Examples with GrantRevokeRequest org.apache.ranger.plugin.util.GrantRevokeRequest used on opensource projects

Search in sources :

Example 1 with GrantRevokeRequest

use of org.apache.ranger.plugin.util.GrantRevokeRequest in project ranger by apache.

the class AssetREST method grantPermission.

@POST
@Path("/resources/grant")
@Produces({ "application/xml", "application/json" })
public VXPolicy grantPermission(@Context HttpServletRequest request, VXPolicy vXPolicy) {
    RESTResponse ret = null;
    if (logger.isDebugEnabled()) {
        logger.debug("==> AssetREST.grantPermission(" + vXPolicy + ")");
    }
    if (vXPolicy != null) {
        String serviceName = vXPolicy.getRepositoryName();
        GrantRevokeRequest grantRevokeRequest = serviceUtil.toGrantRevokeRequest(vXPolicy);
        try {
            ret = serviceREST.grantAccess(serviceName, grantRevokeRequest, request);
        } catch (WebApplicationException excp) {
            throw excp;
        } catch (Throwable e) {
            logger.error(HttpServletResponse.SC_BAD_REQUEST + "Grant Access Failed for the request " + vXPolicy, e);
            throw restErrorUtil.createRESTException("Grant Access Failed for the request: " + vXPolicy + ". " + e.getMessage());
        }
    } else {
        logger.error(HttpServletResponse.SC_BAD_REQUEST + "Bad Request parameter");
        throw restErrorUtil.createRESTException("Bad Request parameter");
    }
    if (logger.isDebugEnabled()) {
        logger.debug("<== AssetREST.grantPermission(" + ret + ")");
    }
    // TO DO Current Grant REST doesn't return a policy so returning a null value. Has to be replace with VXpolicy.
    return vXPolicy;
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces)

Example 2 with GrantRevokeRequest

use of org.apache.ranger.plugin.util.GrantRevokeRequest in project ranger by apache.

the class ServiceUtil method toGrantRevokeRequest.

public GrantRevokeRequest toGrantRevokeRequest(VXPolicy vXPolicy) {
    String serviceType = null;
    RangerService service = null;
    GrantRevokeRequest ret = new GrantRevokeRequest();
    if (vXPolicy != null) {
        String serviceName = vXPolicy.getRepositoryName();
        try {
            service = svcStore.getServiceByName(serviceName);
        } catch (Exception e) {
            LOG.error(HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName:" + serviceName);
            throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, e.getMessage() + serviceName, true);
        }
        if (service != null) {
            serviceType = service.getType();
        } else {
            LOG.error(HttpServletResponse.SC_BAD_REQUEST + "No Service Found for ServiceName" + serviceName);
            throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, "No Service Found for ServiceName" + serviceName, true);
        }
        if (vXPolicy.getGrantor() != null) {
            ret.setGrantor(vXPolicy.getGrantor());
        }
        ret.setEnableAudit(Boolean.TRUE);
        ret.setIsRecursive(Boolean.FALSE);
        ret.setReplaceExistingPermissions(toBooleanReplacePerm(vXPolicy.isReplacePerm()));
        Integer assetType = toAssetType(serviceType);
        if (assetType == RangerCommonEnums.ASSET_HIVE) {
            String database = StringUtils.isEmpty(vXPolicy.getDatabases()) ? "*" : vXPolicy.getDatabases();
            String table = getTableOrUdf(vXPolicy);
            String column = StringUtils.isEmpty(vXPolicy.getColumns()) ? "*" : vXPolicy.getColumns();
            Map<String, String> mapResource = new HashMap<String, String>();
            mapResource.put("database", database);
            mapResource.put("table", table);
            mapResource.put("column", column);
            ret.setResource(mapResource);
        } else if (assetType == RangerCommonEnums.ASSET_HBASE) {
            String tableName = vXPolicy.getTables();
            tableName = StringUtil.isEmpty(tableName) ? "*" : tableName;
            String colFamily = vXPolicy.getColumnFamilies();
            colFamily = StringUtil.isEmpty(colFamily) ? "*" : colFamily;
            String qualifier = vXPolicy.getColumns();
            qualifier = StringUtil.isEmpty(qualifier) ? "*" : qualifier;
            Map<String, String> mapResource = new HashMap<String, String>();
            mapResource.put("table", tableName);
            mapResource.put("column-family", colFamily);
            mapResource.put("column", qualifier);
            ret.setResource(mapResource);
        }
        List<VXPermObj> vXPermObjList = vXPolicy.getPermMapList();
        if (vXPermObjList != null) {
            for (VXPermObj vXPermObj : vXPermObjList) {
                boolean delegatedAdmin = false;
                if (vXPermObj.getUserList() != null) {
                    for (String user : vXPermObj.getUserList()) {
                        if (user.contains(getUserName(user))) {
                            ret.getUsers().add(user);
                        }
                    }
                }
                if (vXPermObj.getGroupList() != null) {
                    for (String group : vXPermObj.getGroupList()) {
                        if (group.contains(getGroupName(group))) {
                            ret.getGroups().add(group);
                        }
                    }
                }
                if (vXPermObj.getPermList() != null) {
                    for (String perm : vXPermObj.getPermList()) {
                        if (AppConstants.getEnumFor_XAPermType(perm) != 0) {
                            if ("Admin".equalsIgnoreCase(perm)) {
                                delegatedAdmin = true;
                                if (assetType != null && assetType.intValue() != RangerCommonEnums.ASSET_HBASE) {
                                    continue;
                                }
                            }
                            ret.getAccessTypes().add(perm);
                        }
                    }
                }
                if (delegatedAdmin) {
                    ret.setDelegateAdmin(Boolean.TRUE);
                } else {
                    ret.setDelegateAdmin(Boolean.FALSE);
                }
            }
        }
    }
    return ret;
}
Also used : HashMap(java.util.HashMap) RangerService(org.apache.ranger.plugin.model.RangerService) VXPermObj(org.apache.ranger.view.VXPermObj) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest) VXAuditMap(org.apache.ranger.view.VXAuditMap) VXPermMap(org.apache.ranger.view.VXPermMap) HashMap(java.util.HashMap) Map(java.util.Map) RangerServiceNotFoundException(org.apache.ranger.plugin.util.RangerServiceNotFoundException) InvalidNameException(javax.naming.InvalidNameException) WebApplicationException(javax.ws.rs.WebApplicationException)

Example 3 with GrantRevokeRequest

use of org.apache.ranger.plugin.util.GrantRevokeRequest in project ranger by apache.

the class TestAssetREST method testRevokePermissionWebApplicationException.

@Test
public void testRevokePermissionWebApplicationException() {
    RangerPolicy policy = rangerPolicy(Id);
    RangerService service = rangerService(Id);
    VXPolicy vXPolicy = vXPolicy(policy, service);
    GrantRevokeRequest grantRequestObj = new GrantRevokeRequest();
    grantRequestObj.setAccessTypes(null);
    grantRequestObj.setDelegateAdmin(true);
    grantRequestObj.setEnableAudit(true);
    grantRequestObj.setGrantor("read");
    grantRequestObj.setIsRecursive(true);
    WebApplicationException webApplicationException = new WebApplicationException();
    Mockito.when(serviceUtil.toGrantRevokeRequest(vXPolicy)).thenReturn(grantRequestObj);
    try {
        Mockito.when(serviceREST.revokeAccess(vXPolicy.getRepositoryName(), grantRequestObj, request)).thenThrow(webApplicationException);
    } catch (Exception e) {
        fail("test failed due to: " + e.getMessage());
    }
    try {
        assetREST.revokePermission(request, vXPolicy);
        fail("Exception not thrown");
    } catch (WebApplicationException e) {
        Assert.assertTrue(true);
    }
    Mockito.verify(serviceUtil).toGrantRevokeRequest(vXPolicy);
    try {
        Mockito.verify(serviceREST).revokeAccess(vXPolicy.getRepositoryName(), grantRequestObj, request);
    } catch (Exception e) {
        fail("test failed due to: " + e.getMessage());
    }
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) WebApplicationException(javax.ws.rs.WebApplicationException) VXPolicy(org.apache.ranger.view.VXPolicy) RangerService(org.apache.ranger.plugin.model.RangerService) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest) WebApplicationException(javax.ws.rs.WebApplicationException) Test(org.junit.Test)

Example 4 with GrantRevokeRequest

use of org.apache.ranger.plugin.util.GrantRevokeRequest in project ranger by apache.

the class TestAssetREST method testGrantPermissionWebApplicationException.

@Test
public void testGrantPermissionWebApplicationException() {
    RangerPolicy policy = rangerPolicy(Id);
    RangerService service = rangerService(Id);
    VXPolicy vXPolicy = vXPolicy(policy, service);
    GrantRevokeRequest grantRequestObj = new GrantRevokeRequest();
    grantRequestObj.setAccessTypes(null);
    grantRequestObj.setDelegateAdmin(true);
    grantRequestObj.setEnableAudit(true);
    grantRequestObj.setGrantor("read");
    grantRequestObj.setIsRecursive(true);
    WebApplicationException webApplicationException = new WebApplicationException();
    Mockito.when(serviceUtil.toGrantRevokeRequest(vXPolicy)).thenReturn(grantRequestObj);
    try {
        Mockito.when(serviceREST.grantAccess(vXPolicy.getRepositoryName(), grantRequestObj, request)).thenThrow(webApplicationException);
    } catch (Exception e) {
        fail("test failed due to: " + e.getMessage());
    }
    try {
        assetREST.grantPermission(request, vXPolicy);
        fail("Exception not thrown");
    } catch (WebApplicationException e) {
        Assert.assertTrue(true);
    }
    Mockito.verify(serviceUtil).toGrantRevokeRequest(vXPolicy);
    try {
        Mockito.verify(serviceREST).grantAccess(vXPolicy.getRepositoryName(), grantRequestObj, request);
    } catch (Exception e) {
        fail("test failed due to: " + e.getMessage());
    }
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) WebApplicationException(javax.ws.rs.WebApplicationException) VXPolicy(org.apache.ranger.view.VXPolicy) RangerService(org.apache.ranger.plugin.model.RangerService) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest) WebApplicationException(javax.ws.rs.WebApplicationException) Test(org.junit.Test)

Example 5 with GrantRevokeRequest

use of org.apache.ranger.plugin.util.GrantRevokeRequest in project ranger by apache.

the class TestServiceREST method test43revoke.

