Java Code Examples for org.apache.ranger.plugin.model.RangerPolicy#setPolicyItems()

@Test
public void testMissingResourceValue() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource();

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 

@Test
public void testExcludesPolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
    resource1.setIsExcludes(true);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 

@Test
public void testExcludesPolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);
    resource1.setIsExcludes(true);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 

private RangerPolicy rangerPolicy(Long id) {
	List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
	List<String> users = new ArrayList<String>();
	List<String> groups = new ArrayList<String>();
	List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>();
	List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
	RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
	rangerPolicyItem.setAccesses(accesses);
	rangerPolicyItem.setConditions(conditions);
	rangerPolicyItem.setGroups(groups);
	rangerPolicyItem.setUsers(users);
	rangerPolicyItem.setDelegateAdmin(false);

	policyItems.add(rangerPolicyItem);

	Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>();
	RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
	rangerPolicyResource.setIsExcludes(true);
	rangerPolicyResource.setIsRecursive(true);
	rangerPolicyResource.setValue("1");
	rangerPolicyResource.setValues(users);
	policyResource.put("resource", rangerPolicyResource);
	RangerPolicy policy = new RangerPolicy();
	policy.setId(id);
	policy.setCreateTime(new Date());
	policy.setDescription("policy");
	policy.setGuid("policyguid");
	policy.setIsEnabled(true);
	policy.setName("HDFS_1-1-20150316062453");
	policy.setUpdatedBy("Admin");
	policy.setUpdateTime(new Date());
	policy.setService("HDFS_1-1-20150316062453");
	policy.setIsAuditEnabled(true);
	policy.setPolicyItems(policyItems);
	policy.setResources(policyResource);
	policy.setService("HDFS_1");

	return policy;
}
 

@Test
public void testDelegateAdmin() {
    final String user1 = "user-1";

    final String resourceIdentifier1 = "/resource-1";
    RangerPolicy.RangerPolicyResource resource1 = new RangerPolicy.RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicy.RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicy.RangerPolicyItem policy1Item = new RangerPolicy.RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicy.RangerPolicyItemAccess("READ"), new RangerPolicy.RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
    policy1Item.setDelegateAdmin(true);

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi-registry");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi-registry", "nifi-registry");
    pluginWithPolicies.setPolicies(servicePolicies);

    assertEquals(4, pluginWithPolicies.getAccessPolicies().size());
    assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
    assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
    assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.READ));
    assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.WRITE));
}
 

private static RangerPolicy createPolicyFromTemplate(String template, long policyId, boolean isAllowed) {
	RangerPolicy rangerPolicy = buildGson().fromJson(template, RangerPolicy.class);
	rangerPolicy.setId(policyId);
	rangerPolicy.setName(String.format("generated policyname #%s", policyId));
	rangerPolicy.setResources(createRangerPolicyResourceMap(isAllowed));
	rangerPolicy.setPolicyItems(createPolicyItems(isAllowed));
	return rangerPolicy;
}
 

private RangerPolicy getPolicyForKMSAudit(List<RangerServiceDef.RangerResourceDef> resourceHierarchy) throws Exception {

		if (LOG.isDebugEnabled()) {
			LOG.debug("==> RangerServiceHdfs.getPolicyForKMSAudit()");
		}

		RangerPolicy policy = new RangerPolicy();

		policy.setIsEnabled(true);
		policy.setVersion(1L);
		policy.setName(AUDITTOHDFS_POLICY_NAME);
		policy.setService(service.getName());
		policy.setDescription("Policy for " + AUDITTOHDFS_POLICY_NAME);
		policy.setIsAuditEnabled(true);
		policy.setResources(createKMSAuditResource(resourceHierarchy));

		List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<RangerPolicy.RangerPolicyItem>();
		//Create policy item for keyadmin
		RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
		List<String> userKeyAdmin = new ArrayList<String>();
		userKeyAdmin.add("keyadmin");
		policyItem.setUsers(userKeyAdmin);
		policyItem.setAccesses(getAllowedAccesses(policy.getResources()));
		policyItem.setDelegateAdmin(false);

		policyItems.add(policyItem);
		policy.setPolicyItems(policyItems);

		if (LOG.isDebugEnabled()) {
			LOG.debug("<== RangerServiceHdfs.getPolicyForKMSAudit()" + policy);
		}

		return policy;
	}
 

private RangerPolicy createDefaultDBPolicy() {
	RangerPolicy defaultDBPolicy = new RangerPolicy();

	defaultDBPolicy.setName(DEFAULT_DB_POLICYNAME);
	defaultDBPolicy.setService(serviceName);
	defaultDBPolicy.setResources(createDefaultDBPolicyResource());
	defaultDBPolicy.setPolicyItems(createDefaultDBPolicyItem());

	return defaultDBPolicy;
}
 

@Test
public void testRecursivePolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
    resource1.setIsRecursive(true);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 

private RangerPolicy rangerPolicy1() {
	List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
	List<String> users = new ArrayList<String>();
	List<String> groups = new ArrayList<String>();
	List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>();
	List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
	RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
	rangerPolicyItem.setAccesses(accesses);
	rangerPolicyItem.setConditions(conditions);
	rangerPolicyItem.setGroups(groups);
	rangerPolicyItem.setUsers(users);
	rangerPolicyItem.setDelegateAdmin(false);

	policyItems.add(rangerPolicyItem);

	Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>();
	RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
	rangerPolicyResource.setIsExcludes(true);
	rangerPolicyResource.setIsRecursive(true);
	rangerPolicyResource.setValue("2");
	rangerPolicyResource.setValues(users);
	policyResource.put("resource", rangerPolicyResource);
	RangerPolicy policy = new RangerPolicy();
	policy.setId(Id2);
	policy.setCreateTime(new Date());
	policy.setDescription("policy");
	policy.setGuid("policyguid");
	policy.setIsEnabled(true);
	policy.setName("HDFS_1-1-20150316062454");
	policy.setUpdatedBy("Admin");
	policy.setUpdateTime(new Date());
	policy.setService("HDFS_1-1-20150316062454");
	policy.setIsAuditEnabled(true);
	policy.setPolicyItems(policyItems);
	policy.setResources(policyResource);
	policy.setService("HDFS_2");

	return policy;
}
 

private RangerPolicy rangerPolicy() {
	List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
	List<String> users = new ArrayList<String>();
	List<String> groups = new ArrayList<String>();
	List<String> policyLabels = new ArrayList<String>();
	List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>();
	List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
	RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
	rangerPolicyItem.setAccesses(accesses);
	rangerPolicyItem.setConditions(conditions);
	rangerPolicyItem.setGroups(groups);
	rangerPolicyItem.setUsers(users);
	rangerPolicyItem.setDelegateAdmin(false);

	policyItems.add(rangerPolicyItem);

	Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>();
	RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
	rangerPolicyResource.setIsExcludes(true);
	rangerPolicyResource.setIsRecursive(true);
	rangerPolicyResource.setValue("1");
	rangerPolicyResource.setValues(users);
	RangerPolicy policy = new RangerPolicy();
	policy.setId(userId);
	policy.setCreateTime(new Date());
	policy.setDescription("policy");
	policy.setGuid("policyguid");
	policy.setIsEnabled(true);
	policy.setName("HDFS_1-1-20150316062453");
	policy.setUpdatedBy("Admin");
	policy.setUpdateTime(new Date());
	policy.setService("HDFS_1-1-20150316062453");
	policy.setIsAuditEnabled(true);
	policy.setPolicyItems(policyItems);
	policy.setResources(policyResource);
	policy.setPolicyLabels(policyLabels);
	return policy;
}
 

private RangerPolicy getDefaultPolicy(List<RangerServiceDef.RangerResourceDef> resourceHierarchy) throws Exception {

		if (LOG.isDebugEnabled()) {
			LOG.debug("==> RangerBaseService.getDefaultPolicy()");
		}

		RangerPolicy policy = new RangerPolicy();

		String policyName=buildPolicyName(resourceHierarchy);

		policy.setIsEnabled(true);
		policy.setVersion(1L);
		policy.setName(policyName);
		policy.setService(service.getName());
		policy.setDescription("Policy for " + policyName);
		policy.setIsAuditEnabled(true);
		policy.setResources(createDefaultPolicyResource(resourceHierarchy));

		List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<RangerPolicy.RangerPolicyItem>();
		//Create Default policy item for the service user
		RangerPolicy.RangerPolicyItem policyItem = createDefaultPolicyItem(policy.getResources());
		policyItems.add(policyItem);
		policy.setPolicyItems(policyItems);

		if (LOG.isDebugEnabled()) {
			LOG.debug("<== RangerBaseService.getDefaultPolicy()" + policy);
		}

		return policy;
	}
 

@Test
public void testWildcardResourceValue() {
    final String resourceIdentifier1 = "*";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
 

@Test
public void test40applyPolicy() {
	RangerPolicy existingPolicy = rangerPolicy();
	RangerPolicy appliedPolicy = rangerPolicy();

               List<RangerPolicyItem> policyItem = new ArrayList<RangerPolicyItem>();
               existingPolicy.setPolicyItems(policyItem );
	appliedPolicy.setPolicyItems(null);

	Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
	RangerPolicyResource rangerPolicyResource = new RangerPolicyResource("/tmp");
	rangerPolicyResource.setIsExcludes(true);
	rangerPolicyResource.setIsRecursive(true);
	policyResources.put("path", rangerPolicyResource);

	existingPolicy.setResources(policyResources);
	appliedPolicy.setResources(policyResources);

	RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("read", true));
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("write", true));
	rangerPolicyItem.getGroups().add("group1");
	rangerPolicyItem.getGroups().add("group2");
	rangerPolicyItem.getUsers().add("user1");
	rangerPolicyItem.getUsers().add("user2");
	rangerPolicyItem.setDelegateAdmin(true);

	existingPolicy.getPolicyItems().add(rangerPolicyItem);

	rangerPolicyItem = new RangerPolicyItem();
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
	rangerPolicyItem.getGroups().add("group1");
	rangerPolicyItem.getGroups().add("public");
	rangerPolicyItem.getUsers().add("user1");
	rangerPolicyItem.getUsers().add("finance");
	rangerPolicyItem.setDelegateAdmin(false);

	appliedPolicy.getPolicyItems().add(rangerPolicyItem);

	String existingPolicyStr = existingPolicy.toString();
	System.out.println("existingPolicy=" + existingPolicyStr);

	ServiceRESTUtil.processApplyPolicy(existingPolicy, appliedPolicy);

	String resultPolicyStr = existingPolicy.toString();
	System.out.println("resultPolicy=" + resultPolicyStr);

	assert(true);
}
 

@Test
public void testToRangerPolicy(){
        Date date = new Date();

        List<String> userList = new ArrayList<String>();
        userList.add("rangerAdmin");

        List<String> groupList = new ArrayList<String>();
        groupList.add("rangerGroup");

        List<String> permObjList = new ArrayList<String>();
        permObjList.add("Admin");

        Map<String, RangerPolicyResource> resourceMap = new HashMap<String, RangerPolicyResource>();
        List<String> valuesList = new ArrayList<String>();
        valuesList.add("resource");

        RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
        rangerPolicyResource.setIsExcludes(false);
        rangerPolicyResource.setIsRecursive(true);
        rangerPolicyResource.setValues(valuesList);

        resourceMap.put("path", rangerPolicyResource);

        List<RangerPolicyItem> rangerPolicyItemList = new ArrayList<RangerPolicy.RangerPolicyItem>();
        RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
        rangerPolicyItem.setUsers(userList);
        rangerPolicyItem.setGroups(groupList);

        List<RangerPolicyItemCondition> rangerPolicyItemConditionList = new ArrayList<RangerPolicy.RangerPolicyItemCondition>();
        RangerPolicyItemCondition rangerPolicyItemCondition = new RangerPolicyItemCondition();
        rangerPolicyItemCondition.setType("ipaddress");
        List<String> conditionValueList = new ArrayList<String>();
        conditionValueList.add("10.129.35.86");
        rangerPolicyItemCondition.setValues(conditionValueList);
        rangerPolicyItemConditionList.add(rangerPolicyItemCondition);
        rangerPolicyItem.setConditions(rangerPolicyItemConditionList);
        rangerPolicyItem.setDelegateAdmin(true);

        rangerPolicyItemList.add(rangerPolicyItem);

        RangerPolicy expectedRangerPolicy = new RangerPolicy();
        expectedRangerPolicy.setId(1L);
        expectedRangerPolicy.setName("hdfs");
        expectedRangerPolicy.setCreatedBy("rangerAdmin");
        expectedRangerPolicy.setCreateTime(date);
        expectedRangerPolicy.setDescription("hdfs policy description");
        expectedRangerPolicy.setIsAuditEnabled(true);
        expectedRangerPolicy.setResources(resourceMap);
        expectedRangerPolicy.setPolicyItems(rangerPolicyItemList);

        VXPolicy vXPolicy = new VXPolicy();
        vXPolicy.setId(1L);
        vXPolicy.setCreateDate(date);
        vXPolicy.setUpdateDate(date);
        vXPolicy.setOwner("rangerAdmin");
        vXPolicy.setUpdatedBy("rangerAdmin");
        vXPolicy.setPolicyName("hdfs");
        vXPolicy.setDescription("hdfs policy description");
        vXPolicy.setIsEnabled(true);
        vXPolicy.setIsAuditEnabled(true);
        vXPolicy.setIsRecursive(true);
        vXPolicy.setResourceName("resource");

        RangerService service = new RangerService();
        service.setId(1L);
        service.setName("hdfsService");
        service.setType("hdfs");

        List<VXPermObj> vXPermObjList = new ArrayList<VXPermObj>();
        VXPermObj vXPermObj = new VXPermObj();
        vXPermObj.setUserList(userList);
        vXPermObj.setGroupList(groupList);
        vXPermObj.setPermList(permObjList);

        vXPermObj.setIpAddress("10.129.35.86");

        vXPermObjList.add(vXPermObj);

        vXPolicy.setPermMapList(vXPermObjList);

        RangerPolicy actualRangerPolicy = serviceUtil.toRangerPolicy(vXPolicy, service);

        Assert.assertNotNull(actualRangerPolicy);
        Assert.assertEquals(expectedRangerPolicy.getId(), actualRangerPolicy.getId());
        Assert.assertEquals(expectedRangerPolicy.getName(), actualRangerPolicy.getName());
        Assert.assertEquals(expectedRangerPolicy.getDescription(), actualRangerPolicy.getDescription());
        Assert.assertEquals(expectedRangerPolicy.getCreatedBy(), actualRangerPolicy.getCreatedBy());
        Assert.assertTrue(actualRangerPolicy.getIsAuditEnabled());
        Assert.assertEquals(expectedRangerPolicy.getResources(), actualRangerPolicy.getResources());
        Assert.assertEquals(expectedRangerPolicy.getPolicyItems(), actualRangerPolicy.getPolicyItems());
}
 

@Test
public void testPoliciesWithoutUserGroupProvider() {
    final String user1 = "user-1";
    final String group1 = "group-1";

    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);

    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);

    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
    policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));

    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));

    final String resourceIdentifier2 = "/resource-2";
    RangerPolicyResource resource2 = new RangerPolicyResource(resourceIdentifier2);

    final Map<String, RangerPolicyResource> policy2Resources = new HashMap<>();
    policy2Resources.put(resourceIdentifier2, resource2);

    final RangerPolicyItem policy2Item = new RangerPolicyItem();
    policy2Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ"), new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    policy2Item.setGroups(Stream.of(group1).collect(Collectors.toList()));

    final RangerPolicy policy2 = new RangerPolicy();
    policy2.setResources(policy2Resources);
    policy2.setPolicyItems(Stream.of(policy2Item).collect(Collectors.toList()));

    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);
    policies.add(policy2);

    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");

    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);

    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);

    // ensure the two ranger policies converted into 3 nifi access policies
    final Set<AccessPolicy> accessPolicies = pluginWithPolicies.getAccessPolicies();
    assertEquals(3, accessPolicies.size());

    // resource 1 -> read but no write
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));

    // read
    final AccessPolicy readResource1 = pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ);
    assertNotNull(readResource1);
    assertTrue(accessPolicies.contains(readResource1));
    assertTrue(readResource1.equals(pluginWithPolicies.getAccessPolicy(readResource1.getIdentifier())));
    assertEquals(1, readResource1.getUsers().size());
    assertTrue(readResource1.getUsers().contains(new User.Builder().identifierGenerateFromSeed(user1).identity(user1).build().getIdentifier()));
    assertTrue(readResource1.getGroups().isEmpty());

    // but no write
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));

    // resource 2 -> read and write
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.READ));

    // read
    final AccessPolicy readResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
    assertNotNull(readResource2);
    assertTrue(accessPolicies.contains(readResource2));
    assertTrue(readResource2.equals(pluginWithPolicies.getAccessPolicy(readResource2.getIdentifier())));
    assertTrue(readResource2.getUsers().isEmpty());
    assertEquals(1, readResource2.getGroups().size());
    assertTrue(readResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));

    // and write
    final AccessPolicy writeResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
    assertNotNull(writeResource2);
    assertTrue(accessPolicies.contains(writeResource2));
    assertTrue(writeResource2.equals(pluginWithPolicies.getAccessPolicy(writeResource2.getIdentifier())));
    assertTrue(writeResource2.getUsers().isEmpty());
    assertEquals(1, writeResource2.getGroups().size());
    assertTrue(writeResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));

    // resource 3 -> no read or write
    assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.WRITE));
    assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.READ));

    // no read or write
    assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.WRITE));
    assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.READ));
}
 

static private void compactPolicy(RangerPolicy policy) {
	policy.setPolicyItems(mergePolicyItems(policy.getPolicyItems()));
	policy.setDenyPolicyItems(mergePolicyItems(policy.getDenyPolicyItems()));
	policy.setAllowExceptions(mergePolicyItems(policy.getAllowExceptions()));
	policy.setDenyExceptions(mergePolicyItems(policy.getDenyExceptions()));
}
 

private RangerPolicy mapXResourceToPolicy(RangerPolicy policy, XXResource xRes, RangerService service) {
	String serviceName = service.getName();
	String serviceType = service.getType();
	String name = xRes.getPolicyName();
	String description = xRes.getDescription();
	Boolean isAuditEnabled = true;
	Boolean isEnabled = true;
	Map<String, RangerPolicyResource> resources = new HashMap<String, RangerPolicyResource>();
	List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();

	XXServiceDef svcDef = daoMgr.getXXServiceDef().findByName(serviceType);
	
	if(svcDef == null) {
		logger.error(serviceType + ": service-def not found. Skipping policy '" + name + "'");

		return null;
	}

	List<XXAuditMap> auditMapList = daoMgr.getXXAuditMap().findByResourceId(xRes.getId());
	if (stringUtil.isEmpty(auditMapList)) {
		isAuditEnabled = false;
	}
	if (xRes.getResourceStatus() == AppConstants.STATUS_DISABLED) {
		isEnabled = false;
	}

	Boolean isPathRecursive  = xRes.getIsRecursive() == RangerCommonEnums.BOOL_TRUE;
	Boolean isTableExcludes  = xRes.getTableType() == RangerCommonEnums.POLICY_EXCLUSION;
	Boolean isColumnExcludes = xRes.getColumnType() == RangerCommonEnums.POLICY_EXCLUSION;

	if (StringUtils.equalsIgnoreCase(serviceType, "hdfs")) {
		toRangerResourceList(xRes.getName(), "path", Boolean.FALSE, isPathRecursive, resources);
	} else if (StringUtils.equalsIgnoreCase(serviceType, "hbase")) {
		toRangerResourceList(xRes.getTables(), "table", isTableExcludes, Boolean.FALSE, resources);
		toRangerResourceList(xRes.getColumnFamilies(), "column-family", Boolean.FALSE, Boolean.FALSE, resources);
		toRangerResourceList(xRes.getColumns(), "column", isColumnExcludes, Boolean.FALSE, resources);
	} else if (StringUtils.equalsIgnoreCase(serviceType, "hive")) {
		toRangerResourceList(xRes.getDatabases(), "database", Boolean.FALSE, Boolean.FALSE, resources);
		toRangerResourceList(xRes.getTables(), "table", isTableExcludes, Boolean.FALSE, resources);
		toRangerResourceList(xRes.getColumns(), "column", isColumnExcludes, Boolean.FALSE, resources);
		toRangerResourceList(xRes.getUdfs(), "udf", Boolean.FALSE, Boolean.FALSE, resources);
	} else if (StringUtils.equalsIgnoreCase(serviceType, "knox")) {
		toRangerResourceList(xRes.getTopologies(), "topology", Boolean.FALSE, Boolean.FALSE, resources);
		toRangerResourceList(xRes.getServices(), "service", Boolean.FALSE, Boolean.FALSE, resources);
	} else if (StringUtils.equalsIgnoreCase(serviceType, "storm")) {
		toRangerResourceList(xRes.getTopologies(), "topology", Boolean.FALSE, Boolean.FALSE, resources);
	}

	policyItems = getPolicyItemListForRes(xRes, svcDef);

	policy.setService(serviceName);
	policy.setName(name);
	policy.setDescription(description);
	policy.setIsAuditEnabled(isAuditEnabled);
	policy.setIsEnabled(isEnabled);
	policy.setResources(resources);
	policy.setPolicyItems(policyItems);

	policy.setCreateTime(xRes.getCreateTime());
	policy.setUpdateTime(xRes.getUpdateTime());

	XXPortalUser createdByUser = daoMgr.getXXPortalUser().getById(xRes.getAddedByUserId());
	XXPortalUser updByUser = daoMgr.getXXPortalUser().getById(xRes.getUpdatedByUserId());

	if (createdByUser != null) {
		policy.setCreatedBy(createdByUser.getLoginId());
	}
	if (updByUser != null) {
		policy.setUpdatedBy(updByUser.getLoginId());
	}

	policy.setId(xRes.getId());

	return policy;
}
 

private RangerPolicy getRangerPolicy(String newResource, XXPortalUser xxPortalUser, XXService xxService) {
	RangerPolicy policy = new RangerPolicy();

	List<RangerPolicy.RangerPolicyItemAccess> accesses = getPolicyItemAccesses();
	List<String> users = new ArrayList<>(DEFAULT_POLICY_USERS);
	List<String> groups = new ArrayList<>(DEFAULT_POLICY_GROUP);
	List<RangerPolicy.RangerPolicyItemCondition> conditions = new ArrayList<>();
	List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<>();
	RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
	rangerPolicyItem.setAccesses(accesses);
	rangerPolicyItem.setConditions(conditions);
	rangerPolicyItem.setGroups(groups);
	rangerPolicyItem.setUsers(users);
	rangerPolicyItem.setDelegateAdmin(false);

	policyItems.add(rangerPolicyItem);

	Map<String, RangerPolicy.RangerPolicyResource> policyResource = new HashMap<>();
	RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource();
	rangerPolicyResource.setIsExcludes(false);
	rangerPolicyResource.setIsRecursive(false);
	rangerPolicyResource.setValue("*");
	String policyResourceName = CONSUMERGROUP_RESOURCE_NAME;
	policyResource.put(policyResourceName, rangerPolicyResource);
	policy.setCreateTime(new Date());
	policy.setDescription(newResource);
	policy.setIsEnabled(true);
	policy.setName(newResource);
	policy.setCreatedBy(xxPortalUser.getLoginId());
	policy.setUpdatedBy(xxPortalUser.getLoginId());
	policy.setUpdateTime(new Date());
	policy.setService(xxService.getName());
	policy.setIsAuditEnabled(true);
	policy.setPolicyItems(policyItems);
	policy.setResources(policyResource);
	policy.setPolicyType(0);
	policy.setId(0L);
	policy.setGuid("");
	policy.setPolicyLabels(new ArrayList<>());
	policy.setVersion(1L);
	RangerPolicyResourceSignature resourceSignature = new RangerPolicyResourceSignature(policy);
	policy.setResourceSignature(resourceSignature.getSignature());
	return policy;
}
 

@Test
public void test43revoke() {
	RangerPolicy existingPolicy = rangerPolicy();

               List<RangerPolicyItem> policyItem = new ArrayList<RangerPolicyItem>();
               existingPolicy.setPolicyItems(policyItem );

	Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
	RangerPolicyResource rangerPolicyResource = new RangerPolicyResource("/tmp");
	rangerPolicyResource.setIsExcludes(true);
	rangerPolicyResource.setIsRecursive(true);
	policyResources.put("path", rangerPolicyResource);

	existingPolicy.setResources(policyResources);

	RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("read", true));
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("write", true));
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("lock", true));
	rangerPolicyItem.getGroups().add("group1");
	rangerPolicyItem.getGroups().add("group2");
	rangerPolicyItem.getUsers().add("user1");
	rangerPolicyItem.getUsers().add("user2");
	rangerPolicyItem.setDelegateAdmin(true);

	existingPolicy.getPolicyItems().add(rangerPolicyItem);

	rangerPolicyItem = new RangerPolicyItem();
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("read", true));
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("write", true));
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("lock", true));
	rangerPolicyItem.getGroups().add("group3");
	rangerPolicyItem.getUsers().add("user3");
	rangerPolicyItem.setDelegateAdmin(true);

	existingPolicy.getPolicyItems().add(rangerPolicyItem);

	rangerPolicyItem = new RangerPolicyItem();
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("lock", true));
	rangerPolicyItem.getGroups().add("group1");
	rangerPolicyItem.getGroups().add("group2");
	rangerPolicyItem.getUsers().add("user1");
	rangerPolicyItem.getUsers().add("user2");
	rangerPolicyItem.setDelegateAdmin(false);

	existingPolicy.getAllowExceptions().add(rangerPolicyItem);

	rangerPolicyItem = new RangerPolicyItem();
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
	rangerPolicyItem.getGroups().add("group2");
	rangerPolicyItem.getUsers().add("user2");
	rangerPolicyItem.setDelegateAdmin(false);

	existingPolicy.getDenyPolicyItems().add(rangerPolicyItem);

	rangerPolicyItem = new RangerPolicyItem();
	rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("index", true));
	rangerPolicyItem.getGroups().add("public");
	rangerPolicyItem.getUsers().add("user");
	rangerPolicyItem.setDelegateAdmin(false);

	existingPolicy.getDenyPolicyItems().add(rangerPolicyItem);

	GrantRevokeRequest revokeRequestObj = new GrantRevokeRequest();
	Map<String, String> resource = new HashMap<String, String>();
	resource.put("path", "/tmp");
	revokeRequestObj.setResource(resource);

	revokeRequestObj.getUsers().add("user1");
	revokeRequestObj.getGroups().add("group1");

	revokeRequestObj.getAccessTypes().add("delete");
	revokeRequestObj.getAccessTypes().add("index");

	revokeRequestObj.setDelegateAdmin(true);

	revokeRequestObj.setEnableAudit(true);
	revokeRequestObj.setIsRecursive(true);

	revokeRequestObj.setGrantor("test43Revoke");

	String existingPolicyStr = existingPolicy.toString();
	System.out.println("existingPolicy=" + existingPolicyStr);

	ServiceRESTUtil.processRevokeRequest(existingPolicy, revokeRequestObj);

	String resultPolicyStr = existingPolicy.toString();
	System.out.println("resultPolicy=" + resultPolicyStr);

	assert(true);
}