Examples with RangerPluginConfig org.apache.ranger.authorization.hadoop.config.RangerPluginConfig used on opensource projects

Example 6 with RangerPluginConfig

use of org.apache.ranger.authorization.hadoop.config.RangerPluginConfig in project ranger by apache.

the class RangerAdminUserStoreRetriever method init.

@Override
public void init(Map<String, String> options) {
    if (StringUtils.isNotBlank(serviceName) && serviceDef != null && StringUtils.isNotBlank(appId)) {
        RangerPluginConfig pluginConfig = super.pluginConfig;
        if (pluginConfig == null) {
            pluginConfig = new RangerPluginConfig(serviceDef.getName(), serviceName, appId, null, null, null);
        }
        RangerPluginContext pluginContext = getPluginContext();
        RangerAdminClient rangerAdmin = pluginContext.getAdminClient();
        this.adminClient = (rangerAdmin != null) ? rangerAdmin : pluginContext.createAdminClient(pluginConfig);
    } else {
        LOG.error("FATAL: Cannot find service/serviceDef to use for retrieving userstore. Will NOT be able to retrieve userstore.");
    }
}

Example 7 with RangerPluginConfig

use of org.apache.ranger.authorization.hadoop.config.RangerPluginConfig in project ranger by apache.

the class PerfTestEngine method init.

public boolean init() {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> init()");
    }
    boolean ret = false;
    Gson gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
    Reader reader = null;
    ServicePolicies servicePolicies;
    try {
        InputStream in = servicePoliciesFileURL.openStream();
        reader = new InputStreamReader(in, Charset.forName("UTF-8"));
        servicePolicies = gsonBuilder.fromJson(reader, ServicePolicies.class);
        RangerServiceDef serviceDef = servicePolicies.getServiceDef();
        String serviceType = (serviceDef != null) ? serviceDef.getName() : "";
        rangerPluginContext = new RangerPluginContext(new RangerPluginConfig(serviceType, null, "perf-test", null, null, policyEngineOptions));
        rangerPluginContext.getConfig().addResource(configFileURL);
        policyEvaluationEngine = new RangerPolicyEngineImpl(servicePolicies, rangerPluginContext, null);
        ret = true;
    } catch (Exception excp) {
        LOG.error("Error opening service-policies file or loading service-policies from file, URL=" + servicePoliciesFileURL, excp);
    } finally {
        if (reader != null) {
            try {
                reader.close();
            } catch (Exception excp) {
                LOG.error("Error closing file", excp);
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== init() : " + ret);
    }
    return ret;
}

Example 8 with RangerPluginConfig

use of org.apache.ranger.authorization.hadoop.config.RangerPluginConfig in project ranger by apache.

the class RangerPolicyAdminCache method addPolicyAdmin.

private RangerPolicyAdmin addPolicyAdmin(ServicePolicies policies, RangerRoles roles, RangerPolicyEngineOptions options) {
    RangerServiceDef serviceDef = policies.getServiceDef();
    String serviceType = (serviceDef != null) ? serviceDef.getName() : "";
    RangerPluginContext rangerPluginContext = new RangerPluginContext(new RangerPluginConfig(serviceType, null, "ranger-admin", null, null, options));
    return new RangerPolicyAdminImpl(policies, rangerPluginContext, roles);
}

Example 9 with RangerPluginConfig

use of org.apache.ranger.authorization.hadoop.config.RangerPluginConfig in project ranger by apache.

the class TestPolicyEngine method runTests.

private void runTests(InputStreamReader reader, String testName) {
    try {
        PolicyEngineTestCase testCase = gsonBuilder.fromJson(reader, PolicyEngineTestCase.class);
        assertTrue("invalid input: " + testName, testCase != null && testCase.serviceDef != null && testCase.policies != null && testCase.tests != null);
        ServicePolicies servicePolicies = new ServicePolicies();
        servicePolicies.setServiceName(testCase.serviceName);
        servicePolicies.setServiceDef(testCase.serviceDef);
        servicePolicies.setPolicies(testCase.policies);
        RangerPolicyEngineOptions policyEngineOptions = new RangerPolicyEngineOptions();
        RangerPluginContext pluginContext = new RangerPluginContext(new RangerPluginConfig("hbase", null, testName, "cl1", "on-prem", policyEngineOptions));
        RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl(servicePolicies, pluginContext, null);
        RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler(pluginContext.getConfig());
        for (TestData test : testCase.tests) {
            RangerAccessResult expected = test.result;
            RangerAccessRequest request = test.request;
            RangerAccessResult result = policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_ACCESS, auditHandler);
            assertNotNull("result was null! - " + test.name, result);
            assertEquals("isAllowed mismatched! - " + test.name, expected.getIsAllowed(), result.getIsAllowed());
            assertEquals("isAudited mismatched! - " + test.name, expected.getIsAudited(), result.getIsAudited());
            assertEquals("policyId mismatched! - " + test.name, expected.getPolicyId(), result.getPolicyId());
        }
    } catch (Throwable excp) {
        excp.printStackTrace();
    }
}

Example 10 with RangerPluginConfig

use of org.apache.ranger.authorization.hadoop.config.RangerPluginConfig in project ranger by apache.

the class TestPolicyDb method runTests.

private void runTests(InputStreamReader reader, String testName, RangerServiceDef serviceDef) {
    PolicyDbTestCase testCase = gsonBuilder.fromJson(reader, PolicyDbTestCase.class);
    if (serviceDef != null) {
        // Override serviceDef in the json test-file with a global service-def
        testCase.servicePolicies.setServiceDef(serviceDef);
    }
    assertTrue("invalid input: " + testName, testCase != null && testCase.servicePolicies != null && testCase.tests != null && testCase.servicePolicies.getPolicies() != null);
    RangerPolicyEngineOptions policyEngineOptions = new RangerPolicyEngineOptions();
    policyEngineOptions.evaluatorType = RangerPolicyEvaluator.EVALUATOR_TYPE_OPTIMIZED;
    policyEngineOptions.cacheAuditResults = false;
    policyEngineOptions.disableContextEnrichers = true;
    policyEngineOptions.disableCustomConditions = true;
    RangerPluginContext pluginContext = new RangerPluginContext(new RangerPluginConfig("hive", null, "test-policydb", "cl1", "on-prem", policyEngineOptions));
    RangerPolicyAdmin policyAdmin = new RangerPolicyAdminImpl(testCase.servicePolicies, pluginContext, null);
    for (TestData test : testCase.tests) {
        boolean expected = test.result;
        if (test.allowedPolicies != null) {
            List<RangerPolicy> allowedPolicies = policyAdmin.getAllowedUnzonedPolicies(test.user, test.userGroups, test.accessType);
            assertEquals("allowed-policy count mismatch!", test.allowedPolicies.size(), allowedPolicies.size());
            Set<Long> allowedPolicyIds = new HashSet<>();
            for (RangerPolicy allowedPolicy : allowedPolicies) {
                allowedPolicyIds.add(allowedPolicy.getId());
            }
            assertEquals("allowed-policy list mismatch!", test.allowedPolicies, allowedPolicyIds);
        } else {
            boolean result = policyAdmin.isAccessAllowedByUnzonedPolicies(test.resources, test.user, test.userGroups, test.accessType);
            assertEquals("isAccessAllowed mismatched! - " + test.name, expected, result);
        }
    }
}