Example 1 with XXPolicyItemCondition
use of org.apache.ranger.entity.XXPolicyItemCondition in project ranger by apache.
the class ServiceDBStore method deleteServiceDef.
public void deleteServiceDef(Long serviceDefId, Boolean forceDelete) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.deleteServiceDef(" + serviceDefId + ", " + forceDelete + ")");
}
bizUtil.blockAuditorRoleUser();
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session == null) {
throw restErrorUtil.createRESTException("UserSession cannot be null, only Admin can update service-def", MessageEnums.OPER_NO_PERMISSION);
}
if (!session.isKeyAdmin() && !session.isUserAdmin()) {
throw restErrorUtil.createRESTException("User is not allowed to update service-def, only Admin can update service-def", MessageEnums.OPER_NO_PERMISSION);
}
RangerServiceDef serviceDef = getServiceDef(serviceDefId);
if (serviceDef == null) {
throw restErrorUtil.createRESTException("No Service Definiton found for Id: " + serviceDefId, MessageEnums.DATA_NOT_FOUND);
}
List<XXService> serviceList = daoMgr.getXXService().findByServiceDefId(serviceDefId);
if (!forceDelete) {
if (CollectionUtils.isNotEmpty(serviceList)) {
throw restErrorUtil.createRESTException("Services exists under given service definition, can't delete Service-Def: " + serviceDef.getName(), MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
}
XXDataMaskTypeDefDao dataMaskDao = daoMgr.getXXDataMaskTypeDef();
List<XXDataMaskTypeDef> dataMaskDefs = dataMaskDao.findByServiceDefId(serviceDefId);
for (XXDataMaskTypeDef dataMaskDef : dataMaskDefs) {
dataMaskDao.remove(dataMaskDef);
}
List<XXAccessTypeDef> accTypeDefs = daoMgr.getXXAccessTypeDef().findByServiceDefId(serviceDefId);
for (XXAccessTypeDef accessType : accTypeDefs) {
deleteXXAccessTypeDef(accessType);
}
XXContextEnricherDefDao xContextEnricherDao = daoMgr.getXXContextEnricherDef();
List<XXContextEnricherDef> contextEnrichers = xContextEnricherDao.findByServiceDefId(serviceDefId);
for (XXContextEnricherDef context : contextEnrichers) {
xContextEnricherDao.remove(context);
}
XXEnumDefDao enumDefDao = daoMgr.getXXEnumDef();
List<XXEnumDef> enumDefList = enumDefDao.findByServiceDefId(serviceDefId);
for (XXEnumDef enumDef : enumDefList) {
List<XXEnumElementDef> enumEleDefList = daoMgr.getXXEnumElementDef().findByEnumDefId(enumDef.getId());
for (XXEnumElementDef eleDef : enumEleDefList) {
daoMgr.getXXEnumElementDef().remove(eleDef);
}
enumDefDao.remove(enumDef);
}
XXPolicyConditionDefDao policyCondDao = daoMgr.getXXPolicyConditionDef();
List<XXPolicyConditionDef> policyCondList = policyCondDao.findByServiceDefId(serviceDefId);
for (XXPolicyConditionDef policyCond : policyCondList) {
List<XXPolicyItemCondition> policyItemCondList = daoMgr.getXXPolicyItemCondition().findByPolicyConditionDefId(policyCond.getId());
for (XXPolicyItemCondition policyItemCond : policyItemCondList) {
daoMgr.getXXPolicyItemCondition().remove(policyItemCond);
}
policyCondDao.remove(policyCond);
}
List<XXResourceDef> resDefList = daoMgr.getXXResourceDef().findByServiceDefId(serviceDefId);
for (XXResourceDef resDef : resDefList) {
deleteXXResourceDef(resDef);
}
XXServiceConfigDefDao configDefDao = daoMgr.getXXServiceConfigDef();
List<XXServiceConfigDef> configDefList = configDefDao.findByServiceDefId(serviceDefId);
for (XXServiceConfigDef configDef : configDefList) {
configDefDao.remove(configDef);
}
if (CollectionUtils.isNotEmpty(serviceList)) {
for (XXService service : serviceList) {
deleteService(service.getId());
}
}
Long version = serviceDef.getVersion();
if (version == null) {
version = Long.valueOf(1);
LOG.info("Found Version Value: `null`, so setting value of version to 1, While updating object, version should not be null.");
} else {
version = Long.valueOf(version.longValue() + 1);
}
serviceDef.setVersion(version);
serviceDefService.delete(serviceDef);
LOG.info("ServiceDefinition has been deleted successfully. Service-Def Name: " + serviceDef.getName());
dataHistService.createObjectDataHistory(serviceDef, RangerDataHistService.ACTION_DELETE);
postDelete(serviceDef);
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.deleteServiceDef(" + serviceDefId + ", " + forceDelete + ")");
}
}
Also used :
XXDataMaskTypeDefDao(org.apache.ranger.db.XXDataMaskTypeDefDao)
XXPolicyConditionDefDao(org.apache.ranger.db.XXPolicyConditionDefDao)
XXPolicyItemCondition(org.apache.ranger.entity.XXPolicyItemCondition)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
XXEnumDefDao(org.apache.ranger.db.XXEnumDefDao)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
XXServiceConfigDef(org.apache.ranger.entity.XXServiceConfigDef)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
XXEnumElementDef(org.apache.ranger.entity.XXEnumElementDef)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
XXEnumDef(org.apache.ranger.entity.XXEnumDef)
XXService(org.apache.ranger.entity.XXService)
XXServiceConfigDefDao(org.apache.ranger.db.XXServiceConfigDefDao)
XXContextEnricherDef(org.apache.ranger.entity.XXContextEnricherDef)
XXContextEnricherDefDao(org.apache.ranger.db.XXContextEnricherDefDao)
Example 2 with XXPolicyItemCondition
use of org.apache.ranger.entity.XXPolicyItemCondition in project ranger by apache.
the class ServiceDBStore method deleteExistingPolicyItems.
private Boolean deleteExistingPolicyItems(RangerPolicy policy) {
if (policy == null) {
return false;
}
XXPolicyItemDao policyItemDao = daoMgr.getXXPolicyItem();
List<XXPolicyItem> policyItems = policyItemDao.findByPolicyId(policy.getId());
for (XXPolicyItem policyItem : policyItems) {
Long polItemId = policyItem.getId();
XXPolicyItemConditionDao polCondDao = daoMgr.getXXPolicyItemCondition();
List<XXPolicyItemCondition> conditions = polCondDao.findByPolicyItemId(polItemId);
for (XXPolicyItemCondition condition : conditions) {
polCondDao.remove(condition);
}
XXPolicyItemGroupPermDao grpPermDao = daoMgr.getXXPolicyItemGroupPerm();
List<XXPolicyItemGroupPerm> groups = grpPermDao.findByPolicyItemId(polItemId);
for (XXPolicyItemGroupPerm group : groups) {
grpPermDao.remove(group);
}
XXPolicyItemUserPermDao userPermDao = daoMgr.getXXPolicyItemUserPerm();
List<XXPolicyItemUserPerm> users = userPermDao.findByPolicyItemId(polItemId);
for (XXPolicyItemUserPerm user : users) {
userPermDao.remove(user);
}
XXPolicyItemAccessDao polItemAccDao = daoMgr.getXXPolicyItemAccess();
List<XXPolicyItemAccess> accesses = polItemAccDao.findByPolicyItemId(polItemId);
for (XXPolicyItemAccess access : accesses) {
polItemAccDao.remove(access);
}
XXPolicyItemDataMaskInfoDao polItemDataMaskInfoDao = daoMgr.getXXPolicyItemDataMaskInfo();
List<XXPolicyItemDataMaskInfo> dataMaskInfos = polItemDataMaskInfoDao.findByPolicyItemId(polItemId);
for (XXPolicyItemDataMaskInfo dataMaskInfo : dataMaskInfos) {
polItemDataMaskInfoDao.remove(dataMaskInfo);
}
XXPolicyItemRowFilterInfoDao polItemRowFilterInfoDao = daoMgr.getXXPolicyItemRowFilterInfo();
List<XXPolicyItemRowFilterInfo> rowFilterInfos = polItemRowFilterInfoDao.findByPolicyItemId(polItemId);
for (XXPolicyItemRowFilterInfo rowFilterInfo : rowFilterInfos) {
polItemRowFilterInfoDao.remove(rowFilterInfo);
}
policyItemDao.remove(policyItem);
}
return true;
}
Also used :
XXPolicyItemGroupPerm(org.apache.ranger.entity.XXPolicyItemGroupPerm)
XXPolicyItemConditionDao(org.apache.ranger.db.XXPolicyItemConditionDao)
XXPolicyItemUserPermDao(org.apache.ranger.db.XXPolicyItemUserPermDao)
XXPolicyItemUserPerm(org.apache.ranger.entity.XXPolicyItemUserPerm)
XXPolicyItemGroupPermDao(org.apache.ranger.db.XXPolicyItemGroupPermDao)
XXPolicyItemRowFilterInfo(org.apache.ranger.entity.XXPolicyItemRowFilterInfo)
XXPolicyItemCondition(org.apache.ranger.entity.XXPolicyItemCondition)
XXPolicyItemDataMaskInfo(org.apache.ranger.entity.XXPolicyItemDataMaskInfo)
XXPolicyItemDao(org.apache.ranger.db.XXPolicyItemDao)
XXPolicyItemDataMaskInfoDao(org.apache.ranger.db.XXPolicyItemDataMaskInfoDao)
XXPolicyItem(org.apache.ranger.entity.XXPolicyItem)
XXPolicyItemAccess(org.apache.ranger.entity.XXPolicyItemAccess)
XXPolicyItemAccessDao(org.apache.ranger.db.XXPolicyItemAccessDao)
XXPolicyItemRowFilterInfoDao(org.apache.ranger.db.XXPolicyItemRowFilterInfoDao)
Example 3 with XXPolicyItemCondition
use of org.apache.ranger.entity.XXPolicyItemCondition in project ranger by apache.
the class ServiceDBStore method updateChildObjectsOfServiceDef.
private void updateChildObjectsOfServiceDef(XXServiceDef createdSvcDef, List<RangerServiceConfigDef> configs, List<RangerResourceDef> resources, List<RangerAccessTypeDef> accessTypes, List<RangerPolicyConditionDef> policyConditions, List<RangerContextEnricherDef> contextEnrichers, List<RangerEnumDef> enums, RangerDataMaskDef dataMaskDef, RangerRowFilterDef rowFilterDef) {
Long serviceDefId = createdSvcDef.getId();
List<XXServiceConfigDef> xxConfigs = daoMgr.getXXServiceConfigDef().findByServiceDefId(serviceDefId);
List<XXResourceDef> xxResources = daoMgr.getXXResourceDef().findByServiceDefId(serviceDefId);
List<XXAccessTypeDef> xxAccessTypes = daoMgr.getXXAccessTypeDef().findByServiceDefId(serviceDefId);
List<XXPolicyConditionDef> xxPolicyConditions = daoMgr.getXXPolicyConditionDef().findByServiceDefId(serviceDefId);
List<XXContextEnricherDef> xxContextEnrichers = daoMgr.getXXContextEnricherDef().findByServiceDefId(serviceDefId);
List<XXEnumDef> xxEnums = daoMgr.getXXEnumDef().findByServiceDefId(serviceDefId);
XXServiceConfigDefDao xxServiceConfigDao = daoMgr.getXXServiceConfigDef();
for (int i = 0; i < configs.size(); i++) {
RangerServiceConfigDef config = configs.get(i);
boolean found = false;
for (XXServiceConfigDef xConfig : xxConfigs) {
if (config.getItemId() != null && config.getItemId().equals(xConfig.getItemId())) {
found = true;
xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xConfig.setOrder(i);
xConfig = xxServiceConfigDao.update(xConfig);
config = serviceDefService.populateXXToRangerServiceConfigDef(xConfig);
break;
}
}
if (!found) {
XXServiceConfigDef xConfig = new XXServiceConfigDef();
xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xConfig.setOrder(i);
xConfig = xxServiceConfigDao.create(xConfig);
config = serviceDefService.populateXXToRangerServiceConfigDef(xConfig);
}
}
for (XXServiceConfigDef xConfig : xxConfigs) {
boolean found = false;
for (RangerServiceConfigDef config : configs) {
if (xConfig.getItemId() != null && xConfig.getItemId().equals(config.getItemId())) {
found = true;
break;
}
}
if (!found) {
xxServiceConfigDao.remove(xConfig);
}
}
XXResourceDefDao xxResDefDao = daoMgr.getXXResourceDef();
for (RangerResourceDef resource : resources) {
boolean found = false;
for (XXResourceDef xRes : xxResources) {
if (resource.getItemId() != null && resource.getItemId().equals(xRes.getItemId())) {
found = true;
xRes = serviceDefService.populateRangerResourceDefToXX(resource, xRes, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xxResDefDao.update(xRes);
resource = serviceDefService.populateXXToRangerResourceDef(xRes);
break;
}
}
if (!found) {
XXResourceDef parent = xxResDefDao.findByNameAndServiceDefId(resource.getParent(), serviceDefId);
Long parentId = (parent != null) ? parent.getId() : null;
XXResourceDef xResource = new XXResourceDef();
xResource = serviceDefService.populateRangerResourceDefToXX(resource, xResource, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xResource.setParent(parentId);
xResource = xxResDefDao.create(xResource);
}
}
for (XXResourceDef xRes : xxResources) {
boolean found = false;
for (RangerResourceDef resource : resources) {
if (xRes.getItemId() != null && xRes.getItemId().equals(resource.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXPolicyResource> policyResList = daoMgr.getXXPolicyResource().findByResDefId(xRes.getId());
if (!stringUtil.isEmpty(policyResList)) {
throw restErrorUtil.createRESTException("Policy/Policies are referring to this resource: " + xRes.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE);
}
deleteXXResourceDef(xRes);
}
}
XXAccessTypeDefDao xxATDDao = daoMgr.getXXAccessTypeDef();
for (int i = 0; i < accessTypes.size(); i++) {
RangerAccessTypeDef access = accessTypes.get(i);
boolean found = false;
for (XXAccessTypeDef xAccess : xxAccessTypes) {
if (access.getItemId() != null && access.getItemId().equals(xAccess.getItemId())) {
found = true;
xAccess = serviceDefService.populateRangerAccessTypeDefToXX(access, xAccess, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xAccess.setOrder(i);
xAccess = xxATDDao.update(xAccess);
Collection<String> impliedGrants = access.getImpliedGrants();
XXAccessTypeDefGrantsDao xxATDGrantDao = daoMgr.getXXAccessTypeDefGrants();
List<String> xxImpliedGrants = xxATDGrantDao.findImpliedGrantsByATDId(xAccess.getId());
for (String impliedGrant : impliedGrants) {
boolean foundGrant = false;
for (String xImpliedGrant : xxImpliedGrants) {
if (StringUtils.equalsIgnoreCase(impliedGrant, xImpliedGrant)) {
foundGrant = true;
break;
}
}
if (!foundGrant) {
XXAccessTypeDefGrants xImpliedGrant = new XXAccessTypeDefGrants();
xImpliedGrant.setAtdId(xAccess.getId());
xImpliedGrant.setImpliedGrant(impliedGrant);
xImpliedGrant = xxATDGrantDao.create(xImpliedGrant);
}
}
for (String xImpliedGrant : xxImpliedGrants) {
boolean foundGrant = false;
for (String impliedGrant : impliedGrants) {
if (StringUtils.equalsIgnoreCase(xImpliedGrant, impliedGrant)) {
foundGrant = true;
break;
}
}
if (!foundGrant) {
XXAccessTypeDefGrants xATDGrant = xxATDGrantDao.findByNameAndATDId(xAccess.getId(), xImpliedGrant);
xxATDGrantDao.remove(xATDGrant);
}
}
access = serviceDefService.populateXXToRangerAccessTypeDef(xAccess);
break;
}
}
if (!found) {
XXAccessTypeDef xAccessType = new XXAccessTypeDef();
xAccessType = serviceDefService.populateRangerAccessTypeDefToXX(access, xAccessType, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xAccessType.setOrder(i);
xAccessType = xxATDDao.create(xAccessType);
Collection<String> impliedGrants = access.getImpliedGrants();
XXAccessTypeDefGrantsDao xxATDGrantDao = daoMgr.getXXAccessTypeDefGrants();
for (String impliedGrant : impliedGrants) {
XXAccessTypeDefGrants xImpliedGrant = new XXAccessTypeDefGrants();
xImpliedGrant.setAtdId(xAccessType.getId());
xImpliedGrant.setImpliedGrant(impliedGrant);
xImpliedGrant = xxATDGrantDao.create(xImpliedGrant);
}
access = serviceDefService.populateXXToRangerAccessTypeDef(xAccessType);
}
}
for (XXAccessTypeDef xAccess : xxAccessTypes) {
boolean found = false;
for (RangerAccessTypeDef access : accessTypes) {
if (xAccess.getItemId() != null && xAccess.getItemId().equals(access.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXPolicyItemAccess> polItemAccessList = daoMgr.getXXPolicyItemAccess().findByType(xAccess.getId());
if (!stringUtil.isEmpty(polItemAccessList)) {
throw restErrorUtil.createRESTException("Policy/Policies are referring to this access-type: " + xAccess.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE);
}
deleteXXAccessTypeDef(xAccess);
}
}
XXPolicyConditionDefDao xxPolCondDao = daoMgr.getXXPolicyConditionDef();
for (int i = 0; i < policyConditions.size(); i++) {
RangerPolicyConditionDef condition = policyConditions.get(i);
boolean found = false;
for (XXPolicyConditionDef xCondition : xxPolicyConditions) {
if (condition.getItemId() != null && condition.getItemId().equals(xCondition.getItemId())) {
found = true;
xCondition = serviceDefService.populateRangerPolicyConditionDefToXX(condition, xCondition, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xCondition.setOrder(i);
xCondition = xxPolCondDao.update(xCondition);
condition = serviceDefService.populateXXToRangerPolicyConditionDef(xCondition);
break;
}
}
if (!found) {
XXPolicyConditionDef xCondition = new XXPolicyConditionDef();
xCondition = serviceDefService.populateRangerPolicyConditionDefToXX(condition, xCondition, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xCondition.setOrder(i);
xCondition = xxPolCondDao.create(xCondition);
condition = serviceDefService.populateXXToRangerPolicyConditionDef(xCondition);
}
}
for (XXPolicyConditionDef xCondition : xxPolicyConditions) {
boolean found = false;
for (RangerPolicyConditionDef condition : policyConditions) {
if (xCondition.getItemId() != null && xCondition.getItemId().equals(condition.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXPolicyItemCondition> policyItemCondList = daoMgr.getXXPolicyItemCondition().findByPolicyConditionDefId(xCondition.getId());
if (!stringUtil.isEmpty(policyItemCondList)) {
throw restErrorUtil.createRESTException("Policy/Policies are referring to this policy-condition: " + xCondition.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE);
}
for (XXPolicyItemCondition policyItemCond : policyItemCondList) {
daoMgr.getXXPolicyItemCondition().remove(policyItemCond);
}
xxPolCondDao.remove(xCondition);
}
}
XXContextEnricherDefDao xxContextEnricherDao = daoMgr.getXXContextEnricherDef();
for (int i = 0; i < contextEnrichers.size(); i++) {
RangerContextEnricherDef context = contextEnrichers.get(i);
boolean found = false;
for (XXContextEnricherDef xContext : xxContextEnrichers) {
if (context.getItemId() != null && context.getItemId().equals(xContext.getItemId())) {
found = true;
xContext = serviceDefService.populateRangerContextEnricherDefToXX(context, xContext, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xContext.setOrder(i);
xContext = xxContextEnricherDao.update(xContext);
context = serviceDefService.populateXXToRangerContextEnricherDef(xContext);
break;
}
}
if (!found) {
XXContextEnricherDef xContext = new XXContextEnricherDef();
xContext = serviceDefService.populateRangerContextEnricherDefToXX(context, xContext, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xContext.setOrder(i);
xContext = xxContextEnricherDao.create(xContext);
context = serviceDefService.populateXXToRangerContextEnricherDef(xContext);
}
}
for (XXContextEnricherDef xContext : xxContextEnrichers) {
boolean found = false;
for (RangerContextEnricherDef context : contextEnrichers) {
if (xContext.getItemId() != null && xContext.getItemId().equals(context.getItemId())) {
found = true;
break;
}
}
if (!found) {
daoMgr.getXXContextEnricherDef().remove(xContext);
}
}
XXEnumDefDao xxEnumDefDao = daoMgr.getXXEnumDef();
for (RangerEnumDef enumDef : enums) {
boolean found = false;
for (XXEnumDef xEnumDef : xxEnums) {
if (enumDef.getItemId() != null && enumDef.getItemId().equals(xEnumDef.getItemId())) {
found = true;
xEnumDef = serviceDefService.populateRangerEnumDefToXX(enumDef, xEnumDef, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xEnumDef = xxEnumDefDao.update(xEnumDef);
XXEnumElementDefDao xEnumEleDao = daoMgr.getXXEnumElementDef();
List<XXEnumElementDef> xxEnumEleDefs = xEnumEleDao.findByEnumDefId(xEnumDef.getId());
List<RangerEnumElementDef> enumEleDefs = enumDef.getElements();
for (int i = 0; i < enumEleDefs.size(); i++) {
RangerEnumElementDef eleDef = enumEleDefs.get(i);
boolean foundEle = false;
for (XXEnumElementDef xEleDef : xxEnumEleDefs) {
if (eleDef.getItemId() != null && eleDef.getItemId().equals(xEleDef.getItemId())) {
foundEle = true;
xEleDef = serviceDefService.populateRangerEnumElementDefToXX(eleDef, xEleDef, xEnumDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xEleDef.setOrder(i);
xEleDef = xEnumEleDao.update(xEleDef);
break;
}
}
if (!foundEle) {
XXEnumElementDef xElement = new XXEnumElementDef();
xElement = serviceDefService.populateRangerEnumElementDefToXX(eleDef, xElement, xEnumDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xElement.setOrder(i);
xElement = xEnumEleDao.create(xElement);
}
}
for (XXEnumElementDef xxEleDef : xxEnumEleDefs) {
boolean foundEle = false;
for (RangerEnumElementDef enumEle : enumEleDefs) {
if (xxEleDef.getItemId() != null && xxEleDef.getItemId().equals(enumEle.getItemId())) {
foundEle = true;
break;
}
}
if (!foundEle) {
xEnumEleDao.remove(xxEleDef);
}
}
enumDef = serviceDefService.populateXXToRangerEnumDef(xEnumDef);
break;
}
}
if (!found) {
XXEnumDef xEnum = new XXEnumDef();
xEnum = serviceDefService.populateRangerEnumDefToXX(enumDef, xEnum, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xEnum = xxEnumDefDao.create(xEnum);
List<RangerEnumElementDef> elements = enumDef.getElements();
XXEnumElementDefDao xxEnumEleDefDao = daoMgr.getXXEnumElementDef();
for (RangerEnumElementDef element : elements) {
XXEnumElementDef xElement = new XXEnumElementDef();
xElement = serviceDefService.populateRangerEnumElementDefToXX(element, xElement, xEnum, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xElement = xxEnumEleDefDao.create(xElement);
}
enumDef = serviceDefService.populateXXToRangerEnumDef(xEnum);
}
}
for (XXEnumDef xEnumDef : xxEnums) {
boolean found = false;
for (RangerEnumDef enumDef : enums) {
if (xEnumDef.getItemId() != null && xEnumDef.getItemId().equals(enumDef.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXEnumElementDef> enumEleDefList = daoMgr.getXXEnumElementDef().findByEnumDefId(xEnumDef.getId());
for (XXEnumElementDef eleDef : enumEleDefList) {
daoMgr.getXXEnumElementDef().remove(eleDef);
}
xxEnumDefDao.remove(xEnumDef);
}
}
List<RangerDataMaskTypeDef> dataMasks = dataMaskDef == null || dataMaskDef.getMaskTypes() == null ? new ArrayList<RangerDataMaskTypeDef>() : dataMaskDef.getMaskTypes();
List<RangerAccessTypeDef> dataMaskAccessTypes = dataMaskDef == null || dataMaskDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : dataMaskDef.getAccessTypes();
List<RangerResourceDef> dataMaskResources = dataMaskDef == null || dataMaskDef.getResources() == null ? new ArrayList<RangerResourceDef>() : dataMaskDef.getResources();
List<RangerAccessTypeDef> rowFilterAccessTypes = rowFilterDef == null || rowFilterDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : rowFilterDef.getAccessTypes();
List<RangerResourceDef> rowFilterResources = rowFilterDef == null || rowFilterDef.getResources() == null ? new ArrayList<RangerResourceDef>() : rowFilterDef.getResources();
XXDataMaskTypeDefDao dataMaskTypeDao = daoMgr.getXXDataMaskTypeDef();
List<XXDataMaskTypeDef> xxDataMaskTypes = dataMaskTypeDao.findByServiceDefId(serviceDefId);
List<XXAccessTypeDef> xxAccessTypeDefs = xxATDDao.findByServiceDefId(serviceDefId);
List<XXResourceDef> xxResourceDefs = xxResDefDao.findByServiceDefId(serviceDefId);
// create or update dataMasks
for (int i = 0; i < dataMasks.size(); i++) {
RangerDataMaskTypeDef dataMask = dataMasks.get(i);
boolean found = false;
for (XXDataMaskTypeDef xxDataMask : xxDataMaskTypes) {
if (xxDataMask.getItemId() != null && xxDataMask.getItemId().equals(dataMask.getItemId())) {
if (LOG.isDebugEnabled()) {
LOG.debug("Updating existing dataMask with itemId=" + dataMask.getItemId());
}
found = true;
xxDataMask = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xxDataMask, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xxDataMask.setOrder(i);
xxDataMask = dataMaskTypeDao.update(xxDataMask);
dataMask = serviceDefService.populateXXToRangerDataMaskTypeDef(xxDataMask);
break;
}
}
if (!found) {
if (LOG.isDebugEnabled()) {
LOG.debug("Creating dataMask with itemId=" + dataMask.getItemId() + "");
}
XXDataMaskTypeDef xxDataMask = new XXDataMaskTypeDef();
xxDataMask = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xxDataMask, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xxDataMask.setOrder(i);
xxDataMask = dataMaskTypeDao.create(xxDataMask);
}
}
// remove dataMasks
for (XXDataMaskTypeDef xxDataMask : xxDataMaskTypes) {
boolean found = false;
for (RangerDataMaskTypeDef dataMask : dataMasks) {
if (xxDataMask.getItemId() != null && xxDataMask.getItemId().equals(dataMask.getItemId())) {
found = true;
break;
}
}
if (!found) {
if (LOG.isDebugEnabled()) {
LOG.debug("Deleting dataMask with itemId=" + xxDataMask.getItemId());
}
dataMaskTypeDao.remove(xxDataMask);
}
}
for (RangerAccessTypeDef accessType : dataMaskAccessTypes) {
if (!isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
throw restErrorUtil.createRESTException("accessType with name: " + accessType.getName() + " does not exist", MessageEnums.DATA_NOT_FOUND);
}
}
for (RangerAccessTypeDef accessType : rowFilterAccessTypes) {
if (!isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
throw restErrorUtil.createRESTException("accessType with name: " + accessType.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) {
String dataMaskOptions = null;
String rowFilterOptions = null;
for (RangerAccessTypeDef accessTypeDef : dataMaskAccessTypes) {
if (StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
break;
}
}
for (RangerAccessTypeDef accessTypeDef : rowFilterAccessTypes) {
if (StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
break;
}
}
if (!StringUtils.equals(dataMaskOptions, xxAccessTypeDef.getDataMaskOptions()) || !StringUtils.equals(rowFilterOptions, xxAccessTypeDef.getRowFilterOptions())) {
xxAccessTypeDef.setDataMaskOptions(dataMaskOptions);
xxAccessTypeDef.setRowFilterOptions(rowFilterOptions);
xxATDDao.update(xxAccessTypeDef);
}
}
for (RangerResourceDef resource : dataMaskResources) {
if (!isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: " + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (RangerResourceDef resource : rowFilterResources) {
if (!isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: " + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (XXResourceDef xxResourceDef : xxResourceDefs) {
String dataMaskOptions = null;
String rowFilterOptions = null;
for (RangerResourceDef resource : dataMaskResources) {
if (StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(resource);
break;
}
}
for (RangerResourceDef resource : rowFilterResources) {
if (StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(resource);
break;
}
}
if (!StringUtils.equals(dataMaskOptions, xxResourceDef.getDataMaskOptions()) || !StringUtils.equals(rowFilterOptions, xxResourceDef.getRowFilterOptions())) {
xxResourceDef.setDataMaskOptions(dataMaskOptions);
xxResourceDef.setRowFilterOptions(rowFilterOptions);
xxResDefDao.update(xxResourceDef);
}
}
}
Also used :
XXPolicyConditionDefDao(org.apache.ranger.db.XXPolicyConditionDefDao)
VXString(org.apache.ranger.view.VXString)
RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
XXServiceConfigDef(org.apache.ranger.entity.XXServiceConfigDef)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
RangerServiceConfigDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)
RangerDataMaskTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskTypeDef)
XXAccessTypeDefGrantsDao(org.apache.ranger.db.XXAccessTypeDefGrantsDao)
XXEnumElementDef(org.apache.ranger.entity.XXEnumElementDef)
XXPolicyResource(org.apache.ranger.entity.XXPolicyResource)
XXDataMaskTypeDefDao(org.apache.ranger.db.XXDataMaskTypeDefDao)
RangerEnumDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)
XXEnumElementDefDao(org.apache.ranger.db.XXEnumElementDefDao)
XXAccessTypeDefDao(org.apache.ranger.db.XXAccessTypeDefDao)
XXPolicyItemCondition(org.apache.ranger.entity.XXPolicyItemCondition)
XXAccessTypeDefGrants(org.apache.ranger.entity.XXAccessTypeDefGrants)
XXEnumDefDao(org.apache.ranger.db.XXEnumDefDao)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
XXResourceDefDao(org.apache.ranger.db.XXResourceDefDao)
RangerEnumElementDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
RangerAccessTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)
RangerContextEnricherDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)
XXPolicyItemAccess(org.apache.ranger.entity.XXPolicyItemAccess)
XXEnumDef(org.apache.ranger.entity.XXEnumDef)
XXServiceConfigDefDao(org.apache.ranger.db.XXServiceConfigDefDao)
XXContextEnricherDef(org.apache.ranger.entity.XXContextEnricherDef)
XXContextEnricherDefDao(org.apache.ranger.db.XXContextEnricherDefDao)
Example 4 with XXPolicyItemCondition
use of org.apache.ranger.entity.XXPolicyItemCondition in project ranger by apache.
the class ServiceDBStore method createNewPolicyItemForPolicy.
private XXPolicyItem createNewPolicyItemForPolicy(RangerPolicy policy, XXPolicy xPolicy, RangerPolicyItem policyItem, XXServiceDef xServiceDef, int itemOrder, int policyItemType) throws Exception {
XXPolicyItem xPolicyItem = new XXPolicyItem();
xPolicyItem = rangerAuditFields.populateAuditFields(xPolicyItem, xPolicy);
xPolicyItem.setDelegateAdmin(policyItem.getDelegateAdmin());
xPolicyItem.setItemType(policyItemType);
xPolicyItem.setIsEnabled(Boolean.TRUE);
xPolicyItem.setComments(null);
xPolicyItem.setPolicyId(policy.getId());
xPolicyItem.setOrder(itemOrder);
xPolicyItem = daoMgr.getXXPolicyItem().create(xPolicyItem);
List<RangerPolicyItemAccess> accesses = policyItem.getAccesses();
for (int i = 0; i < accesses.size(); i++) {
RangerPolicyItemAccess access = accesses.get(i);
XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef().findByNameAndServiceId(access.getType(), xPolicy.getService());
if (xAccTypeDef == null) {
throw new Exception(access.getType() + ": is not a valid access-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyItemAccess xPolItemAcc = new XXPolicyItemAccess();
xPolItemAcc = (XXPolicyItemAccess) rangerAuditFields.populateAuditFields(xPolItemAcc, xPolicyItem);
xPolItemAcc.setIsAllowed(access.getIsAllowed());
xPolItemAcc.setType(xAccTypeDef.getId());
xPolItemAcc.setPolicyitemid(xPolicyItem.getId());
xPolItemAcc.setOrder(i);
daoMgr.getXXPolicyItemAccess().create(xPolItemAcc);
}
List<String> users = policyItem.getUsers();
for (int i = 0; i < users.size(); i++) {
String user = users.get(i);
if (StringUtils.isBlank(user)) {
continue;
}
XXUser xUser = daoMgr.getXXUser().findByUserName(user);
if (xUser == null) {
throw new Exception(user + ": user does not exist. policy='" + policy.getName() + "' service='" + policy.getService() + "' user='" + user + "'");
}
XXPolicyItemUserPerm xUserPerm = new XXPolicyItemUserPerm();
xUserPerm = rangerAuditFields.populateAuditFields(xUserPerm, xPolicyItem);
xUserPerm.setUserId(xUser.getId());
xUserPerm.setPolicyItemId(xPolicyItem.getId());
xUserPerm.setOrder(i);
xUserPerm = daoMgr.getXXPolicyItemUserPerm().create(xUserPerm);
}
List<String> groups = policyItem.getGroups();
for (int i = 0; i < groups.size(); i++) {
String group = groups.get(i);
if (StringUtils.isBlank(group)) {
continue;
}
XXGroup xGrp = daoMgr.getXXGroup().findByGroupName(group);
if (xGrp == null) {
throw new Exception(group + ": group does not exist. policy='" + policy.getName() + "' service='" + policy.getService() + "' group='" + group + "'");
}
XXPolicyItemGroupPerm xGrpPerm = new XXPolicyItemGroupPerm();
xGrpPerm = rangerAuditFields.populateAuditFields(xGrpPerm, xPolicyItem);
xGrpPerm.setGroupId(xGrp.getId());
xGrpPerm.setPolicyItemId(xPolicyItem.getId());
xGrpPerm.setOrder(i);
xGrpPerm = daoMgr.getXXPolicyItemGroupPerm().create(xGrpPerm);
}
List<RangerPolicyItemCondition> conditions = policyItem.getConditions();
for (RangerPolicyItemCondition condition : conditions) {
XXPolicyConditionDef xPolCond = daoMgr.getXXPolicyConditionDef().findByServiceDefIdAndName(xServiceDef.getId(), condition.getType());
if (xPolCond == null) {
throw new Exception(condition.getType() + ": is not a valid condition-type. policy='" + xPolicy.getName() + "' service='" + xPolicy.getService() + "'");
}
for (int i = 0; i < condition.getValues().size(); i++) {
String value = condition.getValues().get(i);
XXPolicyItemCondition xPolItemCond = new XXPolicyItemCondition();
xPolItemCond = rangerAuditFields.populateAuditFields(xPolItemCond, xPolicyItem);
xPolItemCond.setPolicyItemId(xPolicyItem.getId());
xPolItemCond.setType(xPolCond.getId());
xPolItemCond.setValue(value);
xPolItemCond.setOrder(i);
daoMgr.getXXPolicyItemCondition().create(xPolItemCond);
}
}
return xPolicyItem;
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXPolicyItemGroupPerm(org.apache.ranger.entity.XXPolicyItemGroupPerm)
XXPolicyItemUserPerm(org.apache.ranger.entity.XXPolicyItemUserPerm)
VXString(org.apache.ranger.view.VXString)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
JSONException(org.codehaus.jettison.json.JSONException)
XXPolicyItemCondition(org.apache.ranger.entity.XXPolicyItemCondition)
XXPolicyItem(org.apache.ranger.entity.XXPolicyItem)
XXPolicyItemAccess(org.apache.ranger.entity.XXPolicyItemAccess)
XXGroup(org.apache.ranger.entity.XXGroup)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
Aggregations
XXPolicyItemCondition (org.apache.ranger.entity.XXPolicyItemCondition)4
XXAccessTypeDef (org.apache.ranger.entity.XXAccessTypeDef)3
XXPolicyConditionDef (org.apache.ranger.entity.XXPolicyConditionDef)3
XXPolicyItemAccess (org.apache.ranger.entity.XXPolicyItemAccess)3
XXContextEnricherDefDao (org.apache.ranger.db.XXContextEnricherDefDao)2
XXDataMaskTypeDefDao (org.apache.ranger.db.XXDataMaskTypeDefDao)2
XXEnumDefDao (org.apache.ranger.db.XXEnumDefDao)2
XXPolicyConditionDefDao (org.apache.ranger.db.XXPolicyConditionDefDao)2
XXServiceConfigDefDao (org.apache.ranger.db.XXServiceConfigDefDao)2
XXContextEnricherDef (org.apache.ranger.entity.XXContextEnricherDef)2
XXDataMaskTypeDef (org.apache.ranger.entity.XXDataMaskTypeDef)2
XXEnumDef (org.apache.ranger.entity.XXEnumDef)2
XXEnumElementDef (org.apache.ranger.entity.XXEnumElementDef)2
XXPolicyItem (org.apache.ranger.entity.XXPolicyItem)2
XXPolicyItemGroupPerm (org.apache.ranger.entity.XXPolicyItemGroupPerm)2
XXPolicyItemUserPerm (org.apache.ranger.entity.XXPolicyItemUserPerm)2
XXResourceDef (org.apache.ranger.entity.XXResourceDef)2
XXServiceConfigDef (org.apache.ranger.entity.XXServiceConfigDef)2
VXString (org.apache.ranger.view.VXString)2
IOException (java.io.IOException)1
