Example 11 with RangerPluginConfig
use of org.apache.ranger.authorization.hadoop.config.RangerPluginConfig in project ranger by apache.
the class RangerPolicyEngineImpl method isSuperUser.
private boolean isSuperUser(String userName, Set<String> userGroups) {
boolean ret = serviceConfig.isSuperUser(userName);
if (!ret) {
RangerPluginConfig pluginConfig = policyEngine.getPluginContext().getConfig();
ret = pluginConfig.isSuperUser(userName);
if (!ret && userGroups != null && userGroups.size() > 0) {
ret = serviceConfig.hasSuperGroup(userGroups) || pluginConfig.hasSuperGroup(userGroups);
}
}
return ret;
}
Also used :
RangerPluginConfig(org.apache.ranger.authorization.hadoop.config.RangerPluginConfig)
Example 12 with RangerPluginConfig
use of org.apache.ranger.authorization.hadoop.config.RangerPluginConfig in project ranger by apache.
the class RangerPolicyEnginePerformanceTest method policyEngineTest.
@Test
public void policyEngineTest() throws InterruptedException {
List<RangerAccessRequest> requests = requestsCache.getUnchecked(concurrency);
ServicePolicies servicePolicies = servicePoliciesCache.getUnchecked(numberOfPolicies);
RangerPluginContext pluginContext = new RangerPluginContext(new RangerPluginConfig("hive", null, "perf-test", "cl1", "on-prem", RangerPolicyFactory.createPolicyEngineOption()));
final RangerPolicyEngineImpl rangerPolicyEngine = new RangerPolicyEngineImpl(servicePolicies, pluginContext, null);
for (int iterations = 0; iterations < WARM_UP__ITERATIONS; iterations++) {
// using return value of 'isAccessAllowed' with a cheap operation: System#identityHashCode so JIT wont remove it as dead code
System.identityHashCode(rangerPolicyEngine.evaluatePolicies(requests.get(iterations % concurrency), RangerPolicy.POLICY_TYPE_ACCESS, null));
PerfDataRecorder.clearStatistics();
}
final CountDownLatch latch = new CountDownLatch(concurrency);
for (int i = 0; i < concurrency; i++) {
final RangerAccessRequest rangerAccessRequest = requests.get(i);
new Thread(new Runnable() {
@Override
public void run() {
System.identityHashCode(rangerPolicyEngine.evaluatePolicies(rangerAccessRequest, RangerPolicy.POLICY_TYPE_ACCESS, null));
latch.countDown();
}
}, String.format("Client #%s", i)).start();
}
latch.await();
}
Also used :
RangerPolicyEngineImpl(org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl)
RangerPluginConfig(org.apache.ranger.authorization.hadoop.config.RangerPluginConfig)
ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies)
RangerPluginContext(org.apache.ranger.plugin.policyengine.RangerPluginContext)
CountDownLatch(java.util.concurrent.CountDownLatch)
RangerAccessRequest(org.apache.ranger.plugin.policyengine.RangerAccessRequest)
Test(org.junit.Test)
Example 13 with RangerPluginConfig
use of org.apache.ranger.authorization.hadoop.config.RangerPluginConfig in project ranger by apache.
the class RangerYarnAuditHandler method init.
@Override
public void init(Configuration conf) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerYarnAuthorizer.init()");
}
RangerYarnPlugin plugin = yarnPlugin;
if (plugin == null) {
synchronized (RangerYarnAuthorizer.class) {
plugin = yarnPlugin;
if (plugin == null) {
plugin = new RangerYarnPlugin();
plugin.init();
yarnPlugin = plugin;
}
}
}
RangerPluginConfig pluginConfig = yarnPlugin.getConfig();
this.yarnAuthEnabled = pluginConfig.getBoolean(RangerHadoopConstants.RANGER_ADD_YARN_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_YARN_PERMISSION_DEFAULT);
this.yarnModuleName = pluginConfig.get(RangerHadoopConstants.AUDITLOG_YARN_MODULE_ACL_NAME_PROP, RangerHadoopConstants.DEFAULT_YARN_MODULE_ACL_NAME);
pluginConfig.setIsFallbackSupported(this.yarnAuthEnabled);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerYarnAuthorizer.init()");
}
}
Also used :
RangerPluginConfig(org.apache.ranger.authorization.hadoop.config.RangerPluginConfig)
Example 14 with RangerPluginConfig
use of org.apache.ranger.authorization.hadoop.config.RangerPluginConfig in project ranger by apache.
the class RangerTagEnricher method createLock.
protected RangerReadWriteLock createLock() {
String propertyPrefix = "ranger.plugin." + serviceDef.getName();
RangerPluginConfig config = getPluginConfig();
boolean deltasEnabled = config != null && config.getBoolean(propertyPrefix + RangerCommonConstants.PLUGIN_CONFIG_SUFFIX_TAG_DELTA, RangerCommonConstants.PLUGIN_CONFIG_SUFFIX_TAG_DELTA_DEFAULT);
boolean inPlaceUpdatesEnabled = config != null && config.getBoolean(propertyPrefix + RangerCommonConstants.PLUGIN_CONFIG_SUFFIX_IN_PLACE_TAG_UPDATES, RangerCommonConstants.PLUGIN_CONFIG_SUFFIX_IN_PLACE_TAG_UPDATES_DEFAULT);
boolean useReadWriteLock = deltasEnabled && inPlaceUpdatesEnabled;
LOG.info("Policy-Engine will" + (useReadWriteLock ? " " : " not ") + "use read-write locking to update tags in place when tag-deltas are provided");
return new RangerReadWriteLock(useReadWriteLock);
}
Also used :
RangerPluginConfig(org.apache.ranger.authorization.hadoop.config.RangerPluginConfig)
RangerReadWriteLock(org.apache.ranger.plugin.util.RangerReadWriteLock)
Example 15 with RangerPluginConfig
use of org.apache.ranger.authorization.hadoop.config.RangerPluginConfig in project ranger by apache.
the class TestPolicyEngine method setUpBeforeClass.
@BeforeClass
public static void setUpBeforeClass() throws Exception {
pluginContext = new RangerPluginContext(new RangerPluginConfig("hive", null, "hive", "cl1", "on-prem", null));
gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSSZ").setPrettyPrinting().registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer()).registerTypeAdapter(RangerAccessResource.class, new RangerResourceDeserializer()).create();
// For setting up auditProvider
Properties auditProperties = new Properties();
String AUDIT_PROPERTIES_FILE = "xasecure-audit.properties";
File propFile = new File(AUDIT_PROPERTIES_FILE);
if (propFile.exists()) {
System.out.println("Loading Audit properties file" + AUDIT_PROPERTIES_FILE);
auditProperties.load(new FileInputStream(propFile));
} else {
System.out.println("Audit properties file missing: " + AUDIT_PROPERTIES_FILE);
// Set this to true to enable audit logging
auditProperties.setProperty("xasecure.audit.is.enabled", "false");
auditProperties.setProperty("xasecure.audit.log4j.is.enabled", "false");
auditProperties.setProperty("xasecure.audit.log4j.is.async", "false");
auditProperties.setProperty("xasecure.audit.log4j.async.max.queue.size", "100000");
auditProperties.setProperty("xasecure.audit.log4j.async.max.flush.interval.ms", "30000");
}
AuditProviderFactory factory = AuditProviderFactory.getInstance();
// second parameter does not matter for v2
factory.init(auditProperties, "hdfs");
AuditHandler provider = factory.getAuditProvider();
System.out.println("provider=" + provider.toString());
File file = File.createTempFile("ranger-admin-test-site", ".xml");
file.deleteOnExit();
FileOutputStream outStream = new FileOutputStream(file);
OutputStreamWriter writer = new OutputStreamWriter(outStream);
/*
// For setting up TestTagProvider
writer.write("<configuration>\n" +
" <property>\n" +
" <name>ranger.plugin.tag.policy.rest.url</name>\n" +
" <value>http://os-def:6080</value>\n" +
" </property>\n" +
" <property>\n" +
" <name>ranger.externalurl</name>\n" +
" <value>http://os-def:6080</value>\n" +
" </property>\n" +
"</configuration>\n");
*/
writer.write("<configuration>\n" + // For setting up x-forwarded-for for Hive
" <property>\n" + " <name>ranger.plugin.hive.use.x-forwarded-for.ipaddress</name>\n" + " <value>true</value>\n" + " </property>\n" + " <property>\n" + " <name>ranger.plugin.hive.trusted.proxy.ipaddresses</name>\n" + " <value>255.255.255.255; 128.101.101.101;128.101.101.99</value>\n" + " </property>\n" + " <property>\n" + " <name>ranger.plugin.tag.attr.additional.date.formats</name>\n" + " <value>abcd||xyz||yyyy/MM/dd'T'HH:mm:ss.SSS'Z'</value>\n" + " </property>\n" + " <property>\n" + " <name>ranger.policyengine.trie.builder.thread.count</name>\n" + " <value>3</value>\n" + " </property>\n" + "</configuration>\n");
writer.close();
pluginContext.getConfig().addResource(new org.apache.hadoop.fs.Path(file.toURI()));
}
Also used :
RangerPluginConfig(org.apache.ranger.authorization.hadoop.config.RangerPluginConfig)
AuditHandler(org.apache.ranger.audit.provider.AuditHandler)
RangerDefaultAuditHandler(org.apache.ranger.plugin.audit.RangerDefaultAuditHandler)
GsonBuilder(com.google.gson.GsonBuilder)
Properties(java.util.Properties)
FileInputStream(java.io.FileInputStream)
FileOutputStream(java.io.FileOutputStream)
OutputStreamWriter(java.io.OutputStreamWriter)
AuditProviderFactory(org.apache.ranger.audit.provider.AuditProviderFactory)
File(java.io.File)
BeforeClass(org.junit.BeforeClass)
Aggregations
RangerPluginConfig (org.apache.ranger.authorization.hadoop.config.RangerPluginConfig)16
RangerPluginContext (org.apache.ranger.plugin.policyengine.RangerPluginContext)6
ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)4
GsonBuilder (com.google.gson.GsonBuilder)3
RangerDefaultAuditHandler (org.apache.ranger.plugin.audit.RangerDefaultAuditHandler)3
File (java.io.File)2
FileInputStream (java.io.FileInputStream)2
FileOutputStream (java.io.FileOutputStream)2
OutputStreamWriter (java.io.OutputStreamWriter)2
Properties (java.util.Properties)2
RangerAdminClient (org.apache.ranger.admin.client.RangerAdminClient)2
AuditHandler (org.apache.ranger.audit.provider.AuditHandler)2
AuditProviderFactory (org.apache.ranger.audit.provider.AuditProviderFactory)2
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)2
RangerAccessRequest (org.apache.ranger.plugin.policyengine.RangerAccessRequest)2
RangerPolicyEngineImpl (org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl)2
RangerPolicyEngineOptions (org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions)2
BeforeClass (org.junit.BeforeClass)2
Gson (com.google.gson.Gson)1
InputStream (java.io.InputStream)1
