Example 56 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class TestServiceUtil method testToVXResourceForStormTopologyAndVXPermMapListWithGroupList.
@Test
public void testToVXResourceForStormTopologyAndVXPermMapListWithGroupList() {
GUIDUtil guid = new GUIDUtil();
String guidString = guid.genGUID();
XXGroup xxGroup = new XXGroup();
xxGroup.setId(6L);
xxGroup.setName("rangerGroup");
List<VXAuditMap> auditList = new ArrayList<VXAuditMap>();
VXAuditMap vxAuditMap = new VXAuditMap();
vxAuditMap.setResourceId(1L);
vxAuditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);
auditList.add(vxAuditMap);
List<VXPermMap> vXPermMapList = new ArrayList<VXPermMap>();
VXPermMap vXPermMap1 = new VXPermMap();
vXPermMap1.setPermFor(2);
vXPermMap1.setPermType(12);
vXPermMap1.setGroupName("rangerGroup");
vXPermMap1.setIpAddress("10.329.85.65");
vXPermMapList.add(vXPermMap1);
VXPermMap vXPermMap2 = new VXPermMap();
vXPermMap2.setPermFor(2);
vXPermMap2.setPermType(6);
vXPermMap2.setGroupName("rangerGroup");
vXPermMap2.setIpAddress("10.329.85.65");
vXPermMapList.add(vXPermMap2);
VXResource expectedVXResource = new VXResource();
expectedVXResource.setGuid(guidString);
expectedVXResource.setName("myTopology");
expectedVXResource.setTopologies("myTopology");
expectedVXResource.setPolicyName("storm Policy");
expectedVXResource.setDescription("storm policy description");
expectedVXResource.setResourceType(1);
expectedVXResource.setAssetName("storm");
expectedVXResource.setAssetType(6);
expectedVXResource.setResourceStatus(1);
expectedVXResource.setAuditList(auditList);
expectedVXResource.setPermMapList(vXPermMapList);
Map<String, RangerPolicyResource> rangerPolicyResourceMap = new HashMap<String, RangerPolicyResource>();
List<String> valuesListForTopology = new ArrayList<String>();
valuesListForTopology.add("myTopology");
RangerPolicyResource rangerPolicyResourceForTopology = new RangerPolicyResource();
rangerPolicyResourceForTopology.setValue("topology");
rangerPolicyResourceForTopology.setValues(valuesListForTopology);
rangerPolicyResourceMap.put("topology", rangerPolicyResourceForTopology);
List<String> valuesListForRangerPolicyItemCondition = new ArrayList<String>();
valuesListForRangerPolicyItemCondition.add("10.329.85.65");
List<String> groupList = new ArrayList<String>();
groupList.add("rangerGroup");
RangerPolicy policy = new RangerPolicy();
policy.setId(1L);
policy.setName("storm Policy");
policy.setService("storm");
policy.setDescription("storm policy description");
policy.setIsEnabled(true);
policy.setGuid(guidString);
policy.setIsAuditEnabled(true);
RangerService rangerService = new RangerService();
rangerService.setName("storm");
rangerService.setType("storm");
List<RangerPolicyItem> rangerPolicyItemList = new ArrayList<RangerPolicy.RangerPolicyItem>();
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
List<RangerPolicyItemCondition> rangerPolicyItemConditionList = new ArrayList<RangerPolicy.RangerPolicyItemCondition>();
RangerPolicyItemCondition rangerPolicyItemCondition = new RangerPolicyItemCondition();
rangerPolicyItemCondition.setType("ipaddress");
rangerPolicyItemCondition.setValues(valuesListForRangerPolicyItemCondition);
rangerPolicyItemConditionList.add(rangerPolicyItemCondition);
rangerPolicyItem.setConditions(rangerPolicyItemConditionList);
rangerPolicyItem.setGroups(groupList);
List<RangerPolicyItemAccess> rangerPolicyItemAccessList = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
RangerPolicyItemAccess rangerPolicyItemAccess = new RangerPolicyItemAccess();
rangerPolicyItemAccess.setIsAllowed(true);
rangerPolicyItemAccess.setType("drop");
rangerPolicyItemAccessList.add(rangerPolicyItemAccess);
rangerPolicyItem.setAccesses(rangerPolicyItemAccessList);
rangerPolicyItem.setDelegateAdmin(true);
rangerPolicyItemList.add(rangerPolicyItem);
policy.setPolicyItems(rangerPolicyItemList);
policy.setResources(rangerPolicyResourceMap);
Mockito.when(xaDaoMgr.getXXGroup()).thenReturn(xxGroupDao);
Mockito.when(xxGroupDao.findByGroupName("rangerGroup")).thenReturn(xxGroup);
VXResource actualVXResource = serviceUtil.toVXResource(policy, rangerService);
Assert.assertNotNull(actualVXResource);
Assert.assertEquals(expectedVXResource.getName(), actualVXResource.getName());
Assert.assertEquals(expectedVXResource.getGuid(), actualVXResource.getGuid());
Assert.assertEquals(expectedVXResource.getPolicyName(), actualVXResource.getPolicyName());
Assert.assertEquals(expectedVXResource.getResourceType(), actualVXResource.getResourceType());
Assert.assertEquals(expectedVXResource.getDescription(), actualVXResource.getDescription());
Assert.assertEquals(expectedVXResource.getAssetName(), actualVXResource.getAssetName());
Assert.assertEquals(expectedVXResource.getAssetType(), actualVXResource.getAssetType());
Assert.assertEquals(expectedVXResource.getResourceStatus(), actualVXResource.getResourceStatus());
Assert.assertEquals(expectedVXResource.getTopologies(), actualVXResource.getTopologies());
Assert.assertEquals(expectedVXResource.getAuditList().get(0).getResourceId(), actualVXResource.getAuditList().get(0).getResourceId());
Assert.assertEquals(expectedVXResource.getAuditList().get(0).getAuditType(), actualVXResource.getAuditList().get(0).getAuditType());
Assert.assertEquals(expectedVXResource.getPermMapList().get(0).getPermFor(), actualVXResource.getPermMapList().get(0).getPermFor());
Assert.assertEquals(expectedVXResource.getPermMapList().get(0).getPermType(), actualVXResource.getPermMapList().get(0).getPermType());
Assert.assertEquals(expectedVXResource.getPermMapList().get(0).getUserName(), actualVXResource.getPermMapList().get(0).getUserName());
Assert.assertEquals(expectedVXResource.getPermMapList().get(0).getIpAddress(), actualVXResource.getPermMapList().get(0).getIpAddress());
Assert.assertEquals(expectedVXResource.getPermMapList().get(0).getUserId(), actualVXResource.getPermMapList().get(0).getUserId());
Assert.assertEquals(expectedVXResource.getPermMapList().get(1).getPermFor(), actualVXResource.getPermMapList().get(1).getPermFor());
Assert.assertEquals(expectedVXResource.getPermMapList().get(1).getPermType(), actualVXResource.getPermMapList().get(1).getPermType());
Assert.assertEquals(expectedVXResource.getPermMapList().get(1).getUserName(), actualVXResource.getPermMapList().get(1).getUserName());
Assert.assertEquals(expectedVXResource.getPermMapList().get(1).getIpAddress(), actualVXResource.getPermMapList().get(1).getIpAddress());
Assert.assertEquals(expectedVXResource.getPermMapList().get(1).getUserId(), actualVXResource.getPermMapList().get(1).getUserId());
}
Also used :
VXPermMap(org.apache.ranger.view.VXPermMap)
HashMap(java.util.HashMap)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
ArrayList(java.util.ArrayList)
VXResource(org.apache.ranger.view.VXResource)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXGroup(org.apache.ranger.entity.XXGroup)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
VXAuditMap(org.apache.ranger.view.VXAuditMap)
RangerService(org.apache.ranger.plugin.model.RangerService)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
Test(org.junit.Test)
Example 57 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class TestServiceUtil method testToVXResourceForStormTopologyAndVXPermMapListWithUserList.
@Test
public void testToVXResourceForStormTopologyAndVXPermMapListWithUserList() {
GUIDUtil guid = new GUIDUtil();
String guidString = guid.genGUID();
XXUser xxUser = new XXUser();
xxUser.setId(6L);
xxUser.setName("rangerAdmin");
List<VXAuditMap> auditList = new ArrayList<VXAuditMap>();
VXAuditMap vxAuditMap = new VXAuditMap();
vxAuditMap.setResourceId(1L);
vxAuditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);
auditList.add(vxAuditMap);
List<VXPermMap> vXPermMapList = new ArrayList<VXPermMap>();
VXPermMap vXPermMap1 = new VXPermMap();
vXPermMap1.setPermFor(1);
vXPermMap1.setUserId(6L);
vXPermMap1.setPermType(12);
vXPermMap1.setUserName("rangerAdmin");
vXPermMap1.setIpAddress("10.329.85.65");
vXPermMapList.add(vXPermMap1);
VXPermMap vXPermMap2 = new VXPermMap();
vXPermMap2.setPermFor(1);
vXPermMap2.setUserId(6L);
vXPermMap2.setPermType(6);
vXPermMap2.setUserName("rangerAdmin");
vXPermMap2.setIpAddress("10.329.85.65");
vXPermMapList.add(vXPermMap2);
VXResource expectedVXResource = new VXResource();
expectedVXResource.setGuid(guidString);
expectedVXResource.setName("myTopology");
expectedVXResource.setTopologies("myTopology");
expectedVXResource.setPolicyName("storm Policy");
expectedVXResource.setDescription("storm policy description");
expectedVXResource.setResourceType(1);
expectedVXResource.setAssetName("storm");
expectedVXResource.setAssetType(6);
expectedVXResource.setResourceStatus(1);
expectedVXResource.setAuditList(auditList);
expectedVXResource.setPermMapList(vXPermMapList);
Map<String, RangerPolicyResource> rangerPolicyResourceMap = new HashMap<String, RangerPolicyResource>();
List<String> valuesListForTopology = new ArrayList<String>();
valuesListForTopology.add("myTopology");
RangerPolicyResource rangerPolicyResourceForTopology = new RangerPolicyResource();
rangerPolicyResourceForTopology.setValue("topology");
rangerPolicyResourceForTopology.setValues(valuesListForTopology);
rangerPolicyResourceMap.put("topology", rangerPolicyResourceForTopology);
List<String> valuesListForRangerPolicyItemCondition = new ArrayList<String>();
valuesListForRangerPolicyItemCondition.add("10.329.85.65");
List<String> usersList = new ArrayList<String>();
usersList.add("rangerAdmin");
RangerPolicy policy = new RangerPolicy();
policy.setId(1L);
policy.setName("storm Policy");
policy.setService("storm");
policy.setDescription("storm policy description");
policy.setIsEnabled(true);
policy.setGuid(guidString);
policy.setIsAuditEnabled(true);
RangerService rangerService = new RangerService();
rangerService.setName("storm");
rangerService.setType("storm");
List<RangerPolicyItem> rangerPolicyItemList = new ArrayList<RangerPolicy.RangerPolicyItem>();
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
List<RangerPolicyItemCondition> rangerPolicyItemConditionList = new ArrayList<RangerPolicy.RangerPolicyItemCondition>();
RangerPolicyItemCondition rangerPolicyItemCondition = new RangerPolicyItemCondition();
rangerPolicyItemCondition.setType("ipaddress");
rangerPolicyItemCondition.setValues(valuesListForRangerPolicyItemCondition);
rangerPolicyItemConditionList.add(rangerPolicyItemCondition);
rangerPolicyItem.setConditions(rangerPolicyItemConditionList);
rangerPolicyItem.setUsers(usersList);
List<RangerPolicyItemAccess> rangerPolicyItemAccessList = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
RangerPolicyItemAccess rangerPolicyItemAccess = new RangerPolicyItemAccess();
rangerPolicyItemAccess.setIsAllowed(true);
rangerPolicyItemAccess.setType("drop");
rangerPolicyItemAccessList.add(rangerPolicyItemAccess);
rangerPolicyItem.setAccesses(rangerPolicyItemAccessList);
rangerPolicyItem.setDelegateAdmin(true);
rangerPolicyItemList.add(rangerPolicyItem);
policy.setPolicyItems(rangerPolicyItemList);
policy.setResources(rangerPolicyResourceMap);
Mockito.when(xaDaoMgr.getXXUser()).thenReturn(xxUserDao);
Mockito.when(xxUserDao.findByUserName("rangerAdmin")).thenReturn(xxUser);
VXResource actualVXResource = serviceUtil.toVXResource(policy, rangerService);
Assert.assertNotNull(actualVXResource);
Assert.assertEquals(expectedVXResource.getName(), actualVXResource.getName());
Assert.assertEquals(expectedVXResource.getGuid(), actualVXResource.getGuid());
Assert.assertEquals(expectedVXResource.getPolicyName(), actualVXResource.getPolicyName());
Assert.assertEquals(expectedVXResource.getResourceType(), actualVXResource.getResourceType());
Assert.assertEquals(expectedVXResource.getDescription(), actualVXResource.getDescription());
Assert.assertEquals(expectedVXResource.getAssetName(), actualVXResource.getAssetName());
Assert.assertEquals(expectedVXResource.getAssetType(), actualVXResource.getAssetType());
Assert.assertEquals(expectedVXResource.getResourceStatus(), actualVXResource.getResourceStatus());
Assert.assertEquals(expectedVXResource.getTopologies(), actualVXResource.getTopologies());
Assert.assertEquals(expectedVXResource.getAuditList().get(0).getResourceId(), actualVXResource.getAuditList().get(0).getResourceId());
Assert.assertEquals(expectedVXResource.getAuditList().get(0).getAuditType(), actualVXResource.getAuditList().get(0).getAuditType());
Assert.assertEquals(expectedVXResource.getPermMapList().get(0).getPermFor(), actualVXResource.getPermMapList().get(0).getPermFor());
Assert.assertEquals(expectedVXResource.getPermMapList().get(0).getPermType(), actualVXResource.getPermMapList().get(0).getPermType());
Assert.assertEquals(expectedVXResource.getPermMapList().get(0).getUserName(), actualVXResource.getPermMapList().get(0).getUserName());
Assert.assertEquals(expectedVXResource.getPermMapList().get(0).getIpAddress(), actualVXResource.getPermMapList().get(0).getIpAddress());
Assert.assertEquals(expectedVXResource.getPermMapList().get(0).getUserId(), actualVXResource.getPermMapList().get(0).getUserId());
Assert.assertEquals(expectedVXResource.getPermMapList().get(1).getPermFor(), actualVXResource.getPermMapList().get(1).getPermFor());
Assert.assertEquals(expectedVXResource.getPermMapList().get(1).getPermType(), actualVXResource.getPermMapList().get(1).getPermType());
Assert.assertEquals(expectedVXResource.getPermMapList().get(1).getUserName(), actualVXResource.getPermMapList().get(1).getUserName());
Assert.assertEquals(expectedVXResource.getPermMapList().get(1).getIpAddress(), actualVXResource.getPermMapList().get(1).getIpAddress());
Assert.assertEquals(expectedVXResource.getPermMapList().get(1).getUserId(), actualVXResource.getPermMapList().get(1).getUserId());
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
VXPermMap(org.apache.ranger.view.VXPermMap)
HashMap(java.util.HashMap)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
ArrayList(java.util.ArrayList)
VXResource(org.apache.ranger.view.VXResource)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
VXAuditMap(org.apache.ranger.view.VXAuditMap)
RangerService(org.apache.ranger.plugin.model.RangerService)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
Test(org.junit.Test)
Example 58 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class PatchMigration_J10002 method mapXResourceToPolicy.
private RangerPolicy mapXResourceToPolicy(RangerPolicy policy, XXResource xRes, RangerService service) {
String serviceName = service.getName();
String serviceType = service.getType();
String name = xRes.getPolicyName();
String description = xRes.getDescription();
Boolean isAuditEnabled = true;
Boolean isEnabled = true;
Map<String, RangerPolicyResource> resources = new HashMap<String, RangerPolicyResource>();
List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
XXServiceDef svcDef = daoMgr.getXXServiceDef().findByName(serviceType);
if (svcDef == null) {
logger.error(serviceType + ": service-def not found. Skipping policy '" + name + "'");
return null;
}
List<XXAuditMap> auditMapList = daoMgr.getXXAuditMap().findByResourceId(xRes.getId());
if (stringUtil.isEmpty(auditMapList)) {
isAuditEnabled = false;
}
if (xRes.getResourceStatus() == AppConstants.STATUS_DISABLED) {
isEnabled = false;
}
Boolean isPathRecursive = xRes.getIsRecursive() == RangerCommonEnums.BOOL_TRUE;
Boolean isTableExcludes = xRes.getTableType() == RangerCommonEnums.POLICY_EXCLUSION;
Boolean isColumnExcludes = xRes.getColumnType() == RangerCommonEnums.POLICY_EXCLUSION;
if (StringUtils.equalsIgnoreCase(serviceType, "hdfs")) {
toRangerResourceList(xRes.getName(), "path", Boolean.FALSE, isPathRecursive, resources);
} else if (StringUtils.equalsIgnoreCase(serviceType, "hbase")) {
toRangerResourceList(xRes.getTables(), "table", isTableExcludes, Boolean.FALSE, resources);
toRangerResourceList(xRes.getColumnFamilies(), "column-family", Boolean.FALSE, Boolean.FALSE, resources);
toRangerResourceList(xRes.getColumns(), "column", isColumnExcludes, Boolean.FALSE, resources);
} else if (StringUtils.equalsIgnoreCase(serviceType, "hive")) {
toRangerResourceList(xRes.getDatabases(), "database", Boolean.FALSE, Boolean.FALSE, resources);
toRangerResourceList(xRes.getTables(), "table", isTableExcludes, Boolean.FALSE, resources);
toRangerResourceList(xRes.getColumns(), "column", isColumnExcludes, Boolean.FALSE, resources);
toRangerResourceList(xRes.getUdfs(), "udf", Boolean.FALSE, Boolean.FALSE, resources);
} else if (StringUtils.equalsIgnoreCase(serviceType, "knox")) {
toRangerResourceList(xRes.getTopologies(), "topology", Boolean.FALSE, Boolean.FALSE, resources);
toRangerResourceList(xRes.getServices(), "service", Boolean.FALSE, Boolean.FALSE, resources);
} else if (StringUtils.equalsIgnoreCase(serviceType, "storm")) {
toRangerResourceList(xRes.getTopologies(), "topology", Boolean.FALSE, Boolean.FALSE, resources);
}
policyItems = getPolicyItemListForRes(xRes, svcDef);
policy.setService(serviceName);
policy.setName(name);
policy.setDescription(description);
policy.setIsAuditEnabled(isAuditEnabled);
policy.setIsEnabled(isEnabled);
policy.setResources(resources);
policy.setPolicyItems(policyItems);
policy.setCreateTime(xRes.getCreateTime());
policy.setUpdateTime(xRes.getUpdateTime());
XXPortalUser createdByUser = daoMgr.getXXPortalUser().getById(xRes.getAddedByUserId());
XXPortalUser updByUser = daoMgr.getXXPortalUser().getById(xRes.getUpdatedByUserId());
if (createdByUser != null) {
policy.setCreatedBy(createdByUser.getLoginId());
}
if (updByUser != null) {
policy.setUpdatedBy(updByUser.getLoginId());
}
policy.setId(xRes.getId());
return policy;
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
XXPortalUser(org.apache.ranger.entity.XXPortalUser)
HashMap(java.util.HashMap)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
ArrayList(java.util.ArrayList)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
XXAuditMap(org.apache.ranger.entity.XXAuditMap)
Example 59 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class PatchMigration_J10002 method getPolicyItemListForRes.
private List<RangerPolicyItem> getPolicyItemListForRes(XXResource xRes, XXServiceDef svcDef) {
List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
SearchCriteria sc = new SearchCriteria();
sc.addParam("resourceId", xRes.getId());
List<VXPermMap> permMapList = xPermMapService.searchXPermMaps(sc).getVXPermMaps();
HashMap<String, List<VXPermMap>> sortedPermMap = new HashMap<String, List<VXPermMap>>();
// re-group the list with permGroup as the key
if (permMapList != null) {
for (VXPermMap permMap : permMapList) {
String permGrp = permMap.getPermGroup();
List<VXPermMap> sortedList = sortedPermMap.get(permGrp);
if (sortedList == null) {
sortedList = new ArrayList<VXPermMap>();
sortedPermMap.put(permGrp, sortedList);
}
sortedList.add(permMap);
}
}
for (Entry<String, List<VXPermMap>> entry : sortedPermMap.entrySet()) {
List<String> userList = new ArrayList<String>();
List<String> groupList = new ArrayList<String>();
List<RangerPolicyItemAccess> accessList = new ArrayList<RangerPolicyItemAccess>();
String ipAddress = null;
RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
for (VXPermMap permMap : entry.getValue()) {
if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
String userName = getUserName(permMap);
if (!userList.contains(userName)) {
userList.add(userName);
}
} else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
String groupName = getGroupName(permMap);
if (!groupList.contains(groupName)) {
groupList.add(groupName);
}
}
String accessType = ServiceUtil.toAccessType(permMap.getPermType());
if (StringUtils.isBlank(accessType) || unsupportedLegacyPermTypes.contains(accessType)) {
logger.info(accessType + ": is not a valid access-type, ignoring accesstype for policy: " + xRes.getPolicyName());
continue;
}
if (StringUtils.equalsIgnoreCase(accessType, "Admin")) {
policyItem.setDelegateAdmin(Boolean.TRUE);
if (svcDef.getId() == EmbeddedServiceDefsUtil.instance().getHBaseServiceDefId()) {
addAccessType(accessType, accessList);
}
} else {
addAccessType(accessType, accessList);
}
ipAddress = permMap.getIpAddress();
}
if (CollectionUtils.isEmpty(accessList)) {
logger.info("no access specified. ignoring policyItem for policy: " + xRes.getPolicyName());
continue;
}
if (CollectionUtils.isEmpty(userList) && CollectionUtils.isEmpty(groupList)) {
logger.info("no user or group specified. ignoring policyItem for policy: " + xRes.getPolicyName());
continue;
}
policyItem.setUsers(userList);
policyItem.setGroups(groupList);
policyItem.setAccesses(accessList);
if (ipAddress != null && !ipAddress.isEmpty()) {
XXPolicyConditionDef policyCond = daoMgr.getXXPolicyConditionDef().findByServiceDefIdAndName(svcDef.getId(), "ip-range");
if (policyCond != null) {
RangerPolicy.RangerPolicyItemCondition ipCondition = new RangerPolicy.RangerPolicyItemCondition("ip-range", Collections.singletonList(ipAddress));
policyItem.getConditions().add(ipCondition);
}
}
policyItems.add(policyItem);
}
return policyItems;
}
Also used :
VXPermMap(org.apache.ranger.view.VXPermMap)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 60 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class MetricUtil method metricCalculation.
private void metricCalculation(String caseValue) {
logger.info("Metric Type : " + caseValue);
try {
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.setStartIndex(0);
searchCriteria.setMaxRows(100);
searchCriteria.setGetCount(true);
searchCriteria.setSortType("asc");
switch(caseValue.toLowerCase()) {
case "usergroup":
try {
VXGroupList vxGroupList = xUserMgr.searchXGroups(searchCriteria);
long groupCount = vxGroupList.getTotalCount();
ArrayList<String> userAdminRoleCount = new ArrayList<String>();
userAdminRoleCount.add(RangerConstants.ROLE_SYS_ADMIN);
long userSysAdminCount = getUserCountBasedOnUserRole(userAdminRoleCount);
ArrayList<String> userAdminAuditorRoleCount = new ArrayList<String>();
userAdminAuditorRoleCount.add(RangerConstants.ROLE_ADMIN_AUDITOR);
long userSysAdminAuditorCount = getUserCountBasedOnUserRole(userAdminAuditorRoleCount);
ArrayList<String> userRoleListKeyRoleAdmin = new ArrayList<String>();
userRoleListKeyRoleAdmin.add(RangerConstants.ROLE_KEY_ADMIN);
long userKeyAdminCount = getUserCountBasedOnUserRole(userRoleListKeyRoleAdmin);
ArrayList<String> userRoleListKeyadminAduitorRole = new ArrayList<String>();
userRoleListKeyadminAduitorRole.add(RangerConstants.ROLE_KEY_ADMIN_AUDITOR);
long userKeyadminAuditorCount = getUserCountBasedOnUserRole(userRoleListKeyadminAduitorRole);
ArrayList<String> userRoleListUser = new ArrayList<String>();
userRoleListUser.add(RangerConstants.ROLE_USER);
long userRoleCount = getUserCountBasedOnUserRole(userRoleListUser);
long userTotalCount = userSysAdminCount + userKeyAdminCount + userRoleCount + userKeyadminAuditorCount + userSysAdminAuditorCount;
VXMetricUserGroupCount metricUserGroupCount = new VXMetricUserGroupCount();
metricUserGroupCount.setUserCountOfUserRole(userRoleCount);
metricUserGroupCount.setUserCountOfKeyAdminRole(userKeyAdminCount);
metricUserGroupCount.setUserCountOfSysAdminRole(userSysAdminCount);
metricUserGroupCount.setUserCountOfKeyadminAuditorRole(userKeyadminAuditorCount);
metricUserGroupCount.setUserCountOfSysAdminAuditorRole(userSysAdminAuditorCount);
metricUserGroupCount.setUserTotalCount(userTotalCount);
metricUserGroupCount.setGroupCount(groupCount);
Gson gson = new GsonBuilder().create();
final String jsonUserGroupCount = gson.toJson(metricUserGroupCount);
System.out.println(jsonUserGroupCount);
} catch (Exception e) {
logger.error("Error calculating Metric for usergroup : " + e.getMessage());
}
break;
case "audits":
try {
int clientTimeOffsetInMinute = RestUtil.getClientTimeOffset();
String defaultDateFormat = "MM/dd/yyyy";
DateFormat formatter = new SimpleDateFormat(defaultDateFormat);
VXMetricAuditDetailsCount auditObj = new VXMetricAuditDetailsCount();
DateUtil dateUtilTwoDays = new DateUtil();
Date startDateUtilTwoDays = dateUtilTwoDays.getDateFromNow(-2);
Date dStart2 = restErrorUtil.parseDate(formatter.format(startDateUtilTwoDays), "Invalid value for startDate", MessageEnums.INVALID_INPUT_DATA, null, "startDate", defaultDateFormat);
Date endDateTwoDays = MiscUtil.getUTCDate();
Date dEnd2 = restErrorUtil.parseDate(formatter.format(endDateTwoDays), "Invalid value for endDate", MessageEnums.INVALID_INPUT_DATA, null, "endDate", defaultDateFormat);
dEnd2 = dateUtilTwoDays.getDateFromGivenDate(dEnd2, 0, 23, 59, 59);
dEnd2 = dateUtilTwoDays.addTimeOffset(dEnd2, clientTimeOffsetInMinute);
VXMetricServiceCount deniedCountObj = getAuditsCount(0, dStart2, dEnd2);
auditObj.setDenialEventsCountTwoDays(deniedCountObj);
VXMetricServiceCount allowedCountObj = getAuditsCount(1, dStart2, dEnd2);
auditObj.setAccessEventsCountTwoDays(allowedCountObj);
long totalAuditsCountTwoDays = deniedCountObj.getTotalCount() + allowedCountObj.getTotalCount();
auditObj.setSolrIndexCountTwoDays(totalAuditsCountTwoDays);
DateUtil dateUtilWeek = new DateUtil();
Date startDateUtilWeek = dateUtilWeek.getDateFromNow(-7);
Date dStart7 = restErrorUtil.parseDate(formatter.format(startDateUtilWeek), "Invalid value for startDate", MessageEnums.INVALID_INPUT_DATA, null, "startDate", defaultDateFormat);
Date endDateWeek = MiscUtil.getUTCDate();
DateUtil dateUtilweek = new DateUtil();
Date dEnd7 = restErrorUtil.parseDate(formatter.format(endDateWeek), "Invalid value for endDate", MessageEnums.INVALID_INPUT_DATA, null, "endDate", defaultDateFormat);
dEnd7 = dateUtilweek.getDateFromGivenDate(dEnd7, 0, 23, 59, 59);
dEnd7 = dateUtilweek.addTimeOffset(dEnd7, clientTimeOffsetInMinute);
VXMetricServiceCount deniedCountObjWeek = getAuditsCount(0, dStart7, dEnd7);
auditObj.setDenialEventsCountWeek(deniedCountObjWeek);
VXMetricServiceCount allowedCountObjWeek = getAuditsCount(1, dStart7, dEnd7);
auditObj.setAccessEventsCountWeek(allowedCountObjWeek);
long totalAuditsCountWeek = deniedCountObjWeek.getTotalCount() + allowedCountObjWeek.getTotalCount();
auditObj.setSolrIndexCountWeek(totalAuditsCountWeek);
Gson gson = new GsonBuilder().create();
final String jsonAudit = gson.toJson(auditObj);
System.out.println(jsonAudit);
} catch (Exception e) {
logger.error("Error calculating Metric for audits : " + e.getMessage());
}
break;
case "services":
try {
SearchFilter serviceFilter = new SearchFilter();
serviceFilter.setMaxRows(200);
serviceFilter.setStartIndex(0);
serviceFilter.setGetCount(true);
serviceFilter.setSortBy("serviceId");
serviceFilter.setSortType("asc");
VXMetricServiceCount vXMetricServiceCount = new VXMetricServiceCount();
PList<RangerService> paginatedSvcs = svcStore.getPaginatedServices(serviceFilter);
long totalServiceCount = paginatedSvcs.getTotalCount();
List<RangerService> rangerServiceList = paginatedSvcs.getList();
Map<String, Long> services = new HashMap<String, Long>();
for (Object rangerService : rangerServiceList) {
RangerService RangerServiceObj = (RangerService) rangerService;
String serviceName = RangerServiceObj.getType();
if (!(services.containsKey(serviceName))) {
serviceFilter.setParam("serviceType", serviceName);
PList<RangerService> paginatedSvcscount = svcStore.getPaginatedServices(serviceFilter);
services.put(serviceName, paginatedSvcscount.getTotalCount());
}
}
vXMetricServiceCount.setServiceBasedCountList(services);
vXMetricServiceCount.setTotalCount(totalServiceCount);
Gson gson = new GsonBuilder().create();
final String jsonServices = gson.toJson(vXMetricServiceCount);
System.out.println(jsonServices);
} catch (Exception e) {
logger.error("Error calculating Metric for services : " + e.getMessage());
}
break;
case "policies":
try {
SearchFilter policyFilter = new SearchFilter();
policyFilter.setMaxRows(200);
policyFilter.setStartIndex(0);
policyFilter.setGetCount(true);
policyFilter.setSortBy("serviceId");
policyFilter.setSortType("asc");
VXMetricPolicyCount vXMetricPolicyCount = new VXMetricPolicyCount();
PList<RangerPolicy> paginatedSvcsList = svcStore.getPaginatedPolicies(policyFilter);
vXMetricPolicyCount.setTotalCount(paginatedSvcsList.getTotalCount());
Map<String, VXMetricServiceCount> servicesWithPolicy = new HashMap<String, VXMetricServiceCount>();
for (int k = 2; k >= 0; k--) {
String policyType = String.valueOf(k);
VXMetricServiceCount vXMetricServiceCount = getVXMetricServiceCount(policyType);
if (k == 2) {
servicesWithPolicy.put("rowFilteringPolicies", vXMetricServiceCount);
} else if (k == 1) {
servicesWithPolicy.put("maskingPolicies", vXMetricServiceCount);
} else if (k == 0) {
servicesWithPolicy.put("resourceAccessPolicies", vXMetricServiceCount);
}
}
boolean tagFlag = false;
if (tagFlag == false) {
policyFilter.setParam("serviceType", "tag");
PList<RangerPolicy> policiestype = svcStore.getPaginatedPolicies(policyFilter);
Map<String, Long> tagMap = new HashMap<String, Long>();
long tagCount = policiestype.getTotalCount();
tagMap.put("tag", tagCount);
VXMetricServiceCount vXMetricServiceCount = new VXMetricServiceCount();
vXMetricServiceCount.setServiceBasedCountList(tagMap);
vXMetricServiceCount.setTotalCount(tagCount);
servicesWithPolicy.put("tagAccessPolicies", vXMetricServiceCount);
tagFlag = true;
}
vXMetricPolicyCount.setPolicyCountList(servicesWithPolicy);
Gson gson = new GsonBuilder().create();
final String jsonPolicies = gson.toJson(vXMetricPolicyCount);
System.out.println(jsonPolicies);
} catch (Exception e) {
logger.error("Error calculating Metric for policies : " + e.getMessage());
}
break;
case "database":
try {
int dbFlavor = RangerBizUtil.getDBFlavor();
String dbFlavourType = "Unknow ";
if (dbFlavor == AppConstants.DB_FLAVOR_MYSQL) {
dbFlavourType = "MYSQL ";
} else if (dbFlavor == AppConstants.DB_FLAVOR_ORACLE) {
dbFlavourType = "ORACLE ";
} else if (dbFlavor == AppConstants.DB_FLAVOR_POSTGRES) {
dbFlavourType = "POSTGRES ";
} else if (dbFlavor == AppConstants.DB_FLAVOR_SQLANYWHERE) {
dbFlavourType = "SQLANYWHERE ";
} else if (dbFlavor == AppConstants.DB_FLAVOR_SQLSERVER) {
dbFlavourType = "SQLSERVER ";
}
String dbDetail = dbFlavourType + xaBizUtil.getDBVersion();
Gson gson = new GsonBuilder().create();
final String jsonDBDetail = gson.toJson(dbDetail);
System.out.println(jsonDBDetail);
} catch (Exception e) {
logger.error("Error calculating Metric for database : " + e.getMessage());
}
break;
case "contextenrichers":
try {
SearchFilter filter = new SearchFilter();
filter.setStartIndex(0);
VXMetricContextEnricher serviceWithContextEnrichers = new VXMetricContextEnricher();
PList<RangerServiceDef> paginatedSvcDefs = svcStore.getPaginatedServiceDefs(filter);
List<RangerServiceDef> repoTypeList = paginatedSvcDefs.getList();
if (repoTypeList != null) {
for (RangerServiceDef repoType : repoTypeList) {
RangerServiceDef rangerServiceDefObj = (RangerServiceDef) repoType;
String name = rangerServiceDefObj.getName();
List<RangerContextEnricherDef> contextEnrichers = rangerServiceDefObj.getContextEnrichers();
if (contextEnrichers != null && !contextEnrichers.isEmpty()) {
serviceWithContextEnrichers.setServiceName(name);
serviceWithContextEnrichers.setTotalCount(contextEnrichers.size());
}
}
}
Gson gson = new GsonBuilder().create();
final String jsonContextEnrichers = gson.toJson(serviceWithContextEnrichers);
System.out.println(jsonContextEnrichers);
} catch (Exception e) {
logger.error("Error calculating Metric for contextenrichers : " + e.getMessage());
}
break;
case "denyconditions":
try {
SearchFilter policyFilter1 = new SearchFilter();
policyFilter1.setMaxRows(200);
policyFilter1.setStartIndex(0);
policyFilter1.setGetCount(true);
policyFilter1.setSortBy("serviceId");
policyFilter1.setSortType("asc");
int denyCount = 0;
Map<String, Integer> denyconditionsonMap = new HashMap<String, Integer>();
PList<RangerServiceDef> paginatedSvcDefs = svcStore.getPaginatedServiceDefs(policyFilter1);
if (paginatedSvcDefs != null) {
List<RangerServiceDef> rangerServiceDefs = paginatedSvcDefs.getList();
if (rangerServiceDefs != null && !rangerServiceDefs.isEmpty()) {
for (RangerServiceDef rangerServiceDef : rangerServiceDefs) {
if (rangerServiceDef != null) {
String serviceDef = rangerServiceDef.getName();
if (!StringUtils.isEmpty(serviceDef)) {
policyFilter1.setParam("serviceType", serviceDef);
policyFilter1.setParam("denyCondition", "true");
PList<RangerPolicy> policiesList = svcStore.getPaginatedPolicies(policyFilter1);
if (policiesList != null && policiesList.getListSize() > 0) {
int policyListCount = policiesList.getListSize();
if (policyListCount > 0 && policiesList.getList() != null) {
List<RangerPolicy> policies = policiesList.getList();
for (RangerPolicy policy : policies) {
if (policy != null) {
List<RangerPolicyItem> policyItem = policy.getDenyPolicyItems();
if (policyItem != null && !policyItem.isEmpty()) {
if (denyconditionsonMap.get(serviceDef) != null) {
denyCount = denyconditionsonMap.get(serviceDef) + denyCount + policyItem.size();
} else {
denyCount = denyCount + policyItem.size();
}
}
List<RangerPolicyItem> policyItemExclude = policy.getDenyExceptions();
if (policyItemExclude != null && !policyItemExclude.isEmpty()) {
if (denyconditionsonMap.get(serviceDef) != null) {
denyCount = denyconditionsonMap.get(serviceDef) + denyCount + policyItemExclude.size();
} else {
denyCount = denyCount + policyItemExclude.size();
}
}
}
}
}
}
policyFilter1.removeParam("serviceType");
}
denyconditionsonMap.put(serviceDef, denyCount);
denyCount = 0;
}
}
}
}
Gson gson = new GsonBuilder().create();
String jsonContextDenyCondtionOn = gson.toJson(denyconditionsonMap);
System.out.println(jsonContextDenyCondtionOn);
} catch (Exception e) {
logger.error("Error calculating Metric for denyconditions : " + e.getMessage());
}
break;
default:
System.out.println("type: Incorrect Arguments usage : -type policies | audits | usergroup | services | database | contextenrichers | denyconditions");
logger.info("Please enter the valid arguments for Metric Calculation");
break;
}
} catch (Exception e) {
logger.error("Error calculating Metric : " + e.getMessage());
}
}
Also used :
VXMetricAuditDetailsCount(org.apache.ranger.view.VXMetricAuditDetailsCount)
HashMap(java.util.HashMap)
DateUtil(org.apache.ranger.common.DateUtil)
VXGroupList(org.apache.ranger.view.VXGroupList)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
SearchFilter(org.apache.ranger.plugin.util.SearchFilter)
VXMetricPolicyCount(org.apache.ranger.view.VXMetricPolicyCount)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
VXMetricUserGroupCount(org.apache.ranger.view.VXMetricUserGroupCount)
RangerService(org.apache.ranger.plugin.model.RangerService)
GsonBuilder(com.google.gson.GsonBuilder)
VXMetricContextEnricher(org.apache.ranger.view.VXMetricContextEnricher)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
Date(java.util.Date)
RangerContextEnricherDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)
SimpleDateFormat(java.text.SimpleDateFormat)
DateFormat(java.text.DateFormat)
VXMetricServiceCount(org.apache.ranger.view.VXMetricServiceCount)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
SimpleDateFormat(java.text.SimpleDateFormat)
Aggregations
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)85
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)65
RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)56
ArrayList (java.util.ArrayList)52
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)35
HashMap (java.util.HashMap)34
Test (org.junit.Test)24
RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)21
VXString (org.apache.ranger.view.VXString)17
Date (java.util.Date)15
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)14
RangerService (org.apache.ranger.plugin.model.RangerService)11
LinkedHashMap (java.util.LinkedHashMap)8
ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)8
RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)7
XXServiceDef (org.apache.ranger.entity.XXServiceDef)6
IOException (java.io.IOException)5
List (java.util.List)5
XXService (org.apache.ranger.entity.XXService)5
RangerRowFilterPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)5
