use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class PatchForAtlasToAddTypeRead_J10040 method updateDefaultPolicyForType.
private void updateDefaultPolicyForType() throws Exception {
logger.info("==> updateDefaultPolicyForType() ");
XXServiceDef xXServiceDefObj = daoMgr.getXXServiceDef().findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
if (xXServiceDefObj == null) {
logger.debug("ServiceDef not found with name :" + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
return;
}
Long xServiceDefId = xXServiceDefObj.getId();
List<XXService> xxServices = daoMgr.getXXService().findByServiceDefId(xServiceDefId);
for (XXService xxService : xxServices) {
List<XXPolicy> xxPolicies = daoMgr.getXXPolicy().findByServiceId(xxService.getId());
for (XXPolicy xxPolicy : xxPolicies) {
if (xxPolicy.getName().equalsIgnoreCase(ALL_TYPE_RESOURCE_DEF_NAME)) {
RangerPolicy rPolicy = svcDBStore.getPolicy(xxPolicy.getId());
List<RangerPolicyItem> policyItems = rPolicy.getPolicyItems();
for (RangerPolicyItem item : policyItems) {
if (!checkIfTypeReadPermissionSet(item)) {
List<RangerPolicyItemAccess> itemAccesses = item.getAccesses();
itemAccesses.add(getTypeReadPolicyItemAccesses());
item.setAccesses(itemAccesses);
}
}
RangerPolicyItem rangerPolicyItemReadType = new RangerPolicyItem();
rangerPolicyItemReadType.setDelegateAdmin(Boolean.FALSE);
rangerPolicyItemReadType.setAccesses(Arrays.asList(getTypeReadPolicyItemAccesses()));
rangerPolicyItemReadType.setGroups(Arrays.asList(GROUP_PUBLIC));
policyItems.add(rangerPolicyItemReadType);
svcDBStore.updatePolicy(rPolicy);
}
}
}
logger.info("<== updateDefaultPolicyForType() ");
}
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class UpdateUserAndGroupNamesInJson method updatePolicyItemUsersAndGroups.
private void updatePolicyItemUsersAndGroups(List<? extends RangerPolicyItem> policyItems, Map<String, String> usersInDB, Map<String, String> groupsInDB) throws Exception {
for (RangerPolicyItem rangerPolicyItem : policyItems) {
List<String> policyJsonUsers = rangerPolicyItem.getUsers();
for (int i = 0; i < policyJsonUsers.size(); i++) {
if (usersInDB.containsKey(policyJsonUsers.get(i).toLowerCase())) {
policyJsonUsers.set(i, usersInDB.get(policyJsonUsers.get(i).toLowerCase()));
}
}
List<String> policyJsonGroups = rangerPolicyItem.getGroups();
for (int i = 0; i < policyJsonGroups.size(); i++) {
if (groupsInDB.containsKey(policyJsonGroups.get(i).toLowerCase())) {
policyJsonGroups.set(i, groupsInDB.get(policyJsonGroups.get(i).toLowerCase()));
}
}
}
}
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class TestRangerPolicyValidator method test_isValidPolicyItem_happPath.
@Test
public void test_isValidPolicyItem_happPath() {
// A policy item with no access is valid if it has delegated admin turned on and one user/group specified.
RangerPolicyItem policyItem = mock(RangerPolicyItem.class);
when(policyItem.getAccesses()).thenReturn(null);
when(policyItem.getDelegateAdmin()).thenReturn(true);
// create a non-empty user-list
List<String> users = Arrays.asList("user1");
when(policyItem.getUsers()).thenReturn(users);
_failures.clear();
Assert.assertTrue(_validator.isValidPolicyItem(policyItem, _failures, _serviceDef));
Assert.assertTrue(_failures.isEmpty());
}
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class RangerDefaultPolicyEvaluatorTest method createPolicyItemForConditions.
RangerPolicyItem createPolicyItemForConditions(String[] conditions) {
List<RangerPolicyItemCondition> itemConditions = new ArrayList<RangerPolicy.RangerPolicyItemCondition>(conditions.length);
for (String conditionName : conditions) {
RangerPolicyItemCondition condition = mock(RangerPolicyItemCondition.class);
when(condition.getType()).thenReturn(conditionName);
itemConditions.add(condition);
}
RangerPolicyItem policyItem = mock(RangerPolicyItem.class);
when(policyItem.getConditions()).thenReturn(itemConditions);
return policyItem;
}
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class ServiceDefUtilTest method getPolicyItem.
private RangerPolicyItem getPolicyItem() {
RangerPolicyItem ret = new RangerPolicyItem();
ret.getUsers().add("testUser");
ret.getGroups().add("testGroup");
ret.getRoles().add("testRole");
ret.getConditions().add(new RangerPolicyItemCondition("expr", Collections.singletonList("TAG.attr1 == 'value1'")));
return ret;
}
Aggregations