use of org.apache.nifi.authorization.UserGroupProviderInitializationContext in project nifi by apache.
the class TestRangerBasePluginWithPolicies method testPoliciesWithUserGroupProvider.
@Test
public void testPoliciesWithUserGroupProvider() {
// unknown according to user group provider
final String user1 = "user-1";
// known according to user group provider
final String user2 = "user-2";
// unknown according to user group provider
final String group1 = "group-1";
// known according to user group provider
final String group2 = "group-2";
final UserGroupProvider userGroupProvider = new UserGroupProvider() {
@Override
public Set<User> getUsers() throws AuthorizationAccessException {
return Stream.of(new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build()).collect(Collectors.toSet());
}
@Override
public User getUser(String identifier) throws AuthorizationAccessException {
final User u2 = new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build();
if (u2.getIdentifier().equals(identifier)) {
return u2;
} else {
return null;
}
}
@Override
public User getUserByIdentity(String identity) throws AuthorizationAccessException {
if (user2.equals(identity)) {
return new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build();
} else {
return null;
}
}
@Override
public Set<Group> getGroups() throws AuthorizationAccessException {
return Stream.of(new Group.Builder().identifierGenerateFromSeed(group2).name(group2).build()).collect(Collectors.toSet());
}
@Override
public Group getGroup(String identifier) throws AuthorizationAccessException {
final Group g2 = new Group.Builder().identifierGenerateFromSeed(group2).name(group2).build();
if (g2.getIdentifier().equals(identifier)) {
return g2;
} else {
return null;
}
}
@Override
public UserAndGroups getUserAndGroups(String identity) throws AuthorizationAccessException {
if (user2.equals(identity)) {
return new UserAndGroups() {
@Override
public User getUser() {
return new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build();
}
@Override
public Set<Group> getGroups() {
return Collections.EMPTY_SET;
}
};
} else {
return null;
}
}
@Override
public void initialize(UserGroupProviderInitializationContext initializationContext) throws AuthorizerCreationException {
}
@Override
public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
}
@Override
public void preDestruction() throws AuthorizerDestructionException {
}
};
final String resourceIdentifier1 = "/resource-1";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
policy1Item.setGroups(Stream.of(group2).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final String resourceIdentifier2 = "/resource-2";
RangerPolicyResource resource2 = new RangerPolicyResource(resourceIdentifier2);
final Map<String, RangerPolicyResource> policy2Resources = new HashMap<>();
policy2Resources.put(resourceIdentifier2, resource2);
final RangerPolicyItem policy2Item = new RangerPolicyItem();
policy2Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ"), new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
policy2Item.setUsers(Stream.of(user2).collect(Collectors.toList()));
policy2Item.setGroups(Stream.of(group1).collect(Collectors.toList()));
final RangerPolicy policy2 = new RangerPolicy();
policy2.setResources(policy2Resources);
policy2.setPolicyItems(Stream.of(policy2Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
policies.add(policy2);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi", userGroupProvider);
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the two ranger policies converted into 3 nifi access policies
final Set<AccessPolicy> accessPolicies = pluginWithPolicies.getAccessPolicies();
assertEquals(3, accessPolicies.size());
// resource 1 -> read but no write
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));
// read
final AccessPolicy readResource1 = pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ);
assertNotNull(readResource1);
assertTrue(accessPolicies.contains(readResource1));
assertTrue(readResource1.equals(pluginWithPolicies.getAccessPolicy(readResource1.getIdentifier())));
assertTrue(readResource1.getUsers().isEmpty());
assertEquals(1, readResource1.getGroups().size());
assertTrue(readResource1.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group2).name(group2).build().getIdentifier()));
// but no write
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
// resource 2 -> read and write
assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.WRITE));
assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.READ));
// read
final AccessPolicy readResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
assertNotNull(readResource2);
assertTrue(accessPolicies.contains(readResource2));
assertTrue(readResource2.equals(pluginWithPolicies.getAccessPolicy(readResource2.getIdentifier())));
assertEquals(1, readResource2.getUsers().size());
assertTrue(readResource2.getUsers().contains(new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build().getIdentifier()));
assertTrue(readResource2.getGroups().isEmpty());
// and write
final AccessPolicy writeResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
assertNotNull(writeResource2);
assertTrue(accessPolicies.contains(writeResource2));
assertTrue(writeResource2.equals(pluginWithPolicies.getAccessPolicy(writeResource2.getIdentifier())));
assertEquals(1, writeResource2.getUsers().size());
assertTrue(writeResource2.getUsers().contains(new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build().getIdentifier()));
assertTrue(writeResource2.getGroups().isEmpty());
}
use of org.apache.nifi.authorization.UserGroupProviderInitializationContext in project nifi by apache.
the class LdapUserGroupProviderTest method setup.
@Before
public void setup() {
final UserGroupProviderInitializationContext initializationContext = mock(UserGroupProviderInitializationContext.class);
when(initializationContext.getIdentifier()).thenReturn("identifier");
ldapUserGroupProvider = new LdapUserGroupProvider();
ldapUserGroupProvider.setNiFiProperties(getNiFiProperties(new Properties()));
ldapUserGroupProvider.initialize(initializationContext);
}
Aggregations