Java Code Examples for org.apache.ranger.plugin.model.RangerPolicy#RangerPolicyItemAccess
The following examples show how to use
org.apache.ranger.plugin.model.RangerPolicy#RangerPolicyItemAccess .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RangerServiceHBase.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceHbase.getDefaultRangerPolicies()");
}
List<RangerPolicy> ret = super.getDefaultRangerPolicies();
for (RangerPolicy defaultPolicy : ret) {
if (defaultPolicy.getName().contains("all") && StringUtils.isNotBlank(lookUpUser)) {
List<RangerPolicy.RangerPolicyItemAccess> accessListForLookupUser = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_READ));
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_CREATE));
RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
policyItemForLookupUser.setAccesses(accessListForLookupUser);
policyItemForLookupUser.setDelegateAdmin(false);
defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceHbase.getDefaultRangerPolicies()");
}
return ret;
}
Example 2
| Source File: RangerBaseService.java From ranger with Apache License 2.0 | 6 votes |
|
protected List<RangerPolicy.RangerPolicyItemAccess> getAllowedAccesses(Map<String, RangerPolicy.RangerPolicyResource> policyResources) {
List<RangerPolicy.RangerPolicyItemAccess> ret = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
RangerServiceDef.RangerResourceDef leafResourceDef = ServiceDefUtil.getLeafResourceDef(serviceDef, policyResources);
if (leafResourceDef != null) {
Set<String> accessTypeRestrictions = leafResourceDef.getAccessTypeRestrictions();
for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : serviceDef.getAccessTypes()) {
boolean isAccessTypeAllowed = CollectionUtils.isEmpty(accessTypeRestrictions) || accessTypeRestrictions.contains(accessTypeDef.getName());
if (isAccessTypeAllowed) {
RangerPolicy.RangerPolicyItemAccess access = new RangerPolicy.RangerPolicyItemAccess();
access.setType(accessTypeDef.getName());
access.setIsAllowed(true);
ret.add(access);
}
}
}
return ret;
}
Example 3
| Source File: RangerBaseService.java From ranger with Apache License 2.0 | 6 votes |
|
private RangerPolicy.RangerPolicyItem createDefaultPolicyItem(Map<String, RangerPolicy.RangerPolicyResource> policyResources) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerBaseService.createDefaultPolicyItem()");
}
RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
policyItem.setUsers(getUserList());
policyItem.setGroups(getGroupList());
List<RangerPolicy.RangerPolicyItemAccess> accesses = getAllowedAccesses(policyResources);
policyItem.setAccesses(accesses);
policyItem.setDelegateAdmin(true);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerBaseService.createDefaultPolicyItem(): " + policyItem );
}
return policyItem;
}
Example 4
| Source File: RangerOptimizedPolicyEvaluator.java From ranger with Apache License 2.0 | 6 votes |
|
private void preprocessPolicyItems(List<? extends RangerPolicy.RangerPolicyItem> policyItems) {
if(CollectionUtils.isNotEmpty(policyItems)) {
for (RangerPolicy.RangerPolicyItem item : policyItems) {
delegateAdmin = delegateAdmin || item.getDelegateAdmin();
List<RangerPolicy.RangerPolicyItemAccess> policyItemAccesses = item.getAccesses();
for(RangerPolicy.RangerPolicyItemAccess policyItemAccess : policyItemAccesses) {
if (policyItemAccess.getIsAllowed()) {
String accessType = policyItemAccess.getType();
accessPerms.add(accessType);
}
}
roles.addAll(item.getRoles());
groups.addAll(item.getGroups());
users.addAll(item.getUsers());
}
}
}
Example 5
| Source File: PatchForKafkaServiceDefUpdate_J10033.java From ranger with Apache License 2.0 | 5 votes |
|
private ArrayList<RangerPolicy.RangerPolicyItemAccess> getPolicyItemAccesses() {
ArrayList<RangerPolicy.RangerPolicyItemAccess> rangerPolicyItemAccesses = new ArrayList<>();
for(String type:getAccessTypes()) {
RangerPolicy.RangerPolicyItemAccess policyItemAccess = new RangerPolicy.RangerPolicyItemAccess();
policyItemAccess.setType(type);
policyItemAccess.setIsAllowed(true);
rangerPolicyItemAccesses.add(policyItemAccess);
}
return rangerPolicyItemAccesses;
}
Example 6
| Source File: RangerServiceKMS.java From ranger with Apache License 2.0 | 5 votes |
|
private RangerPolicy.RangerPolicyItem createDefaultPolicyItem(List<RangerServiceDef.RangerAccessTypeDef> accessTypeDefs, List<String> users) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceTag.createDefaultPolicyItem()");
}
RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
policyItem.setUsers(users);
List<RangerPolicy.RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : accessTypeDefs) {
RangerPolicy.RangerPolicyItemAccess access = new RangerPolicy.RangerPolicyItemAccess();
access.setType(accessTypeDef.getName());
access.setIsAllowed(true);
accesses.add(access);
}
policyItem.setAccesses(accesses);
policyItem.setDelegateAdmin(true);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceTag.createDefaultPolicyItem(): " + policyItem );
}
return policyItem;
}
Example 7
| Source File: PatchForKafkaServiceDefUpdate_J10025.java From ranger with Apache License 2.0 | 5 votes |
|
private ArrayList<RangerPolicy.RangerPolicyItemAccess> getPolicyItemAccesses() {
ArrayList<RangerPolicy.RangerPolicyItemAccess> rangerPolicyItemAccesses = new ArrayList<>();
for(String type:getAccessTypes()) {
RangerPolicy.RangerPolicyItemAccess policyItemAccess = new RangerPolicy.RangerPolicyItemAccess();
policyItemAccess.setType(type);
policyItemAccess.setIsAllowed(true);
rangerPolicyItemAccesses.add(policyItemAccess);
}
return rangerPolicyItemAccesses;
}
Example 8
| Source File: ServiceRESTUtil.java From ranger with Apache License 2.0 | 5 votes |
|
static private boolean addAccesses(RangerPolicy.RangerPolicyItem policyItem, List<RangerPolicy.RangerPolicyItemAccess> accesses) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceRESTUtil.addAccesses()");
}
boolean ret = false;
for (RangerPolicy.RangerPolicyItemAccess access : accesses) {
RangerPolicy.RangerPolicyItemAccess policyItemAccess = null;
String accessType = access.getType();
for (RangerPolicy.RangerPolicyItemAccess itemAccess : policyItem.getAccesses()) {
if (StringUtils.equals(itemAccess.getType(), accessType)) {
policyItemAccess = itemAccess;
break;
}
}
if (policyItemAccess != null) {
if (!policyItemAccess.getIsAllowed()) {
policyItemAccess.setIsAllowed(Boolean.TRUE);
ret = true;
}
} else {
policyItem.getAccesses().add(new RangerPolicy.RangerPolicyItemAccess(accessType, Boolean.TRUE));
ret = true;
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceRESTUtil.addAccesses() " + ret);
}
return ret;
}
Example 9
| Source File: ServiceRESTUtil.java From ranger with Apache License 2.0 | 5 votes |
|
static private boolean removeAccesses(RangerPolicy.RangerPolicyItem policyItem, List<RangerPolicy.RangerPolicyItemAccess> accesses) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceRESTUtil.removeAccesses()");
}
boolean ret = false;
if (policyItem != null) {
for (RangerPolicy.RangerPolicyItemAccess access : accesses) {
String accessType = access.getType();
int numOfAccesses = policyItem.getAccesses().size();
for (int i = 0; i < numOfAccesses; i++) {
RangerPolicy.RangerPolicyItemAccess itemAccess = policyItem.getAccesses().get(i);
if (StringUtils.equals(itemAccess.getType(), accessType)) {
policyItem.getAccesses().remove(i);
numOfAccesses--;
i--;
ret = true;
}
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceRESTUtil.removeAccesses() " + ret);
}
return ret;
}
Example 10
| Source File: RangerHiveAuthorizer.java From ranger with Apache License 2.0 | 5 votes |
|
private HivePrivilegeInfo createHivePrivilegeInfo(HivePrincipal hivePrincipal,
HivePrivilegeObject.HivePrivilegeObjectType objectType,
String dbName,
String objectName,
String columnName,
List<String> partValues,
String aclName,
RangerPolicy policy) {
HivePrivilegeInfo ret = null;
int creationDate = 0;
boolean delegateAdmin = false;
for (RangerPolicy.RangerPolicyItem policyItem : policy.getPolicyItems()) {
List<RangerPolicy.RangerPolicyItemAccess> policyItemAccesses = policyItem.getAccesses();
List<String> users = policyItem.getUsers();
List<String> groups = policyItem.getGroups();
List<String> accessTypes = new ArrayList<>();
for (RangerPolicy.RangerPolicyItemAccess policyItemAccess : policyItemAccesses) {
accessTypes.add(policyItemAccess.getType());
}
if (accessTypes.contains(aclName.toLowerCase()) && (users.contains(hivePrincipal.getName())
|| groups.contains(hivePrincipal.getName()))) {
creationDate = (policy.getCreateTime() == null) ? creationDate : (int) (policy.getCreateTime().getTime()/1000);
delegateAdmin = (policyItem.getDelegateAdmin() == null) ? delegateAdmin : policyItem.getDelegateAdmin().booleanValue();
}
}
HivePrincipal grantorPrincipal = new HivePrincipal(DEFAULT_RANGER_POLICY_GRANTOR, HivePrincipal.HivePrincipalType.USER);
HivePrivilegeObject privilegeObject = new HivePrivilegeObject(objectType, dbName, objectName, partValues, columnName);
HivePrivilege privilege = new HivePrivilege(aclName, null);
ret = new HivePrivilegeInfo(hivePrincipal, privilege, privilegeObject, grantorPrincipal, delegateAdmin, creationDate);
return ret;
}
Example 11
| Source File: RangerServiceOzone.java From ranger with Apache License 2.0 | 5 votes |
|
@Override
public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceOzone.getDefaultRangerPolicies() ");
}
List<RangerPolicy> ret = super.getDefaultRangerPolicies();
for (RangerPolicy defaultPolicy : ret) {
if (defaultPolicy.getName().contains("all") && StringUtils.isNotBlank(lookUpUser)) {
RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
List<RangerPolicy.RangerPolicyItemAccess> accessListForLookupUser = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_READ));
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_WRITE));
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_CREATE));
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_LIST));
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_DELETE));
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_ALL));
policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
policyItemForLookupUser.setAccesses(accessListForLookupUser);
policyItemForLookupUser.setDelegateAdmin(false);
defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceOzone.getDefaultRangerPolicies() : " + ret);
}
return ret;
}
Example 12
| Source File: RangerDefaultPolicyItemEvaluator.java From ranger with Apache License 2.0 | 5 votes |
|
