From 710e7c763e8deebc24b7d8109fe8ef17618f0651 Mon Sep 17 00:00:00 2001 From: Madhan Neethiraj Date: Tue, 28 Jun 2022 10:31:02 -0700 Subject: [PATCH] RANGER-3796: plugin capabilities entry added for multiple resource sets in a policy - #2 --- .../apache/ranger/plugin/util/RangerPluginCapability.java | 5 ++++- .../policyengine/plugin/test_plugin_capability.json | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPluginCapability.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPluginCapability.java index bac6e266a8..a73778a59b 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPluginCapability.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPluginCapability.java @@ -47,6 +47,8 @@ public class RangerPluginCapability { - Super-user permission - UserStore download - Audit-policies + - User/group/tag attributes in policy + - additional resources in policy */ private final long pluginCapabilities; private static final String baseRangerCapabilities = computeBaseCapabilities(); @@ -70,7 +72,8 @@ public enum RangerPluginFeature { RANGER_PLUGIN_CAPABILITY_SUPERUSER_PERMISSIONS("Super-user Permissions"), RANGER_PLUGIN_CAPABILITY_USERSTORE_DOWNLOAD("UserStore Download"), RANGER_PLUGIN_CAPABILITY_AUDIT_POLICY("Audit Policy"), - RANGER_PLUGIN_CAPABILITY_UGT_ATTRIBUTES_IN_POLICY("User/group/tag attributes in policy"); + RANGER_PLUGIN_CAPABILITY_UGT_ATTRIBUTES_IN_POLICY("User/group/tag attributes in policy"), + RANGER_PLUGIN_CAPABILITY_ADDITIONAL_RESOURCES_IN_POLICY("additional resources in policy"); private final String name; RangerPluginFeature(String name) { diff --git a/agents-common/src/test/resources/policyengine/plugin/test_plugin_capability.json b/agents-common/src/test/resources/policyengine/plugin/test_plugin_capability.json index f503c23503..31515a1f4e 100644 --- a/agents-common/src/test/resources/policyengine/plugin/test_plugin_capability.json +++ b/agents-common/src/test/resources/policyengine/plugin/test_plugin_capability.json @@ -21,14 +21,14 @@ { "name": "Using all existing capabilities", "myCapabilities": [], - "otherCapabilities": ["RANGER_PLUGIN_CAPABILITY_TAG_POLICIES","RANGER_PLUGIN_CAPABILITY_MASKING_AND_ROW_FILTERING", "RANGER_PLUGIN_CAPABILITY_MACROS", "RANGER_PLUGIN_CAPABILITY_AUDIT_MODE", "RANGER_PLUGIN_CAPABILITY_RESOURCE_IS_VALID_LEAF", "RANGER_PLUGIN_CAPABILITY_VALIDITY_PERIOD", "RANGER_PLUGIN_CAPABILITY_POLICY_PRIORITY","RANGER_PLUGIN_CAPABILITY_SECURITY_ZONE","RANGER_PLUGIN_CAPABILITY_POLICY_LEVEL_CONDITION", "RANGER_PLUGIN_CAPABILITY_DENY_ALL_ELSE_POLICY","RANGER_PLUGIN_CAPABILITY_ROLE", "RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER", "RANGER_PLUGIN_CAPABILITY_AUDIT_EXCLUDED_USERS", "RANGER_PLUGIN_CAPABILITY_CHAINED_PLUGINS", "RANGER_PLUGIN_CAPABILITY_SUPERUSER_PERMISSIONS", "RANGER_PLUGIN_CAPABILITY_USERSTORE_DOWNLOAD", "RANGER_PLUGIN_CAPABILITY_AUDIT_POLICY", "RANGER_PLUGIN_CAPABILITY_UGT_ATTRIBUTES_IN_POLICY"], + "otherCapabilities": ["RANGER_PLUGIN_CAPABILITY_TAG_POLICIES","RANGER_PLUGIN_CAPABILITY_MASKING_AND_ROW_FILTERING", "RANGER_PLUGIN_CAPABILITY_MACROS", "RANGER_PLUGIN_CAPABILITY_AUDIT_MODE", "RANGER_PLUGIN_CAPABILITY_RESOURCE_IS_VALID_LEAF", "RANGER_PLUGIN_CAPABILITY_VALIDITY_PERIOD", "RANGER_PLUGIN_CAPABILITY_POLICY_PRIORITY","RANGER_PLUGIN_CAPABILITY_SECURITY_ZONE","RANGER_PLUGIN_CAPABILITY_POLICY_LEVEL_CONDITION", "RANGER_PLUGIN_CAPABILITY_DENY_ALL_ELSE_POLICY","RANGER_PLUGIN_CAPABILITY_ROLE", "RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER", "RANGER_PLUGIN_CAPABILITY_AUDIT_EXCLUDED_USERS", "RANGER_PLUGIN_CAPABILITY_CHAINED_PLUGINS", "RANGER_PLUGIN_CAPABILITY_SUPERUSER_PERMISSIONS", "RANGER_PLUGIN_CAPABILITY_USERSTORE_DOWNLOAD", "RANGER_PLUGIN_CAPABILITY_AUDIT_POLICY", "RANGER_PLUGIN_CAPABILITY_UGT_ATTRIBUTES_IN_POLICY", "RANGER_PLUGIN_CAPABILITY_ADDITIONAL_RESOURCES_IN_POLICY"], "difference": [] }, { "name": "Using all existing capabilities, other has fewer", "myCapabilities": [], "otherCapabilities": ["RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER","RANGER_PLUGIN_CAPABILITY_MASKING_AND_ROW_FILTERING", "RANGER_PLUGIN_CAPABILITY_MACROS", "RANGER_PLUGIN_CAPABILITY_AUDIT_MODE", "RANGER_PLUGIN_CAPABILITY_RESOURCE_IS_VALID_LEAF", "RANGER_PLUGIN_CAPABILITY_VALIDITY_PERIOD", "RANGER_PLUGIN_CAPABILITY_POLICY_PRIORITY","RANGER_PLUGIN_CAPABILITY_SECURITY_ZONE","RANGER_PLUGIN_CAPABILITY_POLICY_LEVEL_CONDITION", "RANGER_PLUGIN_CAPABILITY_DENY_ALL_ELSE_POLICY","RANGER_PLUGIN_CAPABILITY_ROLE"], - "difference": ["RANGER_PLUGIN_CAPABILITY_TAG_POLICIES", "RANGER_PLUGIN_CAPABILITY_AUDIT_EXCLUDED_USERS", "RANGER_PLUGIN_CAPABILITY_CHAINED_PLUGINS", "RANGER_PLUGIN_CAPABILITY_SUPERUSER_PERMISSIONS", "RANGER_PLUGIN_CAPABILITY_USERSTORE_DOWNLOAD", "RANGER_PLUGIN_CAPABILITY_AUDIT_POLICY", "RANGER_PLUGIN_CAPABILITY_UGT_ATTRIBUTES_IN_POLICY"] + "difference": ["RANGER_PLUGIN_CAPABILITY_TAG_POLICIES", "RANGER_PLUGIN_CAPABILITY_AUDIT_EXCLUDED_USERS", "RANGER_PLUGIN_CAPABILITY_CHAINED_PLUGINS", "RANGER_PLUGIN_CAPABILITY_SUPERUSER_PERMISSIONS", "RANGER_PLUGIN_CAPABILITY_USERSTORE_DOWNLOAD", "RANGER_PLUGIN_CAPABILITY_AUDIT_POLICY", "RANGER_PLUGIN_CAPABILITY_UGT_ATTRIBUTES_IN_POLICY", "RANGER_PLUGIN_CAPABILITY_ADDITIONAL_RESOURCES_IN_POLICY"] } ] } \ No newline at end of file