Examples with RangerPolicyEngineImpl org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl used on opensource projects

Example 1 with RangerPolicyEngineImpl

use of org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl in project ranger by apache.

the class RangerPolicyEnginePerformanceTest method policyEngineTest.

@Test
public void policyEngineTest() throws InterruptedException {
    List<RangerAccessRequest> requests = requestsCache.getUnchecked(concurrency);
    ServicePolicies servicePolicies = servicePoliciesCache.getUnchecked(numberOfPolicies);
    final RangerPolicyEngineImpl rangerPolicyEngine = new RangerPolicyEngineImpl("perf-test", servicePolicies, RangerPolicyFactory.createPolicyEngineOption());
    rangerPolicyEngine.preProcess(requests);
    for (int iterations = 0; iterations < WARM_UP__ITERATIONS; iterations++) {
        // using return value of 'isAccessAllowed' with a cheap operation: System#identityHashCode so JIT wont remove it as dead code
        System.identityHashCode(rangerPolicyEngine.evaluatePolicies(requests.get(iterations % concurrency), RangerPolicy.POLICY_TYPE_ACCESS, null));
        PerfDataRecorder.clearStatistics();
    }
    final CountDownLatch latch = new CountDownLatch(concurrency);
    for (int i = 0; i < concurrency; i++) {
        final RangerAccessRequest rangerAccessRequest = requests.get(i);
        new Thread(new Runnable() {

            @Override
            public void run() {
                System.identityHashCode(rangerPolicyEngine.evaluatePolicies(rangerAccessRequest, RangerPolicy.POLICY_TYPE_ACCESS, null));
                latch.countDown();
            }
        }, String.format("Client #%s", i)).start();
    }
    latch.await();
}

Example 2 with RangerPolicyEngineImpl

use of org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl in project ranger by apache.

the class ServiceREST method getPolicyEngine.

private RangerPolicyEngine getPolicyEngine(String serviceName) throws Exception {
    ServicePolicies policies = svcStore.getServicePoliciesIfUpdated(serviceName, -1L);
    RangerPolicyEngine ret = new RangerPolicyEngineImpl("ranger-admin", policies, defaultAdminOptions);
    return ret;
}

Example 3 with RangerPolicyEngineImpl

use of org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl in project ranger by apache.

the class TestPolicyEngine method runTests.

private void runTests(InputStreamReader reader, String testName) {
    try {
        PolicyEngineTestCase testCase = gsonBuilder.fromJson(reader, PolicyEngineTestCase.class);
        assertTrue("invalid input: " + testName, testCase != null && testCase.serviceDef != null && testCase.policies != null && testCase.tests != null);
        ServicePolicies servicePolicies = new ServicePolicies();
        servicePolicies.setServiceName(testCase.serviceName);
        servicePolicies.setServiceDef(testCase.serviceDef);
        servicePolicies.setPolicies(testCase.policies);
        RangerPolicyEngineOptions policyEngineOptions = new RangerPolicyEngineOptions();
        RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl(testName, servicePolicies, policyEngineOptions);
        RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler();
        for (TestData test : testCase.tests) {
            RangerAccessResult expected = test.result;
            RangerAccessRequest request = test.request;
            policyEngine.preProcess(request);
            RangerAccessResult result = policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_ACCESS, auditHandler);
            assertNotNull("result was null! - " + test.name, result);
            assertEquals("isAllowed mismatched! - " + test.name, expected.getIsAllowed(), result.getIsAllowed());
            assertEquals("isAudited mismatched! - " + test.name, expected.getIsAudited(), result.getIsAudited());
            assertEquals("policyId mismatched! - " + test.name, expected.getPolicyId(), result.getPolicyId());
        }
    } catch (Throwable excp) {
        excp.printStackTrace();
    }
}

Example 4 with RangerPolicyEngineImpl

use of org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl in project ranger by apache.

the class RangerBasePlugin method setPolicies.

public void setPolicies(ServicePolicies policies) {
    // guard against catastrophic failure during policy engine Initialization or
    try {
        RangerPolicyEngine oldPolicyEngine = this.policyEngine;
        if (policies == null) {
            policies = getDefaultSvcPolicies();
        }
        if (policies == null) {
            this.policyEngine = null;
        } else {
            RangerPolicyEngine policyEngine = new RangerPolicyEngineImpl(appId, policies, policyEngineOptions);
            policyEngine.setUseForwardedIPAddress(useForwardedIPAddress);
            policyEngine.setTrustedProxyAddresses(trustedProxyAddresses);
            this.policyEngine = policyEngine;
        }
        if (oldPolicyEngine != null && !oldPolicyEngine.preCleanup()) {
            LOG.error("preCleanup() failed on the previous policy engine instance !!");
        }
    } catch (Exception e) {
        LOG.error("setPolicies: policy engine initialization failed!  Leaving current policy engine as-is. Exception : ", e);
    }
}