Examples with RangerAccessRequestImpl org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl used on opensource projects

Search in sources :

Example 11 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project nifi by apache.

the class TestRangerNiFiAuthorizer method testApprovedWithNonDirectAccess.

@Test
public void testApprovedWithNonDirectAccess() {
    final String systemResource = "/system";
    final RequestAction action = RequestAction.WRITE;
    final String user = "admin";
    // the incoming NiFi request to test
    final AuthorizationRequest request = new AuthorizationRequest.Builder().resource(new MockResource(systemResource, systemResource)).action(action).identity(user).resourceContext(new HashMap<>()).accessAttempt(false).anonymous(false).build();
    // the expected Ranger resource and request that are created
    final RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
    resource.setValue(RangerNiFiAuthorizer.RANGER_NIFI_RESOURCE_NAME, systemResource);
    final RangerAccessRequestImpl expectedRangerRequest = new RangerAccessRequestImpl();
    expectedRangerRequest.setResource(resource);
    expectedRangerRequest.setAction(request.getAction().name());
    expectedRangerRequest.setAccessType(request.getAction().name());
    expectedRangerRequest.setUser(request.getIdentity());
    // no result processor should be provided used non-direct access
    when(rangerBasePlugin.isAccessAllowed(argThat(new RangerAccessRequestMatcher(expectedRangerRequest)))).thenReturn(allowedResult);
    final AuthorizationResult result = authorizer.authorize(request);
    assertEquals(AuthorizationResult.approved().getResult(), result.getResult());
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl) RequestAction(org.apache.nifi.authorization.RequestAction) HashMap(java.util.HashMap) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult) Test(org.junit.Test)

Example 12 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project ranger by apache.

the class RangerPolicyFactory method mutate.

private static RangerAccessRequest mutate(RangerAccessRequest template, boolean shouldEvaluateToTrue) {
    RangerAccessRequestImpl accessRequest = (RangerAccessRequestImpl) template;
    accessRequest.setResource(new RangerAccessResourceImpl(createResourceElements(shouldEvaluateToTrue)));
    accessRequest.setAccessType(pickOneRandomly(ALWAYS_ALLOWED_ACCESS_TYPES));
    accessRequest.setRequestData(null);
    accessRequest.setUser(pickOneRandomly(KNOWN_USERS));
    return accessRequest;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)

Example 13 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project ranger by apache.

the class RangerPolicyFactory method createAccessRequests.

/**
 * Generates and returns a list of {@link RangerAccessRequest requests}
 * @param nubmerOfRequests the number of requests to generate.
 * @return
 */
public static List<RangerAccessRequest> createAccessRequests(int nubmerOfRequests) {
    List<RangerAccessRequest> result = Lists.newArrayList();
    Gson gson = buildGson();
    String template = readResourceFile("/testdata/single-request-template.json");
    for (int i = 0; i < nubmerOfRequests; i++) {
        RangerAccessRequestImpl accessRequest = gson.fromJson(template, RangerAccessRequestImpl.class);
        result.add(mutate(accessRequest, isAllowed()));
    }
    return result;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) Gson(com.google.gson.Gson) RangerAccessRequest(org.apache.ranger.plugin.policyengine.RangerAccessRequest)

Example 14 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project ranger by apache.

the class RangerAtlasAuthorizer method isAccessAllowed.

@Override
public boolean isAccessAllowed(AtlasEntityAccessRequest request) throws AtlasAuthorizationException {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> isAccessAllowed(" + request + ")");
    }
    boolean ret = false;
    RangerPerfTracer perf = null;
    RangerAtlasAuditHandler auditHandler = new RangerAtlasAuditHandler(request, getServiceDef());
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "RangerAtlasAuthorizer.isAccessAllowed(" + request + ")");
        }
        final String action = request.getAction() != null ? request.getAction().getType() : null;
        final Set<String> entityTypes = request.getEntityTypeAndAllSuperTypes();
        final String entityId = request.getEntityId();
        final String classification = request.getClassification() != null ? request.getClassification().getTypeName() : null;
        RangerAccessRequestImpl rangerRequest = new RangerAccessRequestImpl();
        rangerRequest.setAccessType(action);
        rangerRequest.setAction(action);
        rangerRequest.setUser(request.getUser());
        rangerRequest.setUserGroups(request.getUserGroups());
        rangerRequest.setClientIPAddress(request.getClientIPAddress());
        rangerRequest.setAccessTime(request.getAccessTime());
        rangerRequest.setClusterName(getClusterName());
        final Set<String> classificationsToAuthorize;
        if (classification != null) {
            if (request.getEntityClassifications() == null) {
                classificationsToAuthorize = Collections.singleton(classification);
            } else {
                classificationsToAuthorize = new HashSet<>(request.getEntityClassifications());
                classificationsToAuthorize.add(classification);
            }
        } else {
            classificationsToAuthorize = request.getEntityClassifications();
        }
        if (CollectionUtils.isNotEmpty(classificationsToAuthorize)) {
            // check authorization for each classification
            for (String classificationToAuthorize : classificationsToAuthorize) {
                RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
                rangerResource.setValue(RESOURCE_ENTITY_TYPE, entityTypes);
                rangerResource.setValue(RESOURCE_ENTITY_CLASSIFICATION, request.getClassificationTypeAndAllSuperTypes(classificationToAuthorize));
                rangerResource.setValue(RESOURCE_ENTITY_ID, entityId);
                rangerRequest.setResource(rangerResource);
                ret = checkAccess(rangerRequest, auditHandler);
                if (!ret) {
                    break;
                }
            }
        } else {
            // no classifications to authorize
            RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
            rangerResource.setValue(RESOURCE_ENTITY_TYPE, entityTypes);
            rangerResource.setValue(RESOURCE_ENTITY_CLASSIFICATION, Collections.<String>emptySet());
            rangerResource.setValue(RESOURCE_ENTITY_ID, entityId);
            rangerRequest.setResource(rangerResource);
            ret = checkAccess(rangerRequest, auditHandler);
        }
    } finally {
        auditHandler.flushAudit();
        RangerPerfTracer.log(perf);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== isAccessAllowed(" + request + "): " + ret);
    }
    return ret;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)

Example 15 with RangerAccessRequestImpl

use of org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl in project ranger by apache.

the class RangerAtlasAuthorizer method isAccessAllowed.

@Override
public boolean isAccessAllowed(AtlasTypeAccessRequest request) throws AtlasAuthorizationException {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> isAccessAllowed(" + request + ")");
    }
    final boolean ret;
    RangerPerfTracer perf = null;
    try {
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "RangerAtlasAuthorizer.isAccessAllowed(" + request + ")");
        }
        final String typeName = request.getTypeDef() != null ? request.getTypeDef().getName() : null;
        final String typeCategory = request.getTypeDef() != null && request.getTypeDef().getCategory() != null ? request.getTypeDef().getCategory().name() : null;
        final String action = request.getAction() != null ? request.getAction().getType() : null;
        RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
        rangerResource.setValue(RESOURCE_TYPE_NAME, typeName);
        rangerResource.setValue(RESOURCE_TYPE_CATEGORY, typeCategory);
        RangerAccessRequestImpl rangerRequest = new RangerAccessRequestImpl(rangerResource, action, request.getUser(), request.getUserGroups());
        rangerRequest.setClientIPAddress(request.getClientIPAddress());
        rangerRequest.setAccessTime(request.getAccessTime());
        rangerRequest.setClusterName(getClusterName());
        rangerRequest.setAction(action);
        ret = checkAccess(rangerRequest);
    } finally {
        RangerPerfTracer.log(perf);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== isAccessAllowed(" + request + "): " + ret);
    }
    return ret;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)

Aggregations

RangerAccessRequestImpl (org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl)19 RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)16 HashMap (java.util.HashMap)5 AuthorizationRequest (org.apache.nifi.authorization.AuthorizationRequest)5 AuthorizationResult (org.apache.nifi.authorization.AuthorizationResult)5 RequestAction (org.apache.nifi.authorization.RequestAction)5 RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)4 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)4 Test (org.junit.Test)4 Date (java.util.Date)2 RangerAccessRequest (org.apache.ranger.plugin.policyengine.RangerAccessRequest)2 Gson (com.google.gson.Gson)1 MockPropertyValue (org.apache.nifi.util.MockPropertyValue)1 RangerAccessResultProcessor (org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial