Example 41 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class TestPublicAPIs method rangerPolicy.
private RangerPolicy rangerPolicy() {
List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
List<String> users = new ArrayList<String>();
List<String> groups = new ArrayList<String>();
List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>();
List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.setAccesses(accesses);
rangerPolicyItem.setConditions(conditions);
rangerPolicyItem.setGroups(groups);
rangerPolicyItem.setUsers(users);
rangerPolicyItem.setDelegateAdmin(false);
policyItems.add(rangerPolicyItem);
Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>();
RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
rangerPolicyResource.setIsExcludes(true);
rangerPolicyResource.setIsRecursive(true);
rangerPolicyResource.setValue("1");
rangerPolicyResource.setValues(users);
policyResource.put("resource", rangerPolicyResource);
RangerPolicy policy = new RangerPolicy();
policy.setId(Id);
policy.setCreateTime(new Date());
policy.setDescription("policy");
policy.setGuid("policyguid");
policy.setIsEnabled(true);
policy.setName("HDFS_1-1-20150316062453");
policy.setUpdatedBy("Admin");
policy.setUpdateTime(new Date());
policy.setService("HDFS_1-1-20150316062453");
policy.setIsAuditEnabled(true);
policy.setPolicyItems(policyItems);
policy.setResources(policyResource);
policy.setService("HDFS_1");
return policy;
}
Also used :
HashMap(java.util.HashMap)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
ArrayList(java.util.ArrayList)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
Date(java.util.Date)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
Example 42 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class RangerPolicyService method compareTwoPolicyItemList.
private boolean compareTwoPolicyItemList(String value, String oldValue) {
if (value == null && oldValue == null) {
return true;
}
if (value == "" && oldValue == "") {
return true;
}
if (stringUtil.isEmpty(value) || stringUtil.isEmpty(oldValue)) {
return false;
}
ObjectMapper mapper = JsonUtilsV2.getMapper();
try {
List<RangerPolicyItem> obj = mapper.readValue(value, new TypeReference<List<RangerPolicyItem>>() {
});
List<RangerPolicyItem> oldObj = mapper.readValue(oldValue, new TypeReference<List<RangerPolicyItem>>() {
});
int oldListSize = oldObj.size();
int listSize = obj.size();
if (oldListSize != listSize) {
return false;
}
for (RangerPolicyItem polItem : obj) {
if (!oldObj.contains(polItem)) {
return false;
}
}
return true;
} catch (JsonParseException e) {
throw restErrorUtil.createRESTException("Invalid input data: " + e.getMessage(), MessageEnums.INVALID_INPUT_DATA);
} catch (JsonMappingException e) {
throw restErrorUtil.createRESTException("Invalid input data: " + e.getMessage(), MessageEnums.INVALID_INPUT_DATA);
} catch (IOException e) {
throw restErrorUtil.createRESTException("Invalid input data: " + e.getMessage(), MessageEnums.INVALID_INPUT_DATA);
}
}
Also used :
JsonMappingException(org.codehaus.jackson.map.JsonMappingException)
ArrayList(java.util.ArrayList)
List(java.util.List)
IOException(java.io.IOException)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
JsonParseException(org.codehaus.jackson.JsonParseException)
ObjectMapper(org.codehaus.jackson.map.ObjectMapper)
Example 43 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class RangerServiceYarn method getDefaultRangerPolicies.
public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceYarn.getDefaultRangerPolicies() ");
}
List<RangerPolicy> ret = super.getDefaultRangerPolicies();
String queueResourceName = RangerYarnAuthorizer.KEY_RESOURCE_QUEUE;
for (RangerPolicy defaultPolicy : ret) {
if (defaultPolicy.getName().contains("all")) {
RangerPolicy.RangerPolicyResource queuePolicyResource = defaultPolicy.getResources().get(queueResourceName);
if (StringUtils.isNotBlank(lookUpUser)) {
RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
policyItemForLookupUser.setAccesses(Collections.singletonList(new RangerPolicyItemAccess(ACCESS_TYPE_SUBMIT_APP)));
policyItemForLookupUser.setDelegateAdmin(false);
defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
}
if (queuePolicyResource != null) {
List<RangerServiceDef.RangerResourceDef> resourceDefs = serviceDef.getResources();
RangerServiceDef.RangerResourceDef queueResourceDef = null;
for (RangerServiceDef.RangerResourceDef resourceDef : resourceDefs) {
if (resourceDef.getName().equals(queueResourceName)) {
queueResourceDef = resourceDef;
break;
}
}
if (queueResourceDef != null) {
queuePolicyResource.setValue(RangerAbstractResourceMatcher.WILDCARD_ASTERISK);
} else {
LOG.warn("No resourceDef found in YARN service-definition for '" + queueResourceName + "'");
}
} else {
LOG.warn("No '" + queueResourceName + "' found in default policy");
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceYarn.getDefaultRangerPolicies() : " + ret);
}
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
Example 44 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class RangerServiceStorm method getDefaultRangerPolicies.
@Override
public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceStorm.getDefaultRangerPolicies()");
}
List<RangerPolicy> ret = super.getDefaultRangerPolicies();
for (RangerPolicy defaultPolicy : ret) {
if (defaultPolicy.getName().contains("all") && StringUtils.isNotBlank(lookUpUser)) {
List<RangerPolicyItemAccess> accessListForLookupUser = new ArrayList<RangerPolicyItemAccess>();
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_GET_TOPOLOGY));
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_GET_TOPOLOGY_CONF));
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_GET_USER_TOPOLOGY));
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_GET_TOPOLOGY_INFO));
RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
policyItemForLookupUser.setAccesses(accessListForLookupUser);
policyItemForLookupUser.setDelegateAdmin(false);
defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceStorm.getDefaultRangerPolicies()");
}
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
ArrayList(java.util.ArrayList)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
Example 45 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class RangerServiceHdfs method getDefaultRangerPolicies.
@Override
public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceHdfs.getDefaultRangerPolicies() ");
}
List<RangerPolicy> ret = super.getDefaultRangerPolicies();
String pathResourceName = RangerHdfsAuthorizer.KEY_RESOURCE_PATH;
for (RangerPolicy defaultPolicy : ret) {
if (defaultPolicy.getName().contains("all")) {
if (StringUtils.isNotBlank(lookUpUser)) {
RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
policyItemForLookupUser.setAccesses(Collections.singletonList(new RangerPolicyItemAccess(ACCESS_TYPE_READ)));
policyItemForLookupUser.setDelegateAdmin(false);
defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
}
RangerPolicy.RangerPolicyResource pathPolicyResource = defaultPolicy.getResources().get(pathResourceName);
if (pathPolicyResource != null) {
List<RangerServiceDef.RangerResourceDef> resourceDefs = serviceDef.getResources();
RangerServiceDef.RangerResourceDef pathResourceDef = null;
for (RangerServiceDef.RangerResourceDef resourceDef : resourceDefs) {
if (resourceDef.getName().equals(pathResourceName)) {
pathResourceDef = resourceDef;
break;
}
}
if (pathResourceDef != null) {
String pathSeparator = pathResourceDef.getMatcherOptions().get(RangerPathResourceMatcher.OPTION_PATH_SEPARATOR);
if (StringUtils.isBlank(pathSeparator)) {
pathSeparator = Character.toString(RangerPathResourceMatcher.DEFAULT_PATH_SEPARATOR_CHAR);
}
String value = pathSeparator + RangerAbstractResourceMatcher.WILDCARD_ASTERISK;
pathPolicyResource.setValue(value);
} else {
LOG.warn("No resourceDef found in HDFS service-definition for '" + pathResourceName + "'");
}
} else {
LOG.warn("No '" + pathResourceName + "' found in default policy");
}
}
}
try {
RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef);
for (List<RangerServiceDef.RangerResourceDef> aHierarchy : serviceDefHelper.filterHierarchies_containsOnlyMandatoryResources(RangerPolicy.POLICY_TYPE_ACCESS)) {
// we need to create one policy for keyadmin user for audit to HDFS
RangerPolicy policy = getPolicyForKMSAudit(aHierarchy);
if (policy != null) {
ret.add(policy);
}
// default policy for hbase user to have access on archive location
RangerPolicy hbaseArchivePolicy = getPolicyForHBaseArchive(aHierarchy);
if (hbaseArchivePolicy != null) {
ret.add(hbaseArchivePolicy);
}
}
} catch (Exception e) {
LOG.error("Error creating policy for keyadmin for audit to HDFS : " + service.getName(), e);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceHdfs.getDefaultRangerPolicies() : " + ret);
}
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
HadoopException(org.apache.ranger.plugin.client.HadoopException)
Aggregations
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)85
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)65
RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)56
ArrayList (java.util.ArrayList)52
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)35
HashMap (java.util.HashMap)34
Test (org.junit.Test)24
RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)21
VXString (org.apache.ranger.view.VXString)17
Date (java.util.Date)15
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)14
RangerService (org.apache.ranger.plugin.model.RangerService)11
LinkedHashMap (java.util.LinkedHashMap)8
ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)8
RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)7
XXServiceDef (org.apache.ranger.entity.XXServiceDef)6
IOException (java.io.IOException)5
List (java.util.List)5
XXService (org.apache.ranger.entity.XXService)5
RangerRowFilterPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)5
