Skip to content

RANGER-5447: update local policy source implementations to support loading from serviceName.json #802

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mneethiraj wants to merge 2 commits into
base: master
Choose a base branch
from
+476 −123
Open

RANGER-5447: update local policy source implementations to support loading from serviceName.json #802

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
02cf8b7
RANGER-5447: update local policy source implementations to support lo…
mneethiraj Jan 14, 2026
7e199b5
add license text to new files added in the patch
mneethiraj Jan 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
142 changes: 67 additions & 75 deletions agents-common/src/main/java/org/apache/ranger/admin/client/EmbeddedResourcePolicySource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

package org.apache.ranger.admin.client;

import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.plugin.util.JsonUtilsV2;
import org.apache.ranger.plugin.util.RangerRoles;
Expand All @@ -33,145 +34,136 @@
import java.io.InputStreamReader;

// this implementation loads policies, roles, tags, userstore and gds info from embedded resources at following paths:
// {resource-path}/{appId}_{serviceName}.json -> policies
// {resource-path}/{appId}_{serviceName}_roles.json -> roles
// {resource-path}/{appId}_{serviceName}_tag.json -> tags
// {resource-path}/{appId}_{serviceName}_userstore.json -> userstore
// {resource-path}/{appId}_{serviceName}_gds.json -> gds info
public class EmbeddedResourcePolicySource extends AbstractRangerAdminClient {
// policies: {resource-path}/{serviceName}.json or {resource-path}/{appId}_{serviceName}.json
// roles: {resource-path}/{serviceName}_roles.json or {resource-path}/{appId}_{serviceName}_roles.json
// tags: {resource-path}/{serviceName}_tag.json or {resource-path}/{appId}_{serviceName}_tag.json
// userstore: {resource-path}/{serviceName}_userstore.json or {resource-path}/{appId}_{serviceName}_userstore.json
// gds: {resource-path}/{serviceName}_gds.json or {resource-path}/{appId}_{serviceName}_gds.json
public class EmbeddedResourcePolicySource extends RangerPolicySource {
private static final Logger LOG = LoggerFactory.getLogger(EmbeddedResourcePolicySource.class);

private String prefix;
private String prefixWithAppId;

private ServicePolicies policies;
private RangerRoles roles;
private ServiceTags tags;
private RangerUserStore userStore;
private ServiceGdsInfo gdsInfo;

private String policiesPath;
private String rolesPath;
private String tagsPath;
private String userStorePath;
private String gdsInfoPath;

@Override
public void init(String serviceName, String appId, String configPropertyPrefix, Configuration config) {
super.init(serviceName, appId, configPropertyPrefix, config);

String directory = config.get(configPropertyPrefix + ".policy.source.embedded_resource.path");
String pathPrefix = (directory == null ? "" : directory) + "/" + appId + "_" + serviceName;
String directory = config.get(configPropertyPrefix + ".policy.source.embedded_resource.path");

if (!pathPrefix.startsWith("/")) {
pathPrefix = "/" + pathPrefix;
if (StringUtils.isBlank(directory)) {
directory = "/";
} else if (!directory.endsWith("/")) {
directory += "/";
}

this.policiesPath = pathPrefix + ".json";
this.rolesPath = pathPrefix + "_roles.json";
this.tagsPath = pathPrefix + "_tag.json";
this.userStorePath = pathPrefix + "_userstore.json";
this.gdsInfoPath = pathPrefix + "_gds.json";
prefix = directory + serviceName;
prefixWithAppId = StringUtils.isBlank(appId) ? null : (directory + appId + "_" + serviceName);
}

@Override
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) {
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
loadPolicies();

return (lastKnownVersion == -1 || policies == null || policies.getPolicyVersion() == null || !policies.getPolicyVersion().equals(lastKnownVersion)) ? policies : null;
}

@Override
public RangerRoles getRolesIfUpdated(long lastKnownVersion, long lastActivationTimeInMills) {
public RangerRoles getRolesIfUpdated(long lastKnownVersion, long lastActivationTimeInMills) throws Exception {
loadRoles();

return (lastKnownVersion == -1 || roles == null || roles.getRoleVersion() == null || !roles.getRoleVersion().equals(lastKnownVersion)) ? roles : null; }

@Override
public ServiceTags getServiceTagsIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) {
public ServiceTags getServiceTagsIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
loadTags();

return (lastKnownVersion == -1 || tags == null || tags.getTagVersion() == null || !tags.getTagVersion().equals(lastKnownVersion)) ? tags : null;
}

@Override
public RangerUserStore getUserStoreIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) {
public RangerUserStore getUserStoreIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
loadUserStore();

return (lastKnownVersion == -1 || userStore == null || userStore.getUserStoreVersion() == null || !userStore.getUserStoreVersion().equals(lastKnownVersion)) ? userStore : null;
}

@Override
public ServiceGdsInfo getGdsInfoIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) {
public ServiceGdsInfo getGdsInfoIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
loadGdsInfo();

return (lastKnownVersion == -1 || gdsInfo == null || gdsInfo.getGdsVersion() == null || !gdsInfo.getGdsVersion().equals(lastKnownVersion)) ? gdsInfo : null;
}

private void loadPolicies() {
private void loadPolicies() throws Exception {
if (policies == null) {
try {
InputStream input = getClass().getResourceAsStream(policiesPath);

if (input != null) {
policies = gson.fromJson(new InputStreamReader(input), ServicePolicies.class);
}
} catch (Throwable t) {
LOG.error("loadPolicies(): failed to load policies from {}", policiesPath, t);
}
InputStream input = getResourceStream(SUFFIX_POLICIES_FILE);

policies = gson.fromJson(new InputStreamReader(input), ServicePolicies.class);
}
}

private void loadRoles() {
private void loadRoles() throws Exception {
if (roles == null) {
try {
InputStream input = getClass().getResourceAsStream(rolesPath);

if (input != null) {
roles = gson.fromJson(new InputStreamReader(input), RangerRoles.class);
}
} catch (Throwable t) {
LOG.error("loadRoles(): failed to load roles from {}", rolesPath, t);
}
InputStream input = getResourceStream(SUFFIX_ROLES_FILE);

roles = gson.fromJson(new InputStreamReader(input), RangerRoles.class);
}
}

private void loadUserStore() {
private void loadUserStore() throws Exception {
if (userStore == null) {
try {
InputStream input = getClass().getResourceAsStream(userStorePath);

if (input != null) {
userStore = gson.fromJson(new InputStreamReader(input), RangerUserStore.class);
}
} catch (Throwable t) {
LOG.error("loadUserStore(): failed to load userstore from {}", userStorePath, t);
}
InputStream input = getResourceStream(SUFFIX_USERSTORE_FILE);

userStore = gson.fromJson(new InputStreamReader(input), RangerUserStore.class);
}
}

private void loadTags() {
private void loadTags() throws Exception {
if (tags == null) {
try {
InputStream input = getClass().getResourceAsStream(tagsPath);

if (input != null) {
tags = gson.fromJson(new InputStreamReader(input), ServiceTags.class);
}
} catch (Throwable t) {
LOG.error("loadTags(): failed to load tags from {}", tagsPath, t);
}
InputStream input = getResourceStream(SUFFIX_TAG_FILE);

tags = gson.fromJson(new InputStreamReader(input), ServiceTags.class);
}
}

private void loadGdsInfo() {
private void loadGdsInfo() throws Exception {
if (gdsInfo == null) {
try {
InputStream input = getClass().getResourceAsStream(gdsInfoPath);

if (input != null) {
gdsInfo = JsonUtilsV2.readValue(new InputStreamReader(input), ServiceGdsInfo.class);
}
} catch (Throwable t) {
LOG.error("loadGdsInfo(): failed to load gdsInfo from {}", gdsInfoPath, t);
InputStream input = getResourceStream(SUFFIX_GDS_FILE);

gdsInfo = JsonUtilsV2.readValue(new InputStreamReader(input), ServiceGdsInfo.class);
}
}

private InputStream getResourceStream(String suffix) throws Exception {
if (StringUtils.isBlank(prefix)) {
throw new Exception(EmbeddedResourcePolicySource.class.getName() + ": not initialized");
}

try {
InputStream src = getClass().getResourceAsStream(prefix + suffix);

if (src == null && StringUtils.isNotBlank(prefixWithAppId)) {
src = getClass().getResourceAsStream(prefixWithAppId + suffix);
}

if (src == null) {
LOG.error("{}{}: resource not found", prefix, suffix);

throw new Exception(prefix + suffix + ": resource not found");
}

return src;
} catch (Exception excp) {
LOG.error("{}{}: resource not found", prefix, suffix, excp);

throw new Exception(prefix + suffix + ": resource not found", excp);
}
}
}
105 changes: 57 additions & 48 deletions agents-common/src/main/java/org/apache/ranger/admin/client/LocalFolderPolicySource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,53 +19,58 @@

package org.apache.ranger.admin.client;

import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.plugin.util.JsonUtilsV2;
import org.apache.ranger.plugin.util.RangerRoles;
import org.apache.ranger.plugin.util.RangerUserStore;
import org.apache.ranger.plugin.util.ServiceGdsInfo;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.ServiceTags;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.io.File;
import java.io.FileReader;

// this implementation loads policies, roles, tags, userstore and gds info from the given local filesystem paths:
// {path}/{appId}_{serviceName}.json -> policies
// {path}/{appId}_{serviceName}_roles.json -> roles
// {path}/{appId}_{serviceName}_tag.json -> tags
// {path}/{appId}_{serviceName}_userstore.json -> userstore
// {path}/{appId}_{serviceName}_gds.json -> gds info
public class LocalFolderPolicySource extends AbstractRangerAdminClient {
// policies: {path}/{serviceName}.json or {path}/{appId}_{serviceName}.json
// roles: {path}/{serviceName}_roles.json or {path}/{appId}_{serviceName}_roles.json
// tags: {path}/{serviceName}_tag.json or {path}/{appId}_{serviceName}_tag.json
// userstore: {path}/{serviceName}_userstore.json or {path}/{appId}_{serviceName}_userstore.json
// gds: {path}/{serviceName}_gds.json or {path}/{appId}_{serviceName}_gds.json
public class LocalFolderPolicySource extends RangerPolicySource {
private static final Logger LOG = LoggerFactory.getLogger(LocalFolderPolicySource.class);

private String prefix;
private String prefixWithAppId;

private ServicePolicies policies;
private RangerRoles roles;
private RangerUserStore userStore;
private ServiceTags tags;
private ServiceGdsInfo gdsInfo;

private String policiesPath;
private String rolesPath;
private String userStorePath;
private String tagsPath;
private String gdsInfoPath;
private long lastPoliciesFileModifiedTime = -1;
private long lastRolesFileModifiedTime = -1;
private long lastUserStoreFileModifiedTime = -1;
private long lastTagsFileModifiedTime = -1;
private long lastGdsInfoFileModifiedTime = -1;
private long lastPoliciesFileModifiedTime = -1;
private long lastRolesFileModifiedTime = -1;
private long lastUserStoreFileModifiedTime = -1;
private long lastTagsFileModifiedTime = -1;
private long lastGdsInfoFileModifiedTime = -1;

@Override
public void init(String serviceName, String appId, String configPropertyPrefix, Configuration config) {
super.init(serviceName, appId, configPropertyPrefix, config);

String directory = config.get(configPropertyPrefix + ".policy.source.local_folder.path");
String pathPrefix = (directory == null ? "" : directory) + File.separator + appId + "_" + serviceName;
String directory = config.get(configPropertyPrefix + ".policy.source.local_folder.path");

if (StringUtils.isBlank(directory)) {
directory = "";
} else if (!directory.endsWith(File.separator)) {
directory += File.separator;
}

this.policiesPath = pathPrefix + ".json";
this.rolesPath = pathPrefix + "_roles.json";
this.userStorePath = pathPrefix + "_userstore.json";
this.tagsPath = pathPrefix + "_tag.json";
this.gdsInfoPath = pathPrefix + "_gds.json";
prefix = directory + serviceName;
prefixWithAppId = StringUtils.isBlank(appId) ? null : (directory + appId + "_" + serviceName);
}

@Override
Expand Down Expand Up @@ -104,11 +109,7 @@ public ServiceGdsInfo getGdsInfoIfUpdated(long lastKnownVersion, long lastActiva
}

private void loadPolicies() throws Exception {
File srcFile = new File(policiesPath);

if (!srcFile.exists() || !srcFile.canRead()) {
throw new Exception(policiesPath + ": policies file not found or not readable");
}
File srcFile = getSourceFile(SUFFIX_POLICIES_FILE);

if (policies == null || srcFile.lastModified() != lastPoliciesFileModifiedTime) {
try (FileReader reader = new FileReader(srcFile)) {
Expand All @@ -120,11 +121,7 @@ private void loadPolicies() throws Exception {
}

private void loadRoles() throws Exception {
File srcFile = new File(rolesPath);

if (!srcFile.exists() || !srcFile.canRead()) {
throw new Exception(rolesPath + ": roles file not found or not readable");
}
File srcFile = getSourceFile(SUFFIX_ROLES_FILE);

if (roles == null || srcFile.lastModified() != lastRolesFileModifiedTime) {
try (FileReader reader = new FileReader(srcFile)) {
Expand All @@ -136,11 +133,7 @@ private void loadRoles() throws Exception {
}

private void loadTags() throws Exception {
File srcFile = new File(tagsPath);

if (!srcFile.exists() || !srcFile.canRead()) {
throw new Exception(tagsPath + ": tags file not found or not readable");
}
File srcFile = getSourceFile(SUFFIX_TAG_FILE);

if (tags == null || srcFile.lastModified() != lastTagsFileModifiedTime) {
try (FileReader reader = new FileReader(srcFile)) {
Expand All @@ -152,11 +145,7 @@ private void loadTags() throws Exception {
}

private void loadUserStore() throws Exception {
File srcFile = new File(userStorePath);

if (!srcFile.exists() || !srcFile.canRead()) {
throw new Exception(userStorePath + ": userStore file not found or not readable");
}
File srcFile = getSourceFile(SUFFIX_USERSTORE_FILE);

if (userStore == null || srcFile.lastModified() != lastUserStoreFileModifiedTime) {
try (FileReader reader = new FileReader(srcFile)) {
Expand All @@ -168,11 +157,7 @@ private void loadUserStore() throws Exception {
}

private void loadGdsInfo() throws Exception {
File srcFile = new File(gdsInfoPath);

if (!srcFile.exists() || !srcFile.canRead()) {
throw new Exception(gdsInfoPath + ": gdsInfo file not found or not readable");
}
File srcFile = getSourceFile(SUFFIX_GDS_FILE);

if (gdsInfo == null || srcFile.lastModified() != lastGdsInfoFileModifiedTime) {
try (FileReader reader = new FileReader(srcFile)) {
Expand All @@ -182,4 +167,28 @@ private void loadGdsInfo() throws Exception {
}
}
}

private File getSourceFile(String suffix) throws Exception {
if (StringUtils.isBlank(prefix)) {
throw new Exception(LocalFolderPolicySource.class.getName() + ": not initialized");
}

File src = new File(prefix + suffix);
boolean isReadable = src.exists() && src.canRead();

if (!isReadable) {
if (StringUtils.isNotBlank(prefixWithAppId)) {
src = new File(prefixWithAppId + suffix);
isReadable = src.exists() && src.canRead();
}
}

if (!isReadable) {
LOG.error("{}{}: file not found or not readable", prefix, suffix);

throw new Exception(prefix + suffix + ": file not found or not readable");
}

return src;
}
}
Loading
Loading