Skip to content

Commit b98b265

Browse files
kumaabkumaab
authored
Merge branch 'apache:master' into ranger-5080 
2 parents 2c182a2 + 7365629 commit b98b265

File tree

774 files changed

+138044
-139710
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

774 files changed

+138044
-139710
lines changed

agents-audit/pom.xml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,6 @@
2828
<name>Audit Component</name>
2929
<description>Auth Audit</description>
3030
<properties>
31-
<checkstyle.failOnViolation>true</checkstyle.failOnViolation>
32-
<checkstyle.skip>false</checkstyle.skip>
3331
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
3432
<securesm.version>1.2</securesm.version>
3533
</properties>

agents-common/pom.xml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,6 @@
2828
<name>Common library for Plugins</name>
2929
<description>Plugins Common</description>
3030
<properties>
31-
<checkstyle.failOnViolation>true</checkstyle.failOnViolation>
32-
<checkstyle.skip>false</checkstyle.skip>
3331
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
3432
</properties>
3533
<dependencies>

agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
import java.util.Collection;
3333
import java.util.Collections;
3434
import java.util.HashSet;
35+
import java.util.List;
3536
import java.util.Set;
3637

3738
public class RangerPluginConfig extends RangerConfiguration {
@@ -62,6 +63,10 @@ public class RangerPluginConfig extends RangerConfiguration {
6263
private Set<String> serviceAdmins = Collections.emptySet();
6364

6465
public RangerPluginConfig(String serviceType, String serviceName, String appId, String clusterName, String clusterType, RangerPolicyEngineOptions policyEngineOptions) {
66+
this(serviceType, serviceName, appId, clusterName, clusterType, null, policyEngineOptions);
67+
}
68+
69+
public RangerPluginConfig(String serviceType, String serviceName, String appId, String clusterName, String clusterType, List<File> additionalConfigFiles, RangerPolicyEngineOptions policyEngineOptions) {
6570
super();
6671

6772
addResourcesForServiceType(serviceType);
@@ -73,6 +78,16 @@ public RangerPluginConfig(String serviceType, String serviceName, String appId,
7378

7479
addResourcesForServiceName(this.serviceType, this.serviceName);
7580

81+
if (additionalConfigFiles != null) {
82+
for (File configFile : additionalConfigFiles) {
83+
try {
84+
addResource(configFile.toURI().toURL());
85+
} catch (Throwable t) {
86+
LOG.warn("failed to load configurations from {}", configFile, t);
87+
}
88+
}
89+
}
90+
7691
String trustedProxyAddressString = this.get(propertyPrefix + ".trusted.proxy.ipaddresses");
7792

7893
if (StringUtil.isEmpty(clusterName)) {

agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java

Lines changed: 28 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem;
2727
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
2828
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
29+
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo;
2930
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
3031
import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem;
3132
import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
@@ -50,7 +51,7 @@
5051
public class RangerPolicyValidator extends RangerValidator {
5152
private static final Logger LOG = LoggerFactory.getLogger(RangerPolicyValidator.class);
5253

53-
private static final List<String> INVALID_ITEMS = new ArrayList<>(Arrays.asList("null", "NULL", "Null", null));
54+
private static final Set<String> INVALID_POLICY_ITEM_VALUES = new HashSet<>(Arrays.asList("null", "NULL", "Null", null, ""));
5455

5556
public RangerPolicyValidator(ServiceStore store) {
5657
super(store);
@@ -430,6 +431,14 @@ boolean isValid(RangerPolicy policy, Action action, boolean isAdmin, List<Valida
430431
valid = isValidPolicyItems(policy.getDenyPolicyItems(), failures, serviceDef) && valid;
431432
valid = isValidPolicyItems(policy.getAllowExceptions(), failures, serviceDef) && valid;
432433
valid = isValidPolicyItems(policy.getDenyExceptions(), failures, serviceDef) && valid;
434+
435+
@SuppressWarnings("unchecked")
436+
List<RangerPolicyItem> dataMaskPolicyItems = (List<RangerPolicyItem>) (List<?>) policy.getDataMaskPolicyItems();
437+
valid = isValidPolicyItems(dataMaskPolicyItems, failures, serviceDef) && valid;
438+
439+
@SuppressWarnings("unchecked")
440+
List<RangerPolicyItem> rowFilterPolicyItems = (List<RangerPolicyItem>) (List<?>) policy.getRowFilterPolicyItems();
441+
valid = isValidPolicyItems(rowFilterPolicyItems, failures, serviceDef) && valid;
433442
}
434443
}
435444

@@ -1052,6 +1061,20 @@ boolean isValidPolicyItem(RangerPolicyItem policyItem, List<ValidationFailureDet
10521061
if (policyItem == null) {
10531062
LOG.debug("policy item was null!");
10541063
} else {
1064+
if (policyItem instanceof RangerDataMaskPolicyItem) {
1065+
RangerPolicyItemDataMaskInfo dataMaskInfo = ((RangerDataMaskPolicyItem) policyItem).getDataMaskInfo();
1066+
if (StringUtils.isBlank(dataMaskInfo.getDataMaskType())) {
1067+
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM;
1068+
failures.add(new ValidationFailureDetailsBuilder()
1069+
.field("policy item datamask-type")
1070+
.isMissing()
1071+
.becauseOf(error.getMessage("policy item datamask-type"))
1072+
.errorCode(error.getErrorCode())
1073+
.build());
1074+
1075+
valid = false;
1076+
}
1077+
}
10551078
// access items collection can't be empty (unless delegated admin is true) and should be otherwise valid
10561079
if (CollectionUtils.isEmpty(policyItem.getAccesses())) {
10571080
if (!Boolean.TRUE.equals(policyItem.getDelegateAdmin())) {
@@ -1089,7 +1112,7 @@ boolean isValidPolicyItem(RangerPolicyItem policyItem, List<ValidationFailureDet
10891112
removeDuplicates(policyItem.getGroups());
10901113
removeDuplicates(policyItem.getRoles());
10911114

1092-
if (CollectionUtils.isNotEmpty(policyItem.getUsers()) && CollectionUtils.containsAny(policyItem.getUsers(), INVALID_ITEMS)) {
1115+
if (CollectionUtils.isNotEmpty(policyItem.getUsers()) && CollectionUtils.containsAny(policyItem.getUsers(), INVALID_POLICY_ITEM_VALUES)) {
10931116
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_USER;
10941117

10951118
failures.add(new ValidationFailureDetailsBuilder()
@@ -1102,7 +1125,7 @@ boolean isValidPolicyItem(RangerPolicyItem policyItem, List<ValidationFailureDet
11021125
valid = false;
11031126
}
11041127

1105-
if (CollectionUtils.isNotEmpty(policyItem.getGroups()) && CollectionUtils.containsAny(policyItem.getGroups(), INVALID_ITEMS)) {
1128+
if (CollectionUtils.isNotEmpty(policyItem.getGroups()) && CollectionUtils.containsAny(policyItem.getGroups(), INVALID_POLICY_ITEM_VALUES)) {
11061129
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_GROUP;
11071130

11081131
failures.add(new ValidationFailureDetailsBuilder()
@@ -1115,7 +1138,7 @@ boolean isValidPolicyItem(RangerPolicyItem policyItem, List<ValidationFailureDet
11151138
valid = false;
11161139
}
11171140

1118-
if (CollectionUtils.isNotEmpty(policyItem.getRoles()) && CollectionUtils.containsAny(policyItem.getRoles(), INVALID_ITEMS)) {
1141+
if (CollectionUtils.isNotEmpty(policyItem.getRoles()) && CollectionUtils.containsAny(policyItem.getRoles(), INVALID_POLICY_ITEM_VALUES)) {
11191142
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ROLE;
11201143

11211144
failures.add(new ValidationFailureDetailsBuilder()
@@ -1281,6 +1304,7 @@ private static void removeDuplicates(List<String> values) {
12811304

12821305
HashSet<String> uniqueElements = new HashSet<>();
12831306

1307+
values.replaceAll(e -> e == null ? null : e.trim());
12841308
values.removeIf(e -> !uniqueElements.add(e));
12851309
}
12861310
}

agents-cred/pom.xml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,6 @@
2828
<name>Credential Support</name>
2929
<description>Plugins Common</description>
3030
<properties>
31-
<checkstyle.failOnViolation>true</checkstyle.failOnViolation>
32-
<checkstyle.skip>false</checkstyle.skip>
3331
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
3432
</properties>
3533
<dependencies>

agents-installer/pom.xml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,6 @@
2828
<name>Installer Support Component</name>
2929
<description>Security Plugins Installer</description>
3030
<properties>
31-
<checkstyle.failOnViolation>true</checkstyle.failOnViolation>
32-
<checkstyle.skip>false</checkstyle.skip>
3331
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
3432
</properties>
3533
<dependencies>

credentialbuilder/pom.xml

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,10 +27,6 @@
2727
<packaging>jar</packaging>
2828
<name>Credential Builder</name>
2929
<description>Credential Builder for non-hadoop java codebase</description>
30-
<properties>
31-
<checkstyle.failOnViolation>true</checkstyle.failOnViolation>
32-
<checkstyle.skip>false</checkstyle.skip>
33-
</properties>
3430
<dependencies>
3531
<dependency>
3632
<groupId>com.fasterxml.woodstox</groupId>

dev-support/checkstyle-suppressions.xml

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,69 @@
2525
<suppress files="AuditFileCacheProviderSpool.java" checks="TypeName"/>
2626
<suppress files="AuthzAuditEvent.java" checks="StaticVariableName"/>
2727
<suppress files="buildks.java" checks="TypeName"/>
28+
<suppress files="BaseDao.java" checks="StaticVariableName"/>
29+
<suppress files="ContextUtil.java" checks="HideUtilityClassConstructor"/>
30+
<suppress files="MapUtil.java" checks="HideUtilityClassConstructor"/>
31+
<suppress files="PolicyRefUpdater.java" checks="TypeName"/>
32+
<suppress files="RangerAdminTagEnricher.java" checks="StaticVariableName"/>
33+
<suppress files="RangerCommonEnums.java" checks="HideUtilityClassConstructor"/>
34+
<suppress files="RangerConstants.java" checks="TypeName"/>
2835
<suppress files="RangerRolesUtil.java" checks="TypeName"/>
36+
<suppress files="SearchField.java" checks="TypeName"/>
37+
<suppress files="ServiceDBStore.java" checks="StaticVariableName"/>
38+
<suppress files="ServiceDBStore.java" checks="TypeName"/>
39+
<suppress files="SortField.java" checks="TypeName"/>
2940
<suppress files="SPOOL_FILE_STATUS.java" checks="TypeName"/>
41+
<suppress files="TagDBStore.java" checks="StaticVariableName"/>
42+
<suppress files="TagDBStore.java" checks="TypeName"/>
43+
<suppress files="TimedEventUtil.java" checks="HideUtilityClassConstructor"/>
44+
<suppress files="PatchAssignSecurityZonePersmissionToAdmin_J10026.java" checks="TypeName"/>
45+
<suppress files="PatchAtlasForClassificationResource_J10047" checks="TypeName"/>
46+
<suppress files="PatchForAllServiceDefForPolicyConditionUpdate_J10060" checks="TypeName"/>
47+
<suppress files="PatchForAllServiceDefUpdateForDefaultAuditFilters_J10049" checks="TypeName"/>
48+
<suppress files="PatchForAllServiceDefUpdateForResourceSpecificAccesses_J10012" checks="TypeName"/>
49+
<suppress files="PatchForAtlasAdminAudits_J10043" checks="TypeName"/>
50+
<suppress files="PatchForAtlasResourceAndAccessTypeUpdate_J10016" checks="TypeName"/>
51+
<suppress files="PatchForAtlasServiceDefUpdate_J10013" checks="TypeName"/>
52+
<suppress files="PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034" checks="TypeName"/>
53+
<suppress files="PatchForAtlasToAddTypeRead_J10040" checks="TypeName"/>
54+
<suppress files="PatchForDefaultAuidtFilters_J10050" checks="TypeName"/>
55+
<suppress files="PatchForExternalUserStatusUpdate_J10056" checks="TypeName"/>
56+
<suppress files="PatchForHBaseDefaultPolicyUpdate_J10045" checks="TypeName"/>
57+
<suppress files="PatchForHBaseServiceDefUpdate_J10035" checks="TypeName"/>
58+
<suppress files="PatchForHiveServiceDefUpdate_J10006" checks="TypeName"/>
59+
<suppress files="PatchForHiveServiceDefUpdate_J10007" checks="TypeName"/>
60+
<suppress files="PatchForHiveServiceDefUpdate_J10009" checks="TypeName"/>
61+
<suppress files="PatchForHiveServiceDefUpdate_J10010" checks="TypeName"/>
62+
<suppress files="PatchForHiveServiceDefUpdate_J10017" checks="TypeName"/>
63+
<suppress files="PatchForHiveServiceDefUpdate_J10027" checks="TypeName"/>
64+
<suppress files="PatchForHiveServiceDefUpdate_J10030" checks="TypeName"/>
65+
<suppress files="PatchForKafkaServiceDefUpdate_J10015" checks="TypeName"/>
66+
<suppress files="PatchForKafkaServiceDefUpdate_J10025" checks="TypeName"/>
67+
<suppress files="PatchForKafkaServiceDefUpdate_J10033" checks="TypeName"/>
68+
<suppress files="PatchForMigratingOldRegimePolicyJson_J10046" checks="TypeName"/>
69+
<suppress files="PatchForMigratingRangerServiceResource_J10037" checks="TypeName"/>
70+
<suppress files="PatchForNifiResourceUpdateExclude_J10011" checks="TypeName"/>
71+
<suppress files="PatchForOzoneDefaultPoliciesUpdate_J10044" checks="TypeName"/>
72+
<suppress files="PatchForOzoneServiceDefConfigUpdate_J10051" checks="TypeName"/>
73+
<suppress files="PatchForOzoneServiceDefUpdate_J10041" checks="TypeName"/>
74+
<suppress files="PatchForPrestoToSupportPresto333_J10038" checks="TypeName"/>
75+
<suppress files="PatchForServiceVersionInfo_J10004" checks="TypeName"/>
76+
<suppress files="PatchForSolrSvcDefAndPoliciesUpdate_J10055" checks="TypeName"/>
77+
<suppress files="PatchForSyncSourceUpdate_J10054" checks="TypeName"/>
78+
<suppress files="PatchForTagServiceDefUpdate_J10008" checks="TypeName"/>
79+
<suppress files="PatchForTagServiceDefUpdate_J10028" checks="TypeName"/>
80+
<suppress files="PatchForTrinoSvcDefUpdate_J10062" checks="TypeName"/>
81+
<suppress files="PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063" checks="TypeName"/>
82+
<suppress files="PatchForUpdatingPolicyJson_J10019" checks="TypeName"/>
83+
<suppress files="PatchForUpdatingTagsJson_J10020" checks="TypeName"/>
84+
<suppress files="PatchForXGlobalState_J10036" checks="TypeName"/>
85+
<suppress files="PatchGrantAuditPermissionToKeyRoleUser_J10014" checks="TypeName"/>
86+
<suppress files="PatchMigration_J10002" checks="TypeName"/>
87+
<suppress files="PatchPasswordEncryption_J10001" checks="TypeName"/>
88+
<suppress files="PatchPermissionModel_J10003" checks="TypeName"/>
89+
<suppress files="PatchPreSql_057_ForUpdateToUniqueGUID_J10052" checks="TypeName"/>
90+
<suppress files="PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053" checks="TypeName"/>
91+
<suppress files="PatchSetAccessTypeCategory_J10061" checks="TypeName"/>
92+
<suppress files="PatchTagModulePermission_J10005" checks="TypeName"/>
3093
</suppressions>

embeddedwebserver/pom.xml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,6 @@
2828
<name>Embedded Web Server Invoker</name>
2929
<description>Embedded Web Server Invoker</description>
3030
<properties>
31-
<checkstyle.failOnViolation>true</checkstyle.failOnViolation>
32-
<checkstyle.skip>false</checkstyle.skip>
3331
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
3432
</properties>
3533
<dependencies>

hbase-agent/pom.xml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,6 @@
2828
<name>HBase Security Plugin</name>
2929
<description>HBase Security Plugins</description>
3030
<properties>
31-
<checkstyle.failOnViolation>true</checkstyle.failOnViolation>
32-
<checkstyle.skip>false</checkstyle.skip>
3331
<hbase.jetty.version>9.4.51.v20230217</hbase.jetty.version>
3432
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
3533
</properties>

0 commit comments

Comments
 (0)