Example 1 with XXPolicyRefResource
use of org.apache.ranger.entity.XXPolicyRefResource in project ranger by apache.
the class PatchForMigratingOldRegimePolicyJson_J10046 method addResourceDefRef.
private void addResourceDefRef(String serviceType, RangerPolicy policy) throws Exception {
logger.info("==> addResourceDefRef(id=" + policy.getId() + ")");
Map<String, Long> serviceDefResourceNameIDMap = resourceNameIdMap.get(serviceType);
if (serviceDefResourceNameIDMap == null) {
serviceDefResourceNameIDMap = new HashMap<>();
resourceNameIdMap.put(serviceType, serviceDefResourceNameIDMap);
XXServiceDef dbServiceDef = daoMgr.getXXServiceDef().findByName(serviceType);
for (XXResourceDef resourceDef : daoMgr.getXXResourceDef().findByServiceDefId(dbServiceDef.getId())) {
serviceDefResourceNameIDMap.put(resourceDef.getName(), resourceDef.getId());
}
}
Map<String, RangerPolicyResource> policyResources = policy.getResources();
if (MapUtils.isNotEmpty(policyResources)) {
XXPolicyRefResourceDao policyRefResourceDao = daoMgr.getXXPolicyRefResource();
Set<String> resourceNames = policyResources.keySet();
for (String resourceName : resourceNames) {
Long resourceDefId = serviceDefResourceNameIDMap.get(resourceName);
if (resourceDefId == null) {
throw new Exception(resourceName + ": unknown resource in policy [id=" + policy.getId() + "; name=" + policy.getName() + "; serviceType=" + serviceType + "]. Known resources: " + serviceDefResourceNameIDMap.keySet());
}
// insert policy-id, resourceDefId, resourceName into Ref table
XXPolicyRefResource policyRefResource = new XXPolicyRefResource();
policyRefResource.setPolicyId(policy.getId());
policyRefResource.setResourceDefId(resourceDefId);
policyRefResource.setResourceName(resourceName);
policyRefResourceDao.create(policyRefResource);
}
}
logger.info("<== addResourceDefRef(id=" + policy.getId() + ")");
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
XXPolicyRefResource(org.apache.ranger.entity.XXPolicyRefResource)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
XXPolicyRefResourceDao(org.apache.ranger.db.XXPolicyRefResourceDao)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
Example 2 with XXPolicyRefResource
use of org.apache.ranger.entity.XXPolicyRefResource in project ranger by apache.
the class PatchForUpdatingPolicyJson_J10019 method addResourceDefRef.
private void addResourceDefRef(String serviceType, RangerPolicy policy) throws Exception {
logger.info("==> addResourceDefRef(id=" + policy.getId() + ")");
Map<String, Long> serviceDefResourceNameIDMap = resourceNameIdMap.get(serviceType);
if (serviceDefResourceNameIDMap == null) {
serviceDefResourceNameIDMap = new HashMap<>();
resourceNameIdMap.put(serviceType, serviceDefResourceNameIDMap);
XXServiceDef dbServiceDef = daoMgr.getXXServiceDef().findByName(serviceType);
for (XXResourceDef resourceDef : daoMgr.getXXResourceDef().findByServiceDefId(dbServiceDef.getId())) {
serviceDefResourceNameIDMap.put(resourceDef.getName(), resourceDef.getId());
}
}
Map<String, RangerPolicyResource> policyResources = policy.getResources();
if (MapUtils.isNotEmpty(policyResources)) {
XXPolicyRefResourceDao policyRefResourceDao = daoMgr.getXXPolicyRefResource();
Set<String> resourceNames = policyResources.keySet();
for (String resourceName : resourceNames) {
Long resourceDefId = serviceDefResourceNameIDMap.get(resourceName);
if (resourceDefId == null) {
throw new Exception(resourceName + ": unknown resource in policy [id=" + policy.getId() + "; name=" + policy.getName() + "; serviceType=" + serviceType + "]. Known resources: " + serviceDefResourceNameIDMap.keySet());
}
// insert policy-id, resourceDefId, resourceName into Ref table
XXPolicyRefResource policyRefResource = new XXPolicyRefResource();
policyRefResource.setPolicyId(policy.getId());
policyRefResource.setResourceDefId(resourceDefId);
policyRefResource.setResourceName(resourceName);
policyRefResourceDao.create(policyRefResource);
}
}
logger.info("<== addResourceDefRef(id=" + policy.getId() + ")");
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
XXPolicyRefResource(org.apache.ranger.entity.XXPolicyRefResource)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
XXPolicyRefResourceDao(org.apache.ranger.db.XXPolicyRefResourceDao)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
Example 3 with XXPolicyRefResource
use of org.apache.ranger.entity.XXPolicyRefResource in project ranger by apache.
the class ServiceDBStore method deleteXXResourceDef.
public void deleteXXResourceDef(XXResourceDef xRes) {
List<XXResourceDef> xChildObjs = daoMgr.getXXResourceDef().findByParentResId(xRes.getId());
for (XXResourceDef childRes : xChildObjs) {
deleteXXResourceDef(childRes);
}
List<XXPolicyRefResource> xxPolicyRefResources = daoMgr.getXXPolicyRefResource().findByResourceDefID(xRes.getId());
for (XXPolicyRefResource xPolRefRes : xxPolicyRefResources) {
daoMgr.getXXPolicyRefResource().remove(xPolRefRes);
}
daoMgr.getXXResourceDef().remove(xRes);
}
Also used :
XXPolicyRefResource(org.apache.ranger.entity.XXPolicyRefResource)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
Example 4 with XXPolicyRefResource
use of org.apache.ranger.entity.XXPolicyRefResource in project ranger by apache.
the class ServiceDBStore method updateChildObjectsOfServiceDef.
private void updateChildObjectsOfServiceDef(XXServiceDef createdSvcDef, List<RangerServiceConfigDef> configs, List<RangerResourceDef> resources, List<RangerAccessTypeDef> accessTypes, List<RangerPolicyConditionDef> policyConditions, List<RangerContextEnricherDef> contextEnrichers, List<RangerEnumDef> enums, RangerDataMaskDef dataMaskDef, RangerRowFilterDef rowFilterDef) {
Long serviceDefId = createdSvcDef.getId();
List<XXServiceConfigDef> xxConfigs = daoMgr.getXXServiceConfigDef().findByServiceDefId(serviceDefId);
List<XXResourceDef> xxResources = daoMgr.getXXResourceDef().findByServiceDefId(serviceDefId);
List<XXAccessTypeDef> xxAccessTypes = daoMgr.getXXAccessTypeDef().findByServiceDefId(serviceDefId);
List<XXPolicyConditionDef> xxPolicyConditions = daoMgr.getXXPolicyConditionDef().findByServiceDefId(serviceDefId);
List<XXContextEnricherDef> xxContextEnrichers = daoMgr.getXXContextEnricherDef().findByServiceDefId(serviceDefId);
List<XXEnumDef> xxEnums = daoMgr.getXXEnumDef().findByServiceDefId(serviceDefId);
XXServiceConfigDefDao xxServiceConfigDao = daoMgr.getXXServiceConfigDef();
for (int i = 0; i < configs.size(); i++) {
RangerServiceConfigDef config = configs.get(i);
boolean found = false;
for (XXServiceConfigDef xConfig : xxConfigs) {
if (config.getItemId() != null && config.getItemId().equals(xConfig.getItemId())) {
found = true;
xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xConfig.setOrder(i);
xConfig = xxServiceConfigDao.update(xConfig);
config = serviceDefService.populateXXToRangerServiceConfigDef(xConfig);
break;
}
}
if (!found) {
XXServiceConfigDef xConfig = new XXServiceConfigDef();
xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xConfig.setOrder(i);
xConfig = xxServiceConfigDao.create(xConfig);
config = serviceDefService.populateXXToRangerServiceConfigDef(xConfig);
}
}
for (XXServiceConfigDef xConfig : xxConfigs) {
boolean found = false;
for (RangerServiceConfigDef config : configs) {
if (xConfig.getItemId() != null && xConfig.getItemId().equals(config.getItemId())) {
found = true;
break;
}
}
if (!found) {
xxServiceConfigDao.remove(xConfig);
}
}
XXResourceDefDao xxResDefDao = daoMgr.getXXResourceDef();
for (RangerResourceDef resource : resources) {
boolean found = false;
for (XXResourceDef xRes : xxResources) {
if (resource.getItemId() != null && resource.getItemId().equals(xRes.getItemId())) {
found = true;
xRes = serviceDefService.populateRangerResourceDefToXX(resource, xRes, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xxResDefDao.update(xRes);
resource = serviceDefService.populateXXToRangerResourceDef(xRes);
break;
}
}
if (!found) {
XXResourceDef parent = xxResDefDao.findByNameAndServiceDefId(resource.getParent(), serviceDefId);
Long parentId = (parent != null) ? parent.getId() : null;
XXResourceDef xResource = new XXResourceDef();
xResource = serviceDefService.populateRangerResourceDefToXX(resource, xResource, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xResource.setParent(parentId);
xResource = xxResDefDao.create(xResource);
}
}
for (XXResourceDef xRes : xxResources) {
boolean found = false;
for (RangerResourceDef resource : resources) {
if (xRes.getItemId() != null && xRes.getItemId().equals(resource.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXPolicyRefResource> xxPolicyRefResource = daoMgr.getXXPolicyRefResource().findByResourceDefID(xRes.getId());
if (!stringUtil.isEmpty(xxPolicyRefResource)) {
throw restErrorUtil.createRESTException("Policy/Policies are referring to this resource: " + xRes.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE);
}
deleteXXResourceDef(xRes);
}
}
XXAccessTypeDefDao xxATDDao = daoMgr.getXXAccessTypeDef();
for (int i = 0; i < accessTypes.size(); i++) {
RangerAccessTypeDef access = accessTypes.get(i);
boolean found = false;
for (XXAccessTypeDef xAccess : xxAccessTypes) {
if (access.getItemId() != null && access.getItemId().equals(xAccess.getItemId())) {
found = true;
xAccess = serviceDefService.populateRangerAccessTypeDefToXX(access, xAccess, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xAccess.setOrder(i);
xAccess = xxATDDao.update(xAccess);
Collection<String> impliedGrants = access.getImpliedGrants();
XXAccessTypeDefGrantsDao xxATDGrantDao = daoMgr.getXXAccessTypeDefGrants();
List<String> xxImpliedGrants = xxATDGrantDao.findImpliedGrantsByATDId(xAccess.getId());
for (String impliedGrant : impliedGrants) {
boolean foundGrant = false;
for (String xImpliedGrant : xxImpliedGrants) {
if (StringUtils.equalsIgnoreCase(impliedGrant, xImpliedGrant)) {
foundGrant = true;
break;
}
}
if (!foundGrant) {
XXAccessTypeDefGrants xImpliedGrant = new XXAccessTypeDefGrants();
xImpliedGrant.setAtdId(xAccess.getId());
xImpliedGrant.setImpliedGrant(impliedGrant);
xImpliedGrant = xxATDGrantDao.create(xImpliedGrant);
}
}
for (String xImpliedGrant : xxImpliedGrants) {
boolean foundGrant = false;
for (String impliedGrant : impliedGrants) {
if (StringUtils.equalsIgnoreCase(xImpliedGrant, impliedGrant)) {
foundGrant = true;
break;
}
}
if (!foundGrant) {
XXAccessTypeDefGrants xATDGrant = xxATDGrantDao.findByNameAndATDId(xAccess.getId(), xImpliedGrant);
xxATDGrantDao.remove(xATDGrant);
}
}
access = serviceDefService.populateXXToRangerAccessTypeDef(xAccess);
break;
}
}
if (!found) {
XXAccessTypeDef xAccessType = new XXAccessTypeDef();
xAccessType = serviceDefService.populateRangerAccessTypeDefToXX(access, xAccessType, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xAccessType.setOrder(i);
xAccessType = xxATDDao.create(xAccessType);
Collection<String> impliedGrants = access.getImpliedGrants();
XXAccessTypeDefGrantsDao xxATDGrantDao = daoMgr.getXXAccessTypeDefGrants();
for (String impliedGrant : impliedGrants) {
XXAccessTypeDefGrants xImpliedGrant = new XXAccessTypeDefGrants();
xImpliedGrant.setAtdId(xAccessType.getId());
xImpliedGrant.setImpliedGrant(impliedGrant);
xImpliedGrant = xxATDGrantDao.create(xImpliedGrant);
}
access = serviceDefService.populateXXToRangerAccessTypeDef(xAccessType);
}
}
for (XXAccessTypeDef xAccess : xxAccessTypes) {
boolean found = false;
for (RangerAccessTypeDef access : accessTypes) {
if (xAccess.getItemId() != null && xAccess.getItemId().equals(access.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXPolicyRefAccessType> policyRefAccessTypeList = daoMgr.getXXPolicyRefAccessType().findByAccessTypeDefId(xAccess.getId());
if (!stringUtil.isEmpty(policyRefAccessTypeList)) {
throw restErrorUtil.createRESTException("Policy/Policies are referring to this access-type: " + xAccess.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE);
}
deleteXXAccessTypeDef(xAccess);
}
}
XXPolicyConditionDefDao xxPolCondDao = daoMgr.getXXPolicyConditionDef();
for (int i = 0; i < policyConditions.size(); i++) {
RangerPolicyConditionDef condition = policyConditions.get(i);
boolean found = false;
for (XXPolicyConditionDef xCondition : xxPolicyConditions) {
if (condition.getItemId() != null && condition.getItemId().equals(xCondition.getItemId())) {
found = true;
xCondition = serviceDefService.populateRangerPolicyConditionDefToXX(condition, xCondition, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xCondition.setOrder(i);
xCondition = xxPolCondDao.update(xCondition);
condition = serviceDefService.populateXXToRangerPolicyConditionDef(xCondition);
break;
}
}
if (!found) {
XXPolicyConditionDef xCondition = new XXPolicyConditionDef();
xCondition = serviceDefService.populateRangerPolicyConditionDefToXX(condition, xCondition, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xCondition.setOrder(i);
xCondition = xxPolCondDao.create(xCondition);
condition = serviceDefService.populateXXToRangerPolicyConditionDef(xCondition);
}
}
for (XXPolicyConditionDef xCondition : xxPolicyConditions) {
boolean found = false;
for (RangerPolicyConditionDef condition : policyConditions) {
if (xCondition.getItemId() != null && xCondition.getItemId().equals(condition.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXPolicyRefCondition> xxPolicyRefConditions = daoMgr.getXXPolicyRefCondition().findByConditionDefId(xCondition.getId());
if (!stringUtil.isEmpty(xxPolicyRefConditions)) {
throw restErrorUtil.createRESTException("Policy/Policies are referring to this policy-condition: " + xCondition.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE);
}
for (XXPolicyRefCondition xxPolicyRefCondition : xxPolicyRefConditions) {
daoMgr.getXXPolicyRefCondition().remove(xxPolicyRefCondition);
}
xxPolCondDao.remove(xCondition);
}
}
XXContextEnricherDefDao xxContextEnricherDao = daoMgr.getXXContextEnricherDef();
for (int i = 0; i < contextEnrichers.size(); i++) {
RangerContextEnricherDef context = contextEnrichers.get(i);
boolean found = false;
for (XXContextEnricherDef xContext : xxContextEnrichers) {
if (context.getItemId() != null && context.getItemId().equals(xContext.getItemId())) {
found = true;
xContext = serviceDefService.populateRangerContextEnricherDefToXX(context, xContext, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xContext.setOrder(i);
xContext = xxContextEnricherDao.update(xContext);
context = serviceDefService.populateXXToRangerContextEnricherDef(xContext);
break;
}
}
if (!found) {
XXContextEnricherDef xContext = new XXContextEnricherDef();
xContext = serviceDefService.populateRangerContextEnricherDefToXX(context, xContext, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xContext.setOrder(i);
xContext = xxContextEnricherDao.create(xContext);
context = serviceDefService.populateXXToRangerContextEnricherDef(xContext);
}
}
for (XXContextEnricherDef xContext : xxContextEnrichers) {
boolean found = false;
for (RangerContextEnricherDef context : contextEnrichers) {
if (xContext.getItemId() != null && xContext.getItemId().equals(context.getItemId())) {
found = true;
break;
}
}
if (!found) {
daoMgr.getXXContextEnricherDef().remove(xContext);
}
}
XXEnumDefDao xxEnumDefDao = daoMgr.getXXEnumDef();
for (RangerEnumDef enumDef : enums) {
boolean found = false;
for (XXEnumDef xEnumDef : xxEnums) {
if (enumDef.getItemId() != null && enumDef.getItemId().equals(xEnumDef.getItemId())) {
found = true;
xEnumDef = serviceDefService.populateRangerEnumDefToXX(enumDef, xEnumDef, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xEnumDef = xxEnumDefDao.update(xEnumDef);
XXEnumElementDefDao xEnumEleDao = daoMgr.getXXEnumElementDef();
List<XXEnumElementDef> xxEnumEleDefs = xEnumEleDao.findByEnumDefId(xEnumDef.getId());
List<RangerEnumElementDef> enumEleDefs = enumDef.getElements();
for (int i = 0; i < enumEleDefs.size(); i++) {
RangerEnumElementDef eleDef = enumEleDefs.get(i);
boolean foundEle = false;
for (XXEnumElementDef xEleDef : xxEnumEleDefs) {
if (eleDef.getItemId() != null && eleDef.getItemId().equals(xEleDef.getItemId())) {
foundEle = true;
xEleDef = serviceDefService.populateRangerEnumElementDefToXX(eleDef, xEleDef, xEnumDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xEleDef.setOrder(i);
xEleDef = xEnumEleDao.update(xEleDef);
break;
}
}
if (!foundEle) {
XXEnumElementDef xElement = new XXEnumElementDef();
xElement = serviceDefService.populateRangerEnumElementDefToXX(eleDef, xElement, xEnumDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xElement.setOrder(i);
xElement = xEnumEleDao.create(xElement);
}
}
for (XXEnumElementDef xxEleDef : xxEnumEleDefs) {
boolean foundEle = false;
for (RangerEnumElementDef enumEle : enumEleDefs) {
if (xxEleDef.getItemId() != null && xxEleDef.getItemId().equals(enumEle.getItemId())) {
foundEle = true;
break;
}
}
if (!foundEle) {
xEnumEleDao.remove(xxEleDef);
}
}
enumDef = serviceDefService.populateXXToRangerEnumDef(xEnumDef);
break;
}
}
if (!found) {
XXEnumDef xEnum = new XXEnumDef();
xEnum = serviceDefService.populateRangerEnumDefToXX(enumDef, xEnum, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xEnum = xxEnumDefDao.create(xEnum);
List<RangerEnumElementDef> elements = enumDef.getElements();
XXEnumElementDefDao xxEnumEleDefDao = daoMgr.getXXEnumElementDef();
for (RangerEnumElementDef element : elements) {
XXEnumElementDef xElement = new XXEnumElementDef();
xElement = serviceDefService.populateRangerEnumElementDefToXX(element, xElement, xEnum, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xElement = xxEnumEleDefDao.create(xElement);
}
enumDef = serviceDefService.populateXXToRangerEnumDef(xEnum);
}
}
for (XXEnumDef xEnumDef : xxEnums) {
boolean found = false;
for (RangerEnumDef enumDef : enums) {
if (xEnumDef.getItemId() != null && xEnumDef.getItemId().equals(enumDef.getItemId())) {
found = true;
break;
}
}
if (!found) {
List<XXEnumElementDef> enumEleDefList = daoMgr.getXXEnumElementDef().findByEnumDefId(xEnumDef.getId());
for (XXEnumElementDef eleDef : enumEleDefList) {
daoMgr.getXXEnumElementDef().remove(eleDef);
}
xxEnumDefDao.remove(xEnumDef);
}
}
List<RangerDataMaskTypeDef> dataMasks = dataMaskDef == null || dataMaskDef.getMaskTypes() == null ? new ArrayList<RangerDataMaskTypeDef>() : dataMaskDef.getMaskTypes();
List<RangerAccessTypeDef> dataMaskAccessTypes = dataMaskDef == null || dataMaskDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : dataMaskDef.getAccessTypes();
List<RangerResourceDef> dataMaskResources = dataMaskDef == null || dataMaskDef.getResources() == null ? new ArrayList<RangerResourceDef>() : dataMaskDef.getResources();
List<RangerAccessTypeDef> rowFilterAccessTypes = rowFilterDef == null || rowFilterDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : rowFilterDef.getAccessTypes();
List<RangerResourceDef> rowFilterResources = rowFilterDef == null || rowFilterDef.getResources() == null ? new ArrayList<RangerResourceDef>() : rowFilterDef.getResources();
XXDataMaskTypeDefDao dataMaskTypeDao = daoMgr.getXXDataMaskTypeDef();
List<XXDataMaskTypeDef> xxDataMaskTypes = dataMaskTypeDao.findByServiceDefId(serviceDefId);
List<XXAccessTypeDef> xxAccessTypeDefs = xxATDDao.findByServiceDefId(serviceDefId);
List<XXResourceDef> xxResourceDefs = xxResDefDao.findByServiceDefId(serviceDefId);
// create or update dataMasks
for (int i = 0; i < dataMasks.size(); i++) {
RangerDataMaskTypeDef dataMask = dataMasks.get(i);
boolean found = false;
for (XXDataMaskTypeDef xxDataMask : xxDataMaskTypes) {
if (xxDataMask.getItemId() != null && xxDataMask.getItemId().equals(dataMask.getItemId())) {
if (LOG.isDebugEnabled()) {
LOG.debug("Updating existing dataMask with itemId=" + dataMask.getItemId());
}
found = true;
xxDataMask = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xxDataMask, createdSvcDef, RangerServiceDefService.OPERATION_UPDATE_CONTEXT);
xxDataMask.setOrder(i);
xxDataMask = dataMaskTypeDao.update(xxDataMask);
dataMask = serviceDefService.populateXXToRangerDataMaskTypeDef(xxDataMask);
break;
}
}
if (!found) {
if (LOG.isDebugEnabled()) {
LOG.debug("Creating dataMask with itemId=" + dataMask.getItemId() + "");
}
XXDataMaskTypeDef xxDataMask = new XXDataMaskTypeDef();
xxDataMask = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xxDataMask, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xxDataMask.setOrder(i);
xxDataMask = dataMaskTypeDao.create(xxDataMask);
}
}
// remove dataMasks
for (XXDataMaskTypeDef xxDataMask : xxDataMaskTypes) {
boolean found = false;
for (RangerDataMaskTypeDef dataMask : dataMasks) {
if (xxDataMask.getItemId() != null && xxDataMask.getItemId().equals(dataMask.getItemId())) {
found = true;
break;
}
}
if (!found) {
if (LOG.isDebugEnabled()) {
LOG.debug("Deleting dataMask with itemId=" + xxDataMask.getItemId());
}
dataMaskTypeDao.remove(xxDataMask);
}
}
for (RangerAccessTypeDef accessType : dataMaskAccessTypes) {
if (!isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
throw restErrorUtil.createRESTException("accessType with name: " + accessType.getName() + " does not exist", MessageEnums.DATA_NOT_FOUND);
}
}
for (RangerAccessTypeDef accessType : rowFilterAccessTypes) {
if (!isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
throw restErrorUtil.createRESTException("accessType with name: " + accessType.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) {
String dataMaskOptions = null;
String rowFilterOptions = null;
for (RangerAccessTypeDef accessTypeDef : dataMaskAccessTypes) {
if (StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
break;
}
}
for (RangerAccessTypeDef accessTypeDef : rowFilterAccessTypes) {
if (StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
break;
}
}
if (!StringUtils.equals(dataMaskOptions, xxAccessTypeDef.getDataMaskOptions()) || !StringUtils.equals(rowFilterOptions, xxAccessTypeDef.getRowFilterOptions())) {
xxAccessTypeDef.setDataMaskOptions(dataMaskOptions);
xxAccessTypeDef.setRowFilterOptions(rowFilterOptions);
xxATDDao.update(xxAccessTypeDef);
}
}
for (RangerResourceDef resource : dataMaskResources) {
if (!isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: " + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (RangerResourceDef resource : rowFilterResources) {
if (!isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: " + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (XXResourceDef xxResourceDef : xxResourceDefs) {
String dataMaskOptions = null;
String rowFilterOptions = null;
for (RangerResourceDef resource : dataMaskResources) {
if (StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(resource);
break;
}
}
for (RangerResourceDef resource : rowFilterResources) {
if (StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(resource);
break;
}
}
if (!StringUtils.equals(dataMaskOptions, xxResourceDef.getDataMaskOptions()) || !StringUtils.equals(rowFilterOptions, xxResourceDef.getRowFilterOptions())) {
xxResourceDef.setDataMaskOptions(dataMaskOptions);
xxResourceDef.setRowFilterOptions(rowFilterOptions);
xxResDefDao.update(xxResourceDef);
}
}
}
Also used :
XXPolicyConditionDefDao(org.apache.ranger.db.XXPolicyConditionDefDao)
VXString(org.apache.ranger.view.VXString)
RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXPolicyRefCondition(org.apache.ranger.entity.XXPolicyRefCondition)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
XXServiceConfigDef(org.apache.ranger.entity.XXServiceConfigDef)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
RangerServiceConfigDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)
RangerDataMaskTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskTypeDef)
XXAccessTypeDefGrantsDao(org.apache.ranger.db.XXAccessTypeDefGrantsDao)
XXPolicyRefAccessType(org.apache.ranger.entity.XXPolicyRefAccessType)
XXEnumElementDef(org.apache.ranger.entity.XXEnumElementDef)
XXPolicyRefResource(org.apache.ranger.entity.XXPolicyRefResource)
XXDataMaskTypeDefDao(org.apache.ranger.db.XXDataMaskTypeDefDao)
RangerEnumDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)
XXEnumElementDefDao(org.apache.ranger.db.XXEnumElementDefDao)
XXAccessTypeDefDao(org.apache.ranger.db.XXAccessTypeDefDao)
XXAccessTypeDefGrants(org.apache.ranger.entity.XXAccessTypeDefGrants)
XXEnumDefDao(org.apache.ranger.db.XXEnumDefDao)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
XXResourceDefDao(org.apache.ranger.db.XXResourceDefDao)
RangerEnumElementDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
RangerAccessTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)
RangerContextEnricherDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)
XXEnumDef(org.apache.ranger.entity.XXEnumDef)
XXServiceConfigDefDao(org.apache.ranger.db.XXServiceConfigDefDao)
XXContextEnricherDef(org.apache.ranger.entity.XXContextEnricherDef)
XXContextEnricherDefDao(org.apache.ranger.db.XXContextEnricherDefDao)
Example 5 with XXPolicyRefResource
use of org.apache.ranger.entity.XXPolicyRefResource in project ranger by apache.
the class PolicyRefUpdater method createNewPolMappingForRefTable.
public void createNewPolMappingForRefTable(RangerPolicy policy, XXPolicy xPolicy, XXServiceDef xServiceDef) throws Exception {
if (policy == null) {
return;
}
cleanupRefTables(policy);
final Set<String> resourceNames = policy.getResources().keySet();
final Set<String> roleNames = new HashSet<>();
final Set<String> groupNames = new HashSet<>();
final Set<String> userNames = new HashSet<>();
final Set<String> accessTypes = new HashSet<>();
final Set<String> conditionTypes = new HashSet<>();
final Set<String> dataMaskTypes = new HashSet<>();
boolean oldBulkMode = RangerBizUtil.isBulkMode();
List<RangerPolicy.RangerPolicyItemCondition> rangerPolicyConditions = policy.getConditions();
if (CollectionUtils.isNotEmpty(rangerPolicyConditions)) {
for (RangerPolicy.RangerPolicyItemCondition condition : rangerPolicyConditions) {
conditionTypes.add(condition.getType());
}
}
for (List<? extends RangerPolicyItem> policyItems : getAllPolicyItems(policy)) {
if (CollectionUtils.isEmpty(policyItems)) {
continue;
}
for (RangerPolicyItem policyItem : policyItems) {
roleNames.addAll(policyItem.getRoles());
groupNames.addAll(policyItem.getGroups());
userNames.addAll(policyItem.getUsers());
if (CollectionUtils.isNotEmpty(policyItem.getAccesses())) {
for (RangerPolicyItemAccess access : policyItem.getAccesses()) {
accessTypes.add(access.getType());
}
}
if (CollectionUtils.isNotEmpty(policyItem.getConditions())) {
for (RangerPolicyItemCondition condition : policyItem.getConditions()) {
conditionTypes.add(condition.getType());
}
}
if (policyItem instanceof RangerDataMaskPolicyItem) {
RangerPolicyItemDataMaskInfo dataMaskInfo = ((RangerDataMaskPolicyItem) policyItem).getDataMaskInfo();
dataMaskTypes.add(dataMaskInfo.getDataMaskType());
}
}
}
List<XXPolicyRefResource> xPolResources = new ArrayList<>();
for (String resource : resourceNames) {
XXResourceDef xResDef = daoMgr.getXXResourceDef().findByNameAndPolicyId(resource, policy.getId());
if (xResDef == null) {
throw new Exception(resource + ": is not a valid resource-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyRefResource xPolRes = rangerAuditFields.populateAuditFields(new XXPolicyRefResource(), xPolicy);
xPolRes.setPolicyId(policy.getId());
xPolRes.setResourceDefId(xResDef.getId());
xPolRes.setResourceName(resource);
xPolResources.add(xPolRes);
}
daoMgr.getXXPolicyRefResource().batchCreate(xPolResources);
final boolean isAdmin = rangerBizUtil.checkAdminAccess();
List<XXPolicyRefRole> xPolRoles = new ArrayList<>();
for (String role : roleNames) {
if (StringUtils.isBlank(role)) {
continue;
}
PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.ROLE, role, xPolicy);
if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
VXResponse gjResponse = new VXResponse();
gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
gjResponse.setMsgDesc("Operation denied. Role name: " + role + " specified in policy does not exist in ranger admin.");
throw restErrorUtil.generateRESTException(gjResponse);
}
}
}
RangerBizUtil.setBulkMode(oldBulkMode);
daoMgr.getXXPolicyRefRole().batchCreate(xPolRoles);
for (String group : groupNames) {
if (StringUtils.isBlank(group)) {
continue;
}
PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.GROUP, group, xPolicy);
if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
VXResponse gjResponse = new VXResponse();
gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
gjResponse.setMsgDesc("Operation denied. Group name: " + group + " specified in policy does not exist in ranger admin.");
throw restErrorUtil.generateRESTException(gjResponse);
}
}
}
for (String user : userNames) {
if (StringUtils.isBlank(user)) {
continue;
}
PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.USER, user, xPolicy);
if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
VXResponse gjResponse = new VXResponse();
gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
gjResponse.setMsgDesc("Operation denied. User name: " + user + " specified in policy does not exist in ranger admin.");
throw restErrorUtil.generateRESTException(gjResponse);
}
}
}
List<XXPolicyRefAccessType> xPolAccesses = new ArrayList<>();
for (String accessType : accessTypes) {
XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef().findByNameAndServiceId(accessType, xPolicy.getService());
if (xAccTypeDef == null) {
throw new Exception(accessType + ": is not a valid access-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyRefAccessType xPolAccess = rangerAuditFields.populateAuditFields(new XXPolicyRefAccessType(), xPolicy);
xPolAccess.setPolicyId(policy.getId());
xPolAccess.setAccessDefId(xAccTypeDef.getId());
xPolAccess.setAccessTypeName(accessType);
xPolAccesses.add(xPolAccess);
}
daoMgr.getXXPolicyRefAccessType().batchCreate(xPolAccesses);
List<XXPolicyRefCondition> xPolConds = new ArrayList<>();
for (String condition : conditionTypes) {
XXPolicyConditionDef xPolCondDef = daoMgr.getXXPolicyConditionDef().findByServiceDefIdAndName(xServiceDef.getId(), condition);
if (xPolCondDef == null) {
throw new Exception(condition + ": is not a valid condition-type. policy='" + xPolicy.getName() + "' service='" + xPolicy.getService() + "'");
}
XXPolicyRefCondition xPolCond = rangerAuditFields.populateAuditFields(new XXPolicyRefCondition(), xPolicy);
xPolCond.setPolicyId(policy.getId());
xPolCond.setConditionDefId(xPolCondDef.getId());
xPolCond.setConditionName(condition);
xPolConds.add(xPolCond);
}
daoMgr.getXXPolicyRefCondition().batchCreate(xPolConds);
List<XXPolicyRefDataMaskType> xxDataMaskInfos = new ArrayList<>();
for (String dataMaskType : dataMaskTypes) {
XXDataMaskTypeDef dataMaskDef = daoMgr.getXXDataMaskTypeDef().findByNameAndServiceId(dataMaskType, xPolicy.getService());
if (dataMaskDef == null) {
throw new Exception(dataMaskType + ": is not a valid datamask-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyRefDataMaskType xxDataMaskInfo = new XXPolicyRefDataMaskType();
xxDataMaskInfo.setPolicyId(policy.getId());
xxDataMaskInfo.setDataMaskDefId(dataMaskDef.getId());
xxDataMaskInfo.setDataMaskTypeName(dataMaskType);
xxDataMaskInfos.add(xxDataMaskInfo);
}
daoMgr.getXXPolicyRefDataMaskType().batchCreate(xxDataMaskInfos);
}
Also used :
ArrayList(java.util.ArrayList)
XXPolicyRefRole(org.apache.ranger.entity.XXPolicyRefRole)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
XXPolicyRefCondition(org.apache.ranger.entity.XXPolicyRefCondition)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
RangerPolicyItemDataMaskInfo(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo)
HashSet(java.util.HashSet)
VXResponse(org.apache.ranger.view.VXResponse)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
XXPolicyRefAccessType(org.apache.ranger.entity.XXPolicyRefAccessType)
XXPolicyRefDataMaskType(org.apache.ranger.entity.XXPolicyRefDataMaskType)
XXPolicyRefResource(org.apache.ranger.entity.XXPolicyRefResource)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
Aggregations
XXPolicyRefResource (org.apache.ranger.entity.XXPolicyRefResource)5
XXResourceDef (org.apache.ranger.entity.XXResourceDef)5
XXPolicyRefResourceDao (org.apache.ranger.db.XXPolicyRefResourceDao)2
XXAccessTypeDef (org.apache.ranger.entity.XXAccessTypeDef)2
XXDataMaskTypeDef (org.apache.ranger.entity.XXDataMaskTypeDef)2
XXPolicyConditionDef (org.apache.ranger.entity.XXPolicyConditionDef)2
XXPolicyRefAccessType (org.apache.ranger.entity.XXPolicyRefAccessType)2
XXPolicyRefCondition (org.apache.ranger.entity.XXPolicyRefCondition)2
XXServiceDef (org.apache.ranger.entity.XXServiceDef)2
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)2
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
XXAccessTypeDefDao (org.apache.ranger.db.XXAccessTypeDefDao)1
XXAccessTypeDefGrantsDao (org.apache.ranger.db.XXAccessTypeDefGrantsDao)1
XXContextEnricherDefDao (org.apache.ranger.db.XXContextEnricherDefDao)1
XXDataMaskTypeDefDao (org.apache.ranger.db.XXDataMaskTypeDefDao)1
XXEnumDefDao (org.apache.ranger.db.XXEnumDefDao)1
XXEnumElementDefDao (org.apache.ranger.db.XXEnumElementDefDao)1
XXPolicyConditionDefDao (org.apache.ranger.db.XXPolicyConditionDefDao)1
XXResourceDefDao (org.apache.ranger.db.XXResourceDefDao)1
