Search in sources :

Example 6 with RangerAccessRequest

use of org.apache.ranger.plugin.policyengine.RangerAccessRequest in project ranger by apache.

the class RangerHiveAuditHandler method createAuditEvent.

AuthzAuditEvent createAuditEvent(RangerAccessResult result) {
    AuthzAuditEvent ret = null;
    RangerAccessRequest request = result.getAccessRequest();
    RangerAccessResource resource = request.getResource();
    String resourcePath = resource != null ? resource.getAsString() : null;
    int policyType = result.getPolicyType();
    if (policyType == RangerPolicy.POLICY_TYPE_DATAMASK && result.isMaskEnabled()) {
        ret = createAuditEvent(result, result.getMaskType(), resourcePath);
    } else if (policyType == RangerPolicy.POLICY_TYPE_ROWFILTER) {
        ret = createAuditEvent(result, ACCESS_TYPE_ROWFILTER, resourcePath);
    } else {
        String accessType = null;
        if (request instanceof RangerHiveAccessRequest) {
            RangerHiveAccessRequest hiveRequest = (RangerHiveAccessRequest) request;
            accessType = hiveRequest.getHiveAccessType().toString();
        }
        if (StringUtils.isEmpty(accessType)) {
            accessType = request.getAccessType();
        }
        ret = createAuditEvent(result, accessType, resourcePath);
    }
    return ret;
}
Also used : AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent) RangerAccessRequest(org.apache.ranger.plugin.policyengine.RangerAccessRequest) RangerAccessResource(org.apache.ranger.plugin.policyengine.RangerAccessResource)

Example 7 with RangerAccessRequest

use of org.apache.ranger.plugin.policyengine.RangerAccessRequest in project ranger by apache.

the class RangerHiveAuditHandler method createAuditEvent.

AuthzAuditEvent createAuditEvent(RangerAccessResult result, String accessType, String resourcePath) {
    RangerAccessRequest request = result.getAccessRequest();
    RangerAccessResource resource = request.getResource();
    String resourceType = resource != null ? resource.getLeafName() : null;
    AuthzAuditEvent auditEvent = super.getAuthzEvents(result);
    auditEvent.setAccessType(accessType);
    auditEvent.setResourcePath(resourcePath);
    // to be consistent with earlier release
    auditEvent.setResourceType("@" + resourceType);
    if (request instanceof RangerHiveAccessRequest && resource instanceof RangerHiveResource) {
        RangerHiveAccessRequest hiveAccessRequest = (RangerHiveAccessRequest) request;
        RangerHiveResource hiveResource = (RangerHiveResource) resource;
        if (hiveAccessRequest.getHiveAccessType() == HiveAccessType.USE && hiveResource.getObjectType() == HiveObjectType.DATABASE) {
            // this should happen only for SHOWDATABASES and USE <db-name> commands
            auditEvent.setTags(null);
        }
    }
    return auditEvent;
}
Also used : AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent) RangerAccessRequest(org.apache.ranger.plugin.policyengine.RangerAccessRequest) RangerAccessResource(org.apache.ranger.plugin.policyengine.RangerAccessResource)

Example 8 with RangerAccessRequest

use of org.apache.ranger.plugin.policyengine.RangerAccessRequest in project ranger by apache.

the class RangerSampleSimpleMatcherTest method createRequest.

RangerAccessRequest createRequest(String value) {
    Map<String, Object> context = new HashMap<String, Object>();
    context.put(RangerSampleSimpleMatcher.CONTEXT_NAME, value);
    RangerAccessRequest request = Mockito.mock(RangerAccessRequest.class);
    Mockito.when(request.getContext()).thenReturn(context);
    return request;
}
Also used : RangerAccessRequest(org.apache.ranger.plugin.policyengine.RangerAccessRequest)

Example 9 with RangerAccessRequest

use of org.apache.ranger.plugin.policyengine.RangerAccessRequest in project ranger by apache.

the class RangerPolicyFactory method createAccessRequests.

/**
 * Generates and returns a list of {@link RangerAccessRequest requests}
 * @param nubmerOfRequests the number of requests to generate.
 * @return
 */
public static List<RangerAccessRequest> createAccessRequests(int nubmerOfRequests) {
    List<RangerAccessRequest> result = Lists.newArrayList();
    Gson gson = buildGson();
    String template = readResourceFile("/testdata/single-request-template.json");
    for (int i = 0; i < nubmerOfRequests; i++) {
        RangerAccessRequestImpl accessRequest = gson.fromJson(template, RangerAccessRequestImpl.class);
        result.add(mutate(accessRequest, isAllowed()));
    }
    return result;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) Gson(com.google.gson.Gson) RangerAccessRequest(org.apache.ranger.plugin.policyengine.RangerAccessRequest)

Example 10 with RangerAccessRequest

use of org.apache.ranger.plugin.policyengine.RangerAccessRequest in project ranger by apache.

the class RangerPolicyEnginePerformanceTest method policyEngineTest.

@Test
public void policyEngineTest() throws InterruptedException {
    List<RangerAccessRequest> requests = requestsCache.getUnchecked(concurrency);
    ServicePolicies servicePolicies = servicePoliciesCache.getUnchecked(numberOfPolicies);
    final RangerPolicyEngineImpl rangerPolicyEngine = new RangerPolicyEngineImpl("perf-test", servicePolicies, RangerPolicyFactory.createPolicyEngineOption());
    rangerPolicyEngine.preProcess(requests);
    for (int iterations = 0; iterations < WARM_UP__ITERATIONS; iterations++) {
        // using return value of 'isAccessAllowed' with a cheap operation: System#identityHashCode so JIT wont remove it as dead code
        System.identityHashCode(rangerPolicyEngine.evaluatePolicies(requests.get(iterations % concurrency), RangerPolicy.POLICY_TYPE_ACCESS, null));
        PerfDataRecorder.clearStatistics();
    }
    final CountDownLatch latch = new CountDownLatch(concurrency);
    for (int i = 0; i < concurrency; i++) {
        final RangerAccessRequest rangerAccessRequest = requests.get(i);
        new Thread(new Runnable() {

            @Override
            public void run() {
                System.identityHashCode(rangerPolicyEngine.evaluatePolicies(rangerAccessRequest, RangerPolicy.POLICY_TYPE_ACCESS, null));
                latch.countDown();
            }
        }, String.format("Client #%s", i)).start();
    }
    latch.await();
}
Also used : RangerPolicyEngineImpl(org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl) ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) CountDownLatch(java.util.concurrent.CountDownLatch) RangerAccessRequest(org.apache.ranger.plugin.policyengine.RangerAccessRequest) Test(org.junit.Test)

Aggregations

RangerAccessRequest (org.apache.ranger.plugin.policyengine.RangerAccessRequest)18 RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)5 Test (org.junit.Test)5 RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)3 RangerAccessResource (org.apache.ranger.plugin.policyengine.RangerAccessResource)3 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)3 Principal (java.security.Principal)2 Calendar (java.util.Calendar)2 Date (java.util.Date)2 GregorianCalendar (java.util.GregorianCalendar)2 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)2 AuthzAuditEvent (org.apache.ranger.audit.model.AuthzAuditEvent)2 RangerAccessRequestImpl (org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl)2 RangerPolicyEngineImpl (org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl)2 ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)2 Gson (com.google.gson.Gson)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 CountDownLatch (java.util.concurrent.CountDownLatch)1