Java Code Examples for org.apache.ranger.plugin.model.RangerServiceDef#setName()

The following examples show how to use org.apache.ranger.plugin.model.RangerServiceDef#setName() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PublicAPIsv2.java    From ranger with Apache License 2.0 6 votes vote down vote up
@PUT
@Path("/api/servicedef/name/{name}")
@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
@Produces({ "application/json", "application/xml" })
public RangerServiceDef updateServiceDefByName(RangerServiceDef serviceDef,
                                     @PathParam("name") String name) {
	// serviceDef.name is immutable
	// if serviceDef.name is specified, it should be same as the param 'name'
	if(serviceDef.getName() == null) {
		serviceDef.setName(name);
	} else if(!serviceDef.getName().equals(name)) {
		throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "serviceDef name mismatch", true);
	}

	// ignore serviceDef.id - if specified. Retrieve using the given name and use id from the retrieved object
	RangerServiceDef existingServiceDef = getServiceDefByName(name);
	serviceDef.setId(existingServiceDef.getId());
	if(StringUtils.isEmpty(serviceDef.getGuid())) {
		serviceDef.setGuid(existingServiceDef.getGuid());
	}

	return serviceREST.updateServiceDef(serviceDef);
}
 
Example 2
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Test
public void testDisabledPolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("READ")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setIsEnabled(false);
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
}
 
Example 3
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testDelegateAdmin() {
    final String user1 = "user-1";

    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ"), new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
    policy1Item.setDelegateAdmin(true);

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    assertEquals(4, pluginWithPolicies.getAccessPolicies().size());
    assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
    assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
    assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.READ));
    assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.WRITE));
}
 
Example 4
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testRecursivePolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
    resource1.setIsRecursive(true);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 5
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testExcludesPolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
    resource1.setIsExcludes(true);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 6
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testWildcardResourceValue() {
    final String resourceIdentifier1 = "*";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 7
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testMissingResourceValue() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource();

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 8
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testDisabledPolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setIsEnabled(false);
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
}
 
Example 9
Source File: TestRangerPolicyValidator.java    From ranger with Apache License 2.0 5 votes vote down vote up
@Test
public final void test_isValidServiceWithZone_failurePath() throws Exception{
	boolean isAdmin = true;
	when(_policy.getId()).thenReturn(1L);
	when(_policy.getName()).thenReturn("my-all");
	when(_policy.getService()).thenReturn("hdfssvc1");
	when(_policy.getZoneName()).thenReturn("zone1");
	when(_policy.getResources()).thenReturn(null);
	when(_policy.getIsAuditEnabled()).thenReturn(Boolean.TRUE);
	when(_policy.getIsEnabled()).thenReturn(Boolean.FALSE);
	RangerService service = new RangerService();
	service.setType("service-type");
	service.setId(2L);
	Action action = Action.CREATE;
	List<String> tagSvcList = new ArrayList<String>();
	tagSvcList.add("hdfssvc");
	when(_store.getServiceByName("hdfssvc1")).thenReturn(service);
	RangerSecurityZone securityZone = new RangerSecurityZone();
	securityZone.setName("zone1");
	securityZone.setId(1L);
	securityZone.setTagServices(tagSvcList);
	when(_store.getSecurityZone("zone1")).thenReturn(securityZone);
	when(_store.getPolicyId(2L, "my-all", 1L)).thenReturn(null);
	RangerServiceDef svcDef = new RangerServiceDef();
	svcDef.setName("my-svc-def");
	when(_store.getServiceDefByName("service-type")).thenReturn(svcDef);
	RangerPolicyResourceSignature policySignature = mock(RangerPolicyResourceSignature.class);
	when(_factory.createPolicyResourceSignature(_policy)).thenReturn(policySignature);
	boolean isValid = _validator.isValid(_policy, action, isAdmin, _failures);
	Assert.assertFalse(isValid);
	Assert.assertEquals(_failures.get(0)._errorCode, 3048);
	Assert.assertEquals(_failures.get(0)._reason,"Service name = hdfssvc1 is not associated to Zone name = zone1");
}
 
Example 10
Source File: TestRangerPolicyValidator.java    From ranger with Apache License 2.0 5 votes vote down vote up
@Test
public final void test_isValidServiceWithZone_happyPath() throws Exception{
	boolean isAdmin = true;
	when(_policy.getId()).thenReturn(1L);
	when(_policy.getName()).thenReturn("my-all");
	when(_policy.getService()).thenReturn("hdfssvc");
	when(_policy.getZoneName()).thenReturn("zone1");
	when(_policy.getResources()).thenReturn(null);
	when(_policy.getIsAuditEnabled()).thenReturn(Boolean.TRUE);
	when(_policy.getIsEnabled()).thenReturn(Boolean.FALSE);
	RangerService service = new RangerService();
	service.setType("service-type");
	service.setId(2L);
	Action action = Action.CREATE;
	List<String> tagSvcList = new ArrayList<String>();
	tagSvcList.add("hdfssvc");
	when(_store.getServiceByName("hdfssvc")).thenReturn(service);
	RangerSecurityZone securityZone = new RangerSecurityZone();
	securityZone.setName("zone1");
	securityZone.setId(1L);
	securityZone.setTagServices(tagSvcList);
	when(_store.getSecurityZone("zone1")).thenReturn(securityZone);
	when(_store.getPolicyId(2L, "my-all", 1L)).thenReturn(null);
	RangerServiceDef svcDef = new RangerServiceDef();
	svcDef.setName("my-svc-def");
	when(_store.getServiceDefByName("service-type")).thenReturn(svcDef);
	RangerPolicyResourceSignature policySignature = mock(RangerPolicyResourceSignature.class);
	when(_factory.createPolicyResourceSignature(_policy)).thenReturn(policySignature);
	Assert.assertTrue(_validator.isValid(_policy, action, isAdmin, _failures));
}
 
Example 11
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Test
public void testDelegateAdmin() {
    final String user1 = "user-1";

    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("READ"), new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
    policy1Item.setDelegateAdmin(true);

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    assertEquals(4, pluginWithPolicies.getAccessPolicies().size());
    assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
    assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
    assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.READ));
    assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.WRITE));
}
 
Example 12
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Test
public void testRecursivePolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);
    resource1.setIsRecursive(true);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 13
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Test
public void testExcludesPolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);
    resource1.setIsExcludes(true);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 14
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Test
public void testWildcardResourceValue() {
    final String resourceIdentifier1 = "*";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 15
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Test
public void testMissingResourceValue() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource();

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 16
Source File: TestServiceDBStore.java    From ranger with Apache License 2.0 4 votes vote down vote up
@Test
public void test41createKMSService() throws Exception {
	XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
	XXServiceConfigMapDao xServiceConfigMapDao = Mockito
			.mock(XXServiceConfigMapDao.class);
	XXUserDao xUserDao = Mockito.mock(XXUserDao.class);
	XXServiceConfigDefDao xServiceConfigDefDao = Mockito
			.mock(XXServiceConfigDefDao.class);
	XXService xService = Mockito.mock(XXService.class);
	XXUser xUser = Mockito.mock(XXUser.class);

	Mockito.when(xServiceDao.findByName("KMS_1")).thenReturn(
			xService);
	Mockito.when(!bizUtil.hasAccess(xService, null)).thenReturn(true);

	RangerService rangerService = rangerKMSService();
	VXUser vXUser = null;
	String userName = "servicemgr";

	List<XXServiceConfigDef> svcConfDefList = new ArrayList<XXServiceConfigDef>();
	XXServiceConfigDef serviceConfigDefObj = new XXServiceConfigDef();
	serviceConfigDefObj.setId(Id);
	serviceConfigDefObj.setType("7");
	svcConfDefList.add(serviceConfigDefObj);
	Mockito.when(daoManager.getXXServiceConfigDef()).thenReturn(
			xServiceConfigDefDao);

	Mockito.when(svcService.create(rangerService)).thenReturn(rangerService);

	Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
	Mockito.when(xServiceDao.getById(rangerService.getId())).thenReturn(
			xService);
	Mockito.when(daoManager.getXXServiceConfigMap()).thenReturn(
			xServiceConfigMapDao);

	Mockito.when(stringUtil.getValidUserName(userName))
	.thenReturn(userName);
	Mockito.when(daoManager.getXXUser()).thenReturn(xUserDao);
	Mockito.when(xUserDao.findByUserName(userName)).thenReturn(xUser);

	Mockito.when(xUserService.populateViewBean(xUser)).thenReturn(vXUser);
	VXUser vXUserHdfs = new VXUser();
	vXUserHdfs.setName("hdfs");
	vXUserHdfs.setPassword("hdfs");
	VXUser vXUserHive = new VXUser();
	vXUserHive.setName("hive");
	vXUserHive.setPassword("hive");

	XXServiceConfigMap xConfMap = new XXServiceConfigMap();

	Mockito.when(svcService.getPopulatedViewObject(xService)).thenReturn(
			rangerService);

	Mockito.when(
			rangerAuditFields.populateAuditFields(
					Mockito.isA(XXServiceConfigMap.class),
					Mockito.isA(XXService.class))).thenReturn(xConfMap);

