This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 9b2284844 RANGER-3970: expression evaluation to use Graal engine when
Nashorn is not available
9b2284844 is described below
commit 9b22848442873b50728c825083b5377d4c56fd6d
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Thu Nov 17 14:17:30 2022 -0800
RANGER-3970: expression evaluation to use Graal engine when Nashorn is not
available
---
agents-common/pom.xml | 12 ++
.../plugin/util/GraalScriptEngineCreator.java | 60 ++++++++++
.../plugin/util/JavaScriptEngineCreator.java | 55 +++++++++
.../plugin/util/NashornScriptEngineCreator.java | 67 +++++++++++
.../ranger/plugin/util/ScriptEngineCreator.java | 26 +++++
.../ranger/plugin/util/ScriptEngineUtil.java | 127 ++++++++++++++-------
.../RangerCustomConditionMatcherTest.java | 32 +++---
pom.xml | 1 +
8 files changed, 321 insertions(+), 59 deletions(-)
diff --git a/agents-common/pom.xml b/agents-common/pom.xml
index 5747ca8a4..97a51fc32 100644
--- a/agents-common/pom.xml
+++ b/agents-common/pom.xml
@@ -153,5 +153,17 @@
<version>${project.version}</version>
<scope>compile</scope>
</dependency>
+ <!-- To be added for JDK15 and above
+ <dependency>
+ <groupId>org.graalvm.js</groupId>
+ <artifactId>js</artifactId>
+ <version>${graalvm.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.graalvm.js</groupId>
+ <artifactId>js-scriptengine</artifactId>
+ <version>${graalvm.version}</version>
+ </dependency>
+ -->
</dependencies>
</project>
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/GraalScriptEngineCreator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/GraalScriptEngineCreator.java
new file mode 100644
index 000000000..10c2de6b3
--- /dev/null
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/GraalScriptEngineCreator.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.script.ScriptContext;
+import javax.script.ScriptEngine;
+import javax.script.ScriptEngineManager;
+
+public class GraalScriptEngineCreator implements ScriptEngineCreator {
+ private static final Logger LOG =
LoggerFactory.getLogger(GraalScriptEngineCreator.class);
+
+ static final String ENGINE_NAME = "graal.js";
+
+ public ScriptEngine getScriptEngine(ClassLoader clsLoader) {
+ ScriptEngine ret = null;
+
+ if (clsLoader == null) {
+ clsLoader = Thread.currentThread().getContextClassLoader();
+ }
+
+ try {
+ ScriptEngineManager mgr = new ScriptEngineManager(clsLoader);
+
+ ret = mgr.getEngineByName(ENGINE_NAME);
+
+ if (ret != null) {
+ // enable script to access Java object passed in bindings,
like 'ctx'
+
ret.getBindings(ScriptContext.ENGINE_SCOPE).put("polyglot.js.allowHostAccess",
Boolean.TRUE);
+ }
+ } catch (Throwable t) {
+ LOG.debug("GraalScriptEngineCreator.getScriptEngine(): failed to
create engine type {}", ENGINE_NAME, t);
+ }
+
+ if (ret == null) {
+ LOG.debug("GraalScriptEngineCreator.getScriptEngine(): failed to
create engine type {}", ENGINE_NAME);
+ }
+
+ return ret;
+ }
+}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/JavaScriptEngineCreator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/JavaScriptEngineCreator.java
new file mode 100644
index 000000000..4a0081579
--- /dev/null
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/JavaScriptEngineCreator.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.script.ScriptEngine;
+import javax.script.ScriptEngineManager;
+
+
+public class JavaScriptEngineCreator implements ScriptEngineCreator {
+ private static final Logger LOG =
LoggerFactory.getLogger(JavaScriptEngineCreator.class);
+
+ static final String ENGINE_NAME = "JavaScript";
+
+ public ScriptEngine getScriptEngine(ClassLoader clsLoader) {
+ ScriptEngine ret = null;
+
+ if (clsLoader == null) {
+ clsLoader = Thread.currentThread().getContextClassLoader();
+ }
+
+ try {
+ ScriptEngineManager mgr = new ScriptEngineManager(clsLoader);
+
+ ret = mgr.getEngineByName(ENGINE_NAME);
+ } catch (Throwable t) {
