Search in sources :

Example 31 with RangerPolicyResource

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project nifi by apache.

the class TestRangerBasePluginWithPolicies method testExcludesPolicy.

@Test
public void testExcludesPolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
    resource1.setIsExcludes(true);
    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);
    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);
    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");
    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);
    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);
    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) HashMap(java.util.HashMap) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) ArrayList(java.util.ArrayList) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) Test(org.junit.Test)

Example 32 with RangerPolicyResource

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project nifi by apache.

the class TestRangerBasePluginWithPolicies method testWildcardResourceValue.

@Test
public void testWildcardResourceValue() {
    final String resourceIdentifier1 = "*";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);
    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);
    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");
    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);
    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);
    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) HashMap(java.util.HashMap) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) ArrayList(java.util.ArrayList) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) Test(org.junit.Test)

Example 33 with RangerPolicyResource

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project nifi by apache.

the class TestRangerBasePluginWithPolicies method testDelegateAdmin.

@Test
public void testDelegateAdmin() {
    final String user1 = "user-1";
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);
    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ"), new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
    policy1Item.setDelegateAdmin(true);
    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);
    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");
    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);
    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);
    assertEquals(4, pluginWithPolicies.getAccessPolicies().size());
    assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
    assertNotNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
    assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.READ));
    assertNotNull(pluginWithPolicies.getAccessPolicy("/policies" + resourceIdentifier1, RequestAction.WRITE));
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) HashMap(java.util.HashMap) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) ArrayList(java.util.ArrayList) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) Test(org.junit.Test)

Example 34 with RangerPolicyResource

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project nifi by apache.

the class TestRangerBasePluginWithPolicies method testMissingResourceValue.

@Test
public void testMissingResourceValue() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource();
    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);
    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);
    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");
    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);
    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);
    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) HashMap(java.util.HashMap) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) ArrayList(java.util.ArrayList) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) Test(org.junit.Test)

Example 35 with RangerPolicyResource

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project nifi by apache.

the class TestRangerBasePluginWithPolicies method testDisabledPolicy.

@Test
public void testDisabledPolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);
    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setIsEnabled(false);
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);
    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");
    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);
    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);
    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) HashMap(java.util.HashMap) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) ArrayList(java.util.ArrayList) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) Test(org.junit.Test)

Aggregations

RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)62 HashMap (java.util.HashMap)38 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)36 RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)28 ArrayList (java.util.ArrayList)27 RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)25 Test (org.junit.Test)23 VXString (org.apache.ranger.view.VXString)17 Date (java.util.Date)12 RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)11 RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)11 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)8 ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)8 XXServiceDef (org.apache.ranger.entity.XXServiceDef)7 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)7 IOException (java.io.IOException)6 XXService (org.apache.ranger.entity.XXService)5 RangerService (org.apache.ranger.plugin.model.RangerService)5 RangerServiceResource (org.apache.ranger.plugin.model.RangerServiceResource)5 Map (java.util.Map)4