Java Code Examples for org.apache.ranger.plugin.model.RangerPolicy#RangerPolicyItemCondition
The following examples show how to use
org.apache.ranger.plugin.model.RangerPolicy#RangerPolicyItemCondition .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RangerDefaultPolicyEvaluatorTest.java From ranger with Apache License 2.0 | 6 votes |
|
RangerPolicyItem getMockPolicyItem(String[] strings) {
RangerPolicyItem policyItem = mock(RangerPolicyItem.class);
if (strings == null) {
when(policyItem.getConditions()).thenReturn(null);
} else if (strings.length == 0) {
when(policyItem.getConditions()).thenReturn(new ArrayList<RangerPolicy.RangerPolicyItemCondition>());
} else {
List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicy.RangerPolicyItemCondition>(strings.length);
for (String name : strings) {
RangerPolicyItemCondition aCondition = mock(RangerPolicyItemCondition.class);
when(aCondition.getType()).thenReturn(name);
when(aCondition.getValues()).thenReturn(null); // values aren't used/needed so set it to a predictable value
conditions.add(aCondition);
}
when(policyItem.getConditions()).thenReturn(conditions);
}
return policyItem;
}
Example 2
| Source File: RangerDefaultPolicyEvaluatorTest.java From ranger with Apache License 2.0 | 5 votes |
|
RangerPolicyItem createPolicyItemForConditions(String[] conditions) {
List<RangerPolicyItemCondition> itemConditions = new ArrayList<RangerPolicy.RangerPolicyItemCondition>(conditions.length);
for (String conditionName : conditions) {
RangerPolicyItemCondition condition = mock(RangerPolicyItemCondition.class);
when(condition.getType()).thenReturn(conditionName);
itemConditions.add(condition);
}
RangerPolicyItem policyItem = mock(RangerPolicyItem.class);
when(policyItem.getConditions()).thenReturn(itemConditions);
return policyItem;
}
Example 3
| Source File: PatchForKafkaServiceDefUpdate_J10033.java From ranger with Apache License 2.0 | 4 votes |
|
private RangerPolicy getRangerPolicy(String newResource, XXPortalUser xxPortalUser, XXService xxService) {
RangerPolicy policy = new RangerPolicy();
List<RangerPolicy.RangerPolicyItemAccess> accesses = getPolicyItemAccesses();
List<String> users = new ArrayList<>(DEFAULT_POLICY_USERS);
List<String> groups = new ArrayList<>(DEFAULT_POLICY_GROUP);
List<RangerPolicy.RangerPolicyItemCondition> conditions = new ArrayList<>();
List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<>();
RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
rangerPolicyItem.setAccesses(accesses);
rangerPolicyItem.setConditions(conditions);
rangerPolicyItem.setGroups(groups);
rangerPolicyItem.setUsers(users);
rangerPolicyItem.setDelegateAdmin(false);
policyItems.add(rangerPolicyItem);
Map<String, RangerPolicy.RangerPolicyResource> policyResource = new HashMap<>();
RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource();
rangerPolicyResource.setIsExcludes(false);
rangerPolicyResource.setIsRecursive(false);
rangerPolicyResource.setValue("*");
String policyResourceName = CONSUMERGROUP_RESOURCE_NAME;
policyResource.put(policyResourceName, rangerPolicyResource);
policy.setCreateTime(new Date());
policy.setDescription(newResource);
policy.setIsEnabled(true);
policy.setName(newResource);
policy.setCreatedBy(xxPortalUser.getLoginId());
policy.setUpdatedBy(xxPortalUser.getLoginId());
policy.setUpdateTime(new Date());
policy.setService(xxService.getName());
policy.setIsAuditEnabled(true);
policy.setPolicyItems(policyItems);
policy.setResources(policyResource);
policy.setPolicyType(0);
policy.setId(0L);
policy.setGuid("");
policy.setPolicyLabels(new ArrayList<>());
policy.setVersion(1L);
RangerPolicyResourceSignature resourceSignature = new RangerPolicyResourceSignature(policy);
policy.setResourceSignature(resourceSignature.getSignature());
return policy;
}
Example 4
| Source File: PatchForKafkaServiceDefUpdate_J10025.java From ranger with Apache License 2.0 | 4 votes |
|
private RangerPolicy getRangerPolicy(String newResource, XXPortalUser xxPortalUser, XXService xxService) {
RangerPolicy policy = new RangerPolicy();
List<RangerPolicy.RangerPolicyItemAccess> accesses = getPolicyItemAccesses();
List<String> users = new ArrayList<>(DEFAULT_POLICY_USERS);
List<String> groups = new ArrayList<>();
List<RangerPolicy.RangerPolicyItemCondition> conditions = new ArrayList<>();
List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<>();
RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
rangerPolicyItem.setAccesses(accesses);
rangerPolicyItem.setConditions(conditions);
rangerPolicyItem.setGroups(groups);
rangerPolicyItem.setUsers(users);
rangerPolicyItem.setDelegateAdmin(false);
policyItems.add(rangerPolicyItem);
Map<String, RangerPolicy.RangerPolicyResource> policyResource = new HashMap<>();
RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource();
rangerPolicyResource.setIsExcludes(false);
rangerPolicyResource.setIsRecursive(false);
rangerPolicyResource.setValue("*");
String policyResourceName = KAFKA_RESOURCE_CLUSTER;
if ("all - delegationtoken".equals(newResource)) {
policyResourceName = KAFKA_RESOURCE_DELEGATIONTOKEN;
}
policyResource.put(policyResourceName, rangerPolicyResource);
policy.setCreateTime(new Date());
policy.setDescription(newResource);
policy.setIsEnabled(true);
policy.setName(newResource);
policy.setCreatedBy(xxPortalUser.getLoginId());
policy.setUpdatedBy(xxPortalUser.getLoginId());
policy.setUpdateTime(new Date());
policy.setService(xxService.getName());
policy.setIsAuditEnabled(true);
policy.setPolicyItems(policyItems);
policy.setResources(policyResource);
policy.setPolicyType(0);
policy.setId(0L);
policy.setGuid("");
policy.setPolicyLabels(new ArrayList<>());
policy.setVersion(1L);
RangerPolicyResourceSignature resourceSignature = new RangerPolicyResourceSignature(policy);
policy.setResourceSignature(resourceSignature.getSignature());
return policy;
}
Example 5
| Source File: TestServiceUtil.java From ranger with Apache License 2.0 | 4 votes |
|
@Test
public void testToRangerPolicyForPermGroup(){
RangerPolicyItemCondition rpic = new RangerPolicyItemCondition();
List<String> valuesList = new ArrayList<String>();
valuesList.add("10.129.25.56");
rpic.setType("ipaddress");
rpic.setValues(valuesList);
List<String> usersList = new ArrayList<String>();
usersList.add("rangerAdmin");
List<String> groupList = new ArrayList<String>();
List<RangerPolicyItemCondition> listRPIC = new ArrayList<RangerPolicy.RangerPolicyItemCondition>();
listRPIC.add(rpic);
RangerPolicyItemAccess rpia = new RangerPolicyItemAccess();
rpia.setIsAllowed(true);
rpia.setType("drop");
List<RangerPolicyItemAccess> listRPIA = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
listRPIA.add(rpia);
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.setConditions(listRPIC);
rangerPolicyItem.setAccesses(listRPIA);
rangerPolicyItem.setDelegateAdmin(false);
rangerPolicyItem.setUsers(usersList);
rangerPolicyItem.setGroups(groupList);
List<RangerPolicyItem> listRangerPolicyItem = new ArrayList<RangerPolicy.RangerPolicyItem>();
listRangerPolicyItem.add(rangerPolicyItem);
RangerPolicy expectedRangerPolicy = new RangerPolicy();
expectedRangerPolicy.setId(1L);
expectedRangerPolicy.setName("hive Policy");
expectedRangerPolicy.setService("hive");
expectedRangerPolicy.setDescription("hive policy description");
expectedRangerPolicy.setPolicyItems(listRangerPolicyItem);
VXPermMap vXPermMap = new VXPermMap();
vXPermMap.setId(5L);
vXPermMap.setGroupName("myGroup");
vXPermMap.setPermGroup("permGroup");
vXPermMap.setUserName("rangerAdmin");
vXPermMap.setPermType(12);
vXPermMap.setPermFor(AppConstants.XA_PERM_FOR_USER);
vXPermMap.setIpAddress("10.129.25.56");
List<VXPermMap> vXPermMapList = new ArrayList<VXPermMap>();
vXPermMapList.add(vXPermMap);
VXAuditMap vXAuditMap = new VXAuditMap();
vXAuditMap.setId(1L);
vXAuditMap.setOwner("rangerAdmin");
List<VXAuditMap> vXAuditMapList = new ArrayList<VXAuditMap>();
vXAuditMapList.add(vXAuditMap);
RangerService rangerService = new RangerService();
rangerService.setName("hive");
rangerService.setType("hive");
VXResource resource = new VXResource();
resource.setId(1L);
resource.setUpdateDate(new Date());
resource.setCreateDate(new Date());
resource.setOwner("rangerAdmin");
resource.setUpdatedBy("rangerAdmin");
resource.setPolicyName("hive Policy");
resource.setDescription("hive policy description");
resource.setResourceStatus(RangerCommonEnums.STATUS_ENABLED);
resource.setIsRecursive(1);
resource.setTableType(1);
resource.setColumnType(1);
resource.setPermMapList(vXPermMapList);
RangerPolicy actualRangerPolicy = serviceUtil.toRangerPolicy(resource, rangerService);
Assert.assertNotNull(actualRangerPolicy);
Assert.assertEquals(expectedRangerPolicy.getId(), actualRangerPolicy.getId());
Assert.assertEquals(expectedRangerPolicy.getName(), actualRangerPolicy.getName());
Assert.assertEquals(expectedRangerPolicy.getService(), actualRangerPolicy.getService());
Assert.assertEquals(expectedRangerPolicy.getDescription(), actualRangerPolicy.getDescription());
Assert.assertEquals(expectedRangerPolicy.getPolicyItems(), actualRangerPolicy.getPolicyItems());
}
Example 6
| Source File: TestServiceUtil.java From ranger with Apache License 2.0 | 4 votes |
|
@Test
public void testToRangerPolicy(){
Date date = new Date();
List<String> userList = new ArrayList<String>();
userList.add("rangerAdmin");
List<String> groupList = new ArrayList<String>();
groupList.add("rangerGroup");
List<String> permObjList = new ArrayList<String>();
permObjList.add("Admin");
Map<String, RangerPolicyResource> resourceMap = new HashMap<String, RangerPolicyResource>();
List<String> valuesList = new ArrayList<String>();
valuesList.add("resource");
RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
rangerPolicyResource.setIsExcludes(false);
rangerPolicyResource.setIsRecursive(true);
rangerPolicyResource.setValues(valuesList);
resourceMap.put("path", rangerPolicyResource);
List<RangerPolicyItem> rangerPolicyItemList = new ArrayList<RangerPolicy.RangerPolicyItem>();
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.setUsers(userList);
rangerPolicyItem.setGroups(groupList);
List<RangerPolicyItemCondition> rangerPolicyItemConditionList = new ArrayList<RangerPolicy.RangerPolicyItemCondition>();
RangerPolicyItemCondition rangerPolicyItemCondition = new RangerPolicyItemCondition();
rangerPolicyItemCondition.setType("ipaddress");
List<String> conditionValueList = new ArrayList<String>();
conditionValueList.add("10.129.35.86");
rangerPolicyItemCondition.setValues(conditionValueList);
rangerPolicyItemConditionList.add(rangerPolicyItemCondition);
rangerPolicyItem.setConditions(rangerPolicyItemConditionList);
rangerPolicyItem.setDelegateAdmin(true);
rangerPolicyItemList.add(rangerPolicyItem);
RangerPolicy expectedRangerPolicy = new RangerPolicy();
expectedRangerPolicy.setId(1L);
expectedRangerPolicy.setName("hdfs");
expectedRangerPolicy.setCreatedBy("rangerAdmin");
expectedRangerPolicy.setCreateTime(date);
expectedRangerPolicy.setDescription("hdfs policy description");
expectedRangerPolicy.setIsAuditEnabled(true);
expectedRangerPolicy.setResources(resourceMap);
expectedRangerPolicy.setPolicyItems(rangerPolicyItemList);
VXPolicy vXPolicy = new VXPolicy();
vXPolicy.setId(1L);
vXPolicy.setCreateDate(date);
vXPolicy.setUpdateDate(date);
vXPolicy.setOwner("rangerAdmin");
vXPolicy.setUpdatedBy("rangerAdmin");
vXPolicy.setPolicyName("hdfs");
vXPolicy.setDescription("hdfs policy description");
vXPolicy.setIsEnabled(true);
vXPolicy.setIsAuditEnabled(true);
vXPolicy.setIsRecursive(true);
vXPolicy.setResourceName("resource");
RangerService service = new RangerService();
service.setId(1L);
service.setName("hdfsService");
service.setType("hdfs");
List<VXPermObj> vXPermObjList = new ArrayList<VXPermObj>();
VXPermObj vXPermObj = new VXPermObj();
vXPermObj.setUserList(userList);
vXPermObj.setGroupList(groupList);
vXPermObj.setPermList(permObjList);
vXPermObj.setIpAddress("10.129.35.86");
vXPermObjList.add(vXPermObj);
vXPolicy.setPermMapList(vXPermObjList);
RangerPolicy actualRangerPolicy = serviceUtil.toRangerPolicy(vXPolicy, service);
Assert.assertNotNull(actualRangerPolicy);
Assert.assertEquals(expectedRangerPolicy.getId(), actualRangerPolicy.getId());
Assert.assertEquals(expectedRangerPolicy.getName(), actualRangerPolicy.getName());
Assert.assertEquals(expectedRangerPolicy.getDescription(), actualRangerPolicy.getDescription());
Assert.assertEquals(expectedRangerPolicy.getCreatedBy(), actualRangerPolicy.getCreatedBy());
Assert.assertTrue(actualRangerPolicy.getIsAuditEnabled());
Assert.assertEquals(expectedRangerPolicy.getResources(), actualRangerPolicy.getResources());
Assert.assertEquals(expectedRangerPolicy.getPolicyItems(), actualRangerPolicy.getPolicyItems());
}
Example 7
| Source File: RangerCustomConditionEvaluator.java From ranger with Apache License 2.0 | 4 votes |
|
public List<RangerConditionEvaluator> getRangerPolicyConditionEvaluator(RangerPolicy policy,
RangerServiceDef serviceDef,
RangerPolicyEngineOptions options) {
List<RangerConditionEvaluator> conditionEvaluators = new ArrayList<>();
if (!getConditionsDisabledOption(options) && CollectionUtils.isNotEmpty(policy.getConditions())) {
RangerPerfTracer perf = null;
long policyId = policy.getId();
if(RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_INIT_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_INIT_LOG, "RangerCustomConditionEvaluator.init(policyId=" + policyId + ")");
}
for (RangerPolicy.RangerPolicyItemCondition condition : policy.getConditions()) {
RangerServiceDef.RangerPolicyConditionDef conditionDef = getConditionDef(condition.getType(),serviceDef);
if (conditionDef == null) {
LOG.error("RangerCustomConditionEvaluator.getRangerPolicyConditionEvaluator(policyId=" + policyId + "): conditionDef '" + condition.getType() + "' not found. Ignoring the condition");
