Java Code Examples for org.apache.ranger.plugin.model.RangerPolicy#RangerPolicyItemAccess

@Override
public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
	if (LOG.isDebugEnabled()) {
		LOG.debug("==> RangerServiceHbase.getDefaultRangerPolicies()");
	}

	List<RangerPolicy> ret = super.getDefaultRangerPolicies();
	for (RangerPolicy defaultPolicy : ret) {
		if (defaultPolicy.getName().contains("all") && StringUtils.isNotBlank(lookUpUser)) {
			List<RangerPolicy.RangerPolicyItemAccess> accessListForLookupUser = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
			accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_READ));
			accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_CREATE));
			RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
			policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
			policyItemForLookupUser.setAccesses(accessListForLookupUser);
			policyItemForLookupUser.setDelegateAdmin(false);
			defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
		}
	}

	if (LOG.isDebugEnabled()) {
           LOG.debug("<== RangerServiceHbase.getDefaultRangerPolicies()");
       }
	return ret;
}
 

protected List<RangerPolicy.RangerPolicyItemAccess> getAllowedAccesses(Map<String, RangerPolicy.RangerPolicyResource> policyResources) {
	List<RangerPolicy.RangerPolicyItemAccess> ret = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();

	RangerServiceDef.RangerResourceDef leafResourceDef = ServiceDefUtil.getLeafResourceDef(serviceDef, policyResources);

	if (leafResourceDef != null) {
		Set<String> accessTypeRestrictions = leafResourceDef.getAccessTypeRestrictions();

		for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : serviceDef.getAccessTypes()) {
			boolean isAccessTypeAllowed = CollectionUtils.isEmpty(accessTypeRestrictions) || accessTypeRestrictions.contains(accessTypeDef.getName());

			if (isAccessTypeAllowed) {
				RangerPolicy.RangerPolicyItemAccess access = new RangerPolicy.RangerPolicyItemAccess();
				access.setType(accessTypeDef.getName());
				access.setIsAllowed(true);
				ret.add(access);
			}
		}
	}
	return ret;
}
 

private RangerPolicy.RangerPolicyItem createDefaultPolicyItem(Map<String, RangerPolicy.RangerPolicyResource> policyResources) throws Exception {

		if (LOG.isDebugEnabled()) {
			LOG.debug("==> RangerBaseService.createDefaultPolicyItem()");
		}

		RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();

		policyItem.setUsers(getUserList());
		policyItem.setGroups(getGroupList());
		List<RangerPolicy.RangerPolicyItemAccess> accesses = getAllowedAccesses(policyResources);
		policyItem.setAccesses(accesses);

		policyItem.setDelegateAdmin(true);

		if (LOG.isDebugEnabled()) {
			LOG.debug("<== RangerBaseService.createDefaultPolicyItem(): " + policyItem );
		}
		return policyItem;
	}
 

private void preprocessPolicyItems(List<? extends RangerPolicy.RangerPolicyItem> policyItems) {
    if(CollectionUtils.isNotEmpty(policyItems)) {
     for (RangerPolicy.RangerPolicyItem item : policyItems) {
         delegateAdmin = delegateAdmin || item.getDelegateAdmin();

         List<RangerPolicy.RangerPolicyItemAccess> policyItemAccesses = item.getAccesses();
         for(RangerPolicy.RangerPolicyItemAccess policyItemAccess : policyItemAccesses) {

             if (policyItemAccess.getIsAllowed()) {
                 String accessType = policyItemAccess.getType();
                 accessPerms.add(accessType);
             }
         }

         roles.addAll(item.getRoles());
         groups.addAll(item.getGroups());
         users.addAll(item.getUsers());

     }
    }
}
 

private ArrayList<RangerPolicy.RangerPolicyItemAccess> getPolicyItemAccesses() {
	ArrayList<RangerPolicy.RangerPolicyItemAccess> rangerPolicyItemAccesses = new ArrayList<>();
	for(String type:getAccessTypes()) {
		RangerPolicy.RangerPolicyItemAccess policyItemAccess = new  RangerPolicy.RangerPolicyItemAccess();
		policyItemAccess.setType(type);
		policyItemAccess.setIsAllowed(true);
		rangerPolicyItemAccesses.add(policyItemAccess);
	}
	return rangerPolicyItemAccesses;
}
 

private RangerPolicy.RangerPolicyItem createDefaultPolicyItem(List<RangerServiceDef.RangerAccessTypeDef> accessTypeDefs, List<String> users) throws Exception {

		if (LOG.isDebugEnabled()) {
			LOG.debug("==> RangerServiceTag.createDefaultPolicyItem()");
		}

		RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();

		policyItem.setUsers(users);

		List<RangerPolicy.RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();

		for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : accessTypeDefs) {
			RangerPolicy.RangerPolicyItemAccess access = new RangerPolicy.RangerPolicyItemAccess();
			access.setType(accessTypeDef.getName());
			access.setIsAllowed(true);
			accesses.add(access);
		}

		policyItem.setAccesses(accesses);
		policyItem.setDelegateAdmin(true);

		if (LOG.isDebugEnabled()) {
			LOG.debug("<== RangerServiceTag.createDefaultPolicyItem(): " + policyItem );
		}
		return policyItem;
	}
 

private ArrayList<RangerPolicy.RangerPolicyItemAccess> getPolicyItemAccesses() {
	ArrayList<RangerPolicy.RangerPolicyItemAccess> rangerPolicyItemAccesses = new ArrayList<>();
	for(String type:getAccessTypes()) {
		RangerPolicy.RangerPolicyItemAccess policyItemAccess = new  RangerPolicy.RangerPolicyItemAccess();
		policyItemAccess.setType(type);
		policyItemAccess.setIsAllowed(true);
		rangerPolicyItemAccesses.add(policyItemAccess);
	}
	return rangerPolicyItemAccesses;
}
 

static private boolean addAccesses(RangerPolicy.RangerPolicyItem policyItem, List<RangerPolicy.RangerPolicyItemAccess> accesses) {
	if (LOG.isDebugEnabled()) {
		LOG.debug("==> ServiceRESTUtil.addAccesses()");
	}

	boolean ret = false;

	for (RangerPolicy.RangerPolicyItemAccess access : accesses) {
		RangerPolicy.RangerPolicyItemAccess policyItemAccess = null;
		String accessType = access.getType();

		for (RangerPolicy.RangerPolicyItemAccess itemAccess : policyItem.getAccesses()) {
			if (StringUtils.equals(itemAccess.getType(), accessType)) {
				policyItemAccess = itemAccess;
				break;
			}
		}

		if (policyItemAccess != null) {
			if (!policyItemAccess.getIsAllowed()) {
				policyItemAccess.setIsAllowed(Boolean.TRUE);
				ret = true;
			}
		} else {
			policyItem.getAccesses().add(new RangerPolicy.RangerPolicyItemAccess(accessType, Boolean.TRUE));
			ret = true;
		}
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== ServiceRESTUtil.addAccesses() " + ret);
	}
	return ret;
}
 

static private boolean removeAccesses(RangerPolicy.RangerPolicyItem policyItem, List<RangerPolicy.RangerPolicyItemAccess> accesses) {
	if (LOG.isDebugEnabled()) {
		LOG.debug("==> ServiceRESTUtil.removeAccesses()");
	}

	boolean ret = false;

	if (policyItem != null) {
		for (RangerPolicy.RangerPolicyItemAccess access : accesses) {
			String accessType = access.getType();

			int numOfAccesses = policyItem.getAccesses().size();

			for (int i = 0; i < numOfAccesses; i++) {
				RangerPolicy.RangerPolicyItemAccess itemAccess = policyItem.getAccesses().get(i);

				if (StringUtils.equals(itemAccess.getType(), accessType)) {
					policyItem.getAccesses().remove(i);
					numOfAccesses--;
					i--;

					ret = true;
				}
			}
		}
	}
	if (LOG.isDebugEnabled()) {
		LOG.debug("<== ServiceRESTUtil.removeAccesses() " + ret);
	}
	return ret;
}
 

private HivePrivilegeInfo createHivePrivilegeInfo(HivePrincipal hivePrincipal,
												  HivePrivilegeObject.HivePrivilegeObjectType objectType,
												  String dbName,
												  String objectName,
												  String columnName,
												  List<String> partValues,
												  String aclName,
												  RangerPolicy policy) {
	HivePrivilegeInfo ret = null;
	int     creationDate  = 0;
	boolean delegateAdmin = false;

	for (RangerPolicy.RangerPolicyItem policyItem : policy.getPolicyItems()) {
		List<RangerPolicy.RangerPolicyItemAccess> policyItemAccesses = policyItem.getAccesses();
		List<String> users = policyItem.getUsers();
		List<String> groups = policyItem.getGroups();
		List<String> accessTypes = new ArrayList<>();

		for (RangerPolicy.RangerPolicyItemAccess policyItemAccess : policyItemAccesses) {
			accessTypes.add(policyItemAccess.getType());
		}

		if (accessTypes.contains(aclName.toLowerCase()) && (users.contains(hivePrincipal.getName())
				|| groups.contains(hivePrincipal.getName()))) {
			creationDate = (policy.getCreateTime() == null) ? creationDate : (int) (policy.getCreateTime().getTime()/1000);
			delegateAdmin = (policyItem.getDelegateAdmin() == null) ? delegateAdmin : policyItem.getDelegateAdmin().booleanValue();
		}
	}

	HivePrincipal grantorPrincipal = new HivePrincipal(DEFAULT_RANGER_POLICY_GRANTOR, HivePrincipal.HivePrincipalType.USER);
	HivePrivilegeObject privilegeObject = new HivePrivilegeObject(objectType, dbName, objectName, partValues, columnName);
	HivePrivilege privilege = new HivePrivilege(aclName, null);
	ret = new HivePrivilegeInfo(hivePrincipal, privilege, privilegeObject, grantorPrincipal, delegateAdmin, creationDate);

	return ret;
}
 

@Override
  public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
      if (LOG.isDebugEnabled()) {
          LOG.debug("==> RangerServiceOzone.getDefaultRangerPolicies() ");
      }

      List<RangerPolicy> ret = super.getDefaultRangerPolicies();

for (RangerPolicy defaultPolicy : ret) {
	if (defaultPolicy.getName().contains("all") && StringUtils.isNotBlank(lookUpUser)) {
			RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
			List<RangerPolicy.RangerPolicyItemAccess> accessListForLookupUser = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
			accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_READ));
			accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_WRITE));
			accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_CREATE));
			accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_LIST));
			accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_DELETE));
			accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_ALL));
			policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
			policyItemForLookupUser.setAccesses(accessListForLookupUser);
			policyItemForLookupUser.setDelegateAdmin(false);
			defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
	}
}

      if (LOG.isDebugEnabled()) {
          LOG.debug("<== RangerServiceOzone.getDefaultRangerPolicies() : " + ret);
      }
      return ret;
  }
 

public void init() {
	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerDefaultPolicyItemEvaluator(policyId=" + policyId + ", policyItem=" + policyItem + ", serviceType=" + getServiceType() + ", conditionsDisabled=" + getConditionsDisabledOption() + ")");
	}

	Set<String> accessPerms    = new HashSet<String>();

	List<RangerPolicy.RangerPolicyItemAccess> policyItemAccesses = policyItem.getAccesses();
	for(RangerPolicy.RangerPolicyItemAccess policyItemAccess : policyItemAccesses) {

		if (policyItemAccess.getIsAllowed()) {
			accessPerms.add(policyItemAccess.getType());
		}
	}

	hasAllPerms = true;
	List<RangerServiceDef.RangerAccessTypeDef> serviceAccessTypes = serviceDef.getAccessTypes();
	for (RangerServiceDef.RangerAccessTypeDef serviceAccessType : serviceAccessTypes) {
		String serviceAccessTypeName = serviceAccessType.getName();
		if (!accessPerms.contains(serviceAccessTypeName)) {
			hasAllPerms = false;
			break;
		}
	}

	RangerCustomConditionEvaluator rangerCustomConditionEvaluator = new RangerCustomConditionEvaluator();

	conditionEvaluators = rangerCustomConditionEvaluator.getPolicyItemConditionEvaluator(policy,policyItem,serviceDef,options,policyItemIndex);

	List<String> users = policyItem.getUsers();
	this.hasCurrentUser = CollectionUtils.isNotEmpty(users) && users.contains(RangerPolicyEngine.USER_CURRENT);
	this.hasResourceOwner = CollectionUtils.isNotEmpty(users) && users.contains(RangerPolicyEngine.RESOURCE_OWNER);

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerDefaultPolicyItemEvaluator(policyId=" + policyId + ", conditionsCount=" + getConditionEvaluators().size() + ")");
	}
}
 

@Test
public void testToRangerPolicyForPermGroup(){

        RangerPolicyItemCondition rpic = new RangerPolicyItemCondition();
        List<String> valuesList = new ArrayList<String>();
        valuesList.add("10.129.25.56");
        rpic.setType("ipaddress");
        rpic.setValues(valuesList);

        List<String> usersList = new ArrayList<String>();
        usersList.add("rangerAdmin");

        List<String> groupList = new ArrayList<String>();

        List<RangerPolicyItemCondition> listRPIC = new ArrayList<RangerPolicy.RangerPolicyItemCondition>();
        listRPIC.add(rpic);

        RangerPolicyItemAccess rpia = new RangerPolicyItemAccess();
        rpia.setIsAllowed(true);
        rpia.setType("drop");

        List<RangerPolicyItemAccess> listRPIA = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
        listRPIA.add(rpia);

        RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
        rangerPolicyItem.setConditions(listRPIC);
        rangerPolicyItem.setAccesses(listRPIA);
        rangerPolicyItem.setDelegateAdmin(false);
        rangerPolicyItem.setUsers(usersList);
        rangerPolicyItem.setGroups(groupList);

        List<RangerPolicyItem> listRangerPolicyItem = new ArrayList<RangerPolicy.RangerPolicyItem>();
        listRangerPolicyItem.add(rangerPolicyItem);

        RangerPolicy expectedRangerPolicy = new RangerPolicy();
        expectedRangerPolicy.setId(1L);
        expectedRangerPolicy.setName("hive Policy");
        expectedRangerPolicy.setService("hive");
        expectedRangerPolicy.setDescription("hive policy description");
        expectedRangerPolicy.setPolicyItems(listRangerPolicyItem);

        VXPermMap vXPermMap = new VXPermMap();
        vXPermMap.setId(5L);
        vXPermMap.setGroupName("myGroup");
        vXPermMap.setPermGroup("permGroup");
        vXPermMap.setUserName("rangerAdmin");
        vXPermMap.setPermType(12);
        vXPermMap.setPermFor(AppConstants.XA_PERM_FOR_USER);
        vXPermMap.setIpAddress("10.129.25.56");

        List<VXPermMap> vXPermMapList = new ArrayList<VXPermMap>();
        vXPermMapList.add(vXPermMap);


        VXAuditMap vXAuditMap = new VXAuditMap();
        vXAuditMap.setId(1L);
        vXAuditMap.setOwner("rangerAdmin");
        List<VXAuditMap> vXAuditMapList = new ArrayList<VXAuditMap>();
        vXAuditMapList.add(vXAuditMap);

        RangerService rangerService = new RangerService();
        rangerService.setName("hive");
        rangerService.setType("hive");


        VXResource resource = new VXResource();
        resource.setId(1L);
        resource.setUpdateDate(new Date());
        resource.setCreateDate(new Date());
        resource.setOwner("rangerAdmin");
        resource.setUpdatedBy("rangerAdmin");
        resource.setPolicyName("hive Policy");
        resource.setDescription("hive policy description");
        resource.setResourceStatus(RangerCommonEnums.STATUS_ENABLED);
        resource.setIsRecursive(1);
        resource.setTableType(1);
        resource.setColumnType(1);
        resource.setPermMapList(vXPermMapList);

        RangerPolicy actualRangerPolicy = serviceUtil.toRangerPolicy(resource, rangerService);

        Assert.assertNotNull(actualRangerPolicy);
        Assert.assertEquals(expectedRangerPolicy.getId(), actualRangerPolicy.getId());
        Assert.assertEquals(expectedRangerPolicy.getName(), actualRangerPolicy.getName());
        Assert.assertEquals(expectedRangerPolicy.getService(), actualRangerPolicy.getService());
        Assert.assertEquals(expectedRangerPolicy.getDescription(), actualRangerPolicy.getDescription());
        Assert.assertEquals(expectedRangerPolicy.getPolicyItems(), actualRangerPolicy.getPolicyItems());

}
 

private List<? extends RangerPolicy.RangerPolicyItem> normalizeAndPrunePolicyItems(List<? extends RangerPolicy.RangerPolicyItem> policyItems, final String componentType) {
    if(CollectionUtils.isNotEmpty(policyItems)) {
        final String                        prefix       = componentType + AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR;
        List<RangerPolicy.RangerPolicyItem> itemsToPrune = null;

        for (RangerPolicy.RangerPolicyItem policyItem : policyItems) {
            List<RangerPolicy.RangerPolicyItemAccess> policyItemAccesses = policyItem.getAccesses();

            if (CollectionUtils.isNotEmpty(policyItemAccesses)) {
                List<RangerPolicy.RangerPolicyItemAccess> accessesToPrune = null;

                for (RangerPolicy.RangerPolicyItemAccess access : policyItemAccesses) {
                    String accessType = access.getType();

                    if (StringUtils.startsWith(accessType, prefix)) {
                        String newAccessType = StringUtils.removeStart(accessType, prefix);

                        access.setType(newAccessType);
                    } else if (accessType.contains(AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR)) {
                        if(accessesToPrune == null) {
                            accessesToPrune = new ArrayList<>();
                        }

                        accessesToPrune.add(access);
                    }
                }

                if(accessesToPrune != null) {
                    policyItemAccesses.removeAll(accessesToPrune);
                }

                if (policyItemAccesses.isEmpty() && !policyItem.getDelegateAdmin()) {
                    if(itemsToPrune == null) {
                        itemsToPrune = new ArrayList<>();
                    }

                    itemsToPrune.add(policyItem);

                    continue;
                }
            }

            if (policyItem instanceof RangerPolicy.RangerDataMaskPolicyItem) {
                RangerPolicyItemDataMaskInfo dataMaskInfo = ((RangerPolicy.RangerDataMaskPolicyItem) policyItem).getDataMaskInfo();
                String                       maskType     = dataMaskInfo.getDataMaskType();

                if (StringUtils.startsWith(maskType, prefix)) {
                    dataMaskInfo.setDataMaskType(StringUtils.removeStart(maskType, prefix));
                } else if (maskType.contains(AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR)) {
                    if (itemsToPrune == null) {
                        itemsToPrune = new ArrayList<>();
                    }

                    itemsToPrune.add(policyItem);
                }
            }
        }

        if(itemsToPrune != null) {
            policyItems.removeAll(itemsToPrune);
        }
    }

    return policyItems;
}
 

static private List<RangerPolicy.RangerPolicyItem> mergePolicyItems(List<RangerPolicy.RangerPolicyItem> policyItems) {
	List<RangerPolicy.RangerPolicyItem> ret = new ArrayList<RangerPolicy.RangerPolicyItem>();

	if (CollectionUtils.isNotEmpty(policyItems)) {
		Map<String, RangerPolicy.RangerPolicyItem> matchedPolicyItems = new HashMap<String, RangerPolicy.RangerPolicyItem>();

		for (RangerPolicy.RangerPolicyItem policyItem : policyItems) {
			if((CollectionUtils.isEmpty(policyItem.getUsers()) && CollectionUtils.isEmpty(policyItem.getGroups()) && CollectionUtils.isEmpty(policyItem.getRoles())) ||
			   (CollectionUtils.isEmpty(policyItem.getAccesses()) && !policyItem.getDelegateAdmin())) {
				continue;
			}

			if (policyItem.getConditions().size() > 1) {
				ret.add(policyItem);
				continue;
			}
			TreeSet<String> accesses = new TreeSet<String>();

			for (RangerPolicy.RangerPolicyItemAccess access : policyItem.getAccesses()) {
				accesses.add(access.getType());
			}
			if (policyItem.getDelegateAdmin()) {
				accesses.add("delegateAdmin");
			}

			String allAccessesString = accesses.toString();

			RangerPolicy.RangerPolicyItem matchingPolicyItem = matchedPolicyItems.get(allAccessesString);

			if (matchingPolicyItem != null) {
				addDistinctItems(policyItem.getUsers(), matchingPolicyItem.getUsers());
				addDistinctItems(policyItem.getGroups(), matchingPolicyItem.getGroups());
				addDistinctItems(policyItem.getRoles(), matchingPolicyItem.getRoles());
			} else {
				matchedPolicyItems.put(allAccessesString, policyItem);
			}
		}

		for (Map.Entry<String, RangerPolicy.RangerPolicyItem> entry : matchedPolicyItems.entrySet()) {
			ret.add(entry.getValue());
		}
	}

	return ret;
}
 

static public boolean processGrantRequest(RangerPolicy policy, GrantRevokeRequest grantRequest) {
	if (LOG.isDebugEnabled()) {
		LOG.debug("==> ServiceRESTUtil.processGrantRequest()");
	}

	boolean policyUpdated = false;

	// replace all existing privileges for users, groups, and roles
	if (grantRequest.getReplaceExistingPermissions()) {
		policyUpdated = removeUsersGroupsAndRolesFromPolicy(policy, grantRequest.getUsers(), grantRequest.getGroups(), grantRequest.getRoles());
	}

	//Build a policy and set up policyItem in it to mimic grant request
	RangerPolicy appliedPolicy = new RangerPolicy();

	RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();

	policyItem.setDelegateAdmin(grantRequest.getDelegateAdmin());
	policyItem.getUsers().addAll(grantRequest.getUsers());
	policyItem.getGroups().addAll(grantRequest.getGroups());
	policyItem.getRoles().addAll(grantRequest.getRoles());

	List<RangerPolicy.RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();

	Set<String> accessTypes = grantRequest.getAccessTypes();
	for (String accessType : accessTypes) {
		accesses.add(new RangerPolicy.RangerPolicyItemAccess(accessType, true));
	}

	policyItem.setAccesses(accesses);

	appliedPolicy.getPolicyItems().add(policyItem);

	processApplyPolicy(policy, appliedPolicy);

	policyUpdated = true;

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== ServiceRESTUtil.processGrantRequest() : " + policyUpdated);
	}

	return policyUpdated;
}
 

private RangerPolicy getRangerPolicy(String newResource, XXPortalUser xxPortalUser, XXService xxService) {
	RangerPolicy policy = new RangerPolicy();

	List<RangerPolicy.RangerPolicyItemAccess> accesses = getPolicyItemAccesses();
	List<String> users = new ArrayList<>(DEFAULT_POLICY_USERS);
	List<String> groups = new ArrayList<>();
	List<RangerPolicy.RangerPolicyItemCondition> conditions = new ArrayList<>();
	List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<>();
	RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
	rangerPolicyItem.setAccesses(accesses);
	rangerPolicyItem.setConditions(conditions);
	rangerPolicyItem.setGroups(groups);
	rangerPolicyItem.setUsers(users);
	rangerPolicyItem.setDelegateAdmin(false);

	policyItems.add(rangerPolicyItem);

	Map<String, RangerPolicy.RangerPolicyResource> policyResource = new HashMap<>();
	RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource();
	rangerPolicyResource.setIsExcludes(false);
	rangerPolicyResource.setIsRecursive(false);
	rangerPolicyResource.setValue("*");
	String policyResourceName = KAFKA_RESOURCE_CLUSTER;
	if ("all - delegationtoken".equals(newResource)) {
		policyResourceName = KAFKA_RESOURCE_DELEGATIONTOKEN;
	}
	policyResource.put(policyResourceName, rangerPolicyResource);
	policy.setCreateTime(new Date());
	policy.setDescription(newResource);
	policy.setIsEnabled(true);
	policy.setName(newResource);
	policy.setCreatedBy(xxPortalUser.getLoginId());
	policy.setUpdatedBy(xxPortalUser.getLoginId());
	policy.setUpdateTime(new Date());
	policy.setService(xxService.getName());
	policy.setIsAuditEnabled(true);
	policy.setPolicyItems(policyItems);
	policy.setResources(policyResource);
	policy.setPolicyType(0);
	policy.setId(0L);
	policy.setGuid("");
	policy.setPolicyLabels(new ArrayList<>());
	policy.setVersion(1L);
	RangerPolicyResourceSignature resourceSignature = new RangerPolicyResourceSignature(policy);
	policy.setResourceSignature(resourceSignature.getSignature());
	return policy;
}
 

private RangerPolicy getRangerPolicy(String newResource, XXPortalUser xxPortalUser, XXService xxService) {
	RangerPolicy policy = new RangerPolicy();

	List<RangerPolicy.RangerPolicyItemAccess> accesses = getPolicyItemAccesses();
	List<String> users = new ArrayList<>(DEFAULT_POLICY_USERS);
	List<String> groups = new ArrayList<>(DEFAULT_POLICY_GROUP);
	List<RangerPolicy.RangerPolicyItemCondition> conditions = new ArrayList<>();
	List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<>();
	RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
	rangerPolicyItem.setAccesses(accesses);
	rangerPolicyItem.setConditions(conditions);
	rangerPolicyItem.setGroups(groups);
	rangerPolicyItem.setUsers(users);
	rangerPolicyItem.setDelegateAdmin(false);

	policyItems.add(rangerPolicyItem);

	Map<String, RangerPolicy.RangerPolicyResource> policyResource = new HashMap<>();
	RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource();
	rangerPolicyResource.setIsExcludes(false);
	rangerPolicyResource.setIsRecursive(false);
	rangerPolicyResource.setValue("*");
	String policyResourceName = CONSUMERGROUP_RESOURCE_NAME;
	policyResource.put(policyResourceName, rangerPolicyResource);
	policy.setCreateTime(new Date());
	policy.setDescription(newResource);
	policy.setIsEnabled(true);
	policy.setName(newResource);
	policy.setCreatedBy(xxPortalUser.getLoginId());
	policy.setUpdatedBy(xxPortalUser.getLoginId());
	policy.setUpdateTime(new Date());
	policy.setService(xxService.getName());
	policy.setIsAuditEnabled(true);
	policy.setPolicyItems(policyItems);
	policy.setResources(policyResource);
	policy.setPolicyType(0);
	policy.setId(0L);
	policy.setGuid("");
	policy.setPolicyLabels(new ArrayList<>());
	policy.setVersion(1L);
	RangerPolicyResourceSignature resourceSignature = new RangerPolicyResourceSignature(policy);
	policy.setResourceSignature(resourceSignature.getSignature());
	return policy;
}