Java Code Examples for org.apache.ranger.plugin.policyengine.RangerAccessRequest

The following examples show how to use org.apache.ranger.plugin.policyengine.RangerAccessRequest. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Override
public boolean matches(Object o) {
    if (!(o instanceof RangerAccessRequest)) {
        return false;
    }

    final RangerAccessRequest other = (RangerAccessRequest) o;

    final boolean clientIpsMatch = (other.getClientIPAddress() == null && request.getClientIPAddress() == null)
            || (other.getClientIPAddress() != null && request.getClientIPAddress() != null && other.getClientIPAddress().equals(request.getClientIPAddress()));

    return other.getResource().equals(request.getResource())
            && other.getAccessType().equals(request.getAccessType())
            && other.getAction().equals(request.getAction())
            && other.getUser().equals(request.getUser())
            && clientIpsMatch;
}
 
Example 2
@Override
public boolean isMatched(RangerAccessRequest request) {
	if (LOG.isDebugEnabled()) {
		LOG.debug("==> RangerAccessedNotFromClusterTypeCondition.isMatched(" + condition + ")");
	}

	final boolean ret;

	if (isAlwaysTrue || request.getClusterType() == null) {
		ret = true;
	} else {
		ret = !condition.getValues().contains(request.getClusterType());
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== RangerAccessedNotFromClusterTypeCondition.isMatched(" + condition + "): " + ret);
	}

	return ret;
}
 
Example 3
Source Project: ranger   Source File: RangerIpMatcher.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Extracts and returns the ip address from the request.  Returns null if one can't be obtained out of the request.
 * @param request
 * @return
 */
String extractIp(final RangerAccessRequest request) {
	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerIpMatcher.extractIp(" + request+ ")");
	}

	String ip = null;
	if (request == null) {
		LOG.debug("isMatched: Unexpected: null request object!");
	} else {
		ip = request.getClientIPAddress();
		if (ip == null) {
			LOG.debug("isMatched: Unexpected: Client ip in request object is null!");
		}
	}

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerIpMatcher.extractIp(" + request+ "): " + ip);
	}
	return ip;
}
 
Example 4
Source Project: ranger   Source File: RangerPolicyEnginePerformanceTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void policyEngineTest() throws InterruptedException {
	List<RangerAccessRequest> requests = requestsCache.getUnchecked(concurrency);
	ServicePolicies servicePolicies = servicePoliciesCache.getUnchecked(numberOfPolicies);
	RangerPluginContext pluginContext = new RangerPluginContext(new RangerPluginConfig("hive", null, "perf-test", "cl1", "on-prem", RangerPolicyFactory.createPolicyEngineOption()));
	final RangerPolicyEngineImpl rangerPolicyEngine = new RangerPolicyEngineImpl(servicePolicies, pluginContext, null);

	for (int iterations = 0; iterations < WARM_UP__ITERATIONS; iterations++) {
		// using return value of 'isAccessAllowed' with a cheap operation: System#identityHashCode so JIT wont remove it as dead code
		System.identityHashCode(rangerPolicyEngine.evaluatePolicies(requests.get(iterations % concurrency), RangerPolicy.POLICY_TYPE_ACCESS, null));
		PerfDataRecorder.clearStatistics();
	}

	final CountDownLatch latch = new CountDownLatch(concurrency);
	for (int i = 0; i < concurrency; i++) {
		final RangerAccessRequest rangerAccessRequest = requests.get(i);
		new Thread(new Runnable() {
			@Override
			public void run() {
				System.identityHashCode(rangerPolicyEngine.evaluatePolicies(rangerAccessRequest, RangerPolicy.POLICY_TYPE_ACCESS, null));
				latch.countDown();
			}
		}, String.format("Client #%s", i)).start();
	}
	latch.await();
}
 
Example 5
Source Project: ranger   Source File: RangerSampleCountryProvider.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void enrich(RangerAccessRequest request) {
	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerSampleCountryProvider.enrich(" + request + ")");
	}
	
	if(request != null && userCountryMap != null) {
		Map<String, Object> context = request.getContext();
		String              country = userCountryMap.getProperty(request.getUser());

		if(context != null && !StringUtils.isEmpty(country)) {
			request.getContext().put(contextName, country);
		} else {
			if(LOG.isDebugEnabled()) {
				LOG.debug("RangerSampleCountryProvider.enrich(): skipping due to unavailable context or country. context=" + context + "; country=" + country);
			}
		}
	}

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerSampleCountryProvider.enrich(" + request + ")");
	}
}
 
Example 6
Source Project: ranger   Source File: RangerSampleProjectProvider.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void enrich(RangerAccessRequest request) {
	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerSampleProjectProvider.enrich(" + request + ")");
	}
	
	if(request != null && userProjectMap != null && request.getUser() != null) {
		Map<String, Object> context = request.getContext();
		String              project = userProjectMap.getProperty(request.getUser());

		if(context != null && !StringUtils.isEmpty(project)) {
			request.getContext().put(contextName, project);
		} else {
			if(LOG.isDebugEnabled()) {
				LOG.debug("RangerSampleProjectProvider.enrich(): skipping due to unavailable context or project. context=" + context + "; project=" + project);
			}
		}
	}

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerSampleProjectProvider.enrich(" + request + ")");
	}
}
 
Example 7
Source Project: ranger   Source File: RangerSimpleMatcher.java    License: Apache License 2.0 6 votes vote down vote up
String extractValue(final RangerAccessRequest request, String key) {
	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerSimpleMatcher.extractValue(" + request+ ")");
	}

	String value = null;
	if (request == null) {
		LOG.debug("isMatched: Unexpected: null request.  Returning null!");
	} else if (request.getContext() == null) {
		LOG.debug("isMatched: Context map of request is null.  Ok. Returning null!");
	} else if (CollectionUtils.isEmpty(request.getContext().entrySet())) {
		LOG.debug("isMatched: Missing context on request.  Ok. Condition isn't applicable.  Returning null!");
	} else if (!request.getContext().containsKey(key)) {
		if (LOG.isDebugEnabled()) {
			LOG.debug("isMatched: Unexpected: Context did not have data for condition[" + key + "]. Returning null!");
		}
	} else {
		value = (String)request.getContext().get(key);
	}

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerSimpleMatcher.extractValue(" + request+ "): " + value);
	}
	return value;
}
 
Example 8
String extractValue(final RangerAccessRequest request, String key) {
	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerPolicyConditionSampleSimpleMatcher.extractValue(" + request+ ")");
	}

	String value = null;
	if (request == null) {
		LOG.debug("isMatched: Unexpected: null request.  Returning null!");
	} else if (request.getContext() == null) {
		LOG.debug("isMatched: Context map of request is null.  Ok. Returning null!");
	} else if (CollectionUtils.isEmpty(request.getContext().entrySet())) {
		LOG.debug("isMatched: Missing context on request.  Ok. Condition isn't applicable.  Returning null!");
	} else if (!request.getContext().containsKey(key)) {
		if (LOG.isDebugEnabled()) {
			LOG.debug("isMatched: Unexpected: Context did not have data for condition[" + key + "]. Returning null!");
		}
	} else {
		value = (String)request.getContext().get(key);
	}

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerPolicyConditionSampleSimpleMatcher.extractValue(" + request+ "): " + value);
	}
	return value;
}
 
Example 9
Source Project: ranger   Source File: RangerSampleSimpleMatcher.java    License: Apache License 2.0 6 votes vote down vote up
String extractValue(final RangerAccessRequest request, String key) {
	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerSampleSimpleMatcher.extractValue(" + request+ ")");
	}

	String value = null;
	if (request == null) {
		LOG.debug("isMatched: Unexpected: null request.  Returning null!");
	} else if (request.getContext() == null) {
		LOG.debug("isMatched: Context map of request is null.  Ok. Returning null!");
	} else if (CollectionUtils.isEmpty(request.getContext().entrySet())) {
		LOG.debug("isMatched: Missing context on request.  Ok. Condition isn't applicable.  Returning null!");
	} else if (!request.getContext().containsKey(key)) {
		if (LOG.isDebugEnabled()) {
			LOG.debug("isMatched: Unexpected: Context did not have data for condition[" + key + "]. Returning null!");
		}
	} else {
		value = (String)request.getContext().get(key);
	}

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerSampleSimpleMatcher.extractValue(" + request+ "): " + value);
	}
	return value;
}
 
Example 10
Source Project: ranger   Source File: StormRangerPlugin.java    License: Apache License 2.0 6 votes vote down vote up
public RangerAccessRequest buildAccessRequest(String _user, String[] _groups, String _clientIp, String _topology, String _operation) {
	
	RangerAccessRequestImpl request = new RangerAccessRequestImpl();
	request.setUser(_user);
	if (_groups != null && _groups.length > 0) {
		Set<String> groups = Sets.newHashSet(_groups);
		request.setUserGroups(groups);
	}

	request.setAccessType(getAccessType(_operation));
	request.setClientIPAddress(_clientIp);
	request.setAction(_operation);
	// build resource and connect stuff into request
	RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
	resource.setValue(ResourceName.Topology, _topology);
	request.setResource(resource);
	
	if (LOG.isDebugEnabled()) {
		LOG.debug("Returning request: " + request.toString());
	}
	
	return request;
}
 
Example 11
Source Project: ranger   Source File: KnoxRangerPlugin.java    License: Apache License 2.0 6 votes vote down vote up
RangerAccessRequest build() {
	// build resource
	RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
	resource.setValue(ResourceName.Service, _service);
	resource.setValue(ResourceName.Topology, _topology);
	// build request
	RangerAccessRequestImpl request = new RangerAccessRequestImpl();
	request.setAction(AccessType.Allow);
	request.setAccessType(AccessType.Allow);
	request.setClientIPAddress(_clientIp);
	request.setUser(_user);
	request.setUserGroups(_groups);
	request.setResource(resource);
	request.setRemoteIPAddress(_remoteIp);
	request.setForwardedAddresses(_forwardedAddresses);
	return request;
}
 
Example 12
Source Project: ranger   Source File: RangerDefaultPolicyEvaluator.java    License: Apache License 2.0 6 votes vote down vote up
private void getResourceAccessInfo(RangerAccessRequest request, List<? extends RangerPolicyItemEvaluator> policyItems, Set<String> users, Set<String> groups) {
	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerDefaultPolicyEvaluator.getResourceAccessInfo(" + request + ", " + policyItems + ", " + users + ", " + groups + ")");
	}

	if (CollectionUtils.isNotEmpty(policyItems)) {
		for (RangerPolicyItemEvaluator policyItemEvaluator : policyItems) {
			if (policyItemEvaluator.matchAccessType(request.getAccessType()) && policyItemEvaluator.matchCustomConditions(request)) {
				if (CollectionUtils.isNotEmpty(policyItemEvaluator.getPolicyItem().getUsers())) {
					users.addAll(policyItemEvaluator.getPolicyItem().getUsers());
				}

				if (CollectionUtils.isNotEmpty(policyItemEvaluator.getPolicyItem().getGroups())) {
					groups.addAll(policyItemEvaluator.getPolicyItem().getGroups());
				}
			}
		}
	}

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerDefaultPolicyEvaluator.getResourceAccessInfo(" + request + ", " + policyItems + ", " + users + ", " + groups + ")");
	}
}
 
Example 13
Source Project: ranger   Source File: RangerOptimizedPolicyEvaluator.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected boolean hasMatchablePolicyItem(RangerAccessRequest request) {
    boolean ret = false;

    if (hasPublicGroup || hasCurrentUser || isOwnerMatch(request) || users.contains(request.getUser()) || CollectionUtils.containsAny(groups, request.getUserGroups()) || (CollectionUtils.isNotEmpty(roles) && CollectionUtils.containsAny(roles, RangerAccessRequestUtil.getCurrentUserRolesFromContext(request.getContext())))) {
        if(request.isAccessTypeDelegatedAdmin()) {
            ret = delegateAdmin;
        } else if(hasAllPerms) {
            ret = true;
        } else {
            ret = request.isAccessTypeAny() || accessPerms.contains(request.getAccessType());
        }
    }

    return ret;
}
 
Example 14
Source Project: ranger   Source File: RangerIpMatcher.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public boolean isMatched(final RangerAccessRequest request) {
	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerIpMatcher.isMatched(" + request + ")");
	}

	boolean ipMatched = true;
	if (_allowAny) {
		LOG.debug("isMatched: allowAny flag is true.  Matched!");
	} else {
		String requestIp = extractIp(request);
		if (requestIp == null) {
			LOG.debug("isMatched: couldn't get ip address from request.  Ok.  Implicitly matched!");
		} else {
			ipMatched = isWildcardMatched(_wildCardIps, requestIp) || isExactlyMatched(_exactIps, requestIp);
		}
	}
	
	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerIpMatcher.isMatched(" + request+ "): " + ipMatched);
	}

	return ipMatched;
}
 
Example 15
@Override
public boolean isMatched(RangerAccessRequest request) {

	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerNoneOfExpectedTagsPresentConditionEvaluator.isMatched(" + request + ")");
	}

	boolean matched = true;

	RangerAccessRequest readOnlyRequest = request.getReadOnlyCopy();
	RangerScriptExecutionContext context = new RangerScriptExecutionContext(readOnlyRequest);
	Set<String> resourceTags = context.getAllTagTypes();

	if (resourceTags != null) {
		// check if resource Tags does not contain any tags in the policy condition
		matched = (Collections.disjoint(resourceTags, policyConditionTags));
	}

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerNoneOfExpectedTagsPresentConditionEvaluator.isMatched(" + request+ "): " + matched);
	}

	return matched;
}
 
Example 16
Source Project: ranger   Source File: RangerUserStoreEnricher.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void enrich(RangerAccessRequest request, Object dataStore) {

    // Unused by Solr plugin as document level authorization gets RangerUserStore from AuthContext
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerUserStoreEnricher.enrich(" + request + ") with dataStore:[" + dataStore + "]");
    }
    final RangerUserStore rangerUserStore;

    if (dataStore instanceof RangerUserStore) {
        rangerUserStore = (RangerUserStore) dataStore;
    } else {
        rangerUserStore = this.rangerUserStore;

        if (dataStore != null) {
            LOG.warn("Incorrect type of dataStore :[" + dataStore.getClass().getName() + "], falling back to original enrich");
        }
    }

    RangerAccessRequestUtil.setRequestUserStoreInContext(request.getContext(), rangerUserStore);

    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerUserStoreEnricher.enrich(" + request + ") with dataStore:[" + dataStore + "])");
    }
}
 
Example 17
@Override
public boolean isMatched(RangerAccessRequest request) {
	if (LOG.isDebugEnabled()) {
		LOG.debug("==> RangerContextAttributeValueInCondition.isMatched(" + condition + ")");
	}

	boolean ret = true;

	if(attributeName != null && condition != null && CollectionUtils.isNotEmpty(condition.getValues())) {
		Object val = request.getContext().get(attributeName);

		if(val != null) {
			ret = condition.getValues().contains(val);
		}
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== RangerContextAttributeValueInCondition.isMatched(" + condition + "): " + ret);
	}

	return ret;
}
 
Example 18
@Override
public boolean isMatched(final RangerAccessRequest request) {
	boolean ret = true;

	if (LOG.isDebugEnabled()) {
		LOG.debug("==> RangerHiveResourcesNotAccessedTogetherCondition.isMatched(" + request + ")");
	}

	if (isInitialized && CollectionUtils.isNotEmpty(matchers)) {
		RangerRequestedResources resources = RangerAccessRequestUtil.getRequestedResourcesFromContext(request.getContext());

		ret = resources == null || resources.isMutuallyExcluded(matchers, request.getContext());
	} else {
		LOG.error("RangerHiveResourcesNotAccessedTogetherCondition.isMatched() - Enforcer is not initialized correctly, Mutual Exclusion will NOT be enforced");
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== RangerHiveResourcesNotAccessedTogetherCondition.isMatched(" + request + ")" + ", result=" + ret);
	}

	return ret;
}
 
Example 19
@Override
public boolean isMatched(RangerAccessRequest request) {
	if (LOG.isDebugEnabled()) {
		LOG.debug("==> RangerContextAttributeValueNotInCondition.isMatched(" + condition + ")");
	}

	boolean ret = true;

	if(attributeName != null && condition != null && CollectionUtils.isNotEmpty(condition.getValues())) {
		Object val = request.getContext().get(attributeName);

		if(val != null) {
			ret = !condition.getValues().contains(val);
		}
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== RangerContextAttributeValueNotInCondition.isMatched(" + condition + "): " + ret);
	}

	return ret;
}
 
Example 20
@Override
public boolean isMatched(final RangerAccessRequest request) {
	boolean ret = true;

	if (LOG.isDebugEnabled()) {
		LOG.debug("==> RangerHiveResourcesAccessedTogetherCondition.isMatched(" + request + ")");
	}

	if (isInitialized && CollectionUtils.isNotEmpty(matchers)) {
		RangerRequestedResources resources = RangerAccessRequestUtil.getRequestedResourcesFromContext(request.getContext());

		ret = resources != null && !resources.isMutuallyExcluded(matchers, request.getContext());
	} else {
		LOG.error("RangerHiveResourcesAccessedTogetherCondition.isMatched() - condition is not initialized correctly and will NOT be enforced");
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== RangerHiveResourcesAccessedTogetherCondition.isMatched(" + request + ")" + ", result=" + ret);
	}

	return ret;
}
 
Example 21
@Override
public boolean isMatched(RangerAccessRequest request) {

	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerTagsAllPresentConditionEvaluator.isMatched(" + request + ")");
	}

	boolean matched = true;

	if (CollectionUtils.isNotEmpty(policyConditionTags))  {
		RangerAccessRequest			 readOnlyRequest = request.getReadOnlyCopy();
		RangerScriptExecutionContext context         = new RangerScriptExecutionContext(readOnlyRequest);
		Set<String>                  resourceTags    = context.getAllTagTypes();

		// check if resource Tags  atleast have to have all the tags in policy Condition
		matched = resourceTags != null && resourceTags.containsAll(policyConditionTags);
	}

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerTagsAllPresentConditionEvaluator.isMatched(" + request+ "): " + matched);
	}

	return matched;
}
 
Example 22
@Override
public boolean isMatched(RangerAccessRequest request) {
	if (LOG.isDebugEnabled()) {
		LOG.debug("==> RangerScriptTemplateConditionEvaluator.isMatched()");
	}

	boolean ret = super.isMatched(request);

	if(reverseResult) {
		ret = !ret;
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== RangerScriptTemplateConditionEvaluator.isMatched(): ret=" + ret);
	}

	return ret;
}
 
Example 23
Source Project: ranger   Source File: RangerAccessedFromClusterCondition.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public boolean isMatched(RangerAccessRequest request) {
	if (LOG.isDebugEnabled()) {
		LOG.debug("==> RangerAccessedFromClusterCondition.isMatched(" + condition + ")");
	}

	final boolean ret;

	if (isAlwaysTrue || request.getClusterName() == null) {
		ret = isAlwaysTrue;
	} else {
		ret = condition.getValues().contains(request.getClusterName());
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== RangerAccessedFromClusterCondition.isMatched(" + condition + "): " + ret);
	}

	return ret;
}
 
Example 24
@Override
public boolean isMatched(RangerAccessRequest request) {
	if (LOG.isDebugEnabled()) {
		LOG.debug("==> RangerAccessedFromClusterTypeCondition.isMatched(" + condition + ")");
	}

	final boolean ret;

	if (isAlwaysTrue || request.getClusterType() == null) {
		ret = isAlwaysTrue;
	} else {
		ret = condition.getValues().contains(request.getClusterType());
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== RangerAccessedFromClusterTypeCondition.isMatched(" + condition + "): " + ret);
	}

	return ret;
}
 
Example 25
@Override
public boolean isMatched(RangerAccessRequest request) {
	if (LOG.isDebugEnabled()) {
		LOG.debug("==> RangerAccessedNotFromClusterCondition.isMatched(" + condition + ")");
	}

	final boolean ret;

	if (isAlwaysTrue || request.getClusterName() == null) {
		ret = true;
	} else {
		ret = !condition.getValues().contains(request.getClusterName());
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== RangerAccessedNotFromClusterCondition.isMatched(" + condition + "): " + ret);
	}

	return ret;
}
 
Example 26
Source Project: nifi   Source File: TestRangerNiFiAuthorizer.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public boolean matches(RangerAccessRequest argument) {
    if (argument == null) {
        return false;
    }

    final boolean clientIpsMatch = (argument.getClientIPAddress() == null && request.getClientIPAddress() == null)
            || (argument.getClientIPAddress() != null && request.getClientIPAddress() != null && argument.getClientIPAddress().equals(request.getClientIPAddress()));

    return argument.getResource().equals(request.getResource())
            && argument.getAccessType().equals(request.getAccessType())
            && argument.getAction().equals(request.getAction())
            && argument.getUser().equals(request.getUser())
            && clientIpsMatch;
}
 
Example 27
Source Project: ranger   Source File: RangerSolrAuditHandler.java    License: Apache License 2.0 5 votes vote down vote up
private boolean isAuditingNeeded(final RangerAccessResult result) {
    boolean                  ret       = true;
    RangerAccessRequest      request   = result.getAccessRequest();
    RangerAccessResourceImpl resource  = (RangerAccessResourceImpl) request.getResource();
    String resourceName                = (String) resource.getValue(RangerSolrAuthorizer.KEY_COLLECTION);
    String requestUser                 = request.getUser();
    if (resourceName != null && resourceName.equals(RANGER_AUDIT_COLLECTION) && excludeUsers.contains(requestUser)) {
       ret = false;
    }
    return ret;
}
 
Example 28
Source Project: ranger   Source File: RangerPolicyFactory.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Generates and returns a list of {@link RangerAccessRequest requests}
 * @param nubmerOfRequests the number of requests to generate.
 * @return
 */
public static List<RangerAccessRequest> createAccessRequests(int nubmerOfRequests) {
	List<RangerAccessRequest> result = Lists.newArrayList();
	Gson gson = buildGson();
	String template = readResourceFile("/testdata/single-request-template.json");
	for (int i = 0; i < nubmerOfRequests; i++) {
		RangerAccessRequestImpl accessRequest = gson.fromJson(template, RangerAccessRequestImpl.class);
		result.add(mutate(accessRequest, isAllowed()));
	}
	return result;
}
 
Example 29
Source Project: ranger   Source File: RangerPolicyFactory.java    License: Apache License 2.0 5 votes vote down vote up
private static RangerAccessRequest mutate(RangerAccessRequest template, boolean shouldEvaluateToTrue) {
	RangerAccessRequestImpl accessRequest = (RangerAccessRequestImpl) template;
	accessRequest.setResource(new RangerAccessResourceImpl(createResourceElements(shouldEvaluateToTrue)));
	accessRequest.setAccessType(pickOneRandomly(ALWAYS_ALLOWED_ACCESS_TYPES ));
	accessRequest.setRequestData(null);
	accessRequest.setUser(pickOneRandomly(KNOWN_USERS));
	return accessRequest;
}
 
Example 30
Source Project: ranger   Source File: RangerPolicyFactory.java    License: Apache License 2.0 5 votes vote down vote up
private static Gson buildGson() {
	GsonBuilder gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z");
	return gsonBuilder
			.registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer(gsonBuilder))
			.registerTypeAdapter(RangerAccessResource.class, new RangerResourceDeserializer(gsonBuilder))
			.setPrettyPrinting().create();
}