Example 21 with RangerPolicyItemAccess
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess in project ranger by apache.
the class ServiceDBStore method createNewPolicyItemForPolicy.
private XXPolicyItem createNewPolicyItemForPolicy(RangerPolicy policy, XXPolicy xPolicy, RangerPolicyItem policyItem, XXServiceDef xServiceDef, int itemOrder, int policyItemType) throws Exception {
XXPolicyItem xPolicyItem = new XXPolicyItem();
xPolicyItem = rangerAuditFields.populateAuditFields(xPolicyItem, xPolicy);
xPolicyItem.setDelegateAdmin(policyItem.getDelegateAdmin());
xPolicyItem.setItemType(policyItemType);
xPolicyItem.setIsEnabled(Boolean.TRUE);
xPolicyItem.setComments(null);
xPolicyItem.setPolicyId(policy.getId());
xPolicyItem.setOrder(itemOrder);
xPolicyItem = daoMgr.getXXPolicyItem().create(xPolicyItem);
List<RangerPolicyItemAccess> accesses = policyItem.getAccesses();
for (int i = 0; i < accesses.size(); i++) {
RangerPolicyItemAccess access = accesses.get(i);
XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef().findByNameAndServiceId(access.getType(), xPolicy.getService());
if (xAccTypeDef == null) {
throw new Exception(access.getType() + ": is not a valid access-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyItemAccess xPolItemAcc = new XXPolicyItemAccess();
xPolItemAcc = (XXPolicyItemAccess) rangerAuditFields.populateAuditFields(xPolItemAcc, xPolicyItem);
xPolItemAcc.setIsAllowed(access.getIsAllowed());
xPolItemAcc.setType(xAccTypeDef.getId());
xPolItemAcc.setPolicyitemid(xPolicyItem.getId());
xPolItemAcc.setOrder(i);
daoMgr.getXXPolicyItemAccess().create(xPolItemAcc);
}
List<String> users = policyItem.getUsers();
for (int i = 0; i < users.size(); i++) {
String user = users.get(i);
if (StringUtils.isBlank(user)) {
continue;
}
XXUser xUser = daoMgr.getXXUser().findByUserName(user);
if (xUser == null) {
throw new Exception(user + ": user does not exist. policy='" + policy.getName() + "' service='" + policy.getService() + "' user='" + user + "'");
}
XXPolicyItemUserPerm xUserPerm = new XXPolicyItemUserPerm();
xUserPerm = rangerAuditFields.populateAuditFields(xUserPerm, xPolicyItem);
xUserPerm.setUserId(xUser.getId());
xUserPerm.setPolicyItemId(xPolicyItem.getId());
xUserPerm.setOrder(i);
xUserPerm = daoMgr.getXXPolicyItemUserPerm().create(xUserPerm);
}
List<String> groups = policyItem.getGroups();
for (int i = 0; i < groups.size(); i++) {
String group = groups.get(i);
if (StringUtils.isBlank(group)) {
continue;
}
XXGroup xGrp = daoMgr.getXXGroup().findByGroupName(group);
if (xGrp == null) {
throw new Exception(group + ": group does not exist. policy='" + policy.getName() + "' service='" + policy.getService() + "' group='" + group + "'");
}
XXPolicyItemGroupPerm xGrpPerm = new XXPolicyItemGroupPerm();
xGrpPerm = rangerAuditFields.populateAuditFields(xGrpPerm, xPolicyItem);
xGrpPerm.setGroupId(xGrp.getId());
xGrpPerm.setPolicyItemId(xPolicyItem.getId());
xGrpPerm.setOrder(i);
xGrpPerm = daoMgr.getXXPolicyItemGroupPerm().create(xGrpPerm);
}
List<RangerPolicyItemCondition> conditions = policyItem.getConditions();
for (RangerPolicyItemCondition condition : conditions) {
XXPolicyConditionDef xPolCond = daoMgr.getXXPolicyConditionDef().findByServiceDefIdAndName(xServiceDef.getId(), condition.getType());
if (xPolCond == null) {
throw new Exception(condition.getType() + ": is not a valid condition-type. policy='" + xPolicy.getName() + "' service='" + xPolicy.getService() + "'");
}
for (int i = 0; i < condition.getValues().size(); i++) {
String value = condition.getValues().get(i);
XXPolicyItemCondition xPolItemCond = new XXPolicyItemCondition();
xPolItemCond = rangerAuditFields.populateAuditFields(xPolItemCond, xPolicyItem);
xPolItemCond.setPolicyItemId(xPolicyItem.getId());
xPolItemCond.setType(xPolCond.getId());
xPolItemCond.setValue(value);
xPolItemCond.setOrder(i);
daoMgr.getXXPolicyItemCondition().create(xPolItemCond);
}
}
return xPolicyItem;
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXPolicyItemGroupPerm(org.apache.ranger.entity.XXPolicyItemGroupPerm)
XXPolicyItemUserPerm(org.apache.ranger.entity.XXPolicyItemUserPerm)
VXString(org.apache.ranger.view.VXString)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
JSONException(org.codehaus.jettison.json.JSONException)
XXPolicyItemCondition(org.apache.ranger.entity.XXPolicyItemCondition)
XXPolicyItem(org.apache.ranger.entity.XXPolicyItem)
XXPolicyItemAccess(org.apache.ranger.entity.XXPolicyItemAccess)
XXGroup(org.apache.ranger.entity.XXGroup)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
Example 22 with RangerPolicyItemAccess
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess in project ranger by apache.
the class ServiceDBStore method writeBookForPolicyItems.
private void writeBookForPolicyItems(RangerPolicy policy, RangerPolicyItem policyItem, RangerDataMaskPolicyItem dataMaskPolicyItem, RangerRowFilterPolicyItem rowFilterPolicyItem, Row row, String policyConditionType) {
if (LOG.isDebugEnabled()) {
// To avoid PMD violation
LOG.debug("policyConditionType:[" + policyConditionType + "]");
}
List<String> groups = new ArrayList<String>();
List<String> users = new ArrayList<String>();
String groupNames = "";
String policyConditionTypeValue = "";
String userNames = "";
String policyLabelNames = "";
String accessType = "";
String policyStatus = "";
String policyType = "";
Boolean delegateAdmin = false;
String isRecursive = "";
String isExcludes = "";
String serviceName = "";
String description = "";
Boolean isAuditEnabled = true;
isAuditEnabled = policy.getIsAuditEnabled();
String isExcludesValue = "";
Cell cell = row.createCell(0);
cell.setCellValue(policy.getId());
List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
List<RangerPolicyItemCondition> conditionsList = new ArrayList<RangerPolicyItemCondition>();
String conditionKeyValue = "";
List<String> policyLabels = new ArrayList<String>();
String resValue = "";
String resourceKeyVal = "";
String isRecursiveValue = "";
String resKey = "";
StringBuffer sb = new StringBuffer();
StringBuffer sbIsRecursive = new StringBuffer();
StringBuffer sbIsExcludes = new StringBuffer();
Map<String, RangerPolicyResource> resources = policy.getResources();
RangerPolicyItemDataMaskInfo dataMaskInfo = new RangerPolicyItemDataMaskInfo();
RangerPolicyItemRowFilterInfo filterInfo = new RangerPolicyItemRowFilterInfo();
cell = row.createCell(1);
cell.setCellValue(policy.getName());
cell = row.createCell(2);
if (resources != null) {
for (Entry<String, RangerPolicyResource> resource : resources.entrySet()) {
resKey = resource.getKey();
RangerPolicyResource policyResource = resource.getValue();
List<String> resvalueList = policyResource.getValues();
isExcludes = policyResource.getIsExcludes().toString();
isRecursive = policyResource.getIsRecursive().toString();
resValue = resvalueList.toString();
sb = sb.append(resourceKeyVal).append("; ").append(resKey).append("=").append(resValue);
sbIsExcludes = sbIsExcludes.append(resourceKeyVal).append("; ").append(resKey).append("=[").append(isExcludes).append("]");
sbIsRecursive = sbIsRecursive.append(resourceKeyVal).append("; ").append(resKey).append("=[").append(isRecursive).append("]");
}
isExcludesValue = sbIsExcludes.toString();
isExcludesValue = isExcludesValue.substring(1);
isRecursiveValue = sbIsRecursive.toString();
isRecursiveValue = isRecursiveValue.substring(1);
resourceKeyVal = sb.toString();
resourceKeyVal = resourceKeyVal.substring(1);
cell.setCellValue(resourceKeyVal);
if (policyItem != null && dataMaskPolicyItem == null && rowFilterPolicyItem == null) {
groups = policyItem.getGroups();
users = policyItem.getUsers();
accesses = policyItem.getAccesses();
delegateAdmin = policyItem.getDelegateAdmin();
conditionsList = policyItem.getConditions();
} else if (dataMaskPolicyItem != null && policyItem == null && rowFilterPolicyItem == null) {
groups = dataMaskPolicyItem.getGroups();
users = dataMaskPolicyItem.getUsers();
accesses = dataMaskPolicyItem.getAccesses();
delegateAdmin = dataMaskPolicyItem.getDelegateAdmin();
conditionsList = dataMaskPolicyItem.getConditions();
dataMaskInfo = dataMaskPolicyItem.getDataMaskInfo();
String dataMaskType = dataMaskInfo.getDataMaskType();
String conditionExpr = dataMaskInfo.getConditionExpr();
String valueExpr = dataMaskInfo.getValueExpr();
String maskingInfo = "dataMasktype=[" + dataMaskType + "]";
if (conditionExpr != null && !conditionExpr.isEmpty() && valueExpr != null && !valueExpr.isEmpty()) {
maskingInfo = maskingInfo + "; conditionExpr=[" + conditionExpr + "]";
}
cell = row.createCell(17);
cell.setCellValue(maskingInfo);
} else if (rowFilterPolicyItem != null && policyItem == null && dataMaskPolicyItem == null) {
groups = rowFilterPolicyItem.getGroups();
users = rowFilterPolicyItem.getUsers();
accesses = rowFilterPolicyItem.getAccesses();
delegateAdmin = rowFilterPolicyItem.getDelegateAdmin();
conditionsList = rowFilterPolicyItem.getConditions();
filterInfo = rowFilterPolicyItem.getRowFilterInfo();
String filterExpr = filterInfo.getFilterExpr();
cell = row.createCell(18);
cell.setCellValue(filterExpr);
}
if (CollectionUtils.isNotEmpty(accesses)) {
for (RangerPolicyItemAccess access : accesses) {
accessType = accessType + access.getType();
accessType = accessType + " ,";
}
accessType = accessType.substring(0, accessType.lastIndexOf(","));
}
if (CollectionUtils.isNotEmpty(groups)) {
groupNames = groupNames + groups.toString();
StringTokenizer groupToken = new StringTokenizer(groupNames, "[]");
groupNames = groupToken.nextToken().toString();
}
if (CollectionUtils.isNotEmpty(users)) {
userNames = userNames + users.toString();
StringTokenizer userToken = new StringTokenizer(userNames, "[]");
userNames = userToken.nextToken().toString();
}
String conditionValue = "";
for (RangerPolicyItemCondition conditions : conditionsList) {
String conditionType = conditions.getType();
List<String> conditionList = conditions.getValues();
conditionValue = conditionList.toString();
conditionKeyValue = conditionType + "=" + conditionValue;
}
cell = row.createCell(3);
cell.setCellValue(groupNames);
cell = row.createCell(4);
cell.setCellValue(userNames);
cell = row.createCell(5);
cell.setCellValue(accessType.trim());
cell = row.createCell(6);
XXService xxservice = daoMgr.getXXService().findByName(policy.getService());
String ServiceType = "";
if (xxservice != null) {
Long ServiceId = xxservice.getType();
XXServiceDef xxservDef = daoMgr.getXXServiceDef().getById(ServiceId);
if (xxservDef != null) {
ServiceType = xxservDef.getName();
}
}
if (policyConditionType != null) {
policyConditionTypeValue = policyConditionType;
}
if (policyConditionType == null && ServiceType.equalsIgnoreCase("tag")) {
policyConditionTypeValue = POLICY_ALLOW_INCLUDE;
} else if (policyConditionType == null) {
policyConditionTypeValue = "";
}
cell.setCellValue(ServiceType);
cell = row.createCell(7);
}
if (policy.getIsEnabled()) {
policyStatus = "Enabled";
} else {
policyStatus = "Disabled";
}
policyLabels = policy.getPolicyLabels();
if (CollectionUtils.isNotEmpty(policyLabels)) {
policyLabelNames = policyLabelNames + policyLabels.toString();
StringTokenizer policyLabelToken = new StringTokenizer(policyLabelNames, "[]");
policyLabelNames = policyLabelToken.nextToken().toString();
}
cell.setCellValue(policyStatus);
cell = row.createCell(8);
int policyTypeInt = policy.getPolicyType();
switch(policyTypeInt) {
case RangerPolicy.POLICY_TYPE_ACCESS:
policyType = POLICY_TYPE_ACCESS;
break;
case RangerPolicy.POLICY_TYPE_DATAMASK:
policyType = POLICY_TYPE_DATAMASK;
break;
case RangerPolicy.POLICY_TYPE_ROWFILTER:
policyType = POLICY_TYPE_ROWFILTER;
break;
}
cell.setCellValue(policyType);
cell = row.createCell(9);
cell.setCellValue(delegateAdmin.toString().toUpperCase());
cell = row.createCell(10);
cell.setCellValue(isRecursiveValue);
cell = row.createCell(11);
cell.setCellValue(isExcludesValue);
cell = row.createCell(12);
serviceName = policy.getService();
cell.setCellValue(serviceName);
cell = row.createCell(13);
description = policy.getDescription();
cell.setCellValue(description);
cell = row.createCell(14);
cell.setCellValue(isAuditEnabled.toString().toUpperCase());
cell = row.createCell(15);
cell.setCellValue(conditionKeyValue.trim());
cell = row.createCell(16);
cell.setCellValue(policyConditionTypeValue);
cell = row.createCell(19);
cell.setCellValue(policyLabelNames);
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
ArrayList(java.util.ArrayList)
VXString(org.apache.ranger.view.VXString)
StringTokenizer(java.util.StringTokenizer)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerPolicyItemRowFilterInfo(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemRowFilterInfo)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
XXService(org.apache.ranger.entity.XXService)
Cell(org.apache.poi.ss.usermodel.Cell)
RangerPolicyItemDataMaskInfo(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo)
Example 23 with RangerPolicyItemAccess
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess in project ranger by apache.
the class PatchMigration_J10002 method getPolicyItemListForRes.
private List<RangerPolicyItem> getPolicyItemListForRes(XXResource xRes, XXServiceDef svcDef) {
List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
SearchCriteria sc = new SearchCriteria();
sc.addParam("resourceId", xRes.getId());
List<VXPermMap> permMapList = xPermMapService.searchXPermMaps(sc).getVXPermMaps();
HashMap<String, List<VXPermMap>> sortedPermMap = new HashMap<String, List<VXPermMap>>();
// re-group the list with permGroup as the key
if (permMapList != null) {
for (VXPermMap permMap : permMapList) {
String permGrp = permMap.getPermGroup();
List<VXPermMap> sortedList = sortedPermMap.get(permGrp);
if (sortedList == null) {
sortedList = new ArrayList<VXPermMap>();
sortedPermMap.put(permGrp, sortedList);
}
sortedList.add(permMap);
}
}
for (Entry<String, List<VXPermMap>> entry : sortedPermMap.entrySet()) {
List<String> userList = new ArrayList<String>();
List<String> groupList = new ArrayList<String>();
List<RangerPolicyItemAccess> accessList = new ArrayList<RangerPolicyItemAccess>();
String ipAddress = null;
RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
for (VXPermMap permMap : entry.getValue()) {
if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
String userName = getUserName(permMap);
if (!userList.contains(userName)) {
userList.add(userName);
}
} else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
String groupName = getGroupName(permMap);
if (!groupList.contains(groupName)) {
groupList.add(groupName);
}
}
String accessType = ServiceUtil.toAccessType(permMap.getPermType());
if (StringUtils.isBlank(accessType) || unsupportedLegacyPermTypes.contains(accessType)) {
logger.info(accessType + ": is not a valid access-type, ignoring accesstype for policy: " + xRes.getPolicyName());
continue;
}
if (StringUtils.equalsIgnoreCase(accessType, "Admin")) {
policyItem.setDelegateAdmin(Boolean.TRUE);
if (svcDef.getId() == EmbeddedServiceDefsUtil.instance().getHBaseServiceDefId()) {
addAccessType(accessType, accessList);
}
} else {
addAccessType(accessType, accessList);
}
ipAddress = permMap.getIpAddress();
}
if (CollectionUtils.isEmpty(accessList)) {
logger.info("no access specified. ignoring policyItem for policy: " + xRes.getPolicyName());
continue;
}
if (CollectionUtils.isEmpty(userList) && CollectionUtils.isEmpty(groupList)) {
logger.info("no user or group specified. ignoring policyItem for policy: " + xRes.getPolicyName());
continue;
}
policyItem.setUsers(userList);
policyItem.setGroups(groupList);
policyItem.setAccesses(accessList);
if (ipAddress != null && !ipAddress.isEmpty()) {
XXPolicyConditionDef policyCond = daoMgr.getXXPolicyConditionDef().findByServiceDefIdAndName(svcDef.getId(), "ip-range");
if (policyCond != null) {
RangerPolicy.RangerPolicyItemCondition ipCondition = new RangerPolicy.RangerPolicyItemCondition("ip-range", Collections.singletonList(ipAddress));
policyItem.getConditions().add(ipCondition);
}
}
policyItems.add(policyItem);
}
return policyItems;
}
Also used :
VXPermMap(org.apache.ranger.view.VXPermMap)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 24 with RangerPolicyItemAccess
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess in project ranger by apache.
the class ServiceREST method secureGrantAccess.
@POST
@Path("/secure/services/grant/{serviceName}")
@Produces({ "application/json", "application/xml" })
public RESTResponse secureGrantAccess(@PathParam("serviceName") String serviceName, GrantRevokeRequest grantRequest, @Context HttpServletRequest request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.secureGrantAccess(" + serviceName + ", " + grantRequest + ")");
}
RESTResponse ret = new RESTResponse();
RangerPerfTracer perf = null;
boolean isAllowed = false;
boolean isKeyAdmin = bizUtil.isKeyAdmin();
bizUtil.blockAuditorRoleUser();
if (grantRequest != null) {
if (serviceUtil.isValidService(serviceName, request)) {
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.scureGrantAccess(serviceName=" + serviceName + ")");
}
validateGrantRevokeRequest(grantRequest);
String userName = grantRequest.getGrantor();
Set<String> userGroups = CollectionUtils.isNotEmpty(grantRequest.getGrantorGroups()) ? grantRequest.getGrantorGroups() : userMgr.getGroupsForUser(userName);
RangerAccessResource resource = new RangerAccessResourceImpl(StringUtil.toStringObjectMap(grantRequest.getResource()));
boolean isAdmin = hasAdminAccess(serviceName, userName, userGroups, resource);
XXService xService = daoManager.getXXService().findByName(serviceName);
XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType());
RangerService rangerService = svcStore.getServiceByName(serviceName);
if (StringUtils.equals(xServiceDef.getImplclassname(), EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME)) {
if (isKeyAdmin) {
isAllowed = true;
} else {
isAllowed = bizUtil.isUserAllowedForGrantRevoke(rangerService, Allowed_User_List_For_Grant_Revoke, userName);
}
} else {
if (isAdmin) {
isAllowed = true;
} else {
isAllowed = bizUtil.isUserAllowedForGrantRevoke(rangerService, Allowed_User_List_For_Grant_Revoke, userName);
}
}
if (isAllowed) {
RangerPolicy policy = getExactMatchPolicyForResource(serviceName, resource, userName);
if (policy != null) {
boolean policyUpdated = false;
policyUpdated = ServiceRESTUtil.processGrantRequest(policy, grantRequest);
if (policyUpdated) {
svcStore.updatePolicy(policy);
} else {
LOG.error("processSecureGrantRequest processing failed");
throw new Exception("processSecureGrantRequest processing failed");
}
} else {
policy = new RangerPolicy();
policy.setService(serviceName);
// TODO: better policy name
policy.setName("grant-" + System.currentTimeMillis());
policy.setDescription("created by grant");
policy.setIsAuditEnabled(grantRequest.getEnableAudit());
policy.setCreatedBy(userName);
Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
Set<String> resourceNames = resource.getKeys();
if (!CollectionUtils.isEmpty(resourceNames)) {
for (String resourceName : resourceNames) {
RangerPolicyResource policyResource = new RangerPolicyResource((String) resource.getValue(resourceName));
policyResource.setIsRecursive(grantRequest.getIsRecursive());
policyResources.put(resourceName, policyResource);
}
}
policy.setResources(policyResources);
RangerPolicyItem policyItem = new RangerPolicyItem();
policyItem.setDelegateAdmin(grantRequest.getDelegateAdmin());
policyItem.getUsers().addAll(grantRequest.getUsers());
policyItem.getGroups().addAll(grantRequest.getGroups());
for (String accessType : grantRequest.getAccessTypes()) {
policyItem.getAccesses().add(new RangerPolicyItemAccess(accessType, Boolean.TRUE));
}
policy.getPolicyItems().add(policyItem);
svcStore.createPolicy(policy);
}
} else {
LOG.error("secureGrantAccess(" + serviceName + ", " + grantRequest + ") failed as User doesn't have permission to grant Policy");
throw restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to grant access");
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("secureGrantAccess(" + serviceName + ", " + grantRequest + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
ret.setStatusCode(RESTResponse.STATUS_SUCCESS);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.secureGrantAccess(" + serviceName + ", " + grantRequest + "): " + ret);
}
return ret;
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
LinkedHashMap(java.util.LinkedHashMap)
HashMap(java.util.HashMap)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
VXString(org.apache.ranger.view.VXString)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
JsonSyntaxException(com.google.gson.JsonSyntaxException)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerService(org.apache.ranger.plugin.model.RangerService)
XXService(org.apache.ranger.entity.XXService)
RangerAccessResource(org.apache.ranger.plugin.policyengine.RangerAccessResource)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Example 25 with RangerPolicyItemAccess
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess in project ranger by apache.
the class TestRangerPolicy method test_02_PolicyItem_SetListMethods.
@Test
public void test_02_PolicyItem_SetListMethods() {
RangerPolicyItem policyItem = new RangerPolicyItem();
List<RangerPolicyItemAccess> accesses = getList(new RangerPolicyItemAccess());
List<String> users = getList("user");
List<String> groups = getList("group");
List<RangerPolicyItemCondition> conditions = getList(new RangerPolicyItemCondition());
Assert.assertEquals("RangerPolicyItem.getAccesses()", 0, policyItem.getAccesses().size());
policyItem.getAccesses().add(new RangerPolicyItemAccess());
Assert.assertEquals("RangerPolicyItem.getAccesses().add()", 1, policyItem.getAccesses().size());
policyItem.setAccesses(accesses);
Assert.assertEquals("RangerPolicyItem.setAccesses()", accesses.size(), policyItem.getAccesses().size());
Assert.assertEquals("RangerPolicyItem.getUsers()", 0, policyItem.getUsers().size());
policyItem.getUsers().add(new String());
Assert.assertEquals("RangerPolicyItem.getUsers().add()", 1, policyItem.getUsers().size());
policyItem.setUsers(users);
Assert.assertEquals("RangerPolicyItem.setUsers()", users.size(), policyItem.getUsers().size());
Assert.assertEquals("RangerPolicyItem.getGroups()", 0, policyItem.getGroups().size());
policyItem.getGroups().add(new String());
Assert.assertEquals("RangerPolicyItem.getGroups().add()", 1, policyItem.getGroups().size());
policyItem.setGroups(groups);
Assert.assertEquals("RangerPolicyItem.setGroups()", groups.size(), policyItem.getGroups().size());
Assert.assertEquals("RangerPolicyItem.getConditions()", 0, policyItem.getConditions().size());
policyItem.getConditions().add(new RangerPolicyItemCondition());
Assert.assertEquals("RangerPolicyItem.getConditions().add()", 1, policyItem.getConditions().size());
policyItem.setConditions(conditions);
Assert.assertEquals("RangerPolicyItem.setConditions()", conditions.size(), policyItem.getConditions().size());
}
Also used :
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
Test(org.junit.Test)
Aggregations
RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)39
ArrayList (java.util.ArrayList)30
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)28
HashMap (java.util.HashMap)27
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)27
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)25
Test (org.junit.Test)17
RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)13
VXString (org.apache.ranger.view.VXString)12
Date (java.util.Date)9
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)8
ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)8
IOException (java.io.IOException)3
XXService (org.apache.ranger.entity.XXService)3
XXServiceDef (org.apache.ranger.entity.XXServiceDef)3
VXPermMap (org.apache.ranger.view.VXPermMap)3
JsonSyntaxException (com.google.gson.JsonSyntaxException)2
LinkedHashMap (java.util.LinkedHashMap)2
List (java.util.List)2
Map (java.util.Map)2
