Java Code Examples for org.apache.ranger.plugin.util.ServicePolicies#setPolicies()

The following examples show how to use org.apache.ranger.plugin.util.ServicePolicies#setPolicies() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestServiceREST.java    From ranger with Apache License 2.0 5 votes vote down vote up
public ServicePolicies servicePolicies() {
	ServicePolicies sp = new ServicePolicies();
	sp.setAuditMode("auditMode");
	RangerPolicy rangerPolicy = rangerPolicy();
	List<RangerPolicy> rpolList = new ArrayList<RangerPolicy>();
	rpolList.add(rangerPolicy);
	sp.setPolicies(rpolList);
	sp.setPolicyVersion(1l);
	sp.setServiceName("serviceName");
	sp.setServiceId(1l);
	return sp;
}
 
Example 2
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testDelegateAdmin() {
    final String user1 = "user-1";

    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ"), new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
    policy1Item.setDelegateAdmin(true);

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    assertEquals(4, pluginWithPolicies.getAccessPolicies().size());
    assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
    assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
    assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.READ));
    assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.WRITE));
}
 
Example 3
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testRecursivePolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
    resource1.setIsRecursive(true);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 4
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testExcludesPolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
    resource1.setIsExcludes(true);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 5
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testWildcardResourceValue() {
    final String resourceIdentifier1 = "*";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 6
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testMissingResourceValue() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource();

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 7
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testDisabledPolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setIsEnabled(false);
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
}
 
Example 8
Source File: TestServiceREST.java    From ranger with Apache License 2.0 5 votes vote down vote up
@Test
public void test28getPoliciesWithServiceAdmin() throws Exception {
	HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
	SearchFilter filter = new SearchFilter();
	XXService xs = Mockito.mock(XXService.class);
	xs.setType(3L);
	XXGroupUserDao xGroupDao = Mockito.mock(XXGroupUserDao.class);
	ServiceREST spySVCRest = Mockito.spy(serviceREST);
	List<RangerPolicy> policies = new ArrayList<RangerPolicy>();
	ServicePolicies svcPolicies = new ServicePolicies();
	svcPolicies.setPolicies(policies);
	svcPolicies.setServiceName("HDFS_1-1-20150316062453");
	RangerPolicy rPol=rangerPolicy();
	policies.add(rPol);
	filter.setParam(SearchFilter.POLICY_NAME, "policyName");
	filter.setParam(SearchFilter.SERVICE_NAME, "serviceName");
	Mockito.when(searchUtil.getSearchFilter(request, policyService.sortFields)).thenReturn(filter);
	Mockito.when(svcStore.getPolicies(filter)).thenReturn(policies);
	/*here we are setting serviceAdminRole, so we will get the required policy with serviceAdmi role*/
	Mockito.when(daoManager.getXXGroupUser()).thenReturn(xGroupDao);
	Mockito.when(svcStore.isServiceAdminUser(rPol.getService(), null)).thenReturn(true);
	Mockito.doReturn(policyAdmin).when(spySVCRest).getPolicyAdminForDelegatedAdmin("HDFS_1-1-20150316062453");
	RangerPolicyList dbRangerPolicy = spySVCRest.getPolicies(request);
	Assert.assertNotNull(dbRangerPolicy);
	Assert.assertEquals(dbRangerPolicy.getListSize(), 1);
	Mockito.verify(searchUtil).getSearchFilter(request,
			policyService.sortFields);
	Mockito.verify(svcStore).getPolicies(filter);
	Mockito.verify(svcStore).isServiceAdminUser(rPol.getService(), null);
}
 
Example 9
Source File: TestRangerBasePluginWithPolicies.java    From localization_nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testDoesPolicyExist() {
    final String resourceIdentifier1 = "resource1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);

    final String resourceIdentifier2 = "resource2";
    RangerPolicy.RangerPolicyResource resource2 = new RangerPolicy.RangerPolicyResource(resourceIdentifier2);

    final Map<String, RangerPolicy.RangerPolicyResource> policy2Resources = new HashMap<>();
    policy2Resources.put(resourceIdentifier2, resource2);

    final RangerPolicy policy2 = new RangerPolicy();
    policy2.setResources(policy2Resources);

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);
    policies.add(policy2);

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    Assert.assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier1));
    Assert.assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2));
    Assert.assertFalse(pluginWithPolicies.doesPolicyExist("resource3"));
}
 
Example 10
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Test
public void testDelegateAdmin() {
    final String user1 = "user-1";

    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("READ"), new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
    policy1Item.setDelegateAdmin(true);

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    assertEquals(4, pluginWithPolicies.getAccessPolicies().size());
    assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
    assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
    assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.READ));
    assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.WRITE));
}
 
Example 11
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Test
public void testRecursivePolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);
    resource1.setIsRecursive(true);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 12
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Test
public void testExcludesPolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);
    resource1.setIsExcludes(true);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 13
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Test
public void testWildcardResourceValue() {
    final String resourceIdentifier1 = "*";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 14
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Test
public void testMissingResourceValue() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource();

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 
Example 15
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Test
public void testDisabledPolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("READ")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setIsEnabled(false);
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
}
 
Example 16
Source File: RangerPolicyFactory.java    From ranger with Apache License 2.0 4 votes vote down vote up
private static void mutate(ServicePolicies servicePolicies, int numberOfPolicies) {
	servicePolicies.getPolicies().clear(); // reset
	servicePolicies.setPolicies(createPolicies(numberOfPolicies));
}
 
Example 17
Source File: TestServiceREST.java    From ranger with Apache License 2.0 4 votes vote down vote up
@Test
public void test16createPolicyFalse() throws Exception {
	RangerPolicy rangerPolicy = rangerPolicy();
	RangerServiceDef rangerServiceDef = rangerServiceDef();

	List<RangerPolicy> policies = new ArrayList<RangerPolicy>();
	RangerPolicy rangPolicy = new RangerPolicy();
	policies.add(rangPolicy);

	String userName = "admin";
	Set<String> userGroupsList = new HashSet<String>();
	userGroupsList.add("group1");
	userGroupsList.add("group2");

	ServicePolicies servicePolicies = new ServicePolicies();
	servicePolicies.setServiceId(Id);
	servicePolicies.setServiceName("Hdfs_1");
	servicePolicies.setPolicyVersion(1L);
	servicePolicies.setPolicyUpdateTime(new Date());
	servicePolicies.setServiceDef(rangerServiceDef);
	servicePolicies.setPolicies(policies);

	List<RangerAccessTypeDef> rangerAccessTypeDefList = new ArrayList<RangerServiceDef.RangerAccessTypeDef>();
	RangerAccessTypeDef rangerAccessTypeDefObj = new RangerAccessTypeDef();
	rangerAccessTypeDefObj.setLabel("Read");
	rangerAccessTypeDefObj.setName("read");
	rangerAccessTypeDefObj.setRbKeyLabel(null);
	rangerAccessTypeDefList.add(rangerAccessTypeDefObj);
	XXServiceDef xServiceDef = serviceDef();
	XXService xService = xService();
	XXServiceDefDao xServiceDefDao = Mockito.mock(XXServiceDefDao.class);
	XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);

	Mockito.when(validatorFactory.getPolicyValidator(svcStore)).thenReturn(
			policyValidator);
	Mockito.when(bizUtil.isAdmin()).thenReturn(true);
	Mockito.when(bizUtil.getCurrentUserLoginId()).thenReturn(userName);
	Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
	Mockito.when(xServiceDao.findByName(Mockito.anyString())).thenReturn(
			xService);
	Mockito.when(daoManager.getXXServiceDef()).thenReturn(xServiceDefDao);
	Mockito.when(xServiceDefDao.getById(xService.getType())).thenReturn(
			xServiceDef);
	Mockito.when(svcStore.createPolicy((RangerPolicy) Mockito.any()))
			.thenReturn(rangPolicy);

	RangerPolicy dbRangerPolicy = serviceREST.createPolicy(rangerPolicy,null);
	Assert.assertNotNull(dbRangerPolicy);
	Mockito.verify(bizUtil, Mockito.times(2)).isAdmin();
	Mockito.verify(validatorFactory).getPolicyValidator(svcStore);

	Mockito.verify(daoManager).getXXService();
	Mockito.verify(daoManager).getXXServiceDef();
}
 
Example 18
Source File: TestRangerBasePluginWithPolicies.java    From nifi with Apache License 2.0 4 votes vote down vote up
@Test
public void testPoliciesWithoutUserGroupProvider() {
    final String user1 = "user-1";
    final String group1 = "group-1";

    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
    policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final String resourceIdentifier2 = "/resource-2";
    RangerPolicyResource resource2 = new RangerPolicyResource(resourceIdentifier2);

    final Map<String, RangerPolicyResource> policy2Resources = new HashMap<>();
    policy2Resources.put(resourceIdentifier2, resource2);

    final RangerPolicyItem policy2Item = new RangerPolicyItem();
    policy2Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ"), new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    policy2Item.setGroups(Stream.of(group1).collect(Collectors.toList()));

    final RangerPolicy policy2 = new RangerPolicy();
    policy2.setResources(policy2Resources);
    policy2.setPolicyItems(Stream.of(policy2Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);
    policies.add(policy2);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the two ranger policies converted into 3 nifi access policies
    final Set<AccessPolicy> accessPolicies = pluginWithPolicies.getAccessPolicies();
    assertEquals(3, accessPolicies.size());

    // resource 1 -> read but no write
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));

    // read
    final AccessPolicy readResource1 = pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ);
    assertNotNull(readResource1);
    assertTrue(accessPolicies.contains(readResource1));
    assertTrue(readResource1.equals(pluginWithPolicies.getAccessPolicy(readResource1.getIdentifier())));
    assertEquals(1, readResource1.getUsers().size());
    assertTrue(readResource1.getUsers().contains(new User.Builder().identifierGenerateFromSeed(user1).identity(user1).build().getIdentifier()));
    assertTrue(readResource1.getGroups().isEmpty());

    // but no write
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));

    // resource 2 -> read and write
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.READ));

    // read
    final AccessPolicy readResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
    assertNotNull(readResource2);
    assertTrue(accessPolicies.contains(readResource2));
    assertTrue(readResource2.equals(pluginWithPolicies.getAccessPolicy(readResource2.getIdentifier())));
    assertTrue(readResource2.getUsers().isEmpty());
    assertEquals(1, readResource2.getGroups().size());
    assertTrue(readResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));

    // and write
    final AccessPolicy writeResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
    assertNotNull(writeResource2);
    assertTrue(accessPolicies.contains(writeResource2));
    assertTrue(writeResource2.equals(pluginWithPolicies.getAccessPolicy(writeResource2.getIdentifier())));
    assertTrue(writeResource2.getUsers().isEmpty());
    assertEquals(1, writeResource2.getGroups().size());
    assertTrue(writeResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));

    // resource 3 -> no read or write
    assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.WRITE));
    assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.READ));

    // no read or write
    assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.WRITE));
    assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.READ));
}
 
Example 19
Source File: TestRangerBasePluginWithPolicies.java    From nifi-registry with Apache License 2.0 4 votes vote down vote up
@Test
public void testPoliciesWithoutUserGroupProvider() {
    final String user1 = "user-1";
    final String group1 = "group-1";

    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
    policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final String resourceIdentifier2 = "/resource-2";
    RangerPolicy.RangerPolicyResource resource2 = new RangerPolicy.RangerPolicyResource(resourceIdentifier2);

    final Map<String, RangerPolicy.RangerPolicyResource> policy2Resources = new HashMap<>();
    policy2Resources.put(resourceIdentifier2, resource2);

    final RangerPolicy.RangerPolicyItem policy2Item = new RangerPolicy.RangerPolicyItem();
    policy2Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("READ"), new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    policy2Item.setGroups(Stream.of(group1).collect(Collectors.toList()));

    final RangerPolicy policy2 = new RangerPolicy();
    policy2.setResources(policy2Resources);
    policy2.setPolicyItems(Stream.of(policy2Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);
    policies.add(policy2);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the two ranger policies converted into 3 nifi-registry access policies
    final Set<AccessPolicy> accessPolicies = pluginWithPolicies.getAccessPolicies();
    assertEquals(3, accessPolicies.size());

    // resource 1 -> read but no write
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));

    // read
    final AccessPolicy readResource1 = pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ);
    assertNotNull(readResource1);
    assertTrue(accessPolicies.contains(readResource1));
    assertTrue(readResource1.equals(pluginWithPolicies.getAccessPolicy(readResource1.getIdentifier())));
    assertEquals(1, readResource1.getUsers().size());
    assertTrue(readResource1.getUsers().contains(new User.Builder().identifierGenerateFromSeed(user1).identity(user1).build().getIdentifier()));
    assertTrue(readResource1.getGroups().isEmpty());

    // but no write
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));

    // resource 2 -> read and write
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.READ));

    // read
    final AccessPolicy readResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
    assertNotNull(readResource2);
    assertTrue(accessPolicies.contains(readResource2));
    assertTrue(readResource2.equals(pluginWithPolicies.getAccessPolicy(readResource2.getIdentifier())));
    assertTrue(readResource2.getUsers().isEmpty());
    assertEquals(1, readResource2.getGroups().size());
    assertTrue(readResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));

    // and write
    final AccessPolicy writeResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
    assertNotNull(writeResource2);
    assertTrue(accessPolicies.contains(writeResource2));
    assertTrue(writeResource2.equals(pluginWithPolicies.getAccessPolicy(writeResource2.getIdentifier())));
    assertTrue(writeResource2.getUsers().isEmpty());
    assertEquals(1, writeResource2.getGroups().size());
    assertTrue(writeResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));

    // resource 3 -> no read or write
    assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.WRITE));
    assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.READ));

    // no read or write
    assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.WRITE));
    assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.READ));
}