Search in sources :

Example 16 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class PatchForAtlasToAddTypeRead_J10040 method updateDefaultPolicyForType.

private void updateDefaultPolicyForType() throws Exception {
    logger.info("==> updateDefaultPolicyForType() ");
    XXServiceDef xXServiceDefObj = daoMgr.getXXServiceDef().findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
    if (xXServiceDefObj == null) {
        logger.debug("ServiceDef not found with name :" + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
        return;
    }
    Long xServiceDefId = xXServiceDefObj.getId();
    List<XXService> xxServices = daoMgr.getXXService().findByServiceDefId(xServiceDefId);
    for (XXService xxService : xxServices) {
        List<XXPolicy> xxPolicies = daoMgr.getXXPolicy().findByServiceId(xxService.getId());
        for (XXPolicy xxPolicy : xxPolicies) {
            if (xxPolicy.getName().equalsIgnoreCase(ALL_TYPE_RESOURCE_DEF_NAME)) {
                RangerPolicy rPolicy = svcDBStore.getPolicy(xxPolicy.getId());
                List<RangerPolicyItem> policyItems = rPolicy.getPolicyItems();
                for (RangerPolicyItem item : policyItems) {
                    if (!checkIfTypeReadPermissionSet(item)) {
                        List<RangerPolicyItemAccess> itemAccesses = item.getAccesses();
                        itemAccesses.add(getTypeReadPolicyItemAccesses());
                        item.setAccesses(itemAccesses);
                    }
                }
                RangerPolicyItem rangerPolicyItemReadType = new RangerPolicyItem();
                rangerPolicyItemReadType.setDelegateAdmin(Boolean.FALSE);
                rangerPolicyItemReadType.setAccesses(Arrays.asList(getTypeReadPolicyItemAccesses()));
                rangerPolicyItemReadType.setGroups(Arrays.asList(GROUP_PUBLIC));
                policyItems.add(rangerPolicyItemReadType);
                svcDBStore.updatePolicy(rPolicy);
            }
        }
    }
    logger.info("<== updateDefaultPolicyForType() ");
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) XXService(org.apache.ranger.entity.XXService) XXPolicy(org.apache.ranger.entity.XXPolicy) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)

Example 17 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class UpdateUserAndGroupNamesInJson method updatePolicyItemUsersAndGroups.

private void updatePolicyItemUsersAndGroups(List<? extends RangerPolicyItem> policyItems, Map<String, String> usersInDB, Map<String, String> groupsInDB) throws Exception {
    for (RangerPolicyItem rangerPolicyItem : policyItems) {
        List<String> policyJsonUsers = rangerPolicyItem.getUsers();
        for (int i = 0; i < policyJsonUsers.size(); i++) {
            if (usersInDB.containsKey(policyJsonUsers.get(i).toLowerCase())) {
                policyJsonUsers.set(i, usersInDB.get(policyJsonUsers.get(i).toLowerCase()));
            }
        }
        List<String> policyJsonGroups = rangerPolicyItem.getGroups();
        for (int i = 0; i < policyJsonGroups.size(); i++) {
            if (groupsInDB.containsKey(policyJsonGroups.get(i).toLowerCase())) {
                policyJsonGroups.set(i, groupsInDB.get(policyJsonGroups.get(i).toLowerCase()));
            }
        }
    }
}
Also used : RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)

Example 18 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class TestRangerPolicyValidator method test_isValidPolicyItem_happPath.

@Test
public void test_isValidPolicyItem_happPath() {
    // A policy item with no access is valid if it has delegated admin turned on and one user/group specified.
    RangerPolicyItem policyItem = mock(RangerPolicyItem.class);
    when(policyItem.getAccesses()).thenReturn(null);
    when(policyItem.getDelegateAdmin()).thenReturn(true);
    // create a non-empty user-list
    List<String> users = Arrays.asList("user1");
    when(policyItem.getUsers()).thenReturn(users);
    _failures.clear();
    Assert.assertTrue(_validator.isValidPolicyItem(policyItem, _failures, _serviceDef));
    Assert.assertTrue(_failures.isEmpty());
}
Also used : RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) Test(org.junit.Test)

Example 19 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class RangerDefaultPolicyEvaluatorTest method createPolicyItemForConditions.

RangerPolicyItem createPolicyItemForConditions(String[] conditions) {
    List<RangerPolicyItemCondition> itemConditions = new ArrayList<RangerPolicy.RangerPolicyItemCondition>(conditions.length);
    for (String conditionName : conditions) {
        RangerPolicyItemCondition condition = mock(RangerPolicyItemCondition.class);
        when(condition.getType()).thenReturn(conditionName);
        itemConditions.add(condition);
    }
    RangerPolicyItem policyItem = mock(RangerPolicyItem.class);
    when(policyItem.getConditions()).thenReturn(itemConditions);
    return policyItem;
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) ArrayList(java.util.ArrayList) RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)

Example 20 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class ServiceDefUtilTest method getPolicyItem.

private RangerPolicyItem getPolicyItem() {
    RangerPolicyItem ret = new RangerPolicyItem();
    ret.getUsers().add("testUser");
    ret.getGroups().add("testGroup");
    ret.getRoles().add("testRole");
    ret.getConditions().add(new RangerPolicyItemCondition("expr", Collections.singletonList("TAG.attr1 == 'value1'")));
    return ret;
}
Also used : RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)

Aggregations

RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)85 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)65 RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)56 ArrayList (java.util.ArrayList)52 RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)35 HashMap (java.util.HashMap)34 Test (org.junit.Test)24 RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)21 VXString (org.apache.ranger.view.VXString)17 Date (java.util.Date)15 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)14 RangerService (org.apache.ranger.plugin.model.RangerService)11 LinkedHashMap (java.util.LinkedHashMap)8 ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)8 RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)7 XXServiceDef (org.apache.ranger.entity.XXServiceDef)6 IOException (java.io.IOException)5 List (java.util.List)5 XXService (org.apache.ranger.entity.XXService)5 RangerRowFilterPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)5