Examples with RangerPolicyConditionDef org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef used on opensource projects

Search in sources :

Example 6 with RangerPolicyConditionDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef in project ranger by apache.

the class TestServiceREST method rangerServiceDef.

private RangerServiceDef rangerServiceDef() {
    List<RangerServiceConfigDef> configs = new ArrayList<RangerServiceConfigDef>();
    List<RangerResourceDef> resources = new ArrayList<RangerResourceDef>();
    List<RangerAccessTypeDef> accessTypes = new ArrayList<RangerAccessTypeDef>();
    List<RangerPolicyConditionDef> policyConditions = new ArrayList<RangerPolicyConditionDef>();
    List<RangerContextEnricherDef> contextEnrichers = new ArrayList<RangerContextEnricherDef>();
    List<RangerEnumDef> enums = new ArrayList<RangerEnumDef>();
    RangerServiceDef rangerServiceDef = new RangerServiceDef();
    rangerServiceDef.setId(Id);
    rangerServiceDef.setImplClass("RangerServiceHdfs");
    rangerServiceDef.setLabel("HDFS Repository");
    rangerServiceDef.setDescription("HDFS Repository");
    rangerServiceDef.setRbKeyDescription(null);
    rangerServiceDef.setUpdatedBy("Admin");
    rangerServiceDef.setUpdateTime(new Date());
    rangerServiceDef.setConfigs(configs);
    rangerServiceDef.setResources(resources);
    rangerServiceDef.setAccessTypes(accessTypes);
    rangerServiceDef.setPolicyConditions(policyConditions);
    rangerServiceDef.setContextEnrichers(contextEnrichers);
    rangerServiceDef.setEnums(enums);
    return rangerServiceDef;
}
Also used : RangerServiceConfigDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef) ArrayList(java.util.ArrayList) RangerEnumDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef) RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef) Date(java.util.Date) RangerAccessTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef) RangerContextEnricherDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)

Example 7 with RangerPolicyConditionDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef in project ranger by apache.

the class RangerDefaultPolicyEvaluatorTest method getMockServiceDef.

RangerServiceDef getMockServiceDef(Map<String, String[]> pairs) {
    // create a service def
    RangerServiceDef serviceDef = mock(RangerServiceDef.class);
    if (pairs == null) {
        return serviceDef;
    }
    List<RangerPolicyConditionDef> conditions = getMockPolicyConditionDefs(pairs);
    when(serviceDef.getPolicyConditions()).thenReturn(conditions);
    return serviceDef;
}
Also used : RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)

Example 8 with RangerPolicyConditionDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef in project ranger by apache.

the class RangerDefaultPolicyEvaluatorTest method getMockPolicyConditionDefs.

// takes in a map of condition name to a an two element array where 1st element is evaluator-class-name and second is evaluator-options if any
List<RangerPolicyConditionDef> getMockPolicyConditionDefs(Map<String, String[]> pairs) {
    List<RangerPolicyConditionDef> conditions = new ArrayList<>();
    // null policy condition def collection should behave sensibly
    for (Map.Entry<String, String[]> anEntry : pairs.entrySet()) {
        RangerPolicyConditionDef aCondition = mock(RangerPolicyConditionDef.class);
        when(aCondition.getName()).thenReturn(anEntry.getKey());
        when(aCondition.getEvaluator()).thenReturn(anEntry.getValue()[0]);
        Map<String, String> evaluatorOptions = new HashMap<>();
        evaluatorOptions.put(anEntry.getValue()[1], anEntry.getValue()[1]);
        when(aCondition.getEvaluatorOptions()).thenReturn(evaluatorOptions);
        conditions.add(aCondition);
    }
    return conditions;
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef) HashMap(java.util.HashMap) Map(java.util.Map)

Example 9 with RangerPolicyConditionDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef in project ranger by apache.

the class RangerDefaultPolicyItemEvaluator method init.

public void init() {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerDefaultPolicyItemEvaluator(policyId=" + policyId + ", policyItem=" + policyItem + ", serviceType=" + getServiceType() + ", conditionsDisabled=" + getConditionsDisabledOption() + ")");
    }
    Set<String> accessPerms = new HashSet<String>();
    List<RangerPolicy.RangerPolicyItemAccess> policyItemAccesses = policyItem.getAccesses();
    for (RangerPolicy.RangerPolicyItemAccess policyItemAccess : policyItemAccesses) {
        if (policyItemAccess.getIsAllowed()) {
            accessPerms.add(policyItemAccess.getType());
        }
    }
    hasAllPerms = true;
    List<RangerServiceDef.RangerAccessTypeDef> serviceAccessTypes = serviceDef.getAccessTypes();
    for (RangerServiceDef.RangerAccessTypeDef serviceAccessType : serviceAccessTypes) {
        String serviceAccessTypeName = serviceAccessType.getName();
        if (!accessPerms.contains(serviceAccessTypeName)) {
            hasAllPerms = false;
            break;
        }
    }
    if (!getConditionsDisabledOption() && CollectionUtils.isNotEmpty(policyItem.getConditions())) {
        conditionEvaluators = new ArrayList<>();
        RangerPerfTracer perf = null;
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYITEM_INIT_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_POLICYITEM_INIT_LOG, "RangerPolicyItemEvaluator.init(policyId=" + policyId + ",policyItemIndex=" + getPolicyItemIndex() + ")");
        }
        for (RangerPolicyItemCondition condition : policyItem.getConditions()) {
            RangerPolicyConditionDef conditionDef = getConditionDef(condition.getType());
            if (conditionDef == null) {
                LOG.error("RangerDefaultPolicyItemEvaluator(policyId=" + policyId + "): conditionDef '" + condition.getType() + "' not found. Ignoring the condition");
                continue;
            }
            RangerConditionEvaluator conditionEvaluator = newConditionEvaluator(conditionDef.getEvaluator());
            if (conditionEvaluator != null) {
                conditionEvaluator.setServiceDef(serviceDef);
                conditionEvaluator.setConditionDef(conditionDef);
                conditionEvaluator.setPolicyItemCondition(condition);
                RangerPerfTracer perfConditionInit = null;
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYCONDITION_INIT_LOG)) {
                    perfConditionInit = RangerPerfTracer.getPerfTracer(PERF_POLICYCONDITION_INIT_LOG, "RangerConditionEvaluator.init(policyId=" + policyId + ",policyItemIndex=" + getPolicyItemIndex() + ",policyConditionType=" + condition.getType() + ")");
                }
                conditionEvaluator.init();
                RangerPerfTracer.log(perfConditionInit);
                conditionEvaluators.add(conditionEvaluator);
            } else {
                LOG.error("RangerDefaultPolicyItemEvaluator(policyId=" + policyId + "): failed to instantiate condition evaluator '" + condition.getType() + "'; evaluatorClassName='" + conditionDef.getEvaluator() + "'");
            }
        }
        RangerPerfTracer.log(perf);
    }
    List<String> users = policyItem.getUsers();
    this.hasCurrentUser = CollectionUtils.isNotEmpty(users) && users.contains(RangerPolicyEngine.USER_CURRENT);
    this.hasResourceOwner = CollectionUtils.isNotEmpty(users) && users.contains(RangerPolicyEngine.RESOURCE_OWNER);
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerDefaultPolicyItemEvaluator(policyId=" + policyId + ", conditionsCount=" + getConditionEvaluators().size() + ")");
    }
}
Also used : RangerConditionEvaluator(org.apache.ranger.plugin.conditionevaluator.RangerConditionEvaluator) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) HashSet(java.util.HashSet)

Example 10 with RangerPolicyConditionDef

use of org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef in project ranger by apache.

the class RangerServiceDefValidator method isValidPolicyConditions.

boolean isValidPolicyConditions(List<RangerPolicyConditionDef> policyConditions, List<ValidationFailureDetails> failures) {
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("==> RangerServiceDefValidator.isValidPolicyConditions(%s, %s)", policyConditions, failures));
    }
    boolean valid = true;
    if (CollectionUtils.isEmpty(policyConditions)) {
        LOG.debug("Configs collection was null/empty! ok");
    } else {
        Set<Long> ids = new HashSet<>();
        Set<String> names = new HashSet<>();
        for (RangerPolicyConditionDef conditionDef : policyConditions) {
            valid = isUnique(conditionDef.getItemId(), ids, "policy condition def itemId", "policy condition defs", failures) && valid;
            String name = conditionDef.getName();
            valid = isUnique(name, names, "policy condition def name", "policy condition defs", failures) && valid;
            if (StringUtils.isBlank(conditionDef.getEvaluator())) {
                ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_POLICY_CONDITION_NULL_EVALUATOR;
                failures.add(new ValidationFailureDetailsBuilder().field("policy condition def evaluator").subField(name).isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage(name)).build());
                valid = false;
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("<== RangerServiceDefValidator.isValidPolicyConditions(%s, %s): %s", policyConditions, failures, valid));
    }
    return valid;
}
Also used : RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef) ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode) HashSet(java.util.HashSet)

Aggregations

RangerPolicyConditionDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)22 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)10 RangerAccessTypeDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)10 RangerContextEnricherDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)10 RangerEnumDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)10 RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)10 RangerServiceConfigDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)10 ArrayList (java.util.ArrayList)9 Date (java.util.Date)8 XXPolicyConditionDef (org.apache.ranger.entity.XXPolicyConditionDef)5 XXServiceDef (org.apache.ranger.entity.XXServiceDef)4 Test (org.junit.Test)4 RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)3 RangerDataMaskDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskDef)3 RangerDataMaskTypeDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskTypeDef)3 RangerRowFilterDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerRowFilterDef)3 VXString (org.apache.ranger.view.VXString)3 HashSet (java.util.HashSet)2 XXAccessTypeDefDao (org.apache.ranger.db.XXAccessTypeDefDao)2 XXAccessTypeDefGrantsDao (org.apache.ranger.db.XXAccessTypeDefGrantsDao)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial