org.apache.ranger.plugin.model.RangerServiceDef Java Examples
The following examples show how to use
org.apache.ranger.plugin.model.RangerServiceDef.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TestServiceREST.java From ranger with Apache License 2.0 | 6 votes |
|
@Test
public void test4getServiceDefById() throws Exception {
RangerServiceDef rangerServiceDef = rangerServiceDef();
XXServiceDef xServiceDef = serviceDef();
XXServiceDefDao xServiceDefDao = Mockito.mock(XXServiceDefDao.class);
Mockito.when(daoManager.getXXServiceDef()).thenReturn(xServiceDefDao);
Mockito.when(xServiceDefDao.getById(Id)).thenReturn(xServiceDef);
Mockito.when(!bizUtil.hasAccess(xServiceDef, null)).thenReturn(true);
Mockito.when(svcStore.getServiceDef(rangerServiceDef.getId()))
.thenReturn(rangerServiceDef);
RangerServiceDef dbRangerServiceDef = serviceREST
.getServiceDef(rangerServiceDef.getId());
Assert.assertNotNull(dbRangerServiceDef);
Assert.assertEquals(dbRangerServiceDef.getId(),
rangerServiceDef.getId());
Mockito.verify(svcStore).getServiceDef(rangerServiceDef.getId());
Mockito.verify(daoManager).getXXServiceDef();
Mockito.verify(bizUtil).hasAccess(xServiceDef, null);
}
Example #2
| Source File: RangerBaseService.java From ranger with Apache License 2.0 | 6 votes |
|
protected List<RangerPolicy.RangerPolicyItemAccess> getAllowedAccesses(Map<String, RangerPolicy.RangerPolicyResource> policyResources) {
List<RangerPolicy.RangerPolicyItemAccess> ret = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
RangerServiceDef.RangerResourceDef leafResourceDef = ServiceDefUtil.getLeafResourceDef(serviceDef, policyResources);
if (leafResourceDef != null) {
Set<String> accessTypeRestrictions = leafResourceDef.getAccessTypeRestrictions();
for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : serviceDef.getAccessTypes()) {
boolean isAccessTypeAllowed = CollectionUtils.isEmpty(accessTypeRestrictions) || accessTypeRestrictions.contains(accessTypeDef.getName());
if (isAccessTypeAllowed) {
RangerPolicy.RangerPolicyItemAccess access = new RangerPolicy.RangerPolicyItemAccess();
access.setType(accessTypeDef.getName());
access.setIsAllowed(true);
ret.add(access);
}
}
}
return ret;
}
Example #3
| Source File: RangerBasePlugin.java From ranger with Apache License 2.0 | 6 votes |
|
private ServicePolicies getDefaultSvcPolicies() {
ServicePolicies ret = null;
RangerServiceDef serviceDef = getServiceDef();
if (serviceDef == null) {
serviceDef = getDefaultServiceDef();
}
if (serviceDef != null) {
ret = new ServicePolicies();
ret.setServiceDef(serviceDef);
ret.setServiceName(getServiceName());
ret.setPolicies(new ArrayList<RangerPolicy>());
}
return ret;
}
Example #4
| Source File: PatchForAtlasServiceDefUpdate_J10013.java From ranger with Apache License 2.0 | 6 votes |
|
private boolean updateTagAccessTypeDefs(List<RangerServiceDef.RangerAccessTypeDef> svcDefAccessTypes,
List<RangerServiceDef.RangerAccessTypeDef> tagDefAccessTypes, long itemIdOffset, String prefix,String newPrefix) {
List<RangerServiceDef.RangerAccessTypeDef> toUpdate = new ArrayList<>();
for (RangerServiceDef.RangerAccessTypeDef tagAccessType : tagDefAccessTypes) {
if (tagAccessType.getName().startsWith(prefix)) {
long svcAccessTypeItemId = tagAccessType.getItemId() - itemIdOffset;
RangerServiceDef.RangerAccessTypeDef svcAccessType = findAccessTypeDef(svcAccessTypeItemId,svcDefAccessTypes);
if (svcAccessType != null) {
if (updateTagAccessTypeDef(tagAccessType, svcAccessType, newPrefix)) {
toUpdate.add(tagAccessType);
}
}
}
}
boolean updateNeeded = false;
if (CollectionUtils.isNotEmpty(toUpdate)) {
updateNeeded = true;
}
return updateNeeded;
}
Example #5
| Source File: TestServiceDBStore.java From ranger with Apache License 2.0 | 6 votes |
|
@Test
public void test16getServiceDefByNameNotNull() throws Exception {
String name = "fdfdfds";
XXServiceDefDao xServiceDefDao = Mockito.mock(XXServiceDefDao.class);
XXServiceDef xServiceDef = Mockito.mock(XXServiceDef.class);
RangerServiceDef serviceDef = new RangerServiceDef();
Mockito.when(daoManager.getXXServiceDef()).thenReturn(xServiceDefDao);
Mockito.when(xServiceDefDao.findByName(name)).thenReturn(xServiceDef);
Mockito.when(serviceDefService.getPopulatedViewObject(xServiceDef))
.thenReturn(serviceDef);
RangerServiceDef dbServiceDef = serviceDBStore
.getServiceDefByName(name);
Assert.assertNotNull(dbServiceDef);
Mockito.verify(daoManager).getXXServiceDef();
}
Example #6
| Source File: RangerBaseService.java From ranger with Apache License 2.0 | 6 votes |
|
protected Map<String, RangerPolicy.RangerPolicyResource> createDefaultPolicyResource(List<RangerServiceDef.RangerResourceDef> resourceHierarchy) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerBaseService.createDefaultPolicyResource()");
}
Map<String, RangerPolicy.RangerPolicyResource> resourceMap = new HashMap<>();
for (RangerServiceDef.RangerResourceDef resourceDef : resourceHierarchy) {
RangerPolicy.RangerPolicyResource polRes = new RangerPolicy.RangerPolicyResource();
polRes.setIsExcludes(false);
polRes.setIsRecursive(resourceDef.getRecursiveSupported());
polRes.setValue(RangerAbstractResourceMatcher.WILDCARD_ASTERISK);
resourceMap.put(resourceDef.getName(), polRes);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerBaseService.createDefaultPolicyResource():" + resourceMap);
}
return resourceMap;
}
Example #7
| Source File: RangerCustomConditionEvaluator.java From ranger with Apache License 2.0 | 6 votes |
|
private RangerServiceDef.RangerPolicyConditionDef getConditionDef(String conditionName, RangerServiceDef serviceDef) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerCustomConditionEvaluator.getConditionDef(" + conditionName + ")");
}
RangerServiceDef.RangerPolicyConditionDef ret = null;
if (serviceDef != null && CollectionUtils.isNotEmpty(serviceDef.getPolicyConditions())) {
for(RangerServiceDef.RangerPolicyConditionDef conditionDef : serviceDef.getPolicyConditions()) {
if(StringUtils.equals(conditionName, conditionDef.getName())) {
ret = conditionDef;
break;
}
}
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerCustomConditionEvaluator.getConditionDef(" + conditionName + "): " + ret);
}
return ret;
}
Example #8
| Source File: RangerServiceDefService.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
protected RangerServiceDef mapEntityToViewBean(RangerServiceDef vObj, XXServiceDef xObj) {
RangerServiceDef ret = super.mapEntityToViewBean(vObj, xObj);
Map<String, String> serviceDefOptions = ret.getOptions();
if (serviceDefOptions.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES) == null) {
boolean enableDenyAndExceptionsInPoliciesHiddenOption = config.getBoolean("ranger.servicedef.enableDenyAndExceptionsInPolicies", true);
if (enableDenyAndExceptionsInPoliciesHiddenOption || StringUtils.equalsIgnoreCase(ret.getName(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
serviceDefOptions.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, "true");
} else {
serviceDefOptions.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, "false");
}
ret.setOptions(serviceDefOptions);
}
return ret;
}
Example #9
| Source File: ServiceDefUtil.java From ranger with Apache License 2.0 | 6 votes |
|
public static RangerDataMaskTypeDef getDataMaskType(RangerServiceDef serviceDef, String typeName) {
RangerDataMaskTypeDef ret = null;
if(serviceDef != null && serviceDef.getDataMaskDef() != null) {
List<RangerDataMaskTypeDef> maskTypes = serviceDef.getDataMaskDef().getMaskTypes();
if(CollectionUtils.isNotEmpty(maskTypes)) {
for(RangerDataMaskTypeDef maskType : maskTypes) {
if(StringUtils.equals(maskType.getName(), typeName)) {
ret = maskType;
break;
}
}
}
}
return ret;
}
Example #10
| Source File: RangerAccessResult.java From ranger with Apache License 2.0 | 6 votes |
|
public RangerAccessResult(final int policyType, final String serviceName, final RangerServiceDef serviceDef, final RangerAccessRequest request) {
this.serviceName = serviceName;
this.serviceDef = serviceDef;
this.request = request;
this.policyType = policyType;
this.isAccessDetermined = false;
this.isAllowed = false;
this.isAuditedDetermined = false;
this.isAudited = false;
this.auditPolicyId = -1;
this.policyId = -1;
this.zoneName = null;
this.policyVersion = null;
this.policyPriority = RangerPolicy.POLICY_PRIORITY_NORMAL;
this.evaluatedPoliciesCount = 0;
this.reason = null;
}
Example #11
| Source File: TestRangerServiceDefServiceBase.java From ranger with Apache License 2.0 | 6 votes |
|
@Test
public void test2MapEntityToViewBean() {
RangerServiceDef rangerServiceDef = rangerServiceDef();
XXServiceDef serviceDef = serviceDef();
RangerServiceDef dbRangerServiceDef = rangerServiceDefService
.mapEntityToViewBean(rangerServiceDef, serviceDef);
Assert.assertNotNull(dbRangerServiceDef);
Assert.assertEquals(dbRangerServiceDef, rangerServiceDef);
Assert.assertEquals(dbRangerServiceDef.getDescription(),
rangerServiceDef.getDescription());
Assert.assertEquals(dbRangerServiceDef.getGuid(),
rangerServiceDef.getGuid());
Assert.assertEquals(dbRangerServiceDef.getName(),
rangerServiceDef.getName());
Assert.assertEquals(dbRangerServiceDef.getId(),
rangerServiceDef.getId());
Assert.assertEquals(dbRangerServiceDef.getVersion(),
rangerServiceDef.getVersion());
}
Example #12
| Source File: PatchForPrestoToSupportPresto333_J10038.java From ranger with Apache License 2.0 | 5 votes |
|
private boolean checkAccessPresent(List<String> accesses, List<RangerServiceDef.RangerAccessTypeDef> embeddedAtlasAccessTypes) {
boolean ret = false;
for (RangerServiceDef.RangerAccessTypeDef accessDef : embeddedAtlasAccessTypes) {
if (accesses.contains(accessDef.getName())) {
ret = true;
break;
}
}
return ret;
}
Example #13
| Source File: PatchForHiveServiceDefUpdate_J10027.java From ranger with Apache License 2.0 | 5 votes |
|
private static boolean checkNewHiveAccessTypesPresent(List<RangerServiceDef.RangerAccessTypeDef> accessTypeDefs) {
boolean ret = false;
for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : accessTypeDefs) {
if (REFRESH_ACCESS_TYPE_NAME.equals(accessTypeDef.getName())) {
ret = true;
break;
}
}
return ret;
}
Example #14
| Source File: TestRangerBasePluginWithPolicies.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testExcludesPolicy() {
final String resourceIdentifier1 = "/resource-1";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
resource1.setIsExcludes(true);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the policy was skipped
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Example #15
| Source File: RangerPolicyRepository.java From ranger with Apache License 2.0 | 5 votes |
|
private void updateTrie(Map<String, RangerResourceTrie> trieMap, Integer policyDeltaType, RangerPolicyEvaluator oldEvaluator, RangerPolicyEvaluator newEvaluator) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerPolicyRepository.updateTrie(policyDeltaType=" + policyDeltaType + "): ");
}
for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
String resourceDefName = resourceDef.getName();
RangerResourceTrie<RangerPolicyEvaluator> trie = trieMap.get(resourceDefName);
if (trie == null) {
if (RangerPolicyDelta.CHANGE_TYPE_POLICY_DELETE == policyDeltaType || RangerPolicyDelta.CHANGE_TYPE_POLICY_UPDATE == policyDeltaType) {
LOG.warn("policyDeltaType is not for POLICY_CREATE and trie for resourceDef:[" + resourceDefName + "] was null! Should not have happened!!");
}
trie = new RangerResourceTrie<>(resourceDef, new ArrayList<>(), true, pluginContext);
trieMap.put(resourceDefName, trie);
}
if (policyDeltaType == RangerPolicyDelta.CHANGE_TYPE_POLICY_CREATE) {
addEvaluatorToTrie(newEvaluator, trie, resourceDefName);
} else if (policyDeltaType == RangerPolicyDelta.CHANGE_TYPE_POLICY_DELETE) {
removeEvaluatorFromTrie(oldEvaluator, trie, resourceDefName);
} else if (policyDeltaType == RangerPolicyDelta.CHANGE_TYPE_POLICY_UPDATE) {
removeEvaluatorFromTrie(oldEvaluator, trie, resourceDefName);
addEvaluatorToTrie(newEvaluator, trie, resourceDefName);
} else {
LOG.error("policyDeltaType:" + policyDeltaType + " is currently not handled, policy-id:[" + oldEvaluator.getPolicy().getId() +"]");
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerPolicyRepository.updateTrie(policyDeltaType=" + policyDeltaType + "): ");
}
}
Example #16
| Source File: PatchForTagServiceDefUpdate_J10028.java From ranger with Apache License 2.0 | 5 votes |
|
private RangerServiceDef.RangerResourceDef getResourceDefForTagResource(List<RangerServiceDef.RangerResourceDef> resourceDefs) {
RangerServiceDef.RangerResourceDef ret = null;
if (CollectionUtils.isNotEmpty(resourceDefs)) {
for (RangerServiceDef.RangerResourceDef resourceDef : resourceDefs) {
if (resourceDef.getName().equals(RangerServiceTag.TAG_RESOURCE_NAME)) {
ret = resourceDef;
break;
}
}
}
return ret;
}
Example #17
| Source File: RangerValidator.java From ranger with Apache License 2.0 | 5 votes |
|
Set<String> getAccessTypes(RangerServiceDef serviceDef) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerValidator.getAccessTypes(" + serviceDef + ")");
}
Set<String> accessTypes = new HashSet<>();
if (serviceDef == null) {
LOG.warn("serviceDef passed in was null!");
} else if (CollectionUtils.isEmpty(serviceDef.getAccessTypes())) {
LOG.warn("AccessTypeDef collection on serviceDef was null!");
} else {
for (RangerAccessTypeDef accessTypeDef : serviceDef.getAccessTypes()) {
if (accessTypeDef == null) {
LOG.warn("Access type def was null!");
} else {
String accessType = accessTypeDef.getName();
if (StringUtils.isBlank(accessType)) {
LOG.warn("Access type def name was null/empty/blank!");
} else {
accessTypes.add(accessType);
}
}
}
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerValidator.getAccessTypes(" + serviceDef + "): " + accessTypes);
}
return accessTypes;
}
Example #18
| Source File: RangerBaseService.java From ranger with Apache License 2.0 | 5 votes |
|
public void init(RangerServiceDef serviceDef, RangerService service) {
this.serviceDef = serviceDef;
this.service = service;
this.configs = service.getConfigs();
this.serviceName = service.getName();
this.serviceType = service.getType();
}
Example #19
| Source File: AbstractServiceStore.java From ranger with Apache License 2.0 | 5 votes |
|
private RangerServiceDef.RangerAccessTypeDef findAccessTypeDef(long itemId, List<RangerServiceDef.RangerAccessTypeDef> accessTypeDefs) {
RangerServiceDef.RangerAccessTypeDef ret = null;
for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : accessTypeDefs) {
if (itemId == accessTypeDef.getItemId()) {
ret = accessTypeDef;
break;
}
}
return ret;
}
Example #20
| Source File: TestRangerPolicyValidator.java From ranger with Apache License 2.0 | 5 votes |
|
@Test
public final void test_isValidServiceWithZone_failurePath() throws Exception{
boolean isAdmin = true;
when(_policy.getId()).thenReturn(1L);
when(_policy.getName()).thenReturn("my-all");
when(_policy.getService()).thenReturn("hdfssvc1");
when(_policy.getZoneName()).thenReturn("zone1");
when(_policy.getResources()).thenReturn(null);
when(_policy.getIsAuditEnabled()).thenReturn(Boolean.TRUE);
when(_policy.getIsEnabled()).thenReturn(Boolean.FALSE);
RangerService service = new RangerService();
service.setType("service-type");
service.setId(2L);
Action action = Action.CREATE;
List<String> tagSvcList = new ArrayList<String>();
tagSvcList.add("hdfssvc");
when(_store.getServiceByName("hdfssvc1")).thenReturn(service);
RangerSecurityZone securityZone = new RangerSecurityZone();
securityZone.setName("zone1");
securityZone.setId(1L);
securityZone.setTagServices(tagSvcList);
when(_store.getSecurityZone("zone1")).thenReturn(securityZone);
when(_store.getPolicyId(2L, "my-all", 1L)).thenReturn(null);
RangerServiceDef svcDef = new RangerServiceDef();
svcDef.setName("my-svc-def");
when(_store.getServiceDefByName("service-type")).thenReturn(svcDef);
RangerPolicyResourceSignature policySignature = mock(RangerPolicyResourceSignature.class);
when(_factory.createPolicyResourceSignature(_policy)).thenReturn(policySignature);
boolean isValid = _validator.isValid(_policy, action, isAdmin, _failures);
Assert.assertFalse(isValid);
Assert.assertEquals(_failures.get(0)._errorCode, 3048);
Assert.assertEquals(_failures.get(0)._reason,"Service name = hdfssvc1 is not associated to Zone name = zone1");
}
Example #21
| Source File: RangerServiceDefHelper.java From ranger with Apache License 2.0 | 5 votes |
|
public static Map<String, String> getFilterResourcesForAncestorPolicyFiltering(RangerServiceDef serviceDef, Map<String, String> filterResources) {
Map<String, String> ret = null;
for (RangerResourceDef resourceDef : serviceDef.getResources()) {
String matcherClassName = resourceDef.getMatcher();
if (RangerPathResourceMatcher.class.getName().equals(matcherClassName)) {
String resourceDefName = resourceDef.getName();
final Map<String, String> resourceMatcherOptions = resourceDef.getMatcherOptions();
String delimiter = resourceMatcherOptions.get(RangerPathResourceMatcher.OPTION_PATH_SEPARATOR);
if (StringUtils.isBlank(delimiter)) {
delimiter = Character.toString(RangerPathResourceMatcher.DEFAULT_PATH_SEPARATOR_CHAR);
}
String resourceValue = filterResources.get(resourceDefName);
if (StringUtils.isNotBlank(resourceValue)) {
if (!resourceValue.endsWith(delimiter)) {
resourceValue += delimiter;
}
resourceValue += RangerAbstractResourceMatcher.WILDCARD_ASTERISK;
if (ret == null) {
ret = new HashMap<String, String>();
}
ret.put(resourceDefName, resourceValue);
}
}
}
return ret;
}
Example #22
| Source File: PublicAPIsv2.java From ranger with Apache License 2.0 | 5 votes |
|
@GET
@Path("/api/servicedef/{id}")
@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
@Produces({ "application/json", "application/xml" })
public RangerServiceDef getServiceDef(@PathParam("id") Long id) {
return serviceREST.getServiceDef(id);
}
Example #23
| Source File: PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034.java From ranger with Apache License 2.0 | 5 votes |
|
private void addResourceEntityLabelAndEntityBusinessMetadataInServiceDef() throws Exception {
RangerServiceDef ret = null;
RangerServiceDef embeddedAtlasServiceDef = null;
XXServiceDef xXServiceDefObj = null;
RangerServiceDef dbAtlasServiceDef = null;
List<RangerServiceDef.RangerResourceDef> embeddedAtlasResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedAtlasAccessTypes = null;
embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance()
.getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
if (embeddedAtlasServiceDef != null) {
xXServiceDefObj = daoMgr.getXXServiceDef()
.findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
if (xXServiceDefObj == null) {
logger.info(xXServiceDefObj + ": service-def not found. No patching is needed");
return;
}
dbAtlasServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
embeddedAtlasResourceDefs = embeddedAtlasServiceDef.getResources();
embeddedAtlasAccessTypes = embeddedAtlasServiceDef.getAccessTypes();
if (checkResourcePresent(embeddedAtlasResourceDefs)) {
dbAtlasServiceDef.setResources(embeddedAtlasResourceDefs);
if (checkAccessPresent(embeddedAtlasAccessTypes)) {
dbAtlasServiceDef.setAccessTypes(embeddedAtlasAccessTypes);
}
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbAtlasServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbAtlasServiceDef);
if (ret == null) {
logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME
+ " service-def");
throw new RuntimeException("Error while updating "
+ EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def");
}
}
}
Example #24
| Source File: PatchForHiveServiceDefUpdate_J10009.java From ranger with Apache License 2.0 | 5 votes |
|
private boolean checkHiveAccessType(List<RangerServiceDef.RangerAccessTypeDef> embeddedHiveAccessTypes) {
boolean ret = false;
for (RangerServiceDef.RangerAccessTypeDef embeddedHiveAccessType : embeddedHiveAccessTypes) {
if ( embeddedHiveAccessType.getName().equals("repladmin") ) {
ret = true;
break;
}
}
return ret;
}
Example #25
| Source File: PatchForHiveServiceDefUpdate_J10010.java From ranger with Apache License 2.0 | 5 votes |
|
private boolean updateServiceDef(RangerServiceDef serviceDef, RangerServiceDef embeddedHiveServiceDef ) throws Exception {
boolean ret = false;
List<RangerServiceDef.RangerResourceDef> embeddedHiveResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedHiveAccessTypes = null;
embeddedHiveResourceDefs = embeddedHiveServiceDef.getResources();
embeddedHiveAccessTypes = embeddedHiveServiceDef.getAccessTypes();
if (checkHiveServiceresourcePresent(embeddedHiveResourceDefs)) {
// This is to check if HIVESERVICE def is added to the resource definition, if so update the resource def and accessType def
if (embeddedHiveResourceDefs != null) {
serviceDef.setResources(embeddedHiveResourceDefs);
}
if (embeddedHiveAccessTypes != null) {
if(!embeddedHiveAccessTypes.toString().equalsIgnoreCase(serviceDef.getAccessTypes().toString())) {
serviceDef.setAccessTypes(embeddedHiveAccessTypes);
}
}
ret = true;
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(serviceDef, Action.UPDATE);
svcStore.updateServiceDef(serviceDef);
return ret;
}
Example #26
| Source File: TestRangerValidator.java From ranger with Apache License 2.0 | 5 votes |
|
@Test
public void test_getValidationRegExes() {
// passing in null service def
Map<String, String> regExMap = _validator.getValidationRegExes((RangerServiceDef)null);
Assert.assertTrue(regExMap.isEmpty());
// that has null or empty access type def
RangerServiceDef serviceDef = mock(RangerServiceDef.class);
when(serviceDef.getResources()).thenReturn(null);
regExMap = _validator.getValidationRegExes(serviceDef);
Assert.assertTrue(regExMap.isEmpty());
List<RangerResourceDef> resourceDefs = new ArrayList<>();
when(serviceDef.getResources()).thenReturn(resourceDefs);
regExMap = _validator.getValidationRegExes(serviceDef);
Assert.assertTrue(regExMap.isEmpty());
// having null accesstypedefs
resourceDefs.add(null);
regExMap = _validator.getValidationRegExes(serviceDef);
Assert.assertTrue(regExMap.isEmpty());
// access type defs with null empty blank names are skipped, spaces within names are preserved
String[][] data = {
{ "a", null }, // null-regex
null, // this should put a null element in the resource def!
{ "b", "regex1" }, // valid
{ "c", "" }, // empty regex
{ "d", "regex2" }, // valid
{ "e", " " }, // blank regex
{ "f", "regex3" }, // all good
};
resourceDefs.addAll(_utils.createResourceDefsWithRegEx(data));
regExMap = _validator.getValidationRegExes(serviceDef);
Assert.assertEquals(3, regExMap.size());
Assert.assertEquals("regex1", regExMap.get("b"));
Assert.assertEquals("regex2", regExMap.get("d"));
Assert.assertEquals("regex3", regExMap.get("f"));
}
Example #27
| Source File: PatchForAtlasServiceDefUpdate_J10013.java From ranger with Apache License 2.0 | 5 votes |
|
private RangerServiceDef.RangerAccessTypeDef findAccessTypeDef(long itemId, List<RangerServiceDef.RangerAccessTypeDef> accessTypeDefs) {
RangerServiceDef.RangerAccessTypeDef ret = null;
for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : accessTypeDefs) {
if (itemId == accessTypeDef.getItemId()) {
ret = accessTypeDef;
break;
}
}
return ret;
}
Example #28
| Source File: PatchForKafkaServiceDefUpdate_J10025.java From ranger with Apache License 2.0 | 5 votes |
|
private boolean checkNewKafkaresourcePresent(List<RangerServiceDef.RangerResourceDef> resourceDefs) {
boolean ret = false;
for(RangerServiceDef.RangerResourceDef resourceDef : resourceDefs) {
if (CLUSTER_RESOURCE_NAME.equals(resourceDef.getName()) ) {
ret = true ;
break;
}
}
return ret;
}
Example #29
| Source File: PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034.java From ranger with Apache License 2.0 | 5 votes |
|
private boolean checkAccessPresent(List<RangerAccessTypeDef> embeddedAtlasAccessTypes) {
boolean ret = false;
for (RangerServiceDef.RangerAccessTypeDef accessDef : embeddedAtlasAccessTypes) {
if (ATLAS_ACCESS_TYPES.contains(accessDef.getName())) {
ret = true;
break;
}
}
return ret;
}
Example #30
| Source File: RangerServiceKMS.java From ranger with Apache License 2.0 | 5 votes |
|
private RangerPolicy.RangerPolicyItem createDefaultPolicyItem(List<RangerServiceDef.RangerAccessTypeDef> accessTypeDefs, List<String> users) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceTag.createDefaultPolicyItem()");
}
RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
policyItem.setUsers(users);
List<RangerPolicy.RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : accessTypeDefs) {
RangerPolicy.RangerPolicyItemAccess access = new RangerPolicy.RangerPolicyItemAccess();
access.setType(accessTypeDef.getName());
access.setIsAllowed(true);
accesses.add(access);
}
policyItem.setAccesses(accesses);
policyItem.setDelegateAdmin(true);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceTag.createDefaultPolicyItem(): " + policyItem );
}
return policyItem;
}