	List<XXAccessTypeDef> accessTypeDefList = new ArrayList<XXAccessTypeDef>();
	accessTypeDefList.add(rangerKmsAccessTypes("getmetadata", 7));
	accessTypeDefList.add(rangerKmsAccessTypes("generateeek", 8));
	accessTypeDefList.add(rangerKmsAccessTypes("decrypteek", 9));

	RangerServiceDef ran = new RangerServiceDef();
	ran.setName("KMS Test");

	ServiceDBStore spy = Mockito.spy(serviceDBStore);

	Mockito.when(spy.getServiceByName("KMS_1")).thenReturn(
			rangerService);
	Mockito.doNothing().when(spy).createDefaultPolicies(rangerService);

	RangerResourceDef resourceDef = new RangerResourceDef();
	resourceDef.setItemId(Id);
	resourceDef.setName("keyname");
	resourceDef.setType("string");
	resourceDef.setType("string");
	resourceDef.setLabel("Key Name");
	resourceDef.setDescription("Key Name");

	List<RangerResourceDef> resourceHierarchy = new ArrayList<RangerResourceDef>();
	resourceHierarchy.addAll(resourceHierarchy);

	spy.createService(rangerService);
	vXUser = new VXUser();
	vXUser.setName(userName);
	vXUser.setPassword(userName);
	
	spy.createDefaultPolicies(rangerService);

	Mockito.verify(daoManager, Mockito.atLeast(1)).getXXService();
	Mockito.verify(daoManager).getXXServiceConfigMap();
}
 
Example 17
Source File: TestServiceDBStore.java    From ranger with Apache License 2.0 4 votes vote down vote up
@Test
public void test19createService() throws Exception {
	XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
	XXServiceConfigMapDao xServiceConfigMapDao = Mockito
			.mock(XXServiceConfigMapDao.class);
	XXUserDao xUserDao = Mockito.mock(XXUserDao.class);
	XXServiceConfigDefDao xServiceConfigDefDao = Mockito
			.mock(XXServiceConfigDefDao.class);
	XXService xService = Mockito.mock(XXService.class);

	RangerService rangerService = rangerService();

	List<XXServiceConfigDef> svcConfDefList = new ArrayList<XXServiceConfigDef>();
	XXServiceConfigDef serviceConfigDefObj = new XXServiceConfigDef();
	serviceConfigDefObj.setId(Id);
	serviceConfigDefObj.setType("1");
	svcConfDefList.add(serviceConfigDefObj);
	Mockito.when(daoManager.getXXServiceConfigDef()).thenReturn(
			xServiceConfigDefDao);

	Mockito.when(svcService.create(rangerService)).thenReturn(rangerService);

	Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
	Mockito.when(xServiceDao.getById(rangerService.getId())).thenReturn(
			xService);
	Mockito.when(daoManager.getXXServiceConfigMap()).thenReturn(
			xServiceConfigMapDao);

	Mockito.when(daoManager.getXXUser()).thenReturn(xUserDao);

	XXServiceConfigMap xConfMap = new XXServiceConfigMap();

	Mockito.when(svcService.getPopulatedViewObject(xService)).thenReturn(
			rangerService);

	Mockito.when(
			rangerAuditFields.populateAuditFields(
					Mockito.isA(XXServiceConfigMap.class),
					Mockito.isA(XXService.class))).thenReturn(xConfMap);

	RangerServiceDef ran = new RangerServiceDef();
	ran.setName("Test");

	ServiceDBStore spy = Mockito.spy(serviceDBStore);

	Mockito.doNothing().when(spy).createDefaultPolicies(rangerService);

	spy.createService(rangerService);

	Mockito.verify(daoManager, Mockito.atLeast(1)).getXXService();
	Mockito.verify(daoManager).getXXServiceConfigMap();
}
 
Example 18
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 4 votes vote down vote up
@Test
public void testPoliciesWithoutUserGroupProvider() {
    final String user1 = "user-1";
    final String group1 = "group-1";

    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
    policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final String resourceIdentifier2 = "/resource-2";
    RangerPolicyResource resource2 = new RangerPolicyResource(resourceIdentifier2);

    final Map<String, RangerPolicyResource> policy2Resources = new HashMap<>();
    policy2Resources.put(resourceIdentifier2, resource2);

    final RangerPolicyItem policy2Item = new RangerPolicyItem();
    policy2Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ"), new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    policy2Item.setGroups(Stream.of(group1).collect(Collectors.toList()));

    final RangerPolicy policy2 = new RangerPolicy();
    policy2.setResources(policy2Resources);
    policy2.setPolicyItems(Stream.of(policy2Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);
    policies.add(policy2);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the two ranger policies converted into 3 nifi access policies
    final Set<AccessPolicy> accessPolicies = pluginWithPolicies.getAccessPolicies();
    assertEquals(3, accessPolicies.size());

    // resource 1 -> read but no write
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));

    // read
    final AccessPolicy readResource1 = pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ);
    assertNotNull(readResource1);
    assertTrue(accessPolicies.contains(readResource1));
    assertTrue(readResource1.equals(pluginWithPolicies.getAccessPolicy(readResource1.getIdentifier())));
    assertEquals(1, readResource1.getUsers().size());
    assertTrue(readResource1.getUsers().contains(new User.Builder().identifierGenerateFromSeed(user1).identity(user1).build().getIdentifier()));
    assertTrue(readResource1.getGroups().isEmpty());

    // but no write
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));

    // resource 2 -> read and write
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.READ));

    // read
    final AccessPolicy readResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
    assertNotNull(readResource2);
    assertTrue(accessPolicies.contains(readResource2));
    assertTrue(readResource2.equals(pluginWithPolicies.getAccessPolicy(readResource2.getIdentifier())));
    assertTrue(readResource2.getUsers().isEmpty());
    assertEquals(1, readResource2.getGroups().size());
    assertTrue(readResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));

    // and write
    final AccessPolicy writeResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
    assertNotNull(writeResource2);
    assertTrue(accessPolicies.contains(writeResource2));
    assertTrue(writeResource2.equals(pluginWithPolicies.getAccessPolicy(writeResource2.getIdentifier())));
    assertTrue(writeResource2.getUsers().isEmpty());
    assertEquals(1, writeResource2.getGroups().size());
    assertTrue(writeResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));

    // resource 3 -> no read or write
    assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.WRITE));
    assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.READ));

    // no read or write
    assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.WRITE));
    assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.READ));
}
 
Example 19
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 4 votes vote down vote up
@Test
public void testPoliciesWithoutUserGroupProvider() {
    final String user1 = "user-1";
    final String group1 = "group-1";

    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
    policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final String resourceIdentifier2 = "/resource-2";
    RangerPolicy.RangerPolicyResource resource2 = new RangerPolicy.RangerPolicyResource(resourceIdentifier2);

    final Map<String, RangerPolicy.RangerPolicyResource> policy2Resources = new HashMap<>();
    policy2Resources.put(resourceIdentifier2, resource2);

    final RangerPolicy.RangerPolicyItem policy2Item = new RangerPolicy.RangerPolicyItem();
    policy2Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("READ"), new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    policy2Item.setGroups(Stream.of(group1).collect(Collectors.toList()));

    final RangerPolicy policy2 = new RangerPolicy();
    policy2.setResources(policy2Resources);
    policy2.setPolicyItems(Stream.of(policy2Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);
    policies.add(policy2);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the two ranger policies converted into 3 nifi-registry access policies
    final Set<AccessPolicy> accessPolicies = pluginWithPolicies.getAccessPolicies();
    assertEquals(3, accessPolicies.size());

    // resource 1 -> read but no write
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));

    // read
    final AccessPolicy readResource1 = pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ);
    assertNotNull(readResource1);
    assertTrue(accessPolicies.contains(readResource1));
    assertTrue(readResource1.equals(pluginWithPolicies.getAccessPolicy(readResource1.getIdentifier())));
    assertEquals(1, readResource1.getUsers().size());
    assertTrue(readResource1.getUsers().contains(new User.Builder().identifierGenerateFromSeed(user1).identity(user1).build().getIdentifier()));
    assertTrue(readResource1.getGroups().isEmpty());

    // but no write
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));

    // resource 2 -> read and write
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.READ));

    // read
    final AccessPolicy readResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
    assertNotNull(readResource2);
    assertTrue(accessPolicies.contains(readResource2));
    assertTrue(readResource2.equals(pluginWithPolicies.getAccessPolicy(readResource2.getIdentifier())));
    assertTrue(readResource2.getUsers().isEmpty());
    assertEquals(1, readResource2.getGroups().size());
    assertTrue(readResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));

    // and write
    final AccessPolicy writeResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
    assertNotNull(writeResource2);
    assertTrue(accessPolicies.contains(writeResource2));
    assertTrue(writeResource2.equals(pluginWithPolicies.getAccessPolicy(writeResource2.getIdentifier())));
    assertTrue(writeResource2.getUsers().isEmpty());
    assertEquals(1, writeResource2.getGroups().size());
    assertTrue(writeResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));

    // resource 3 -> no read or write
    assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.WRITE));
    assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.READ));

    // no read or write
    assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.WRITE));
    assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.READ));
}