continue;
}
RangerConditionEvaluator conditionEvaluator = newConditionEvaluator(conditionDef.getEvaluator());
if (conditionEvaluator != null) {
conditionEvaluator.setServiceDef(serviceDef);
conditionEvaluator.setConditionDef(conditionDef);
conditionEvaluator.setPolicyItemCondition(condition);
RangerPerfTracer perfConditionInit = null;
if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYCONDITION_INIT_LOG)) {
perfConditionInit = RangerPerfTracer.getPerfTracer(PERF_POLICYCONDITION_INIT_LOG, "RangerConditionEvaluator.init(policyId=" + policyId + "policyConditionType=" + condition.getType() + ")");
}
conditionEvaluator.init();
RangerPerfTracer.log(perfConditionInit);
conditionEvaluators.add(conditionEvaluator);
} else {
LOG.error("RangerCustomConditionEvaluator.getRangerPolicyConditionEvaluator(policyId=" + policyId + "): failed to init Policy ConditionEvaluator '" + condition.getType() + "'; evaluatorClassName='" + conditionDef.getEvaluator() + "'");
}
}
RangerPerfTracer.log(perf);
}
return conditionEvaluators;
}
Example 8
| Source File: RangerServiceTag.java From ranger with Apache License 2.0 | 4 votes |
|
@Override
public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceTag.getDefaultRangerPolicies() ");
}
List<RangerPolicy> ret = new ArrayList<RangerPolicy>();
boolean isConditionDefFound = false;
List<RangerServiceDef.RangerPolicyConditionDef> policyConditionDefs = serviceDef.getPolicyConditions();
if (CollectionUtils.isNotEmpty(policyConditionDefs)) {
for (RangerServiceDef.RangerPolicyConditionDef conditionDef : policyConditionDefs) {
if (conditionDef.getName().equals(RANGER_TAG_EXPIRY_CONDITION_NAME)) {
isConditionDefFound = true;
break;
}
}
}
if (isConditionDefFound) {
ret = super.getDefaultRangerPolicies();
String tagResourceName = null;
if (!serviceDef.getResources().isEmpty()) {
tagResourceName = serviceDef.getResources().get(0).getName();
for (RangerPolicy defaultPolicy : ret) {
RangerPolicy.RangerPolicyResource tagPolicyResource = defaultPolicy.getResources().get(tagResourceName);
if (tagPolicyResource != null) {
String value = RANGER_TAG_NAME_EXPIRES_ON;
tagPolicyResource.setValue(value);
defaultPolicy.setName(value);
defaultPolicy.setDescription("Policy for data with " + value + " tag");
List<RangerPolicy.RangerPolicyItem> defaultPolicyItems = defaultPolicy.getPolicyItems();
for (RangerPolicy.RangerPolicyItem defaultPolicyItem : defaultPolicyItems) {
List<String> groups = new ArrayList<String>();
groups.add(GROUP_PUBLIC);
defaultPolicyItem.setGroups(groups);
List<RangerPolicy.RangerPolicyItemCondition> policyItemConditions = new ArrayList<RangerPolicy.RangerPolicyItemCondition>();
List<String> values = new ArrayList<String>();
values.add("yes");
RangerPolicy.RangerPolicyItemCondition policyItemCondition = new RangerPolicy.RangerPolicyItemCondition(RANGER_TAG_EXPIRY_CONDITION_NAME, values);
policyItemConditions.add(policyItemCondition);
defaultPolicyItem.setConditions(policyItemConditions);
defaultPolicyItem.setDelegateAdmin(Boolean.FALSE);
}
defaultPolicy.setDenyPolicyItems(defaultPolicyItems);
defaultPolicy.setPolicyItems(null);
}
}
}
} else {
LOG.error("RangerServiceTag.getDefaultRangerPolicies() - Cannot create default TAG policy: Cannot get tagPolicyConditionDef with name=" + RANGER_TAG_EXPIRY_CONDITION_NAME);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceTag.getDefaultRangerPolicies() : " + ret);
}
return ret;
}
