Example 6 with RangerDefaultPolicyResourceMatcher
use of org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher in project ranger by apache.
the class TestDefaultPolicyResourceMatcherForPolicy method runTest.
private void runTest(DefaultPolicyResourceMatcherTestCases.TestCase testCase, RangerServiceDef serviceDef) throws Exception {
assertTrue("invalid input: ", testCase != null && testCase.tests != null);
RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher();
matcher.setServiceDef(serviceDef);
matcher.setPolicyResources(testCase.policyResources);
matcher.init();
for (DefaultPolicyResourceMatcherTestCases.TestCase.OneTest oneTest : testCase.tests) {
if (oneTest == null) {
continue;
}
boolean expected = oneTest.result;
RangerPolicyResourceMatcher.MatchScope scope;
if (StringUtils.equalsIgnoreCase(oneTest.type, "selfOrDescendantMatch")) {
scope = RangerPolicyResourceMatcher.MatchScope.SELF_OR_DESCENDANT;
} else if (StringUtils.equalsIgnoreCase(oneTest.type, "descendantMatch")) {
scope = RangerPolicyResourceMatcher.MatchScope.DESCENDANT;
} else if (StringUtils.equalsIgnoreCase(oneTest.type, "exactMatch")) {
scope = RangerPolicyResourceMatcher.MatchScope.SELF;
} else if (StringUtils.equalsIgnoreCase(oneTest.type, "selfOrAncestorMatch")) {
scope = RangerPolicyResourceMatcher.MatchScope.SELF_OR_ANCESTOR;
} else if (StringUtils.equalsIgnoreCase(oneTest.type, "ancestorMatch")) {
scope = RangerPolicyResourceMatcher.MatchScope.ANCESTOR;
} else if (StringUtils.equalsIgnoreCase(oneTest.type, "anyMatch")) {
scope = RangerPolicyResourceMatcher.MatchScope.ANY;
} else {
continue;
}
boolean result = matcher.isMatch(oneTest.policy, scope, oneTest.evalContext);
assertEquals("match failed! " + ":" + testCase.name + ":" + oneTest.name + ":" + oneTest.type + ": policy=" + oneTest.policy, expected, result);
}
}
Also used :
RangerPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher)
RangerDefaultPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher)
Example 7 with RangerDefaultPolicyResourceMatcher
use of org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher in project ranger by apache.
the class RangerHiveResourcesAccessedTogetherCondition method buildMatcher.
private RangerPolicyResourceMatcher buildMatcher(String policyResourceSpec) {
RangerPolicyResourceMatcher matcher = null;
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerHiveResourcesAccessedTogetherCondition.buildMatcher(" + policyResourceSpec + ")");
}
// Works only for Hive serviceDef for now
if (serviceDef != null && EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HIVE_NAME.equals(serviceDef.getName())) {
// Parse policyResourceSpec
char separator = '.';
String any = "*";
Map<String, RangerPolicy.RangerPolicyResource> policyResources = new HashMap<>();
String[] elements = StringUtils.split(policyResourceSpec, separator);
RangerPolicy.RangerPolicyResource policyResource;
if (elements.length > 0 && elements.length < 4) {
if (elements.length == 3) {
policyResource = new RangerPolicy.RangerPolicyResource(elements[2]);
} else {
policyResource = new RangerPolicy.RangerPolicyResource(any);
}
policyResources.put("column", policyResource);
if (elements.length >= 2) {
policyResource = new RangerPolicy.RangerPolicyResource(elements[1]);
} else {
policyResource = new RangerPolicy.RangerPolicyResource(any);
}
policyResources.put("table", policyResource);
policyResource = new RangerPolicy.RangerPolicyResource(elements[0]);
policyResources.put("database", policyResource);
matcher = new RangerDefaultPolicyResourceMatcher();
matcher.setPolicyResources(policyResources);
matcher.setServiceDef(serviceDef);
matcher.init();
} else {
LOG.error("RangerHiveResourcesAccessedTogetherCondition.buildMatcher() - Incorrect elements in the hierarchy specified (" + elements.length + ")");
}
} else {
LOG.error("RangerHiveResourcesAccessedTogetherCondition.buildMatcher() - ServiceDef not set or ServiceDef is not for Hive");
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerHiveResourcesAccessedTogetherCondition.buildMatcher(" + policyResourceSpec + ")" + ", matcher=" + matcher);
}
return matcher;
}
Also used :
RangerPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
HashMap(java.util.HashMap)
RangerDefaultPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher)
Aggregations
RangerDefaultPolicyResourceMatcher (org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher)7
RangerPolicyResourceMatcher (org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher)5
HashMap (java.util.HashMap)4
ArrayList (java.util.ArrayList)2
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)2
RangerServiceDefHelper (org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)2
HashSet (java.util.HashSet)1
LinkedHashMap (java.util.LinkedHashMap)1
List (java.util.List)1
Map (java.util.Map)1
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)1
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)1
RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)1
RangerServiceResource (org.apache.ranger.plugin.model.RangerServiceResource)1
RangerTag (org.apache.ranger.plugin.model.RangerTag)1
PList (org.apache.ranger.plugin.store.PList)1
RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)1
RangerResourceTrie (org.apache.ranger.plugin.util.RangerResourceTrie)1
RangerExportPolicyList (org.apache.ranger.view.RangerExportPolicyList)1
RangerPolicyList (org.apache.ranger.view.RangerPolicyList)1
