RangerPolicyRepository(ServicePolicies servicePolicies, RangerPolicyEngineOptions options) {
    super();

    serviceName = servicePolicies.getServiceName();
    serviceDef = servicePolicies.getServiceDef();
    policies = Collections.unmodifiableList(servicePolicies.getPolicies());
    policyVersion =
        servicePolicies.getPolicyVersion() != null
            ? servicePolicies.getPolicyVersion().longValue()
            : -1;

    List<RangerContextEnricher> contextEnrichers = new ArrayList<RangerContextEnricher>();
    if (!options.disableContextEnrichers
        && !CollectionUtils.isEmpty(serviceDef.getContextEnrichers())) {
      for (RangerServiceDef.RangerContextEnricherDef enricherDef :
          serviceDef.getContextEnrichers()) {
        if (enricherDef == null) {
          continue;
        }

        RangerContextEnricher contextEnricher = buildContextEnricher(enricherDef);

        if (contextEnricher != null) {
          contextEnrichers.add(contextEnricher);
        }
      }
    }
    this.contextEnrichers = Collections.unmodifiableList(contextEnrichers);

    List<RangerPolicyEvaluator> policyEvaluators = new ArrayList<RangerPolicyEvaluator>();
    for (RangerPolicy policy : servicePolicies.getPolicies()) {
      if (!policy.getIsEnabled()) {
        continue;
      }

      RangerPolicyEvaluator evaluator = buildPolicyEvaluator(policy, serviceDef, options);

      if (evaluator != null) {
        policyEvaluators.add(evaluator);
      }
    }
    Collections.sort(policyEvaluators);
    this.policyEvaluators = Collections.unmodifiableList(policyEvaluators);

    String propertyName = "ranger.plugin." + serviceName + ".policyengine.auditcachesize";

    if (options.cacheAuditResults) {
      int auditResultCacheSize =
          RangerConfiguration.getInstance()
              .getInt(propertyName, RANGER_POLICYENGINE_AUDITRESULT_CACHE_SIZE);

      accessAuditCache =
          Collections.synchronizedMap(new CacheMap<String, Boolean>(auditResultCacheSize));
    } else {
      accessAuditCache = null;
    }
  }
예제 #2
0
  /** @param other */
  public void updateFrom(RangerPolicy other) {
    super.updateFrom(other);

    setService(other.getService());
    setName(other.getName());
    setPolicyType(other.getPolicyType());
    setDescription(other.getDescription());
    setResourceSignature(other.getResourceSignature());
    setIsAuditEnabled(other.getIsAuditEnabled());
    setResources(other.getResources());
    setPolicyItems(other.getPolicyItems());
    setDenyPolicyItems(other.getDenyPolicyItems());
    setAllowExceptions(other.getAllowExceptions());
    setDenyExceptions(other.getDenyExceptions());
  }