org.apache.ranger.plugin.util.ServicePolicies Java Examples
The following examples show how to use
org.apache.ranger.plugin.util.ServicePolicies.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: RangerPolicyAdminCache.java From ranger with Apache License 2.0 | 6 votes |
|
private ServicePolicies getUpdatedServicePolicies(String serviceName, ServicePolicies policies, ServiceStore svcStore, SecurityZoneStore zoneStore) throws Exception{
ServicePolicies ret = policies;
if (ret == null) {
ret = svcStore.getServicePoliciesIfUpdated(serviceName, -1L, false);
}
if (zoneStore != null) {
Map<String, RangerSecurityZone.RangerSecurityZoneService> securityZones = zoneStore.getSecurityZonesForService(serviceName);
if (MapUtils.isNotEmpty(securityZones)) {
ret = getUpdatedServicePoliciesForZones(ret, securityZones);
}
}
return ret;
}
Example #2
| Source File: ServiceREST.java From ranger with Apache License 2.0 | 6 votes |
|
private void patchAssociatedTagServiceInSecurityZoneInfos(ServicePolicies servicePolicies) {
if (servicePolicies != null && MapUtils.isNotEmpty(servicePolicies.getSecurityZones())) {
// Get list of zones that associated tag-service (if any) is associated with
List<String> zonesInAssociatedTagService = new ArrayList<>();
String tagServiceName = servicePolicies.getTagPolicies() != null ? servicePolicies.getTagPolicies().getServiceName() : null;
if (StringUtils.isNotEmpty(tagServiceName)) {
try {
RangerService tagService = svcStore.getServiceByName(tagServiceName);
if (tagService != null && tagService.getIsEnabled()) {
zonesInAssociatedTagService = daoManager.getXXSecurityZoneDao().findZonesByTagServiceName(tagServiceName);
}
} catch (Exception exception) {
LOG.warn("Could not get service associated with [" + tagServiceName + "]", exception);
}
}
if (CollectionUtils.isNotEmpty(zonesInAssociatedTagService)) {
for (Map.Entry<String, ServicePolicies.SecurityZoneInfo> entry : servicePolicies.getSecurityZones().entrySet()) {
String zoneName = entry.getKey();
ServicePolicies.SecurityZoneInfo securityZoneInfo = entry.getValue();
securityZoneInfo.setContainsAssociatedTagService(zonesInAssociatedTagService.contains(zoneName));
}
}
}
}
Example #3
| Source File: RangerPolicyEnginePerformanceTest.java From ranger with Apache License 2.0 | 6 votes |
|
@Test
public void policyEngineTest() throws InterruptedException {
List<RangerAccessRequest> requests = requestsCache.getUnchecked(concurrency);
ServicePolicies servicePolicies = servicePoliciesCache.getUnchecked(numberOfPolicies);
RangerPluginContext pluginContext = new RangerPluginContext(new RangerPluginConfig("hive", null, "perf-test", "cl1", "on-prem", RangerPolicyFactory.createPolicyEngineOption()));
final RangerPolicyEngineImpl rangerPolicyEngine = new RangerPolicyEngineImpl(servicePolicies, pluginContext, null);
for (int iterations = 0; iterations < WARM_UP__ITERATIONS; iterations++) {
// using return value of 'isAccessAllowed' with a cheap operation: System#identityHashCode so JIT wont remove it as dead code
System.identityHashCode(rangerPolicyEngine.evaluatePolicies(requests.get(iterations % concurrency), RangerPolicy.POLICY_TYPE_ACCESS, null));
PerfDataRecorder.clearStatistics();
}
final CountDownLatch latch = new CountDownLatch(concurrency);
for (int i = 0; i < concurrency; i++) {
final RangerAccessRequest rangerAccessRequest = requests.get(i);
new Thread(new Runnable() {
@Override
public void run() {
System.identityHashCode(rangerPolicyEngine.evaluatePolicies(rangerAccessRequest, RangerPolicy.POLICY_TYPE_ACCESS, null));
latch.countDown();
}
}, String.format("Client #%s", i)).start();
}
latch.await();
}
Example #4
| Source File: RangerAdminClientImpl.java From ranger with Apache License 2.0 | 6 votes |
|
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
final String relativePath;
if (StringUtils.isNotBlank(hdfsVersion)) {
relativePath = "/src/test/resources/" + hdfsVersion + "/";
} else {
relativePath = "/src/test/resources/";
}
java.nio.file.Path cachePath = FileSystems.getDefault().getPath(basedir, relativePath + cacheFilename);