+ LOG.debug("JavaScriptEngineCreator.getScriptEngine(): failed to
create engine type {}", ENGINE_NAME, t);
+ }
+
+ if (ret == null) {
+ LOG.debug("JavaScriptEngineCreator.getScriptEngine(): failed to
create engine type {}", ENGINE_NAME);
+ }
+
+ return ret;
+ }
+}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/NashornScriptEngineCreator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/NashornScriptEngineCreator.java
new file mode 100644
index 000000000..db620df92
--- /dev/null
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/NashornScriptEngineCreator.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.script.ScriptEngine;
+import jdk.nashorn.api.scripting.ClassFilter;
+import jdk.nashorn.api.scripting.NashornScriptEngineFactory;
+
+public class NashornScriptEngineCreator implements ScriptEngineCreator {
+ private static final Logger LOG =
LoggerFactory.getLogger(NashornScriptEngineCreator.class);
+
+ private static final String[] SCRIPT_ENGINE_ARGS = new String[] {
"--no-java", "--no-syntax-extensions" };
+ private static final String ENGINE_NAME = "NashornScriptEngine";
+
+ @Override
+ public ScriptEngine getScriptEngine(ClassLoader clsLoader) {
+ ScriptEngine ret = null;
+
+ if (clsLoader == null) {
+ clsLoader = Thread.currentThread().getContextClassLoader();
+ }
+
+ try {
+ NashornScriptEngineFactory factory = new
NashornScriptEngineFactory();
+
+ ret = factory.getScriptEngine(SCRIPT_ENGINE_ARGS, clsLoader,
RangerClassFilter.INSTANCE);
+ } catch (Throwable t) {
+ LOG.debug("NashornScriptEngineCreator.getScriptEngine(): failed to
create engine type {}", ENGINE_NAME, t);
+ }
+
+ return ret;
+ }
+
+ private static class RangerClassFilter implements ClassFilter {
+ static final RangerClassFilter INSTANCE = new RangerClassFilter();
+
+ private RangerClassFilter() {
+ }
+
+ @Override
+ public boolean exposeToScripts(String className) {
+ LOG.warn("script blocked: attempt to use Java class {}",
className);
+
+ return false;
+ }
+ }
+}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineCreator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineCreator.java
new file mode 100644
index 000000000..a4a35d313
--- /dev/null
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineCreator.java
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.util;
+
+import javax.script.ScriptEngine;
+
+public interface ScriptEngineCreator {
+ ScriptEngine getScriptEngine(ClassLoader clsLoader);
+}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineUtil.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineUtil.java
index 22617f8b2..8d76c1d81 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineUtil.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineUtil.java
@@ -26,13 +26,13 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.script.ScriptEngine;
-import jdk.nashorn.api.scripting.ClassFilter;
-import jdk.nashorn.api.scripting.NashornScriptEngineFactory;
+
public class ScriptEngineUtil {
private static final Logger LOG =
LoggerFactory.getLogger(RangerScriptConditionEvaluator.class);
- private static final String[] SCRIPT_ENGINE_ARGS = new String[] {
"--no-java", "--no-syntax-extensions" };
+ private static volatile ScriptEngineCreator SCRIPT_ENGINE_CREATOR
= null;
+ private static volatile boolean
SCRIPT_ENGINE_CREATOR_INITIALIZED = false;
// for backward compatibility with any plugin that might use this API
public static ScriptEngine createScriptEngine(String engineName, String
serviceType) {
@@ -48,71 +48,112 @@ public class ScriptEngineUtil {
LOG.debug("==> ScriptEngineUtil.createScriptEngine(serviceType=" +
serviceType + ")");
}
- ScriptEngine ret = getScriptEngine(null);
+ ScriptEngine ret = null;
+ ScriptEngineCreator creator = getScriptEngineCreator(serviceType);
- if (ret != null) {
- LOG.debug("Created script-engine in current class-loader");
- } else {
- LOG.warn("Failed to create script-engine in current class-loader.
Will try plugin-class-loader for service-type:[" + serviceType + "]");
+ if (creator != null) {
+ ret = creator.getScriptEngine(null);
- ClassLoader prevActiveClassLoader = null;
+ if (ret == null) {
+ ClassLoader pluginClsLoader =
getPrevActiveClassLoader(serviceType);
- try {
- RangerPluginClassLoader pluginClassLoader =
RangerPluginClassLoader.getInstance(serviceType, null);
-
- if (pluginClassLoader != null) {
- prevActiveClassLoader =
pluginClassLoader.getPrevActiveClassLoader();
- } else {
- LOG.error("Cannot get script-engine from null
plugin-class-loader");
+ if (pluginClsLoader != null) {
+ ret = creator.getScriptEngine(pluginClsLoader);
}
- } catch (Throwable exp) {
- LOG.error("RangerScriptConditionEvaluator.init() failed", exp);
}
+ } else {
+ LOG.info("createScriptEngine(serviceType={}): no engine creator
found", serviceType);
+ }
- if (prevActiveClassLoader != null) {
- ret = getScriptEngine(prevActiveClassLoader);
- }
+ if (ret == null) {
+ LOG.warn("createScriptEngine(serviceType={}): failed to create
script engine", serviceType);
}
if (LOG.isDebugEnabled()) {
- LOG.debug("<== ScriptEngineUtil.createScriptEngine(serviceType=" +
serviceType + ") : ret=" + ret);
+ LOG.debug("<==
ScriptEngineUtil.createScriptEngine(serviceType={}): ret={}", serviceType, ret);
}
+
return ret;
}
- private static ScriptEngine getScriptEngine(ClassLoader clsLoader) {
- ScriptEngine ret;
+ private static ScriptEngineCreator getScriptEngineCreator(String
serviceType) {
+ boolean isInitialized = SCRIPT_ENGINE_CREATOR_INITIALIZED;
- try {
- final NashornScriptEngineFactory factory = new
NashornScriptEngineFactory();
+ if (!isInitialized) {
+ synchronized (ScriptEngineUtil.class) {
+ isInitialized = SCRIPT_ENGINE_CREATOR_INITIALIZED;
- if (clsLoader == null) {
- clsLoader = Thread.currentThread().getContextClassLoader();
- }
+ if (!isInitialized) {
+ initScriptEngineCreator(serviceType);
+ }
- ret = factory.getScriptEngine(SCRIPT_ENGINE_ARGS, clsLoader,
RangerClassFilter.INSTANCE);
- } catch (Throwable t) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("ScriptEngineUtil.getScriptEngine(clsLoader={}):
failed", clsLoader, t);
+ SCRIPT_ENGINE_CREATOR_INITIALIZED = true;
}
-
- ret = null;
}
- return ret;
+ return SCRIPT_ENGINE_CREATOR;
}
- private static class RangerClassFilter implements ClassFilter {
- static final RangerClassFilter INSTANCE = new RangerClassFilter();
+ private static void initScriptEngineCreator(String serviceType) {
+ String[] engineCreators = new String[] {
"org.apache.ranger.plugin.util.NashornScriptEngineCreator",
+
"org.apache.ranger.plugin.util.GraalScriptEngineCreator",
+
"org.apache.ranger.plugin.util.JavaScriptEngineCreator"
+ };
+
+ for (String creatorClsName : engineCreators) {
+ ScriptEngineCreator creator = null;
+
+ try {
+ Class<ScriptEngineCreator> creatorClass =
(Class<ScriptEngineCreator>) Class.forName(creatorClsName);
+
+ creator = creatorClass.newInstance();
+ } catch (Throwable t) {
+ LOG.warn("initScriptEngineCreator(): failed to instantiate
engine creator {}", creatorClsName, t);
+ }
- private RangerClassFilter() {
+ if (creator == null) {
+ continue;
+ }
+
+ ScriptEngine engine = creator.getScriptEngine(null);
+
+ if (engine == null) {
+ ClassLoader prevActiveClassLoader =
getPrevActiveClassLoader(serviceType);
+
+ if (prevActiveClassLoader != null) {
+ LOG.debug("initScriptEngineCreator(): trying to create
engine using plugin-class-loader for service-type {}", serviceType);
+
+ engine = creator.getScriptEngine(prevActiveClassLoader);
+
+ if (engine == null) {
+ LOG.warn("initScriptEngineCreator(): failed to create
engine using plugin-class-loader by creator {}", creatorClsName);
+ }
+ }
+ }
+
+ if (engine != null) {
+ SCRIPT_ENGINE_CREATOR = creator;
+
+ break;
+ }
}
+ }
+
+ private static ClassLoader getPrevActiveClassLoader(String serviceType) {
+ ClassLoader ret = null;
- @Override
- public boolean exposeToScripts(String className) {
- LOG.warn("script blocked: attempt to use Java class {}",
className);
+ try {
+ RangerPluginClassLoader pluginClassLoader =
RangerPluginClassLoader.getInstance(serviceType, null);
- return false;
+ if (pluginClassLoader != null) {
+ ret = pluginClassLoader.getPrevActiveClassLoader();
+ } else {
+ LOG.debug("Cannot get plugin-class-loader for serviceType {}",
serviceType);
+ }
+ } catch (Throwable excp) {
+ LOG.debug("Failed to get plugin-class-loader for serviceType {}",
serviceType, excp);
}
+
+ return ret;
}
}
diff --git
a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerCustomConditionMatcherTest.java
b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerCustomConditionMatcherTest.java
index 5b9857406..0c5e7fab7 100644
---
a/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerCustomConditionMatcherTest.java
+++
b/agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerCustomConditionMatcherTest.java
@@ -56,13 +56,13 @@ public class RangerCustomConditionMatcherTest {
public void testScriptConditionEvaluator() {
RangerAccessRequest request =
createRequest(Arrays.asList("PCI", "PII"));
- RangerScriptConditionEvaluator resourceDbCondition =
createScriptConditionEvaluator("_ctx.request.resource.database.equals('db1')");
- RangerScriptConditionEvaluator resourceDbCondition2 =
createScriptConditionEvaluator("!_ctx.request.resource.database.equals('db2')");
- RangerScriptConditionEvaluator resourceTblCondition =
createScriptConditionEvaluator("_ctx.request.resource.table.equals('tbl1')");
- RangerScriptConditionEvaluator resourceColCondition =
createScriptConditionEvaluator("_ctx.request.resource.column.equals('col1')");
- RangerScriptConditionEvaluator accessTypeCondition =
createScriptConditionEvaluator("_ctx.request.accessType.equals('select')");
- RangerScriptConditionEvaluator actionCondition =
createScriptConditionEvaluator("_ctx.request.action.equals('query')");
- RangerScriptConditionEvaluator userCondition =
createScriptConditionEvaluator("_ctx.request.user.equals('test-user')");
+ RangerScriptConditionEvaluator resourceDbCondition =
createScriptConditionEvaluator("_ctx.request.resource.database == 'db1'");
+ RangerScriptConditionEvaluator resourceDbCondition2 =
createScriptConditionEvaluator("_ctx.request.resource.database != 'db2'");
+ RangerScriptConditionEvaluator resourceTblCondition =
createScriptConditionEvaluator("_ctx.request.resource.table == 'tbl1'");
+ RangerScriptConditionEvaluator resourceColCondition =
createScriptConditionEvaluator("_ctx.request.resource.column == 'col1'");
+ RangerScriptConditionEvaluator accessTypeCondition =
createScriptConditionEvaluator("_ctx.request.accessType == 'select'");
+ RangerScriptConditionEvaluator actionCondition =
createScriptConditionEvaluator("_ctx.request.action == 'query'");
+ RangerScriptConditionEvaluator userCondition =
createScriptConditionEvaluator("_ctx.request.user == 'test-user'");
RangerScriptConditionEvaluator userGroupsLenCondition =
createScriptConditionEvaluator("_ctx.request.userGroups.length == 2");
RangerScriptConditionEvaluator userGroupsHas1Condition =
createScriptConditionEvaluator("_ctx.request.userGroups.indexOf('test-group1')
!= -1");
RangerScriptConditionEvaluator userGroupsHas2Condition =
createScriptConditionEvaluator("_ctx.request.userGroups.indexOf('test-group2')
!= -1");
@@ -70,17 +70,17 @@ public class RangerCustomConditionMatcherTest {
RangerScriptConditionEvaluator userRolesHas1Condition =
createScriptConditionEvaluator("_ctx.request.userRoles.indexOf('test-role1') !=
-1");
RangerScriptConditionEvaluator userRolesHas2Condition =
createScriptConditionEvaluator("_ctx.request.userRoles.indexOf('test-role2') !=
-1");
RangerScriptConditionEvaluator userAttrLenCondition =
createScriptConditionEvaluator("Object.keys(_ctx.request.userAttributes).length
== 3");
- RangerScriptConditionEvaluator userAttr1Condition =
createScriptConditionEvaluator("_ctx.request.userAttributes['attr1'].equals('test-user-value1')");
- RangerScriptConditionEvaluator userAttr2Condition =
createScriptConditionEvaluator("_ctx.request.userAttributes['attr2'].equals('test-user-value2')");
- RangerScriptConditionEvaluator userGroup1Attr1Condition =
createScriptConditionEvaluator("_ctx.request.userGroupAttributes['test-group1']['attr1'].equals('test-group1-value1')");
- RangerScriptConditionEvaluator userGroup1Attr2Condition =
createScriptConditionEvaluator("_ctx.request.userGroupAttributes['test-group1']['attr2'].equals('test-group1-value2')");
- RangerScriptConditionEvaluator userGroup2Attr1Condition =
createScriptConditionEvaluator("_ctx.request.userGroupAttributes['test-group2']['attr1'].equals('test-group2-value1')");
- RangerScriptConditionEvaluator userGroup2Attr2Condition =
createScriptConditionEvaluator("_ctx.request.userGroupAttributes['test-group2']['attr2'].equals('test-group2-value2')");
+ RangerScriptConditionEvaluator userAttr1Condition =
createScriptConditionEvaluator("_ctx.request.userAttributes['attr1'] ==
'test-user-value1'");
+ RangerScriptConditionEvaluator userAttr2Condition =
createScriptConditionEvaluator("_ctx.request.userAttributes['attr2'] ==
'test-user-value2'");
+ RangerScriptConditionEvaluator userGroup1Attr1Condition =
createScriptConditionEvaluator("_ctx.request.userGroupAttributes['test-group1']['attr1']
== 'test-group1-value1'");
+ RangerScriptConditionEvaluator userGroup1Attr2Condition =
createScriptConditionEvaluator("_ctx.request.userGroupAttributes['test-group1']['attr2']
== 'test-group1-value2'");
+ RangerScriptConditionEvaluator userGroup2Attr1Condition =
createScriptConditionEvaluator("_ctx.request.userGroupAttributes['test-group2']['attr1']
== 'test-group2-value1'");
+ RangerScriptConditionEvaluator userGroup2Attr2Condition =
createScriptConditionEvaluator("_ctx.request.userGroupAttributes['test-group2']['attr2']
== 'test-group2-value2'");
RangerScriptConditionEvaluator tagsLengthCondition =
createScriptConditionEvaluator("Object.keys(_ctx.tags).length == 2");
- RangerScriptConditionEvaluator tagTypeCondition =
createScriptConditionEvaluator("_ctx.tag._type.equals('PCI')");
- RangerScriptConditionEvaluator tagAttributesCondition =
createScriptConditionEvaluator("_ctx.tag.attr1.equals('PCI_value')");
+ RangerScriptConditionEvaluator tagTypeCondition =
createScriptConditionEvaluator("_ctx.tag._type == 'PCI'");
+ RangerScriptConditionEvaluator tagAttributesCondition =
createScriptConditionEvaluator("_ctx.tag.attr1 == 'PCI_value'");
RangerScriptConditionEvaluator tagsTypeCondition =
createScriptConditionEvaluator("_ctx.tags['PII']._type == 'PII' &&
_ctx.tags['PCI']._type == 'PCI'");
- RangerScriptConditionEvaluator tagsAttributesCondition =
createScriptConditionEvaluator("_ctx.tags['PII'].attr1.equals('PII_value') &&
_ctx.tags['PCI'].attr1.equals('PCI_value')");
+ RangerScriptConditionEvaluator tagsAttributesCondition =
createScriptConditionEvaluator("_ctx.tags['PII'].attr1 == 'PII_value' &&
_ctx.tags['PCI'].attr1 == 'PCI_value'");
Assert.assertTrue("request.resource.database should be db1",
resourceDbCondition.isMatched(request));
Assert.assertTrue("request.resource.database should not be
db2", resourceDbCondition2.isMatched(request));
diff --git a/pom.xml b/pom.xml
index 56531b253..bcb93ed74 100644
--- a/pom.xml
+++ b/pom.xml
@@ -118,6 +118,7 @@
<spotbugs.plugin.version>4.5.0.0</spotbugs.plugin.version>
<google.guava.version>27.0-jre</google.guava.version>
<googlecode.log4jdbc.version>1.2</googlecode.log4jdbc.version>
+ <graalvm.version>22.3.0</graalvm.version>
<gson.version>2.9.0</gson.version>
<guice.version>4.0</guice.version>
<hadoop.version>3.3.0</hadoop.version>