public void init() {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultPolicyItemEvaluator(policyId=" + policyId + ", policyItem=" + policyItem + ", serviceType=" + getServiceType() + ", conditionsDisabled=" + getConditionsDisabledOption() + ")");
}
Set<String> accessPerms = new HashSet<String>();
List<RangerPolicy.RangerPolicyItemAccess> policyItemAccesses = policyItem.getAccesses();
for(RangerPolicy.RangerPolicyItemAccess policyItemAccess : policyItemAccesses) {
if (policyItemAccess.getIsAllowed()) {
accessPerms.add(policyItemAccess.getType());
}
}
hasAllPerms = true;
List<RangerServiceDef.RangerAccessTypeDef> serviceAccessTypes = serviceDef.getAccessTypes();
for (RangerServiceDef.RangerAccessTypeDef serviceAccessType : serviceAccessTypes) {
String serviceAccessTypeName = serviceAccessType.getName();
if (!accessPerms.contains(serviceAccessTypeName)) {
hasAllPerms = false;
break;
}
}
RangerCustomConditionEvaluator rangerCustomConditionEvaluator = new RangerCustomConditionEvaluator();
conditionEvaluators = rangerCustomConditionEvaluator.getPolicyItemConditionEvaluator(policy,policyItem,serviceDef,options,policyItemIndex);
List<String> users = policyItem.getUsers();
this.hasCurrentUser = CollectionUtils.isNotEmpty(users) && users.contains(RangerPolicyEngine.USER_CURRENT);
this.hasResourceOwner = CollectionUtils.isNotEmpty(users) && users.contains(RangerPolicyEngine.RESOURCE_OWNER);
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultPolicyItemEvaluator(policyId=" + policyId + ", conditionsCount=" + getConditionEvaluators().size() + ")");
}
}
Example 13
| Source File: TestServiceUtil.java From ranger with Apache License 2.0 | 4 votes |
|
@Test
public void testToRangerPolicyForPermGroup(){
RangerPolicyItemCondition rpic = new RangerPolicyItemCondition();
List<String> valuesList = new ArrayList<String>();
valuesList.add("10.129.25.56");
rpic.setType("ipaddress");
rpic.setValues(valuesList);
List<String> usersList = new ArrayList<String>();
usersList.add("rangerAdmin");
List<String> groupList = new ArrayList<String>();
List<RangerPolicyItemCondition> listRPIC = new ArrayList<RangerPolicy.RangerPolicyItemCondition>();
listRPIC.add(rpic);
RangerPolicyItemAccess rpia = new RangerPolicyItemAccess();
rpia.setIsAllowed(true);
rpia.setType("drop");
List<RangerPolicyItemAccess> listRPIA = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
listRPIA.add(rpia);
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.setConditions(listRPIC);
rangerPolicyItem.setAccesses(listRPIA);
rangerPolicyItem.setDelegateAdmin(false);
rangerPolicyItem.setUsers(usersList);
rangerPolicyItem.setGroups(groupList);
List<RangerPolicyItem> listRangerPolicyItem = new ArrayList<RangerPolicy.RangerPolicyItem>();
listRangerPolicyItem.add(rangerPolicyItem);
RangerPolicy expectedRangerPolicy = new RangerPolicy();
expectedRangerPolicy.setId(1L);
expectedRangerPolicy.setName("hive Policy");
expectedRangerPolicy.setService("hive");
expectedRangerPolicy.setDescription("hive policy description");
expectedRangerPolicy.setPolicyItems(listRangerPolicyItem);
VXPermMap vXPermMap = new VXPermMap();
vXPermMap.setId(5L);
vXPermMap.setGroupName("myGroup");
vXPermMap.setPermGroup("permGroup");
vXPermMap.setUserName("rangerAdmin");
vXPermMap.setPermType(12);
vXPermMap.setPermFor(AppConstants.XA_PERM_FOR_USER);
vXPermMap.setIpAddress("10.129.25.56");
List<VXPermMap> vXPermMapList = new ArrayList<VXPermMap>();
vXPermMapList.add(vXPermMap);
VXAuditMap vXAuditMap = new VXAuditMap();
vXAuditMap.setId(1L);
vXAuditMap.setOwner("rangerAdmin");
List<VXAuditMap> vXAuditMapList = new ArrayList<VXAuditMap>();
vXAuditMapList.add(vXAuditMap);
RangerService rangerService = new RangerService();
rangerService.setName("hive");
rangerService.setType("hive");
VXResource resource = new VXResource();
resource.setId(1L);
resource.setUpdateDate(new Date());
resource.setCreateDate(new Date());
resource.setOwner("rangerAdmin");
resource.setUpdatedBy("rangerAdmin");
resource.setPolicyName("hive Policy");
resource.setDescription("hive policy description");
resource.setResourceStatus(RangerCommonEnums.STATUS_ENABLED);
resource.setIsRecursive(1);
resource.setTableType(1);
resource.setColumnType(1);
resource.setPermMapList(vXPermMapList);
RangerPolicy actualRangerPolicy = serviceUtil.toRangerPolicy(resource, rangerService);
Assert.assertNotNull(actualRangerPolicy);
Assert.assertEquals(expectedRangerPolicy.getId(), actualRangerPolicy.getId());
Assert.assertEquals(expectedRangerPolicy.getName(), actualRangerPolicy.getName());
Assert.assertEquals(expectedRangerPolicy.getService(), actualRangerPolicy.getService());
Assert.assertEquals(expectedRangerPolicy.getDescription(), actualRangerPolicy.getDescription());
Assert.assertEquals(expectedRangerPolicy.getPolicyItems(), actualRangerPolicy.getPolicyItems());
}
Example 14
| Source File: RangerPolicyRepository.java From ranger with Apache License 2.0 | 4 votes |
|
private List<? extends RangerPolicy.RangerPolicyItem> normalizeAndPrunePolicyItems(List<? extends RangerPolicy.RangerPolicyItem> policyItems, final String componentType) {
if(CollectionUtils.isNotEmpty(policyItems)) {
final String prefix = componentType + AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR;
List<RangerPolicy.RangerPolicyItem> itemsToPrune = null;
for (RangerPolicy.RangerPolicyItem policyItem : policyItems) {
List<RangerPolicy.RangerPolicyItemAccess> policyItemAccesses = policyItem.getAccesses();
if (CollectionUtils.isNotEmpty(policyItemAccesses)) {
List<RangerPolicy.RangerPolicyItemAccess> accessesToPrune = null;
for (RangerPolicy.RangerPolicyItemAccess access : policyItemAccesses) {
String accessType = access.getType();
if (StringUtils.startsWith(accessType, prefix)) {
String newAccessType = StringUtils.removeStart(accessType, prefix);
access.setType(newAccessType);
} else if (accessType.contains(AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR)) {
if(accessesToPrune == null) {
accessesToPrune = new ArrayList<>();
}
accessesToPrune.add(access);
}
}
if(accessesToPrune != null) {
policyItemAccesses.removeAll(accessesToPrune);
}
if (policyItemAccesses.isEmpty() && !policyItem.getDelegateAdmin()) {
if(itemsToPrune == null) {
itemsToPrune = new ArrayList<>();
}
itemsToPrune.add(policyItem);
continue;
}
}
if (policyItem instanceof RangerPolicy.RangerDataMaskPolicyItem) {
RangerPolicyItemDataMaskInfo dataMaskInfo = ((RangerPolicy.RangerDataMaskPolicyItem) policyItem).getDataMaskInfo();
String maskType = dataMaskInfo.getDataMaskType();
if (StringUtils.startsWith(maskType, prefix)) {
dataMaskInfo.setDataMaskType(StringUtils.removeStart(maskType, prefix));
} else if (maskType.contains(AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR)) {
if (itemsToPrune == null) {
itemsToPrune = new ArrayList<>();
}
itemsToPrune.add(policyItem);
}
}
}
if(itemsToPrune != null) {
policyItems.removeAll(itemsToPrune);
}
}
return policyItems;
}
Example 15
| Source File: ServiceRESTUtil.java From ranger with Apache License 2.0 | 4 votes |
|
static private List<RangerPolicy.RangerPolicyItem> mergePolicyItems(List<RangerPolicy.RangerPolicyItem> policyItems) {
List<RangerPolicy.RangerPolicyItem> ret = new ArrayList<RangerPolicy.RangerPolicyItem>();
if (CollectionUtils.isNotEmpty(policyItems)) {
Map<String, RangerPolicy.RangerPolicyItem> matchedPolicyItems = new HashMap<String, RangerPolicy.RangerPolicyItem>();
for (RangerPolicy.RangerPolicyItem policyItem : policyItems) {
if((CollectionUtils.isEmpty(policyItem.getUsers()) && CollectionUtils.isEmpty(policyItem.getGroups()) && CollectionUtils.isEmpty(policyItem.getRoles())) ||
(CollectionUtils.isEmpty(policyItem.getAccesses()) && !policyItem.getDelegateAdmin())) {
continue;
}
if (policyItem.getConditions().size() > 1) {
ret.add(policyItem);
continue;
}
TreeSet<String> accesses = new TreeSet<String>();
for (RangerPolicy.RangerPolicyItemAccess access : policyItem.getAccesses()) {
accesses.add(access.getType());
}
if (policyItem.getDelegateAdmin()) {
accesses.add("delegateAdmin");
}
String allAccessesString = accesses.toString();
RangerPolicy.RangerPolicyItem matchingPolicyItem = matchedPolicyItems.get(allAccessesString);
if (matchingPolicyItem != null) {
addDistinctItems(policyItem.getUsers(), matchingPolicyItem.getUsers());
addDistinctItems(policyItem.getGroups(), matchingPolicyItem.getGroups());
addDistinctItems(policyItem.getRoles(), matchingPolicyItem.getRoles());
} else {
matchedPolicyItems.put(allAccessesString, policyItem);
}
}
for (Map.Entry<String, RangerPolicy.RangerPolicyItem> entry : matchedPolicyItems.entrySet()) {
ret.add(entry.getValue());
}
}
return ret;
}
Example 16
| Source File: ServiceRESTUtil.java From ranger with Apache License 2.0 | 4 votes |
|
static public boolean processGrantRequest(RangerPolicy policy, GrantRevokeRequest grantRequest) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceRESTUtil.processGrantRequest()");
}
boolean policyUpdated = false;
// replace all existing privileges for users, groups, and roles
if (grantRequest.getReplaceExistingPermissions()) {
policyUpdated = removeUsersGroupsAndRolesFromPolicy(policy, grantRequest.getUsers(), grantRequest.getGroups(), grantRequest.getRoles());
}
//Build a policy and set up policyItem in it to mimic grant request
RangerPolicy appliedPolicy = new RangerPolicy();
RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
policyItem.setDelegateAdmin(grantRequest.getDelegateAdmin());
policyItem.getUsers().addAll(grantRequest.getUsers());
policyItem.getGroups().addAll(grantRequest.getGroups());
policyItem.getRoles().addAll(grantRequest.getRoles());
List<RangerPolicy.RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
Set<String> accessTypes = grantRequest.getAccessTypes();
for (String accessType : accessTypes) {
accesses.add(new RangerPolicy.RangerPolicyItemAccess(accessType, true));
}
policyItem.setAccesses(accesses);
appliedPolicy.getPolicyItems().add(policyItem);
processApplyPolicy(policy, appliedPolicy);
policyUpdated = true;
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceRESTUtil.processGrantRequest() : " + policyUpdated);
}
return policyUpdated;
}
Example 17
| Source File: PatchForKafkaServiceDefUpdate_J10025.java From ranger with Apache License 2.0 | 4 votes |
|
private RangerPolicy getRangerPolicy(String newResource, XXPortalUser xxPortalUser, XXService xxService) {
RangerPolicy policy = new RangerPolicy();
List<RangerPolicy.RangerPolicyItemAccess> accesses = getPolicyItemAccesses();
List<String> users = new ArrayList<>(DEFAULT_POLICY_USERS);
List<String> groups = new ArrayList<>();
List<RangerPolicy.RangerPolicyItemCondition> conditions = new ArrayList<>();
List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<>();
RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
rangerPolicyItem.setAccesses(accesses);
rangerPolicyItem.setConditions(conditions);
rangerPolicyItem.setGroups(groups);
rangerPolicyItem.setUsers(users);
rangerPolicyItem.setDelegateAdmin(false);
policyItems.add(rangerPolicyItem);
Map<String, RangerPolicy.RangerPolicyResource> policyResource = new HashMap<>();
RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource();
rangerPolicyResource.setIsExcludes(false);
rangerPolicyResource.setIsRecursive(false);
rangerPolicyResource.setValue("*");
String policyResourceName = KAFKA_RESOURCE_CLUSTER;
if ("all - delegationtoken".equals(newResource)) {
policyResourceName = KAFKA_RESOURCE_DELEGATIONTOKEN;
}
policyResource.put(policyResourceName, rangerPolicyResource);
policy.setCreateTime(new Date());
policy.setDescription(newResource);
policy.setIsEnabled(true);
policy.setName(newResource);
policy.setCreatedBy(xxPortalUser.getLoginId());
policy.setUpdatedBy(xxPortalUser.getLoginId());
policy.setUpdateTime(new Date());
policy.setService(xxService.getName());
policy.setIsAuditEnabled(true);
policy.setPolicyItems(policyItems);
policy.setResources(policyResource);
policy.setPolicyType(0);
policy.setId(0L);
policy.setGuid("");
policy.setPolicyLabels(new ArrayList<>());
policy.setVersion(1L);
RangerPolicyResourceSignature resourceSignature = new RangerPolicyResourceSignature(policy);
policy.setResourceSignature(resourceSignature.getSignature());
return policy;
}
Example 18
| Source File: PatchForKafkaServiceDefUpdate_J10033.java From ranger with Apache License 2.0 | 4 votes |
|
private RangerPolicy getRangerPolicy(String newResource, XXPortalUser xxPortalUser, XXService xxService) {
RangerPolicy policy = new RangerPolicy();
List<RangerPolicy.RangerPolicyItemAccess> accesses = getPolicyItemAccesses();
List<String> users = new ArrayList<>(DEFAULT_POLICY_USERS);
List<String> groups = new ArrayList<>(DEFAULT_POLICY_GROUP);
List<RangerPolicy.RangerPolicyItemCondition> conditions = new ArrayList<>();
List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<>();
RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
rangerPolicyItem.setAccesses(accesses);
rangerPolicyItem.setConditions(conditions);
rangerPolicyItem.setGroups(groups);
rangerPolicyItem.setUsers(users);
rangerPolicyItem.setDelegateAdmin(false);
policyItems.add(rangerPolicyItem);
Map<String, RangerPolicy.RangerPolicyResource> policyResource = new HashMap<>();
RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource();
rangerPolicyResource.setIsExcludes(false);
rangerPolicyResource.setIsRecursive(false);
rangerPolicyResource.setValue("*");
String policyResourceName = CONSUMERGROUP_RESOURCE_NAME;
policyResource.put(policyResourceName, rangerPolicyResource);
policy.setCreateTime(new Date());
policy.setDescription(newResource);
policy.setIsEnabled(true);
policy.setName(newResource);
policy.setCreatedBy(xxPortalUser.getLoginId());
policy.setUpdatedBy(xxPortalUser.getLoginId());
policy.setUpdateTime(new Date());
policy.setService(xxService.getName());
policy.setIsAuditEnabled(true);
policy.setPolicyItems(policyItems);
policy.setResources(policyResource);
policy.setPolicyType(0);
policy.setId(0L);
policy.setGuid("");
policy.setPolicyLabels(new ArrayList<>());
policy.setVersion(1L);
RangerPolicyResourceSignature resourceSignature = new RangerPolicyResourceSignature(policy);
policy.setResourceSignature(resourceSignature.getSignature());
return policy;
}
