Example 46 with RangerServiceDef
use of org.apache.ranger.plugin.model.RangerServiceDef in project ranger by apache.
the class PatchForAllServiceDefUpdateForResourceSpecificAccesses_J10012 method updateAllServiceDef.
private void updateAllServiceDef() {
List<XXServiceDef> allXXServiceDefs;
allXXServiceDefs = daoMgr.getXXServiceDef().getAll();
if (CollectionUtils.isNotEmpty(allXXServiceDefs)) {
for (XXServiceDef xxServiceDef : allXXServiceDefs) {
String serviceDefName = xxServiceDef.getName();
try {
String jsonStrPreUpdate = xxServiceDef.getDefOptions();
Map<String, String> serviceDefOptionsPreUpdate = jsonUtil.jsonToMap(jsonStrPreUpdate);
String valueBeforeUpdate = serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
RangerServiceDef serviceDef = svcDBStore.getServiceDefByName(serviceDefName);
if (serviceDef != null) {
logger.info("Started patching service-def:[" + serviceDefName + "]");
RangerServiceDefHelper defHelper = new RangerServiceDefHelper(serviceDef, false);
defHelper.patchServiceDefWithDefaultValues();
svcStore.updateServiceDef(serviceDef);
XXServiceDef dbServiceDef = daoMgr.getXXServiceDef().findByName(serviceDefName);
if (dbServiceDef != null) {
String jsonStrPostUpdate = dbServiceDef.getDefOptions();
Map<String, String> serviceDefOptionsPostUpdate = jsonUtil.jsonToMap(jsonStrPostUpdate);
String valueAfterUpdate = serviceDefOptionsPostUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
if (!StringUtils.equals(valueBeforeUpdate, valueAfterUpdate)) {
if (StringUtils.isEmpty(valueBeforeUpdate)) {
serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
} else {
serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, valueBeforeUpdate);
}
dbServiceDef.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
daoMgr.getXXServiceDef().update(dbServiceDef);
}
}
logger.info("Completed patching service-def:[" + serviceDefName + "]");
}
} catch (Exception e) {
logger.error("Error while patching service-def:[" + serviceDefName + "]", e);
}
}
}
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
Example 47 with RangerServiceDef
use of org.apache.ranger.plugin.model.RangerServiceDef in project ranger by apache.
the class PatchForHiveServiceDefUpdate_J10006 method updateHiveServiceDef.
private void updateHiveServiceDef() {
RangerServiceDef ret = null;
RangerServiceDef embeddedHiveServiceDef = null;
RangerServiceDef dbHiveServiceDef = null;
RangerDataMaskDef dataMaskDef = null;
RangerRowFilterDef rowFilterDef = null;
XXServiceDef xXServiceDefObj = null;
try {
embeddedHiveServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if (embeddedHiveServiceDef != null) {
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
Map<String, String> serviceDefOptionsPreUpdate = null;
String jsonStrPreUpdate = null;
if (xXServiceDefObj != null) {
jsonStrPreUpdate = xXServiceDefObj.getDefOptions();
serviceDefOptionsPreUpdate = jsonStringToMap(jsonStrPreUpdate);
xXServiceDefObj = null;
}
dataMaskDef = embeddedHiveServiceDef.getDataMaskDef();
rowFilterDef = embeddedHiveServiceDef.getRowFilterDef();
dbHiveServiceDef = svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if (dbHiveServiceDef != null) {
if (dataMaskDef != null) {
dbHiveServiceDef.setDataMaskDef(dataMaskDef);
}
if (rowFilterDef != null) {
dbHiveServiceDef.setRowFilterDef(rowFilterDef);
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbHiveServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbHiveServiceDef);
if (ret == null) {
logger.error("Error while updating " + SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME + "service-def");
System.exit(1);
}
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if (xXServiceDefObj != null) {
String jsonStrPostUpdate = xXServiceDefObj.getDefOptions();
Map<String, String> serviceDefOptionsPostUpdate = jsonStringToMap(jsonStrPostUpdate);
if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
if (serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
if (preUpdateValue == null) {
serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
} else {
serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
}
xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
daoMgr.getXXServiceDef().update(xXServiceDefObj);
}
}
}
}
}
} catch (Exception e) {
logger.error("Error while updating " + SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME + "service-def", e);
}
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
RangerDataMaskDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskDef)
RangerRowFilterDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerRowFilterDef)
RangerServiceDefValidator(org.apache.ranger.plugin.model.validation.RangerServiceDefValidator)
Example 48 with RangerServiceDef
use of org.apache.ranger.plugin.model.RangerServiceDef in project ranger by apache.
the class PatchForHiveServiceDefUpdate_J10007 method updateHiveServiceDef.
private void updateHiveServiceDef() {
RangerServiceDef ret = null;
RangerServiceDef embeddedHiveServiceDef = null;
RangerServiceDef dbHiveServiceDef = null;
List<RangerServiceDef.RangerResourceDef> embeddedHiveResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedHiveAccessTypes = null;
XXServiceDef xXServiceDefObj = null;
try {
embeddedHiveServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if (embeddedHiveServiceDef != null) {
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
Map<String, String> serviceDefOptionsPreUpdate = null;
String jsonStrPreUpdate = null;
if (xXServiceDefObj != null) {
jsonStrPreUpdate = xXServiceDefObj.getDefOptions();
serviceDefOptionsPreUpdate = jsonStringToMap(jsonStrPreUpdate);
xXServiceDefObj = null;
}
dbHiveServiceDef = svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if (dbHiveServiceDef != null) {
embeddedHiveResourceDefs = embeddedHiveServiceDef.getResources();
embeddedHiveAccessTypes = embeddedHiveServiceDef.getAccessTypes();
if (checkURLresourcePresent(embeddedHiveResourceDefs)) {
// This is to check if URL def is added to the resource definition, if so update the resource def and accessType def
if (embeddedHiveResourceDefs != null) {
dbHiveServiceDef.setResources(embeddedHiveResourceDefs);
}
if (embeddedHiveAccessTypes != null) {
if (!embeddedHiveAccessTypes.toString().equalsIgnoreCase(dbHiveServiceDef.getAccessTypes().toString())) {
dbHiveServiceDef.setAccessTypes(embeddedHiveAccessTypes);
}
}
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbHiveServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbHiveServiceDef);
if (ret == null) {
logger.error("Error while updating " + SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME + "service-def");
throw new RuntimeException("Error while updating " + SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME + "service-def");
}
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if (xXServiceDefObj != null) {
String jsonStrPostUpdate = xXServiceDefObj.getDefOptions();
Map<String, String> serviceDefOptionsPostUpdate = jsonStringToMap(jsonStrPostUpdate);
if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
if (serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
if (preUpdateValue == null) {
serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
} else {
serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
}
xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
daoMgr.getXXServiceDef().update(xXServiceDefObj);
}
}
}
}
}
} catch (Exception e) {
logger.error("Error while updating " + SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME + "service-def", e);
}
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
RangerServiceDefValidator(org.apache.ranger.plugin.model.validation.RangerServiceDefValidator)
Example 49 with RangerServiceDef
use of org.apache.ranger.plugin.model.RangerServiceDef in project nifi by apache.
the class TestRangerBasePluginWithPolicies method testPoliciesWithUserGroupProvider.
@Test
public void testPoliciesWithUserGroupProvider() {
// unknown according to user group provider
final String user1 = "user-1";
// known according to user group provider
final String user2 = "user-2";
// unknown according to user group provider
final String group1 = "group-1";
// known according to user group provider
final String group2 = "group-2";
final UserGroupProvider userGroupProvider = new UserGroupProvider() {
@Override
public Set<User> getUsers() throws AuthorizationAccessException {
return Stream.of(new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build()).collect(Collectors.toSet());
}
@Override
public User getUser(String identifier) throws AuthorizationAccessException {
final User u2 = new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build();
if (u2.getIdentifier().equals(identifier)) {
return u2;
} else {
return null;
}
}
@Override
public User getUserByIdentity(String identity) throws AuthorizationAccessException {
if (user2.equals(identity)) {
return new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build();
} else {
return null;
}
}
@Override
public Set<Group> getGroups() throws AuthorizationAccessException {
return Stream.of(new Group.Builder().identifierGenerateFromSeed(group2).name(group2).build()).collect(Collectors.toSet());
}
@Override
public Group getGroup(String identifier) throws AuthorizationAccessException {
final Group g2 = new Group.Builder().identifierGenerateFromSeed(group2).name(group2).build();
if (g2.getIdentifier().equals(identifier)) {
return g2;
} else {
return null;
}
}
@Override
public UserAndGroups getUserAndGroups(String identity) throws AuthorizationAccessException {
if (user2.equals(identity)) {
return new UserAndGroups() {
@Override
public User getUser() {
return new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build();
}
@Override
public Set<Group> getGroups() {
return Collections.EMPTY_SET;
}
};
} else {
return null;
}
}
@Override
public void initialize(UserGroupProviderInitializationContext initializationContext) throws AuthorizerCreationException {
}
@Override
public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
}
@Override
public void preDestruction() throws AuthorizerDestructionException {
}
};
final String resourceIdentifier1 = "/resource-1";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
policy1Item.setGroups(Stream.of(group2).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final String resourceIdentifier2 = "/resource-2";
RangerPolicyResource resource2 = new RangerPolicyResource(resourceIdentifier2);
final Map<String, RangerPolicyResource> policy2Resources = new HashMap<>();
policy2Resources.put(resourceIdentifier2, resource2);
final RangerPolicyItem policy2Item = new RangerPolicyItem();
policy2Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ"), new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
policy2Item.setUsers(Stream.of(user2).collect(Collectors.toList()));
policy2Item.setGroups(Stream.of(group1).collect(Collectors.toList()));
final RangerPolicy policy2 = new RangerPolicy();
policy2.setResources(policy2Resources);
policy2.setPolicyItems(Stream.of(policy2Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
policies.add(policy2);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi", userGroupProvider);
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the two ranger policies converted into 3 nifi access policies
final Set<AccessPolicy> accessPolicies = pluginWithPolicies.getAccessPolicies();
assertEquals(3, accessPolicies.size());
// resource 1 -> read but no write
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));
// read
final AccessPolicy readResource1 = pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ);
assertNotNull(readResource1);
assertTrue(accessPolicies.contains(readResource1));
assertTrue(readResource1.equals(pluginWithPolicies.getAccessPolicy(readResource1.getIdentifier())));
assertTrue(readResource1.getUsers().isEmpty());
assertEquals(1, readResource1.getGroups().size());
assertTrue(readResource1.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group2).name(group2).build().getIdentifier()));
// but no write
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
// resource 2 -> read and write
assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.WRITE));
assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.READ));
// read
final AccessPolicy readResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
assertNotNull(readResource2);
assertTrue(accessPolicies.contains(readResource2));
assertTrue(readResource2.equals(pluginWithPolicies.getAccessPolicy(readResource2.getIdentifier())));
assertEquals(1, readResource2.getUsers().size());
assertTrue(readResource2.getUsers().contains(new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build().getIdentifier()));
assertTrue(readResource2.getGroups().isEmpty());
// and write
final AccessPolicy writeResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
assertNotNull(writeResource2);
assertTrue(accessPolicies.contains(writeResource2));
assertTrue(writeResource2.equals(pluginWithPolicies.getAccessPolicy(writeResource2.getIdentifier())));
assertEquals(1, writeResource2.getUsers().size());
assertTrue(writeResource2.getUsers().contains(new User.Builder().identifierGenerateFromSeed(user2).identity(user2).build().getIdentifier()));
assertTrue(writeResource2.getGroups().isEmpty());
}
Also used :
Group(org.apache.nifi.authorization.Group)
User(org.apache.nifi.authorization.User)
UserGroupProviderInitializationContext(org.apache.nifi.authorization.UserGroupProviderInitializationContext)
ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies)
HashMap(java.util.HashMap)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
ArrayList(java.util.ArrayList)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
AccessPolicy(org.apache.nifi.authorization.AccessPolicy)
UserAndGroups(org.apache.nifi.authorization.UserAndGroups)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
UserGroupProvider(org.apache.nifi.authorization.UserGroupProvider)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
AuthorizerConfigurationContext(org.apache.nifi.authorization.AuthorizerConfigurationContext)
Test(org.junit.Test)
Example 50 with RangerServiceDef
use of org.apache.ranger.plugin.model.RangerServiceDef in project nifi by apache.
the class TestRangerBasePluginWithPolicies method testPoliciesWithoutUserGroupProvider.
@Test
public void testPoliciesWithoutUserGroupProvider() {
final String user1 = "user-1";
final String group1 = "group-1";
final String resourceIdentifier1 = "/resource-1";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
policy1Item.setUsers(Stream.of(user1).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final String resourceIdentifier2 = "/resource-2";
RangerPolicyResource resource2 = new RangerPolicyResource(resourceIdentifier2);
final Map<String, RangerPolicyResource> policy2Resources = new HashMap<>();
policy2Resources.put(resourceIdentifier2, resource2);
final RangerPolicyItem policy2Item = new RangerPolicyItem();
policy2Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ"), new RangerPolicyItemAccess("WRITE")).collect(Collectors.toList()));
policy2Item.setGroups(Stream.of(group1).collect(Collectors.toList()));
final RangerPolicy policy2 = new RangerPolicy();
policy2.setResources(policy2Resources);
policy2.setPolicyItems(Stream.of(policy2Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
policies.add(policy2);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the two ranger policies converted into 3 nifi access policies
final Set<AccessPolicy> accessPolicies = pluginWithPolicies.getAccessPolicies();
assertEquals(3, accessPolicies.size());
// resource 1 -> read but no write
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.WRITE));
assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));
// read
final AccessPolicy readResource1 = pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ);
assertNotNull(readResource1);
assertTrue(accessPolicies.contains(readResource1));
assertTrue(readResource1.equals(pluginWithPolicies.getAccessPolicy(readResource1.getIdentifier())));
assertEquals(1, readResource1.getUsers().size());
assertTrue(readResource1.getUsers().contains(new User.Builder().identifierGenerateFromSeed(user1).identity(user1).build().getIdentifier()));
assertTrue(readResource1.getGroups().isEmpty());
// but no write
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.WRITE));
// resource 2 -> read and write
assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.WRITE));
assertTrue(pluginWithPolicies.doesPolicyExist(resourceIdentifier2, RequestAction.READ));
// read
final AccessPolicy readResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
assertNotNull(readResource2);
assertTrue(accessPolicies.contains(readResource2));
assertTrue(readResource2.equals(pluginWithPolicies.getAccessPolicy(readResource2.getIdentifier())));
assertTrue(readResource2.getUsers().isEmpty());
assertEquals(1, readResource2.getGroups().size());
assertTrue(readResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));
// and write
final AccessPolicy writeResource2 = pluginWithPolicies.getAccessPolicy(resourceIdentifier2, RequestAction.READ);
assertNotNull(writeResource2);
assertTrue(accessPolicies.contains(writeResource2));
assertTrue(writeResource2.equals(pluginWithPolicies.getAccessPolicy(writeResource2.getIdentifier())));
assertTrue(writeResource2.getUsers().isEmpty());
assertEquals(1, writeResource2.getGroups().size());
assertTrue(writeResource2.getGroups().contains(new Group.Builder().identifierGenerateFromSeed(group1).name(group1).build().getIdentifier()));
// resource 3 -> no read or write
assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.WRITE));
assertFalse(pluginWithPolicies.doesPolicyExist("resource-3", RequestAction.READ));
// no read or write
assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.WRITE));
assertNull(pluginWithPolicies.getAccessPolicy("resource-3", RequestAction.READ));
}
Also used :
ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies)
HashMap(java.util.HashMap)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
ArrayList(java.util.ArrayList)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
AccessPolicy(org.apache.nifi.authorization.AccessPolicy)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
Test(org.junit.Test)
Aggregations
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)105
Test (org.junit.Test)52
ArrayList (java.util.ArrayList)38
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)19
XXServiceDef (org.apache.ranger.entity.XXServiceDef)18
Date (java.util.Date)15
HashMap (java.util.HashMap)13
ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)13
RangerService (org.apache.ranger.plugin.model.RangerService)12
RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)12
RangerServiceConfigDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)12
RangerAccessTypeDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)11
VXString (org.apache.ranger.view.VXString)10
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)9
RangerContextEnricherDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)9
RangerPolicyConditionDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)9
RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)8
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)8
RangerEnumDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)8
SearchFilter (org.apache.ranger.plugin.util.SearchFilter)7
