From c14a7cec73298594a8cea0a278d0f598f86ee2e1 Mon Sep 17 00:00:00 2001 From: Madhan Neethiraj Date: Fri, 10 Feb 2023 22:42:18 -0800 Subject: [PATCH] RANGER-4114: updated plugin to use consistent property-prefix across all references (cherry picked from commit 6b5628fbd76d4c2c407a54d4e98b937eec21df1c) --- .../RangerAbstractContextEnricher.java | 6 ++++++ .../contextenricher/RangerTagEnricher.java | 4 ++-- .../RangerUserStoreEnricher.java | 4 ++-- .../plugin/util/RangerRolesProvider.java | 5 +++-- .../plugin/policyengine/TestPolicyEngine.java | 19 ++++++++++--------- .../TestPolicyEngineForDeltas.java | 19 ++++++++++--------- 6 files changed, 33 insertions(+), 24 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java index f65a0cf889..8714a96252 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java @@ -204,6 +204,12 @@ public void notifyAuthContextChanged() { } } + public String getPropertyPrefix() { + RangerPluginConfig pluginConfig = getPluginConfig(); + + return pluginConfig != null ? pluginConfig.getPropertyPrefix() : "ranger.plugin." + serviceDef.getName(); + } + public String getConfig(String configName, String defaultValue) { RangerPluginContext pluginContext = this.pluginContext; String ret = defaultValue; diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java index 93d1e9d080..8f34103538 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java @@ -103,7 +103,7 @@ public void init() { super.init(); - String propertyPrefix = "ranger.plugin." + serviceDef.getName(); + String propertyPrefix = getPropertyPrefix(); String tagRetrieverClassName = getOption(TAG_RETRIEVER_CLASSNAME_OPTION); long pollingIntervalMs = getLongOption(TAG_REFRESHER_POLLINGINTERVAL_OPTION, 60 * 1000); @@ -404,7 +404,7 @@ public EnrichedServiceTags getEnrichedServiceTags() { } protected RangerReadWriteLock createLock() { - String propertyPrefix = "ranger.plugin." + serviceDef.getName(); + String propertyPrefix = getPropertyPrefix(); RangerPluginConfig config = getPluginConfig(); boolean deltasEnabled = config != null && config.getBoolean(propertyPrefix + RangerCommonConstants.PLUGIN_CONFIG_SUFFIX_TAG_DELTA, RangerCommonConstants.PLUGIN_CONFIG_SUFFIX_TAG_DELTA_DEFAULT); boolean inPlaceUpdatesEnabled = config != null && config.getBoolean(propertyPrefix + RangerCommonConstants.PLUGIN_CONFIG_SUFFIX_IN_PLACE_TAG_UPDATES, RangerCommonConstants.PLUGIN_CONFIG_SUFFIX_IN_PLACE_TAG_UPDATES_DEFAULT); diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java index 34ccc766d0..0ea5730aa6 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java @@ -57,10 +57,11 @@ public void init() { super.init(); + String propertyPrefix = getPropertyPrefix(); String userStoreRetrieverClassName = getOption(USERSTORE_RETRIEVER_CLASSNAME_OPTION); long pollingIntervalMs = getLongOption(USERSTORE_REFRESHER_POLLINGINTERVAL_OPTION, 3600 * 1000); - dedupStrings = getBooleanConfig("ranger.plugin." + serviceDef.getName() + ".dedup.strings", true); + dedupStrings = getBooleanConfig(propertyPrefix + ".dedup.strings", true); if (StringUtils.isNotBlank(userStoreRetrieverClassName)) { @@ -81,7 +82,6 @@ public void init() { } if (userStoreRetriever != null) { - String propertyPrefix = "ranger.plugin." + serviceDef.getName(); disableCacheIfServiceNotFound = getBooleanConfig(propertyPrefix + ".disable.cache.if.servicenotfound", true); String cacheDir = getConfig(propertyPrefix + ".policy.cache.dir", null); String cacheFilename = String.format("%s_%s_userstore.json", appId, serviceName); diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesProvider.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesProvider.java index ef50b540e8..7f6b4acb98 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesProvider.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesProvider.java @@ -24,6 +24,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.hadoop.conf.Configuration; import org.apache.ranger.admin.client.RangerAdminClient; +import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig; import org.apache.ranger.plugin.service.RangerBasePlugin; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -57,7 +58,7 @@ public class RangerRolesProvider { private boolean rangerUserGroupRolesSetInPlugin; private boolean serviceDefSetInPlugin; - public RangerRolesProvider(String serviceType, String appId, String serviceName, RangerAdminClient rangerAdmin, String cacheDir, Configuration config) { + public RangerRolesProvider(String serviceType, String appId, String serviceName, RangerAdminClient rangerAdmin, String cacheDir, RangerPluginConfig config) { if (LOG.isDebugEnabled()) { LOG.debug("==> RangerRolesProvider(serviceName=" + serviceName + ").RangerRolesProvider()"); } @@ -87,7 +88,7 @@ public RangerRolesProvider(String serviceType, String appId, String serviceName, } this.gson = gson; - String propertyPrefix = "ranger.plugin." + serviceType; + String propertyPrefix = config.getPropertyPrefix(); disableCacheIfServiceNotFound = config.getBoolean(propertyPrefix + ".disable.cache.if.servicenotfound", true); if (LOG.isDebugEnabled()) { diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java index f4f7aaafb7..9651a9b18e 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java @@ -520,8 +520,9 @@ private void runTests(InputStreamReader reader, String testName) { servicePolicies.setTagPolicies(tagPolicies); } - boolean useForwardedIPAddress = pluginContext.getConfig().getBoolean("ranger.plugin.hive.use.x-forwarded-for.ipaddress", false); - String trustedProxyAddressString = pluginContext.getConfig().get("ranger.plugin.hive.trusted.proxy.ipaddresses"); + RangerPluginConfig config = pluginContext.getConfig(); + boolean useForwardedIPAddress = config.getBoolean(config.getPropertyPrefix() + ".use.x-forwarded-for.ipaddress", false); + String trustedProxyAddressString = config.get(config.getPropertyPrefix() + ".trusted.proxy.ipaddresses"); String[] trustedProxyAddresses = StringUtils.split(trustedProxyAddressString, ';'); if (trustedProxyAddresses != null) { for (int i = 0; i < trustedProxyAddresses.length; i++) { @@ -578,18 +579,18 @@ private void runTests(InputStreamReader reader, String testName) { roles.setRangerRoles(rolesSet); - RangerPolicyEngineOptions policyEngineOptions = pluginContext.getConfig().getPolicyEngineOptions(); + RangerPolicyEngineOptions policyEngineOptions = config.getPolicyEngineOptions(); policyEngineOptions.disableAccessEvaluationWithPolicyACLSummary = true; - setPluginConfig(pluginContext.getConfig(), ".super.users", testCase.superUsers); - setPluginConfig(pluginContext.getConfig(), ".super.groups", testCase.superGroups); - setPluginConfig(pluginContext.getConfig(), ".audit.exclude.users", testCase.auditExcludedUsers); - setPluginConfig(pluginContext.getConfig(), ".audit.exclude.groups", testCase.auditExcludedGroups); - setPluginConfig(pluginContext.getConfig(), ".audit.exclude.roles", testCase.auditExcludedRoles); + setPluginConfig(config, ".super.users", testCase.superUsers); + setPluginConfig(config, ".super.groups", testCase.superGroups); + setPluginConfig(config, ".audit.exclude.users", testCase.auditExcludedUsers); + setPluginConfig(config, ".audit.exclude.groups", testCase.auditExcludedGroups); + setPluginConfig(config, ".audit.exclude.roles", testCase.auditExcludedRoles); // so that setSuperUsersAndGroups(), setAuditExcludedUsersGroupsRoles() will be called on the pluginConfig - new RangerBasePlugin(pluginContext.getConfig()); + new RangerBasePlugin(config); RangerPolicyEngineImpl policyEngine = new RangerPolicyEngineImpl(servicePolicies, pluginContext, roles); diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngineForDeltas.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngineForDeltas.java index 4e1844bc6e..3e5086cdf8 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngineForDeltas.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngineForDeltas.java @@ -214,8 +214,9 @@ private void runTests(InputStreamReader reader, String testName) { servicePolicies.setTagPolicies(tagPolicies); } - boolean useForwardedIPAddress = pluginContext.getConfig().getBoolean("ranger.plugin.hive.use.x-forwarded-for.ipaddress", false); - String trustedProxyAddressString = pluginContext.getConfig().get("ranger.plugin.hive.trusted.proxy.ipaddresses"); + RangerPluginConfig config = pluginContext.getConfig(); + boolean useForwardedIPAddress = config.getBoolean(config.getPropertyPrefix() + ".use.x-forwarded-for.ipaddress", false); + String trustedProxyAddressString = config.get(config.getPropertyPrefix() + ".trusted.proxy.ipaddresses"); String[] trustedProxyAddresses = StringUtils.split(trustedProxyAddressString, ';'); if (trustedProxyAddresses != null) { for (int i = 0; i < trustedProxyAddresses.length; i++) { @@ -272,18 +273,18 @@ private void runTests(InputStreamReader reader, String testName) { roles.setRangerRoles(rolesSet); - RangerPolicyEngineOptions policyEngineOptions = pluginContext.getConfig().getPolicyEngineOptions(); + RangerPolicyEngineOptions policyEngineOptions = config.getPolicyEngineOptions(); policyEngineOptions.disableAccessEvaluationWithPolicyACLSummary = true; - setPluginConfig(pluginContext.getConfig(), ".super.users", testCase.superUsers); - setPluginConfig(pluginContext.getConfig(), ".super.groups", testCase.superGroups); - setPluginConfig(pluginContext.getConfig(), ".audit.exclude.users", testCase.auditExcludedUsers); - setPluginConfig(pluginContext.getConfig(), ".audit.exclude.groups", testCase.auditExcludedGroups); - setPluginConfig(pluginContext.getConfig(), ".audit.exclude.roles", testCase.auditExcludedRoles); + setPluginConfig(config, ".super.users", testCase.superUsers); + setPluginConfig(config, ".super.groups", testCase.superGroups); + setPluginConfig(config, ".audit.exclude.users", testCase.auditExcludedUsers); + setPluginConfig(config, ".audit.exclude.groups", testCase.auditExcludedGroups); + setPluginConfig(config, ".audit.exclude.roles", testCase.auditExcludedRoles); // so that setSuperUsersAndGroups(), setAuditExcludedUsersGroupsRoles() will be called on the pluginConfig - new RangerBasePlugin(pluginContext.getConfig()); + new RangerBasePlugin(config); RangerPolicyEngineImpl policyEngine = new RangerPolicyEngineImpl(servicePolicies, pluginContext, roles);