Java Code Examples for org.apache.ranger.plugin.model.RangerPolicy#setPolicyItems()
The following examples show how to use
org.apache.ranger.plugin.model.RangerPolicy#setPolicyItems() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: TestRangerBasePluginWithPolicies.java From nifi-registry with Apache License 2.0 | 5 votes |
|
@Test
public void testMissingResourceValue() {
final String resourceIdentifier1 = "/resource-1";
RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource();
final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi-registry");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the policy was skipped
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Example 2
| Source File: TestRangerBasePluginWithPolicies.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testExcludesPolicy() {
final String resourceIdentifier1 = "/resource-1";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
resource1.setIsExcludes(true);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the policy was skipped
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Example 3
| Source File: TestRangerBasePluginWithPolicies.java From nifi-registry with Apache License 2.0 | 5 votes |
|
@Test
public void testExcludesPolicy() {
final String resourceIdentifier1 = "/resource-1";
RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);
resource1.setIsExcludes(true);
final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi-registry");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the policy was skipped
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Example 4
| Source File: TestAssetREST.java From ranger with Apache License 2.0 | 5 votes |
|
private RangerPolicy rangerPolicy(Long id) {
List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
List<String> users = new ArrayList<String>();
List<String> groups = new ArrayList<String>();
List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>();
List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.setAccesses(accesses);
rangerPolicyItem.setConditions(conditions);
rangerPolicyItem.setGroups(groups);
rangerPolicyItem.setUsers(users);
rangerPolicyItem.setDelegateAdmin(false);
policyItems.add(rangerPolicyItem);
Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>();
RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
rangerPolicyResource.setIsExcludes(true);
rangerPolicyResource.setIsRecursive(true);
rangerPolicyResource.setValue("1");
rangerPolicyResource.setValues(users);
policyResource.put("resource", rangerPolicyResource);
RangerPolicy policy = new RangerPolicy();
policy.setId(id);
policy.setCreateTime(new Date());
policy.setDescription("policy");
policy.setGuid("policyguid");
policy.setIsEnabled(true);
policy.setName("HDFS_1-1-20150316062453");
policy.setUpdatedBy("Admin");
policy.setUpdateTime(new Date());
policy.setService("HDFS_1-1-20150316062453");
policy.setIsAuditEnabled(true);
policy.setPolicyItems(policyItems);
policy.setResources(policyResource);
policy.setService("HDFS_1");
return policy;
}
Example 5
| Source File: TestRangerBasePluginWithPolicies.java From nifi-registry with Apache License 2.0 | 5 votes |
|
@Test
public void testDelegateAdmin() {
final String user1 = "user-1";
final String resourceIdentifier1 = "/resource-1";
RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);
final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("READ"), new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
policy1Item.setDelegateAdmin(true);
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi-registry");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
pluginWithPolicies.setPolicies(servicePolicies);
assertEquals(4, pluginWithPolicies.getAccessPolicies().size());
assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.READ));
assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.WRITE));
}
Example 6
| Source File: RangerPolicyFactory.java From ranger with Apache License 2.0 | 5 votes |
|
private static RangerPolicy createPolicyFromTemplate(String template, long policyId, boolean isAllowed) {
RangerPolicy rangerPolicy = buildGson().fromJson(template, RangerPolicy.class);
rangerPolicy.setId(policyId);
rangerPolicy.setName(String.format("generated policyname #%s", policyId));
rangerPolicy.setResources(createRangerPolicyResourceMap(isAllowed));
rangerPolicy.setPolicyItems(createPolicyItems(isAllowed));
return rangerPolicy;
}
Example 7
| Source File: RangerServiceHdfs.java From ranger with Apache License 2.0 | 5 votes |
|
private RangerPolicy getPolicyForKMSAudit(List<RangerServiceDef.RangerResourceDef> resourceHierarchy) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceHdfs.getPolicyForKMSAudit()");
}
RangerPolicy policy = new RangerPolicy();
policy.setIsEnabled(true);
policy.setVersion(1L);
policy.setName(AUDITTOHDFS_POLICY_NAME);
policy.setService(service.getName());
policy.setDescription("Policy for " + AUDITTOHDFS_POLICY_NAME);
policy.setIsAuditEnabled(true);
policy.setResources(createKMSAuditResource(resourceHierarchy));
List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<RangerPolicy.RangerPolicyItem>();
//Create policy item for keyadmin
RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
List<String> userKeyAdmin = new ArrayList<String>();
userKeyAdmin.add("keyadmin");
policyItem.setUsers(userKeyAdmin);
policyItem.setAccesses(getAllowedAccesses(policy.getResources()));
policyItem.setDelegateAdmin(false);
policyItems.add(policyItem);
policy.setPolicyItems(policyItems);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceHdfs.getPolicyForKMSAudit()" + policy);
}
return policy;
}
Example 8
| Source File: RangerServiceHive.java From ranger with Apache License 2.0 | 5 votes |
|
private RangerPolicy createDefaultDBPolicy() {
RangerPolicy defaultDBPolicy = new RangerPolicy();
defaultDBPolicy.setName(DEFAULT_DB_POLICYNAME);
defaultDBPolicy.setService(serviceName);
defaultDBPolicy.setResources(createDefaultDBPolicyResource());
defaultDBPolicy.setPolicyItems(createDefaultDBPolicyItem());
return defaultDBPolicy;
}
Example 9
| Source File: TestRangerBasePluginWithPolicies.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testRecursivePolicy() {
final String resourceIdentifier1 = "/resource-1";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
resource1.setIsRecursive(true);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the policy was skipped
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Example 10
| Source File: TestPublicAPIsv2.java From ranger with Apache License 2.0 | 5 votes |
|
private RangerPolicy rangerPolicy1() {
List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
List<String> users = new ArrayList<String>();
List<String> groups = new ArrayList<String>();
List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>();
List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.setAccesses(accesses);
rangerPolicyItem.setConditions(conditions);
rangerPolicyItem.setGroups(groups);
rangerPolicyItem.setUsers(users);
rangerPolicyItem.setDelegateAdmin(false);
policyItems.add(rangerPolicyItem);
Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>();
RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
rangerPolicyResource.setIsExcludes(true);
rangerPolicyResource.setIsRecursive(true);
rangerPolicyResource.setValue("2");
rangerPolicyResource.setValues(users);
policyResource.put("resource", rangerPolicyResource);
RangerPolicy policy = new RangerPolicy();
policy.setId(Id2);
policy.setCreateTime(new Date());
policy.setDescription("policy");
policy.setGuid("policyguid");
policy.setIsEnabled(true);
policy.setName("HDFS_1-1-20150316062454");
policy.setUpdatedBy("Admin");
policy.setUpdateTime(new Date());
policy.setService("HDFS_1-1-20150316062454");
policy.setIsAuditEnabled(true);
policy.setPolicyItems(policyItems);
policy.setResources(policyResource);
policy.setService("HDFS_2");
return policy;
}
Example 11
| Source File: TestXUserMgr.java From ranger with Apache License 2.0 | 5 votes |
|
private RangerPolicy rangerPolicy() {
List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
List<String> users = new ArrayList<String>();
List<String> groups = new ArrayList<String>();
List<String> policyLabels = new ArrayList<String>();
List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>();
List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.setAccesses(accesses);
rangerPolicyItem.setConditions(conditions);
rangerPolicyItem.setGroups(groups);
rangerPolicyItem.setUsers(users);
rangerPolicyItem.setDelegateAdmin(false);
policyItems.add(rangerPolicyItem);
Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>();
RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
rangerPolicyResource.setIsExcludes(true);
rangerPolicyResource.setIsRecursive(true);
rangerPolicyResource.setValue("1");
rangerPolicyResource.setValues(users);
RangerPolicy policy = new RangerPolicy();
policy.setId(userId);
policy.setCreateTime(new Date());
policy.setDescription("policy");
policy.setGuid("policyguid");
policy.setIsEnabled(true);
policy.setName("HDFS_1-1-20150316062453");
policy.setUpdatedBy("Admin");
policy.setUpdateTime(new Date());
policy.setService("HDFS_1-1-20150316062453");
policy.setIsAuditEnabled(true);
policy.setPolicyItems(policyItems);
policy.setResources(policyResource);
policy.setPolicyLabels(policyLabels);
return policy;
}
Example 12
| Source File: RangerBaseService.java From ranger with Apache License 2.0 | 5 votes |
|
private RangerPolicy getDefaultPolicy(List<RangerServiceDef.RangerResourceDef> resourceHierarchy) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerBaseService.getDefaultPolicy()");
}
RangerPolicy policy = new RangerPolicy();
String policyName=buildPolicyName(resourceHierarchy);
policy.setIsEnabled(true);
policy.setVersion(1L);
policy.setName(policyName);
policy.setService(service.getName());
policy.setDescription("Policy for " + policyName);
policy.setIsAuditEnabled(true);
policy.setResources(createDefaultPolicyResource(resourceHierarchy));
List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<RangerPolicy.RangerPolicyItem>();
//Create Default policy item for the service user
RangerPolicy.RangerPolicyItem policyItem = createDefaultPolicyItem(policy.getResources());
policyItems.add(policyItem);
policy.setPolicyItems(policyItems);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerBaseService.getDefaultPolicy()" + policy);
}
return policy;
}
Example 13
| Source File: TestRangerBasePluginWithPolicies.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testWildcardResourceValue() {
final String resourceIdentifier1 = "*";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the policy was skipped
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Example 14
| Source File: TestServiceREST.java From ranger with Apache License 2.0 | 4 votes |
|
@Test
public void test40applyPolicy() {
RangerPolicy existingPolicy = rangerPolicy();
RangerPolicy appliedPolicy = rangerPolicy();
List<RangerPolicyItem> policyItem = new ArrayList<RangerPolicyItem>();
existingPolicy.setPolicyItems(policyItem );
appliedPolicy.setPolicyItems(null);
Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
RangerPolicyResource rangerPolicyResource = new RangerPolicyResource("/tmp");
rangerPolicyResource.setIsExcludes(true);
rangerPolicyResource.setIsRecursive(true);
policyResources.put("path", rangerPolicyResource);
existingPolicy.setResources(policyResources);
appliedPolicy.setResources(policyResources);
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("read", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("write", true));
rangerPolicyItem.getGroups().add("group1");
rangerPolicyItem.getGroups().add("group2");
rangerPolicyItem.getUsers().add("user1");
rangerPolicyItem.getUsers().add("user2");
rangerPolicyItem.setDelegateAdmin(true);
existingPolicy.getPolicyItems().add(rangerPolicyItem);
rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
rangerPolicyItem.getGroups().add("group1");
rangerPolicyItem.getGroups().add("public");
rangerPolicyItem.getUsers().add("user1");
rangerPolicyItem.getUsers().add("finance");
rangerPolicyItem.setDelegateAdmin(false);
appliedPolicy.getPolicyItems().add(rangerPolicyItem);
String existingPolicyStr = existingPolicy.toString();
System.out.println("existingPolicy=" + existingPolicyStr);
ServiceRESTUtil.processApplyPolicy(existingPolicy, appliedPolicy);
String resultPolicyStr = existingPolicy.toString();
System.out.println("resultPolicy=" + resultPolicyStr);
assert(true);
}
Example 15
| Source File: TestServiceUtil.java From ranger with Apache License 2.0 | 4 votes |
|
@Test
public void testToRangerPolicy(){
Date date = new Date();
List<String> userList = new ArrayList<String>();
userList.add("rangerAdmin");
List<String> groupList = new ArrayList<String>();
groupList.add("rangerGroup");
List<String> permObjList = new ArrayList<String>();
permObjList.add("Admin");
Map<String, RangerPolicyResource> resourceMap = new HashMap<String, RangerPolicyResource>();
List<String> valuesList = new ArrayList<String>();
valuesList.add("resource");
RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
rangerPolicyResource.setIsExcludes(false);
rangerPolicyResource.setIsRecursive(true);
rangerPolicyResource.setValues(valuesList);
resourceMap.put("path", rangerPolicyResource);
List<RangerPolicyItem> rangerPolicyItemList = new ArrayList<RangerPolicy.RangerPolicyItem>();
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.setUsers(userList);
rangerPolicyItem.setGroups(groupList);
List<RangerPolicyItemCondition> rangerPolicyItemConditionList = new ArrayList<RangerPolicy.RangerPolicyItemCondition>();
RangerPolicyItemCondition rangerPolicyItemCondition = new RangerPolicyItemCondition();
rangerPolicyItemCondition.setType("ipaddress");
List<String> conditionValueList = new ArrayList<String>();
conditionValueList.add("10.129.35.86");
rangerPolicyItemCondition.setValues(conditionValueList);
rangerPolicyItemConditionList.add(rangerPolicyItemCondition);
rangerPolicyItem.setConditions(rangerPolicyItemConditionList);
rangerPolicyItem.setDelegateAdmin(true);
rangerPolicyItemList.add(rangerPolicyItem);
RangerPolicy expectedRangerPolicy = new RangerPolicy();
expectedRangerPolicy.setId(1L);
expectedRangerPolicy.setName("hdfs");
expectedRangerPolicy.setCreatedBy("rangerAdmin");
expectedRangerPolicy.setCreateTime(date);
expectedRangerPolicy.setDescription("hdfs policy description");
expectedRangerPolicy.setIsAuditEnabled(true);
expectedRangerPolicy.setResources(resourceMap);
expectedRangerPolicy.setPolicyItems(rangerPolicyItemList);
VXPolicy vXPolicy = new VXPolicy();
vXPolicy.setId(1L);
vXPolicy.setCreateDate(date);
vXPolicy.setUpdateDate(date);
vXPolicy.setOwner("rangerAdmin");
vXPolicy.setUpdatedBy("rangerAdmin");
vXPolicy.setPolicyName("hdfs");
vXPolicy.setDescription("hdfs policy description");
vXPolicy.setIsEnabled(true);
vXPolicy.setIsAuditEnabled(true);
vXPolicy.setIsRecursive(true);
vXPolicy.setResourceName("resource");
RangerService service = new RangerService();
service.setId(1L);
service.setName("hdfsService");
service.setType("hdfs");
List<VXPermObj> vXPermObjList = new ArrayList<VXPermObj>();
VXPermObj vXPermObj = new VXPermObj();
vXPermObj.setUserList(userList);
vXPermObj.setGroupList(groupList);
vXPermObj.setPermList(permObjList);
vXPermObj.setIpAddress("10.129.35.86");
vXPermObjList.add(vXPermObj);
vXPolicy.setPermMapList(vXPermObjList);
RangerPolicy actualRangerPolicy = serviceUtil.toRangerPolicy(vXPolicy, service);
Assert.assertNotNull(actualRangerPolicy);
Assert.assertEquals(expectedRangerPolicy.getId(), actualRangerPolicy.getId());
Assert.assertEquals(expectedRangerPolicy.getName(), actualRangerPolicy.getName());
Assert.assertEquals(expectedRangerPolicy.getDescription(), actualRangerPolicy.getDescription());
Assert.assertEquals(expectedRangerPolicy.getCreatedBy(), actualRangerPolicy.getCreatedBy());
Assert.assertTrue(actualRangerPolicy.getIsAuditEnabled());
Assert.assertEquals(expectedRangerPolicy.getResources(), actualRangerPolicy.getResources());
Assert.assertEquals(expectedRangerPolicy.getPolicyItems(), actualRangerPolicy.getPolicyItems());
}
Example 16
| Source File: TestRangerBasePluginWithPolicies.java From nifi with Apache License 2.0 | 4 votes |
|
@Test
public void testPoliciesWithoutUserGroupProvider() {
final String user1 = "user-1";
final String group1 = "group-1";
final String resourceIdentifier1 = "/resource-1";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final String resourceIdentifier2 = "/resource-2";
RangerPolicyResource resource2 = new RangerPolicyResource(resourceIdentifier2);
final Map<String, RangerPolicyResource> policy2Resources = new HashMap<>();
policy2Resources.put(resourceIdentifier2, resource2);
final RangerPolicyItem policy2Item = new RangerPolicyItem();
policy2Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ"), new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
policy2Item.setGroups(Stream.of(group1).collect(Collectors.toList()));
final RangerPolicy policy2 = new RangerPolicy();
policy2.setResources(policy2Resources);
policy2.setPolicyItems(Stream.of(policy2Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
policies.add(policy2);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the two ranger policies converted into 3 nifi access policies
final Set<AccessPolicy> accessPolicies = pluginWithPolicies.getAccessPolicies();
assertEquals(3, accessPolicies.size());
// resource 1 -> read but no write
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));
// read
final AccessPolicy readResource1 = pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ);
assertNotNull(readResource1);
assertTrue(accessPolicies.contains(readResource1));
assertTrue(readResource1.equals(pluginWithPolicies.getAccessPolicy(readResource1.getIdentifier())));
assertEquals(1, readResource1.getUsers().size());
assertTrue(readResource1.getUsers().contains(new User.Builder().identifierGenerateFromSeed(user1).identity(user1).build().getIdentifier()));
assertTrue(readResource1.getGroups().isEmpty());
// but no write
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
// resource 2 -> read and write
assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.WRITE));
assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.READ));
// read
final AccessPolicy readResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
assertNotNull(readResource2);
assertTrue(accessPolicies.contains(readResource2));
assertTrue(readResource2.equals(pluginWithPolicies.getAccessPolicy(readResource2.getIdentifier())));
assertTrue(readResource2.getUsers().isEmpty());
assertEquals(1, readResource2.getGroups().size());
assertTrue(readResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));
// and write
final AccessPolicy writeResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
assertNotNull(writeResource2);
assertTrue(accessPolicies.contains(writeResource2));
assertTrue(writeResource2.equals(pluginWithPolicies.getAccessPolicy(writeResource2.getIdentifier())));
assertTrue(writeResource2.getUsers().isEmpty());
assertEquals(1, writeResource2.getGroups().size());
assertTrue(writeResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));
// resource 3 -> no read or write
assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.WRITE));
assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.READ));
// no read or write
assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.WRITE));
assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.READ));
}
Example 17
| Source File: ServiceRESTUtil.java From ranger with Apache License 2.0 | 4 votes |
|
static private void compactPolicy(RangerPolicy policy) {
policy.setPolicyItems(mergePolicyItems(policy.getPolicyItems()));
policy.setDenyPolicyItems(mergePolicyItems(policy.getDenyPolicyItems()));
policy.setAllowExceptions(mergePolicyItems(policy.getAllowExceptions()));
policy.setDenyExceptions(mergePolicyItems(policy.getDenyExceptions()));
}
Example 18
| Source File: PatchMigration_J10002.java From ranger with Apache License 2.0 | 4 votes |
|
private RangerPolicy mapXResourceToPolicy(RangerPolicy policy, XXResource xRes, RangerService service) {
String serviceName = service.getName();
String serviceType = service.getType();
String name = xRes.getPolicyName();
String description = xRes.getDescription();
Boolean isAuditEnabled = true;
Boolean isEnabled = true;
Map<String, RangerPolicyResource> resources = new HashMap<String, RangerPolicyResource>();
List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
XXServiceDef svcDef = daoMgr.getXXServiceDef().findByName(serviceType);
if(svcDef == null) {
logger.error(serviceType + ": service-def not found. Skipping policy '" + name + "'");
return null;
}
List<XXAuditMap> auditMapList = daoMgr.getXXAuditMap().findByResourceId(xRes.getId());
if (stringUtil.isEmpty(auditMapList)) {
isAuditEnabled = false;
}
if (xRes.getResourceStatus() == AppConstants.STATUS_DISABLED) {
isEnabled = false;
}
Boolean isPathRecursive = xRes.getIsRecursive() == RangerCommonEnums.BOOL_TRUE;
Boolean isTableExcludes = xRes.getTableType() == RangerCommonEnums.POLICY_EXCLUSION;
Boolean isColumnExcludes = xRes.getColumnType() == RangerCommonEnums.POLICY_EXCLUSION;
if (StringUtils.equalsIgnoreCase(serviceType, "hdfs")) {
toRangerResourceList(xRes.getName(), "path", Boolean.FALSE, isPathRecursive, resources);
} else if (StringUtils.equalsIgnoreCase(serviceType, "hbase")) {
toRangerResourceList(xRes.getTables(), "table", isTableExcludes, Boolean.FALSE, resources);
toRangerResourceList(xRes.getColumnFamilies(), "column-family", Boolean.FALSE, Boolean.FALSE, resources);
toRangerResourceList(xRes.getColumns(), "column", isColumnExcludes, Boolean.FALSE, resources);
} else if (StringUtils.equalsIgnoreCase(serviceType, "hive")) {
toRangerResourceList(xRes.getDatabases(), "database", Boolean.FALSE, Boolean.FALSE, resources);
toRangerResourceList(xRes.getTables(), "table", isTableExcludes, Boolean.FALSE, resources);
toRangerResourceList(xRes.getColumns(), "column", isColumnExcludes, Boolean.FALSE, resources);
toRangerResourceList(xRes.getUdfs(), "udf", Boolean.FALSE, Boolean.FALSE, resources);
} else if (StringUtils.equalsIgnoreCase(serviceType, "knox")) {
toRangerResourceList(xRes.getTopologies(), "topology", Boolean.FALSE, Boolean.FALSE, resources);
toRangerResourceList(xRes.getServices(), "service", Boolean.FALSE, Boolean.FALSE, resources);
} else if (StringUtils.equalsIgnoreCase(serviceType, "storm")) {
toRangerResourceList(xRes.getTopologies(), "topology", Boolean.FALSE, Boolean.FALSE, resources);
}
policyItems = getPolicyItemListForRes(xRes, svcDef);
policy.setService(serviceName);
policy.setName(name);
policy.setDescription(description);
policy.setIsAuditEnabled(isAuditEnabled);
policy.setIsEnabled(isEnabled);
policy.setResources(resources);
policy.setPolicyItems(policyItems);
policy.setCreateTime(xRes.getCreateTime());
policy.setUpdateTime(xRes.getUpdateTime());
XXPortalUser createdByUser = daoMgr.getXXPortalUser().getById(xRes.getAddedByUserId());
XXPortalUser updByUser = daoMgr.getXXPortalUser().getById(xRes.getUpdatedByUserId());
if (createdByUser != null) {
policy.setCreatedBy(createdByUser.getLoginId());
}
if (updByUser != null) {
policy.setUpdatedBy(updByUser.getLoginId());
}
policy.setId(xRes.getId());
return policy;
}
Example 19
| Source File: PatchForKafkaServiceDefUpdate_J10033.java From ranger with Apache License 2.0 | 4 votes |
|
private RangerPolicy getRangerPolicy(String newResource, XXPortalUser xxPortalUser, XXService xxService) {
RangerPolicy policy = new RangerPolicy();
List<RangerPolicy.RangerPolicyItemAccess> accesses = getPolicyItemAccesses();
List<String> users = new ArrayList<>(DEFAULT_POLICY_USERS);
List<String> groups = new ArrayList<>(DEFAULT_POLICY_GROUP);
List<RangerPolicy.RangerPolicyItemCondition> conditions = new ArrayList<>();
List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<>();
RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
rangerPolicyItem.setAccesses(accesses);
rangerPolicyItem.setConditions(conditions);
rangerPolicyItem.setGroups(groups);
rangerPolicyItem.setUsers(users);
rangerPolicyItem.setDelegateAdmin(false);
policyItems.add(rangerPolicyItem);
Map<String, RangerPolicy.RangerPolicyResource> policyResource = new HashMap<>();
RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource();
rangerPolicyResource.setIsExcludes(false);
rangerPolicyResource.setIsRecursive(false);
rangerPolicyResource.setValue("*");
String policyResourceName = CONSUMERGROUP_RESOURCE_NAME;
policyResource.put(policyResourceName, rangerPolicyResource);
policy.setCreateTime(new Date());
policy.setDescription(newResource);
policy.setIsEnabled(true);
policy.setName(newResource);
policy.setCreatedBy(xxPortalUser.getLoginId());
policy.setUpdatedBy(xxPortalUser.getLoginId());
policy.setUpdateTime(new Date());
policy.setService(xxService.getName());
policy.setIsAuditEnabled(true);
policy.setPolicyItems(policyItems);
policy.setResources(policyResource);
policy.setPolicyType(0);
policy.setId(0L);
policy.setGuid("");
policy.setPolicyLabels(new ArrayList<>());
policy.setVersion(1L);
RangerPolicyResourceSignature resourceSignature = new RangerPolicyResourceSignature(policy);
policy.setResourceSignature(resourceSignature.getSignature());
return policy;
}
Example 20
| Source File: TestServiceREST.java From ranger with Apache License 2.0 | 4 votes |
|
@Test
public void test43revoke() {
RangerPolicy existingPolicy = rangerPolicy();
List<RangerPolicyItem> policyItem = new ArrayList<RangerPolicyItem>();
existingPolicy.setPolicyItems(policyItem );
Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
RangerPolicyResource rangerPolicyResource = new RangerPolicyResource("/tmp");
rangerPolicyResource.setIsExcludes(true);
rangerPolicyResource.setIsRecursive(true);
policyResources.put("path", rangerPolicyResource);
existingPolicy.setResources(policyResources);
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("read", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("write", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("lock", true));
rangerPolicyItem.getGroups().add("group1");
rangerPolicyItem.getGroups().add("group2");
rangerPolicyItem.getUsers().add("user1");
rangerPolicyItem.getUsers().add("user2");
rangerPolicyItem.setDelegateAdmin(true);
existingPolicy.getPolicyItems().add(rangerPolicyItem);
rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("read", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("write", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("lock", true));
rangerPolicyItem.getGroups().add("group3");
rangerPolicyItem.getUsers().add("user3");
rangerPolicyItem.setDelegateAdmin(true);
existingPolicy.getPolicyItems().add(rangerPolicyItem);
rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("lock", true));
rangerPolicyItem.getGroups().add("group1");
rangerPolicyItem.getGroups().add("group2");
rangerPolicyItem.getUsers().add("user1");
rangerPolicyItem.getUsers().add("user2");
rangerPolicyItem.setDelegateAdmin(false);
existingPolicy.getAllowExceptions().add(rangerPolicyItem);
rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
rangerPolicyItem.getGroups().add("group2");
rangerPolicyItem.getUsers().add("user2");
rangerPolicyItem.setDelegateAdmin(false);
existingPolicy.getDenyPolicyItems().add(rangerPolicyItem);
rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("index", true));
rangerPolicyItem.getGroups().add("public");
rangerPolicyItem.getUsers().add("user");
rangerPolicyItem.setDelegateAdmin(false);
existingPolicy.getDenyPolicyItems().add(rangerPolicyItem);
GrantRevokeRequest revokeRequestObj = new GrantRevokeRequest();
Map<String, String> resource = new HashMap<String, String>();
resource.put("path", "/tmp");
revokeRequestObj.setResource(resource);
revokeRequestObj.getUsers().add("user1");
revokeRequestObj.getGroups().add("group1");
revokeRequestObj.getAccessTypes().add("delete");
revokeRequestObj.getAccessTypes().add("index");
revokeRequestObj.setDelegateAdmin(true);
revokeRequestObj.setEnableAudit(true);
revokeRequestObj.setIsRecursive(true);
revokeRequestObj.setGrantor("test43Revoke");
String existingPolicyStr = existingPolicy.toString();
System.out.println("existingPolicy=" + existingPolicyStr);
ServiceRESTUtil.processRevokeRequest(existingPolicy, revokeRequestObj);
String resultPolicyStr = existingPolicy.toString();
System.out.println("resultPolicy=" + resultPolicyStr);
assert(true);
}
