Example 6 with RangerDataMaskPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem in project ranger by apache.
the class RangerPolicyService method processFieldToCreateTrxLog.
private XXTrxLog processFieldToCreateTrxLog(Field field, String objectName, RangerPolicy vObj, XXPolicy mObj, RangerPolicy oldPolicy, int action) {
String actionString = "";
field.setAccessible(true);
String fieldName = field.getName();
XXTrxLog xTrxLog = new XXTrxLog();
XXService parentObj = daoMgr.getXXService().findByName(vObj.getService());
try {
VTrxLogAttr vTrxLogAttr = trxLogAttrs.get(fieldName);
xTrxLog.setAttributeName(vTrxLogAttr.getAttribUserFriendlyName());
String value = null;
boolean isEnum = vTrxLogAttr.isEnum();
if (!isEnum) {
if (POLICY_RESOURCE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyResourcesForTrxLog(field.get(vObj));
} else if (POLICY_CONDITION_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyItemsForTrxLog(field.get(vObj));
} else if (POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyItemsForTrxLog(field.get(vObj));
} else if (DENYPOLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyItemsForTrxLog(field.get(vObj));
} else if (POLICY_NAME_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyNameForTrxLog(field.get(vObj));
} else if (ALLOW_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyItemsForTrxLog(field.get(vObj));
} else if (DENY_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyItemsForTrxLog(field.get(vObj));
} else if (DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processDataMaskPolicyItemsForTrxLog(field.get(vObj));
if (vObj.getDataMaskPolicyItems() != null && CollectionUtils.isNotEmpty(vObj.getDataMaskPolicyItems())) {
for (RangerDataMaskPolicyItem policyItem : vObj.getDataMaskPolicyItems()) {
if (policyItem.getDataMaskInfo() != null && policyItem.getDataMaskInfo().getDataMaskType() != null) {
List<XXDataMaskTypeDef> xDataMaskDef = daoMgr.getXXDataMaskTypeDef().getAll();
if (CollectionUtils.isNotEmpty(xDataMaskDef) && xDataMaskDef != null) {
for (XXDataMaskTypeDef xxDataMaskTypeDef : xDataMaskDef) {
if (xxDataMaskTypeDef.getName().equalsIgnoreCase(policyItem.getDataMaskInfo().getDataMaskType())) {
String label = xxDataMaskTypeDef.getLabel();
StringBuilder sbValue = new StringBuilder(value);
label = ",\"DataMasklabel\":\"" + label + "\"";
int sbValueIndex = sbValue.lastIndexOf("}]");
sbValue.insert(sbValueIndex, label);
value = sbValue.toString();
break;
}
}
}
}
}
}
} else if (ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processRowFilterPolicyItemForTrxLog(field.get(vObj));
} else if (IS_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processIsEnabledClassFieldNameForTrxLog(field.get(vObj));
} else if (POLICY_LABELS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyLabelsClassFieldNameForTrxLog(field.get(vObj));
} else if (POLICY_VALIDITYSCHEDULES_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processValiditySchedulesClassFieldNameForTrxLog(field.get(vObj));
} else if (POLICY_PRIORITY_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPriorityClassFieldNameForTrxLog(field.get(vObj));
} else if (IS_AUDIT_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processIsAuditEnabledClassFieldNameForTrxLog(field.get(vObj));
} else if (POLICY_IS_DENY_ALL_ELSE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processIsAuditEnabledClassFieldNameForTrxLog(field.get(vObj));
} else if (POLICY_ZONE_NAME_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyNameForTrxLog(field.get(vObj));
} else {
value = "" + field.get(vObj);
}
}
if (action == OPERATION_CREATE_CONTEXT) {
if (restrictIsDenyAllElseLogForMaskingAndRowfilterPolicy(fieldName, vObj) == null) {
return null;
}
if (stringUtil.isEmpty(value)) {
return null;
}
xTrxLog.setNewValue(value);
actionString = actionCreate;
} else if (action == OPERATION_DELETE_CONTEXT) {
if (restrictIsDenyAllElseLogForMaskingAndRowfilterPolicy(fieldName, vObj) == null) {
return null;
}
xTrxLog.setPreviousValue(value);
actionString = actionDelete;
} else if (action == OPERATION_UPDATE_CONTEXT) {
if (restrictIsDenyAllElseLogForMaskingAndRowfilterPolicy(fieldName, vObj) == null) {
return null;
}
actionString = actionUpdate;
String oldValue = null;
Field[] mFields = mObj.getClass().getDeclaredFields();
for (Field mField : mFields) {
mField.setAccessible(true);
String mFieldName = mField.getName();
if (fieldName.equalsIgnoreCase(mFieldName)) {
if (!isEnum) {
oldValue = mField.get(mObj) + "";
}
break;
}
}
if (POLICY_RESOURCE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyResourcesForTrxLog(oldPolicy.getResources());
}
} else if (POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyItemsForTrxLog(oldPolicy.getPolicyItems());
}
} else if (DENYPOLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyItemsForTrxLog(oldPolicy.getDenyPolicyItems());
}
} else if (POLICY_NAME_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyNameForTrxLog(oldPolicy.getName());
}
} else if (POLICY_DESCRIPTION_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyNameForTrxLog(oldPolicy.getDescription());
}
} else if (ALLOW_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyItemsForTrxLog(oldPolicy.getAllowExceptions());
}
} else if (DENY_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyItemsForTrxLog(oldPolicy.getDenyExceptions());
}
} else if (DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processDataMaskPolicyItemsForTrxLog(oldPolicy.getDataMaskPolicyItems());
if (oldPolicy.getDataMaskPolicyItems() != null && CollectionUtils.isNotEmpty(oldPolicy.getDataMaskPolicyItems())) {
for (RangerDataMaskPolicyItem oldPolicyItem : oldPolicy.getDataMaskPolicyItems()) {
if (oldPolicyItem.getDataMaskInfo() != null && oldPolicyItem.getDataMaskInfo().getDataMaskType() != null) {
List<XXDataMaskTypeDef> xDataMaskDef = daoMgr.getXXDataMaskTypeDef().getAll();
if (CollectionUtils.isNotEmpty(xDataMaskDef) && xDataMaskDef != null) {
for (XXDataMaskTypeDef xxDataMaskTypeDef : xDataMaskDef) {
if (xxDataMaskTypeDef.getName().equalsIgnoreCase(oldPolicyItem.getDataMaskInfo().getDataMaskType())) {
String oldLabel = xxDataMaskTypeDef.getLabel();
StringBuilder sbOldValue = new StringBuilder(oldValue);
oldLabel = ",\"DataMasklabel\":\"" + oldLabel + "\"";
int sbValueIndex = sbOldValue.lastIndexOf("}]");
sbOldValue.insert(sbValueIndex, oldLabel);
oldValue = sbOldValue.toString();
break;
}
}
}
}
}
}
}
} else if (ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processRowFilterPolicyItemForTrxLog(oldPolicy.getRowFilterPolicyItems());
}
} else if (IS_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processIsEnabledClassFieldNameForTrxLog(oldPolicy.getIsEnabled());
}
} else if (IS_AUDIT_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processIsAuditEnabledClassFieldNameForTrxLog(oldPolicy.getIsAuditEnabled());
}
} else if (POLICY_LABELS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
oldValue = processPolicyLabelsClassFieldNameForTrxLog(oldPolicy.getPolicyLabels());
} else if (POLICY_VALIDITYSCHEDULES_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
oldValue = processValiditySchedulesClassFieldNameForTrxLog(oldPolicy.getValiditySchedules());
} else if (POLICY_PRIORITY_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
oldValue = processPriorityClassFieldNameForTrxLog(oldPolicy.getPolicyPriority());
} else if (POLICY_CONDITION_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyItemsForTrxLog(oldPolicy.getConditions());
}
} else if (POLICY_ZONE_NAME_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
oldValue = oldPolicy != null ? processPolicyNameForTrxLog(oldPolicy.getZoneName()) : "";
} else if (POLICY_IS_DENY_ALL_ELSE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
oldValue = oldPolicy != null ? processIsAuditEnabledClassFieldNameForTrxLog(String.valueOf(oldPolicy.getIsDenyAllElse())) : "";
}
// start comparing old and new values
if (POLICY_RESOURCE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// Compare old and new resources
if (compareTwoPolicyResources(value, oldValue)) {
return null;
}
} else if (POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// Compare old and new policyItems
if (compareTwoPolicyItemList(value, oldValue)) {
return null;
}
} else if (POLICY_NAME_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new policyName
if (compareTwoPolicyName(value, oldValue)) {
return null;
}
} else if (DENYPOLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new denyPolicyItem
if (compareTwoPolicyItemList(value, oldValue)) {
return null;
}
} else if (ALLOW_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new allowExceptions
if (compareTwoPolicyItemList(value, oldValue)) {
return null;
}
} else if (DENY_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new denyExceptions
if (compareTwoPolicyItemList(value, oldValue)) {
return null;
}
} else if (POLICY_DESCRIPTION_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new Description
if (StringUtils.equals(value, oldValue)) {
return null;
}
} else if (DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new dataMaskPolicyItems
if (compareTwoDataMaskingPolicyItemList(value, oldValue)) {
return null;
}
} else if (ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new rowFilterPolicyItems
if (compareTwoRowFilterPolicyItemList(value, oldValue)) {
return null;
}
} else if (IS_AUDIT_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (compareTwoPolicyName(value, oldValue)) {
return null;
}
} else if (IS_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (compareTwoPolicyName(value, oldValue)) {
return null;
}
} else if (IS_AUDIT_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (compareTwoPolicyName(value, oldValue)) {
return null;
}
} else if (POLICY_LABELS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (compareTwoPolicyLabelList(value, oldValue)) {
return null;
}
} else if (POLICY_ZONE_NAME_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (StringUtils.isBlank(oldValue)) {
if (!(stringUtil.isEmpty(value) && compareTwoPolicyName(value, oldValue))) {
oldValue = value;
} else {
return null;
}
}
} else if (POLICY_IS_DENY_ALL_ELSE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// comparing old and new value for isDenyAllElse
if (compareTwoPolicyName(value, oldValue)) {
return null;
}
} else if (POLICY_PRIORITY_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (StringUtils.equals(value, oldValue)) {
return null;
}
}
xTrxLog.setPreviousValue(oldValue);
xTrxLog.setNewValue(value);
} else if (action == OPERATION_IMPORT_CREATE_CONTEXT) {
if (restrictIsDenyAllElseLogForMaskingAndRowfilterPolicy(fieldName, vObj) == null) {
return null;
}
if (stringUtil.isEmpty(value)) {
return null;
}
xTrxLog.setNewValue(value);
actionString = actionImportCreate;
} else if (action == OPERATION_IMPORT_DELETE_CONTEXT) {
if (restrictIsDenyAllElseLogForMaskingAndRowfilterPolicy(fieldName, vObj) == null) {
return null;
}
xTrxLog.setPreviousValue(value);
actionString = actionImportDelete;
}
} catch (IllegalArgumentException | IllegalAccessException e) {
logger.error("Process field to create trx log failure.", e);
}
xTrxLog.setAction(actionString);
xTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_POLICY);
xTrxLog.setObjectId(vObj.getId());
xTrxLog.setObjectName(objectName);
xTrxLog.setParentObjectClassType(AppConstants.CLASS_TYPE_XA_SERVICE);
xTrxLog.setParentObjectId(parentObj.getId());
xTrxLog.setParentObjectName(parentObj.getName());
return xTrxLog;
}
Also used :
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
VTrxLogAttr(org.apache.ranger.common.view.VTrxLogAttr)
Field(java.lang.reflect.Field)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
ArrayList(java.util.ArrayList)
List(java.util.List)
XXService(org.apache.ranger.entity.XXService)
Example 7 with RangerDataMaskPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem in project ranger by apache.
the class RangerPolicyService method compareTwoDataMaskingPolicyItemList.
private boolean compareTwoDataMaskingPolicyItemList(String value, String oldValue) {
if (value == null && oldValue == null) {
return true;
}
if (value == "" && oldValue == "") {
return true;
}
if (stringUtil.isEmpty(value) || stringUtil.isEmpty(oldValue)) {
return false;
}
ObjectMapper mapper = JsonUtilsV2.getMapper();
try {
List<RangerDataMaskPolicyItem> obj = mapper.readValue(value, new TypeReference<List<RangerDataMaskPolicyItem>>() {
});
List<RangerDataMaskPolicyItem> oldObj = mapper.readValue(oldValue, new TypeReference<List<RangerDataMaskPolicyItem>>() {
});
int oldListSize = oldObj.size();
int listSize = obj.size();
if (oldListSize != listSize) {
return false;
}
for (RangerDataMaskPolicyItem polItem : obj) {
if (!oldObj.contains(polItem)) {
return false;
}
}
return true;
} catch (JsonParseException e) {
throw restErrorUtil.createRESTException("Invalid input data: " + e.getMessage(), MessageEnums.INVALID_INPUT_DATA);
} catch (JsonMappingException e) {
throw restErrorUtil.createRESTException("Invalid input data: " + e.getMessage(), MessageEnums.INVALID_INPUT_DATA);
} catch (IOException e) {
throw restErrorUtil.createRESTException("Invalid input data: " + e.getMessage(), MessageEnums.INVALID_INPUT_DATA);
}
}
Also used :
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
JsonMappingException(org.codehaus.jackson.map.JsonMappingException)
ArrayList(java.util.ArrayList)
List(java.util.List)
IOException(java.io.IOException)
JsonParseException(org.codehaus.jackson.JsonParseException)
ObjectMapper(org.codehaus.jackson.map.ObjectMapper)
Example 8 with RangerDataMaskPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem in project ranger by apache.
the class RangerPolicyValidator method isValidAccessTypeDef.
boolean isValidAccessTypeDef(RangerPolicy policy, final List<ValidationFailureDetails> failures, Action action, boolean isAdmin, final RangerServiceDef serviceDef) {
boolean valid = true;
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("==> RangerPolicyValidator.isValidAccessTypeDef(%s, %s, %s,%s,%s)", policy, failures, action, isAdmin, serviceDef));
}
int policyType = policy.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS : policy.getPolicyType();
// row filter policy
if (policyType == RangerPolicy.POLICY_TYPE_ROWFILTER) {
List<String> rowFilterAccessTypeDefNames = new ArrayList<String>();
if (serviceDef != null && serviceDef.getRowFilterDef() != null) {
if (!CollectionUtils.isEmpty(serviceDef.getRowFilterDef().getAccessTypes())) {
for (RangerAccessTypeDef rangerAccessTypeDef : serviceDef.getRowFilterDef().getAccessTypes()) {
rowFilterAccessTypeDefNames.add(rangerAccessTypeDef.getName().toLowerCase());
}
}
}
if (!CollectionUtils.isEmpty(policy.getRowFilterPolicyItems())) {
for (RangerRowFilterPolicyItem rangerRowFilterPolicyItem : policy.getRowFilterPolicyItems()) {
if (!CollectionUtils.isEmpty(rangerRowFilterPolicyItem.getAccesses())) {
for (RangerPolicyItemAccess rangerPolicyItemAccess : rangerRowFilterPolicyItem.getAccesses()) {
if (!rowFilterAccessTypeDefNames.contains(rangerPolicyItemAccess.getType().toLowerCase())) {
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_ITEM_ACCESS_TYPE_INVALID;
failures.add(new ValidationFailureDetailsBuilder().field("row filter policy item access type").isSemanticallyIncorrect().becauseOf(error.getMessage(rangerPolicyItemAccess.getType(), rowFilterAccessTypeDefNames)).errorCode(error.getErrorCode()).build());
valid = false;
}
}
}
}
}
}
// data mask policy
if (policyType == RangerPolicy.POLICY_TYPE_DATAMASK) {
List<String> dataMaskAccessTypeDefNames = new ArrayList<String>();
if (serviceDef != null && serviceDef.getDataMaskDef() != null) {
if (!CollectionUtils.isEmpty(serviceDef.getDataMaskDef().getAccessTypes())) {
for (RangerAccessTypeDef rangerAccessTypeDef : serviceDef.getDataMaskDef().getAccessTypes()) {
dataMaskAccessTypeDefNames.add(rangerAccessTypeDef.getName().toLowerCase());
}
}
}
if (!CollectionUtils.isEmpty(policy.getDataMaskPolicyItems())) {
for (RangerDataMaskPolicyItem rangerDataMaskPolicyItem : policy.getDataMaskPolicyItems()) {
if (!CollectionUtils.isEmpty(rangerDataMaskPolicyItem.getAccesses())) {
for (RangerPolicyItemAccess rangerPolicyItemAccess : rangerDataMaskPolicyItem.getAccesses()) {
if (!dataMaskAccessTypeDefNames.contains(rangerPolicyItemAccess.getType().toLowerCase())) {
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_ITEM_ACCESS_TYPE_INVALID;
failures.add(new ValidationFailureDetailsBuilder().field("data masking policy item access type").isSemanticallyIncorrect().becauseOf(error.getMessage(rangerPolicyItemAccess.getType(), dataMaskAccessTypeDefNames)).errorCode(error.getErrorCode()).build());
valid = false;
}
}
}
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== RangerPolicyValidator.isValidAccessTypeDef(%s, %s, %s,%s,%s)", policy, failures, action, isAdmin, serviceDef));
}
return valid;
}
Also used :
RangerAccessTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)
Example 9 with RangerDataMaskPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem in project ranger by apache.
the class ServiceDBStore method createNewDataMaskPolicyItemsForPolicy.
private void createNewDataMaskPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerDataMaskPolicyItem> policyItems, XXServiceDef xServiceDef, int policyItemType) throws Exception {
if (CollectionUtils.isNotEmpty(policyItems)) {
for (int itemOrder = 0; itemOrder < policyItems.size(); itemOrder++) {
RangerDataMaskPolicyItem policyItem = policyItems.get(itemOrder);
XXPolicyItem xPolicyItem = createNewPolicyItemForPolicy(policy, xPolicy, policyItem, xServiceDef, itemOrder, policyItemType);
RangerPolicyItemDataMaskInfo dataMaskInfo = policyItem.getDataMaskInfo();
if (dataMaskInfo != null) {
XXDataMaskTypeDef dataMaskDef = daoMgr.getXXDataMaskTypeDef().findByNameAndServiceId(dataMaskInfo.getDataMaskType(), xPolicy.getService());
if (dataMaskDef == null) {
throw new Exception(dataMaskInfo.getDataMaskType() + ": is not a valid datamask-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyItemDataMaskInfo xxDataMaskInfo = new XXPolicyItemDataMaskInfo();
xxDataMaskInfo.setPolicyItemId(xPolicyItem.getId());
xxDataMaskInfo.setType(dataMaskDef.getId());
xxDataMaskInfo.setConditionExpr(dataMaskInfo.getConditionExpr());
xxDataMaskInfo.setValueExpr(dataMaskInfo.getValueExpr());
daoMgr.getXXPolicyItemDataMaskInfo().create(xxDataMaskInfo);
}
}
}
}
Also used :
XXPolicyItem(org.apache.ranger.entity.XXPolicyItem)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
RangerPolicyItemDataMaskInfo(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
JSONException(org.codehaus.jettison.json.JSONException)
XXPolicyItemDataMaskInfo(org.apache.ranger.entity.XXPolicyItemDataMaskInfo)
Example 10 with RangerDataMaskPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem in project ranger by apache.
the class RangerDefaultPolicyEvaluator method createDataMaskPolicyItemEvaluators.
private List<RangerDataMaskPolicyItemEvaluator> createDataMaskPolicyItemEvaluators(RangerPolicy policy, RangerServiceDef serviceDef, RangerPolicyEngineOptions options, List<RangerDataMaskPolicyItem> policyItems) {
List<RangerDataMaskPolicyItemEvaluator> ret = null;
if (CollectionUtils.isNotEmpty(policyItems)) {
ret = new ArrayList<>();
int policyItemCounter = 1;
for (RangerDataMaskPolicyItem policyItem : policyItems) {
RangerDataMaskPolicyItemEvaluator itemEvaluator = new RangerDefaultDataMaskPolicyItemEvaluator(serviceDef, policy, policyItem, policyItemCounter++, options);
itemEvaluator.init();
ret.add(itemEvaluator);
if (CollectionUtils.isNotEmpty(itemEvaluator.getConditionEvaluators())) {
customConditionsCount += itemEvaluator.getConditionEvaluators().size();
}
}
} else {
ret = Collections.<RangerDataMaskPolicyItemEvaluator>emptyList();
}
return ret;
}
Also used :
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
Aggregations
RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)13
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)7
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)7
RangerRowFilterPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)7
ArrayList (java.util.ArrayList)4
IOException (java.io.IOException)3
XXDataMaskTypeDef (org.apache.ranger.entity.XXDataMaskTypeDef)3
XXService (org.apache.ranger.entity.XXService)3
XXTrxLog (org.apache.ranger.entity.XXTrxLog)3
RangerPolicyItemDataMaskInfo (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo)3
UnknownHostException (java.net.UnknownHostException)2
List (java.util.List)2
XXAuditMapDao (org.apache.ranger.db.XXAuditMapDao)2
XXGroupUserDao (org.apache.ranger.db.XXGroupUserDao)2
XXPermMapDao (org.apache.ranger.db.XXPermMapDao)2
XXPolicyDao (org.apache.ranger.db.XXPolicyDao)2
XXUserDao (org.apache.ranger.db.XXUserDao)2
XXModuleDef (org.apache.ranger.entity.XXModuleDef)2
XXPolicy (org.apache.ranger.entity.XXPolicy)2
XXServiceDef (org.apache.ranger.entity.XXServiceDef)2
