Java Code Examples for org.apache.ranger.plugin.model.RangerPolicy#getAllowExceptions()

The following examples show how to use org.apache.ranger.plugin.model.RangerPolicy#getAllowExceptions() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ServiceRESTUtil.java    From ranger with Apache License 2.0 5 votes vote down vote up 
static private void combinePolicy(RangerPolicy existingPolicy, RangerPolicy appliedPolicy) {

		List<RangerPolicy.RangerPolicyItem> appliedPolicyItems;

		// Combine allow policy-items
		appliedPolicyItems = appliedPolicy.getPolicyItems();
		if (CollectionUtils.isNotEmpty(appliedPolicyItems)) {
			existingPolicy.getPolicyItems().addAll(appliedPolicyItems);
		}

		// Combine deny policy-items
		appliedPolicyItems = appliedPolicy.getDenyPolicyItems();
		if (CollectionUtils.isNotEmpty(appliedPolicyItems)) {
			existingPolicy.getDenyPolicyItems().addAll(appliedPolicyItems);
		}

		// Combine allow-exception policy-items
		appliedPolicyItems = appliedPolicy.getAllowExceptions();
		if (CollectionUtils.isNotEmpty(appliedPolicyItems)) {
			existingPolicy.getAllowExceptions().addAll(appliedPolicyItems);
		}

		// Combine deny-exception policy-items
		appliedPolicyItems = appliedPolicy.getDenyExceptions();
		if (CollectionUtils.isNotEmpty(appliedPolicyItems)) {
			existingPolicy.getDenyExceptions().addAll(appliedPolicyItems);
		}

	}
Example 2
Source File: RangerDefaultPolicyEvaluator.java    From ranger with Apache License 2.0 5 votes vote down vote up 
private List<RangerPolicyItemEvaluator> createPolicyItemEvaluators(RangerPolicy policy, RangerServiceDef serviceDef, RangerPolicyEngineOptions options, int policyItemType) {
	List<RangerPolicyItemEvaluator> ret         = null;
	List<RangerPolicyItem>          policyItems = null;

	if(isPolicyItemTypeEnabled(serviceDef, policyItemType)) {
		if (policyItemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW) {
			policyItems = policy.getPolicyItems();
		} else if (policyItemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY) {
			policyItems = policy.getDenyPolicyItems();
		} else if (policyItemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS) {
			policyItems = policy.getAllowExceptions();
		} else if (policyItemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS) {
			policyItems = policy.getDenyExceptions();
		}
	}

	if(CollectionUtils.isNotEmpty(policyItems)) {
		ret = new ArrayList<>();

		int policyItemCounter = 1;

		for(RangerPolicyItem policyItem : policyItems) {
			RangerPolicyItemEvaluator itemEvaluator = new RangerDefaultPolicyItemEvaluator(serviceDef, policy, policyItem, policyItemType, policyItemCounter++, options);

			itemEvaluator.init();

			ret.add(itemEvaluator);

			if(CollectionUtils.isNotEmpty(itemEvaluator.getConditionEvaluators())) {
				customConditionsCount += itemEvaluator.getConditionEvaluators().size();
			}
		}
	} else {
		ret = Collections.<RangerPolicyItemEvaluator>emptyList();
	}

	return ret;
}
Example 3
Source File: ServiceRESTUtil.java    From ranger with Apache License 2.0 4 votes vote down vote up 
static private void processApplyPolicyForItemType(RangerPolicy existingPolicy, RangerPolicy appliedPolicy, POLICYITEM_TYPE policyItemType) {
	if (LOG.isDebugEnabled()) {
		LOG.debug("==> ServiceRESTUtil.processApplyPolicyForItemType()");
	}

	List<RangerPolicy.RangerPolicyItem> appliedPolicyItems = null;

	switch (policyItemType) {
		case ALLOW:
			appliedPolicyItems = appliedPolicy.getPolicyItems();
			break;
		case DENY:
			appliedPolicyItems = appliedPolicy.getDenyPolicyItems();
			break;
		case ALLOW_EXCEPTIONS:
			appliedPolicyItems = appliedPolicy.getAllowExceptions();
			break;
		case DENY_EXCEPTIONS:
			appliedPolicyItems = appliedPolicy.getDenyExceptions();
			break;
		default:
			LOG.warn("processApplyPolicyForItemType(): invalid policyItemType=" + policyItemType);
	}

	if (CollectionUtils.isNotEmpty(appliedPolicyItems)) {

		Set<String> users = new HashSet<String>();
		Set<String> groups = new HashSet<String>();
		Set<String> roles = new HashSet<String>();

		Map<String, RangerPolicy.RangerPolicyItem[]> userPolicyItems = new HashMap<String, RangerPolicy.RangerPolicyItem[]>();
		Map<String, RangerPolicy.RangerPolicyItem[]> groupPolicyItems = new HashMap<String, RangerPolicy.RangerPolicyItem[]>();
		Map<String, RangerPolicy.RangerPolicyItem[]> rolePolicyItems = new HashMap<String, RangerPolicy.RangerPolicyItem[]>();

		// Extract users, groups, and roles specified in appliedPolicy items
		extractUsersGroupsAndRoles(appliedPolicyItems, users, groups, roles);

		// Split existing policyItems for users, groups, and roles extracted from appliedPolicyItem into userPolicyItems, groupPolicyItems, and rolePolicyItems
		splitExistingPolicyItems(existingPolicy, users, userPolicyItems, groups, groupPolicyItems, roles, rolePolicyItems);

		// Apply policyItems of given type in appliedPolicy to policyItems extracted from existingPolicy
		applyPolicyItems(appliedPolicyItems, policyItemType, userPolicyItems, groupPolicyItems, rolePolicyItems);

		// Add modified/new policyItems back to existing policy
		mergeProcessedPolicyItems(existingPolicy, userPolicyItems, groupPolicyItems, rolePolicyItems);

		compactPolicy(existingPolicy);
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== ServiceRESTUtil.processApplyPolicyForItemType()");
	}
}
Example 4
Source File: ServiceRESTUtil.java    From ranger with Apache License 2.0 4 votes vote down vote up 
static private void mergeExactMatchPolicyForItemType(RangerPolicy existingPolicy, RangerPolicy appliedPolicy, POLICYITEM_TYPE policyItemType) {
	if (LOG.isDebugEnabled()) {
		LOG.debug("==> ServiceRESTUtil.mergeExactMatchPolicyForItemType()");
	}
	List<RangerPolicy.RangerPolicyItem> appliedPolicyItems = null;
	switch (policyItemType) {
		case ALLOW:
			appliedPolicyItems = appliedPolicy.getPolicyItems();
			break;
		case DENY:
			appliedPolicyItems = appliedPolicy.getDenyPolicyItems();
			break;
		case ALLOW_EXCEPTIONS:
			appliedPolicyItems = appliedPolicy.getAllowExceptions();
			break;
		case DENY_EXCEPTIONS:
			appliedPolicyItems = appliedPolicy.getDenyExceptions();
			break;
		default:
			LOG.warn("mergeExactMatchPolicyForItemType(): invalid policyItemType=" + policyItemType);
	}

	if (CollectionUtils.isNotEmpty(appliedPolicyItems)) {

		Set<String> users = new HashSet<String>();
		Set<String> groups = new HashSet<String>();
		Set<String> roles = new HashSet<String>();

		Map<String, RangerPolicy.RangerPolicyItem[]> userPolicyItems = new HashMap<String, RangerPolicy.RangerPolicyItem[]>();
		Map<String, RangerPolicy.RangerPolicyItem[]> groupPolicyItems = new HashMap<String, RangerPolicy.RangerPolicyItem[]>();
		Map<String, RangerPolicy.RangerPolicyItem[]> rolePolicyItems = new HashMap<String, RangerPolicy.RangerPolicyItem[]>();

		// Extract users and groups specified in appliedPolicy items
		extractUsersGroupsAndRoles(appliedPolicyItems, users, groups, roles);

		// Split existing policyItems for users and groups extracted from appliedPolicyItem into userPolicyItems and groupPolicyItems
		splitExistingPolicyItems(existingPolicy, users, userPolicyItems, groups, groupPolicyItems, roles, rolePolicyItems);
		// Apply policyItems of given type in appliedPlicy to policyItems extracted from existingPolicy
		mergePolicyItems(appliedPolicyItems, policyItemType, userPolicyItems, groupPolicyItems, rolePolicyItems);
		// Add modified/new policyItems back to existing policy
		mergeProcessedPolicyItems(existingPolicy, userPolicyItems, groupPolicyItems, rolePolicyItems);
		compactPolicy(existingPolicy);
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== ServiceRESTUtil.mergeExactMatchPolicyForItemType()");
	}
}