Examples with RangerPolicyItemCondition org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition used on opensource projects

Example 1 with RangerPolicyItemCondition

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition in project ranger by apache.

the class ServiceDBStore method writeCSVForPolicyItems.

private void writeCSVForPolicyItems(RangerPolicy policy, RangerPolicyItem policyItem, RangerDataMaskPolicyItem dataMaskPolicyItem, RangerRowFilterPolicyItem rowFilterPolicyItem, StringBuilder csvBuffer, String policyConditionType) {
    if (LOG.isDebugEnabled()) {
        // To avoid PMD violation
        LOG.debug("policyConditionType:[" + policyConditionType + "]");
    }
    final String COMMA_DELIMITER = "|";
    final String LINE_SEPARATOR = "\n";
    List<String> groups = new ArrayList<String>();
    List<String> users = new ArrayList<String>();
    String groupNames = "";
    String userNames = "";
    String policyLabelName = "";
    String accessType = "";
    String policyStatus = "";
    String policyType = "";
    Boolean delegateAdmin = false;
    String isRecursive = "";
    String isExcludes = "";
    String serviceName = "";
    String description = "";
    Boolean isAuditEnabled = true;
    String isExcludesValue = "";
    String maskingInfo = "";
    List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
    List<RangerPolicyItemCondition> conditionsList = new ArrayList<RangerPolicyItemCondition>();
    String conditionKeyValue = "";
    String resValue = "";
    String resourceKeyVal = "";
    String isRecursiveValue = "";
    String resKey = "";
    String ServiceType = "";
    String filterExpr = "";
    String policyName = "";
    List<String> policyLabels = new ArrayList<String>();
    String policyConditionTypeValue = "";
    serviceName = policy.getService();
    description = policy.getDescription();
    isAuditEnabled = policy.getIsAuditEnabled();
    policyLabels = policy.getPolicyLabels();
    StringBuffer sb = new StringBuffer();
    StringBuffer sbIsRecursive = new StringBuffer();
    StringBuffer sbIsExcludes = new StringBuffer();
    Map<String, RangerPolicyResource> resources = policy.getResources();
    RangerPolicyItemDataMaskInfo dataMaskInfo = new RangerPolicyItemDataMaskInfo();
    RangerPolicyItemRowFilterInfo filterInfo = new RangerPolicyItemRowFilterInfo();
    policyName = policy.getName();
    policyName = policyName.replace("|", "");
    if (resources != null) {
        for (Entry<String, RangerPolicyResource> resource : resources.entrySet()) {
            resKey = resource.getKey();
            RangerPolicyResource policyResource = resource.getValue();
            List<String> resvalueList = policyResource.getValues();
            isExcludes = policyResource.getIsExcludes().toString();
            isRecursive = policyResource.getIsRecursive().toString();
            resValue = resvalueList.toString();
            sb = sb.append(resourceKeyVal).append(" ").append(resKey).append("=").append(resValue);
            sbIsExcludes = sbIsExcludes.append(resourceKeyVal).append(" ").append(resKey).append("=[").append(isExcludes).append("]");
            sbIsRecursive = sbIsRecursive.append(resourceKeyVal).append(" ").append(resKey).append("=[").append(isRecursive).append("]");
        }
        isExcludesValue = sbIsExcludes.toString();
        isExcludesValue = isExcludesValue.substring(1);
        isRecursiveValue = sbIsRecursive.toString();
        isRecursiveValue = isRecursiveValue.substring(1);
        resourceKeyVal = sb.toString();
        resourceKeyVal = resourceKeyVal.substring(1);
        if (policyItem != null && dataMaskPolicyItem == null && rowFilterPolicyItem == null) {
            groups = policyItem.getGroups();
            users = policyItem.getUsers();
            accesses = policyItem.getAccesses();
            delegateAdmin = policyItem.getDelegateAdmin();
            conditionsList = policyItem.getConditions();
        } else if (dataMaskPolicyItem != null && policyItem == null && rowFilterPolicyItem == null) {
            groups = dataMaskPolicyItem.getGroups();
            users = dataMaskPolicyItem.getUsers();
            accesses = dataMaskPolicyItem.getAccesses();
            delegateAdmin = dataMaskPolicyItem.getDelegateAdmin();
            conditionsList = dataMaskPolicyItem.getConditions();
            dataMaskInfo = dataMaskPolicyItem.getDataMaskInfo();
            String dataMaskType = dataMaskInfo.getDataMaskType();
            String conditionExpr = dataMaskInfo.getConditionExpr();
            String valueExpr = dataMaskInfo.getValueExpr();
            maskingInfo = "dataMasktype=[" + dataMaskType + "]";
            if (conditionExpr != null && !conditionExpr.isEmpty() && valueExpr != null && !valueExpr.isEmpty()) {
                maskingInfo = maskingInfo + "; conditionExpr=[" + conditionExpr + "]";
            }
        } else if (rowFilterPolicyItem != null && policyItem == null && dataMaskPolicyItem == null) {
            groups = rowFilterPolicyItem.getGroups();
            users = rowFilterPolicyItem.getUsers();
            accesses = rowFilterPolicyItem.getAccesses();
            delegateAdmin = rowFilterPolicyItem.getDelegateAdmin();
            conditionsList = rowFilterPolicyItem.getConditions();
            filterInfo = rowFilterPolicyItem.getRowFilterInfo();
            filterExpr = filterInfo.getFilterExpr();
        }
        if (CollectionUtils.isNotEmpty(accesses)) {
            for (RangerPolicyItemAccess access : accesses) {
                accessType = accessType + access.getType().replace("#", "").replace("|", "") + "#";
            }
            accessType = accessType.substring(0, accessType.lastIndexOf("#"));
        }
        if (CollectionUtils.isNotEmpty(groups)) {
            for (String group : groups) {
                group = group.replace("|", "");
                group = group.replace("#", "");
                groupNames = groupNames + group + "#";
            }
            groupNames = groupNames.substring(0, groupNames.lastIndexOf("#"));
        }
        if (CollectionUtils.isNotEmpty(users)) {
            for (String user : users) {
                user = user.replace("|", "");
                user = user.replace("#", "");
                userNames = userNames + user + "#";
            }
            userNames = userNames.substring(0, userNames.lastIndexOf("#"));
        }
        String conditionValue = "";
        for (RangerPolicyItemCondition conditions : conditionsList) {
            String conditionType = conditions.getType();
            List<String> conditionList = conditions.getValues();
            conditionValue = conditionList.toString();
            conditionKeyValue = conditionType + "=" + conditionValue;
        }
        XXService xxservice = daoMgr.getXXService().findByName(policy.getService());
        if (xxservice != null) {
            Long ServiceId = xxservice.getType();
            XXServiceDef xxservDef = daoMgr.getXXServiceDef().getById(ServiceId);
            if (xxservDef != null) {
                ServiceType = xxservDef.getName();
            }
        }
    }
    if (policyConditionType != null) {
        policyConditionTypeValue = policyConditionType;
    }
    if (policyConditionType == null && ServiceType.equalsIgnoreCase("tag")) {
        policyConditionTypeValue = POLICY_ALLOW_INCLUDE;
    } else if (policyConditionType == null) {
        policyConditionTypeValue = "";
    }
    if (policy.getIsEnabled()) {
        policyStatus = "Enabled";
    } else {
        policyStatus = "Disabled";
    }
    int policyTypeInt = policy.getPolicyType();
    switch(policyTypeInt) {
        case RangerPolicy.POLICY_TYPE_ACCESS:
            policyType = POLICY_TYPE_ACCESS;
            break;
        case RangerPolicy.POLICY_TYPE_DATAMASK:
            policyType = POLICY_TYPE_DATAMASK;
            break;
        case RangerPolicy.POLICY_TYPE_ROWFILTER:
            policyType = POLICY_TYPE_ROWFILTER;
            break;
    }
    if (CollectionUtils.isNotEmpty(policyLabels)) {
        for (String policyLabel : policyLabels) {
            policyLabel = policyLabel.replace("|", "");
            policyLabel = policyLabel.replace("#", "");
            policyLabelName = policyLabelName + policyLabel + "#";
        }
        policyLabelName = policyLabelName.substring(0, policyLabelName.lastIndexOf("#"));
    }
    csvBuffer.append(policy.getId());
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(policyName);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(resourceKeyVal);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(groupNames);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(userNames);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(accessType.trim());
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(ServiceType);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(policyStatus);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(policyType);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(delegateAdmin.toString().toUpperCase());
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(isRecursiveValue);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(isExcludesValue);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(serviceName);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(description);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(isAuditEnabled.toString().toUpperCase());
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(conditionKeyValue.trim());
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(policyConditionTypeValue);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(maskingInfo);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(filterExpr);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(policyLabelName);
    csvBuffer.append(COMMA_DELIMITER);
    csvBuffer.append(LINE_SEPARATOR);
}

Example 2 with RangerPolicyItemCondition

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition in project ranger by apache.

the class TestAssetREST method rangerPolicy.

private RangerPolicy rangerPolicy(Long id) {
    List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
    List<String> users = new ArrayList<String>();
    List<String> groups = new ArrayList<String>();
    List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>();
    List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
    RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
    rangerPolicyItem.setAccesses(accesses);
    rangerPolicyItem.setConditions(conditions);
    rangerPolicyItem.setGroups(groups);
    rangerPolicyItem.setUsers(users);
    rangerPolicyItem.setDelegateAdmin(false);
    policyItems.add(rangerPolicyItem);
    Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>();
    RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
    rangerPolicyResource.setIsExcludes(true);
    rangerPolicyResource.setIsRecursive(true);
    rangerPolicyResource.setValue("1");
    rangerPolicyResource.setValues(users);
    policyResource.put("resource", rangerPolicyResource);
    RangerPolicy policy = new RangerPolicy();
    policy.setId(id);
    policy.setCreateTime(new Date());
    policy.setDescription("policy");
    policy.setGuid("policyguid");
    policy.setIsEnabled(true);
    policy.setName("HDFS_1-1-20150316062453");
    policy.setUpdatedBy("Admin");
    policy.setUpdateTime(new Date());
    policy.setService("HDFS_1-1-20150316062453");
    policy.setIsAuditEnabled(true);
    policy.setPolicyItems(policyItems);
    policy.setResources(policyResource);
    policy.setService("HDFS_1");
    return policy;
}

Example 3 with RangerPolicyItemCondition

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition in project ranger by apache.

the class TestPublicAPIs method rangerPolicy.

private RangerPolicy rangerPolicy() {
    List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
    List<String> users = new ArrayList<String>();
    List<String> groups = new ArrayList<String>();
    List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>();
    List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
    RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
    rangerPolicyItem.setAccesses(accesses);
    rangerPolicyItem.setConditions(conditions);
    rangerPolicyItem.setGroups(groups);
    rangerPolicyItem.setUsers(users);
    rangerPolicyItem.setDelegateAdmin(false);
    policyItems.add(rangerPolicyItem);
    Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>();
    RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
    rangerPolicyResource.setIsExcludes(true);
    rangerPolicyResource.setIsRecursive(true);
    rangerPolicyResource.setValue("1");
    rangerPolicyResource.setValues(users);
    policyResource.put("resource", rangerPolicyResource);
    RangerPolicy policy = new RangerPolicy();
    policy.setId(Id);
    policy.setCreateTime(new Date());
    policy.setDescription("policy");
    policy.setGuid("policyguid");
    policy.setIsEnabled(true);
    policy.setName("HDFS_1-1-20150316062453");
    policy.setUpdatedBy("Admin");
    policy.setUpdateTime(new Date());
    policy.setService("HDFS_1-1-20150316062453");
    policy.setIsAuditEnabled(true);
    policy.setPolicyItems(policyItems);
    policy.setResources(policyResource);
    policy.setService("HDFS_1");
    return policy;
}

Example 4 with RangerPolicyItemCondition

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition in project ranger by apache.

the class RangerDefaultPolicyEvaluatorTest method createPolicyItemForConditions.

RangerPolicyItem createPolicyItemForConditions(String[] conditions) {
    List<RangerPolicyItemCondition> itemConditions = new ArrayList<RangerPolicy.RangerPolicyItemCondition>(conditions.length);
    for (String conditionName : conditions) {
        RangerPolicyItemCondition condition = mock(RangerPolicyItemCondition.class);
        when(condition.getType()).thenReturn(conditionName);
        itemConditions.add(condition);
    }
    RangerPolicyItem policyItem = mock(RangerPolicyItem.class);
    when(policyItem.getConditions()).thenReturn(itemConditions);
    return policyItem;
}

Example 5 with RangerPolicyItemCondition

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition in project ranger by apache.

the class RangerTimeOfDayMatcherTest method test_end2end_happyPath.

@Test
public void test_end2end_happyPath() {
    RangerPolicyItemCondition itemCondition = mock(RangerPolicyItemCondition.class);
    when(itemCondition.getValues()).thenReturn(Arrays.asList("2:45a.m. -7:00 AM", "  9:15AM- 5:30P.M. ", "11pm-2am"));
    RangerTimeOfDayMatcher matcher = new RangerTimeOfDayMatcher();
    matcher.setConditionDef(null);
    matcher.setPolicyItemCondition(itemCondition);
    matcher.init();
    Object[][] input = new Object[][] { { 1, 0, true }, { 2, 0, true }, { 2, 1, false }, { 2, 44, false }, { 2, 45, true }, { 3, 0, true }, { 7, 0, true }, { 7, 01, false }, { 8, 0, false }, { 9, 15, true }, { 10, 0, true }, { 17, 0, true }, { 17, 30, true }, { 17, 31, false }, { 18, 0, false }, { 22, 59, false }, { 23, 0, true } };
    RangerAccessRequest request = mock(RangerAccessRequest.class);
    for (Object[] data : input) {
        int hour = (int) data[0];
        int minute = (int) data[1];
        Calendar c = new GregorianCalendar(2015, Calendar.APRIL, 1, hour, minute);
        Date aDate = c.getTime();
        when(request.getAccessTime()).thenReturn(aDate);
        boolean matchExpected = (boolean) data[2];
        if (matchExpected) {
            Assert.assertTrue("" + hour, matcher.isMatched(request));
        } else {
            Assert.assertFalse("" + hour, matcher.isMatched(request));
        }
    }
}