.AUDITLOG_YARN_MODULE_ACL_NAME_PROP , RangerHadoopConstants.DEFAULT_YARN_MODULE_ACL_NAME);
+
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerYarnAuthorizer.init()");
@@ -121,12 +122,12 @@
RangerYarnAccessRequest request = new RangerYarnAccessRequest(entity, getRangerAccessType(accessType), accessType.name(), ugi, forwardedAddresses, remoteIpAddress);
- auditHandler = new RangerYarnAuditHandler();
+ auditHandler = new RangerYarnAuditHandler(yarnModuleName);
result = plugin.isAccessAllowed(request, auditHandler);
}
- if(RangerYarnAuthorizer.yarnAuthEnabled && (result == null || !result.getIsAccessDetermined())) {
+ if(yarnAuthEnabled && (result == null || !result.getIsAccessDetermined())) {
if(RangerPerfTracer.isPerfTraceEnabled(PERF_YARNAUTH_REQUEST_LOG)) {
yarnAclPerf = RangerPerfTracer.getPerfTracer(PERF_YARNAUTH_REQUEST_LOG, "RangerYarnNativeAuthorizer.isAllowedByYarnAcl(entity=" + entity + ")");
@@ -289,7 +290,7 @@
public void init() {
super.init();
- RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler();
+ RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler(getConfig());
super.setResultProcessor(auditHandler);
}
@@ -333,12 +334,12 @@
class RangerYarnAuditHandler extends RangerDefaultAuditHandler {
private static final Log LOG = LogFactory.getLog(RangerYarnAuditHandler.class);
- private static final String YarnModuleName = RangerConfiguration.getInstance().get(RangerHadoopConstants.AUDITLOG_YARN_MODULE_ACL_NAME_PROP , RangerHadoopConstants.DEFAULT_YARN_MODULE_ACL_NAME);
-
+ private final String yarnModuleName;
private boolean isAuditEnabled = false;
private AuthzAuditEvent auditEvent = null;
- public RangerYarnAuditHandler() {
+ public RangerYarnAuditHandler(String yarnModuleName) {
+ this.yarnModuleName = yarnModuleName;
}
@Override
@@ -365,7 +366,7 @@
if(auditEvent != null) {
auditEvent.setAccessResult((short) (accessGranted ? 1 : 0));
- auditEvent.setAclEnforcer(YarnModuleName);
+ auditEvent.setAclEnforcer(yarnModuleName);
auditEvent.setPolicyId(-1);
}
diff --git a/ranger-examples/plugin-sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/RangerAuthorizer.java b/ranger-examples/plugin-sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/RangerAuthorizer.java
index c06894e..6b3d6ea 100644
--- a/ranger-examples/plugin-sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/RangerAuthorizer.java
+++ b/ranger-examples/plugin-sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/RangerAuthorizer.java
@@ -41,7 +41,7 @@
if(plugin == null) {
plugin = new RangerBasePlugin("sampleapp", "sampleapp");
- plugin.setResultProcessor(new RangerDefaultAuditHandler());
+ plugin.setResultProcessor(new RangerDefaultAuditHandler(plugin.getConfig()));
plugin.init();
}
diff --git a/ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestEngine.java b/ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestEngine.java
index df31a61..8af378d 100644
--- a/ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestEngine.java
+++ b/ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestEngine.java
@@ -41,15 +41,17 @@
static private final long POLICY_ENGINE_REORDER_AFTER_PROCESSING_REQUESTS_COUNT = 100;
private final URL servicePoliciesFileURL;
private final RangerPolicyEngineOptions policyEngineOptions;
+ private final URL configFileURL;
private RangerPolicyEngine policyEvaluationEngine;
private RangerPluginContext rangerPluginContext;
private final boolean disableDynamicPolicyEvalReordering;
private AtomicLong requestCount = new AtomicLong();
- public PerfTestEngine(final URL servicePoliciesFileURL, RangerPolicyEngineOptions policyEngineOptions, boolean disableDynamicPolicyEvalReordering) {
+ public PerfTestEngine(final URL servicePoliciesFileURL, RangerPolicyEngineOptions policyEngineOptions, boolean disableDynamicPolicyEvalReordering, URL configFileURL) {
this.servicePoliciesFileURL = servicePoliciesFileURL;
this.policyEngineOptions = policyEngineOptions;
this.disableDynamicPolicyEvalReordering = disableDynamicPolicyEvalReordering;
+ this.configFileURL = configFileURL;
}
public boolean init() {
@@ -76,6 +78,7 @@
RangerServiceDef serviceDef = servicePolicies.getServiceDef();
String serviceType = (serviceDef != null) ? serviceDef.getName() : "";
rangerPluginContext = new RangerPluginContext(serviceType);
+ rangerPluginContext.getConfig().addResource(configFileURL);
policyEvaluationEngine = new RangerPolicyEngineImpl("perf-test", servicePolicies, policyEngineOptions, rangerPluginContext);
requestCount.set(0L);
diff --git a/ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerPluginPerfTester.java b/ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerPluginPerfTester.java
index 4fc6655..efcc39c 100644
--- a/ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerPluginPerfTester.java
+++ b/ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerPluginPerfTester.java
@@ -29,7 +29,6 @@
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
import org.apache.ranger.plugin.service.RangerBasePlugin;
@@ -76,11 +75,10 @@
Path filePath = buildConfigurationFile();
if (filePath != null) {
- RangerConfiguration rangerConfig = RangerConfiguration.getInstance();
- rangerConfig.addResource(filePath);
-
plugin = new RangerBasePlugin(serviceType, appId);
+ plugin.getConfig().addResource(filePath);
+
Runtime runtime = Runtime.getRuntime();
runtime.gc();
diff --git a/ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerPolicyenginePerfTester.java b/ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerPolicyenginePerfTester.java
index 53e5cf0..2da4397 100644
--- a/ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerPolicyenginePerfTester.java
+++ b/ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerPolicyenginePerfTester.java
@@ -21,7 +21,6 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
import org.apache.ranger.plugin.util.PerfDataRecorder;
@@ -66,12 +65,7 @@
URL configurationFileURL = perfTestOptions.getPerfConfigurationFileURL();
- if (configurationFileURL != null) {
- RangerConfiguration config = RangerConfiguration.getInstance();
- config.addResource(configurationFileURL);
- }
-
- PerfTestEngine perfTestEngine = new PerfTestEngine(servicePoliciesFileURL, policyEngineOptions, perfTestOptions.getIsDynamicReorderingDisabled());
+ PerfTestEngine perfTestEngine = new PerfTestEngine(servicePoliciesFileURL, policyEngineOptions, perfTestOptions.getIsDynamicReorderingDisabled(), configurationFileURL);
if (!perfTestEngine.init()) {
LOG.error("Error initializing test data. Existing...");
System.exit(1);
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index abb1b10..6cd8634 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -37,7 +37,7 @@
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.log4j.Logger;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.GUIDUtil;
@@ -107,10 +107,15 @@
public static final int batchSize = PropertiesUtil.getIntProperty("ranger.jpa.jdbc.batch-clear.size", 10);
String auditDBType = AUDIT_STORE_RDBMS;
+ private final boolean allowUnauthenticatedAccessInSecureEnvironment;
static String fileSeparator = PropertiesUtil.getProperty("ranger.file.separator", "/");
public RangerBizUtil() {
+ RangerAdminConfig config = new RangerAdminConfig();
+
+ allowUnauthenticatedAccessInSecureEnvironment = config.getBoolean("ranger.admin.allow.unauthenticated.access", false);
+
maxFirstNameLength = Integer.parseInt(PropertiesUtil.getProperty("ranger.user.firstname.maxlength", "16"));
maxDisplayNameLength = PropertiesUtil.getIntProperty("ranger.bookmark.name.maxlen", maxDisplayNameLength);
@@ -441,11 +446,10 @@
return matchFound;
}
- public static void failUnauthenticatedIfNotAllowed() throws Exception {
+ public void failUnauthenticatedIfNotAllowed() throws Exception {
if (UserGroupInformation.isSecurityEnabled()) {
UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
if (currentUserSession == null) {
- boolean allowUnauthenticatedAccessInSecureEnvironment = RangerConfiguration.getInstance().getBoolean("ranger.admin.allow.unauthenticated.access", false);
if (!allowUnauthenticatedAccessInSecureEnvironment) {
throw new Exception("Unauthenticated access not allowed");
}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
index 213639a..99a0d3e 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
@@ -29,7 +29,7 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerRoleCache;
@@ -69,6 +69,8 @@
@Autowired
RangerBizUtil bizUtil;
+ RangerAdminConfig config;
+
private Boolean populateExistingBaseFields = true;
AbstractPredicateUtil predicateUtil = null;
@@ -81,6 +83,8 @@
LOG.debug("==> RoleDBStore.initStore()");
}
+ config = new RangerAdminConfig();
+
roleService.setPopulateExistingBaseFields(populateExistingBaseFields);
predicateUtil = new RolePredicateUtil();
@@ -330,7 +334,7 @@
if (LOG.isDebugEnabled()) {
LOG.debug("Service Type for serviceId (" + serviceId + ") = " + serviceTypeName);
}
- String serviceTypesToGetAllRoles = RangerConfiguration.getInstance().get("ranger.admin.service.types.for.returning.all.roles", "solr");
+ String serviceTypesToGetAllRoles = config.get("ranger.admin.service.types.for.returning.all.roles", "solr");
boolean getAllRoles = false;
if (StringUtils.isNotEmpty(serviceTypesToGetAllRoles)) {
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 0ab733c..333672d 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -60,7 +60,7 @@
import org.apache.poi.ss.usermodel.Sheet;
import org.apache.poi.ss.usermodel.Workbook;
import org.apache.ranger.audit.provider.MiscUtil;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.MessageEnums;
@@ -341,6 +341,7 @@
public static final String ACCESS_TYPE_GET_METADATA = "getmetadata";
private ServicePredicateUtil predicateUtil = null;
+ private RangerAdminConfig config = null;
@Override
@@ -360,19 +361,16 @@
LOG.debug("==> ServiceDBStore.initStore()");
}
+ config = new RangerAdminConfig();
+
if(! legacyServiceDefsInitDone) {
synchronized(ServiceDBStore.class) {
if(!legacyServiceDefsInitDone) {
- if (! RangerConfiguration.getInstance().addAdminResources()) {
- LOG.error("Could not add ranger-admin resources to RangerConfiguration.");
- }
-
- SUPPORTS_POLICY_DELTAS = RangerConfiguration.getInstance().getBoolean("ranger.admin.supports.policy.deltas", false);
- RETENTION_PERIOD_IN_DAYS = RangerConfiguration.getInstance().getInt("ranger.admin.delta.retention.time.in.days", 7);
- TAG_RETENTION_PERIOD_IN_DAYS = RangerConfiguration.getInstance().getInt("ranger.admin.tag.delta.retention.time.in.days", 3);
-
- isRolesDownloadedByService = RangerConfiguration.getInstance().getBoolean("ranger.support.for.service.specific.role.download", false);
+ SUPPORTS_POLICY_DELTAS = config.getBoolean("ranger.admin.supports.policy.deltas", false);
+ RETENTION_PERIOD_IN_DAYS = config.getInt("ranger.admin.delta.retention.time.in.days", 7);
+ TAG_RETENTION_PERIOD_IN_DAYS = config.getInt("ranger.admin.tag.delta.retention.time.in.days", 3);
+ isRolesDownloadedByService = config.getBoolean("ranger.support.for.service.specific.role.download", false);
TransactionTemplate txTemplate = new TransactionTemplate(txManager);
@@ -3555,7 +3553,7 @@
}
}
- private static void persistChangeLog(ServiceVersionUpdater serviceVersionUpdater) {
+ private void persistChangeLog(ServiceVersionUpdater serviceVersionUpdater) {
XXServiceVersionInfoDao serviceVersionInfoDao = serviceVersionUpdater.daoManager.getXXServiceVersionInfo();
XXServiceVersionInfo serviceVersionInfoDbObj = serviceVersionInfoDao.findByServiceId(serviceVersionUpdater.serviceId);
@@ -4738,7 +4736,6 @@
}
private String getAuditMode(String serviceTypeName, String serviceName) {
- RangerConfiguration config = RangerConfiguration.getInstance();
String ret = config.get("ranger.audit.global.mode");
if (StringUtils.isNotBlank(ret)) {
return ret;
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
index 0e33298..2d7f407 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
@@ -30,7 +30,7 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.authorization.utils.JsonUtils;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
@@ -100,8 +100,12 @@
@Autowired
RESTErrorUtil restErrorUtil;
+ RangerAdminConfig config;
+
@PostConstruct
public void initStore() {
+ config = new RangerAdminConfig();
+
RangerAdminTagEnricher.setTagStore(this);
RangerAdminTagEnricher.setDaoManager(daoManager);
}
@@ -1268,7 +1272,9 @@
public static boolean isSupportsTagDeltas() {
if (!IS_SUPPORTS_TAG_DELTAS_INITIALIZED) {
- SUPPORTS_TAG_DELTAS = RangerConfiguration.getInstance().getBoolean("ranger.admin.supports.tag.deltas", false);
+ RangerAdminConfig config = new RangerAdminConfig();
+
+ SUPPORTS_TAG_DELTAS = config.getBoolean("ranger.admin.supports.tag.deltas", false);
IS_SUPPORTS_TAG_DELTAS_INITIALIZED = true;
}
return SUPPORTS_TAG_DELTAS;
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerAdminTagEnricher.java b/security-admin/src/main/java/org/apache/ranger/common/RangerAdminTagEnricher.java
index ad8d43b..c4b134e 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerAdminTagEnricher.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerAdminTagEnricher.java
@@ -19,7 +19,7 @@
package org.apache.ranger.common;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXServiceVersionInfo;
import org.apache.ranger.plugin.contextenricher.RangerTagEnricher;
@@ -38,6 +38,7 @@
private static TagStore tagStore = null;
private static RangerDaoManager daoManager = null;
+ private static boolean ADMIN_TAG_ENRICHER_SUPPORTS_TAG_DELTAS_INITIALIZED = false;
private static boolean ADMIN_TAG_ENRICHER_SUPPORTS_TAG_DELTAS;
private Long serviceId;
@@ -57,7 +58,13 @@
}
super.init();
- ADMIN_TAG_ENRICHER_SUPPORTS_TAG_DELTAS = RangerConfiguration.getInstance().getBoolean("ranger.admin.tag.enricher.supports.tag.deltas", true);
+ if (!ADMIN_TAG_ENRICHER_SUPPORTS_TAG_DELTAS_INITIALIZED) {
+ RangerAdminConfig config = new RangerAdminConfig();
+
+ ADMIN_TAG_ENRICHER_SUPPORTS_TAG_DELTAS = config.getBoolean("ranger.admin.tag.enricher.supports.tag.deltas", true);
+
+ ADMIN_TAG_ENRICHER_SUPPORTS_TAG_DELTAS_INITIALIZED = true;
+ }
ServiceStore svcStore = tagStore != null ? tagStore.getServiceStore() : null;
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerRoleCache.java b/security-admin/src/main/java/org/apache/ranger/common/RangerRoleCache.java
index b0bd427..4b17ef0 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerRoleCache.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerRoleCache.java
@@ -21,7 +21,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.biz.RoleDBStore;
import org.apache.ranger.plugin.model.RangerRole;
@@ -57,7 +57,9 @@
}
private RangerRoleCache() {
- waitTimeInSeconds = RangerConfiguration.getInstance().getInt("ranger.admin.policy.download.cache.max.waittime.for.update", MAX_WAIT_TIME_FOR_UPDATE);
+ RangerAdminConfig config = new RangerAdminConfig();
+
+ waitTimeInSeconds = config.getInt("ranger.admin.policy.download.cache.max.waittime.for.update", MAX_WAIT_TIME_FOR_UPDATE);
}
public RangerRoles getLatestRangerRoleOrCached(String serviceName, RoleDBStore roleDBStore, Long lastKnownRoleVersion, Long rangerRoleVersionInDB) throws Exception {
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
index 8942b4e..68740f5 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
@@ -21,7 +21,7 @@
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.store.ServiceStore;
@@ -61,7 +61,9 @@
}
private RangerServicePoliciesCache() {
- waitTimeInSeconds = RangerConfiguration.getInstance().getInt("ranger.admin.policy.download.cache.max.waittime.for.update", MAX_WAIT_TIME_FOR_UPDATE);
+ RangerAdminConfig config = new RangerAdminConfig();
+
+ waitTimeInSeconds = config.getInt("ranger.admin.policy.download.cache.max.waittime.for.update", MAX_WAIT_TIME_FOR_UPDATE);
}
public void dump() {
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java b/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java
index 22a92b2..249a3bf 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java
@@ -21,7 +21,7 @@
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.plugin.store.TagStore;
import org.apache.commons.logging.Log;
@@ -59,8 +59,10 @@
}
private RangerServiceTagsCache() {
- useServiceTagsCache = RangerConfiguration.getInstance().getBoolean("ranger.admin.tag.download.usecache", true);
- waitTimeInSeconds = RangerConfiguration.getInstance().getInt("ranger.admin.tag.download.cache.max.waittime.for.update", MAX_WAIT_TIME_FOR_UPDATE);
+ RangerAdminConfig config = new RangerAdminConfig();
+
+ useServiceTagsCache = config.getBoolean("ranger.admin.tag.download.usecache", true);
+ waitTimeInSeconds = config.getInt("ranger.admin.tag.download.cache.max.waittime.for.update", MAX_WAIT_TIME_FOR_UPDATE);
}
public void dump() {
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/BaseLoader.java b/security-admin/src/main/java/org/apache/ranger/patch/BaseLoader.java
index 66f8e7c..6cae5cb 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/BaseLoader.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/BaseLoader.java
@@ -25,6 +25,7 @@
import java.text.DecimalFormat;
import org.apache.log4j.Logger;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.common.DateUtil;
import org.apache.ranger.util.CLIUtil;
import org.springframework.transaction.annotation.Propagation;
@@ -45,8 +46,10 @@
boolean firstCall = true;
int batchSize = -1;
DecimalFormat twoDForm = new DecimalFormat("#.00");
+ protected final RangerAdminConfig config;
public BaseLoader() {
+ this.config = new RangerAdminConfig();
}
public void init(int batchSize) throws Exception {
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForTagServiceDefUpdate_J10028.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForTagServiceDefUpdate_J10028.java
index b113bd4..4dbfdf1 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForTagServiceDefUpdate_J10028.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForTagServiceDefUpdate_J10028.java
@@ -20,7 +20,6 @@
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.common.JSONUtil;
@@ -247,7 +246,7 @@
RangerServiceDef.RangerRowFilterDef rowFilterDef = tagServiceDef.getRowFilterDef();
if (rowFilterDef != null) {
- boolean autopropagateRowfilterdefToTag = RangerConfiguration.getInstance().getBoolean(AbstractServiceStore.AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP, AbstractServiceStore.AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP_DEFAULT);
+ boolean autopropagateRowfilterdefToTag = config.getBoolean(AbstractServiceStore.AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP, AbstractServiceStore.AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP_DEFAULT);
if (autopropagateRowfilterdefToTag) {
if (CollectionUtils.isNotEmpty(rowFilterDef.getAccessTypes())) {
addOrUpdateResourceDefForTagResource(rowFilterDef.getResources(), accessPolicyTagResource);
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 3d8a329..fc9f133 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -59,6 +59,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.admin.client.datatype.RESTResponse;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.biz.AssetMgr;
@@ -243,6 +244,7 @@
private RangerPolicyEngineOptions delegateAdminOptions;
private RangerPolicyEngineOptions policySearchAdminOptions;
private RangerPolicyEngineOptions defaultAdminOptions;
+ private final RangerAdminConfig config = new RangerAdminConfig();
public ServiceREST() {
}
@@ -3674,7 +3676,7 @@
final String propertyPrefix = "ranger.admin";
- opts.configureDelegateAdmin(RangerConfiguration.getInstance(), propertyPrefix);
+ opts.configureDelegateAdmin(config, propertyPrefix);
return opts;
}
@@ -3684,7 +3686,7 @@
final String propertyPrefix = "ranger.admin";
- opts.configureRangerAdminForPolicySearch(RangerConfiguration.getInstance(), propertyPrefix);
+ opts.configureRangerAdminForPolicySearch(config, propertyPrefix);
return opts;
}
@@ -3693,7 +3695,7 @@
final String propertyPrefix = "ranger.admin";
- opts.configureDefaultRangerAdmin(RangerConfiguration.getInstance(), propertyPrefix);
+ opts.configureDefaultRangerAdmin(config, propertyPrefix);
return opts;
}
@@ -4085,11 +4087,11 @@
if (LOG.isDebugEnabled()) {
LOG.debug("==> scheduleCreateOrGetTagService(resourceService=" + resourceService.getName() + ")");
}
- final boolean isAutoCreateTagService = RangerConfiguration.getInstance().getBoolean("ranger.tagservice.auto.create", true);
+ final boolean isAutoCreateTagService = config.getBoolean("ranger.tagservice.auto.create", true);
if (isAutoCreateTagService) {
- String tagServiceName = RangerConfiguration.getInstance().get("ranger.tagservice.auto.name");
+ String tagServiceName = config.get("ranger.tagservice.auto.name");
if (StringUtils.isBlank(tagServiceName)) {
tagServiceName = getGeneratedTagServiceName(resourceService.getName());
@@ -4100,7 +4102,7 @@
LOG.debug("Attempting to get/create and possibly link to tag-service:[" + tagServiceName + "]");
}
- final boolean isAutoLinkTagService = RangerConfiguration.getInstance().getBoolean("ranger.tagservice.auto.link", true);
+ final boolean isAutoLinkTagService = config.getBoolean("ranger.tagservice.auto.link", true);
RangerService tagService = null;
try {
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
index 3f7068c..1ec2f49 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
@@ -22,19 +22,23 @@
import java.util.Map;
import org.apache.commons.lang.StringUtils;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
+import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Service;
+
@Service
@Scope("singleton")
public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServiceDef, RangerServiceDef> {
+ private final RangerAdminConfig config;
public RangerServiceDefService() {
super();
+
+ this.config = new RangerAdminConfig();
}
@Override
@@ -59,7 +63,7 @@
Map<String, String> serviceDefOptions = ret.getOptions();
if (serviceDefOptions.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES) == null) {
- boolean enableDenyAndExceptionsInPoliciesHiddenOption = RangerConfiguration.getInstance().getBoolean("ranger.servicedef.enableDenyAndExceptionsInPolicies", true);
+ boolean enableDenyAndExceptionsInPoliciesHiddenOption = config.getBoolean("ranger.servicedef.enableDenyAndExceptionsInPolicies", true);
if (enableDenyAndExceptionsInPoliciesHiddenOption || StringUtils.equalsIgnoreCase(ret.getName(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
serviceDefOptions.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, "true");
} else {
diff --git a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
index 111083c..bb0f882 100644
--- a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
+++ b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
@@ -71,7 +71,7 @@
// mandatory call to base plugin
super.init();
// One time call to register the audit hander with the policy engine.
- super.setResultProcessor(new RangerDefaultAuditHandler());
+ super.setResultProcessor(new RangerDefaultAuditHandler(getConfig()));
// this needed to set things right in the nimbus process
if (KerberosName.getRules() == null) {
KerberosName.setRules("DEFAULT");
diff --git a/storm-agent/src/test/java/org/apache/ranger/authorization/storm/RangerAdminClientImpl.java b/storm-agent/src/test/java/org/apache/ranger/authorization/storm/RangerAdminClientImpl.java
index 895ad4a..2b40205 100644
--- a/storm-agent/src/test/java/org/apache/ranger/authorization/storm/RangerAdminClientImpl.java
+++ b/storm-agent/src/test/java/org/apache/ranger/authorization/storm/RangerAdminClientImpl.java
@@ -22,6 +22,7 @@
import java.nio.file.Files;
import java.util.List;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.admin.client.AbstractRangerAdminClient;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;
@@ -40,7 +41,8 @@
private final static String tagFilename = "storm-policies-tag.json";
private Gson gson;
- public void init(String serviceName, String appId, String configPropertyPrefix) {
+ @Override
+ public void init(String serviceName, String appId, String configPropertyPrefix, Configuration config) {
Gson gson = null;
try {
gson = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
diff --git a/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java b/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
index 062c5e3..dff7241 100644
--- a/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
+++ b/tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
@@ -96,7 +96,7 @@
}
if (StringUtils.isNotBlank(restUrl)) {
- tagRESTClient = new RangerRESTClient(restUrl, sslConfigFile);
+ tagRESTClient = new RangerRESTClient(restUrl, sslConfigFile, TagSyncConfig.getInstance());
if (!isKerberized) {
tagRESTClient.setBasicAuthInfo(userName, password);
}
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index 27506d1..1d4e37f 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -26,6 +26,7 @@
import java.util.Set;
import java.util.StringTokenizer;
+import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.credentialapi.CredentialReader;
import org.apache.ranger.plugin.util.XMLUtils;
import org.apache.ranger.usergroupsync.UserGroupSink;
@@ -262,6 +263,16 @@
XMLUtils.loadConfig(CONFIG_FILE, prop);
}
+ public Configuration getConfig() {
+ Configuration ret = new Configuration();
+
+ for (String propName : prop.stringPropertyNames()) {
+ ret.set(propName, prop.getProperty(propName));
+ }
+
+ return ret;
+ }
+
public String getUserSyncFileSource(){
String val = prop.getProperty(UGSYNC_SOURCE_FILE_PROC);
return val;
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java
index 52b7f62..e4024a2 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java
@@ -34,6 +34,7 @@
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.ranger.plugin.util.RangerRESTClient;
import org.apache.ranger.plugin.util.RangerRESTUtils;
+import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.codehaus.jackson.jaxrs.JacksonJsonProvider;
import com.sun.jersey.api.client.Client;
@@ -55,7 +56,7 @@
String ugKeyStoreType, String ugTrustStoreFile, String ugTrustStoreFilepwd, String ugTrustStoreType,
String authenticationType, String principal, String keytab, String polMgrUsername, String polMgrPassword) {
- super(policyMgrBaseUrls, "");
+ super(policyMgrBaseUrls, "", UserGroupSyncConfig.getInstance().getConfig());
if (!(authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType)
&& SecureClientLogin.isKerberosCredentialExists(principal, keytab))) {
setBasicAuthInfo(polMgrUsername, polMgrPassword);