byte[] cacheBytes = Files.readAllBytes(cachePath);
return gson.fromJson(new String(cacheBytes), ServicePolicies.class);
}
Example #5
| Source File: TestRangerBasePluginWithPolicies.java From nifi-registry with Apache License 2.0 | 5 votes |
|
@Test
public void testDelegateAdmin() {
final String user1 = "user-1";
final String resourceIdentifier1 = "/resource-1";
RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);
final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("READ"), new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
policy1Item.setDelegateAdmin(true);
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi-registry");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
pluginWithPolicies.setPolicies(servicePolicies);
assertEquals(4, pluginWithPolicies.getAccessPolicies().size());
assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.READ));
assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.WRITE));
}
Example #6
| Source File: TestServiceREST.java From ranger with Apache License 2.0 | 5 votes |
|
@Test
public void test28getPoliciesWithServiceAdmin() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
SearchFilter filter = new SearchFilter();
XXService xs = Mockito.mock(XXService.class);
xs.setType(3L);
XXGroupUserDao xGroupDao = Mockito.mock(XXGroupUserDao.class);
ServiceREST spySVCRest = Mockito.spy(serviceREST);
List<RangerPolicy> policies = new ArrayList<RangerPolicy>();
ServicePolicies svcPolicies = new ServicePolicies();
svcPolicies.setPolicies(policies);
svcPolicies.setServiceName("HDFS_1-1-20150316062453");
RangerPolicy rPol=rangerPolicy();
policies.add(rPol);
filter.setParam(SearchFilter.POLICY_NAME, "policyName");
filter.setParam(SearchFilter.SERVICE_NAME, "serviceName");
Mockito.when(searchUtil.getSearchFilter(request, policyService.sortFields)).thenReturn(filter);
Mockito.when(svcStore.getPolicies(filter)).thenReturn(policies);
/*here we are setting serviceAdminRole, so we will get the required policy with serviceAdmi role*/
Mockito.when(daoManager.getXXGroupUser()).thenReturn(xGroupDao);
Mockito.when(svcStore.isServiceAdminUser(rPol.getService(), null)).thenReturn(true);
Mockito.doReturn(policyAdmin).when(spySVCRest).getPolicyAdminForDelegatedAdmin("HDFS_1-1-20150316062453");
RangerPolicyList dbRangerPolicy = spySVCRest.getPolicies(request);
Assert.assertNotNull(dbRangerPolicy);
Assert.assertEquals(dbRangerPolicy.getListSize(), 1);
Mockito.verify(searchUtil).getSearchFilter(request,
policyService.sortFields);
Mockito.verify(svcStore).getPolicies(filter);
Mockito.verify(svcStore).isServiceAdminUser(rPol.getService(), null);
}
Example #7
| Source File: RangerPolicyAdminImpl.java From ranger with Apache License 2.0 | 5 votes |
|
static public RangerPolicyAdmin getPolicyAdmin(final RangerPolicyAdminImpl other, final ServicePolicies servicePolicies) {
RangerPolicyAdmin ret = null;
if (other != null && servicePolicies != null) {
PolicyEngine policyEngine = other.policyEngine.cloneWithDelta(servicePolicies);
if (policyEngine != null) {
ret = new RangerPolicyAdminImpl(policyEngine);
}
}
return ret;
}
Example #8
| Source File: TestRangerBasePluginWithPolicies.java From nifi-registry with Apache License 2.0 | 5 votes |
|
@Test
public void testRecursivePolicy() {
final String resourceIdentifier1 = "/resource-1";
RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);
resource1.setIsRecursive(true);
final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi-registry");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the policy was skipped
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Example #9
| Source File: TestServiceREST.java From ranger with Apache License 2.0 | 5 votes |
|
public ServicePolicies servicePolicies() {
ServicePolicies sp = new ServicePolicies();
sp.setAuditMode("auditMode");
RangerPolicy rangerPolicy = rangerPolicy();
List<RangerPolicy> rpolList = new ArrayList<RangerPolicy>();
rpolList.add(rangerPolicy);
sp.setPolicies(rpolList);
sp.setPolicyVersion(1l);
sp.setServiceName("serviceName");
sp.setServiceId(1l);
return sp;
}
Example #10
| Source File: TestServiceREST.java From ranger with Apache License 2.0 | 5 votes |
|
@Test
public void test24getServicePoliciesIfUpdated() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
String serviceName = "HDFS_1";
Long lastKnownVersion = 1L;
String pluginId = "1";
ServicePolicies dbServicePolicies = serviceREST
.getServicePoliciesIfUpdated(serviceName, lastKnownVersion, 0L,
pluginId, "", "", false, capabilityVector, request);
Assert.assertNull(dbServicePolicies);
}
Example #11
| Source File: RangerBasePluginWithPolicies.java From localization_nifi with Apache License 2.0 | 5 votes |
|
@Override
public void setPolicies(ServicePolicies policies) {
super.setPolicies(policies);
if (policies == null || policies.getPolicies() == null) {
this.resources.set(new HashSet<>());
} else {
final Set<String> newResources = policies.getPolicies().stream()
.flatMap(p -> p.getResources().values().stream())
.flatMap(r -> r.getValues().stream())
.collect(Collectors.toSet());
this.resources.set(newResources);
}
}
Example #12
| Source File: TestServiceREST.java From ranger with Apache License 2.0 | 5 votes |
|
@Test
public void test56getServicePoliciesIfUpdated() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
ServicePolicies servicePolicies = servicePolicies();
String serviceName = "HDFS_1";
Long lastKnownVersion = 1L;
String pluginId = "1";
Mockito.when(serviceUtil.isValidateHttpsAuthentication(serviceName, request)).thenReturn(true);
Mockito.when(svcStore.getServicePoliciesIfUpdated(Mockito.anyString(), Mockito.anyLong(), Mockito.anyBoolean())).thenReturn(servicePolicies);
Mockito.when(zoneStore.getSecurityZonesForService(serviceName)).thenReturn(null);
ServicePolicies dbServicePolicies = serviceREST.getServicePoliciesIfUpdated(serviceName, lastKnownVersion, 0L,
pluginId, "", "", true, capabilityVector, request);
Assert.assertNotNull(dbServicePolicies);
}
Example #13
| Source File: TestServiceREST.java From ranger with Apache License 2.0 | 5 votes |
|
@Test
public void test59getSecureServicePoliciesIfUpdatedSuccess() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Long lastKnownVersion = 1L;
String pluginId = "1";
XXService xService = xService();
XXServiceDef xServiceDef = serviceDef();
xServiceDef.setImplclassname("org.apache.ranger.services.kms.RangerServiceKMS");
String serviceName = xService.getName();
RangerService rs = rangerService();
ServicePolicies sp = servicePolicies();
XXServiceDefDao xServiceDefDao = Mockito.mock(XXServiceDefDao.class);
Mockito.when(serviceUtil.isValidService(serviceName, request)).thenReturn(true);
Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
Mockito.when(xServiceDao.findByName(serviceName)).thenReturn(xService);
Mockito.when(daoManager.getXXServiceDef()).thenReturn(xServiceDefDao);
Mockito.when(xServiceDefDao.getById(xService.getType())).thenReturn(xServiceDef);
Mockito.when(svcStore.getServiceByNameForDP(serviceName)).thenReturn(rs);
Mockito.when(bizUtil.isUserAllowed(rs, ServiceREST.Allowed_User_List_For_Grant_Revoke)).thenReturn(true);
Mockito.when(svcStore.getServicePoliciesIfUpdated(Mockito.anyString(), Mockito.anyLong(), Mockito.anyBoolean())).thenReturn(sp);
Mockito.when(zoneStore.getSecurityZonesForService(serviceName)).thenReturn(null);
ServicePolicies dbServiceSecurePolicies = serviceREST.getSecureServicePoliciesIfUpdated(serviceName,
lastKnownVersion, 0L, pluginId, "", "", true, capabilityVector, request);
Assert.assertNotNull(dbServiceSecurePolicies);
Mockito.verify(serviceUtil).isValidService(serviceName, request);
Mockito.verify(xServiceDao).findByName(serviceName);
Mockito.verify(xServiceDefDao).getById(xService.getType());
Mockito.verify(svcStore).getServiceByNameForDP(serviceName);
Mockito.verify(bizUtil).isUserAllowed(rs, ServiceREST.Allowed_User_List_For_Grant_Revoke);
Mockito.verify(svcStore).getServicePoliciesIfUpdated(serviceName, lastKnownVersion, false);
}
Example #14
| Source File: TestServiceDBStore.java From ranger with Apache License 2.0 | 5 votes |
|
@Test
public void test33getServicePoliciesIfUpdated() throws Exception {
XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
XXServiceVersionInfoDao xServiceVersionInfoDao = Mockito.mock(XXServiceVersionInfoDao.class);
XXService xService = new XXService();
xService.setAddedByUserId(Id);
xService.setCreateTime(new Date());
xService.setDescription("Hdfs service");
xService.setGuid("serviceguid");
xService.setId(Id);
xService.setIsEnabled(true);
xService.setName("Hdfs");
xService.setPolicyUpdateTime(new Date());
xService.setPolicyVersion(1L);
xService.setType(1L);
xService.setUpdatedByUserId(Id);
xService.setUpdateTime(new Date());
XXServiceVersionInfo xServiceVersionInfo = new XXServiceVersionInfo();
xServiceVersionInfo.setServiceId(Id);
xServiceVersionInfo.setPolicyVersion(1L);
xServiceVersionInfo.setPolicyUpdateTime(new Date());
xServiceVersionInfo.setTagVersion(1L);
xServiceVersionInfo.setTagUpdateTime(new Date());
String serviceName = "HDFS_1";
Long lastKnownVersion = 1l;
Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
Mockito.when(daoManager.getXXServiceVersionInfo()).thenReturn(xServiceVersionInfoDao);
Mockito.when(xServiceDao.findByName(serviceName)).thenReturn(xService);
Mockito.when(xServiceVersionInfoDao.findByServiceName(serviceName)).thenReturn(xServiceVersionInfo);
ServicePolicies dbServicePolicies = serviceDBStore
.getServicePoliciesIfUpdated(serviceName, lastKnownVersion, true);
Assert.assertNull(dbServicePolicies);
}
Example #15
| Source File: RangerAdminClientImpl.java From ranger with Apache License 2.0 | 5 votes |
|
@Override
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis)
throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
java.nio.file.Path cachePath = FileSystems.getDefault()
.getPath(basedir, "/src/test/resources/" + cacheFilename);
byte[] cacheBytes = Files.readAllBytes(cachePath);
return gson.fromJson(new String(cacheBytes), ServicePolicies.class);
}
Example #16
| Source File: RangerAdminClientImpl.java From ranger with Apache License 2.0 | 5 votes |
|
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
java.nio.file.Path cachePath = FileSystems.getDefault().getPath(basedir, "/src/test/resources/" + cacheFilename);
byte[] cacheBytes = Files.readAllBytes(cachePath);
return gson.fromJson(new String(cacheBytes), ServicePolicies.class);
}
Example #17
| Source File: RangerAdminClientImpl.java From ranger with Apache License 2.0 | 5 votes |
|
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
java.nio.file.Path cachePath = FileSystems.getDefault().getPath(basedir, "/src/test/resources/" + cacheFilename);
byte[] cacheBytes = Files.readAllBytes(cachePath);
return gson.fromJson(new String(cacheBytes), ServicePolicies.class);
}
Example #18
| Source File: RangerAdminClientImpl.java From ranger with Apache License 2.0 | 5 votes |
|
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
java.nio.file.Path cachePath = FileSystems.getDefault().getPath(basedir, "/src/test/resources/" + cacheFilename);
byte[] cacheBytes = Files.readAllBytes(cachePath);
return gson.fromJson(new String(cacheBytes, Charsets.UTF_8), ServicePolicies.class);
}
Example #19
| Source File: RangerAdminClientImpl.java From ranger with Apache License 2.0 | 5 votes |
|
@Override
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis)
throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
java.nio.file.Path cachePath = FileSystems.getDefault()
.getPath(basedir, "/src/test/resources/" + cacheFilename);
byte[] cacheBytes = Files.readAllBytes(cachePath);
return gson.fromJson(new String(cacheBytes, Charset.defaultCharset()), ServicePolicies.class);
}
Example #20
| Source File: RangerPolicyEngineImpl.java From ranger with Apache License 2.0 | 5 votes |
|
static public RangerPolicyEngine getPolicyEngine(final RangerPolicyEngineImpl other, final ServicePolicies servicePolicies) {
RangerPolicyEngine ret = null;
if (other != null && servicePolicies != null) {
PolicyEngine policyEngine = other.policyEngine.cloneWithDelta(servicePolicies);
if (policyEngine != null) {
ret = new RangerPolicyEngineImpl(policyEngine, other);
}
}
return ret;
}
Example #21
| Source File: RangerAdminClientImpl.java From ranger with Apache License 2.0 | 5 votes |
|
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
java.nio.file.Path cachePath = FileSystems.getDefault().getPath(basedir, "/src/test/resources/" + cacheFilename);
byte[] cacheBytes = Files.readAllBytes(cachePath);
return gson.fromJson(new String(cacheBytes), ServicePolicies.class);
}
Example #22
| Source File: RangerAdminClientImpl.java From ranger with Apache License 2.0 | 5 votes |
|
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
java.nio.file.Path cachePath = FileSystems.getDefault().getPath(basedir, "/target/test-classes/" + cacheFilename);
byte[] cacheBytes = Files.readAllBytes(cachePath);
return gson.fromJson(new String(cacheBytes), ServicePolicies.class);
}
Example #23
| Source File: RangerAdminClientImpl.java From ranger with Apache License 2.0 | 5 votes |
|
public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
java.nio.file.Path cachePath = FileSystems.getDefault().getPath(basedir, "/src/test/resources/" + cacheFilename);
byte[] cacheBytes = Files.readAllBytes(cachePath);
return gson.fromJson(new String(cacheBytes), ServicePolicies.class);
}
Example #24
| Source File: RangerBasePluginWithPolicies.java From nifi with Apache License 2.0 | 5 votes |
|
@Override
public void setPolicies(final ServicePolicies policies) {
super.setPolicies(policies);
if (policies == null || policies.getPolicies() == null) {
this.policies.set(new PolicyLookup());
} else {
this.policies.set(createPolicyLookup(policies));
}
}
Example #25
| Source File: TestRangerBasePluginWithPolicies.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testDisabledPolicy() {
final String resourceIdentifier1 = "/resource-1";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setIsEnabled(false);
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the policy was skipped
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));
assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
}
Example #26
| Source File: TestRangerBasePluginWithPolicies.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testMissingResourceValue() {
final String resourceIdentifier1 = "/resource-1";
RangerPolicyResource resource1 = new RangerPolicyResource();
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the policy was skipped
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Example #27
| Source File: TestRangerBasePluginWithPolicies.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testWildcardResourceValue() {
final String resourceIdentifier1 = "*";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the policy was skipped
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Example #28
| Source File: TestRangerBasePluginWithPolicies.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testExcludesPolicy() {
final String resourceIdentifier1 = "/resource-1";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
resource1.setIsExcludes(true);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the policy was skipped
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Example #29
| Source File: TestRangerBasePluginWithPolicies.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testRecursivePolicy() {
final String resourceIdentifier1 = "/resource-1";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
resource1.setIsRecursive(true);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the policy was skipped
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Example #30
| Source File: TestRangerBasePluginWithPolicies.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testDelegateAdmin() {
final String user1 = "user-1";
final String resourceIdentifier1 = "/resource-1";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ"), new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
policy1Item.setDelegateAdmin(true);
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
pluginWithPolicies.setPolicies(servicePolicies);
assertEquals(4, pluginWithPolicies.getAccessPolicies().size());
assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.READ));
assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.WRITE));
}
