Examples with RangerPolicyItem org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem used on opensource projects

Search in sources :

Example 61 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class PatchForUpdatingPolicyJson_J10019 method buildLists.

private void buildLists(List<? extends RangerPolicyItem> policyItems, Set<String> accesses, Set<String> conditions, Set<String> users, Set<String> groups) {
    for (RangerPolicyItem item : policyItems) {
        for (RangerPolicyItemAccess policyAccess : item.getAccesses()) {
            accesses.add(policyAccess.getType());
        }
        for (RangerPolicyItemCondition policyCondition : item.getConditions()) {
            conditions.add(policyCondition.getType());
        }
        users.addAll(item.getUsers());
        groups.addAll(item.getGroups());
    }
}
Also used : RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)

Example 62 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class RangerBaseService method addCustomRangerDefaultPolicies.

private void addCustomRangerDefaultPolicies(List<RangerPolicy> ret, Map<String, RangerPolicy.RangerPolicyResource> policyResourceMap, String policyPropertyPrefix) throws Exception {
    String policyName = configs.get(policyPropertyPrefix + PROP_DEFAULT_POLICY_NAME_SUFFIX);
    String description = configs.get(policyPropertyPrefix + "description");
    if (StringUtils.isEmpty(description)) {
        description = "Policy for " + policyName;
    }
    RangerPolicy policy = new RangerPolicy();
    policy.setName(policyName);
    policy.setIsEnabled(true);
    policy.setVersion(1L);
    policy.setIsAuditEnabled(true);
    policy.setService(serviceName);
    policy.setDescription(description);
    policy.setName(policyName);
    policy.setResources(policyResourceMap);
    for (int i = 1; ; i++) {
        String policyItemPropertyPrefix = policyPropertyPrefix + "policyItem." + i + ".";
        String policyItemUsers = configs.get(policyItemPropertyPrefix + "users");
        String policyItemGroups = configs.get(policyItemPropertyPrefix + "groups");
        String policyItemRoles = configs.get(policyItemPropertyPrefix + "roles");
        String policyItemAccessTypes = configs.get(policyItemPropertyPrefix + "accessTypes");
        String isDelegateAdmin = configs.get(policyItemPropertyPrefix + "isDelegateAdmin");
        if (StringUtils.isEmpty(policyItemAccessTypes) || (StringUtils.isEmpty(policyItemUsers) && StringUtils.isEmpty(policyItemGroups) && StringUtils.isEmpty(policyItemRoles))) {
            break;
        }
        RangerPolicyItem policyItem = new RangerPolicyItem();
        policyItem.setDelegateAdmin(Boolean.parseBoolean(isDelegateAdmin));
        if (StringUtils.isNotBlank(policyItemUsers)) {
            policyItem.setUsers(Arrays.asList(policyItemUsers.split(",")));
        }
        if (StringUtils.isNotBlank(policyItemGroups)) {
            policyItem.setGroups(Arrays.asList(policyItemGroups.split(",")));
        }
        if (StringUtils.isNotBlank(policyItemRoles)) {
            policyItem.setRoles(Arrays.asList(policyItemRoles.split(",")));
        }
        if (StringUtils.isNotBlank(policyItemAccessTypes)) {
            for (String accessType : Arrays.asList(policyItemAccessTypes.split(","))) {
                RangerPolicyItemAccess polAccess = new RangerPolicyItemAccess(accessType, true);
                policyItem.getAccesses().add(polAccess);
            }
        }
        policy.getPolicyItems().add(policyItem);
    }
    LOG.info(getServiceName() + ": adding default policy: name=" + policy.getName());
    ret.add(policy);
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)

Example 63 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class AbstractPredicateUtil method addPredicateForUserName.

private Predicate addPredicateForUserName(final String userName, List<Predicate> predicates) {
    if (StringUtils.isEmpty(userName)) {
        return null;
    }
    Predicate ret = new Predicate() {

        @Override
        public boolean evaluate(Object object) {
            if (object == null) {
                return false;
            }
            boolean ret = false;
            if (object instanceof RangerPolicy) {
                RangerPolicy policy = (RangerPolicy) object;
                List<?>[] policyItemsList = new List<?>[] { policy.getPolicyItems(), policy.getDenyPolicyItems(), policy.getAllowExceptions(), policy.getDenyExceptions(), policy.getDataMaskPolicyItems(), policy.getRowFilterPolicyItems() };
                for (List<?> policyItemsObj : policyItemsList) {
                    @SuppressWarnings("unchecked") List<RangerPolicyItem> policyItems = (List<RangerPolicyItem>) policyItemsObj;
                    for (RangerPolicyItem policyItem : policyItems) {
                        if (!policyItem.getUsers().isEmpty()) {
                            for (String user : policyItem.getUsers()) {
                                if (StringUtils.containsIgnoreCase(user, userName)) {
                                    ret = true;
                                    break;
                                }
                            }
                        }
                    }
                    if (ret) {
                        break;
                    }
                }
            } else {
                ret = true;
            }
            return ret;
        }
    };
    if (predicates != null) {
        predicates.add(ret);
    }
    return ret;
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerBaseModelObject(org.apache.ranger.plugin.model.RangerBaseModelObject) ArrayList(java.util.ArrayList) List(java.util.List) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) Predicate(org.apache.commons.collections.Predicate)

Example 64 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class RangerServiceOzone method getDefaultRangerPolicies.

@Override
public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerServiceOzone.getDefaultRangerPolicies() ");
    }
    List<RangerPolicy> ret = super.getDefaultRangerPolicies();
    for (RangerPolicy defaultPolicy : ret) {
        if (defaultPolicy.getName().startsWith("all")) {
            RangerPolicyItem policyItemOwner = new RangerPolicyItem();
            policyItemOwner.setUsers(Collections.singletonList(RangerPolicyEngine.RESOURCE_OWNER));
            policyItemOwner.setAccesses(Collections.singletonList(new RangerPolicyItemAccess(ACCESS_TYPE_ALL)));
            policyItemOwner.setDelegateAdmin(true);
            defaultPolicy.getPolicyItems().add(policyItemOwner);
            if (StringUtils.isNotBlank(lookUpUser)) {
                RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
                List<RangerPolicy.RangerPolicyItemAccess> accessListForLookupUser = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
                accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_READ));
                accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_WRITE));
                accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_CREATE));
                accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_LIST));
                accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_DELETE));
                accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_READ_ACL));
                accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_WRITE_ACL));
                accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_ALL));
                policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
                policyItemForLookupUser.setAccesses(accessListForLookupUser);
                policyItemForLookupUser.setDelegateAdmin(false);
                defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerServiceOzone.getDefaultRangerPolicies() : " + ret);
    }
    return ret;
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) ArrayList(java.util.ArrayList) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)

Example 65 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class ValidationTestUtils method createPolicyItems.

List<RangerPolicyItem> createPolicyItems(Object[] data) {
    List<RangerPolicyItem> policyItems = new ArrayList<>();
    for (Object object : data) {
        @SuppressWarnings("unchecked") Map<String, Object[]> map = (Map<String, Object[]>) object;
        RangerPolicyItem policyItem = mock(RangerPolicyItem.class);
        List<String> usersList = null;
        if (map.containsKey("users")) {
            usersList = Arrays.asList((String[]) map.get("users"));
        }
        when(policyItem.getUsers()).thenReturn(usersList);
        List<String> groupsList = null;
        if (map.containsKey("groups")) {
            groupsList = Arrays.asList((String[]) map.get("groups"));
        }
        when(policyItem.getGroups()).thenReturn(groupsList);
        String[] accesses = (String[]) map.get("accesses");
        Boolean[] isAllowedFlags = (Boolean[]) map.get("isAllowed");
        List<RangerPolicyItemAccess> accessesList = null;
        if (accesses != null && isAllowedFlags != null) {
            accessesList = new ArrayList<>();
            for (int i = 0; i < accesses.length; i++) {
                String access = accesses[i];
                Boolean isAllowed = isAllowedFlags[i];
                RangerPolicyItemAccess itemAccess = mock(RangerPolicyItemAccess.class);
                when(itemAccess.getType()).thenReturn(access);
                when(itemAccess.getIsAllowed()).thenReturn(isAllowed);
                accessesList.add(itemAccess);
            }
        }
        when(policyItem.getAccesses()).thenReturn(accessesList);
        policyItems.add(policyItem);
    }
    return policyItems;
}
Also used : ArrayList(java.util.ArrayList) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)85 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)65 RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)56 ArrayList (java.util.ArrayList)52 RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)35 HashMap (java.util.HashMap)34 Test (org.junit.Test)24 RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)21 VXString (org.apache.ranger.view.VXString)17 Date (java.util.Date)15 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)14 RangerService (org.apache.ranger.plugin.model.RangerService)11 LinkedHashMap (java.util.LinkedHashMap)8 ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)8 RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)7 XXServiceDef (org.apache.ranger.entity.XXServiceDef)6 IOException (java.io.IOException)5 List (java.util.List)5 XXService (org.apache.ranger.entity.XXService)5 RangerRowFilterPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial