Search in sources :

Example 81 with RangerPolicyResource

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project ranger by apache.

the class TestRangerPolicyValidator method testIsValid_failures.

@Test
public final void testIsValid_failures() throws Exception {
    for (Action action : cu) {
        // passing in a null policy should fail with appropriate failure reason
        _policy = null;
        checkFailure_isValid(action, "missing", "policy");
        // policy must have a name on it
        _policy = mock(RangerPolicy.class);
        for (String name : new String[] { null, "  " }) {
            when(_policy.getName()).thenReturn(name);
            when(_policy.getResources()).thenReturn(null);
            checkFailure_isValid(action, "missing", "name");
        }
        // for update id is required!
        if (action == Action.UPDATE) {
            when(_policy.getId()).thenReturn(null);
            checkFailure_isValid(action, "missing", "id");
        }
    }
    RangerService service = mock(RangerService.class);
    /*
		 * Id is ignored for Create but name should not belong to an existing policy.  For update, policy should exist for its id and should match its name.
		 */
    when(_policy.getName()).thenReturn("policy-name");
    when(_policy.getService()).thenReturn("service-name");
    when(_store.getServiceByName("service-name")).thenReturn(service);
    when(service.getId()).thenReturn(2L);
    RangerPolicy existingPolicy = mock(RangerPolicy.class);
    when(existingPolicy.getId()).thenReturn(7L);
    when(existingPolicy.getService()).thenReturn("service-name");
    List<RangerPolicy> existingPolicies = new ArrayList<>();
    when(_store.getPolicyId(service.getId(), "policy-name", _zoneId)).thenReturn(7L);
    checkFailure_isValid(Action.CREATE, "semantic", "policy name");
    // update : does not exist for id
    when(_policy.getId()).thenReturn(7L);
    when(_store.getPolicy(7L)).thenReturn(null);
    checkFailure_isValid(Action.UPDATE, "semantic", "id");
    // Update: name should not point to an existing different policy, i.e. with a different id
    when(_store.getPolicy(7L)).thenReturn(existingPolicy);
    RangerPolicy anotherExistingPolicy = mock(RangerPolicy.class);
    when(anotherExistingPolicy.getId()).thenReturn(8L);
    when(anotherExistingPolicy.getService()).thenReturn("service-name");
    existingPolicies.add(anotherExistingPolicy);
    when(_store.getPolicyId(service.getId(), "policy-name", _zoneId)).thenReturn(8L);
    checkFailure_isValid(Action.UPDATE, "semantic", "id/name");
    // policy must have service name on it and it should be valid
    when(_policy.getName()).thenReturn("policy-name");
    for (Action action : cu) {
        for (boolean isAdmin : new boolean[] { true, false }) {
            when(_policy.getService()).thenReturn(null);
            _failures.clear();
            Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
            _utils.checkFailureForMissingValue(_failures, "service name");
            when(_policy.getService()).thenReturn("");
            _failures.clear();
            Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
            _utils.checkFailureForMissingValue(_failures, "service name");
        }
    }
    // service name should be valid
    when(_store.getServiceByName("service-name")).thenReturn(null);
    when(_store.getServiceByName("another-service-name")).thenThrow(new Exception());
    for (Action action : cu) {
        for (boolean isAdmin : new boolean[] { true, false }) {
            when(_policy.getService()).thenReturn(null);
            _failures.clear();
            Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
            _utils.checkFailureForMissingValue(_failures, "service name");
            when(_policy.getService()).thenReturn(null);
            _failures.clear();
            Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
            _utils.checkFailureForMissingValue(_failures, "service name");
            when(_policy.getService()).thenReturn("service-name");
            _failures.clear();
            Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
            _utils.checkFailureForSemanticError(_failures, "service name");
            when(_policy.getService()).thenReturn("another-service-name");
            _failures.clear();
            Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
            _utils.checkFailureForSemanticError(_failures, "service name");
        }
    }
    // policy must contain at least one policy item
    List<RangerPolicyItem> policyItems = new ArrayList<>();
    for (Action action : cu) {
        for (boolean isAdmin : new boolean[] { true, false }) {
            // when it is null
            when(_policy.getPolicyItems()).thenReturn(null);
            _failures.clear();
            Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
            _utils.checkFailureForMissingValue(_failures, "policy items");
            // or when it is not null but empty.
            when(_policy.getPolicyItems()).thenReturn(policyItems);
            _failures.clear();
            Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
            _utils.checkFailureForMissingValue(_failures, "policy items");
        }
    }
    // these are known good policy items -- same as used above in happypath
    policyItems = _utils.createPolicyItems(policyItemsData);
    when(_policy.getPolicyItems()).thenReturn(policyItems);
    // policy item check requires that service def should exist
    when(service.getType()).thenReturn("service-type");
    when(_store.getServiceDefByName("service-type")).thenReturn(null);
    for (Action action : cu) {
        for (boolean isAdmin : new boolean[] { true, false }) {
            when(_policy.getService()).thenReturn("service-name");
            when(_store.getServiceByName("service-name")).thenReturn(service);
            _failures.clear();
            Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
            _utils.checkFailureForInternalError(_failures, "policy service def");
        }
    }
    // service-def should contain the right access types on it.
    _serviceDef = _utils.createServiceDefWithAccessTypes(accessTypes_bad, "service-type");
    when(_store.getServiceDefByName("service-type")).thenReturn(_serviceDef);
    for (Action action : cu) {
        for (boolean isAdmin : new boolean[] { true, false }) {
            _failures.clear();
            Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
            _utils.checkFailureForSemanticError(_failures, "policy item access type");
        }
    }
    // create the right service def with right resource defs - this is the same as in the happypath test above.
    _serviceDef = _utils.createServiceDefWithAccessTypes(accessTypes, "service-type");
    when(_store.getPolicyId(service.getId(), "policy-name", _zoneId)).thenReturn(null);
    List<RangerResourceDef> resourceDefs = _utils.createResourceDefs(resourceDefData);
    when(_serviceDef.getResources()).thenReturn(resourceDefs);
    when(_store.getServiceDefByName("service-type")).thenReturn(_serviceDef);
    // one mandatory is missing (tbl) and one unknown resource is specified (extra), and values of option resource don't conform to validation pattern (col)
    Map<String, RangerPolicyResource> policyResources = _utils.createPolicyResourceMap(policyResourceMap_bad);
    when(_policy.getResources()).thenReturn(policyResources);
    // ensure thta policy is kosher when it comes to resource signature
    RangerPolicyResourceSignature signature = mock(RangerPolicyResourceSignature.class);
    when(_factory.createPolicyResourceSignature(_policy)).thenReturn(signature);
    when(signature.getSignature()).thenReturn("hash-1");
    // store does not have any policies for that signature hash
    when(_store.getPoliciesByResourceSignature("service-name", "hash-1", true)).thenReturn(null);
    for (Action action : cu) {
        for (boolean isAdmin : new boolean[] { true, false }) {
            _failures.clear();
            Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
            // for spurious resource: "extra"
            _utils.checkFailureForSemanticError(_failures, "resource-values", "col");
            // for specifying it as true when def did not allow it
            _utils.checkFailureForSemanticError(_failures, "isRecursive", "db");
            // for specifying it as true when def did not allow it
            _utils.checkFailureForSemanticError(_failures, "isExcludes", "col");
        }
    }
    // Check if error around resource signature clash are reported.  have Store return policies for same signature
    when(_store.getPoliciesByResourceSignature("service-name", "hash-1", true)).thenReturn(existingPolicies);
    for (Action action : cu) {
        for (boolean isAdmin : new boolean[] { true, false }) {
            _failures.clear();
            Assert.assertFalse(_validator.isValid(_policy, action, isAdmin, _failures));
            _utils.checkFailureForSemanticError(_failures, "policy resources");
        }
    }
}
Also used : Action(org.apache.ranger.plugin.model.validation.RangerValidator.Action) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) ArrayList(java.util.ArrayList) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerPolicyResourceSignature(org.apache.ranger.plugin.model.RangerPolicyResourceSignature) RangerService(org.apache.ranger.plugin.model.RangerService) RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef) Test(org.junit.Test)

Example 82 with RangerPolicyResource

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project ranger by apache.

the class TestRangerPolicyResourceSignature method test_RangerPolicyResourceView_toString.

@Test
public void test_RangerPolicyResourceView_toString() {
    // null resource
    RangerPolicyResource resource = null;
    ResourceSerializer serializer = new ResourceSerializer(resource);
    Assert.assertEquals("{}", serializer.toString());
    // non-null policy resource with null values/recursive flag
    resource = createPolicyResource(null, null, null);
    serializer = new ResourceSerializer(resource);
    Assert.assertEquals("{values=,excludes=false,recursive=false}", serializer.toString());
    // valid values in non-asending order
    resource = createPolicyResource(new String[] { "b", "a", "d", "c" }, true, false);
    serializer = new ResourceSerializer(resource);
    Assert.assertEquals("{values=[a, b, c, d],excludes=false,recursive=true}", serializer.toString());
    // recursive flag is false and different variation of values to show lexicographic ordering
    resource = createPolicyResource(new String[] { "9", "A", "e", "_" }, false, true);
    serializer = new ResourceSerializer(resource);
    Assert.assertEquals("{values=[9, A, _, e],excludes=true,recursive=false}", serializer.toString());
}
Also used : RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) ResourceSerializer(org.apache.ranger.plugin.model.RangerPolicyResourceSignature.ResourceSerializer) Test(org.junit.Test)

Example 83 with RangerPolicyResource

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project ranger by apache.

the class ServiceDBStore method writeBookForPolicyItems.

private void writeBookForPolicyItems(RangerPolicy policy, RangerPolicyItem policyItem, RangerDataMaskPolicyItem dataMaskPolicyItem, RangerRowFilterPolicyItem rowFilterPolicyItem, Row row, String policyConditionType) {
    if (LOG.isDebugEnabled()) {
        // To avoid PMD violation
        LOG.debug("policyConditionType:[" + policyConditionType + "]");
    }
    List<String> groups = new ArrayList<String>();
    List<String> users = new ArrayList<String>();
    List<String> roles = new ArrayList<String>();
    String roleNames = "";
    String groupNames = "";
    String policyConditionTypeValue = "";
    String userNames = "";
    String policyLabelNames = "";
    String accessType = "";
    String policyStatus = "";
    String policyType = "";
    Boolean delegateAdmin = false;
    String isRecursive = "";
    String isExcludes = "";
    String serviceName = "";
    String description = "";
    Boolean isAuditEnabled = true;
    isAuditEnabled = policy.getIsAuditEnabled();
    String isExcludesValue = "";
    Cell cell = row.createCell(0);
    cell.setCellValue(policy.getId());
    List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
    List<RangerPolicyItemCondition> conditionsList = new ArrayList<RangerPolicyItemCondition>();
    String conditionKeyValue = "";
    List<String> policyLabels = new ArrayList<String>();
    String resValue = "";
    String resourceKeyVal = "";
    String isRecursiveValue = "";
    String resKey = "";
    StringBuffer sb = new StringBuffer();
    StringBuffer sbIsRecursive = new StringBuffer();
    StringBuffer sbIsExcludes = new StringBuffer();
    Map<String, RangerPolicyResource> resources = policy.getResources();
    RangerPolicy.RangerPolicyItemDataMaskInfo dataMaskInfo = new RangerPolicy.RangerPolicyItemDataMaskInfo();
    RangerPolicy.RangerPolicyItemRowFilterInfo filterInfo = new RangerPolicy.RangerPolicyItemRowFilterInfo();
    cell = row.createCell(1);
    cell.setCellValue(policy.getName());
    cell = row.createCell(2);
    if (resources != null) {
        for (Entry<String, RangerPolicyResource> resource : resources.entrySet()) {
            resKey = resource.getKey();
            RangerPolicyResource policyResource = resource.getValue();
            List<String> resvalueList = policyResource.getValues();
            isExcludes = policyResource.getIsExcludes().toString();
            isRecursive = policyResource.getIsRecursive().toString();
            resValue = resvalueList.toString();
            sb = sb.append(resourceKeyVal).append("; ").append(resKey).append("=").append(resValue);
            sbIsExcludes = sbIsExcludes.append(resourceKeyVal).append("; ").append(resKey).append("=[").append(isExcludes).append("]");
            sbIsRecursive = sbIsRecursive.append(resourceKeyVal).append("; ").append(resKey).append("=[").append(isRecursive).append("]");
        }
        isExcludesValue = sbIsExcludes.toString();
        isExcludesValue = isExcludesValue.substring(1);
        isRecursiveValue = sbIsRecursive.toString();
        isRecursiveValue = isRecursiveValue.substring(1);
        resourceKeyVal = sb.toString();
        resourceKeyVal = resourceKeyVal.substring(1);
        cell.setCellValue(resourceKeyVal);
        if (policyItem != null && dataMaskPolicyItem == null && rowFilterPolicyItem == null) {
            roles = policyItem.getRoles();
            groups = policyItem.getGroups();
            users = policyItem.getUsers();
            accesses = policyItem.getAccesses();
            delegateAdmin = policyItem.getDelegateAdmin();
            conditionsList = policyItem.getConditions();
        } else if (dataMaskPolicyItem != null && policyItem == null && rowFilterPolicyItem == null) {
            roles = dataMaskPolicyItem.getRoles();
            groups = dataMaskPolicyItem.getGroups();
            users = dataMaskPolicyItem.getUsers();
            accesses = dataMaskPolicyItem.getAccesses();
            delegateAdmin = dataMaskPolicyItem.getDelegateAdmin();
            conditionsList = dataMaskPolicyItem.getConditions();
            dataMaskInfo = dataMaskPolicyItem.getDataMaskInfo();
            String dataMaskType = dataMaskInfo.getDataMaskType();
            String conditionExpr = dataMaskInfo.getConditionExpr();
            String valueExpr = dataMaskInfo.getValueExpr();
            String maskingInfo = "dataMasktype=[" + dataMaskType + "]";
            if (conditionExpr != null && !conditionExpr.isEmpty() && valueExpr != null && !valueExpr.isEmpty()) {
                maskingInfo = maskingInfo + "; conditionExpr=[" + conditionExpr + "]";
            }
            cell = row.createCell(18);
            cell.setCellValue(maskingInfo);
        } else if (rowFilterPolicyItem != null && policyItem == null && dataMaskPolicyItem == null) {
            roles = rowFilterPolicyItem.getRoles();
            groups = rowFilterPolicyItem.getGroups();
            users = rowFilterPolicyItem.getUsers();
            accesses = rowFilterPolicyItem.getAccesses();
            delegateAdmin = rowFilterPolicyItem.getDelegateAdmin();
            conditionsList = rowFilterPolicyItem.getConditions();
            filterInfo = rowFilterPolicyItem.getRowFilterInfo();
            String filterExpr = filterInfo.getFilterExpr();
            cell = row.createCell(19);
            cell.setCellValue(filterExpr);
        }
        if (CollectionUtils.isNotEmpty(accesses)) {
            for (RangerPolicyItemAccess access : accesses) {
                accessType = accessType + access.getType();
                accessType = accessType + " ,";
            }
            accessType = accessType.substring(0, accessType.lastIndexOf(","));
        }
        if (CollectionUtils.isNotEmpty(roles)) {
            roleNames = roleNames + roles.toString();
            StringTokenizer roleToken = new StringTokenizer(roleNames, "[]");
            while (roleToken.hasMoreTokens()) {
                roleNames = roleToken.nextToken().toString();
            }
        }
        if (CollectionUtils.isNotEmpty(groups)) {
            groupNames = groupNames + groups.toString();
            StringTokenizer groupToken = new StringTokenizer(groupNames, "[]");
            while (groupToken.hasMoreTokens()) {
                groupNames = groupToken.nextToken().toString();
            }
        }
        if (CollectionUtils.isNotEmpty(users)) {
            userNames = userNames + users.toString();
            StringTokenizer userToken = new StringTokenizer(userNames, "[]");
            while (userToken.hasMoreTokens()) {
                userNames = userToken.nextToken().toString();
            }
        }
        String conditionValue = "";
        for (RangerPolicyItemCondition conditions : conditionsList) {
            String conditionType = conditions.getType();
            List<String> conditionList = conditions.getValues();
            conditionValue = conditionList.toString();
            conditionKeyValue = conditionType + "=" + conditionValue;
        }
        cell = row.createCell(3);
        cell.setCellValue(roleNames);
        cell = row.createCell(4);
        cell.setCellValue(groupNames);
        cell = row.createCell(5);
        cell.setCellValue(userNames);
        cell = row.createCell(6);
        cell.setCellValue(accessType.trim());
        cell = row.createCell(7);
        XXService xxservice = daoMgr.getXXService().findByName(policy.getService());
        String ServiceType = "";
        if (xxservice != null) {
            Long ServiceId = xxservice.getType();
            XXServiceDef xxservDef = daoMgr.getXXServiceDef().getById(ServiceId);
            if (xxservDef != null) {
                ServiceType = xxservDef.getName();
            }
        }
        if (policyConditionType != null) {
            policyConditionTypeValue = policyConditionType;
        }
        if (policyConditionType == null && ServiceType.equalsIgnoreCase("tag")) {
            policyConditionTypeValue = POLICY_ALLOW_INCLUDE;
        } else if (policyConditionType == null) {
            policyConditionTypeValue = "";
        }
        cell.setCellValue(ServiceType);
        cell = row.createCell(8);
    }
    if (policy.getIsEnabled()) {
        policyStatus = "Enabled";
    } else {
        policyStatus = "Disabled";
    }
    policyLabels = policy.getPolicyLabels();
    if (CollectionUtils.isNotEmpty(policyLabels)) {
        policyLabelNames = policyLabelNames + policyLabels.toString();
        StringTokenizer policyLabelToken = new StringTokenizer(policyLabelNames, "[]");
        while (policyLabelToken.hasMoreTokens()) {
            policyLabelNames = policyLabelToken.nextToken().toString();
        }
    }
    cell.setCellValue(policyStatus);
    cell = row.createCell(9);
    int policyTypeInt = policy.getPolicyType();
    switch(policyTypeInt) {
        case RangerPolicy.POLICY_TYPE_ACCESS:
            policyType = POLICY_TYPE_ACCESS;
            break;
        case RangerPolicy.POLICY_TYPE_DATAMASK:
            policyType = POLICY_TYPE_DATAMASK;
            break;
        case RangerPolicy.POLICY_TYPE_ROWFILTER:
            policyType = POLICY_TYPE_ROWFILTER;
            break;
    }
    cell.setCellValue(policyType);
    cell = row.createCell(10);
    cell.setCellValue(delegateAdmin.toString().toUpperCase());
    cell = row.createCell(11);
    cell.setCellValue(isRecursiveValue);
    cell = row.createCell(12);
    cell.setCellValue(isExcludesValue);
    cell = row.createCell(13);
    serviceName = policy.getService();
    cell.setCellValue(serviceName);
    cell = row.createCell(14);
    description = policy.getDescription();
    cell.setCellValue(description);
    cell = row.createCell(15);
    cell.setCellValue(isAuditEnabled.toString().toUpperCase());
    cell = row.createCell(16);
    cell.setCellValue(conditionKeyValue.trim());
    cell = row.createCell(17);
    cell.setCellValue(policyConditionTypeValue);
    cell = row.createCell(20);
    cell.setCellValue(policyLabelNames);
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) ArrayList(java.util.ArrayList) VXString(org.apache.ranger.view.VXString) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) StringTokenizer(java.util.StringTokenizer) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition) XXService(org.apache.ranger.entity.XXService) Cell(org.apache.poi.ss.usermodel.Cell)

Example 84 with RangerPolicyResource

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project ranger by apache.

the class RangerPolicyAdminImpl method isDelegatedAdminAccessAllowedForPolicy.

private boolean isDelegatedAdminAccessAllowedForPolicy(RangerPolicyRepository matchedRepository, RangerPolicy policy, String user, Set<String> userGroups, Set<String> roles, Set<String> accessTypes, boolean isRead, Map<String, Object> evalContext) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerPolicyAdminImpl.isDelegatedAdminAccessAllowedForPolicy(" + policy.getId() + ", " + user + ", " + userGroups + ", " + roles + ", accessTypes" + accessTypes + ", " + isRead + ", " + evalContext + ")");
    }
    boolean ret = false;
    if (CollectionUtils.isEmpty(accessTypes)) {
        LOG.error("Could not get access-types for policy-id:[" + policy.getId() + "]");
    } else {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Checking delegate-admin access for the access-types:[" + accessTypes + "]");
        }
        // RANGER-3082
        // Convert policy resources to by substituting macros with ASTERISK
        Map<String, RangerPolicyResource> modifiedPolicyResources = getPolicyResourcesWithMacrosReplaced(policy.getResources(), wildcardEvalContext);
        for (RangerPolicyEvaluator evaluator : matchedRepository.getPolicyEvaluators()) {
            Set<String> allowedAccesses = evaluator.getAllowedAccesses(modifiedPolicyResources, user, userGroups, roles, accessTypes, evalContext);
            if (allowedAccesses == null) {
                continue;
            }
            boolean isAllowedAccessesModified = accessTypes.removeAll(allowedAccesses);
            if (isRead && isAllowedAccessesModified) {
                ret = true;
                break;
            }
            if (CollectionUtils.isEmpty(accessTypes)) {
                ret = true;
                break;
            }
        }
        if (!ret && CollectionUtils.isNotEmpty(accessTypes)) {
            LOG.info("Accesses : " + accessTypes + " are not authorized for the policy:[" + policy.getId() + "] by any of delegated-admin policies");
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerPolicyAdminImpl.isDelegatedAdminAccessAllowedForPolicy(" + policy.getId() + ", " + user + ", " + userGroups + ", " + roles + ", accessTypes" + accessTypes + ", " + isRead + ", " + evalContext + "): " + ret);
    }
    return ret;
}
Also used : RangerPolicyEvaluator(org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)

Example 85 with RangerPolicyResource

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project ranger by apache.

the class TestRangerPolicyService method rangerPolicy.

private RangerPolicy rangerPolicy() {
    List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
    List<String> users = new ArrayList<String>();
    List<String> groups = new ArrayList<String>();
    List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>();
    List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
    RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
    rangerPolicyItem.setAccesses(accesses);
    rangerPolicyItem.setConditions(conditions);
    rangerPolicyItem.setGroups(groups);
    rangerPolicyItem.setUsers(users);
    rangerPolicyItem.setDelegateAdmin(false);
    policyItems.add(rangerPolicyItem);
    Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>();
    RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
    rangerPolicyResource.setIsExcludes(true);
    rangerPolicyResource.setIsRecursive(true);
    rangerPolicyResource.setValue("1");
    rangerPolicyResource.setValues(users);
    RangerPolicy policy = new RangerPolicy();
    policy.setId(Id);
    policy.setCreateTime(new Date());
    policy.setDescription("policy");
    policy.setGuid("policyguid");
    policy.setIsEnabled(true);
    policy.setName("HDFS_1-1-20150316062453");
    policy.setUpdatedBy("Admin");
    policy.setUpdateTime(new Date());
    policy.setService("HDFS_1-1-20150316062453");
    policy.setIsAuditEnabled(true);
    policy.setPolicyItems(policyItems);
    policy.setResources(policyResource);
    policy.setPolicyType(0);
    return policy;
}
Also used : HashMap(java.util.HashMap) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) ArrayList(java.util.ArrayList) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) Date(java.util.Date) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)

Aggregations

RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)101 HashMap (java.util.HashMap)65 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)64 ArrayList (java.util.ArrayList)50 Test (org.junit.Test)43 RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)35 RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)32 Date (java.util.Date)26 RangerService (org.apache.ranger.plugin.model.RangerService)23 VXString (org.apache.ranger.view.VXString)18 RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)17 VXAuditMap (org.apache.ranger.view.VXAuditMap)15 VXResource (org.apache.ranger.view.VXResource)15 RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)12 LinkedHashMap (java.util.LinkedHashMap)10 XXServiceDef (org.apache.ranger.entity.XXServiceDef)8 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)8 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)8 ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)8 RangerServiceResource (org.apache.ranger.plugin.model.RangerServiceResource)7