Examples with RangerConditionEvaluator org.apache.ranger.plugin.conditionevaluator.RangerConditionEvaluator used on opensource projects

Search in sources :

Example 1 with RangerConditionEvaluator

use of org.apache.ranger.plugin.conditionevaluator.RangerConditionEvaluator in project ranger by apache.

the class RangerDefaultPolicyItemEvaluator method init.

public void init() {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerDefaultPolicyItemEvaluator(policyId=" + policyId + ", policyItem=" + policyItem + ", serviceType=" + getServiceType() + ", conditionsDisabled=" + getConditionsDisabledOption() + ")");
    }
    Set<String> accessPerms = new HashSet<String>();
    List<RangerPolicy.RangerPolicyItemAccess> policyItemAccesses = policyItem.getAccesses();
    for (RangerPolicy.RangerPolicyItemAccess policyItemAccess : policyItemAccesses) {
        if (policyItemAccess.getIsAllowed()) {
            accessPerms.add(policyItemAccess.getType());
        }
    }
    hasAllPerms = true;
    List<RangerServiceDef.RangerAccessTypeDef> serviceAccessTypes = serviceDef.getAccessTypes();
    for (RangerServiceDef.RangerAccessTypeDef serviceAccessType : serviceAccessTypes) {
        String serviceAccessTypeName = serviceAccessType.getName();
        if (!accessPerms.contains(serviceAccessTypeName)) {
            hasAllPerms = false;
            break;
        }
    }
    if (!getConditionsDisabledOption() && CollectionUtils.isNotEmpty(policyItem.getConditions())) {
        conditionEvaluators = new ArrayList<>();
        RangerPerfTracer perf = null;
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYITEM_INIT_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_POLICYITEM_INIT_LOG, "RangerPolicyItemEvaluator.init(policyId=" + policyId + ",policyItemIndex=" + getPolicyItemIndex() + ")");
        }
        for (RangerPolicyItemCondition condition : policyItem.getConditions()) {
            RangerPolicyConditionDef conditionDef = getConditionDef(condition.getType());
            if (conditionDef == null) {
                LOG.error("RangerDefaultPolicyItemEvaluator(policyId=" + policyId + "): conditionDef '" + condition.getType() + "' not found. Ignoring the condition");
                continue;
            }
            RangerConditionEvaluator conditionEvaluator = newConditionEvaluator(conditionDef.getEvaluator());
            if (conditionEvaluator != null) {
                conditionEvaluator.setServiceDef(serviceDef);
                conditionEvaluator.setConditionDef(conditionDef);
                conditionEvaluator.setPolicyItemCondition(condition);
                RangerPerfTracer perfConditionInit = null;
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYCONDITION_INIT_LOG)) {
                    perfConditionInit = RangerPerfTracer.getPerfTracer(PERF_POLICYCONDITION_INIT_LOG, "RangerConditionEvaluator.init(policyId=" + policyId + ",policyItemIndex=" + getPolicyItemIndex() + ",policyConditionType=" + condition.getType() + ")");
                }
                conditionEvaluator.init();
                RangerPerfTracer.log(perfConditionInit);
                conditionEvaluators.add(conditionEvaluator);
            } else {
                LOG.error("RangerDefaultPolicyItemEvaluator(policyId=" + policyId + "): failed to instantiate condition evaluator '" + condition.getType() + "'; evaluatorClassName='" + conditionDef.getEvaluator() + "'");
            }
        }
        RangerPerfTracer.log(perf);
    }
    List<String> users = policyItem.getUsers();
    this.hasCurrentUser = CollectionUtils.isNotEmpty(users) && users.contains(RangerPolicyEngine.USER_CURRENT);
    this.hasResourceOwner = CollectionUtils.isNotEmpty(users) && users.contains(RangerPolicyEngine.RESOURCE_OWNER);
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerDefaultPolicyItemEvaluator(policyId=" + policyId + ", conditionsCount=" + getConditionEvaluators().size() + ")");
    }
}
Also used : RangerConditionEvaluator(org.apache.ranger.plugin.conditionevaluator.RangerConditionEvaluator) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) HashSet(java.util.HashSet)

Example 2 with RangerConditionEvaluator

use of org.apache.ranger.plugin.conditionevaluator.RangerConditionEvaluator in project ranger by apache.

the class RangerDefaultPolicyItemEvaluator method matchCustomConditions.

@Override
public boolean matchCustomConditions(RangerAccessRequest request) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerDefaultPolicyItemEvaluator.matchCustomConditions(" + request + ")");
    }
    boolean ret = true;
    if (CollectionUtils.isNotEmpty(conditionEvaluators)) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("RangerDefaultPolicyItemEvaluator.matchCustomConditions(): conditionCount=" + conditionEvaluators.size());
        }
        for (RangerConditionEvaluator conditionEvaluator : conditionEvaluators) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("evaluating condition: " + conditionEvaluator);
            }
            RangerPerfTracer perf = null;
            if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYCONDITION_REQUEST_LOG)) {
                String conditionType = null;
                if (conditionEvaluator instanceof RangerAbstractConditionEvaluator) {
                    conditionType = ((RangerAbstractConditionEvaluator) conditionEvaluator).getPolicyItemCondition().getType();
                }
                perf = RangerPerfTracer.getPerfTracer(PERF_POLICYCONDITION_REQUEST_LOG, "RangerConditionEvaluator.matchCondition(policyId=" + policyId + ",policyItemIndex=" + getPolicyItemIndex() + ",policyConditionType=" + conditionType + ")");
            }
            boolean conditionEvalResult = conditionEvaluator.isMatched(request);
            RangerPerfTracer.log(perf);
            if (!conditionEvalResult) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug(conditionEvaluator + " returned false");
                }
                ret = false;
                break;
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerDefaultPolicyItemEvaluator.matchCustomConditions(" + request + "): " + ret);
    }
    return ret;
}
Also used : RangerAbstractConditionEvaluator(org.apache.ranger.plugin.conditionevaluator.RangerAbstractConditionEvaluator) RangerConditionEvaluator(org.apache.ranger.plugin.conditionevaluator.RangerConditionEvaluator) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)

Example 3 with RangerConditionEvaluator

use of org.apache.ranger.plugin.conditionevaluator.RangerConditionEvaluator in project ranger by apache.

the class RangerDefaultPolicyItemEvaluator method newConditionEvaluator.

RangerConditionEvaluator newConditionEvaluator(String className) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerDefaultPolicyItemEvaluator.newConditionEvaluator(" + className + ")");
    }
    RangerConditionEvaluator evaluator = null;
    try {
        @SuppressWarnings("unchecked") Class<RangerConditionEvaluator> matcherClass = (Class<RangerConditionEvaluator>) Class.forName(className);
        evaluator = matcherClass.newInstance();
    } catch (Throwable t) {
        LOG.error("RangerDefaultPolicyItemEvaluator.newConditionEvaluator(" + className + "): error instantiating evaluator", t);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerDefaultPolicyItemEvaluator.newConditionEvaluator(" + className + "): " + evaluator);
    }
    return evaluator;
}
Also used : RangerConditionEvaluator(org.apache.ranger.plugin.conditionevaluator.RangerConditionEvaluator)

Aggregations

RangerConditionEvaluator (org.apache.ranger.plugin.conditionevaluator.RangerConditionEvaluator)3 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)2 HashSet (java.util.HashSet)1 RangerAbstractConditionEvaluator (org.apache.ranger.plugin.conditionevaluator.RangerAbstractConditionEvaluator)1 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)1 RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)1 RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)1 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)1 RangerPolicyConditionDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial