Example 16 with XXResource
use of org.apache.ranger.entity.XXResource in project ranger by apache.
the class RangerBizUtil method matchHdfsPolicy.
/**
* returns true if user is having required permission on given Hdfs resource
*
* @param resourceName
* @param xResourceList
* @param xUserId
* @param permission
* @return
*/
private boolean matchHdfsPolicy(String resourceName, List<XXResource> xResourceList, Long xUserId, int permission) {
boolean matchFound = false;
resourceName = replaceMetaChars(resourceName);
for (XXResource xResource : xResourceList) {
if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) {
continue;
}
Long resourceId = xResource.getId();
matchFound = checkUsrPermForPolicy(xUserId, permission, resourceId);
if (matchFound) {
matchFound = false;
String resource = xResource.getName();
String[] dbResourceNameList = resource.split(",");
for (String dbResourceName : dbResourceNameList) {
if (comparePathsForExactMatch(resourceName, dbResourceName)) {
matchFound = true;
} else {
if (xResource.getIsRecursive() == AppConstants.BOOL_TRUE) {
matchFound = isRecursiveWildCardMatch(resourceName, dbResourceName);
} else {
matchFound = nonRecursiveWildCardMatch(resourceName, dbResourceName);
}
}
if (matchFound) {
break;
}
}
if (matchFound) {
break;
}
}
}
return matchFound;
}
Also used :
XXResource(org.apache.ranger.entity.XXResource)
VXString(org.apache.ranger.view.VXString)
Example 17 with XXResource
use of org.apache.ranger.entity.XXResource in project ranger by apache.
the class XPolicyService method updatePermGroup.
public List<VXPermMap> updatePermGroup(VXResource vXResource) {
XXResource xxResource = xaDaoMgr.getXXResource().getById(vXResource.getId());
if (xxResource == null) {
logger.info("Resource : " + vXResource.getPolicyName() + " Not Found, while updating PermGroup");
throw restErrorUtil.createRESTException("Resource Not found to update PermGroup", MessageEnums.DATA_NOT_FOUND);
}
Long resId = vXResource.getId();
List<VXPermMap> updatedPermMapList = new ArrayList<VXPermMap>();
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("resourceId", resId);
VXPermMapList currentPermMaps = xPermMapService.searchXPermMaps(searchCriteria);
List<VXPermMap> currentPermMapList = currentPermMaps.getVXPermMaps();
HashMap<String, List<String>> userPermMap = new HashMap<String, List<String>>();
for (VXPermMap currentPermMap : currentPermMapList) {
Long userId = currentPermMap.getUserId();
Long groupId = currentPermMap.getGroupId();
int permFor = currentPermMap.getPermFor();
int permType = currentPermMap.getPermType();
String ipAddress = currentPermMap.getIpAddress();
String uniKey = resId + uniqueKeySeparator + permFor;
if (permFor == AppConstants.XA_PERM_FOR_GROUP) {
uniKey = uniKey + uniqueKeySeparator + groupId;
} else if (permFor == AppConstants.XA_PERM_FOR_USER) {
uniKey = uniKey + uniqueKeySeparator + userId;
}
List<String> permList = userPermMap.get(uniKey);
if (permList == null) {
permList = new ArrayList<String>();
userPermMap.put(uniKey, permList);
}
permList.add("" + permType);
if (stringUtil.isEmpty(ipAddress)) {
permList.add(ipAddress);
}
}
List<List<String>> masterKeyList = new ArrayList<List<String>>();
List<String> proceedKeyList = new ArrayList<String>();
for (Entry<String, List<String>> upMap : userPermMap.entrySet()) {
if (proceedKeyList.contains(upMap.getKey())) {
continue;
}
List<String> keyList = new ArrayList<String>();
keyList.add(upMap.getKey());
proceedKeyList.add(upMap.getKey());
for (Entry<String, List<String>> entry : userPermMap.entrySet()) {
if (proceedKeyList.contains(entry.getKey())) {
continue;
}
boolean result = compareTwoListElements(upMap.getValue(), entry.getValue());
if (result) {
keyList.add(entry.getKey());
proceedKeyList.add(entry.getKey());
}
}
masterKeyList.add(keyList);
}
for (List<String> keyList : masterKeyList) {
Random rand = new Random();
String permGrp = new Date() + " : " + rand.nextInt(9999);
for (String key : keyList) {
SearchCriteria scPermMap = new SearchCriteria();
String[] keyEle = StringUtils.split(key, uniqueKeySeparator);
if (keyEle != null && keyEle.length == 3) {
int permFor = Integer.parseInt(keyEle[1]);
int ugId = Integer.parseInt(keyEle[2]);
scPermMap.addParam("resourceId", resId);
scPermMap.addParam("permFor", permFor);
if (permFor == AppConstants.XA_PERM_FOR_GROUP) {
scPermMap.addParam("groupId", ugId);
} else if (permFor == AppConstants.XA_PERM_FOR_USER) {
scPermMap.addParam("userId", ugId);
}
VXPermMapList permList = xPermMapService.searchXPermMaps(scPermMap);
for (VXPermMap vXPerm : permList.getVXPermMaps()) {
vXPerm.setPermGroup(permGrp);
xPermMapService.updateResource(vXPerm);
updatedPermMapList.add(vXPerm);
}
} else {
logger.info("variable : keyEle, should fulfill the checked" + " condition, but its not fulfilling required " + "condition. Ignoring appropriate permMap from" + " updating permGroup. Key : " + key + "Resource Id : " + resId);
}
}
}
return updatedPermMapList;
}
Also used :
VXPermMap(org.apache.ranger.view.VXPermMap)
XXResource(org.apache.ranger.entity.XXResource)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
ArrayList(java.util.ArrayList)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
Date(java.util.Date)
Random(java.util.Random)
VXResourceList(org.apache.ranger.view.VXResourceList)
ArrayList(java.util.ArrayList)
VXPolicyList(org.apache.ranger.view.VXPolicyList)
VXPermMapList(org.apache.ranger.view.VXPermMapList)
List(java.util.List)
VXAuditMapList(org.apache.ranger.view.VXAuditMapList)
VXPermMapList(org.apache.ranger.view.VXPermMapList)
Example 18 with XXResource
use of org.apache.ranger.entity.XXResource in project ranger by apache.
the class XPolicyService method mapPublicToXAObject.
public VXResource mapPublicToXAObject(VXPolicy vXPolicy, int operationContext) {
VXResource vXResource = new VXResource();
vXResource = super.mapBaseAttributesToXAObject(vXPolicy, vXResource);
vXResource.setName(vXPolicy.getResourceName());
vXResource.setPolicyName(StringUtils.trim(vXPolicy.getPolicyName()));
vXResource.setDescription(vXPolicy.getDescription());
vXResource.setResourceType(getResourceType(vXPolicy));
XXAsset xAsset = xaDaoMgr.getXXAsset().findByAssetName(vXPolicy.getRepositoryName());
if (xAsset == null) {
throw restErrorUtil.createRESTException("The repository for which " + "you're updating policy, doesn't exist.", MessageEnums.INVALID_INPUT_DATA);
}
vXResource.setAssetId(xAsset.getId());
if (operationContext == AbstractBaseResourceService.OPERATION_UPDATE_CONTEXT) {
XXResource xxResource = xaDaoMgr.getXXResource().getById(vXPolicy.getId());
if (xxResource == null) {
logger.error("No policy found with given Id : " + vXPolicy.getId());
throw restErrorUtil.createRESTException("No Policy found with given Id : " + vXResource.getId(), MessageEnums.DATA_NOT_FOUND);
}
/*
* While updating public object we wont have createDate/updateDate,
* so create time, addedById, updatedById, etc. we ll have to take
* from existing object
*/
xxResource.setUpdateTime(DateUtil.getUTCDate());
xResourceService.mapBaseAttributesToViewBean(xxResource, vXResource);
SearchCriteria scAuditMap = new SearchCriteria();
scAuditMap.addParam("resourceId", xxResource.getId());
VXAuditMapList vXAuditMapList = xAuditMapService.searchXAuditMaps(scAuditMap);
List<VXAuditMap> auditList = new ArrayList<VXAuditMap>();
if (vXAuditMapList.getListSize() > 0 && vXPolicy.getIsAuditEnabled()) {
auditList.addAll(vXAuditMapList.getVXAuditMaps());
} else if (vXAuditMapList.getListSize() == 0 && vXPolicy.getIsAuditEnabled()) {
VXAuditMap vXAuditMap = new VXAuditMap();
vXAuditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);
auditList.add(vXAuditMap);
}
List<VXPermMap> permMapList = mapPermObjToPermList(vXPolicy.getPermMapList(), vXPolicy);
vXResource.setAuditList(auditList);
vXResource.setPermMapList(permMapList);
} else if (operationContext == AbstractBaseResourceService.OPERATION_CREATE_CONTEXT) {
if (vXPolicy.getIsAuditEnabled()) {
VXAuditMap vXAuditMap = new VXAuditMap();
vXAuditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);
List<VXAuditMap> auditList = new ArrayList<VXAuditMap>();
auditList.add(vXAuditMap);
vXResource.setAuditList(auditList);
}
if (!stringUtil.isEmpty(vXPolicy.getPermMapList())) {
List<VXPermMap> permMapList = mapPermObjToPermList(vXPolicy.getPermMapList());
vXResource.setPermMapList(permMapList);
}
}
vXResource.setDatabases(vXPolicy.getDatabases());
vXResource.setTables(vXPolicy.getTables());
vXResource.setColumnFamilies(vXPolicy.getColumnFamilies());
vXResource.setColumns(vXPolicy.getColumns());
vXResource.setUdfs(vXPolicy.getUdfs());
vXResource.setAssetName(vXPolicy.getRepositoryName());
int assetType = AppConstants.getEnumFor_AssetType(vXPolicy.getRepositoryType());
if (assetType == AppConstants.ASSET_UNKNOWN) {
assetType = xAsset.getAssetType();
vXPolicy.setRepositoryType(AppConstants.getLabelFor_AssetType(assetType));
}
vXResource.setAssetType(assetType);
int resourceStatus = AppConstants.STATUS_ENABLED;
if (!vXPolicy.getIsEnabled()) {
resourceStatus = AppConstants.STATUS_DISABLED;
}
vXResource.setResourceStatus(resourceStatus);
// Allowing to create policy without checking parent permission
vXResource.setCheckParentPermission(AppConstants.BOOL_FALSE);
vXResource.setTopologies(vXPolicy.getTopologies());
vXResource.setServices(vXPolicy.getServices());
/*
* TODO : These parameters are specific for some components. Need to
* take care while adding new component
*/
if (vXPolicy.getRepositoryType().equalsIgnoreCase(AppConstants.getLabelFor_AssetType(AppConstants.ASSET_HIVE))) {
vXResource.setTableType(AppConstants.getEnumFor_PolicyType(vXPolicy.getTableType()));
vXResource.setColumnType(AppConstants.getEnumFor_PolicyType(vXPolicy.getColumnType()));
}
if (vXPolicy.getRepositoryType().equalsIgnoreCase(AppConstants.getLabelFor_AssetType(AppConstants.ASSET_HDFS))) {
vXResource.setIsRecursive(AppConstants.getEnumFor_BooleanValue(vXPolicy.getIsRecursive()));
}
return vXResource;
}
Also used :
VXPermMap(org.apache.ranger.view.VXPermMap)
XXResource(org.apache.ranger.entity.XXResource)
VXResource(org.apache.ranger.view.VXResource)
XXAsset(org.apache.ranger.entity.XXAsset)
ArrayList(java.util.ArrayList)
VXAuditMapList(org.apache.ranger.view.VXAuditMapList)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
VXAuditMap(org.apache.ranger.view.VXAuditMap)
VXResourceList(org.apache.ranger.view.VXResourceList)
ArrayList(java.util.ArrayList)
VXPolicyList(org.apache.ranger.view.VXPolicyList)
VXPermMapList(org.apache.ranger.view.VXPermMapList)
List(java.util.List)
VXAuditMapList(org.apache.ranger.view.VXAuditMapList)
Example 19 with XXResource
use of org.apache.ranger.entity.XXResource in project ranger by apache.
the class XResourceService method searchXResources.
@Override
public VXResourceList searchXResources(SearchCriteria searchCriteria) {
VXResourceList returnList;
UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
// If user is system admin
if (currentUserSession.isUserAdmin()) {
returnList = super.searchXResources(searchCriteria);
} else {
// need to be optimize
returnList = new VXResourceList();
int startIndex = searchCriteria.getStartIndex();
int pageSize = searchCriteria.getMaxRows();
searchCriteria.setStartIndex(0);
searchCriteria.setMaxRows(Integer.MAX_VALUE);
List<XXResource> resultList = (List<XXResource>) searchResources(searchCriteria, searchFields, sortFields, returnList);
List<XXResource> adminPermResourceList = new ArrayList<XXResource>();
for (XXResource xXResource : resultList) {
VXResponse vXResponse = xaBizUtil.hasPermission(populateViewBean(xXResource), AppConstants.XA_PERM_TYPE_ADMIN);
if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) {
adminPermResourceList.add(xXResource);
}
}
if (!adminPermResourceList.isEmpty()) {
populatePageList(adminPermResourceList, startIndex, pageSize, returnList);
}
}
if (returnList != null && returnList.getResultSize() > 0) {
for (VXResource vXResource : returnList.getVXResources()) {
populateAuditList(vXResource);
}
}
return returnList;
}
Also used :
VXResponse(org.apache.ranger.view.VXResponse)
VXResourceList(org.apache.ranger.view.VXResourceList)
XXResource(org.apache.ranger.entity.XXResource)
ArrayList(java.util.ArrayList)
VXResource(org.apache.ranger.view.VXResource)
VXResourceList(org.apache.ranger.view.VXResourceList)
ArrayList(java.util.ArrayList)
List(java.util.List)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Aggregations
XXResource (org.apache.ranger.entity.XXResource)19
ArrayList (java.util.ArrayList)11
VXString (org.apache.ranger.view.VXString)6
Test (org.junit.Test)6
VXResponse (org.apache.ranger.view.VXResponse)5
XXAsset (org.apache.ranger.entity.XXAsset)4
List (java.util.List)3
SearchCriteria (org.apache.ranger.common.SearchCriteria)3
UserSessionBase (org.apache.ranger.common.UserSessionBase)3
VXResource (org.apache.ranger.view.VXResource)3
VXResourceList (org.apache.ranger.view.VXResourceList)3
XXResourceDao (org.apache.ranger.db.XXResourceDao)2
XXUserDao (org.apache.ranger.db.XXUserDao)2
XXPolicy (org.apache.ranger.entity.XXPolicy)2
XXUser (org.apache.ranger.entity.XXUser)2
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)2
VXAuditMapList (org.apache.ranger.view.VXAuditMapList)2
VXPermMap (org.apache.ranger.view.VXPermMap)2
VXPermMapList (org.apache.ranger.view.VXPermMapList)2
VXPolicyList (org.apache.ranger.view.VXPolicyList)2
