Examples with RangerDataMaskPolicyItem org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem used on opensource projects

Search in sources :

Example 11 with RangerDataMaskPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem in project ranger by apache.

the class ServiceDefUtilTest method getDataMaskPolicyItem.

private RangerDataMaskPolicyItem getDataMaskPolicyItem() {
    RangerDataMaskPolicyItem ret = new RangerDataMaskPolicyItem();
    ret.getUsers().add("testUser");
    ret.getGroups().add("testGroup");
    ret.getRoles().add("testRole");
    ret.getConditions().add(new RangerPolicyItemCondition("expr", Collections.singletonList("TAG.attr1 == 'value1'")));
    ret.setDataMaskInfo(new RangerPolicyItemDataMaskInfo("MASK_NULL", null, null));
    return ret;
}
Also used : RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition) RangerPolicyItemDataMaskInfo(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo)

Example 12 with RangerDataMaskPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem in project ranger by apache.

the class PolicyRefUpdater method createNewPolMappingForRefTable.

public void createNewPolMappingForRefTable(RangerPolicy policy, XXPolicy xPolicy, XXServiceDef xServiceDef) throws Exception {
    if (policy == null) {
        return;
    }
    cleanupRefTables(policy);
    final Set<String> resourceNames = policy.getResources().keySet();
    final Set<String> roleNames = new HashSet<>();
    final Set<String> groupNames = new HashSet<>();
    final Set<String> userNames = new HashSet<>();
    final Set<String> accessTypes = new HashSet<>();
    final Set<String> conditionTypes = new HashSet<>();
    final Set<String> dataMaskTypes = new HashSet<>();
    boolean oldBulkMode = RangerBizUtil.isBulkMode();
    List<RangerPolicy.RangerPolicyItemCondition> rangerPolicyConditions = policy.getConditions();
    if (CollectionUtils.isNotEmpty(rangerPolicyConditions)) {
        for (RangerPolicy.RangerPolicyItemCondition condition : rangerPolicyConditions) {
            conditionTypes.add(condition.getType());
        }
    }
    for (List<? extends RangerPolicyItem> policyItems : getAllPolicyItems(policy)) {
        if (CollectionUtils.isEmpty(policyItems)) {
            continue;
        }
        for (RangerPolicyItem policyItem : policyItems) {
            roleNames.addAll(policyItem.getRoles());
            groupNames.addAll(policyItem.getGroups());
            userNames.addAll(policyItem.getUsers());
            if (CollectionUtils.isNotEmpty(policyItem.getAccesses())) {
                for (RangerPolicyItemAccess access : policyItem.getAccesses()) {
                    accessTypes.add(access.getType());
                }
            }
            if (CollectionUtils.isNotEmpty(policyItem.getConditions())) {
                for (RangerPolicyItemCondition condition : policyItem.getConditions()) {
                    conditionTypes.add(condition.getType());
                }
            }
            if (policyItem instanceof RangerDataMaskPolicyItem) {
                RangerPolicyItemDataMaskInfo dataMaskInfo = ((RangerDataMaskPolicyItem) policyItem).getDataMaskInfo();
                dataMaskTypes.add(dataMaskInfo.getDataMaskType());
            }
        }
    }
    List<XXPolicyRefResource> xPolResources = new ArrayList<>();
    for (String resource : resourceNames) {
        XXResourceDef xResDef = daoMgr.getXXResourceDef().findByNameAndPolicyId(resource, policy.getId());
        if (xResDef == null) {
            throw new Exception(resource + ": is not a valid resource-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
        }
        XXPolicyRefResource xPolRes = rangerAuditFields.populateAuditFields(new XXPolicyRefResource(), xPolicy);
        xPolRes.setPolicyId(policy.getId());
        xPolRes.setResourceDefId(xResDef.getId());
        xPolRes.setResourceName(resource);
        xPolResources.add(xPolRes);
    }
    daoMgr.getXXPolicyRefResource().batchCreate(xPolResources);
    final boolean isAdmin = rangerBizUtil.checkAdminAccess();
    List<XXPolicyRefRole> xPolRoles = new ArrayList<>();
    for (String role : roleNames) {
        if (StringUtils.isBlank(role)) {
            continue;
        }
        PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.ROLE, role, xPolicy);
        if (!associator.doAssociate(false)) {
            if (isAdmin) {
                rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
            } else {
                VXResponse gjResponse = new VXResponse();
                gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
                gjResponse.setMsgDesc("Operation denied. Role name: " + role + " specified in policy does not exist in ranger admin.");
                throw restErrorUtil.generateRESTException(gjResponse);
            }
        }
    }
    RangerBizUtil.setBulkMode(oldBulkMode);
    daoMgr.getXXPolicyRefRole().batchCreate(xPolRoles);
    for (String group : groupNames) {
        if (StringUtils.isBlank(group)) {
            continue;
        }
        PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.GROUP, group, xPolicy);
        if (!associator.doAssociate(false)) {
            if (isAdmin) {
                rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
            } else {
                VXResponse gjResponse = new VXResponse();
                gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
                gjResponse.setMsgDesc("Operation denied. Group name: " + group + " specified in policy does not exist in ranger admin.");
                throw restErrorUtil.generateRESTException(gjResponse);
            }
        }
    }
    for (String user : userNames) {
        if (StringUtils.isBlank(user)) {
            continue;
        }
        PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.USER, user, xPolicy);
        if (!associator.doAssociate(false)) {
            if (isAdmin) {
                rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
            } else {
                VXResponse gjResponse = new VXResponse();
                gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
                gjResponse.setMsgDesc("Operation denied. User name: " + user + " specified in policy does not exist in ranger admin.");
                throw restErrorUtil.generateRESTException(gjResponse);
            }
        }
    }
    List<XXPolicyRefAccessType> xPolAccesses = new ArrayList<>();
    for (String accessType : accessTypes) {
        XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef().findByNameAndServiceId(accessType, xPolicy.getService());
        if (xAccTypeDef == null) {
            throw new Exception(accessType + ": is not a valid access-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
        }
        XXPolicyRefAccessType xPolAccess = rangerAuditFields.populateAuditFields(new XXPolicyRefAccessType(), xPolicy);
        xPolAccess.setPolicyId(policy.getId());
        xPolAccess.setAccessDefId(xAccTypeDef.getId());
        xPolAccess.setAccessTypeName(accessType);
        xPolAccesses.add(xPolAccess);
    }
    daoMgr.getXXPolicyRefAccessType().batchCreate(xPolAccesses);
    List<XXPolicyRefCondition> xPolConds = new ArrayList<>();
    for (String condition : conditionTypes) {
        XXPolicyConditionDef xPolCondDef = daoMgr.getXXPolicyConditionDef().findByServiceDefIdAndName(xServiceDef.getId(), condition);
        if (xPolCondDef == null) {
            throw new Exception(condition + ": is not a valid condition-type. policy='" + xPolicy.getName() + "' service='" + xPolicy.getService() + "'");
        }
        XXPolicyRefCondition xPolCond = rangerAuditFields.populateAuditFields(new XXPolicyRefCondition(), xPolicy);
        xPolCond.setPolicyId(policy.getId());
        xPolCond.setConditionDefId(xPolCondDef.getId());
        xPolCond.setConditionName(condition);
        xPolConds.add(xPolCond);
    }
    daoMgr.getXXPolicyRefCondition().batchCreate(xPolConds);
    List<XXPolicyRefDataMaskType> xxDataMaskInfos = new ArrayList<>();
    for (String dataMaskType : dataMaskTypes) {
        XXDataMaskTypeDef dataMaskDef = daoMgr.getXXDataMaskTypeDef().findByNameAndServiceId(dataMaskType, xPolicy.getService());
        if (dataMaskDef == null) {
            throw new Exception(dataMaskType + ": is not a valid datamask-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
        }
        XXPolicyRefDataMaskType xxDataMaskInfo = new XXPolicyRefDataMaskType();
        xxDataMaskInfo.setPolicyId(policy.getId());
        xxDataMaskInfo.setDataMaskDefId(dataMaskDef.getId());
        xxDataMaskInfo.setDataMaskTypeName(dataMaskType);
        xxDataMaskInfos.add(xxDataMaskInfo);
    }
    daoMgr.getXXPolicyRefDataMaskType().batchCreate(xxDataMaskInfos);
}
Also used : ArrayList(java.util.ArrayList) XXPolicyRefRole(org.apache.ranger.entity.XXPolicyRefRole) RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef) XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef) XXPolicyRefCondition(org.apache.ranger.entity.XXPolicyRefCondition) XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef) RangerPolicyItemDataMaskInfo(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo) HashSet(java.util.HashSet) VXResponse(org.apache.ranger.view.VXResponse) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) XXResourceDef(org.apache.ranger.entity.XXResourceDef) XXPolicyRefAccessType(org.apache.ranger.entity.XXPolicyRefAccessType) XXPolicyRefDataMaskType(org.apache.ranger.entity.XXPolicyRefDataMaskType) XXPolicyRefResource(org.apache.ranger.entity.XXPolicyRefResource) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)

Example 13 with RangerDataMaskPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem in project ranger by apache.

the class ServiceDBStore method writeExcel.

private void writeExcel(List<RangerPolicy> policies, String excelFileName, HttpServletResponse response) throws IOException {
    Workbook workbook = null;
    OutputStream outStream = null;
    try {
        workbook = new HSSFWorkbook();
        Sheet sheet = workbook.createSheet();
        createHeaderRow(sheet);
        int rowCount = 0;
        if (!CollectionUtils.isEmpty(policies)) {
            for (RangerPolicy policy : policies) {
                List<RangerPolicyItem> policyItems = policy.getPolicyItems();
                List<RangerRowFilterPolicyItem> rowFilterPolicyItems = policy.getRowFilterPolicyItems();
                List<RangerDataMaskPolicyItem> dataMaskPolicyItems = policy.getDataMaskPolicyItems();
                List<RangerPolicyItem> allowExceptions = policy.getAllowExceptions();
                List<RangerPolicyItem> denyExceptions = policy.getDenyExceptions();
                List<RangerPolicyItem> denyPolicyItems = policy.getDenyPolicyItems();
                XXService xxservice = daoMgr.getXXService().findByName(policy.getService());
                String serviceType = "";
                if (xxservice != null) {
                    Long ServiceId = xxservice.getType();
                    XXServiceDef xxservDef = daoMgr.getXXServiceDef().getById(ServiceId);
                    if (xxservDef != null) {
                        serviceType = xxservDef.getName();
                    }
                }
                if (CollectionUtils.isNotEmpty(policyItems)) {
                    for (RangerPolicyItem policyItem : policyItems) {
                        Row row = sheet.createRow(++rowCount);
                        writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_ALLOW_INCLUDE);
                    }
                } else if (CollectionUtils.isNotEmpty(dataMaskPolicyItems)) {
                    for (RangerDataMaskPolicyItem dataMaskPolicyItem : dataMaskPolicyItems) {
                        Row row = sheet.createRow(++rowCount);
                        writeBookForPolicyItems(policy, null, dataMaskPolicyItem, null, row, null);
                    }
                } else if (CollectionUtils.isNotEmpty(rowFilterPolicyItems)) {
                    for (RangerRowFilterPolicyItem rowFilterPolicyItem : rowFilterPolicyItems) {
                        Row row = sheet.createRow(++rowCount);
                        writeBookForPolicyItems(policy, null, null, rowFilterPolicyItem, row, null);
                    }
                } else if (serviceType.equalsIgnoreCase(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
                    if (CollectionUtils.isEmpty(policyItems)) {
                        Row row = sheet.createRow(++rowCount);
                        RangerPolicyItem policyItem = new RangerPolicyItem();
                        writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_ALLOW_INCLUDE);
                    }
                } else if (CollectionUtils.isEmpty(policyItems)) {
                    Row row = sheet.createRow(++rowCount);
                    RangerPolicyItem policyItem = new RangerPolicyItem();
                    writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_ALLOW_INCLUDE);
                }
                if (CollectionUtils.isNotEmpty(allowExceptions)) {
                    for (RangerPolicyItem policyItem : allowExceptions) {
                        Row row = sheet.createRow(++rowCount);
                        writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_ALLOW_EXCLUDE);
                    }
                }
                if (CollectionUtils.isNotEmpty(denyExceptions)) {
                    for (RangerPolicyItem policyItem : denyExceptions) {
                        Row row = sheet.createRow(++rowCount);
                        writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_DENY_EXCLUDE);
                    }
                }
                if (CollectionUtils.isNotEmpty(denyPolicyItems)) {
                    for (RangerPolicyItem policyItem : denyPolicyItems) {
                        Row row = sheet.createRow(++rowCount);
                        writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_DENY_INCLUDE);
                    }
                }
            }
        }
        ByteArrayOutputStream outByteStream = new ByteArrayOutputStream();
        workbook.write(outByteStream);
        byte[] outArray = outByteStream.toByteArray();
        response.setContentType("application/ms-excel");
        response.setContentLength(outArray.length);
        response.setHeader("Expires:", "0");
        response.setHeader("Content-Disposition", "attachment; filename=" + excelFileName);
        response.setStatus(HttpServletResponse.SC_OK);
        outStream = response.getOutputStream();
        outStream.write(outArray);
        outStream.flush();
    } catch (IOException ex) {
        LOG.error("Failed to create report file " + excelFileName, ex);
    } catch (Exception ex) {
        LOG.error("Error while generating report file " + excelFileName, ex);
    } finally {
        if (outStream != null) {
            outStream.close();
        }
        if (workbook != null) {
            workbook.close();
        }
    }
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ServletOutputStream(javax.servlet.ServletOutputStream) OutputStream(java.io.OutputStream) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) VXString(org.apache.ranger.view.VXString) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) HSSFWorkbook(org.apache.poi.hssf.usermodel.HSSFWorkbook) Workbook(org.apache.poi.ss.usermodel.Workbook) HSSFWorkbook(org.apache.poi.hssf.usermodel.HSSFWorkbook) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) JSONException(org.codehaus.jettison.json.JSONException) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) Row(org.apache.poi.ss.usermodel.Row) XXService(org.apache.ranger.entity.XXService) Sheet(org.apache.poi.ss.usermodel.Sheet)

Aggregations

RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)13 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)7 RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)7 RangerRowFilterPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)7 ArrayList (java.util.ArrayList)4 IOException (java.io.IOException)3 XXDataMaskTypeDef (org.apache.ranger.entity.XXDataMaskTypeDef)3 XXService (org.apache.ranger.entity.XXService)3 XXTrxLog (org.apache.ranger.entity.XXTrxLog)3 RangerPolicyItemDataMaskInfo (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo)3 UnknownHostException (java.net.UnknownHostException)2 List (java.util.List)2 XXAuditMapDao (org.apache.ranger.db.XXAuditMapDao)2 XXGroupUserDao (org.apache.ranger.db.XXGroupUserDao)2 XXPermMapDao (org.apache.ranger.db.XXPermMapDao)2 XXPolicyDao (org.apache.ranger.db.XXPolicyDao)2 XXUserDao (org.apache.ranger.db.XXUserDao)2 XXModuleDef (org.apache.ranger.entity.XXModuleDef)2 XXPolicy (org.apache.ranger.entity.XXPolicy)2 XXServiceDef (org.apache.ranger.entity.XXServiceDef)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial