Example 1 with XXPolicyRefCondition
use of org.apache.ranger.entity.XXPolicyRefCondition in project ranger by apache.
the class ServiceDBStore method deleteServiceDef.
public void deleteServiceDef(Long serviceDefId, Boolean forceDelete) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.deleteServiceDef(" + serviceDefId + ", " + forceDelete + ")");
}
bizUtil.blockAuditorRoleUser();
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session == null) {
throw restErrorUtil.createRESTException("UserSession cannot be null, only Admin can update service-def", MessageEnums.OPER_NO_PERMISSION);
}
if (!session.isKeyAdmin() && !session.isUserAdmin()) {
throw restErrorUtil.createRESTException("User is not allowed to update service-def, only Admin can update service-def", MessageEnums.OPER_NO_PERMISSION);
}
RangerServiceDef serviceDef = getServiceDef(serviceDefId);
if (serviceDef == null) {
throw restErrorUtil.createRESTException("No Service Definiton found for Id: " + serviceDefId, MessageEnums.DATA_NOT_FOUND);
}
List<XXService> serviceList = daoMgr.getXXService().findByServiceDefId(serviceDefId);
if (!forceDelete) {
if (CollectionUtils.isNotEmpty(serviceList)) {
throw restErrorUtil.createRESTException("Services exists under given service definition, can't delete Service-Def: " + serviceDef.getName(), MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
}
if (CollectionUtils.isNotEmpty(serviceList)) {
for (XXService service : serviceList) {
deleteService(service.getId());
}
}
XXDataMaskTypeDefDao dataMaskDao = daoMgr.getXXDataMaskTypeDef();
List<XXDataMaskTypeDef> dataMaskDefs = dataMaskDao.findByServiceDefId(serviceDefId);
for (XXDataMaskTypeDef dataMaskDef : dataMaskDefs) {
dataMaskDao.remove(dataMaskDef);
}
List<XXAccessTypeDef> accTypeDefs = daoMgr.getXXAccessTypeDef().findByServiceDefId(serviceDefId);
for (XXAccessTypeDef accessType : accTypeDefs) {
deleteXXAccessTypeDef(accessType);
}
XXContextEnricherDefDao xContextEnricherDao = daoMgr.getXXContextEnricherDef();
List<XXContextEnricherDef> contextEnrichers = xContextEnricherDao.findByServiceDefId(serviceDefId);
for (XXContextEnricherDef context : contextEnrichers) {
xContextEnricherDao.remove(context);
}
XXEnumDefDao enumDefDao = daoMgr.getXXEnumDef();
List<XXEnumDef> enumDefList = enumDefDao.findByServiceDefId(serviceDefId);
for (XXEnumDef enumDef : enumDefList) {
List<XXEnumElementDef> enumEleDefList = daoMgr.getXXEnumElementDef().findByEnumDefId(enumDef.getId());
for (XXEnumElementDef eleDef : enumEleDefList) {
daoMgr.getXXEnumElementDef().remove(eleDef);
}
enumDefDao.remove(enumDef);
}
XXPolicyConditionDefDao policyCondDao = daoMgr.getXXPolicyConditionDef();
List<XXPolicyConditionDef> policyCondList = policyCondDao.findByServiceDefId(serviceDefId);
for (XXPolicyConditionDef policyCond : policyCondList) {
List<XXPolicyRefCondition> xxPolicyRefConditions = daoMgr.getXXPolicyRefCondition().findByConditionDefId(policyCond.getId());
for (XXPolicyRefCondition XXPolicyRefCondition : xxPolicyRefConditions) {
daoMgr.getXXPolicyRefCondition().remove(XXPolicyRefCondition);
}
policyCondDao.remove(policyCond);
}
List<XXResourceDef> resDefList = daoMgr.getXXResourceDef().findByServiceDefId(serviceDefId);
for (XXResourceDef resDef : resDefList) {
deleteXXResourceDef(resDef);
}
XXServiceConfigDefDao configDefDao = daoMgr.getXXServiceConfigDef();
List<XXServiceConfigDef> configDefList = configDefDao.findByServiceDefId(serviceDefId);
for (XXServiceConfigDef configDef : configDefList) {
configDefDao.remove(configDef);
}
Long version = serviceDef.getVersion();
if (version == null) {
version = Long.valueOf(1);
LOG.info("Found Version Value: `null`, so setting value of version to 1, While updating object, version should not be null.");
} else {
version = Long.valueOf(version.longValue() + 1);
}
serviceDef.setVersion(version);
serviceDefService.delete(serviceDef);
LOG.info("ServiceDefinition has been deleted successfully. Service-Def Name: " + serviceDef.getName());
dataHistService.createObjectDataHistory(serviceDef, RangerDataHistService.ACTION_DELETE);
postDelete(serviceDef);
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.deleteServiceDef(" + serviceDefId + ", " + forceDelete + ")");
}
}
Also used :
XXDataMaskTypeDefDao(org.apache.ranger.db.XXDataMaskTypeDefDao)
XXPolicyConditionDefDao(org.apache.ranger.db.XXPolicyConditionDefDao)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
XXEnumDefDao(org.apache.ranger.db.XXEnumDefDao)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXPolicyRefCondition(org.apache.ranger.entity.XXPolicyRefCondition)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
XXServiceConfigDef(org.apache.ranger.entity.XXServiceConfigDef)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
XXEnumElementDef(org.apache.ranger.entity.XXEnumElementDef)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
XXEnumDef(org.apache.ranger.entity.XXEnumDef)
XXService(org.apache.ranger.entity.XXService)
XXServiceConfigDefDao(org.apache.ranger.db.XXServiceConfigDefDao)
XXContextEnricherDef(org.apache.ranger.entity.XXContextEnricherDef)
XXContextEnricherDefDao(org.apache.ranger.db.XXContextEnricherDefDao)
Example 2 with XXPolicyRefCondition
use of org.apache.ranger.entity.XXPolicyRefCondition in project ranger by apache.
the class PatchForMigratingOldRegimePolicyJson_J10046 method addPolicyConditionDefRef.
private void addPolicyConditionDefRef(String serviceType, Long policyId, Set<String> conditions) throws Exception {
logger.info("==> addPolicyConditionDefRef(id=" + policyId + ")");
// insert policy-id, conditionName into Ref table
Map<String, Long> serviceDefConditionNameIDMap = conditionNameIdMap.get(serviceType);
if (serviceDefConditionNameIDMap == null) {
serviceDefConditionNameIDMap = new HashMap<>();
conditionNameIdMap.put(serviceType, serviceDefConditionNameIDMap);
XXServiceDef dbServiceDef = daoMgr.getXXServiceDef().findByName(serviceType);
for (XXPolicyConditionDef conditionDef : daoMgr.getXXPolicyConditionDef().findByServiceDefId(dbServiceDef.getId())) {
serviceDefConditionNameIDMap.put(conditionDef.getName(), conditionDef.getId());
}
}
XXPolicyRefConditionDao policyRefConditionDao = daoMgr.getXXPolicyRefCondition();
for (String condition : conditions) {
Long conditionDefId = serviceDefConditionNameIDMap.get(condition);
if (conditionDefId == null) {
throw new Exception(condition + ": unknown condition in policy [id=" + policyId + "; serviceType=" + serviceType + "]. Known conditions are: " + serviceDefConditionNameIDMap.keySet());
}
XXPolicyRefCondition policyRefCondition = new XXPolicyRefCondition();
policyRefCondition.setPolicyId(policyId);
policyRefCondition.setConditionName(condition);
policyRefCondition.setConditionDefId(conditionDefId);
policyRefConditionDao.create(policyRefCondition);
}
logger.info("<== addPolicyConditionDefRef(id=" + policyId + ")");
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXPolicyRefCondition(org.apache.ranger.entity.XXPolicyRefCondition)
XXPolicyRefConditionDao(org.apache.ranger.db.XXPolicyRefConditionDao)
Example 3 with XXPolicyRefCondition
use of org.apache.ranger.entity.XXPolicyRefCondition in project ranger by apache.
the class PatchForUpdatingPolicyJson_J10019 method addPolicyConditionDefRef.
private void addPolicyConditionDefRef(String serviceType, Long policyId, Set<String> conditions) throws Exception {
logger.info("==> addPolicyConditionDefRef(id=" + policyId + ")");
// insert policy-id, conditionName into Ref table
Map<String, Long> serviceDefConditionNameIDMap = conditionNameIdMap.get(serviceType);
if (serviceDefConditionNameIDMap == null) {
serviceDefConditionNameIDMap = new HashMap<>();
conditionNameIdMap.put(serviceType, serviceDefConditionNameIDMap);
XXServiceDef dbServiceDef = daoMgr.getXXServiceDef().findByName(serviceType);
for (XXPolicyConditionDef conditionDef : daoMgr.getXXPolicyConditionDef().findByServiceDefId(dbServiceDef.getId())) {
serviceDefConditionNameIDMap.put(conditionDef.getName(), conditionDef.getId());
}
}
XXPolicyRefConditionDao policyRefConditionDao = daoMgr.getXXPolicyRefCondition();
for (String condition : conditions) {
Long conditionDefId = serviceDefConditionNameIDMap.get(condition);
if (conditionDefId == null) {
throw new Exception(condition + ": unknown condition in policy [id=" + policyId + "; serviceType=" + serviceType + "]. Known conditions are: " + serviceDefConditionNameIDMap.keySet());
}
XXPolicyRefCondition policyRefCondition = new XXPolicyRefCondition();
policyRefCondition.setPolicyId(policyId);
policyRefCondition.setConditionName(condition);
policyRefCondition.setConditionDefId(conditionDefId);
policyRefConditionDao.create(policyRefCondition);
}
logger.info("<== addPolicyConditionDefRef(id=" + policyId + ")");
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXPolicyRefCondition(org.apache.ranger.entity.XXPolicyRefCondition)
XXPolicyRefConditionDao(org.apache.ranger.db.XXPolicyRefConditionDao)
Example 4 with XXPolicyRefCondition
use of org.apache.ranger.entity.XXPolicyRefCondition in project ranger by apache.
the class ServiceDBStore method updateChildObjectsOfServiceDef.
private void updateChildObjectsOfServiceDef(XXServiceDef createdSvcDef, List<RangerServiceConfigDef> configs, List<RangerResourceDef> resources, List<RangerAccessTypeDef> accessTypes, List<RangerPolicyConditionDef> policyConditions, List<RangerContextEnricherDef> contextEnrichers, List<RangerEnumDef> enums, RangerDataMaskDef dataMaskDef, RangerRowFilterDef rowFilterDef) {
Long serviceDefId = createdSvcDef.getId();
List<XXServiceConfigDef> xxConfigs = daoMgr.getXXServiceConfigDef().findByServiceDefId(serviceDefId);
List<XXResourceDef> xxResources = daoMgr.getXXResourceDef().findByServiceDefId(serviceDefId);
List<XXAccessTypeDef> xxAccessTypes = daoMgr.getXXAccessTypeDef().findByServiceDefId(serviceDefId);
List<XXPolicyConditionDef> xxPolicyConditions = daoMgr.getXXPolicyConditionDef().findByServiceDefId(serviceDefId);
List<XXContextEnricherDef> xxContextEnrichers = daoMgr.getXXContextEnricherDef().findByServiceDefId(serviceDefId);
List<XXEnumDef> xxEnums = daoMgr.getXXEnumDef().findByServiceDefId(serviceDefId);
XXServiceConfigDefDao xxServiceConfigDao = daoMgr.getXXServiceConfigDef();
for (int i = 0; i < configs.size(); i++) {
RangerServiceConfigDef config = configs.get(i);
boolean found = false;
for (XXServiceConfigDef xConfig : xxConfigs) {
if (config.getItemId() != null && config.getItemId().equals(xConfig.getItemId())) {
found = true;
xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xConfig.setOrder(i);
xConfig = xxServiceConfigDao.update(xConfig);
config = serviceDefService.populateXXToRangerServiceConfigDef(xConfig);
break;
}
}
if (!found) {
XXServiceConfigDef xConfig = new XXServiceConfigDef();
xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xConfig.setOrder(i);
xConfig = xxServiceConfigDao.create(xConfig);
config = serviceDefService.populateXXToRangerServiceConfigDef(xConfig);
}
}
for (XXServiceConfigDef xConfig : xxConfigs) {
boolean found = false;
for (RangerServiceConfigDef config : configs) {
if (xConfig.getItemId() != null && xConfig.getItemId().equals(config.getItemId())) {
found = true;
break;
}
}
if (!found) {
xxServiceConfigDao.remove(xConfig);
}
}
XXResourceDefDao xxResDefDao = daoMgr.getXXResourceDef();
for (RangerResourceDef resource : resources) {
boolean found = false;
for (XXResourceDef xRes : xxResources) {
if (resource.getItemId() != null && resource.getItemId().equals(xRes.getItemId())) {
found = true;
xRes = serviceDefService.populateRangerResourceDefToXX(resource, xRes, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xxResDefDao.update(xRes);
resource = serviceDefService.populateXXToRangerResourceDef(xRes);
break;
}
}
if (!found) {
XXResourceDef parent = xxResDefDao.findByNameAndServiceDefId(resource.getParent(), serviceDefId);
Long parentId = (parent != null) ? parent.getId() : null;
XXResourceDef xResource = new XXResourceDef();
xResource = serviceDefService.populateRangerResourceDefToXX(resource, xResource, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xResource.setParent(parentId);
xResource = xxResDefDao.create(xResource);
}
}
for (XXResourceDef xRes : xxResources) {
boolean found = false;
for (RangerResourceDef resource : resources) {
if (xRes.getItemId() != null && xRes.getItemId().equals(resource.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXPolicyRefResource> xxPolicyRefResource = daoMgr.getXXPolicyRefResource().findByResourceDefID(xRes.getId());
if (!stringUtil.isEmpty(xxPolicyRefResource)) {
throw restErrorUtil.createRESTException("Policy/Policies are referring to this resource: " + xRes.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE);
}
deleteXXResourceDef(xRes);
}
}
XXAccessTypeDefDao xxATDDao = daoMgr.getXXAccessTypeDef();
for (int i = 0; i < accessTypes.size(); i++) {
RangerAccessTypeDef access = accessTypes.get(i);
boolean found = false;
for (XXAccessTypeDef xAccess : xxAccessTypes) {
if (access.getItemId() != null && access.getItemId().equals(xAccess.getItemId())) {
found = true;
xAccess = serviceDefService.populateRangerAccessTypeDefToXX(access, xAccess, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xAccess.setOrder(i);
xAccess = xxATDDao.update(xAccess);
Collection<String> impliedGrants = access.getImpliedGrants();
XXAccessTypeDefGrantsDao xxATDGrantDao = daoMgr.getXXAccessTypeDefGrants();
List<String> xxImpliedGrants = xxATDGrantDao.findImpliedGrantsByATDId(xAccess.getId());
for (String impliedGrant : impliedGrants) {
boolean foundGrant = false;
for (String xImpliedGrant : xxImpliedGrants) {
if (StringUtils.equalsIgnoreCase(impliedGrant, xImpliedGrant)) {
foundGrant = true;
break;
}
}
if (!foundGrant) {
XXAccessTypeDefGrants xImpliedGrant = new XXAccessTypeDefGrants();
xImpliedGrant.setAtdId(xAccess.getId());
xImpliedGrant.setImpliedGrant(impliedGrant);
xImpliedGrant = xxATDGrantDao.create(xImpliedGrant);
}
}
for (String xImpliedGrant : xxImpliedGrants) {
boolean foundGrant = false;
for (String impliedGrant : impliedGrants) {
if (StringUtils.equalsIgnoreCase(xImpliedGrant, impliedGrant)) {
foundGrant = true;
break;
}
}
if (!foundGrant) {
XXAccessTypeDefGrants xATDGrant = xxATDGrantDao.findByNameAndATDId(xAccess.getId(), xImpliedGrant);
xxATDGrantDao.remove(xATDGrant);
}
}
access = serviceDefService.populateXXToRangerAccessTypeDef(xAccess);
break;
}
}
if (!found) {
XXAccessTypeDef xAccessType = new XXAccessTypeDef();
xAccessType = serviceDefService.populateRangerAccessTypeDefToXX(access, xAccessType, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xAccessType.setOrder(i);
xAccessType = xxATDDao.create(xAccessType);
Collection<String> impliedGrants = access.getImpliedGrants();
XXAccessTypeDefGrantsDao xxATDGrantDao = daoMgr.getXXAccessTypeDefGrants();
for (String impliedGrant : impliedGrants) {
XXAccessTypeDefGrants xImpliedGrant = new XXAccessTypeDefGrants();
xImpliedGrant.setAtdId(xAccessType.getId());
xImpliedGrant.setImpliedGrant(impliedGrant);
xImpliedGrant = xxATDGrantDao.create(xImpliedGrant);
}
access = serviceDefService.populateXXToRangerAccessTypeDef(xAccessType);
}
}
for (XXAccessTypeDef xAccess : xxAccessTypes) {
boolean found = false;
for (RangerAccessTypeDef access : accessTypes) {
if (xAccess.getItemId() != null && xAccess.getItemId().equals(access.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXPolicyRefAccessType> policyRefAccessTypeList = daoMgr.getXXPolicyRefAccessType().findByAccessTypeDefId(xAccess.getId());
if (!stringUtil.isEmpty(policyRefAccessTypeList)) {
throw restErrorUtil.createRESTException("Policy/Policies are referring to this access-type: " + xAccess.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE);
}
deleteXXAccessTypeDef(xAccess);
}
}
XXPolicyConditionDefDao xxPolCondDao = daoMgr.getXXPolicyConditionDef();
for (int i = 0; i < policyConditions.size(); i++) {
RangerPolicyConditionDef condition = policyConditions.get(i);
boolean found = false;
for (XXPolicyConditionDef xCondition : xxPolicyConditions) {
if (condition.getItemId() != null && condition.getItemId().equals(xCondition.getItemId())) {
found = true;
xCondition = serviceDefService.populateRangerPolicyConditionDefToXX(condition, xCondition, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xCondition.setOrder(i);
xCondition = xxPolCondDao.update(xCondition);
condition = serviceDefService.populateXXToRangerPolicyConditionDef(xCondition);
break;
}
}
if (!found) {
XXPolicyConditionDef xCondition = new XXPolicyConditionDef();
xCondition = serviceDefService.populateRangerPolicyConditionDefToXX(condition, xCondition, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xCondition.setOrder(i);
xCondition = xxPolCondDao.create(xCondition);
condition = serviceDefService.populateXXToRangerPolicyConditionDef(xCondition);
}
}
for (XXPolicyConditionDef xCondition : xxPolicyConditions) {
boolean found = false;
for (RangerPolicyConditionDef condition : policyConditions) {
if (xCondition.getItemId() != null && xCondition.getItemId().equals(condition.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXPolicyRefCondition> xxPolicyRefConditions = daoMgr.getXXPolicyRefCondition().findByConditionDefId(xCondition.getId());
if (!stringUtil.isEmpty(xxPolicyRefConditions)) {
throw restErrorUtil.createRESTException("Policy/Policies are referring to this policy-condition: " + xCondition.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE);
}
for (XXPolicyRefCondition xxPolicyRefCondition : xxPolicyRefConditions) {
daoMgr.getXXPolicyRefCondition().remove(xxPolicyRefCondition);
}
xxPolCondDao.remove(xCondition);
}
}
XXContextEnricherDefDao xxContextEnricherDao = daoMgr.getXXContextEnricherDef();
for (int i = 0; i < contextEnrichers.size(); i++) {
RangerContextEnricherDef context = contextEnrichers.get(i);
boolean found = false;
for (XXContextEnricherDef xContext : xxContextEnrichers) {
if (context.getItemId() != null && context.getItemId().equals(xContext.getItemId())) {
found = true;
xContext = serviceDefService.populateRangerContextEnricherDefToXX(context, xContext, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xContext.setOrder(i);
xContext = xxContextEnricherDao.update(xContext);
context = serviceDefService.populateXXToRangerContextEnricherDef(xContext);
break;
}
}
if (!found) {
XXContextEnricherDef xContext = new XXContextEnricherDef();
xContext = serviceDefService.populateRangerContextEnricherDefToXX(context, xContext, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xContext.setOrder(i);
xContext = xxContextEnricherDao.create(xContext);
context = serviceDefService.populateXXToRangerContextEnricherDef(xContext);
}
}
for (XXContextEnricherDef xContext : xxContextEnrichers) {
boolean found = false;
for (RangerContextEnricherDef context : contextEnrichers) {
if (xContext.getItemId() != null && xContext.getItemId().equals(context.getItemId())) {
found = true;
break;
}
}
if (!found) {
daoMgr.getXXContextEnricherDef().remove(xContext);
}
}
XXEnumDefDao xxEnumDefDao = daoMgr.getXXEnumDef();
for (RangerEnumDef enumDef : enums) {
boolean found = false;
for (XXEnumDef xEnumDef : xxEnums) {
if (enumDef.getItemId() != null && enumDef.getItemId().equals(xEnumDef.getItemId())) {
found = true;
xEnumDef = serviceDefService.populateRangerEnumDefToXX(enumDef, xEnumDef, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xEnumDef = xxEnumDefDao.update(xEnumDef);
XXEnumElementDefDao xEnumEleDao = daoMgr.getXXEnumElementDef();
List<XXEnumElementDef> xxEnumEleDefs = xEnumEleDao.findByEnumDefId(xEnumDef.getId());
List<RangerEnumElementDef> enumEleDefs = enumDef.getElements();
for (int i = 0; i < enumEleDefs.size(); i++) {
RangerEnumElementDef eleDef = enumEleDefs.get(i);
boolean foundEle = false;
for (XXEnumElementDef xEleDef : xxEnumEleDefs) {
if (eleDef.getItemId() != null && eleDef.getItemId().equals(xEleDef.getItemId())) {
foundEle = true;
xEleDef = serviceDefService.populateRangerEnumElementDefToXX(eleDef, xEleDef, xEnumDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xEleDef.setOrder(i);
xEleDef = xEnumEleDao.update(xEleDef);
break;
}
}
if (!foundEle) {
XXEnumElementDef xElement = new XXEnumElementDef();
xElement = serviceDefService.populateRangerEnumElementDefToXX(eleDef, xElement, xEnumDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xElement.setOrder(i);
xElement = xEnumEleDao.create(xElement);
}
}
for (XXEnumElementDef xxEleDef : xxEnumEleDefs) {
boolean foundEle = false;
for (RangerEnumElementDef enumEle : enumEleDefs) {
if (xxEleDef.getItemId() != null && xxEleDef.getItemId().equals(enumEle.getItemId())) {
foundEle = true;
break;
}
}
if (!foundEle) {
xEnumEleDao.remove(xxEleDef);
}
}
enumDef = serviceDefService.populateXXToRangerEnumDef(xEnumDef);
break;
}
}
if (!found) {
XXEnumDef xEnum = new XXEnumDef();
xEnum = serviceDefService.populateRangerEnumDefToXX(enumDef, xEnum, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xEnum = xxEnumDefDao.create(xEnum);
List<RangerEnumElementDef> elements = enumDef.getElements();
XXEnumElementDefDao xxEnumEleDefDao = daoMgr.getXXEnumElementDef();
for (RangerEnumElementDef element : elements) {
XXEnumElementDef xElement = new XXEnumElementDef();
xElement = serviceDefService.populateRangerEnumElementDefToXX(element, xElement, xEnum, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xElement = xxEnumEleDefDao.create(xElement);
}
enumDef = serviceDefService.populateXXToRangerEnumDef(xEnum);
}
}
for (XXEnumDef xEnumDef : xxEnums) {
boolean found = false;
for (RangerEnumDef enumDef : enums) {
if (xEnumDef.getItemId() != null && xEnumDef.getItemId().equals(enumDef.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXEnumElementDef> enumEleDefList = daoMgr.getXXEnumElementDef().findByEnumDefId(xEnumDef.getId());
for (XXEnumElementDef eleDef : enumEleDefList) {
daoMgr.getXXEnumElementDef().remove(eleDef);
}
xxEnumDefDao.remove(xEnumDef);
}
}
List<RangerDataMaskTypeDef> dataMasks = dataMaskDef == null || dataMaskDef.getMaskTypes() == null ? new ArrayList<RangerDataMaskTypeDef>() : dataMaskDef.getMaskTypes();
List<RangerAccessTypeDef> dataMaskAccessTypes = dataMaskDef == null || dataMaskDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : dataMaskDef.getAccessTypes();
List<RangerResourceDef> dataMaskResources = dataMaskDef == null || dataMaskDef.getResources() == null ? new ArrayList<RangerResourceDef>() : dataMaskDef.getResources();
List<RangerAccessTypeDef> rowFilterAccessTypes = rowFilterDef == null || rowFilterDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : rowFilterDef.getAccessTypes();
List<RangerResourceDef> rowFilterResources = rowFilterDef == null || rowFilterDef.getResources() == null ? new ArrayList<RangerResourceDef>() : rowFilterDef.getResources();
XXDataMaskTypeDefDao dataMaskTypeDao = daoMgr.getXXDataMaskTypeDef();
List<XXDataMaskTypeDef> xxDataMaskTypes = dataMaskTypeDao.findByServiceDefId(serviceDefId);
List<XXAccessTypeDef> xxAccessTypeDefs = xxATDDao.findByServiceDefId(serviceDefId);
List<XXResourceDef> xxResourceDefs = xxResDefDao.findByServiceDefId(serviceDefId);
// create or update dataMasks
for (int i = 0; i < dataMasks.size(); i++) {
RangerDataMaskTypeDef dataMask = dataMasks.get(i);
boolean found = false;
for (XXDataMaskTypeDef xxDataMask : xxDataMaskTypes) {
if (xxDataMask.getItemId() != null && xxDataMask.getItemId().equals(dataMask.getItemId())) {
if (LOG.isDebugEnabled()) {
LOG.debug("Updating existing dataMask with itemId=" + dataMask.getItemId());
}
found = true;
xxDataMask = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xxDataMask, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xxDataMask.setOrder(i);
xxDataMask = dataMaskTypeDao.update(xxDataMask);
dataMask = serviceDefService.populateXXToRangerDataMaskTypeDef(xxDataMask);
break;
}
}
if (!found) {
if (LOG.isDebugEnabled()) {
LOG.debug("Creating dataMask with itemId=" + dataMask.getItemId() + "");
}
XXDataMaskTypeDef xxDataMask = new XXDataMaskTypeDef();
xxDataMask = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xxDataMask, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xxDataMask.setOrder(i);
xxDataMask = dataMaskTypeDao.create(xxDataMask);
}
}
// remove dataMasks
for (XXDataMaskTypeDef xxDataMask : xxDataMaskTypes) {
boolean found = false;
for (RangerDataMaskTypeDef dataMask : dataMasks) {
if (xxDataMask.getItemId() != null && xxDataMask.getItemId().equals(dataMask.getItemId())) {
found = true;
break;
}
}
if (!found) {
if (LOG.isDebugEnabled()) {
LOG.debug("Deleting dataMask with itemId=" + xxDataMask.getItemId());
}
dataMaskTypeDao.remove(xxDataMask);
}
}
for (RangerAccessTypeDef accessType : dataMaskAccessTypes) {
if (!isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
throw restErrorUtil.createRESTException("accessType with name: " + accessType.getName() + " does not exist", MessageEnums.DATA_NOT_FOUND);
}
}
for (RangerAccessTypeDef accessType : rowFilterAccessTypes) {
if (!isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
throw restErrorUtil.createRESTException("accessType with name: " + accessType.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) {
String dataMaskOptions = null;
String rowFilterOptions = null;
for (RangerAccessTypeDef accessTypeDef : dataMaskAccessTypes) {
if (StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
break;
}
}
for (RangerAccessTypeDef accessTypeDef : rowFilterAccessTypes) {
if (StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
break;
}
}
if (!StringUtils.equals(dataMaskOptions, xxAccessTypeDef.getDataMaskOptions()) || !StringUtils.equals(rowFilterOptions, xxAccessTypeDef.getRowFilterOptions())) {
xxAccessTypeDef.setDataMaskOptions(dataMaskOptions);
xxAccessTypeDef.setRowFilterOptions(rowFilterOptions);
xxATDDao.update(xxAccessTypeDef);
}
}
for (RangerResourceDef resource : dataMaskResources) {
if (!isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: " + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (RangerResourceDef resource : rowFilterResources) {
if (!isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: " + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (XXResourceDef xxResourceDef : xxResourceDefs) {
String dataMaskOptions = null;
String rowFilterOptions = null;
for (RangerResourceDef resource : dataMaskResources) {
if (StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(resource);
break;
}
}
for (RangerResourceDef resource : rowFilterResources) {
if (StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(resource);
break;
}
}
if (!StringUtils.equals(dataMaskOptions, xxResourceDef.getDataMaskOptions()) || !StringUtils.equals(rowFilterOptions, xxResourceDef.getRowFilterOptions())) {
xxResourceDef.setDataMaskOptions(dataMaskOptions);
xxResourceDef.setRowFilterOptions(rowFilterOptions);
xxResDefDao.update(xxResourceDef);
}
}
}
Also used :
XXPolicyConditionDefDao(org.apache.ranger.db.XXPolicyConditionDefDao)
VXString(org.apache.ranger.view.VXString)
RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXPolicyRefCondition(org.apache.ranger.entity.XXPolicyRefCondition)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
XXServiceConfigDef(org.apache.ranger.entity.XXServiceConfigDef)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
RangerServiceConfigDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)
RangerDataMaskTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskTypeDef)
XXAccessTypeDefGrantsDao(org.apache.ranger.db.XXAccessTypeDefGrantsDao)
XXPolicyRefAccessType(org.apache.ranger.entity.XXPolicyRefAccessType)
XXEnumElementDef(org.apache.ranger.entity.XXEnumElementDef)
XXPolicyRefResource(org.apache.ranger.entity.XXPolicyRefResource)
XXDataMaskTypeDefDao(org.apache.ranger.db.XXDataMaskTypeDefDao)
RangerEnumDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)
XXEnumElementDefDao(org.apache.ranger.db.XXEnumElementDefDao)
XXAccessTypeDefDao(org.apache.ranger.db.XXAccessTypeDefDao)
XXAccessTypeDefGrants(org.apache.ranger.entity.XXAccessTypeDefGrants)
XXEnumDefDao(org.apache.ranger.db.XXEnumDefDao)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
XXResourceDefDao(org.apache.ranger.db.XXResourceDefDao)
RangerEnumElementDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
RangerAccessTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)
RangerContextEnricherDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)
XXEnumDef(org.apache.ranger.entity.XXEnumDef)
XXServiceConfigDefDao(org.apache.ranger.db.XXServiceConfigDefDao)
XXContextEnricherDef(org.apache.ranger.entity.XXContextEnricherDef)
XXContextEnricherDefDao(org.apache.ranger.db.XXContextEnricherDefDao)
Example 5 with XXPolicyRefCondition
use of org.apache.ranger.entity.XXPolicyRefCondition in project ranger by apache.
the class PolicyRefUpdater method createNewPolMappingForRefTable.
public void createNewPolMappingForRefTable(RangerPolicy policy, XXPolicy xPolicy, XXServiceDef xServiceDef) throws Exception {
if (policy == null) {
return;
}
cleanupRefTables(policy);
final Set<String> resourceNames = policy.getResources().keySet();
final Set<String> roleNames = new HashSet<>();
final Set<String> groupNames = new HashSet<>();
final Set<String> userNames = new HashSet<>();
final Set<String> accessTypes = new HashSet<>();
final Set<String> conditionTypes = new HashSet<>();
final Set<String> dataMaskTypes = new HashSet<>();
boolean oldBulkMode = RangerBizUtil.isBulkMode();
List<RangerPolicy.RangerPolicyItemCondition> rangerPolicyConditions = policy.getConditions();
if (CollectionUtils.isNotEmpty(rangerPolicyConditions)) {
for (RangerPolicy.RangerPolicyItemCondition condition : rangerPolicyConditions) {
conditionTypes.add(condition.getType());
}
}
for (List<? extends RangerPolicyItem> policyItems : getAllPolicyItems(policy)) {
if (CollectionUtils.isEmpty(policyItems)) {
continue;
}
for (RangerPolicyItem policyItem : policyItems) {
roleNames.addAll(policyItem.getRoles());
groupNames.addAll(policyItem.getGroups());
userNames.addAll(policyItem.getUsers());
if (CollectionUtils.isNotEmpty(policyItem.getAccesses())) {
for (RangerPolicyItemAccess access : policyItem.getAccesses()) {
accessTypes.add(access.getType());
}
}
if (CollectionUtils.isNotEmpty(policyItem.getConditions())) {
for (RangerPolicyItemCondition condition : policyItem.getConditions()) {
conditionTypes.add(condition.getType());
}
}
if (policyItem instanceof RangerDataMaskPolicyItem) {
RangerPolicyItemDataMaskInfo dataMaskInfo = ((RangerDataMaskPolicyItem) policyItem).getDataMaskInfo();
dataMaskTypes.add(dataMaskInfo.getDataMaskType());
}
}
}
List<XXPolicyRefResource> xPolResources = new ArrayList<>();
for (String resource : resourceNames) {
XXResourceDef xResDef = daoMgr.getXXResourceDef().findByNameAndPolicyId(resource, policy.getId());
if (xResDef == null) {
throw new Exception(resource + ": is not a valid resource-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyRefResource xPolRes = rangerAuditFields.populateAuditFields(new XXPolicyRefResource(), xPolicy);
xPolRes.setPolicyId(policy.getId());
xPolRes.setResourceDefId(xResDef.getId());
xPolRes.setResourceName(resource);
xPolResources.add(xPolRes);
}
daoMgr.getXXPolicyRefResource().batchCreate(xPolResources);
final boolean isAdmin = rangerBizUtil.checkAdminAccess();
List<XXPolicyRefRole> xPolRoles = new ArrayList<>();
for (String role : roleNames) {
if (StringUtils.isBlank(role)) {
continue;
}
PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.ROLE, role, xPolicy);
if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
VXResponse gjResponse = new VXResponse();
gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
gjResponse.setMsgDesc("Operation denied. Role name: " + role + " specified in policy does not exist in ranger admin.");
throw restErrorUtil.generateRESTException(gjResponse);
}
}
}
RangerBizUtil.setBulkMode(oldBulkMode);
daoMgr.getXXPolicyRefRole().batchCreate(xPolRoles);
for (String group : groupNames) {
if (StringUtils.isBlank(group)) {
continue;
}
PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.GROUP, group, xPolicy);
if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
VXResponse gjResponse = new VXResponse();
gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
gjResponse.setMsgDesc("Operation denied. Group name: " + group + " specified in policy does not exist in ranger admin.");
throw restErrorUtil.generateRESTException(gjResponse);
}
}
}
for (String user : userNames) {
if (StringUtils.isBlank(user)) {
continue;
}
PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.USER, user, xPolicy);
if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
VXResponse gjResponse = new VXResponse();
gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
gjResponse.setMsgDesc("Operation denied. User name: " + user + " specified in policy does not exist in ranger admin.");
throw restErrorUtil.generateRESTException(gjResponse);
}
}
}
List<XXPolicyRefAccessType> xPolAccesses = new ArrayList<>();
for (String accessType : accessTypes) {
XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef().findByNameAndServiceId(accessType, xPolicy.getService());
if (xAccTypeDef == null) {
throw new Exception(accessType + ": is not a valid access-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyRefAccessType xPolAccess = rangerAuditFields.populateAuditFields(new XXPolicyRefAccessType(), xPolicy);
xPolAccess.setPolicyId(policy.getId());
xPolAccess.setAccessDefId(xAccTypeDef.getId());
xPolAccess.setAccessTypeName(accessType);
xPolAccesses.add(xPolAccess);
}
daoMgr.getXXPolicyRefAccessType().batchCreate(xPolAccesses);
List<XXPolicyRefCondition> xPolConds = new ArrayList<>();
for (String condition : conditionTypes) {
XXPolicyConditionDef xPolCondDef = daoMgr.getXXPolicyConditionDef().findByServiceDefIdAndName(xServiceDef.getId(), condition);
if (xPolCondDef == null) {
throw new Exception(condition + ": is not a valid condition-type. policy='" + xPolicy.getName() + "' service='" + xPolicy.getService() + "'");
}
XXPolicyRefCondition xPolCond = rangerAuditFields.populateAuditFields(new XXPolicyRefCondition(), xPolicy);
xPolCond.setPolicyId(policy.getId());
xPolCond.setConditionDefId(xPolCondDef.getId());
xPolCond.setConditionName(condition);
xPolConds.add(xPolCond);
}
daoMgr.getXXPolicyRefCondition().batchCreate(xPolConds);
List<XXPolicyRefDataMaskType> xxDataMaskInfos = new ArrayList<>();
for (String dataMaskType : dataMaskTypes) {
XXDataMaskTypeDef dataMaskDef = daoMgr.getXXDataMaskTypeDef().findByNameAndServiceId(dataMaskType, xPolicy.getService());
if (dataMaskDef == null) {
throw new Exception(dataMaskType + ": is not a valid datamask-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyRefDataMaskType xxDataMaskInfo = new XXPolicyRefDataMaskType();
xxDataMaskInfo.setPolicyId(policy.getId());
xxDataMaskInfo.setDataMaskDefId(dataMaskDef.getId());
xxDataMaskInfo.setDataMaskTypeName(dataMaskType);
xxDataMaskInfos.add(xxDataMaskInfo);
}
daoMgr.getXXPolicyRefDataMaskType().batchCreate(xxDataMaskInfos);
}
Also used :
ArrayList(java.util.ArrayList)
XXPolicyRefRole(org.apache.ranger.entity.XXPolicyRefRole)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
XXPolicyRefCondition(org.apache.ranger.entity.XXPolicyRefCondition)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
RangerPolicyItemDataMaskInfo(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo)
HashSet(java.util.HashSet)
VXResponse(org.apache.ranger.view.VXResponse)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
XXPolicyRefAccessType(org.apache.ranger.entity.XXPolicyRefAccessType)
XXPolicyRefDataMaskType(org.apache.ranger.entity.XXPolicyRefDataMaskType)
XXPolicyRefResource(org.apache.ranger.entity.XXPolicyRefResource)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
Aggregations
XXPolicyConditionDef (org.apache.ranger.entity.XXPolicyConditionDef)5
XXPolicyRefCondition (org.apache.ranger.entity.XXPolicyRefCondition)5
XXAccessTypeDef (org.apache.ranger.entity.XXAccessTypeDef)3
XXDataMaskTypeDef (org.apache.ranger.entity.XXDataMaskTypeDef)3
XXResourceDef (org.apache.ranger.entity.XXResourceDef)3
XXContextEnricherDefDao (org.apache.ranger.db.XXContextEnricherDefDao)2
XXDataMaskTypeDefDao (org.apache.ranger.db.XXDataMaskTypeDefDao)2
XXEnumDefDao (org.apache.ranger.db.XXEnumDefDao)2
XXPolicyConditionDefDao (org.apache.ranger.db.XXPolicyConditionDefDao)2
XXPolicyRefConditionDao (org.apache.ranger.db.XXPolicyRefConditionDao)2
XXServiceConfigDefDao (org.apache.ranger.db.XXServiceConfigDefDao)2
XXContextEnricherDef (org.apache.ranger.entity.XXContextEnricherDef)2
XXEnumDef (org.apache.ranger.entity.XXEnumDef)2
XXEnumElementDef (org.apache.ranger.entity.XXEnumElementDef)2
XXPolicyRefAccessType (org.apache.ranger.entity.XXPolicyRefAccessType)2
XXPolicyRefResource (org.apache.ranger.entity.XXPolicyRefResource)2
XXServiceConfigDef (org.apache.ranger.entity.XXServiceConfigDef)2
XXServiceDef (org.apache.ranger.entity.XXServiceDef)2
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
