Examples with GrantRevokeRequest org.apache.ranger.plugin.util.GrantRevokeRequest used on opensource projects

Search in sources :

Example 6 with GrantRevokeRequest

use of org.apache.ranger.plugin.util.GrantRevokeRequest in project ranger by apache.

the class TestServiceREST method test15revokeAccess.

@Test
public void test15revokeAccess() throws Exception {
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    String serviceName = "HDFS_1";
    Set<String> userList = new HashSet<String>();
    userList.add("user1");
    userList.add("user2");
    userList.add("user3");
    Set<String> groupList = new HashSet<String>();
    groupList.add("group1");
    groupList.add("group2");
    groupList.add("group3");
    GrantRevokeRequest revokeRequest = new GrantRevokeRequest();
    revokeRequest.setDelegateAdmin(true);
    revokeRequest.setEnableAudit(true);
    revokeRequest.setGrantor("read");
    revokeRequest.setGroups(groupList);
    revokeRequest.setUsers(userList);
    RESTResponse restResponse = serviceREST.revokeAccess(serviceName, revokeRequest, request);
    Assert.assertNotNull(restResponse);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse) VXString(org.apache.ranger.view.VXString) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 7 with GrantRevokeRequest

use of org.apache.ranger.plugin.util.GrantRevokeRequest in project ranger by apache.

the class TestServiceREST method test14grantAccess.

@Test
public void test14grantAccess() throws Exception {
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    String serviceName = "HDFS_1";
    GrantRevokeRequest grantRequestObj = new GrantRevokeRequest();
    grantRequestObj.setAccessTypes(null);
    grantRequestObj.setDelegateAdmin(true);
    grantRequestObj.setEnableAudit(true);
    grantRequestObj.setGrantor("read");
    grantRequestObj.setIsRecursive(true);
    Mockito.when(serviceUtil.isValidateHttpsAuthentication(serviceName, request)).thenReturn(false);
    RESTResponse restResponse = serviceREST.grantAccess(serviceName, grantRequestObj, request);
    Assert.assertNotNull(restResponse);
    Mockito.verify(serviceUtil).isValidateHttpsAuthentication(serviceName, request);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse) VXString(org.apache.ranger.view.VXString) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest) Test(org.junit.Test)

Example 8 with GrantRevokeRequest

use of org.apache.ranger.plugin.util.GrantRevokeRequest in project ranger by apache.

the class TestServiceUtil method testToGrantRevokeRequestForHbase.

@Test
public void testToGrantRevokeRequestForHbase() throws Exception {
    GrantRevokeRequest expectedGrantRevokeRequest = new GrantRevokeRequest();
    expectedGrantRevokeRequest.setGrantor("rangerAdmin");
    expectedGrantRevokeRequest.setEnableAudit(true);
    expectedGrantRevokeRequest.setIsRecursive(false);
    expectedGrantRevokeRequest.setReplaceExistingPermissions(true);
    Map<String, String> mapResource = new HashMap<String, String>();
    mapResource.put("table", "myTable");
    mapResource.put("column", "myColumn");
    mapResource.put("column-family", "myColumnFamily");
    expectedGrantRevokeRequest.setResource(mapResource);
    String serviceName = "hbase";
    RangerService rangerService = new RangerService();
    rangerService.setId(1L);
    rangerService.setName("hbaseService");
    rangerService.setIsEnabled(true);
    rangerService.setType("hbase");
    VXPolicy vXPolicy = new VXPolicy();
    vXPolicy.setRepositoryName("hbase");
    vXPolicy.setGrantor("rangerAdmin");
    vXPolicy.setReplacePerm(true);
    vXPolicy.setColumns("myColumn");
    vXPolicy.setColumnFamilies("myColumnFamily");
    vXPolicy.setTables("myTable");
    Mockito.when(svcStore.getServiceByName(serviceName)).thenReturn(rangerService);
    GrantRevokeRequest actualGrantRevokeRequest = serviceUtil.toGrantRevokeRequest(vXPolicy);
    Assert.assertNotNull(actualGrantRevokeRequest);
    Assert.assertTrue(actualGrantRevokeRequest.getEnableAudit());
    Assert.assertFalse(actualGrantRevokeRequest.getIsRecursive());
    Assert.assertTrue(actualGrantRevokeRequest.getReplaceExistingPermissions());
    Assert.assertEquals(expectedGrantRevokeRequest.getGrantor(), actualGrantRevokeRequest.getGrantor());
    Assert.assertEquals(expectedGrantRevokeRequest.getResource(), actualGrantRevokeRequest.getResource());
}
Also used : HashMap(java.util.HashMap) VXPolicy(org.apache.ranger.view.VXPolicy) RangerService(org.apache.ranger.plugin.model.RangerService) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest) Test(org.junit.Test)

Example 9 with GrantRevokeRequest

use of org.apache.ranger.plugin.util.GrantRevokeRequest in project ranger by apache.

the class RangerHivePlugin method createGrantRevokeData.

private GrantRevokeRequest createGrantRevokeData(RangerHiveResource resource, List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAccessControlException {
    if (resource == null || !(resource.getObjectType() == HiveObjectType.DATABASE || resource.getObjectType() == HiveObjectType.TABLE || resource.getObjectType() == HiveObjectType.VIEW || resource.getObjectType() == HiveObjectType.COLUMN)) {
        throw new HiveAccessControlException("grant/revoke: unexpected object type '" + (resource == null ? null : resource.getObjectType().name()));
    }
    GrantRevokeRequest ret = new GrantRevokeRequest();
    ret.setGrantor(getGrantorUsername(grantorPrincipal));
    ret.setGrantorGroups(getGrantorGroupNames(grantorPrincipal));
    ret.setDelegateAdmin(grantOption ? Boolean.TRUE : Boolean.FALSE);
    ret.setEnableAudit(Boolean.TRUE);
    ret.setReplaceExistingPermissions(Boolean.FALSE);
    String database = StringUtils.isEmpty(resource.getDatabase()) ? "*" : resource.getDatabase();
    String table = StringUtils.isEmpty(resource.getTable()) ? "*" : resource.getTable();
    String column = StringUtils.isEmpty(resource.getColumn()) ? "*" : resource.getColumn();
    Map<String, String> mapResource = new HashMap<String, String>();
    mapResource.put(RangerHiveResource.KEY_DATABASE, database);
    mapResource.put(RangerHiveResource.KEY_TABLE, table);
    mapResource.put(RangerHiveResource.KEY_COLUMN, column);
    ret.setOwnerUser(resource.getOwnerUser());
    ret.setResource(mapResource);
    SessionState ss = SessionState.get();
    if (ss != null) {
        ret.setClientIPAddress(ss.getUserIpAddress());
        ret.setSessionId(ss.getSessionId());
        HiveConf hiveConf = ss.getConf();
        if (hiveConf != null) {
            ret.setRequestData(hiveConf.get(HIVE_CONF_VAR_QUERY_STRING));
        }
    }
    HiveAuthzSessionContext sessionContext = getHiveAuthzSessionContext();
    if (sessionContext != null) {
        ret.setClientType(sessionContext.getClientType() == null ? null : sessionContext.getClientType().toString());
    }
    for (HivePrincipal principal : hivePrincipals) {
        switch(principal.getType()) {
            case USER:
                ret.getUsers().add(principal.getName());
                break;
            case GROUP:
                ret.getGroups().add(principal.getName());
                break;
            case ROLE:
                ret.getRoles().add(principal.getName());
                break;
            case UNKNOWN:
                break;
        }
    }
    for (HivePrivilege privilege : hivePrivileges) {
        String privName = privilege.getName();
        if (StringUtils.equalsIgnoreCase(privName, HiveAccessType.ALL.name()) || StringUtils.equalsIgnoreCase(privName, HiveAccessType.ALTER.name()) || StringUtils.equalsIgnoreCase(privName, HiveAccessType.CREATE.name()) || StringUtils.equalsIgnoreCase(privName, HiveAccessType.DROP.name()) || StringUtils.equalsIgnoreCase(privName, HiveAccessType.INDEX.name()) || StringUtils.equalsIgnoreCase(privName, HiveAccessType.LOCK.name()) || StringUtils.equalsIgnoreCase(privName, HiveAccessType.SELECT.name()) || StringUtils.equalsIgnoreCase(privName, HiveAccessType.UPDATE.name())) {
            ret.getAccessTypes().add(privName.toLowerCase());
        } else if (StringUtils.equalsIgnoreCase(privName, "Insert") || StringUtils.equalsIgnoreCase(privName, "Delete")) {
            // Mapping Insert/Delete to Update
            ret.getAccessTypes().add(HiveAccessType.UPDATE.name().toLowerCase());
        } else {
            LOG.warn("grant/revoke: unexpected privilege type '" + privName + "'. Ignored");
        }
    }
    return ret;
}
Also used : HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) SessionState(org.apache.hadoop.hive.ql.session.SessionState) HashMap(java.util.HashMap) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) HiveAuthzSessionContext(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext) HiveConf(org.apache.hadoop.hive.conf.HiveConf) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest)

Example 10 with GrantRevokeRequest

use of org.apache.ranger.plugin.util.GrantRevokeRequest in project ranger by apache.

the class RangerHivePlugin method revokePrivileges.

/**
 * Revoke privileges for principals on the object
 * @param hivePrincipals
 * @param hivePrivileges
 * @param hivePrivObject
 * @param grantorPrincipal
 * @param grantOption
 * @throws HiveAuthzPluginException
 * @throws HiveAccessControlException
 */
@Override
public void revokePrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException {
    if (!RangerHivePlugin.UpdateXaPoliciesOnGrantRevoke) {
        throw new HiveAuthzPluginException("GRANT/REVOKE not supported in Ranger HiveAuthorizer. Please use Ranger Security Admin to setup access control.");
    }
    RangerHiveAuditHandler auditHandler = new RangerHiveAuditHandler(hivePlugin.getConfig());
    try {
        List<HivePrivilegeObject> outputs = new ArrayList<>(Arrays.asList(hivePrivObject));
        RangerHiveResource resource = getHiveResource(HiveOperationType.REVOKE_PRIVILEGE, hivePrivObject, null, outputs);
        GrantRevokeRequest request = createGrantRevokeData(resource, hivePrincipals, hivePrivileges, grantorPrincipal, grantOption);
        LOG.info("revokePrivileges(): " + request);
        if (LOG.isDebugEnabled()) {
            LOG.debug("revokePrivileges(): " + request);
        }
        hivePlugin.revokeAccess(request, auditHandler);
    } catch (Exception excp) {
        throw new HiveAccessControlException(excp);
    } finally {
        auditHandler.flushAudit();
    }
}
Also used : HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) ArrayList(java.util.ArrayList) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) GrantRevokeRequest(org.apache.ranger.plugin.util.GrantRevokeRequest) SemanticException(org.apache.hadoop.hive.ql.parse.SemanticException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) IOException(java.io.IOException)

Aggregations

GrantRevokeRequest (org.apache.ranger.plugin.util.GrantRevokeRequest)21 Test (org.junit.Test)11 RangerService (org.apache.ranger.plugin.model.RangerService)8 HashMap (java.util.HashMap)7 WebApplicationException (javax.ws.rs.WebApplicationException)7 VXPolicy (org.apache.ranger.view.VXPolicy)7 IOException (java.io.IOException)6 RESTResponse (org.apache.ranger.admin.client.datatype.RESTResponse)6 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)6 ArrayList (java.util.ArrayList)5 AccessControlProtos (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos)4 AccessDeniedException (org.apache.hadoop.hbase.security.AccessDeniedException)4 AccessControlException (org.apache.hadoop.security.AccessControlException)4 VXString (org.apache.ranger.view.VXString)4 HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)3 LinkedHashMap (java.util.LinkedHashMap)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 POST (javax.ws.rs.POST)2 Path (javax.ws.rs.Path)2 Produces (javax.ws.rs.Produces)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial