Example 1 with XXPolicyItemAccess
use of org.apache.ranger.entity.XXPolicyItemAccess in project ranger by apache.
the class ServiceDBStore method deleteExistingPolicyItems.
private Boolean deleteExistingPolicyItems(RangerPolicy policy) {
if (policy == null) {
return false;
}
XXPolicyItemDao policyItemDao = daoMgr.getXXPolicyItem();
List<XXPolicyItem> policyItems = policyItemDao.findByPolicyId(policy.getId());
for (XXPolicyItem policyItem : policyItems) {
Long polItemId = policyItem.getId();
XXPolicyItemConditionDao polCondDao = daoMgr.getXXPolicyItemCondition();
List<XXPolicyItemCondition> conditions = polCondDao.findByPolicyItemId(polItemId);
for (XXPolicyItemCondition condition : conditions) {
polCondDao.remove(condition);
}
XXPolicyItemGroupPermDao grpPermDao = daoMgr.getXXPolicyItemGroupPerm();
List<XXPolicyItemGroupPerm> groups = grpPermDao.findByPolicyItemId(polItemId);
for (XXPolicyItemGroupPerm group : groups) {
grpPermDao.remove(group);
}
XXPolicyItemUserPermDao userPermDao = daoMgr.getXXPolicyItemUserPerm();
List<XXPolicyItemUserPerm> users = userPermDao.findByPolicyItemId(polItemId);
for (XXPolicyItemUserPerm user : users) {
userPermDao.remove(user);
}
XXPolicyItemAccessDao polItemAccDao = daoMgr.getXXPolicyItemAccess();
List<XXPolicyItemAccess> accesses = polItemAccDao.findByPolicyItemId(polItemId);
for (XXPolicyItemAccess access : accesses) {
polItemAccDao.remove(access);
}
XXPolicyItemDataMaskInfoDao polItemDataMaskInfoDao = daoMgr.getXXPolicyItemDataMaskInfo();
List<XXPolicyItemDataMaskInfo> dataMaskInfos = polItemDataMaskInfoDao.findByPolicyItemId(polItemId);
for (XXPolicyItemDataMaskInfo dataMaskInfo : dataMaskInfos) {
polItemDataMaskInfoDao.remove(dataMaskInfo);
}
XXPolicyItemRowFilterInfoDao polItemRowFilterInfoDao = daoMgr.getXXPolicyItemRowFilterInfo();
List<XXPolicyItemRowFilterInfo> rowFilterInfos = polItemRowFilterInfoDao.findByPolicyItemId(polItemId);
for (XXPolicyItemRowFilterInfo rowFilterInfo : rowFilterInfos) {
polItemRowFilterInfoDao.remove(rowFilterInfo);
}
policyItemDao.remove(policyItem);
}
return true;
}
Also used :
XXPolicyItemGroupPerm(org.apache.ranger.entity.XXPolicyItemGroupPerm)
XXPolicyItemConditionDao(org.apache.ranger.db.XXPolicyItemConditionDao)
XXPolicyItemUserPermDao(org.apache.ranger.db.XXPolicyItemUserPermDao)
XXPolicyItemUserPerm(org.apache.ranger.entity.XXPolicyItemUserPerm)
XXPolicyItemGroupPermDao(org.apache.ranger.db.XXPolicyItemGroupPermDao)
XXPolicyItemRowFilterInfo(org.apache.ranger.entity.XXPolicyItemRowFilterInfo)
XXPolicyItemCondition(org.apache.ranger.entity.XXPolicyItemCondition)
XXPolicyItemDataMaskInfo(org.apache.ranger.entity.XXPolicyItemDataMaskInfo)
XXPolicyItemDao(org.apache.ranger.db.XXPolicyItemDao)
XXPolicyItemDataMaskInfoDao(org.apache.ranger.db.XXPolicyItemDataMaskInfoDao)
XXPolicyItem(org.apache.ranger.entity.XXPolicyItem)
XXPolicyItemAccess(org.apache.ranger.entity.XXPolicyItemAccess)
XXPolicyItemAccessDao(org.apache.ranger.db.XXPolicyItemAccessDao)
XXPolicyItemRowFilterInfoDao(org.apache.ranger.db.XXPolicyItemRowFilterInfoDao)
Example 2 with XXPolicyItemAccess
use of org.apache.ranger.entity.XXPolicyItemAccess in project ranger by apache.
the class ServiceDBStore method deleteXXAccessTypeDef.
public void deleteXXAccessTypeDef(XXAccessTypeDef xAccess) {
List<XXAccessTypeDefGrants> atdGrantsList = daoMgr.getXXAccessTypeDefGrants().findByATDId(xAccess.getId());
for (XXAccessTypeDefGrants atdGrant : atdGrantsList) {
daoMgr.getXXAccessTypeDefGrants().remove(atdGrant);
}
List<XXPolicyItemAccess> policyItemAccessList = daoMgr.getXXPolicyItemAccess().findByType(xAccess.getId());
for (XXPolicyItemAccess policyItemAccess : policyItemAccessList) {
daoMgr.getXXPolicyItemAccess().remove(policyItemAccess);
}
daoMgr.getXXAccessTypeDef().remove(xAccess);
}
Also used :
XXAccessTypeDefGrants(org.apache.ranger.entity.XXAccessTypeDefGrants)
XXPolicyItemAccess(org.apache.ranger.entity.XXPolicyItemAccess)
Example 3 with XXPolicyItemAccess
use of org.apache.ranger.entity.XXPolicyItemAccess in project ranger by apache.
the class ServiceDBStore method updateChildObjectsOfServiceDef.
private void updateChildObjectsOfServiceDef(XXServiceDef createdSvcDef, List<RangerServiceConfigDef> configs, List<RangerResourceDef> resources, List<RangerAccessTypeDef> accessTypes, List<RangerPolicyConditionDef> policyConditions, List<RangerContextEnricherDef> contextEnrichers, List<RangerEnumDef> enums, RangerDataMaskDef dataMaskDef, RangerRowFilterDef rowFilterDef) {
Long serviceDefId = createdSvcDef.getId();
List<XXServiceConfigDef> xxConfigs = daoMgr.getXXServiceConfigDef().findByServiceDefId(serviceDefId);
List<XXResourceDef> xxResources = daoMgr.getXXResourceDef().findByServiceDefId(serviceDefId);
List<XXAccessTypeDef> xxAccessTypes = daoMgr.getXXAccessTypeDef().findByServiceDefId(serviceDefId);
List<XXPolicyConditionDef> xxPolicyConditions = daoMgr.getXXPolicyConditionDef().findByServiceDefId(serviceDefId);
List<XXContextEnricherDef> xxContextEnrichers = daoMgr.getXXContextEnricherDef().findByServiceDefId(serviceDefId);
List<XXEnumDef> xxEnums = daoMgr.getXXEnumDef().findByServiceDefId(serviceDefId);
XXServiceConfigDefDao xxServiceConfigDao = daoMgr.getXXServiceConfigDef();
for (int i = 0; i < configs.size(); i++) {
RangerServiceConfigDef config = configs.get(i);
boolean found = false;
for (XXServiceConfigDef xConfig : xxConfigs) {
if (config.getItemId() != null && config.getItemId().equals(xConfig.getItemId())) {
found = true;
xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xConfig.setOrder(i);
xConfig = xxServiceConfigDao.update(xConfig);
config = serviceDefService.populateXXToRangerServiceConfigDef(xConfig);
break;
}
}
if (!found) {
XXServiceConfigDef xConfig = new XXServiceConfigDef();
xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xConfig.setOrder(i);
xConfig = xxServiceConfigDao.create(xConfig);
config = serviceDefService.populateXXToRangerServiceConfigDef(xConfig);
}
}
for (XXServiceConfigDef xConfig : xxConfigs) {
boolean found = false;
for (RangerServiceConfigDef config : configs) {
if (xConfig.getItemId() != null && xConfig.getItemId().equals(config.getItemId())) {
found = true;
break;
}
}
if (!found) {
xxServiceConfigDao.remove(xConfig);
}
}
XXResourceDefDao xxResDefDao = daoMgr.getXXResourceDef();
for (RangerResourceDef resource : resources) {
boolean found = false;
for (XXResourceDef xRes : xxResources) {
if (resource.getItemId() != null && resource.getItemId().equals(xRes.getItemId())) {
found = true;
xRes = serviceDefService.populateRangerResourceDefToXX(resource, xRes, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xxResDefDao.update(xRes);
resource = serviceDefService.populateXXToRangerResourceDef(xRes);
break;
}
}
if (!found) {
XXResourceDef parent = xxResDefDao.findByNameAndServiceDefId(resource.getParent(), serviceDefId);
Long parentId = (parent != null) ? parent.getId() : null;
XXResourceDef xResource = new XXResourceDef();
xResource = serviceDefService.populateRangerResourceDefToXX(resource, xResource, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xResource.setParent(parentId);
xResource = xxResDefDao.create(xResource);
}
}
for (XXResourceDef xRes : xxResources) {
boolean found = false;
for (RangerResourceDef resource : resources) {
if (xRes.getItemId() != null && xRes.getItemId().equals(resource.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXPolicyResource> policyResList = daoMgr.getXXPolicyResource().findByResDefId(xRes.getId());
if (!stringUtil.isEmpty(policyResList)) {
throw restErrorUtil.createRESTException("Policy/Policies are referring to this resource: " + xRes.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE);
}
deleteXXResourceDef(xRes);
}
}
XXAccessTypeDefDao xxATDDao = daoMgr.getXXAccessTypeDef();
for (int i = 0; i < accessTypes.size(); i++) {
RangerAccessTypeDef access = accessTypes.get(i);
boolean found = false;
for (XXAccessTypeDef xAccess : xxAccessTypes) {
if (access.getItemId() != null && access.getItemId().equals(xAccess.getItemId())) {
found = true;
xAccess = serviceDefService.populateRangerAccessTypeDefToXX(access, xAccess, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xAccess.setOrder(i);
xAccess = xxATDDao.update(xAccess);
Collection<String> impliedGrants = access.getImpliedGrants();
XXAccessTypeDefGrantsDao xxATDGrantDao = daoMgr.getXXAccessTypeDefGrants();
List<String> xxImpliedGrants = xxATDGrantDao.findImpliedGrantsByATDId(xAccess.getId());
for (String impliedGrant : impliedGrants) {
boolean foundGrant = false;
for (String xImpliedGrant : xxImpliedGrants) {
if (StringUtils.equalsIgnoreCase(impliedGrant, xImpliedGrant)) {
foundGrant = true;
break;
}
}
if (!foundGrant) {
XXAccessTypeDefGrants xImpliedGrant = new XXAccessTypeDefGrants();
xImpliedGrant.setAtdId(xAccess.getId());
xImpliedGrant.setImpliedGrant(impliedGrant);
xImpliedGrant = xxATDGrantDao.create(xImpliedGrant);
}
}
for (String xImpliedGrant : xxImpliedGrants) {
boolean foundGrant = false;
for (String impliedGrant : impliedGrants) {
if (StringUtils.equalsIgnoreCase(xImpliedGrant, impliedGrant)) {
foundGrant = true;
break;
}
}
if (!foundGrant) {
XXAccessTypeDefGrants xATDGrant = xxATDGrantDao.findByNameAndATDId(xAccess.getId(), xImpliedGrant);
xxATDGrantDao.remove(xATDGrant);
}
}
access = serviceDefService.populateXXToRangerAccessTypeDef(xAccess);
break;
}
}
if (!found) {
XXAccessTypeDef xAccessType = new XXAccessTypeDef();
xAccessType = serviceDefService.populateRangerAccessTypeDefToXX(access, xAccessType, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xAccessType.setOrder(i);
xAccessType = xxATDDao.create(xAccessType);
Collection<String> impliedGrants = access.getImpliedGrants();
XXAccessTypeDefGrantsDao xxATDGrantDao = daoMgr.getXXAccessTypeDefGrants();
for (String impliedGrant : impliedGrants) {
XXAccessTypeDefGrants xImpliedGrant = new XXAccessTypeDefGrants();
xImpliedGrant.setAtdId(xAccessType.getId());
xImpliedGrant.setImpliedGrant(impliedGrant);
xImpliedGrant = xxATDGrantDao.create(xImpliedGrant);
}
access = serviceDefService.populateXXToRangerAccessTypeDef(xAccessType);
}
}
for (XXAccessTypeDef xAccess : xxAccessTypes) {
boolean found = false;
for (RangerAccessTypeDef access : accessTypes) {
if (xAccess.getItemId() != null && xAccess.getItemId().equals(access.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXPolicyItemAccess> polItemAccessList = daoMgr.getXXPolicyItemAccess().findByType(xAccess.getId());
if (!stringUtil.isEmpty(polItemAccessList)) {
throw restErrorUtil.createRESTException("Policy/Policies are referring to this access-type: " + xAccess.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE);
}
deleteXXAccessTypeDef(xAccess);
}
}
XXPolicyConditionDefDao xxPolCondDao = daoMgr.getXXPolicyConditionDef();
for (int i = 0; i < policyConditions.size(); i++) {
RangerPolicyConditionDef condition = policyConditions.get(i);
boolean found = false;
for (XXPolicyConditionDef xCondition : xxPolicyConditions) {
if (condition.getItemId() != null && condition.getItemId().equals(xCondition.getItemId())) {
found = true;
xCondition = serviceDefService.populateRangerPolicyConditionDefToXX(condition, xCondition, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xCondition.setOrder(i);
xCondition = xxPolCondDao.update(xCondition);
condition = serviceDefService.populateXXToRangerPolicyConditionDef(xCondition);
break;
}
}
if (!found) {
XXPolicyConditionDef xCondition = new XXPolicyConditionDef();
xCondition = serviceDefService.populateRangerPolicyConditionDefToXX(condition, xCondition, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xCondition.setOrder(i);
xCondition = xxPolCondDao.create(xCondition);
condition = serviceDefService.populateXXToRangerPolicyConditionDef(xCondition);
}
}
for (XXPolicyConditionDef xCondition : xxPolicyConditions) {
boolean found = false;
for (RangerPolicyConditionDef condition : policyConditions) {
if (xCondition.getItemId() != null && xCondition.getItemId().equals(condition.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXPolicyItemCondition> policyItemCondList = daoMgr.getXXPolicyItemCondition().findByPolicyConditionDefId(xCondition.getId());
if (!stringUtil.isEmpty(policyItemCondList)) {
throw restErrorUtil.createRESTException("Policy/Policies are referring to this policy-condition: " + xCondition.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE);
}
for (XXPolicyItemCondition policyItemCond : policyItemCondList) {
daoMgr.getXXPolicyItemCondition().remove(policyItemCond);
}
xxPolCondDao.remove(xCondition);
}
}
XXContextEnricherDefDao xxContextEnricherDao = daoMgr.getXXContextEnricherDef();
for (int i = 0; i < contextEnrichers.size(); i++) {
RangerContextEnricherDef context = contextEnrichers.get(i);
boolean found = false;
for (XXContextEnricherDef xContext : xxContextEnrichers) {
if (context.getItemId() != null && context.getItemId().equals(xContext.getItemId())) {
found = true;
xContext = serviceDefService.populateRangerContextEnricherDefToXX(context, xContext, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xContext.setOrder(i);
xContext = xxContextEnricherDao.update(xContext);
context = serviceDefService.populateXXToRangerContextEnricherDef(xContext);
break;
}
}
if (!found) {
XXContextEnricherDef xContext = new XXContextEnricherDef();
xContext = serviceDefService.populateRangerContextEnricherDefToXX(context, xContext, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xContext.setOrder(i);
xContext = xxContextEnricherDao.create(xContext);
context = serviceDefService.populateXXToRangerContextEnricherDef(xContext);
}
}
for (XXContextEnricherDef xContext : xxContextEnrichers) {
boolean found = false;
for (RangerContextEnricherDef context : contextEnrichers) {
if (xContext.getItemId() != null && xContext.getItemId().equals(context.getItemId())) {
found = true;
break;
}
}
if (!found) {
daoMgr.getXXContextEnricherDef().remove(xContext);
}
}
XXEnumDefDao xxEnumDefDao = daoMgr.getXXEnumDef();
for (RangerEnumDef enumDef : enums) {
boolean found = false;
for (XXEnumDef xEnumDef : xxEnums) {
if (enumDef.getItemId() != null && enumDef.getItemId().equals(xEnumDef.getItemId())) {
found = true;
xEnumDef = serviceDefService.populateRangerEnumDefToXX(enumDef, xEnumDef, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xEnumDef = xxEnumDefDao.update(xEnumDef);
XXEnumElementDefDao xEnumEleDao = daoMgr.getXXEnumElementDef();
List<XXEnumElementDef> xxEnumEleDefs = xEnumEleDao.findByEnumDefId(xEnumDef.getId());
List<RangerEnumElementDef> enumEleDefs = enumDef.getElements();
for (int i = 0; i < enumEleDefs.size(); i++) {
RangerEnumElementDef eleDef = enumEleDefs.get(i);
boolean foundEle = false;
for (XXEnumElementDef xEleDef : xxEnumEleDefs) {
if (eleDef.getItemId() != null && eleDef.getItemId().equals(xEleDef.getItemId())) {
foundEle = true;
xEleDef = serviceDefService.populateRangerEnumElementDefToXX(eleDef, xEleDef, xEnumDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xEleDef.setOrder(i);
xEleDef = xEnumEleDao.update(xEleDef);
break;
}
}
if (!foundEle) {
XXEnumElementDef xElement = new XXEnumElementDef();
xElement = serviceDefService.populateRangerEnumElementDefToXX(eleDef, xElement, xEnumDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xElement.setOrder(i);
xElement = xEnumEleDao.create(xElement);
}
}
for (XXEnumElementDef xxEleDef : xxEnumEleDefs) {
boolean foundEle = false;
for (RangerEnumElementDef enumEle : enumEleDefs) {
if (xxEleDef.getItemId() != null && xxEleDef.getItemId().equals(enumEle.getItemId())) {
foundEle = true;
break;
}
}
if (!foundEle) {
xEnumEleDao.remove(xxEleDef);
}
}
enumDef = serviceDefService.populateXXToRangerEnumDef(xEnumDef);
break;
}
}
if (!found) {
XXEnumDef xEnum = new XXEnumDef();
xEnum = serviceDefService.populateRangerEnumDefToXX(enumDef, xEnum, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xEnum = xxEnumDefDao.create(xEnum);
List<RangerEnumElementDef> elements = enumDef.getElements();
XXEnumElementDefDao xxEnumEleDefDao = daoMgr.getXXEnumElementDef();
for (RangerEnumElementDef element : elements) {
XXEnumElementDef xElement = new XXEnumElementDef();
xElement = serviceDefService.populateRangerEnumElementDefToXX(element, xElement, xEnum, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xElement = xxEnumEleDefDao.create(xElement);
}
enumDef = serviceDefService.populateXXToRangerEnumDef(xEnum);
}
}
for (XXEnumDef xEnumDef : xxEnums) {
boolean found = false;
for (RangerEnumDef enumDef : enums) {
if (xEnumDef.getItemId() != null && xEnumDef.getItemId().equals(enumDef.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXEnumElementDef> enumEleDefList = daoMgr.getXXEnumElementDef().findByEnumDefId(xEnumDef.getId());
for (XXEnumElementDef eleDef : enumEleDefList) {
daoMgr.getXXEnumElementDef().remove(eleDef);
}
xxEnumDefDao.remove(xEnumDef);
}
}
List<RangerDataMaskTypeDef> dataMasks = dataMaskDef == null || dataMaskDef.getMaskTypes() == null ? new ArrayList<RangerDataMaskTypeDef>() : dataMaskDef.getMaskTypes();
List<RangerAccessTypeDef> dataMaskAccessTypes = dataMaskDef == null || dataMaskDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : dataMaskDef.getAccessTypes();
List<RangerResourceDef> dataMaskResources = dataMaskDef == null || dataMaskDef.getResources() == null ? new ArrayList<RangerResourceDef>() : dataMaskDef.getResources();
List<RangerAccessTypeDef> rowFilterAccessTypes = rowFilterDef == null || rowFilterDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : rowFilterDef.getAccessTypes();
List<RangerResourceDef> rowFilterResources = rowFilterDef == null || rowFilterDef.getResources() == null ? new ArrayList<RangerResourceDef>() : rowFilterDef.getResources();
XXDataMaskTypeDefDao dataMaskTypeDao = daoMgr.getXXDataMaskTypeDef();
List<XXDataMaskTypeDef> xxDataMaskTypes = dataMaskTypeDao.findByServiceDefId(serviceDefId);
List<XXAccessTypeDef> xxAccessTypeDefs = xxATDDao.findByServiceDefId(serviceDefId);
List<XXResourceDef> xxResourceDefs = xxResDefDao.findByServiceDefId(serviceDefId);
// create or update dataMasks
for (int i = 0; i < dataMasks.size(); i++) {
RangerDataMaskTypeDef dataMask = dataMasks.get(i);
boolean found = false;
for (XXDataMaskTypeDef xxDataMask : xxDataMaskTypes) {
if (xxDataMask.getItemId() != null && xxDataMask.getItemId().equals(dataMask.getItemId())) {
if (LOG.isDebugEnabled()) {
LOG.debug("Updating existing dataMask with itemId=" + dataMask.getItemId());
}
found = true;
xxDataMask = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xxDataMask, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xxDataMask.setOrder(i);
xxDataMask = dataMaskTypeDao.update(xxDataMask);
dataMask = serviceDefService.populateXXToRangerDataMaskTypeDef(xxDataMask);
break;
}
}
if (!found) {
if (LOG.isDebugEnabled()) {
LOG.debug("Creating dataMask with itemId=" + dataMask.getItemId() + "");
}
XXDataMaskTypeDef xxDataMask = new XXDataMaskTypeDef();
xxDataMask = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xxDataMask, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xxDataMask.setOrder(i);
xxDataMask = dataMaskTypeDao.create(xxDataMask);
}
}
// remove dataMasks
for (XXDataMaskTypeDef xxDataMask : xxDataMaskTypes) {
boolean found = false;
for (RangerDataMaskTypeDef dataMask : dataMasks) {
if (xxDataMask.getItemId() != null && xxDataMask.getItemId().equals(dataMask.getItemId())) {
found = true;
break;
}
}
if (!found) {
if (LOG.isDebugEnabled()) {
LOG.debug("Deleting dataMask with itemId=" + xxDataMask.getItemId());
}
dataMaskTypeDao.remove(xxDataMask);
}
}
for (RangerAccessTypeDef accessType : dataMaskAccessTypes) {
if (!isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
throw restErrorUtil.createRESTException("accessType with name: " + accessType.getName() + " does not exist", MessageEnums.DATA_NOT_FOUND);
}
}
for (RangerAccessTypeDef accessType : rowFilterAccessTypes) {
if (!isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
throw restErrorUtil.createRESTException("accessType with name: " + accessType.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) {
String dataMaskOptions = null;
String rowFilterOptions = null;
for (RangerAccessTypeDef accessTypeDef : dataMaskAccessTypes) {
if (StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
break;
}
}
for (RangerAccessTypeDef accessTypeDef : rowFilterAccessTypes) {
if (StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
break;
}
}
if (!StringUtils.equals(dataMaskOptions, xxAccessTypeDef.getDataMaskOptions()) || !StringUtils.equals(rowFilterOptions, xxAccessTypeDef.getRowFilterOptions())) {
xxAccessTypeDef.setDataMaskOptions(dataMaskOptions);
xxAccessTypeDef.setRowFilterOptions(rowFilterOptions);
xxATDDao.update(xxAccessTypeDef);
}
}
for (RangerResourceDef resource : dataMaskResources) {
if (!isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: " + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (RangerResourceDef resource : rowFilterResources) {
if (!isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: " + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (XXResourceDef xxResourceDef : xxResourceDefs) {
String dataMaskOptions = null;
String rowFilterOptions = null;
for (RangerResourceDef resource : dataMaskResources) {
if (StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(resource);
break;
}
}
for (RangerResourceDef resource : rowFilterResources) {
if (StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(resource);
break;
}
}
if (!StringUtils.equals(dataMaskOptions, xxResourceDef.getDataMaskOptions()) || !StringUtils.equals(rowFilterOptions, xxResourceDef.getRowFilterOptions())) {
xxResourceDef.setDataMaskOptions(dataMaskOptions);
xxResourceDef.setRowFilterOptions(rowFilterOptions);
xxResDefDao.update(xxResourceDef);
}
}
}
Also used :
XXPolicyConditionDefDao(org.apache.ranger.db.XXPolicyConditionDefDao)
VXString(org.apache.ranger.view.VXString)
RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
XXServiceConfigDef(org.apache.ranger.entity.XXServiceConfigDef)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
RangerServiceConfigDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)
RangerDataMaskTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskTypeDef)
XXAccessTypeDefGrantsDao(org.apache.ranger.db.XXAccessTypeDefGrantsDao)
XXEnumElementDef(org.apache.ranger.entity.XXEnumElementDef)
XXPolicyResource(org.apache.ranger.entity.XXPolicyResource)
XXDataMaskTypeDefDao(org.apache.ranger.db.XXDataMaskTypeDefDao)
RangerEnumDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)
XXEnumElementDefDao(org.apache.ranger.db.XXEnumElementDefDao)
XXAccessTypeDefDao(org.apache.ranger.db.XXAccessTypeDefDao)
XXPolicyItemCondition(org.apache.ranger.entity.XXPolicyItemCondition)
XXAccessTypeDefGrants(org.apache.ranger.entity.XXAccessTypeDefGrants)
XXEnumDefDao(org.apache.ranger.db.XXEnumDefDao)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
XXResourceDefDao(org.apache.ranger.db.XXResourceDefDao)
RangerEnumElementDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
RangerAccessTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)
RangerContextEnricherDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)
XXPolicyItemAccess(org.apache.ranger.entity.XXPolicyItemAccess)
XXEnumDef(org.apache.ranger.entity.XXEnumDef)
XXServiceConfigDefDao(org.apache.ranger.db.XXServiceConfigDefDao)
XXContextEnricherDef(org.apache.ranger.entity.XXContextEnricherDef)
XXContextEnricherDefDao(org.apache.ranger.db.XXContextEnricherDefDao)
Example 4 with XXPolicyItemAccess
use of org.apache.ranger.entity.XXPolicyItemAccess in project ranger by apache.
the class ServiceDBStore method createNewPolicyItemForPolicy.
private XXPolicyItem createNewPolicyItemForPolicy(RangerPolicy policy, XXPolicy xPolicy, RangerPolicyItem policyItem, XXServiceDef xServiceDef, int itemOrder, int policyItemType) throws Exception {
XXPolicyItem xPolicyItem = new XXPolicyItem();
xPolicyItem = rangerAuditFields.populateAuditFields(xPolicyItem, xPolicy);
xPolicyItem.setDelegateAdmin(policyItem.getDelegateAdmin());
xPolicyItem.setItemType(policyItemType);
xPolicyItem.setIsEnabled(Boolean.TRUE);
xPolicyItem.setComments(null);
xPolicyItem.setPolicyId(policy.getId());
xPolicyItem.setOrder(itemOrder);
xPolicyItem = daoMgr.getXXPolicyItem().create(xPolicyItem);
List<RangerPolicyItemAccess> accesses = policyItem.getAccesses();
for (int i = 0; i < accesses.size(); i++) {
RangerPolicyItemAccess access = accesses.get(i);
XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef().findByNameAndServiceId(access.getType(), xPolicy.getService());
if (xAccTypeDef == null) {
throw new Exception(access.getType() + ": is not a valid access-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyItemAccess xPolItemAcc = new XXPolicyItemAccess();
xPolItemAcc = (XXPolicyItemAccess) rangerAuditFields.populateAuditFields(xPolItemAcc, xPolicyItem);
xPolItemAcc.setIsAllowed(access.getIsAllowed());
xPolItemAcc.setType(xAccTypeDef.getId());
xPolItemAcc.setPolicyitemid(xPolicyItem.getId());
xPolItemAcc.setOrder(i);
daoMgr.getXXPolicyItemAccess().create(xPolItemAcc);
}
List<String> users = policyItem.getUsers();
for (int i = 0; i < users.size(); i++) {
String user = users.get(i);
if (StringUtils.isBlank(user)) {
continue;
}
XXUser xUser = daoMgr.getXXUser().findByUserName(user);
if (xUser == null) {
throw new Exception(user + ": user does not exist. policy='" + policy.getName() + "' service='" + policy.getService() + "' user='" + user + "'");
}
XXPolicyItemUserPerm xUserPerm = new XXPolicyItemUserPerm();
xUserPerm = rangerAuditFields.populateAuditFields(xUserPerm, xPolicyItem);
xUserPerm.setUserId(xUser.getId());
xUserPerm.setPolicyItemId(xPolicyItem.getId());
xUserPerm.setOrder(i);
xUserPerm = daoMgr.getXXPolicyItemUserPerm().create(xUserPerm);
}
List<String> groups = policyItem.getGroups();
for (int i = 0; i < groups.size(); i++) {
String group = groups.get(i);
if (StringUtils.isBlank(group)) {
continue;
}
XXGroup xGrp = daoMgr.getXXGroup().findByGroupName(group);
if (xGrp == null) {
throw new Exception(group + ": group does not exist. policy='" + policy.getName() + "' service='" + policy.getService() + "' group='" + group + "'");
}
XXPolicyItemGroupPerm xGrpPerm = new XXPolicyItemGroupPerm();
xGrpPerm = rangerAuditFields.populateAuditFields(xGrpPerm, xPolicyItem);
xGrpPerm.setGroupId(xGrp.getId());
xGrpPerm.setPolicyItemId(xPolicyItem.getId());
xGrpPerm.setOrder(i);
xGrpPerm = daoMgr.getXXPolicyItemGroupPerm().create(xGrpPerm);
}
List<RangerPolicyItemCondition> conditions = policyItem.getConditions();
for (RangerPolicyItemCondition condition : conditions) {
XXPolicyConditionDef xPolCond = daoMgr.getXXPolicyConditionDef().findByServiceDefIdAndName(xServiceDef.getId(), condition.getType());
if (xPolCond == null) {
throw new Exception(condition.getType() + ": is not a valid condition-type. policy='" + xPolicy.getName() + "' service='" + xPolicy.getService() + "'");
}
for (int i = 0; i < condition.getValues().size(); i++) {
String value = condition.getValues().get(i);
XXPolicyItemCondition xPolItemCond = new XXPolicyItemCondition();
xPolItemCond = rangerAuditFields.populateAuditFields(xPolItemCond, xPolicyItem);
xPolItemCond.setPolicyItemId(xPolicyItem.getId());
xPolItemCond.setType(xPolCond.getId());
xPolItemCond.setValue(value);
xPolItemCond.setOrder(i);
daoMgr.getXXPolicyItemCondition().create(xPolItemCond);
}
}
return xPolicyItem;
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXPolicyItemGroupPerm(org.apache.ranger.entity.XXPolicyItemGroupPerm)
XXPolicyItemUserPerm(org.apache.ranger.entity.XXPolicyItemUserPerm)
VXString(org.apache.ranger.view.VXString)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
JSONException(org.codehaus.jettison.json.JSONException)
XXPolicyItemCondition(org.apache.ranger.entity.XXPolicyItemCondition)
XXPolicyItem(org.apache.ranger.entity.XXPolicyItem)
XXPolicyItemAccess(org.apache.ranger.entity.XXPolicyItemAccess)
XXGroup(org.apache.ranger.entity.XXGroup)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
Aggregations
XXPolicyItemAccess (org.apache.ranger.entity.XXPolicyItemAccess)4
XXPolicyItemCondition (org.apache.ranger.entity.XXPolicyItemCondition)3
XXAccessTypeDef (org.apache.ranger.entity.XXAccessTypeDef)2
XXAccessTypeDefGrants (org.apache.ranger.entity.XXAccessTypeDefGrants)2
XXPolicyConditionDef (org.apache.ranger.entity.XXPolicyConditionDef)2
XXPolicyItem (org.apache.ranger.entity.XXPolicyItem)2
XXPolicyItemGroupPerm (org.apache.ranger.entity.XXPolicyItemGroupPerm)2
XXPolicyItemUserPerm (org.apache.ranger.entity.XXPolicyItemUserPerm)2
VXString (org.apache.ranger.view.VXString)2
IOException (java.io.IOException)1
UnknownHostException (java.net.UnknownHostException)1
XXAccessTypeDefDao (org.apache.ranger.db.XXAccessTypeDefDao)1
XXAccessTypeDefGrantsDao (org.apache.ranger.db.XXAccessTypeDefGrantsDao)1
XXContextEnricherDefDao (org.apache.ranger.db.XXContextEnricherDefDao)1
XXDataMaskTypeDefDao (org.apache.ranger.db.XXDataMaskTypeDefDao)1
XXEnumDefDao (org.apache.ranger.db.XXEnumDefDao)1
XXEnumElementDefDao (org.apache.ranger.db.XXEnumElementDefDao)1
XXPolicyConditionDefDao (org.apache.ranger.db.XXPolicyConditionDefDao)1
XXPolicyItemAccessDao (org.apache.ranger.db.XXPolicyItemAccessDao)1
XXPolicyItemConditionDao (org.apache.ranger.db.XXPolicyItemConditionDao)1
