use of org.apache.ranger.plugin.policyengine.RangerAccessRequest in project ranger by apache.
the class RangerHiveAuditHandler method createAuditEvent.
AuthzAuditEvent createAuditEvent(RangerAccessResult result) {
AuthzAuditEvent ret = null;
RangerAccessRequest request = result.getAccessRequest();
RangerAccessResource resource = request.getResource();
String resourcePath = resource != null ? resource.getAsString() : null;
int policyType = result.getPolicyType();
if (policyType == RangerPolicy.POLICY_TYPE_DATAMASK && result.isMaskEnabled()) {
ret = createAuditEvent(result, result.getMaskType(), resourcePath);
} else if (policyType == RangerPolicy.POLICY_TYPE_ROWFILTER) {
ret = createAuditEvent(result, ACCESS_TYPE_ROWFILTER, resourcePath);
} else {
String accessType = null;
if (request instanceof RangerHiveAccessRequest) {
RangerHiveAccessRequest hiveRequest = (RangerHiveAccessRequest) request;
accessType = hiveRequest.getHiveAccessType().toString();
}
if (StringUtils.isEmpty(accessType)) {
accessType = request.getAccessType();
}
ret = createAuditEvent(result, accessType, resourcePath);
}
return ret;
}
use of org.apache.ranger.plugin.policyengine.RangerAccessRequest in project ranger by apache.
the class RangerHiveAuditHandler method createAuditEvent.
AuthzAuditEvent createAuditEvent(RangerAccessResult result, String accessType, String resourcePath) {
RangerAccessRequest request = result.getAccessRequest();
RangerAccessResource resource = request.getResource();
String resourceType = resource != null ? resource.getLeafName() : null;
AuthzAuditEvent auditEvent = super.getAuthzEvents(result);
auditEvent.setAccessType(accessType);
auditEvent.setResourcePath(resourcePath);
// to be consistent with earlier release
auditEvent.setResourceType("@" + resourceType);
if (request instanceof RangerHiveAccessRequest && resource instanceof RangerHiveResource) {
RangerHiveAccessRequest hiveAccessRequest = (RangerHiveAccessRequest) request;
RangerHiveResource hiveResource = (RangerHiveResource) resource;
if (hiveAccessRequest.getHiveAccessType() == HiveAccessType.USE && hiveResource.getObjectType() == HiveObjectType.DATABASE) {
// this should happen only for SHOWDATABASES and USE <db-name> commands
auditEvent.setTags(null);
}
}
return auditEvent;
}
use of org.apache.ranger.plugin.policyengine.RangerAccessRequest in project ranger by apache.
the class RangerSampleSimpleMatcherTest method createRequest.
RangerAccessRequest createRequest(String value) {
Map<String, Object> context = new HashMap<String, Object>();
context.put(RangerSampleSimpleMatcher.CONTEXT_NAME, value);
RangerAccessRequest request = Mockito.mock(RangerAccessRequest.class);
Mockito.when(request.getContext()).thenReturn(context);
return request;
}
use of org.apache.ranger.plugin.policyengine.RangerAccessRequest in project ranger by apache.
the class RangerPolicyFactory method createAccessRequests.
/**
* Generates and returns a list of {@link RangerAccessRequest requests}
* @param nubmerOfRequests the number of requests to generate.
* @return
*/
public static List<RangerAccessRequest> createAccessRequests(int nubmerOfRequests) {
List<RangerAccessRequest> result = Lists.newArrayList();
Gson gson = buildGson();
String template = readResourceFile("/testdata/single-request-template.json");
for (int i = 0; i < nubmerOfRequests; i++) {
RangerAccessRequestImpl accessRequest = gson.fromJson(template, RangerAccessRequestImpl.class);
result.add(mutate(accessRequest, isAllowed()));
}
return result;
}
use of org.apache.ranger.plugin.policyengine.RangerAccessRequest in project ranger by apache.
the class RangerPolicyEnginePerformanceTest method policyEngineTest.
@Test
public void policyEngineTest() throws InterruptedException {
List<RangerAccessRequest> requests = requestsCache.getUnchecked(concurrency);
ServicePolicies servicePolicies = servicePoliciesCache.getUnchecked(numberOfPolicies);
final RangerPolicyEngineImpl rangerPolicyEngine = new RangerPolicyEngineImpl("perf-test", servicePolicies, RangerPolicyFactory.createPolicyEngineOption());
rangerPolicyEngine.preProcess(requests);
for (int iterations = 0; iterations < WARM_UP__ITERATIONS; iterations++) {
// using return value of 'isAccessAllowed' with a cheap operation: System#identityHashCode so JIT wont remove it as dead code
System.identityHashCode(rangerPolicyEngine.evaluatePolicies(requests.get(iterations % concurrency), RangerPolicy.POLICY_TYPE_ACCESS, null));
PerfDataRecorder.clearStatistics();
}
final CountDownLatch latch = new CountDownLatch(concurrency);
for (int i = 0; i < concurrency; i++) {
final RangerAccessRequest rangerAccessRequest = requests.get(i);
new Thread(new Runnable() {
@Override
public void run() {
System.identityHashCode(rangerPolicyEngine.evaluatePolicies(rangerAccessRequest, RangerPolicy.POLICY_TYPE_ACCESS, null));
latch.countDown();
}
}, String.format("Client #%s", i)).start();
}
latch.await();
}
Aggregations