Examples with RangerContextEnricher org.apache.ranger.plugin.contextenricher.RangerContextEnricher used on opensource projects

Search in sources :

Example 1 with RangerContextEnricher

use of org.apache.ranger.plugin.contextenricher.RangerContextEnricher in project ranger by apache.

the class RangerPolicyEngineImpl method cleanup.

@Override
public void cleanup() {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerPolicyEngineImpl.cleanup()");
    }
    RangerPerfTracer perf = null;
    if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYENGINE_INIT_LOG)) {
        perf = RangerPerfTracer.getPerfTracer(PERF_POLICYENGINE_INIT_LOG, "RangerPolicyEngine.cleanUp(hashCode=" + Integer.toHexString(System.identityHashCode(this)) + ")");
    }
    preCleanup();
    if (CollectionUtils.isNotEmpty(allContextEnrichers)) {
        for (RangerContextEnricher contextEnricher : allContextEnrichers) {
            contextEnricher.cleanup();
        }
    }
    this.allContextEnrichers = null;
    RangerPerfTracer.log(perf);
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerPolicyEngineImpl.cleanup()");
    }
}
Also used : RangerContextEnricher(org.apache.ranger.plugin.contextenricher.RangerContextEnricher) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)

Example 2 with RangerContextEnricher

use of org.apache.ranger.plugin.contextenricher.RangerContextEnricher in project ranger by apache.

the class RangerPolicyEngineImpl method preProcess.

@Override
public void preProcess(RangerAccessRequest request) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerPolicyEngineImpl.preProcess(" + request + ")");
    }
    setResourceServiceDef(request);
    if (request instanceof RangerAccessRequestImpl) {
        ((RangerAccessRequestImpl) request).extractAndSetClientIPAddress(useForwardedIPAddress, trustedProxyAddresses);
    }
    RangerAccessRequestUtil.setCurrentUserInContext(request.getContext(), request.getUser());
    List<RangerContextEnricher> enrichers = allContextEnrichers;
    if (!CollectionUtils.isEmpty(enrichers)) {
        for (RangerContextEnricher enricher : enrichers) {
            RangerPerfTracer perf = null;
            if (RangerPerfTracer.isPerfTraceEnabled(PERF_CONTEXTENRICHER_REQUEST_LOG)) {
                perf = RangerPerfTracer.getPerfTracer(PERF_CONTEXTENRICHER_REQUEST_LOG, "RangerContextEnricher.enrich(requestHashCode=" + Integer.toHexString(System.identityHashCode(request)) + ", enricherName=" + enricher.getName() + ")");
            }
            enricher.enrich(request);
            RangerPerfTracer.log(perf);
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerPolicyEngineImpl.preProcess(" + request + ")");
    }
}
Also used : RangerContextEnricher(org.apache.ranger.plugin.contextenricher.RangerContextEnricher) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)

Example 3 with RangerContextEnricher

use of org.apache.ranger.plugin.contextenricher.RangerContextEnricher in project ranger by apache.

the class RangerPolicyEngineImpl method preCleanup.

@Override
public boolean preCleanup() {
    boolean ret = true;
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerPolicyEngineImpl.preCleanup()");
    }
    if (CollectionUtils.isNotEmpty(allContextEnrichers)) {
        for (RangerContextEnricher contextEnricher : allContextEnrichers) {
            boolean readyForCleanup = contextEnricher.preCleanup();
            if (!readyForCleanup) {
                LOG.warn("contextEnricher.preCleanup() failed for contextEnricher=" + contextEnricher.getName());
                ret = false;
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerPolicyEngineImpl.preCleanup() : result=" + ret);
    }
    return ret;
}
Also used : RangerContextEnricher(org.apache.ranger.plugin.contextenricher.RangerContextEnricher)

Example 4 with RangerContextEnricher

use of org.apache.ranger.plugin.contextenricher.RangerContextEnricher in project ranger by apache.

the class RangerPolicyRepository method init.

private void init(RangerPolicyEngineOptions options) {
    RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef, false);
    options.setServiceDefHelper(serviceDefHelper);
    List<RangerPolicyEvaluator> policyEvaluators = new ArrayList<>();
    List<RangerPolicyEvaluator> dataMaskPolicyEvaluators = new ArrayList<>();
    List<RangerPolicyEvaluator> rowFilterPolicyEvaluators = new ArrayList<>();
    for (RangerPolicy policy : policies) {
        if (skipBuildingPolicyEvaluator(policy, options)) {
            continue;
        }
        RangerPolicyEvaluator evaluator = buildPolicyEvaluator(policy, serviceDef, options);
        if (evaluator != null) {
            if (policy.getPolicyType() == null || policy.getPolicyType() == RangerPolicy.POLICY_TYPE_ACCESS) {
                policyEvaluators.add(evaluator);
            } else if (policy.getPolicyType() == RangerPolicy.POLICY_TYPE_DATAMASK) {
                dataMaskPolicyEvaluators.add(evaluator);
            } else if (policy.getPolicyType() == RangerPolicy.POLICY_TYPE_ROWFILTER) {
                rowFilterPolicyEvaluators.add(evaluator);
            } else {
                LOG.warn("RangerPolicyEngine: ignoring policy id=" + policy.getId() + " - invalid policyType '" + policy.getPolicyType() + "'");
            }
        }
    }
    RangerPolicyEvaluator.PolicyEvalOrderComparator comparator = new RangerPolicyEvaluator.PolicyEvalOrderComparator();
    Collections.sort(policyEvaluators, comparator);
    this.policyEvaluators = Collections.unmodifiableList(policyEvaluators);
    Collections.sort(dataMaskPolicyEvaluators, comparator);
    this.dataMaskPolicyEvaluators = Collections.unmodifiableList(dataMaskPolicyEvaluators);
    Collections.sort(rowFilterPolicyEvaluators, comparator);
    this.rowFilterPolicyEvaluators = Collections.unmodifiableList(rowFilterPolicyEvaluators);
    List<RangerContextEnricher> contextEnrichers = new ArrayList<RangerContextEnricher>();
    if (CollectionUtils.isNotEmpty(this.policyEvaluators) || CollectionUtils.isNotEmpty(this.dataMaskPolicyEvaluators) || CollectionUtils.isNotEmpty(this.rowFilterPolicyEvaluators)) {
        if (CollectionUtils.isNotEmpty(serviceDef.getContextEnrichers())) {
            for (RangerServiceDef.RangerContextEnricherDef enricherDef : serviceDef.getContextEnrichers()) {
                if (enricherDef == null) {
                    continue;
                }
                if (!options.disableContextEnrichers || options.enableTagEnricherWithLocalRefresher && StringUtils.equals(enricherDef.getEnricher(), RangerTagEnricher.class.getName())) {
                    // This will be true only if the engine is initialized within ranger-admin
                    RangerServiceDef.RangerContextEnricherDef contextEnricherDef = enricherDef;
                    if (options.enableTagEnricherWithLocalRefresher && StringUtils.equals(enricherDef.getEnricher(), RangerTagEnricher.class.getName())) {
                        contextEnricherDef = new RangerServiceDef.RangerContextEnricherDef(enricherDef.getItemId(), enricherDef.getName(), "org.apache.ranger.common.RangerAdminTagEnricher", null);
                    }
                    RangerContextEnricher contextEnricher = buildContextEnricher(contextEnricherDef);
                    if (contextEnricher != null) {
                        contextEnrichers.add(contextEnricher);
                    }
                }
            }
        }
    }
    this.contextEnrichers = Collections.unmodifiableList(contextEnrichers);
    if (LOG.isDebugEnabled()) {
        LOG.debug("policy evaluation order: " + this.policyEvaluators.size() + " policies");
        int order = 0;
        for (RangerPolicyEvaluator policyEvaluator : this.policyEvaluators) {
            RangerPolicy policy = policyEvaluator.getPolicy();
            LOG.debug("policy evaluation order: #" + (++order) + " - policy id=" + policy.getId() + "; name=" + policy.getName() + "; evalOrder=" + policyEvaluator.getEvalOrder());
        }
        LOG.debug("dataMask policy evaluation order: " + this.dataMaskPolicyEvaluators.size() + " policies");
        order = 0;
        for (RangerPolicyEvaluator policyEvaluator : this.dataMaskPolicyEvaluators) {
            RangerPolicy policy = policyEvaluator.getPolicy();
            LOG.debug("dataMask policy evaluation order: #" + (++order) + " - policy id=" + policy.getId() + "; name=" + policy.getName() + "; evalOrder=" + policyEvaluator.getEvalOrder());
        }
        LOG.debug("rowFilter policy evaluation order: " + this.rowFilterPolicyEvaluators.size() + " policies");
        order = 0;
        for (RangerPolicyEvaluator policyEvaluator : this.rowFilterPolicyEvaluators) {
            RangerPolicy policy = policyEvaluator.getPolicy();
            LOG.debug("rowFilter policy evaluation order: #" + (++order) + " - policy id=" + policy.getId() + "; name=" + policy.getName() + "; evalOrder=" + policyEvaluator.getEvalOrder());
        }
    }
}
Also used : ArrayList(java.util.ArrayList) RangerContextEnricher(org.apache.ranger.plugin.contextenricher.RangerContextEnricher) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper) RangerPolicyEvaluator(org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator) RangerTagEnricher(org.apache.ranger.plugin.contextenricher.RangerTagEnricher) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)

Example 5 with RangerContextEnricher

use of org.apache.ranger.plugin.contextenricher.RangerContextEnricher in project ranger by apache.

the class RangerPolicyRepository method toString.

private StringBuilder toString(StringBuilder sb) {
    sb.append("RangerPolicyRepository={");
    sb.append("serviceName={").append(serviceName).append("} ");
    sb.append("serviceDef={").append(serviceDef).append("} ");
    sb.append("appId={").append(appId).append("} ");
    sb.append("policyEvaluators={");
    if (policyEvaluators != null) {
        for (RangerPolicyEvaluator policyEvaluator : policyEvaluators) {
            if (policyEvaluator != null) {
                sb.append(policyEvaluator).append(" ");
            }
        }
    }
    sb.append("} ");
    sb.append("dataMaskPolicyEvaluators={");
    if (this.dataMaskPolicyEvaluators != null) {
        for (RangerPolicyEvaluator policyEvaluator : dataMaskPolicyEvaluators) {
            if (policyEvaluator != null) {
                sb.append(policyEvaluator).append(" ");
            }
        }
    }
    sb.append("} ");
    sb.append("rowFilterPolicyEvaluators={");
    if (this.rowFilterPolicyEvaluators != null) {
        for (RangerPolicyEvaluator policyEvaluator : rowFilterPolicyEvaluators) {
            if (policyEvaluator != null) {
                sb.append(policyEvaluator).append(" ");
            }
        }
    }
    sb.append("} ");
    sb.append("contextEnrichers={");
    if (contextEnrichers != null) {
        for (RangerContextEnricher contextEnricher : contextEnrichers) {
            if (contextEnricher != null) {
                sb.append(contextEnricher).append(" ");
            }
        }
    }
    sb.append("} ");
    sb.append("} ");
    return sb;
}
Also used : RangerContextEnricher(org.apache.ranger.plugin.contextenricher.RangerContextEnricher) RangerPolicyEvaluator(org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator)

Aggregations

RangerContextEnricher (org.apache.ranger.plugin.contextenricher.RangerContextEnricher)6 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)3 RangerPolicyEvaluator (org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator)2 ArrayList (java.util.ArrayList)1 RangerTagEnricher (org.apache.ranger.plugin.contextenricher.RangerTagEnricher)1 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)1 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)1 RangerServiceDefHelper (org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial