Example 11 with XXResource
use of org.apache.ranger.entity.XXResource in project ranger by apache.
the class TestRangerBizUtil method testMatchHivePolicy.
@Test
public void testMatchHivePolicy() {
List<XXResource> xResourceList = new ArrayList<XXResource>();
XXResource xXResource = new XXResource();
xXResource.setId(5L);
xXResource.setName(resourceName);
xXResource.setIsRecursive(AppConstants.BOOL_TRUE);
xXResource.setResourceStatus(AppConstants.STATUS_ENABLED);
xResourceList.add(xXResource);
Mockito.when(stringUtil.split(Mockito.anyString(), Mockito.anyString())).thenReturn(new String[0]);
boolean bnlChk = rangerBizUtil.matchHivePolicy("/*/*/*", xResourceList, id, 17);
Mockito.verify(stringUtil).split(Mockito.anyString(), Mockito.anyString());
Assert.assertFalse(bnlChk);
}
Also used :
XXResource(org.apache.ranger.entity.XXResource)
ArrayList(java.util.ArrayList)
Test(org.junit.Test)
Example 12 with XXResource
use of org.apache.ranger.entity.XXResource in project ranger by apache.
the class XUserMgr method searchXAuditMaps.
public VXAuditMapList searchXAuditMaps(SearchCriteria searchCriteria) {
VXAuditMapList returnList;
UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
// If user is system admin
if (currentUserSession != null && currentUserSession.isUserAdmin()) {
returnList = super.searchXAuditMaps(searchCriteria);
} else {
returnList = new VXAuditMapList();
int startIndex = searchCriteria.getStartIndex();
int pageSize = searchCriteria.getMaxRows();
searchCriteria.setStartIndex(0);
searchCriteria.setMaxRows(Integer.MAX_VALUE);
List<VXAuditMap> resultList = xAuditMapService.searchXAuditMaps(searchCriteria).getVXAuditMaps();
List<VXAuditMap> adminAuditResourceList = new ArrayList<VXAuditMap>();
for (VXAuditMap xXAuditMap : resultList) {
XXResource xRes = daoManager.getXXResource().getById(xXAuditMap.getResourceId());
VXResponse vXResponse = msBizUtil.hasPermission(xResourceService.populateViewBean(xRes), AppConstants.XA_PERM_TYPE_ADMIN);
if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) {
adminAuditResourceList.add(xXAuditMap);
}
}
if (adminAuditResourceList.size() > 0) {
populatePageList(adminAuditResourceList, startIndex, pageSize, returnList);
}
}
return returnList;
}
Also used :
XXResource(org.apache.ranger.entity.XXResource)
ArrayList(java.util.ArrayList)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Example 13 with XXResource
use of org.apache.ranger.entity.XXResource in project ranger by apache.
the class XUserMgr method searchXPermMaps.
public VXPermMapList searchXPermMaps(SearchCriteria searchCriteria) {
VXPermMapList returnList;
UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
// If user is system admin
if (currentUserSession != null && currentUserSession.isUserAdmin()) {
returnList = super.searchXPermMaps(searchCriteria);
} else {
returnList = new VXPermMapList();
int startIndex = searchCriteria.getStartIndex();
int pageSize = searchCriteria.getMaxRows();
searchCriteria.setStartIndex(0);
searchCriteria.setMaxRows(Integer.MAX_VALUE);
List<VXPermMap> resultList = xPermMapService.searchXPermMaps(searchCriteria).getVXPermMaps();
List<VXPermMap> adminPermResourceList = new ArrayList<VXPermMap>();
for (VXPermMap xXPermMap : resultList) {
XXResource xRes = daoManager.getXXResource().getById(xXPermMap.getResourceId());
VXResponse vXResponse = msBizUtil.hasPermission(xResourceService.populateViewBean(xRes), AppConstants.XA_PERM_TYPE_ADMIN);
if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) {
adminPermResourceList.add(xXPermMap);
}
}
if (adminPermResourceList.size() > 0) {
populatePageList(adminPermResourceList, startIndex, pageSize, returnList);
}
}
return returnList;
}
Also used :
XXResource(org.apache.ranger.entity.XXResource)
ArrayList(java.util.ArrayList)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Example 14 with XXResource
use of org.apache.ranger.entity.XXResource in project ranger by apache.
the class RangerBizUtil method matchStormPolicy.
/**
* returns true if user is having required permission on given STORM
* resource
*
* @param resourceName
* @param xResourceList
* @param xUserId
* @param permission
* @return
*/
private boolean matchStormPolicy(String resourceName, List<XXResource> xResourceList, Long xUserId, int permission) {
String[] splittedResources = stringUtil.split(resourceName, fileSeparator);
int numberOfResources = splittedResources.length;
if (numberOfResources < 1 || numberOfResources > 3) {
logger.debug("Invalid policy name : " + resourceName);
return false;
}
boolean policyMatched = false;
// of provided resource list
for (XXResource xResource : xResourceList) {
if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) {
continue;
}
Long resourceId = xResource.getId();
boolean hasPermission = checkUsrPermForPolicy(xUserId, permission, resourceId);
// resource
if (hasPermission) {
String[] xTopologies = (xResource.getTopologies() == null || "".equalsIgnoreCase(xResource.getTopologies())) ? null : stringUtil.split(xResource.getTopologies(), ",");
/*
* String[] xServices = (xResource.getServices() == null ||
* xResource .getServices().equalsIgnoreCase("")) ? null :
* stringUtil.split(xResource.getServices(), ",");
*/
boolean matchFound = false;
for (int index = 0; index < numberOfResources; index++) {
matchFound = false;
// existing topology resource
if (index == 0) {
if (xTopologies != null) {
for (String xTopology : xTopologies) {
if (matchPath(splittedResources[index], xTopology)) {
matchFound = true;
continue;
}
}
}
}
// check whether given service resource matches with
// any existing service resource
/*
* else if (index == 1) { if(xServices!=null){ for (String
* xService : xServices) { if
* (matchPath(splittedResources[index], xService)) {
* matchFound = true; continue; } } } }
*/
}
if (matchFound) {
policyMatched = true;
break;
}
}
}
return policyMatched;
}
Also used :
XXResource(org.apache.ranger.entity.XXResource)
VXString(org.apache.ranger.view.VXString)
Example 15 with XXResource
use of org.apache.ranger.entity.XXResource in project ranger by apache.
the class RangerBizUtil method matchHbasePolicy.
/**
* returns true if user is having required permission on given Hbase
* resource
*
* @param resourceName
* @param xResourceList
* @param vXResponse
* @param xUserId
* @param permission
* @return
*/
public boolean matchHbasePolicy(String resourceName, List<XXResource> xResourceList, VXResponse vXResponse, Long xUserId, int permission) {
if (stringUtil.isEmpty(resourceName) || xResourceList == null || xUserId == null) {
return false;
}
String[] splittedResources = stringUtil.split(resourceName, fileSeparator);
if (splittedResources.length < 1 || splittedResources.length > 3) {
logger.debug("Invalid resourceName name : " + resourceName);
return false;
}
String tblName = splittedResources.length > 0 ? splittedResources[0] : StringUtil.WILDCARD_ASTERISK;
String colFamName = splittedResources.length > 1 ? splittedResources[1] : StringUtil.WILDCARD_ASTERISK;
String colName = splittedResources.length > 2 ? splittedResources[2] : StringUtil.WILDCARD_ASTERISK;
boolean policyMatched = false;
// of provided resource list
for (XXResource xResource : xResourceList) {
if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) {
continue;
}
Long resourceId = xResource.getId();
boolean hasPermission = checkUsrPermForPolicy(xUserId, permission, resourceId);
// columns list from resource
if (!hasPermission) {
continue;
}
// 1. does the policy match the table?
String[] xTables = stringUtil.isEmpty(xResource.getTables()) ? null : stringUtil.split(xResource.getTables(), ",");
boolean matchFound = (xTables == null || xTables.length == 0) || matchPath(tblName, xTables);
if (matchFound) {
// 2. does the policy match the column?
String[] xColumnFamilies = stringUtil.isEmpty(xResource.getColumnFamilies()) ? null : stringUtil.split(xResource.getColumnFamilies(), ",");
matchFound = (xColumnFamilies == null || xColumnFamilies.length == 0) || matchPath(colFamName, xColumnFamilies);
if (matchFound) {
// 3. does the policy match the columnFamily?
String[] xColumns = stringUtil.isEmpty(xResource.getColumns()) ? null : stringUtil.split(xResource.getColumns(), ",");
matchFound = (xColumns == null || xColumns.length == 0) || matchPath(colName, xColumns);
}
}
if (matchFound) {
policyMatched = true;
break;
}
}
return policyMatched;
}
Also used :
XXResource(org.apache.ranger.entity.XXResource)
VXString(org.apache.ranger.view.VXString)
Aggregations
XXResource (org.apache.ranger.entity.XXResource)19
ArrayList (java.util.ArrayList)11
VXString (org.apache.ranger.view.VXString)6
Test (org.junit.Test)6
VXResponse (org.apache.ranger.view.VXResponse)5
XXAsset (org.apache.ranger.entity.XXAsset)4
List (java.util.List)3
SearchCriteria (org.apache.ranger.common.SearchCriteria)3
UserSessionBase (org.apache.ranger.common.UserSessionBase)3
VXResource (org.apache.ranger.view.VXResource)3
VXResourceList (org.apache.ranger.view.VXResourceList)3
XXResourceDao (org.apache.ranger.db.XXResourceDao)2
XXUserDao (org.apache.ranger.db.XXUserDao)2
XXPolicy (org.apache.ranger.entity.XXPolicy)2
XXUser (org.apache.ranger.entity.XXUser)2
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)2
VXAuditMapList (org.apache.ranger.view.VXAuditMapList)2
VXPermMap (org.apache.ranger.view.VXPermMap)2
VXPermMapList (org.apache.ranger.view.VXPermMapList)2
VXPolicyList (org.apache.ranger.view.VXPolicyList)2
