Examples with ServicePolicies org.apache.ranger.plugin.util.ServicePolicies used on opensource projects

Search in sources :

Example 16 with ServicePolicies

use of org.apache.ranger.plugin.util.ServicePolicies in project nifi by apache.

the class TestRangerBasePluginWithPolicies method testDisabledPolicy.

@Test
public void testDisabledPolicy() {
    final String resourceIdentifier1 = "/resource-1";
    RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
    final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
    policy1Resources.put(resourceIdentifier1, resource1);
    final RangerPolicyItem policy1Item = new RangerPolicyItem();
    policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
    final RangerPolicy policy1 = new RangerPolicy();
    policy1.setIsEnabled(false);
    policy1.setResources(policy1Resources);
    policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
    final List<RangerPolicy> policies = new ArrayList<>();
    policies.add(policy1);
    final RangerServiceDef serviceDef = new RangerServiceDef();
    serviceDef.setName("nifi");
    final ServicePolicies servicePolicies = new ServicePolicies();
    servicePolicies.setPolicies(policies);
    servicePolicies.setServiceDef(serviceDef);
    // set all the policies in the plugin
    final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
    pluginWithPolicies.setPolicies(servicePolicies);
    // ensure the policy was skipped
    assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));
    assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
    assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) HashMap(java.util.HashMap) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) ArrayList(java.util.ArrayList) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) Test(org.junit.Test)

Example 17 with ServicePolicies

use of org.apache.ranger.plugin.util.ServicePolicies in project ranger by apache.

the class ServiceDBStore method getServicePolicies.

@Override
public ServicePolicies getServicePolicies(String serviceName) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceDBStore.getServicePolicies(" + serviceName + ")");
    }
    ServicePolicies ret = null;
    XXService serviceDbObj = daoMgr.getXXService().findByName(serviceName);
    if (serviceDbObj == null) {
        throw new Exception("service does not exist. name=" + serviceName);
    }
    XXServiceVersionInfo serviceVersionInfoDbObj = daoMgr.getXXServiceVersionInfo().findByServiceName(serviceName);
    if (serviceVersionInfoDbObj == null) {
        LOG.warn("serviceVersionInfo does not exist. name=" + serviceName);
    }
    RangerServiceDef serviceDef = getServiceDef(serviceDbObj.getType());
    if (serviceDef == null) {
        throw new Exception("service-def does not exist. id=" + serviceDbObj.getType());
    }
    List<RangerPolicy> policies = null;
    ServicePolicies.TagPolicies tagPolicies = null;
    String auditMode = getAuditMode(serviceDef.getName(), serviceName);
    if (serviceDbObj.getIsenabled()) {
        if (serviceDbObj.getTagService() != null) {
            XXService tagServiceDbObj = daoMgr.getXXService().getById(serviceDbObj.getTagService());
            if (tagServiceDbObj != null && tagServiceDbObj.getIsenabled()) {
                RangerServiceDef tagServiceDef = getServiceDef(tagServiceDbObj.getType());
                if (tagServiceDef == null) {
                    throw new Exception("service-def does not exist. id=" + tagServiceDbObj.getType());
                }
                XXServiceVersionInfo tagServiceVersionInfoDbObj = daoMgr.getXXServiceVersionInfo().findByServiceId(serviceDbObj.getTagService());
                if (tagServiceVersionInfoDbObj == null) {
                    LOG.warn("serviceVersionInfo does not exist. name=" + tagServiceDbObj.getName());
                }
                tagPolicies = new ServicePolicies.TagPolicies();
                tagPolicies.setServiceId(tagServiceDbObj.getId());
                tagPolicies.setServiceName(tagServiceDbObj.getName());
                tagPolicies.setPolicyVersion(tagServiceVersionInfoDbObj == null ? null : tagServiceVersionInfoDbObj.getPolicyVersion());
                tagPolicies.setPolicyUpdateTime(tagServiceVersionInfoDbObj == null ? null : tagServiceVersionInfoDbObj.getPolicyUpdateTime());
                tagPolicies.setPolicies(getServicePoliciesFromDb(tagServiceDbObj));
                tagPolicies.setServiceDef(tagServiceDef);
                tagPolicies.setAuditMode(auditMode);
            }
        }
        policies = getServicePoliciesFromDb(serviceDbObj);
    } else {
        policies = new ArrayList<RangerPolicy>();
    }
    ret = new ServicePolicies();
    ret.setServiceId(serviceDbObj.getId());
    ret.setServiceName(serviceDbObj.getName());
    ret.setPolicyVersion(serviceVersionInfoDbObj == null ? null : serviceVersionInfoDbObj.getPolicyVersion());
    ret.setPolicyUpdateTime(serviceVersionInfoDbObj == null ? null : serviceVersionInfoDbObj.getPolicyUpdateTime());
    ret.setPolicies(policies);
    ret.setServiceDef(serviceDef);
    ret.setAuditMode(auditMode);
    ret.setTagPolicies(tagPolicies);
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceDBStore.getServicePolicies(" + serviceName + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
    }
    return ret;
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) VXString(org.apache.ranger.view.VXString) XXService(org.apache.ranger.entity.XXService) XXServiceVersionInfo(org.apache.ranger.entity.XXServiceVersionInfo) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) JSONException(org.codehaus.jettison.json.JSONException)

Example 18 with ServicePolicies

use of org.apache.ranger.plugin.util.ServicePolicies in project ranger by apache.

the class ServiceDBStore method getServicePolicies.

private List<RangerPolicy> getServicePolicies(XXService service, SearchFilter filter) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceDBStore.getServicePolicies()");
    }
    if (service == null) {
        throw new Exception("service does not exist");
    }
    List<RangerPolicy> ret = null;
    ServicePolicies servicePolicies = RangerServicePoliciesCache.getInstance().getServicePolicies(service.getName(), service.getId(), this);
    List<RangerPolicy> policies = servicePolicies != null ? servicePolicies.getPolicies() : null;
    if (policies != null && filter != null) {
        Map<String, String> filterResources = filter.getParamsWithPrefix(SearchFilter.RESOURCE_PREFIX, true);
        String resourceMatchScope = filter.getParam(SearchFilter.RESOURCE_MATCH_SCOPE);
        boolean useLegacyResourceSearch = true;
        if (MapUtils.isNotEmpty(filterResources) && resourceMatchScope != null) {
            useLegacyResourceSearch = false;
            for (Map.Entry<String, String> entry : filterResources.entrySet()) {
                filter.removeParam(SearchFilter.RESOURCE_PREFIX + entry.getKey());
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Using" + (useLegacyResourceSearch ? " old " : " new ") + "way of filtering service-policies");
        }
        ret = new ArrayList<RangerPolicy>(policies);
        predicateUtil.applyFilter(ret, filter);
        if (!useLegacyResourceSearch && CollectionUtils.isNotEmpty(ret)) {
            RangerPolicyResourceMatcher.MatchScope scope;
            if (StringUtils.equalsIgnoreCase(resourceMatchScope, "self")) {
                scope = RangerPolicyResourceMatcher.MatchScope.SELF;
            } else if (StringUtils.equalsIgnoreCase(resourceMatchScope, "ancestor")) {
                scope = RangerPolicyResourceMatcher.MatchScope.ANCESTOR;
            } else if (StringUtils.equalsIgnoreCase(resourceMatchScope, "self_or_ancestor")) {
                scope = RangerPolicyResourceMatcher.MatchScope.SELF_OR_ANCESTOR;
            } else {
                // DESCENDANT match will never happen
                scope = RangerPolicyResourceMatcher.MatchScope.SELF_OR_ANCESTOR;
            }
            RangerServiceDef serviceDef = servicePolicies.getServiceDef();
            switch(scope) {
                case SELF:
                    {
                        serviceDef = RangerServiceDefHelper.getServiceDefForPolicyFiltering(serviceDef);
                        break;
                    }
                case ANCESTOR:
                    {
                        Map<String, String> updatedFilterResources = RangerServiceDefHelper.getFilterResourcesForAncestorPolicyFiltering(serviceDef, filterResources);
                        if (MapUtils.isNotEmpty(updatedFilterResources)) {
                            for (Map.Entry<String, String> entry : updatedFilterResources.entrySet()) {
                                filterResources.put(entry.getKey(), entry.getValue());
                            }
                            scope = RangerPolicyResourceMatcher.MatchScope.SELF_OR_ANCESTOR;
                        }
                        break;
                    }
                default:
                    break;
            }
            ret = applyResourceFilter(serviceDef, ret, filterResources, filter, scope);
        }
    } else {
        ret = policies;
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceDBStore.getServicePolicies(): count=" + ((ret == null) ? 0 : ret.size()));
    }
    return ret;
}
Also used : ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) VXString(org.apache.ranger.view.VXString) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) JSONException(org.codehaus.jettison.json.JSONException) RangerPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) Entry(java.util.Map.Entry) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) Map(java.util.Map) XXPolicyLabelMap(org.apache.ranger.entity.XXPolicyLabelMap) LinkedHashMap(java.util.LinkedHashMap) HashMap(java.util.HashMap) XXPolicyResourceMap(org.apache.ranger.entity.XXPolicyResourceMap) XXServiceConfigMap(org.apache.ranger.entity.XXServiceConfigMap)

Example 19 with ServicePolicies

use of org.apache.ranger.plugin.util.ServicePolicies in project ranger by apache.

the class RangerPolicyFactory method createServicePolicy.

/**
 * Returns a {@link ServicePolicies service policy} instance with containing the specified number of generated policies.
 * @param numberOfPolicies
 * @return
 */
public static ServicePolicies createServicePolicy(int numberOfPolicies) {
    ServicePolicies servicePolicies = loadTemplate("/testdata/test_servicepolicies_hive.json", new TypeToken<ServicePolicies>() {
    }.getType());
    mutate(servicePolicies, numberOfPolicies);
    return servicePolicies;
}
Also used : ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) TypeToken(com.google.gson.reflect.TypeToken)

Example 20 with ServicePolicies

use of org.apache.ranger.plugin.util.ServicePolicies in project ranger by apache.

the class RangerPolicyEnginePerformanceTest method policyEngineTest.

@Test
public void policyEngineTest() throws InterruptedException {
    List<RangerAccessRequest> requests = requestsCache.getUnchecked(concurrency);
    ServicePolicies servicePolicies = servicePoliciesCache.getUnchecked(numberOfPolicies);
    final RangerPolicyEngineImpl rangerPolicyEngine = new RangerPolicyEngineImpl("perf-test", servicePolicies, RangerPolicyFactory.createPolicyEngineOption());
    rangerPolicyEngine.preProcess(requests);
    for (int iterations = 0; iterations < WARM_UP__ITERATIONS; iterations++) {
        // using return value of 'isAccessAllowed' with a cheap operation: System#identityHashCode so JIT wont remove it as dead code
        System.identityHashCode(rangerPolicyEngine.evaluatePolicies(requests.get(iterations % concurrency), RangerPolicy.POLICY_TYPE_ACCESS, null));
        PerfDataRecorder.clearStatistics();
    }
    final CountDownLatch latch = new CountDownLatch(concurrency);
    for (int i = 0; i < concurrency; i++) {
        final RangerAccessRequest rangerAccessRequest = requests.get(i);
        new Thread(new Runnable() {

            @Override
            public void run() {
                System.identityHashCode(rangerPolicyEngine.evaluatePolicies(rangerAccessRequest, RangerPolicy.POLICY_TYPE_ACCESS, null));
                latch.countDown();
            }
        }, String.format("Client #%s", i)).start();
    }
    latch.await();
}
Also used : RangerPolicyEngineImpl(org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl) ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies) CountDownLatch(java.util.concurrent.CountDownLatch) RangerAccessRequest(org.apache.ranger.plugin.policyengine.RangerAccessRequest) Test(org.junit.Test)

Aggregations

ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)31 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)16 ArrayList (java.util.ArrayList)13 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)13 Test (org.junit.Test)13 HashMap (java.util.HashMap)10 RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)8 RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)8 RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)8 VXString (org.apache.ranger.view.VXString)7 IOException (java.io.IOException)5 Date (java.util.Date)4 WebApplicationException (javax.ws.rs.WebApplicationException)4 UnknownHostException (java.net.UnknownHostException)3 GET (javax.ws.rs.GET)3 Path (javax.ws.rs.Path)3 AccessPolicy (org.apache.nifi.authorization.AccessPolicy)3 XXService (org.apache.ranger.entity.XXService)3 RangerService (org.apache.ranger.plugin.model.RangerService)3 RangerPolicyEngineImpl (org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial