use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess in project ranger by apache.
the class ServiceDBStore method writeCSVForPolicyItems.
private void writeCSVForPolicyItems(RangerPolicy policy, RangerPolicyItem policyItem, RangerDataMaskPolicyItem dataMaskPolicyItem, RangerRowFilterPolicyItem rowFilterPolicyItem, StringBuilder csvBuffer, String policyConditionType) {
if (LOG.isDebugEnabled()) {
// To avoid PMD violation
LOG.debug("policyConditionType:[" + policyConditionType + "]");
}
final String COMMA_DELIMITER = "|";
final String LINE_SEPARATOR = "\n";
List<String> groups = new ArrayList<String>();
List<String> users = new ArrayList<String>();
String groupNames = "";
String userNames = "";
String policyLabelName = "";
String accessType = "";
String policyStatus = "";
String policyType = "";
Boolean delegateAdmin = false;
String isRecursive = "";
String isExcludes = "";
String serviceName = "";
String description = "";
Boolean isAuditEnabled = true;
String isExcludesValue = "";
String maskingInfo = "";
List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
List<RangerPolicyItemCondition> conditionsList = new ArrayList<RangerPolicyItemCondition>();
String conditionKeyValue = "";
String resValue = "";
String resourceKeyVal = "";
String isRecursiveValue = "";
String resKey = "";
String ServiceType = "";
String filterExpr = "";
String policyName = "";
List<String> policyLabels = new ArrayList<String>();
String policyConditionTypeValue = "";
serviceName = policy.getService();
description = policy.getDescription();
isAuditEnabled = policy.getIsAuditEnabled();
policyLabels = policy.getPolicyLabels();
StringBuffer sb = new StringBuffer();
StringBuffer sbIsRecursive = new StringBuffer();
StringBuffer sbIsExcludes = new StringBuffer();
Map<String, RangerPolicyResource> resources = policy.getResources();
RangerPolicyItemDataMaskInfo dataMaskInfo = new RangerPolicyItemDataMaskInfo();
RangerPolicyItemRowFilterInfo filterInfo = new RangerPolicyItemRowFilterInfo();
policyName = policy.getName();
policyName = policyName.replace("|", "");
if (resources != null) {
for (Entry<String, RangerPolicyResource> resource : resources.entrySet()) {
resKey = resource.getKey();
RangerPolicyResource policyResource = resource.getValue();
List<String> resvalueList = policyResource.getValues();
isExcludes = policyResource.getIsExcludes().toString();
isRecursive = policyResource.getIsRecursive().toString();
resValue = resvalueList.toString();
sb = sb.append(resourceKeyVal).append(" ").append(resKey).append("=").append(resValue);
sbIsExcludes = sbIsExcludes.append(resourceKeyVal).append(" ").append(resKey).append("=[").append(isExcludes).append("]");
sbIsRecursive = sbIsRecursive.append(resourceKeyVal).append(" ").append(resKey).append("=[").append(isRecursive).append("]");
}
isExcludesValue = sbIsExcludes.toString();
isExcludesValue = isExcludesValue.substring(1);
isRecursiveValue = sbIsRecursive.toString();
isRecursiveValue = isRecursiveValue.substring(1);
resourceKeyVal = sb.toString();
resourceKeyVal = resourceKeyVal.substring(1);
if (policyItem != null && dataMaskPolicyItem == null && rowFilterPolicyItem == null) {
groups = policyItem.getGroups();
users = policyItem.getUsers();
accesses = policyItem.getAccesses();
delegateAdmin = policyItem.getDelegateAdmin();
conditionsList = policyItem.getConditions();
} else if (dataMaskPolicyItem != null && policyItem == null && rowFilterPolicyItem == null) {
groups = dataMaskPolicyItem.getGroups();
users = dataMaskPolicyItem.getUsers();
accesses = dataMaskPolicyItem.getAccesses();
delegateAdmin = dataMaskPolicyItem.getDelegateAdmin();
conditionsList = dataMaskPolicyItem.getConditions();
dataMaskInfo = dataMaskPolicyItem.getDataMaskInfo();
String dataMaskType = dataMaskInfo.getDataMaskType();
String conditionExpr = dataMaskInfo.getConditionExpr();
String valueExpr = dataMaskInfo.getValueExpr();
maskingInfo = "dataMasktype=[" + dataMaskType + "]";
if (conditionExpr != null && !conditionExpr.isEmpty() && valueExpr != null && !valueExpr.isEmpty()) {
maskingInfo = maskingInfo + "; conditionExpr=[" + conditionExpr + "]";
}
} else if (rowFilterPolicyItem != null && policyItem == null && dataMaskPolicyItem == null) {
groups = rowFilterPolicyItem.getGroups();
users = rowFilterPolicyItem.getUsers();
accesses = rowFilterPolicyItem.getAccesses();
delegateAdmin = rowFilterPolicyItem.getDelegateAdmin();
conditionsList = rowFilterPolicyItem.getConditions();
filterInfo = rowFilterPolicyItem.getRowFilterInfo();
filterExpr = filterInfo.getFilterExpr();
}
if (CollectionUtils.isNotEmpty(accesses)) {
for (RangerPolicyItemAccess access : accesses) {
accessType = accessType + access.getType().replace("#", "").replace("|", "") + "#";
}
accessType = accessType.substring(0, accessType.lastIndexOf("#"));
}
if (CollectionUtils.isNotEmpty(groups)) {
for (String group : groups) {
group = group.replace("|", "");
group = group.replace("#", "");
groupNames = groupNames + group + "#";
}
groupNames = groupNames.substring(0, groupNames.lastIndexOf("#"));
}
if (CollectionUtils.isNotEmpty(users)) {
for (String user : users) {
user = user.replace("|", "");
user = user.replace("#", "");
userNames = userNames + user + "#";
}
userNames = userNames.substring(0, userNames.lastIndexOf("#"));
}
String conditionValue = "";
for (RangerPolicyItemCondition conditions : conditionsList) {
String conditionType = conditions.getType();
List<String> conditionList = conditions.getValues();
conditionValue = conditionList.toString();
conditionKeyValue = conditionType + "=" + conditionValue;
}
XXService xxservice = daoMgr.getXXService().findByName(policy.getService());
if (xxservice != null) {
Long ServiceId = xxservice.getType();
XXServiceDef xxservDef = daoMgr.getXXServiceDef().getById(ServiceId);
if (xxservDef != null) {
ServiceType = xxservDef.getName();
}
}
}
if (policyConditionType != null) {
policyConditionTypeValue = policyConditionType;
}
if (policyConditionType == null && ServiceType.equalsIgnoreCase("tag")) {
policyConditionTypeValue = POLICY_ALLOW_INCLUDE;
} else if (policyConditionType == null) {
policyConditionTypeValue = "";
}
if (policy.getIsEnabled()) {
policyStatus = "Enabled";
} else {
policyStatus = "Disabled";
}
int policyTypeInt = policy.getPolicyType();
switch(policyTypeInt) {
case RangerPolicy.POLICY_TYPE_ACCESS:
policyType = POLICY_TYPE_ACCESS;
break;
case RangerPolicy.POLICY_TYPE_DATAMASK:
policyType = POLICY_TYPE_DATAMASK;
break;
case RangerPolicy.POLICY_TYPE_ROWFILTER:
policyType = POLICY_TYPE_ROWFILTER;
break;
}
if (CollectionUtils.isNotEmpty(policyLabels)) {
for (String policyLabel : policyLabels) {
policyLabel = policyLabel.replace("|", "");
policyLabel = policyLabel.replace("#", "");
policyLabelName = policyLabelName + policyLabel + "#";
}
policyLabelName = policyLabelName.substring(0, policyLabelName.lastIndexOf("#"));
}
csvBuffer.append(policy.getId());
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(policyName);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(resourceKeyVal);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(groupNames);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(userNames);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(accessType.trim());
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(ServiceType);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(policyStatus);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(policyType);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(delegateAdmin.toString().toUpperCase());
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(isRecursiveValue);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(isExcludesValue);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(serviceName);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(description);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(isAuditEnabled.toString().toUpperCase());
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(conditionKeyValue.trim());
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(policyConditionTypeValue);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(maskingInfo);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(filterExpr);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(policyLabelName);
csvBuffer.append(COMMA_DELIMITER);
csvBuffer.append(LINE_SEPARATOR);
}
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess in project ranger by apache.
the class TestAssetREST method rangerPolicy.
private RangerPolicy rangerPolicy(Long id) {
List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
List<String> users = new ArrayList<String>();
List<String> groups = new ArrayList<String>();
List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>();
List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.setAccesses(accesses);
rangerPolicyItem.setConditions(conditions);
rangerPolicyItem.setGroups(groups);
rangerPolicyItem.setUsers(users);
rangerPolicyItem.setDelegateAdmin(false);
policyItems.add(rangerPolicyItem);
Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>();
RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
rangerPolicyResource.setIsExcludes(true);
rangerPolicyResource.setIsRecursive(true);
rangerPolicyResource.setValue("1");
rangerPolicyResource.setValues(users);
policyResource.put("resource", rangerPolicyResource);
RangerPolicy policy = new RangerPolicy();
policy.setId(id);
policy.setCreateTime(new Date());
policy.setDescription("policy");
policy.setGuid("policyguid");
policy.setIsEnabled(true);
policy.setName("HDFS_1-1-20150316062453");
policy.setUpdatedBy("Admin");
policy.setUpdateTime(new Date());
policy.setService("HDFS_1-1-20150316062453");
policy.setIsAuditEnabled(true);
policy.setPolicyItems(policyItems);
policy.setResources(policyResource);
policy.setService("HDFS_1");
return policy;
}
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess in project ranger by apache.
the class TestPublicAPIs method rangerPolicy.
private RangerPolicy rangerPolicy() {
List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
List<String> users = new ArrayList<String>();
List<String> groups = new ArrayList<String>();
List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>();
List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.setAccesses(accesses);
rangerPolicyItem.setConditions(conditions);
rangerPolicyItem.setGroups(groups);
rangerPolicyItem.setUsers(users);
rangerPolicyItem.setDelegateAdmin(false);
policyItems.add(rangerPolicyItem);
Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>();
RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
rangerPolicyResource.setIsExcludes(true);
rangerPolicyResource.setIsRecursive(true);
rangerPolicyResource.setValue("1");
rangerPolicyResource.setValues(users);
policyResource.put("resource", rangerPolicyResource);
RangerPolicy policy = new RangerPolicy();
policy.setId(Id);
policy.setCreateTime(new Date());
policy.setDescription("policy");
policy.setGuid("policyguid");
policy.setIsEnabled(true);
policy.setName("HDFS_1-1-20150316062453");
policy.setUpdatedBy("Admin");
policy.setUpdateTime(new Date());
policy.setService("HDFS_1-1-20150316062453");
policy.setIsAuditEnabled(true);
policy.setPolicyItems(policyItems);
policy.setResources(policyResource);
policy.setService("HDFS_1");
return policy;
}
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess in project ranger by apache.
the class TestServiceREST method test43revoke.
@Test
public void test43revoke() {
RangerPolicy existingPolicy = rangerPolicy();
List<RangerPolicyItem> policyItem = new ArrayList<RangerPolicyItem>();
existingPolicy.setPolicyItems(policyItem);
Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
RangerPolicyResource rangerPolicyResource = new RangerPolicyResource("/tmp");
rangerPolicyResource.setIsExcludes(true);
rangerPolicyResource.setIsRecursive(true);
policyResources.put("path", rangerPolicyResource);
existingPolicy.setResources(policyResources);
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("read", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("write", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("lock", true));
rangerPolicyItem.getGroups().add("group1");
rangerPolicyItem.getGroups().add("group2");
rangerPolicyItem.getUsers().add("user1");
rangerPolicyItem.getUsers().add("user2");
rangerPolicyItem.setDelegateAdmin(true);
existingPolicy.getPolicyItems().add(rangerPolicyItem);
rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("read", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("write", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("lock", true));
rangerPolicyItem.getGroups().add("group3");
rangerPolicyItem.getUsers().add("user3");
rangerPolicyItem.setDelegateAdmin(true);
existingPolicy.getPolicyItems().add(rangerPolicyItem);
rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("lock", true));
rangerPolicyItem.getGroups().add("group1");
rangerPolicyItem.getGroups().add("group2");
rangerPolicyItem.getUsers().add("user1");
rangerPolicyItem.getUsers().add("user2");
rangerPolicyItem.setDelegateAdmin(false);
existingPolicy.getAllowExceptions().add(rangerPolicyItem);
rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
rangerPolicyItem.getGroups().add("group2");
rangerPolicyItem.getUsers().add("user2");
rangerPolicyItem.setDelegateAdmin(false);
existingPolicy.getDenyPolicyItems().add(rangerPolicyItem);
rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("index", true));
rangerPolicyItem.getGroups().add("public");
rangerPolicyItem.getUsers().add("user");
rangerPolicyItem.setDelegateAdmin(false);
existingPolicy.getDenyPolicyItems().add(rangerPolicyItem);
GrantRevokeRequest revokeRequestObj = new GrantRevokeRequest();
Map<String, String> resource = new HashMap<String, String>();
resource.put("path", "/tmp");
revokeRequestObj.setResource(resource);
revokeRequestObj.getUsers().add("user1");
revokeRequestObj.getGroups().add("group1");
revokeRequestObj.getAccessTypes().add("delete");
revokeRequestObj.getAccessTypes().add("index");
revokeRequestObj.setDelegateAdmin(true);
revokeRequestObj.setEnableAudit(true);
revokeRequestObj.setIsRecursive(true);
revokeRequestObj.setGrantor("test43Revoke");
String existingPolicyStr = existingPolicy.toString();
System.out.println("existingPolicy=" + existingPolicyStr);
ServiceRESTUtil.processRevokeRequest(existingPolicy, revokeRequestObj);
String resultPolicyStr = existingPolicy.toString();
System.out.println("resultPolicy=" + resultPolicyStr);
assert (true);
}
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess in project ranger by apache.
the class TestServiceREST method test40applyPolicy.
@Test
public void test40applyPolicy() {
RangerPolicy existingPolicy = rangerPolicy();
RangerPolicy appliedPolicy = rangerPolicy();
List<RangerPolicyItem> policyItem = new ArrayList<RangerPolicyItem>();
existingPolicy.setPolicyItems(policyItem);
appliedPolicy.setPolicyItems(null);
Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
RangerPolicyResource rangerPolicyResource = new RangerPolicyResource("/tmp");
rangerPolicyResource.setIsExcludes(true);
rangerPolicyResource.setIsRecursive(true);
policyResources.put("path", rangerPolicyResource);
existingPolicy.setResources(policyResources);
appliedPolicy.setResources(policyResources);
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("read", true));
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("write", true));
rangerPolicyItem.getGroups().add("group1");
rangerPolicyItem.getGroups().add("group2");
rangerPolicyItem.getUsers().add("user1");
rangerPolicyItem.getUsers().add("user2");
rangerPolicyItem.setDelegateAdmin(true);
existingPolicy.getPolicyItems().add(rangerPolicyItem);
rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
rangerPolicyItem.getGroups().add("group1");
rangerPolicyItem.getGroups().add("public");
rangerPolicyItem.getUsers().add("user1");
rangerPolicyItem.getUsers().add("finance");
rangerPolicyItem.setDelegateAdmin(false);
appliedPolicy.getPolicyItems().add(rangerPolicyItem);
String existingPolicyStr = existingPolicy.toString();
System.out.println("existingPolicy=" + existingPolicyStr);
ServiceRESTUtil.processApplyPolicy(existingPolicy, appliedPolicy);
String resultPolicyStr = existingPolicy.toString();
System.out.println("resultPolicy=" + resultPolicyStr);
assert (true);
}
Aggregations