@Test
public void test43revoke() {
    RangerPolicy existingPolicy = rangerPolicy();
    List<RangerPolicyItem> policyItem = new ArrayList<RangerPolicyItem>();
    existingPolicy.setPolicyItems(policyItem);
    Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
    RangerPolicyResource rangerPolicyResource = new RangerPolicyResource("/tmp");
    rangerPolicyResource.setIsExcludes(true);
    rangerPolicyResource.setIsRecursive(true);
    policyResources.put("path", rangerPolicyResource);
    existingPolicy.setResources(policyResources);
    RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
    rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("read", true));
    rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("write", true));
    rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
    rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("lock", true));
    rangerPolicyItem.getGroups().add("group1");
    rangerPolicyItem.getGroups().add("group2");
    rangerPolicyItem.getUsers().add("user1");
    rangerPolicyItem.getUsers().add("user2");
    rangerPolicyItem.setDelegateAdmin(true);
    existingPolicy.getPolicyItems().add(rangerPolicyItem);
    rangerPolicyItem = new RangerPolicyItem();
    rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("read", true));
    rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("write", true));
    rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
    rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("lock", true));
    rangerPolicyItem.getGroups().add("group3");
    rangerPolicyItem.getUsers().add("user3");
    rangerPolicyItem.setDelegateAdmin(true);
    existingPolicy.getPolicyItems().add(rangerPolicyItem);
    rangerPolicyItem = new RangerPolicyItem();
    rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
    rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("lock", true));
    rangerPolicyItem.getGroups().add("group1");
    rangerPolicyItem.getGroups().add("group2");
    rangerPolicyItem.getUsers().add("user1");
    rangerPolicyItem.getUsers().add("user2");
    rangerPolicyItem.setDelegateAdmin(false);
    existingPolicy.getAllowExceptions().add(rangerPolicyItem);
    rangerPolicyItem = new RangerPolicyItem();
    rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("delete", true));
    rangerPolicyItem.getGroups().add("group2");
    rangerPolicyItem.getUsers().add("user2");
    rangerPolicyItem.setDelegateAdmin(false);
    existingPolicy.getDenyPolicyItems().add(rangerPolicyItem);
    rangerPolicyItem = new RangerPolicyItem();
    rangerPolicyItem.getAccesses().add(new RangerPolicyItemAccess("index", true));
    rangerPolicyItem.getGroups().add("public");
    rangerPolicyItem.getUsers().add("user");
    rangerPolicyItem.setDelegateAdmin(false);
    existingPolicy.getDenyPolicyItems().add(rangerPolicyItem);
    GrantRevokeRequest revokeRequestObj = new GrantRevokeRequest();
    Map<String, String> resource = new HashMap<String, String>();
    resource.put("path", "/tmp");
    revokeRequestObj.setResource(resource);
    revokeRequestObj.getUsers().add("user1");
    revokeRequestObj.getGroups().add("group1");
    revokeRequestObj.getAccessTypes().add("delete");
    revokeRequestObj.getAccessTypes().add("index");
    revokeRequestObj.setDelegateAdmin(true);
    revokeRequestObj.setEnableAudit(true);
    revokeRequestObj.setIsRecursive(true);
    revokeRequestObj.setGrantor("test43Revoke");
    String existingPolicyStr = existingPolicy.toString();
    System.out.println("existingPolicy=" + existingPolicyStr);
    ServiceRESTUtil.processRevokeRequest(existingPolicy, revokeRequestObj);
    String resultPolicyStr = existingPolicy.toString();
    System.out.println("resultPolicy=" + resultPolicyStr);
    assert (true);
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) LinkedHashMap(java.util.LinkedHashMap) HashMap(java.util.HashMap) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) ArrayList(java.util.ArrayList) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) VXString(org.apache.ranger.view.VXString) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest) Test(org.junit.Test)

Aggregations

GrantRevokeRequest (org.apache.ranger.plugin.util.GrantRevokeRequest)21 Test (org.junit.Test)11 RangerService (org.apache.ranger.plugin.model.RangerService)8 HashMap (java.util.HashMap)7 WebApplicationException (javax.ws.rs.WebApplicationException)7 VXPolicy (org.apache.ranger.view.VXPolicy)7 IOException (java.io.IOException)6 RESTResponse (org.apache.ranger.admin.client.datatype.RESTResponse)6 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)6 ArrayList (java.util.ArrayList)5 AccessControlProtos (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos)4 AccessDeniedException (org.apache.hadoop.hbase.security.AccessDeniedException)4 AccessControlException (org.apache.hadoop.security.AccessControlException)4 VXString (org.apache.ranger.view.VXString)4 HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)3 LinkedHashMap (java.util.LinkedHashMap)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 POST (javax.ws.rs.POST)2 Path (javax.ws.rs.Path)2 Produces (javax.ws.rs.Produces)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial