Example 11 with RangerResourceDef
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class TestRangerServiceDefHelper method test_getResourceHierarchies.
@Test
public void test_getResourceHierarchies() {
/*
* Create a service-def with following resource graph
*
* Database -> UDF
* |
* v
* Table -> Column
* |
* v
* Table-Attribute
*
* It contains following hierarchies
* - [ Database UDF]
* - [ Database Table Column ]
* - [ Database Table Table-Attribute ]
*/
RangerResourceDef Database = createResourceDef("Database", "");
RangerResourceDef UDF = createResourceDef("UDF", "Database");
RangerResourceDef Table = createResourceDef("Table", "Database");
RangerResourceDef Column = createResourceDef("Column", "Table", true);
RangerResourceDef Table_Attribute = createResourceDef("Table-Attribute", "Table", true);
// order of resources in list sould not matter
List<RangerResourceDef> resourceDefs = Lists.newArrayList(Column, Database, Table, Table_Attribute, UDF);
// stuff this into a service-def
when(_serviceDef.getResources()).thenReturn(resourceDefs);
// now assert the behavior
_helper = new RangerServiceDefHelper(_serviceDef);
assertTrue(_helper.isResourceGraphValid());
Set<List<RangerResourceDef>> hierarchies = _helper.getResourceHierarchies(RangerPolicy.POLICY_TYPE_ACCESS);
// there should be
List<RangerResourceDef> hierarchy = Lists.newArrayList(Database, UDF);
assertTrue(hierarchies.contains(hierarchy));
hierarchy = Lists.newArrayList(Database, Table, Column);
assertTrue(hierarchies.contains(hierarchy));
hierarchy = Lists.newArrayList(Database, Table, Table_Attribute);
assertTrue(hierarchies.contains(hierarchy));
}
Also used :
List(java.util.List)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
Test(org.junit.Test)
Example 12 with RangerResourceDef
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class TestRangerValidator method test_getResourceNames.
@Test
public void test_getResourceNames() {
// passing in null service def
Set<String> accessTypes = _validator.getMandatoryResourceNames((RangerServiceDef) null);
Assert.assertTrue(accessTypes.isEmpty());
// that has null or empty access type def
RangerServiceDef serviceDef = mock(RangerServiceDef.class);
when(serviceDef.getResources()).thenReturn(null);
accessTypes = _validator.getMandatoryResourceNames(serviceDef);
Assert.assertTrue(accessTypes.isEmpty());
List<RangerResourceDef> resourceDefs = new ArrayList<>();
when(serviceDef.getResources()).thenReturn(resourceDefs);
accessTypes = _validator.getMandatoryResourceNames(serviceDef);
Assert.assertTrue(accessTypes.isEmpty());
// having null accesstypedefs
resourceDefs.add(null);
accessTypes = _validator.getMandatoryResourceNames(serviceDef);
Assert.assertTrue(accessTypes.isEmpty());
// access type defs with null empty blank names are skipped, spaces within names are preserved
Object[][] data = { // all good
{ "a", null, null, true }, // this should put a null element in the resource def!
null, // mandatory field is null, i.e. false
{ "b", null, null, null }, // non-mandatory field false - upper case
{ "c", null, null, false }, // resource specified in upper case
{ "D", null, null, true }, // all good
{ "E", null, null, false } };
resourceDefs.addAll(_utils.createResourceDefs(data));
accessTypes = _validator.getMandatoryResourceNames(serviceDef);
Assert.assertEquals(2, accessTypes.size());
Assert.assertTrue(accessTypes.contains("a"));
// name should come back lower case
Assert.assertTrue(accessTypes.contains("d"));
accessTypes = _validator.getAllResourceNames(serviceDef);
Assert.assertEquals(5, accessTypes.size());
Assert.assertTrue(accessTypes.contains("b"));
Assert.assertTrue(accessTypes.contains("c"));
Assert.assertTrue(accessTypes.contains("e"));
}
Also used :
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
ArrayList(java.util.ArrayList)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
Test(org.junit.Test)
Example 13 with RangerResourceDef
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class TestRangerValidator method test_getValidationRegExes.
@Test
public void test_getValidationRegExes() {
// passing in null service def
Map<String, String> regExMap = _validator.getValidationRegExes((RangerServiceDef) null);
Assert.assertTrue(regExMap.isEmpty());
// that has null or empty access type def
RangerServiceDef serviceDef = mock(RangerServiceDef.class);
when(serviceDef.getResources()).thenReturn(null);
regExMap = _validator.getValidationRegExes(serviceDef);
Assert.assertTrue(regExMap.isEmpty());
List<RangerResourceDef> resourceDefs = new ArrayList<>();
when(serviceDef.getResources()).thenReturn(resourceDefs);
regExMap = _validator.getValidationRegExes(serviceDef);
Assert.assertTrue(regExMap.isEmpty());
// having null accesstypedefs
resourceDefs.add(null);
regExMap = _validator.getValidationRegExes(serviceDef);
Assert.assertTrue(regExMap.isEmpty());
// access type defs with null empty blank names are skipped, spaces within names are preserved
String[][] data = { // null-regex
{ "a", null }, // this should put a null element in the resource def!
null, // valid
{ "b", "regex1" }, // empty regex
{ "c", "" }, // valid
{ "d", "regex2" }, // blank regex
{ "e", " " }, // all good
{ "f", "regex3" } };
resourceDefs.addAll(_utils.createResourceDefsWithRegEx(data));
regExMap = _validator.getValidationRegExes(serviceDef);
Assert.assertEquals(3, regExMap.size());
Assert.assertEquals("regex1", regExMap.get("b"));
Assert.assertEquals("regex2", regExMap.get("d"));
Assert.assertEquals("regex3", regExMap.get("f"));
}
Also used :
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
ArrayList(java.util.ArrayList)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
Test(org.junit.Test)
Example 14 with RangerResourceDef
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class RangerDefaultPolicyResourceMatcher method isCompleteMatch.
@Override
public boolean isCompleteMatch(Map<String, RangerPolicyResource> resources, Map<String, Object> evalContext) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultPolicyResourceMatcher.isCompleteMatch(" + resources + ", " + evalContext + ")");
}
RangerPerfTracer perf = null;
if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_RESOURCE_MATCHER_MATCH_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_RESOURCE_MATCHER_MATCH_LOG, "RangerDefaultPolicyResourceMatcher.applyPolicyMatch()");
}
boolean ret = false;
Collection<String> resourceKeys = resources == null ? null : resources.keySet();
Collection<String> policyKeys = policyResources == null ? null : policyResources.keySet();
boolean keysMatch = resourceKeys != null && policyKeys != null && CollectionUtils.isEqualCollection(resourceKeys, policyKeys);
if (keysMatch) {
for (RangerResourceDef resourceDef : serviceDef.getResources()) {
String resourceName = resourceDef.getName();
RangerPolicyResource resourceValues = resources.get(resourceName);
RangerPolicyResource policyValues = policyResources == null ? null : policyResources.get(resourceName);
if (resourceValues == null || CollectionUtils.isEmpty(resourceValues.getValues())) {
ret = (policyValues == null || CollectionUtils.isEmpty(policyValues.getValues()));
} else if (policyValues != null && CollectionUtils.isNotEmpty(policyValues.getValues())) {
ret = CollectionUtils.isEqualCollection(resourceValues.getValues(), policyValues.getValues());
}
if (!ret) {
break;
}
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("isCompleteMatch(): keysMatch=false. resourceKeys=" + resourceKeys + "; policyKeys=" + policyKeys);
}
}
RangerPerfTracer.log(perf);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultPolicyResourceMatcher.isCompleteMatch(" + resources + ", " + evalContext + "): " + ret);
}
return ret;
}
Also used :
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
Example 15 with RangerResourceDef
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class RangerDefaultPolicyResourceMatcher method isMatch.
@Override
public boolean isMatch(Map<String, RangerPolicyResource> resources, Map<String, Object> evalContext) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultPolicyResourceMatcher.isMatch(" + resources + ", " + evalContext + ")");
}
boolean ret = false;
RangerPerfTracer perf = null;
if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_RESOURCE_MATCHER_MATCH_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_RESOURCE_MATCHER_MATCH_LOG, "RangerDefaultPolicyResourceMatcher.delegateAdminMatch()");
}
if (serviceDef != null && serviceDef.getResources() != null) {
Collection<String> resourceKeys = resources == null ? null : resources.keySet();
Collection<String> policyKeys = policyResources == null ? null : policyResources.keySet();
boolean keysMatch = CollectionUtils.isEmpty(resourceKeys) || (policyKeys != null && policyKeys.containsAll(resourceKeys));
if (keysMatch) {
for (RangerResourceDef resourceDef : serviceDef.getResources()) {
String resourceName = resourceDef.getName();
RangerPolicyResource resourceValues = resources == null ? null : resources.get(resourceName);
List<String> values = resourceValues == null ? null : resourceValues.getValues();
RangerResourceMatcher matcher = allMatchers == null ? null : allMatchers.get(resourceName);
if (matcher != null) {
if (CollectionUtils.isNotEmpty(values)) {
for (String value : values) {
ret = matcher.isMatch(value, evalContext);
if (!ret) {
break;
}
}
} else {
ret = matcher.isMatchAny();
}
} else {
ret = CollectionUtils.isEmpty(values);
}
if (!ret) {
break;
}
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("isMatch(): keysMatch=false. resourceKeys=" + resourceKeys + "; policyKeys=" + policyKeys);
}
}
}
RangerPerfTracer.log(perf);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultPolicyResourceMatcher.isMatch(" + resources + ", " + evalContext + "): " + ret);
}
return ret;
}
Also used :
RangerResourceMatcher(org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
Aggregations
RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)50
ArrayList (java.util.ArrayList)19
Test (org.junit.Test)15
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)12
RangerAccessTypeDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)12
Date (java.util.Date)11
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)11
RangerContextEnricherDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)10
RangerEnumDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)10
RangerPolicyConditionDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)10
RangerServiceConfigDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)10
List (java.util.List)7
RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)7
HashSet (java.util.HashSet)5
XXResourceDef (org.apache.ranger.entity.XXResourceDef)5
RangerServiceDefHelper (org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)4
RangerResourceMatcher (org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher)4
VXString (org.apache.ranger.view.VXString)4
HashMap (java.util.HashMap)3
XXResourceDefDao (org.apache.ranger.db.XXResourceDefDao)3
