Examples with RangerAccessResultProcessor org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor used on opensource projects

Search in sources :

Example 1 with RangerAccessResultProcessor

use of org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor in project ranger by apache.

the class RangerHBasePlugin method grant.

@Override
public void grant(RpcController controller, AccessControlProtos.GrantRequest request, RpcCallback<AccessControlProtos.GrantResponse> done) {
    boolean isSuccess = false;
    if (UpdateRangerPoliciesOnGrantRevoke) {
        GrantRevokeRequest grData = null;
        try {
            grData = createGrantData(request);
            RangerHBasePlugin plugin = hbasePlugin;
            if (plugin != null) {
                String clusterName = plugin.getClusterName();
                grData.setClusterName(clusterName);
                RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler();
                plugin.grantAccess(grData, auditHandler);
                isSuccess = true;
            }
        } catch (AccessControlException excp) {
            LOG.warn("grant() failed", excp);
            ResponseConverter.setControllerException(controller, new AccessDeniedException(excp));
        } catch (IOException excp) {
            LOG.warn("grant() failed", excp);
            ResponseConverter.setControllerException(controller, excp);
        } catch (Exception excp) {
            LOG.warn("grant() failed", excp);
            ResponseConverter.setControllerException(controller, new CoprocessorException(excp.getMessage()));
        }
    }
    AccessControlProtos.GrantResponse response = isSuccess ? AccessControlProtos.GrantResponse.getDefaultInstance() : null;
    done.run(response);
}
Also used : AccessDeniedException(org.apache.hadoop.hbase.security.AccessDeniedException) AccessControlException(org.apache.hadoop.security.AccessControlException) IOException(java.io.IOException) AccessDeniedException(org.apache.hadoop.hbase.security.AccessDeniedException) CoprocessorException(org.apache.hadoop.hbase.coprocessor.CoprocessorException) IOException(java.io.IOException) AccessControlException(org.apache.hadoop.security.AccessControlException) RangerAccessResultProcessor(org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor) AccessControlProtos(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos) RangerDefaultAuditHandler(org.apache.ranger.plugin.audit.RangerDefaultAuditHandler) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest) CoprocessorException(org.apache.hadoop.hbase.coprocessor.CoprocessorException)

Example 2 with RangerAccessResultProcessor

use of org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor in project ranger by apache.

the class RangerHBasePlugin method revoke.

@Override
public void revoke(RpcController controller, AccessControlProtos.RevokeRequest request, RpcCallback<AccessControlProtos.RevokeResponse> done) {
    boolean isSuccess = false;
    if (UpdateRangerPoliciesOnGrantRevoke) {
        GrantRevokeRequest grData = null;
        try {
            grData = createRevokeData(request);
            RangerHBasePlugin plugin = hbasePlugin;
            if (plugin != null) {
                String clusterName = plugin.getClusterName();
                grData.setClusterName(clusterName);
                RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler();
                plugin.revokeAccess(grData, auditHandler);
                isSuccess = true;
            }
        } catch (AccessControlException excp) {
            LOG.warn("revoke() failed", excp);
            ResponseConverter.setControllerException(controller, new AccessDeniedException(excp));
        } catch (IOException excp) {
            LOG.warn("revoke() failed", excp);
            ResponseConverter.setControllerException(controller, excp);
        } catch (Exception excp) {
            LOG.warn("revoke() failed", excp);
            ResponseConverter.setControllerException(controller, new CoprocessorException(excp.getMessage()));
        }
    }
    AccessControlProtos.RevokeResponse response = isSuccess ? AccessControlProtos.RevokeResponse.getDefaultInstance() : null;
    done.run(response);
}
Also used : AccessDeniedException(org.apache.hadoop.hbase.security.AccessDeniedException) AccessControlException(org.apache.hadoop.security.AccessControlException) IOException(java.io.IOException) AccessDeniedException(org.apache.hadoop.hbase.security.AccessDeniedException) CoprocessorException(org.apache.hadoop.hbase.coprocessor.CoprocessorException) IOException(java.io.IOException) AccessControlException(org.apache.hadoop.security.AccessControlException) RangerAccessResultProcessor(org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor) AccessControlProtos(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos) RangerDefaultAuditHandler(org.apache.ranger.plugin.audit.RangerDefaultAuditHandler) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest) CoprocessorException(org.apache.hadoop.hbase.coprocessor.CoprocessorException)

Example 3 with RangerAccessResultProcessor

use of org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor in project ranger by apache.

the class TestPolicyEngine method runTests.

private void runTests(InputStreamReader reader, String testName) {
    try {
        PolicyEngineTestCase testCase = gsonBuilder.fromJson(reader, PolicyEngineTestCase.class);
        assertTrue("invalid input: " + testName, testCase != null && testCase.serviceDef != null && testCase.policies != null && testCase.tests != null);
        ServicePolicies servicePolicies = new ServicePolicies();
        servicePolicies.setServiceName(testCase.serviceName);
        servicePolicies.setServiceDef(testCase.serviceDef);
        servicePolicies.setPolicies(testCase.policies);
        RangerPolicyEngineOptions policyEngineOptions = new RangerPolicyEngineOptions();
        RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl(testName, servicePolicies, policyEngineOptions);
        RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler();
        for (TestData test : testCase.tests) {
            RangerAccessResult expected = test.result;
            RangerAccessRequest request = test.request;
            policyEngine.preProcess(request);
            RangerAccessResult result = policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_ACCESS, auditHandler);
            assertNotNull("result was null! - " + test.name, result);
            assertEquals("isAllowed mismatched! - " + test.name, expected.getIsAllowed(), result.getIsAllowed());
            assertEquals("isAudited mismatched! - " + test.name, expected.getIsAudited(), result.getIsAudited());
            assertEquals("policyId mismatched! - " + test.name, expected.getPolicyId(), result.getPolicyId());
        }
    } catch (Throwable excp) {
        excp.printStackTrace();
    }
}
Also used : RangerPolicyEngineImpl(org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl) RangerAccessResultProcessor(org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor) ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) TestData(org.apache.ranger.authorization.hbase.TestPolicyEngine.PolicyEngineTestCase.TestData) RangerAccessResult(org.apache.ranger.plugin.policyengine.RangerAccessResult) RangerPolicyEngine(org.apache.ranger.plugin.policyengine.RangerPolicyEngine) RangerDefaultAuditHandler(org.apache.ranger.plugin.audit.RangerDefaultAuditHandler) RangerAccessRequest(org.apache.ranger.plugin.policyengine.RangerAccessRequest) RangerPolicyEngineOptions(org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions)

Aggregations

RangerDefaultAuditHandler (org.apache.ranger.plugin.audit.RangerDefaultAuditHandler)3 RangerAccessResultProcessor (org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor)3 IOException (java.io.IOException)2 CoprocessorException (org.apache.hadoop.hbase.coprocessor.CoprocessorException)2 AccessControlProtos (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos)2 AccessDeniedException (org.apache.hadoop.hbase.security.AccessDeniedException)2 AccessControlException (org.apache.hadoop.security.AccessControlException)2 GrantRevokeRequest (org.apache.ranger.plugin.util.GrantRevokeRequest)2 TestData (org.apache.ranger.authorization.hbase.TestPolicyEngine.PolicyEngineTestCase.TestData)1 RangerAccessRequest (org.apache.ranger.plugin.policyengine.RangerAccessRequest)1 RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)1 RangerPolicyEngine (org.apache.ranger.plugin.policyengine.RangerPolicyEngine)1 RangerPolicyEngineImpl (org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl)1 RangerPolicyEngineOptions (org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions)1 ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial