use of org.apache.ranger.plugin.model.RangerTag in project ranger by apache.
the class TestTagREST method test17createTag.
@Test
public void test17createTag() {
RangerTag oldTag = null;
RangerTag newTag = new RangerTag();
newTag.setId(id);
newTag.setGuid(gId);
try {
Mockito.when(validator.preCreateTag(oldTag)).thenReturn(oldTag);
} catch (Exception e) {
}
try {
Mockito.when(tagStore.createTag(oldTag)).thenReturn(newTag);
} catch (Exception e) {
}
RangerTag rangerTag = tagREST.createTag(oldTag, false);
Assert.assertEquals(rangerTag.getId(), newTag.getId());
Assert.assertEquals(rangerTag.getGuid(), newTag.getGuid());
try {
Mockito.verify(validator).preCreateTag(oldTag);
} catch (Exception e) {
}
try {
Mockito.verify(tagStore).createTag(oldTag);
} catch (Exception e) {
}
}
use of org.apache.ranger.plugin.model.RangerTag in project ranger by apache.
the class TestTagEnricher method runTests.
private void runTests(InputStreamReader reader, String testName) {
TagEnricherTestCase testCase = gsonBuilder.fromJson(reader, TagEnricherTestCase.class);
assertTrue("invalid input: " + testName, testCase != null && testCase.serviceDef != null && testCase.serviceResources != null && testCase.tests != null);
ServiceTags serviceTags = new ServiceTags();
serviceTags.setServiceName(testCase.serviceName);
serviceTags.setTagDefinitions(testCase.tagDefinitions);
serviceTags.setTags(testCase.tags);
serviceTags.setServiceResources(testCase.serviceResources);
serviceTags.setResourceToTagIds(testCase.resourceToTagIds);
RangerTagEnricher tagEnricher = new RangerTagEnricher();
tagEnricher.setServiceName(testCase.serviceName);
tagEnricher.setServiceDef(testCase.serviceDef);
tagEnricher.setServiceTags(serviceTags);
List<String> expectedTags = new ArrayList<>();
List<String> resultTags = new ArrayList<>();
for (TestData test : testCase.tests) {
RangerAccessRequestImpl request = new RangerAccessRequestImpl(test.resource, test.accessType, "testUser", null);
tagEnricher.enrich(request);
List<RangerTag> expected = test.result;
Set<RangerTagForEval> result = RangerAccessRequestUtil.getRequestTagsFromContext(request.getContext());
expectedTags.clear();
if (expected != null) {
for (RangerTag tag : expected) {
expectedTags.add(tag.getType());
}
Collections.sort(expectedTags);
}
resultTags.clear();
if (result != null) {
for (RangerTagForEval tag : result) {
resultTags.add(tag.getType());
}
Collections.sort(resultTags);
}
assertEquals(test.name, expectedTags, resultTags);
}
}
use of org.apache.ranger.plugin.model.RangerTag in project ranger by apache.
the class TagPredicateUtil method addPredicateForTagId.
private Predicate addPredicateForTagId(final String id, List<Predicate> predicates) {
if (StringUtils.isEmpty(id)) {
return null;
}
Predicate ret = new Predicate() {
@Override
public boolean evaluate(Object object) {
boolean ret = false;
if (object == null) {
return ret;
}
if (object instanceof RangerTag) {
RangerTag tag = (RangerTag) object;
ret = StringUtils.equals(id, tag.getId().toString());
} else if (object instanceof RangerTagResourceMap) {
RangerTagResourceMap tagResourceMap = (RangerTagResourceMap) object;
ret = StringUtils.equals(id, tagResourceMap.getTagId().toString());
}
return ret;
}
};
if (predicates != null) {
predicates.add(ret);
}
return ret;
}
use of org.apache.ranger.plugin.model.RangerTag in project ranger by apache.
the class RangerTagEnricher method getTagsForServiceResource.
private static Set<RangerTagForEval> getTagsForServiceResource(final ServiceTags serviceTags, final RangerServiceResource serviceResource, final RangerPolicyResourceMatcher.MatchType matchType) {
Set<RangerTagForEval> ret = new HashSet<>();
final Long resourceId = serviceResource.getId();
final Map<Long, List<Long>> resourceToTagIds = serviceTags.getResourceToTagIds();
final Map<Long, RangerTag> tags = serviceTags.getTags();
if (resourceId != null && MapUtils.isNotEmpty(resourceToTagIds) && MapUtils.isNotEmpty(tags)) {
List<Long> tagIds = resourceToTagIds.get(resourceId);
if (CollectionUtils.isNotEmpty(tagIds)) {
for (Long tagId : tagIds) {
RangerTag tag = tags.get(tagId);
if (tag != null) {
ret.add(new RangerTagForEval(tag, matchType));
}
}
}
}
return ret;
}
use of org.apache.ranger.plugin.model.RangerTag in project ranger by apache.
the class RangerTagEnricher method setServiceTags.
public void setServiceTags(final ServiceTags serviceTags) {
if (serviceTags == null || CollectionUtils.isEmpty(serviceTags.getServiceResources())) {
LOG.info("ServiceTags is null or there are no tagged resources for service " + serviceName);
enrichedServiceTags = null;
} else {
List<RangerServiceResourceMatcher> resourceMatchers = new ArrayList<>();
RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef, false);
List<RangerServiceResource> serviceResources = serviceTags.getServiceResources();
ResourceHierarchies hierarchies = new ResourceHierarchies();
for (RangerServiceResource serviceResource : serviceResources) {
final Collection<String> resourceKeys = serviceResource.getResourceElements().keySet();
for (int policyType : RangerPolicy.POLICY_TYPES) {
Boolean isValidHierarchy = hierarchies.isValidHierarchy(policyType, resourceKeys);
if (isValidHierarchy == null) {
// hierarchy not yet validated
isValidHierarchy = Boolean.FALSE;
for (List<RangerServiceDef.RangerResourceDef> hierarchy : serviceDefHelper.getResourceHierarchies(policyType)) {
if (serviceDefHelper.hierarchyHasAllResources(hierarchy, resourceKeys)) {
isValidHierarchy = Boolean.TRUE;
break;
}
}
hierarchies.addHierarchy(policyType, resourceKeys, isValidHierarchy);
}
if (isValidHierarchy) {
RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher();
matcher.setServiceDef(this.serviceDef);
matcher.setPolicyResources(serviceResource.getResourceElements(), policyType);
if (LOG.isDebugEnabled()) {
LOG.debug("RangerTagEnricher.setServiceTags() - Initializing matcher with (resource=" + serviceResource + ", serviceDef=" + this.serviceDef.getName() + ")");
}
matcher.setServiceDefHelper(serviceDefHelper);
matcher.init();
RangerServiceResourceMatcher serviceResourceMatcher = new RangerServiceResourceMatcher(serviceResource, matcher);
resourceMatchers.add(serviceResourceMatcher);
}
}
}
Map<String, RangerResourceTrie<RangerServiceResourceMatcher>> serviceResourceTrie = null;
if (!disableTrieLookupPrefilter) {
serviceResourceTrie = new HashMap<>();
for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
serviceResourceTrie.put(resourceDef.getName(), new RangerResourceTrie<RangerServiceResourceMatcher>(resourceDef, resourceMatchers));
}
}
Set<RangerTagForEval> tagsForEmptyResourceAndAnyAccess = new HashSet<>();
for (Map.Entry<Long, RangerTag> entry : serviceTags.getTags().entrySet()) {
tagsForEmptyResourceAndAnyAccess.add(new RangerTagForEval(entry.getValue(), RangerPolicyResourceMatcher.MatchType.DESCENDANT));
}
enrichedServiceTags = new EnrichedServiceTags(serviceTags, resourceMatchers, serviceResourceTrie, tagsForEmptyResourceAndAnyAccess);
}
}
Aggregations