Example 21 with XXPolicy
use of org.apache.ranger.entity.XXPolicy in project ranger by apache.
the class ServiceREST method applyPolicy.
/*
The verb for applyPolicy is POST as it could be partial update or a create
*/
@POST
@Path("/policies/apply")
@Produces({ "application/json", "application/xml" })
public RangerPolicy applyPolicy(RangerPolicy policy, @Context HttpServletRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.applyPolicy(" + policy + ")");
}
RangerPolicy ret = null;
if (policy != null && StringUtils.isNotBlank(policy.getService())) {
try {
final RangerPolicy existingPolicy;
String signature = (new RangerPolicyResourceSignature(policy)).getSignature();
List<RangerPolicy> policiesWithMatchingSignature = svcStore.getPoliciesByResourceSignature(policy.getService(), signature, true);
if (CollectionUtils.isNotEmpty(policiesWithMatchingSignature)) {
if (policiesWithMatchingSignature.size() == 1) {
existingPolicy = policiesWithMatchingSignature.get(0);
} else {
throw new Exception("Multiple policies with matching policy-signature are found. Cannot determine target for applying policy");
}
} else {
existingPolicy = null;
}
if (existingPolicy == null) {
if (StringUtils.isNotEmpty(policy.getName())) {
String policyName = StringUtils.isNotBlank(policy.getName()) ? policy.getName() : null;
String serviceName = StringUtils.isNotBlank(policy.getService()) ? policy.getService() : null;
String zoneName = StringUtils.isNotBlank(policy.getZoneName()) ? policy.getZoneName() : null;
XXPolicy dbPolicy = daoManager.getXXPolicy().findPolicy(policyName, serviceName, zoneName);
// XXPolicy dbPolicy = daoManager.getXXPolicy().findPolicy(policy.getName(), policy.getService(), policy.getZoneName());
if (dbPolicy != null) {
policy.setName(policy.getName() + System.currentTimeMillis());
}
}
ret = createPolicy(policy, null);
} else {
boolean mergeIfExists = "true".equalsIgnoreCase(StringUtils.trimToEmpty(request.getParameter(PARAM_MERGE_IF_EXISTS)));
if (!mergeIfExists) {
boolean updateIfExists = "true".equalsIgnoreCase(StringUtils.trimToEmpty(request.getParameter(PARAM_UPDATE_IF_EXISTS)));
if (updateIfExists) {
// Called with explicit intent of updating an existing policy
mergeIfExists = false;
} else {
// Invoked through REST API. Merge with existing policy unless 'mergeIfExists' is explicitly set to false in HttpServletRequest
mergeIfExists = !"false".equalsIgnoreCase(StringUtils.trimToEmpty(request.getParameter(PARAM_MERGE_IF_EXISTS)));
}
}
if (mergeIfExists) {
ServiceRESTUtil.processApplyPolicy(existingPolicy, policy);
policy = existingPolicy;
} else {
policy.setId(existingPolicy.getId());
}
ret = updatePolicy(policy);
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Exception exception) {
LOG.error("Failed to apply policy:", exception);
throw restErrorUtil.createRESTException(exception.getMessage());
}
} else {
throw restErrorUtil.createRESTException("Non-existing service specified:");
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.applyPolicy(" + policy + ") : " + ret);
}
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerPolicyResourceSignature(org.apache.ranger.plugin.model.RangerPolicyResourceSignature)
VXString(org.apache.ranger.view.VXString)
XXPolicy(org.apache.ranger.entity.XXPolicy)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
JsonSyntaxException(com.google.gson.JsonSyntaxException)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Example 22 with XXPolicy
use of org.apache.ranger.entity.XXPolicy in project ranger by apache.
the class PublicAPIs method updatePolicy.
@PUT
@Path("/api/policy/{id}")
@Produces({ "application/json", "application/xml" })
public VXPolicy updatePolicy(VXPolicy vXPolicy, @PathParam("id") Long id) {
if (logger.isDebugEnabled()) {
logger.debug("==> PublicAPIs.updatePolicy(): " + vXPolicy);
}
if (vXPolicy == null) {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, "Policy object is null in update policy api", false);
}
XXPolicy existing = daoMgr.getXXPolicy().getById(id);
if (existing == null) {
throw restErrorUtil.createRESTException("Policy not found for Id: " + id, MessageEnums.DATA_NOT_FOUND);
}
vXPolicy.setId(id);
RangerService service = serviceREST.getServiceByName(vXPolicy.getRepositoryName());
RangerPolicy policy = serviceUtil.toRangerPolicy(vXPolicy, service);
VXPolicy ret = null;
if (policy != null) {
policy.setVersion(existing.getVersion());
RangerPolicy updatedPolicy = serviceREST.updatePolicy(policy);
ret = serviceUtil.toVXPolicy(updatedPolicy, service);
}
if (logger.isDebugEnabled()) {
logger.debug("<== PublicAPIs.updatePolicy(" + policy + "): " + ret);
}
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerService(org.apache.ranger.plugin.model.RangerService)
XXPolicy(org.apache.ranger.entity.XXPolicy)
Example 23 with XXPolicy
use of org.apache.ranger.entity.XXPolicy in project ranger by apache.
the class ServiceDBStore method getPoliciesByResourceSignature.
@Override
public List<RangerPolicy> getPoliciesByResourceSignature(String serviceName, String policySignature, Boolean isPolicyEnabled) throws Exception {
List<XXPolicy> xxPolicies = daoMgr.getXXPolicy().findByResourceSignatureByPolicyStatus(serviceName, policySignature, isPolicyEnabled);
List<RangerPolicy> policies = new ArrayList<RangerPolicy>(xxPolicies.size());
for (XXPolicy xxPolicy : xxPolicies) {
RangerPolicy policy = policyService.getPopulatedViewObject(xxPolicy);
policies.add(policy);
}
return policies;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
ArrayList(java.util.ArrayList)
XXPolicy(org.apache.ranger.entity.XXPolicy)
Example 24 with XXPolicy
use of org.apache.ranger.entity.XXPolicy in project ranger by apache.
the class ServiceDBStore method searchRangerPolicies.
private RangerPolicyList searchRangerPolicies(SearchFilter searchFilter) {
List<RangerPolicy> policyList = new ArrayList<RangerPolicy>();
RangerPolicyList retList = new RangerPolicyList();
Map<Long, RangerPolicy> policyMap = new HashMap<Long, RangerPolicy>();
Set<Long> processedServices = new HashSet<Long>();
Set<Long> processedPolicies = new HashSet<Long>();
Comparator<RangerPolicy> comparator = new Comparator<RangerPolicy>() {
public int compare(RangerPolicy c1, RangerPolicy c2) {
return (int) ((c1.getId()).compareTo(c2.getId()));
}
};
List<XXPolicy> xPolList = null;
Long serviceId = null;
String serviceName = searchFilter.getParam(ServiceREST.PARAM_SERVICE_NAME);
if (StringUtils.isNotBlank(serviceName)) {
serviceId = getRangerServiceByName(serviceName.trim());
if (serviceId != null) {
loadRangerPolicies(serviceId, processedServices, policyMap, searchFilter);
}
} else {
xPolList = policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
if (!CollectionUtils.isEmpty(xPolList)) {
for (XXPolicy xXPolicy : xPolList) {
if (!processedServices.contains(xXPolicy.getService())) {
loadRangerPolicies(xXPolicy.getService(), processedServices, policyMap, searchFilter);
}
}
}
}
String userName = searchFilter.getParam("user");
if (!StringUtils.isEmpty(userName)) {
searchFilter.setParam("user", RangerPolicyEngine.USER_CURRENT);
List<XXPolicy> xPolListForMacroUser = policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
Set<Long> processedSvcIdsForMacroUser = new HashSet<Long>();
if (!CollectionUtils.isEmpty(xPolListForMacroUser)) {
for (XXPolicy xXPolicy : xPolListForMacroUser) {
if (!processedPolicies.contains(xXPolicy.getId())) {
if (!processedSvcIdsForMacroUser.contains(xXPolicy.getService())) {
loadRangerPolicies(xXPolicy.getService(), processedSvcIdsForMacroUser, policyMap, searchFilter);
}
if (policyMap.get(xXPolicy.getId()) != null) {
policyList.add(policyMap.get(xXPolicy.getId()));
processedPolicies.add(xXPolicy.getId());
}
}
}
}
searchFilter.removeParam("user");
Set<String> groupNames = daoMgr.getXXGroupUser().findGroupNamesByUserName(userName);
groupNames.add(RangerConstants.GROUP_PUBLIC);
Set<Long> processedSvcIdsForGroup = new HashSet<Long>();
Set<String> processedGroupsName = new HashSet<String>();
List<XXPolicy> xPolList2;
for (String groupName : groupNames) {
searchFilter.setParam("group", groupName);
xPolList2 = policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
if (!CollectionUtils.isEmpty(xPolList2)) {
for (XXPolicy xPol2 : xPolList2) {
if (xPol2 != null) {
if (!processedPolicies.contains(xPol2.getId())) {
if (!processedSvcIdsForGroup.contains(xPol2.getService()) || !processedGroupsName.contains(groupName)) {
loadRangerPolicies(xPol2.getService(), processedSvcIdsForGroup, policyMap, searchFilter);
processedGroupsName.add(groupName);
}
if (policyMap.containsKey(xPol2.getId())) {
policyList.add(policyMap.get(xPol2.getId()));
processedPolicies.add(xPol2.getId());
}
}
}
}
}
}
}
if (!CollectionUtils.isEmpty(xPolList)) {
if (isSearchQuerybyResource(searchFilter)) {
if (MapUtils.isNotEmpty(policyMap)) {
for (Entry<Long, RangerPolicy> entry : policyMap.entrySet()) {
if (!processedPolicies.contains(entry.getKey())) {
policyList.add(entry.getValue());
processedPolicies.add(entry.getKey());
}
}
}
} else {
for (XXPolicy xPol : xPolList) {
if (xPol != null) {
if (!processedPolicies.contains(xPol.getId())) {
if (!processedServices.contains(xPol.getService())) {
loadRangerPolicies(xPol.getService(), processedServices, policyMap, searchFilter);
}
if (policyMap.containsKey(xPol.getId())) {
policyList.add(policyMap.get(xPol.getId()));
processedPolicies.add(xPol.getId());
}
}
}
}
}
} else {
if (MapUtils.isNotEmpty(policyMap)) {
for (Entry<Long, RangerPolicy> entry : policyMap.entrySet()) {
if (!processedPolicies.contains(entry.getKey())) {
policyList.add(entry.getValue());
processedPolicies.add(entry.getKey());
}
}
}
}
if (CollectionUtils.isNotEmpty(policyList)) {
Collections.sort(policyList, comparator);
}
retList.setPolicies(policyList);
return retList;
}
Also used :
LinkedHashMap(java.util.LinkedHashMap)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
VXString(org.apache.ranger.view.VXString)
XXPolicy(org.apache.ranger.entity.XXPolicy)
Comparator(java.util.Comparator)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerPolicyList(org.apache.ranger.view.RangerPolicyList)
HashSet(java.util.HashSet)
Example 25 with XXPolicy
use of org.apache.ranger.entity.XXPolicy in project ranger by apache.
the class TestXUserMgr method test28DeleteXUser.
@Test
public void test28DeleteXUser() {
setup();
boolean force = true;
VXUser vXUser = vxUser();
// XXUser
XXUser xXUser = new XXUser();
XXUserDao xXUserDao = Mockito.mock(XXUserDao.class);
Mockito.when(daoManager.getXXUser()).thenReturn(xXUserDao);
Mockito.when(xXUserDao.getById(vXUser.getId())).thenReturn(xXUser);
Mockito.when(xUserService.populateViewBean(xXUser)).thenReturn(vXUser);
// VXGroupUser
VXGroupUserList vxGroupUserList = new VXGroupUserList();
XXGroupUserDao xGroupUserDao = Mockito.mock(XXGroupUserDao.class);
VXGroupUser vxGroupUser = new VXGroupUser();
vxGroupUser.setId(userId);
vxGroupUser.setName("group user test");
vxGroupUser.setOwner("Admin");
vxGroupUser.setUserId(vXUser.getId());
vxGroupUser.setUpdatedBy("User");
Mockito.when(xGroupUserService.searchXGroupUsers((SearchCriteria) Mockito.any())).thenReturn(vxGroupUserList);
Mockito.when(daoManager.getXXGroupUser()).thenReturn(xGroupUserDao);
// VXPermMap
VXPermMapList vXPermMapList = new VXPermMapList();
XXPermMapDao xXPermMapDao = Mockito.mock(XXPermMapDao.class);
Mockito.when(xPermMapService.searchXPermMaps((SearchCriteria) Mockito.any())).thenReturn(vXPermMapList);
Mockito.when(daoManager.getXXPermMap()).thenReturn(xXPermMapDao);
// VXAuditMap
VXAuditMapList vXAuditMapList = new VXAuditMapList();
XXAuditMapDao xXAuditMapDao = Mockito.mock(XXAuditMapDao.class);
Mockito.when(xAuditMapService.searchXAuditMaps((SearchCriteria) Mockito.any())).thenReturn(vXAuditMapList);
Mockito.when(daoManager.getXXAuditMap()).thenReturn(xXAuditMapDao);
// XXPortalUser
VXPortalUser vXPortalUser = userProfile();
XXPortalUser xXPortalUser = new XXPortalUser();
XXPortalUserDao xXPortalUserDao = Mockito.mock(XXPortalUserDao.class);
Mockito.when(daoManager.getXXPortalUser()).thenReturn(xXPortalUserDao);
Mockito.when(xXPortalUserDao.findByLoginId(vXUser.getName().trim())).thenReturn(xXPortalUser);
Mockito.when(xPortalUserService.populateViewBean(xXPortalUser)).thenReturn(vXPortalUser);
XXAuthSessionDao xXAuthSessionDao = Mockito.mock(XXAuthSessionDao.class);
XXUserPermissionDao xXUserPermissionDao = Mockito.mock(XXUserPermissionDao.class);
XXPortalUserRoleDao xXPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class);
Mockito.when(daoManager.getXXAuthSession()).thenReturn(xXAuthSessionDao);
Mockito.when(daoManager.getXXUserPermission()).thenReturn(xXUserPermissionDao);
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xXPortalUserRoleDao);
List<XXAuthSession> xXAuthSessions = new ArrayList<XXAuthSession>();
List<XXUserPermission> xXUserPermissions = new ArrayList<XXUserPermission>();
List<XXPortalUserRole> xXPortalUserRoles = new ArrayList<XXPortalUserRole>();
Mockito.when(xXAuthSessionDao.getAuthSessionByUserId(vXPortalUser.getId())).thenReturn(xXAuthSessions);
Mockito.when(xXUserPermissionDao.findByUserPermissionId(vXPortalUser.getId())).thenReturn(xXUserPermissions);
Mockito.when(xXPortalUserRoleDao.findByUserId(vXPortalUser.getId())).thenReturn(xXPortalUserRoles);
// update XXPolicyItemUserPerm
XXPolicyDao xXPolicyDao = Mockito.mock(XXPolicyDao.class);
List<XXPolicy> xXPolicyList = new ArrayList<XXPolicy>();
Mockito.when(daoManager.getXXPolicy()).thenReturn(xXPolicyDao);
Mockito.when(xXPolicyDao.findByUserId(vXUser.getId())).thenReturn(xXPolicyList);
xUserMgr.deleteXUser(vXUser.getId(), force);
Mockito.verify(xGroupUserService).searchXGroupUsers((SearchCriteria) Mockito.any());
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
VXGroupUserList(org.apache.ranger.view.VXGroupUserList)
XXUserDao(org.apache.ranger.db.XXUserDao)
ArrayList(java.util.ArrayList)
XXPolicy(org.apache.ranger.entity.XXPolicy)
XXAuthSessionDao(org.apache.ranger.db.XXAuthSessionDao)
XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao)
XXPortalUserRoleDao(org.apache.ranger.db.XXPortalUserRoleDao)
XXPermMapDao(org.apache.ranger.db.XXPermMapDao)
VXPortalUser(org.apache.ranger.view.VXPortalUser)
XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole)
VXPermMapList(org.apache.ranger.view.VXPermMapList)
XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao)
XXUserPermissionDao(org.apache.ranger.db.XXUserPermissionDao)
VXGroupUser(org.apache.ranger.view.VXGroupUser)
VXAuditMapList(org.apache.ranger.view.VXAuditMapList)
VXUser(org.apache.ranger.view.VXUser)
XXAuthSession(org.apache.ranger.entity.XXAuthSession)
XXUserPermission(org.apache.ranger.entity.XXUserPermission)
XXPortalUser(org.apache.ranger.entity.XXPortalUser)
XXPortalUserDao(org.apache.ranger.db.XXPortalUserDao)
XXPolicyDao(org.apache.ranger.db.XXPolicyDao)
Test(org.junit.Test)
Aggregations
XXPolicy (org.apache.ranger.entity.XXPolicy)43
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)25
Test (org.junit.Test)15
ArrayList (java.util.ArrayList)12
XXPolicyDao (org.apache.ranger.db.XXPolicyDao)11
VXAuditMapList (org.apache.ranger.view.VXAuditMapList)10
VXPermMapList (org.apache.ranger.view.VXPermMapList)10
XXPortalUser (org.apache.ranger.entity.XXPortalUser)9
XXService (org.apache.ranger.entity.XXService)9
XXServiceDef (org.apache.ranger.entity.XXServiceDef)9
XXUser (org.apache.ranger.entity.XXUser)9
XXUserDao (org.apache.ranger.db.XXUserDao)8
RangerService (org.apache.ranger.plugin.model.RangerService)8
VXAuditMap (org.apache.ranger.view.VXAuditMap)8
VXPermMap (org.apache.ranger.view.VXPermMap)8
WebApplicationException (javax.ws.rs.WebApplicationException)7
XXAuditMapDao (org.apache.ranger.db.XXAuditMapDao)6
XXGroupUserDao (org.apache.ranger.db.XXGroupUserDao)6
XXPermMapDao (org.apache.ranger.db.XXPermMapDao)6
XXPortalUserDao (org.apache.ranger.db.XXPortalUserDao)6
