Google Git
Sign in
apache / hawq / bd6196f487c8028f3eca0f56509fe9d718ee31c6 / . / src / test / feature / Ranger / policy_helper.cpp
blob: 277a203dd1ab3061c27d7af06bbf2f1def189004 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#include <iostream>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include "policy_helper.h"
#include "lib/command.h"
#include "lib/string_util.h"
using namespace std;
#define TMP_FOLDER "/tmp/ranger_test/"
PolicyHelper::PolicyHelper (string root_path, string ranger_host): _root_path (root_path), _rangerhost(ranger_host)
{}
PolicyHelper::~PolicyHelper ()
{}
void PolicyHelper::Reset()
{
_policys.clear();
}
int PolicyHelper::add_common_tsf(string policy_name, string user,
string database, string schema, string tsf_field, string tsf_value,
vector<string> accesses)
{
const char * policy_template =
"{\
\"allowExceptions\": [ ], \
\"denyExceptions\": [ ], \
\"denyPolicyItems\": [ ], \
\"description\": \"no description\", \
\"isAuditEnabled\": true, \
\"isEnabled\": true, \
\"name\": \"%s\", \
\"policyItems\": [\
{\
\"accesses\": [ %s ], \
\"conditions\": [ ], \
\"delegateAdmin\": true, \
\"groups\": null, \
\"users\": [\"%s\"]\
}\
], \
\"resources\": {\
\"database\": {\
\"isExcludes\": false, \
\"isRecursive\": false, \
\"values\": [\"%s\"]\
}, \
\"schema\": {\
\"isExcludes\": false, \
\"isRecursive\": false, \
\"values\": [\"%s\"]\
}, \
\"%s\": {\
\"isExcludes\": false, \
\"isRecursive\": false, \
\"values\": [\"%s\"]\
}\
}, \
\"service\": \"hawq\", \
\"version\": 3\
}";
string accesses_str;
for (auto access : accesses)
{
const char * access_template = "{\"isAllowed\": true, \"type\": \"%s\"}";
string acc_str = hawq::test::stringFormat(access_template, access.c_str());
if (accesses_str != "")
{
accesses_str += ",";
}
accesses_str += acc_str;
}
string policy_str = hawq::test::stringFormat(policy_template,
policy_name.c_str(), accesses_str.c_str(), user.c_str(),
database.c_str(), schema.c_str(), tsf_field.c_str(), tsf_value.c_str());
_policys.push_back(policy_str);
//cout<<policy_str<<endl;
return 0;
}
int PolicyHelper::add_common_sp(std::string policy_name, std::string user,
std::string tsp_field, std::string tsp_value,
std::vector<std::string> accesses)
{
const char * policy_template =
"{\
\"allowExceptions\": [ ], \
\"denyExceptions\": [ ], \
\"denyPolicyItems\": [ ], \
\"description\": \"no description\", \
\"isAuditEnabled\": true, \
\"isEnabled\": true, \
\"name\": \"%s\", \
\"policyItems\": [\
{\
\"accesses\": [ %s ], \
\"conditions\": [ ], \
\"delegateAdmin\": true, \
\"groups\": null, \
\"users\": [\"%s\"]\
}\
], \
\"resources\": {\
\"%s\": {\
\"isExcludes\": false, \
\"isRecursive\": false, \
\"values\": [\"%s\"]\
}\
}, \
\"service\": \"hawq\", \
\"version\": 3\
}";
string accesses_str;
for (auto access : accesses)
{
const char * access_template = "{\"isAllowed\": true, \"type\": \"%s\"}";
string acc_str = hawq::test::stringFormat(access_template, access.c_str());
if (accesses_str != "")
{
accesses_str += ",";
}
accesses_str += acc_str;
}
string policy_str = hawq::test::stringFormat(policy_template,
policy_name.c_str(), accesses_str.c_str(), user.c_str(), tsp_field.c_str(), tsp_value.c_str());
_policys.push_back(policy_str);
return 0;
}
string PolicyHelper::write_tmpfile(std::string content)
{
char temp[] = TMP_FOLDER "fileXXXXXX";
const char *file_name = mktemp(temp);
int fd = open(file_name, O_CREAT | O_TRUNC | O_WRONLY);
if (fd <= 0)
return "";
write(fd, content.c_str(), content.length());
close(fd);
return string(file_name);
}
int PolicyHelper::ActivateAllPoliciesOnRanger()
{
auto cmd = "mkdir -p " TMP_FOLDER;
hawq::test::Command::getCommandStatus(cmd);
for (auto policy : _policys)
{
string file_path= write_tmpfile(policy);
if (file_path == "")
return -1;
auto cmd = hawq::test::stringFormat("python %s/Ranger/rangerpolicy.py -h %s -a %s",
_root_path.c_str(), _rangerhost.c_str(), file_path.c_str() );
int ret = hawq::test::Command::getCommandStatus(cmd);
if (ret != 0)
return -1;
}
sleep(60);
return 0;
}
int PolicyHelper::DeletePolicyOnRanger(std::string policy_name)
{
auto cmd = hawq::test::stringFormat("python %s/Ranger/rangerpolicy.py -h %s -d %s",
_root_path.c_str(), _rangerhost.c_str(), policy_name.c_str() );
int ret = hawq::test::Command::getCommandStatus(cmd);
if (ret != 0)
return -1;
return 0;
}