Search in sources :

Example 6 with RangerTag

use of org.apache.ranger.plugin.model.RangerTag in project ranger by apache.

the class TestTagREST method test17createTag.

@Test
public void test17createTag() {
    RangerTag oldTag = null;
    RangerTag newTag = new RangerTag();
    newTag.setId(id);
    newTag.setGuid(gId);
    try {
        Mockito.when(validator.preCreateTag(oldTag)).thenReturn(oldTag);
    } catch (Exception e) {
    }
    try {
        Mockito.when(tagStore.createTag(oldTag)).thenReturn(newTag);
    } catch (Exception e) {
    }
    RangerTag rangerTag = tagREST.createTag(oldTag, false);
    Assert.assertEquals(rangerTag.getId(), newTag.getId());
    Assert.assertEquals(rangerTag.getGuid(), newTag.getGuid());
    try {
        Mockito.verify(validator).preCreateTag(oldTag);
    } catch (Exception e) {
    }
    try {
        Mockito.verify(tagStore).createTag(oldTag);
    } catch (Exception e) {
    }
}
Also used : RangerTag(org.apache.ranger.plugin.model.RangerTag) ExpectedException(org.junit.rules.ExpectedException) WebApplicationException(javax.ws.rs.WebApplicationException) Test(org.junit.Test)

Example 7 with RangerTag

use of org.apache.ranger.plugin.model.RangerTag in project ranger by apache.

the class TestTagEnricher method runTests.

private void runTests(InputStreamReader reader, String testName) {
    TagEnricherTestCase testCase = gsonBuilder.fromJson(reader, TagEnricherTestCase.class);
    assertTrue("invalid input: " + testName, testCase != null && testCase.serviceDef != null && testCase.serviceResources != null && testCase.tests != null);
    ServiceTags serviceTags = new ServiceTags();
    serviceTags.setServiceName(testCase.serviceName);
    serviceTags.setTagDefinitions(testCase.tagDefinitions);
    serviceTags.setTags(testCase.tags);
    serviceTags.setServiceResources(testCase.serviceResources);
    serviceTags.setResourceToTagIds(testCase.resourceToTagIds);
    RangerTagEnricher tagEnricher = new RangerTagEnricher();
    tagEnricher.setServiceName(testCase.serviceName);
    tagEnricher.setServiceDef(testCase.serviceDef);
    tagEnricher.setServiceTags(serviceTags);
    List<String> expectedTags = new ArrayList<>();
    List<String> resultTags = new ArrayList<>();
    for (TestData test : testCase.tests) {
        RangerAccessRequestImpl request = new RangerAccessRequestImpl(test.resource, test.accessType, "testUser", null);
        tagEnricher.enrich(request);
        List<RangerTag> expected = test.result;
        Set<RangerTagForEval> result = RangerAccessRequestUtil.getRequestTagsFromContext(request.getContext());
        expectedTags.clear();
        if (expected != null) {
            for (RangerTag tag : expected) {
                expectedTags.add(tag.getType());
            }
            Collections.sort(expectedTags);
        }
        resultTags.clear();
        if (result != null) {
            for (RangerTagForEval tag : result) {
                resultTags.add(tag.getType());
            }
            Collections.sort(resultTags);
        }
        assertEquals(test.name, expectedTags, resultTags);
    }
}
Also used : TestData(org.apache.ranger.plugin.contextenricher.TestTagEnricher.TagEnricherTestCase.TestData) ServiceTags(org.apache.ranger.plugin.util.ServiceTags) RangerTag(org.apache.ranger.plugin.model.RangerTag) ArrayList(java.util.ArrayList)

Example 8 with RangerTag

use of org.apache.ranger.plugin.model.RangerTag in project ranger by apache.

the class TagPredicateUtil method addPredicateForTagId.

private Predicate addPredicateForTagId(final String id, List<Predicate> predicates) {
    if (StringUtils.isEmpty(id)) {
        return null;
    }
    Predicate ret = new Predicate() {

        @Override
        public boolean evaluate(Object object) {
            boolean ret = false;
            if (object == null) {
                return ret;
            }
            if (object instanceof RangerTag) {
                RangerTag tag = (RangerTag) object;
                ret = StringUtils.equals(id, tag.getId().toString());
            } else if (object instanceof RangerTagResourceMap) {
                RangerTagResourceMap tagResourceMap = (RangerTagResourceMap) object;
                ret = StringUtils.equals(id, tagResourceMap.getTagId().toString());
            }
            return ret;
        }
    };
    if (predicates != null) {
        predicates.add(ret);
    }
    return ret;
}
Also used : RangerTag(org.apache.ranger.plugin.model.RangerTag) RangerTagResourceMap(org.apache.ranger.plugin.model.RangerTagResourceMap) Predicate(org.apache.commons.collections.Predicate)

Example 9 with RangerTag

use of org.apache.ranger.plugin.model.RangerTag in project ranger by apache.

the class RangerTagEnricher method getTagsForServiceResource.

private static Set<RangerTagForEval> getTagsForServiceResource(final ServiceTags serviceTags, final RangerServiceResource serviceResource, final RangerPolicyResourceMatcher.MatchType matchType) {
    Set<RangerTagForEval> ret = new HashSet<>();
    final Long resourceId = serviceResource.getId();
    final Map<Long, List<Long>> resourceToTagIds = serviceTags.getResourceToTagIds();
    final Map<Long, RangerTag> tags = serviceTags.getTags();
    if (resourceId != null && MapUtils.isNotEmpty(resourceToTagIds) && MapUtils.isNotEmpty(tags)) {
        List<Long> tagIds = resourceToTagIds.get(resourceId);
        if (CollectionUtils.isNotEmpty(tagIds)) {
            for (Long tagId : tagIds) {
                RangerTag tag = tags.get(tagId);
                if (tag != null) {
                    ret.add(new RangerTagForEval(tag, matchType));
                }
            }
        }
    }
    return ret;
}
Also used : RangerTag(org.apache.ranger.plugin.model.RangerTag) ArrayList(java.util.ArrayList) List(java.util.List) HashSet(java.util.HashSet)

Example 10 with RangerTag

use of org.apache.ranger.plugin.model.RangerTag in project ranger by apache.

the class RangerTagEnricher method setServiceTags.

public void setServiceTags(final ServiceTags serviceTags) {
    if (serviceTags == null || CollectionUtils.isEmpty(serviceTags.getServiceResources())) {
        LOG.info("ServiceTags is null or there are no tagged resources for service " + serviceName);
        enrichedServiceTags = null;
    } else {
        List<RangerServiceResourceMatcher> resourceMatchers = new ArrayList<>();
        RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef, false);
        List<RangerServiceResource> serviceResources = serviceTags.getServiceResources();
        ResourceHierarchies hierarchies = new ResourceHierarchies();
        for (RangerServiceResource serviceResource : serviceResources) {
            final Collection<String> resourceKeys = serviceResource.getResourceElements().keySet();
            for (int policyType : RangerPolicy.POLICY_TYPES) {
                Boolean isValidHierarchy = hierarchies.isValidHierarchy(policyType, resourceKeys);
                if (isValidHierarchy == null) {
                    // hierarchy not yet validated
                    isValidHierarchy = Boolean.FALSE;
                    for (List<RangerServiceDef.RangerResourceDef> hierarchy : serviceDefHelper.getResourceHierarchies(policyType)) {
                        if (serviceDefHelper.hierarchyHasAllResources(hierarchy, resourceKeys)) {
                            isValidHierarchy = Boolean.TRUE;
                            break;
                        }
                    }
                    hierarchies.addHierarchy(policyType, resourceKeys, isValidHierarchy);
                }
                if (isValidHierarchy) {
                    RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher();
                    matcher.setServiceDef(this.serviceDef);
                    matcher.setPolicyResources(serviceResource.getResourceElements(), policyType);
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("RangerTagEnricher.setServiceTags() - Initializing matcher with (resource=" + serviceResource + ", serviceDef=" + this.serviceDef.getName() + ")");
                    }
                    matcher.setServiceDefHelper(serviceDefHelper);
                    matcher.init();
                    RangerServiceResourceMatcher serviceResourceMatcher = new RangerServiceResourceMatcher(serviceResource, matcher);
                    resourceMatchers.add(serviceResourceMatcher);
                }
            }
        }
        Map<String, RangerResourceTrie<RangerServiceResourceMatcher>> serviceResourceTrie = null;
        if (!disableTrieLookupPrefilter) {
            serviceResourceTrie = new HashMap<>();
            for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
                serviceResourceTrie.put(resourceDef.getName(), new RangerResourceTrie<RangerServiceResourceMatcher>(resourceDef, resourceMatchers));
            }
        }
        Set<RangerTagForEval> tagsForEmptyResourceAndAnyAccess = new HashSet<>();
        for (Map.Entry<Long, RangerTag> entry : serviceTags.getTags().entrySet()) {
            tagsForEmptyResourceAndAnyAccess.add(new RangerTagForEval(entry.getValue(), RangerPolicyResourceMatcher.MatchType.DESCENDANT));
        }
        enrichedServiceTags = new EnrichedServiceTags(serviceTags, resourceMatchers, serviceResourceTrie, tagsForEmptyResourceAndAnyAccess);
    }
}
Also used : RangerDefaultPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher) ArrayList(java.util.ArrayList) RangerResourceTrie(org.apache.ranger.plugin.util.RangerResourceTrie) RangerTag(org.apache.ranger.plugin.model.RangerTag) HashSet(java.util.HashSet) RangerServiceResource(org.apache.ranger.plugin.model.RangerServiceResource) RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

RangerTag (org.apache.ranger.plugin.model.RangerTag)30 WebApplicationException (javax.ws.rs.WebApplicationException)13 ArrayList (java.util.ArrayList)12 Test (org.junit.Test)10 ExpectedException (org.junit.rules.ExpectedException)10 XXTag (org.apache.ranger.entity.XXTag)5 HashMap (java.util.HashMap)4 Map (java.util.Map)4 RangerServiceResource (org.apache.ranger.plugin.model.RangerServiceResource)4 RangerTagDef (org.apache.ranger.plugin.model.RangerTagDef)4 RangerTagResourceMap (org.apache.ranger.plugin.model.RangerTagResourceMap)4 Path (javax.ws.rs.Path)3 Produces (javax.ws.rs.Produces)3 Predicate (org.apache.commons.collections.Predicate)3 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)3 HashSet (java.util.HashSet)2 List (java.util.List)2 PUT (javax.ws.rs.PUT)2 RangerServiceResourceSignature (org.apache.ranger.plugin.store.RangerServiceResourceSignature)2 ServiceTags (org.apache.ranger.plugin.util.ServiceTags)2