Example 71 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class ServiceDBStore method writeExcel.
private void writeExcel(List<RangerPolicy> policies, String excelFileName, HttpServletResponse response) throws IOException {
Workbook workbook = null;
OutputStream outStream = null;
try {
workbook = new HSSFWorkbook();
Sheet sheet = workbook.createSheet();
createHeaderRow(sheet);
int rowCount = 0;
if (!CollectionUtils.isEmpty(policies)) {
for (RangerPolicy policy : policies) {
List<RangerPolicyItem> policyItems = policy.getPolicyItems();
List<RangerRowFilterPolicyItem> rowFilterPolicyItems = policy.getRowFilterPolicyItems();
List<RangerDataMaskPolicyItem> dataMaskPolicyItems = policy.getDataMaskPolicyItems();
List<RangerPolicyItem> allowExceptions = policy.getAllowExceptions();
List<RangerPolicyItem> denyExceptions = policy.getDenyExceptions();
List<RangerPolicyItem> denyPolicyItems = policy.getDenyPolicyItems();
XXService xxservice = daoMgr.getXXService().findByName(policy.getService());
String serviceType = "";
if (xxservice != null) {
Long ServiceId = xxservice.getType();
XXServiceDef xxservDef = daoMgr.getXXServiceDef().getById(ServiceId);
if (xxservDef != null) {
serviceType = xxservDef.getName();
}
}
if (CollectionUtils.isNotEmpty(policyItems)) {
for (RangerPolicyItem policyItem : policyItems) {
Row row = sheet.createRow(++rowCount);
writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_ALLOW_INCLUDE);
}
} else if (CollectionUtils.isNotEmpty(dataMaskPolicyItems)) {
for (RangerDataMaskPolicyItem dataMaskPolicyItem : dataMaskPolicyItems) {
Row row = sheet.createRow(++rowCount);
writeBookForPolicyItems(policy, null, dataMaskPolicyItem, null, row, null);
}
} else if (CollectionUtils.isNotEmpty(rowFilterPolicyItems)) {
for (RangerRowFilterPolicyItem rowFilterPolicyItem : rowFilterPolicyItems) {
Row row = sheet.createRow(++rowCount);
writeBookForPolicyItems(policy, null, null, rowFilterPolicyItem, row, null);
}
} else if (serviceType.equalsIgnoreCase(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
if (CollectionUtils.isEmpty(policyItems)) {
Row row = sheet.createRow(++rowCount);
RangerPolicyItem policyItem = new RangerPolicyItem();
writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_ALLOW_INCLUDE);
}
} else if (CollectionUtils.isEmpty(policyItems)) {
Row row = sheet.createRow(++rowCount);
RangerPolicyItem policyItem = new RangerPolicyItem();
writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_ALLOW_INCLUDE);
}
if (CollectionUtils.isNotEmpty(allowExceptions)) {
for (RangerPolicyItem policyItem : allowExceptions) {
Row row = sheet.createRow(++rowCount);
writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_ALLOW_EXCLUDE);
}
}
if (CollectionUtils.isNotEmpty(denyExceptions)) {
for (RangerPolicyItem policyItem : denyExceptions) {
Row row = sheet.createRow(++rowCount);
writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_DENY_EXCLUDE);
}
}
if (CollectionUtils.isNotEmpty(denyPolicyItems)) {
for (RangerPolicyItem policyItem : denyPolicyItems) {
Row row = sheet.createRow(++rowCount);
writeBookForPolicyItems(policy, policyItem, null, null, row, POLICY_DENY_INCLUDE);
}
}
}
}
ByteArrayOutputStream outByteStream = new ByteArrayOutputStream();
workbook.write(outByteStream);
byte[] outArray = outByteStream.toByteArray();
response.setContentType("application/ms-excel");
response.setContentLength(outArray.length);
response.setHeader("Expires:", "0");
response.setHeader("Content-Disposition", "attachment; filename=" + excelFileName);
response.setStatus(HttpServletResponse.SC_OK);
outStream = response.getOutputStream();
outStream.write(outArray);
outStream.flush();
} catch (IOException ex) {
LOG.error("Failed to create report file " + excelFileName, ex);
} catch (Exception ex) {
LOG.error("Error while generating report file " + excelFileName, ex);
} finally {
if (outStream != null) {
outStream.close();
}
if (workbook != null) {
workbook.close();
}
}
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
ServletOutputStream(javax.servlet.ServletOutputStream)
OutputStream(java.io.OutputStream)
RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)
VXString(org.apache.ranger.view.VXString)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
HSSFWorkbook(org.apache.poi.hssf.usermodel.HSSFWorkbook)
Workbook(org.apache.poi.ss.usermodel.Workbook)
HSSFWorkbook(org.apache.poi.hssf.usermodel.HSSFWorkbook)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
JSONException(org.codehaus.jettison.json.JSONException)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
Row(org.apache.poi.ss.usermodel.Row)
XXService(org.apache.ranger.entity.XXService)
Sheet(org.apache.poi.ss.usermodel.Sheet)
Example 72 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class TestRangerPolicyService method rangerPolicy.
private RangerPolicy rangerPolicy() {
List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
List<String> users = new ArrayList<String>();
List<String> groups = new ArrayList<String>();
List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>();
List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.setAccesses(accesses);
rangerPolicyItem.setConditions(conditions);
rangerPolicyItem.setGroups(groups);
rangerPolicyItem.setUsers(users);
rangerPolicyItem.setDelegateAdmin(false);
policyItems.add(rangerPolicyItem);
Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>();
RangerPolicyResource rangerPolicyResource = new RangerPolicyResource();
rangerPolicyResource.setIsExcludes(true);
rangerPolicyResource.setIsRecursive(true);
rangerPolicyResource.setValue("1");
rangerPolicyResource.setValues(users);
RangerPolicy policy = new RangerPolicy();
policy.setId(Id);
policy.setCreateTime(new Date());
policy.setDescription("policy");
policy.setGuid("policyguid");
policy.setIsEnabled(true);
policy.setName("HDFS_1-1-20150316062453");
policy.setUpdatedBy("Admin");
policy.setUpdateTime(new Date());
policy.setService("HDFS_1-1-20150316062453");
policy.setIsAuditEnabled(true);
policy.setPolicyItems(policyItems);
policy.setResources(policyResource);
policy.setPolicyType(0);
return policy;
}
Also used :
HashMap(java.util.HashMap)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
ArrayList(java.util.ArrayList)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
Date(java.util.Date)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
Example 73 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class RangerDefaultPolicyEvaluator method createPolicyItemEvaluators.
private List<RangerPolicyItemEvaluator> createPolicyItemEvaluators(RangerPolicy policy, RangerServiceDef serviceDef, RangerPolicyEngineOptions options, int policyItemType) {
List<RangerPolicyItemEvaluator> ret = null;
List<RangerPolicyItem> policyItems = null;
if (isPolicyItemTypeEnabled(serviceDef, policyItemType)) {
if (policyItemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW) {
policyItems = policy.getPolicyItems();
} else if (policyItemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY) {
policyItems = policy.getDenyPolicyItems();
} else if (policyItemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS) {
policyItems = policy.getAllowExceptions();
} else if (policyItemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS) {
policyItems = policy.getDenyExceptions();
}
}
if (CollectionUtils.isNotEmpty(policyItems)) {
ret = new ArrayList<>();
int policyItemCounter = 1;
for (RangerPolicyItem policyItem : policyItems) {
RangerPolicyItemEvaluator itemEvaluator = new RangerDefaultPolicyItemEvaluator(serviceDef, policy, policyItem, policyItemType, policyItemCounter++, options);
itemEvaluator.init();
ret.add(itemEvaluator);
if (CollectionUtils.isNotEmpty(itemEvaluator.getConditionEvaluators())) {
customConditionsCount += itemEvaluator.getConditionEvaluators().size();
}
}
} else {
ret = Collections.<RangerPolicyItemEvaluator>emptyList();
}
return ret;
}
Also used :
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
Example 74 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class RangerPolicyFactory method createPolicyItem.
private static RangerPolicyItem createPolicyItem(boolean isAllowed) {
RangerPolicyItem rangerPolicyItem = new RangerPolicyItem();
rangerPolicyItem.setDelegateAdmin(false);
rangerPolicyItem.setUsers(isAllowed ? KNOWN_USERS : RANDOM_VALUES);
rangerPolicyItem.setAccesses(createAccesses(isAllowed));
return rangerPolicyItem;
}
Also used :
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
Example 75 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class PolicyRefUpdater method createNewPolMappingForRefTable.
public void createNewPolMappingForRefTable(RangerPolicy policy, XXPolicy xPolicy, XXServiceDef xServiceDef) throws Exception {
if (policy == null) {
return;
}
cleanupRefTables(policy);
final Set<String> resourceNames = policy.getResources().keySet();
final Set<String> roleNames = new HashSet<>();
final Set<String> groupNames = new HashSet<>();
final Set<String> userNames = new HashSet<>();
final Set<String> accessTypes = new HashSet<>();
final Set<String> conditionTypes = new HashSet<>();
final Set<String> dataMaskTypes = new HashSet<>();
boolean oldBulkMode = RangerBizUtil.isBulkMode();
List<RangerPolicy.RangerPolicyItemCondition> rangerPolicyConditions = policy.getConditions();
if (CollectionUtils.isNotEmpty(rangerPolicyConditions)) {
for (RangerPolicy.RangerPolicyItemCondition condition : rangerPolicyConditions) {
conditionTypes.add(condition.getType());
}
}
for (List<? extends RangerPolicyItem> policyItems : getAllPolicyItems(policy)) {
if (CollectionUtils.isEmpty(policyItems)) {
continue;
}
for (RangerPolicyItem policyItem : policyItems) {
roleNames.addAll(policyItem.getRoles());
groupNames.addAll(policyItem.getGroups());
userNames.addAll(policyItem.getUsers());
if (CollectionUtils.isNotEmpty(policyItem.getAccesses())) {
for (RangerPolicyItemAccess access : policyItem.getAccesses()) {
accessTypes.add(access.getType());
}
}
if (CollectionUtils.isNotEmpty(policyItem.getConditions())) {
for (RangerPolicyItemCondition condition : policyItem.getConditions()) {
conditionTypes.add(condition.getType());
}
}
if (policyItem instanceof RangerDataMaskPolicyItem) {
RangerPolicyItemDataMaskInfo dataMaskInfo = ((RangerDataMaskPolicyItem) policyItem).getDataMaskInfo();
dataMaskTypes.add(dataMaskInfo.getDataMaskType());
}
}
}
List<XXPolicyRefResource> xPolResources = new ArrayList<>();
for (String resource : resourceNames) {
XXResourceDef xResDef = daoMgr.getXXResourceDef().findByNameAndPolicyId(resource, policy.getId());
if (xResDef == null) {
throw new Exception(resource + ": is not a valid resource-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyRefResource xPolRes = rangerAuditFields.populateAuditFields(new XXPolicyRefResource(), xPolicy);
xPolRes.setPolicyId(policy.getId());
xPolRes.setResourceDefId(xResDef.getId());
xPolRes.setResourceName(resource);
xPolResources.add(xPolRes);
}
daoMgr.getXXPolicyRefResource().batchCreate(xPolResources);
final boolean isAdmin = rangerBizUtil.checkAdminAccess();
List<XXPolicyRefRole> xPolRoles = new ArrayList<>();
for (String role : roleNames) {
if (StringUtils.isBlank(role)) {
continue;
}
PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.ROLE, role, xPolicy);
if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
VXResponse gjResponse = new VXResponse();
gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
gjResponse.setMsgDesc("Operation denied. Role name: " + role + " specified in policy does not exist in ranger admin.");
throw restErrorUtil.generateRESTException(gjResponse);
}
}
}
RangerBizUtil.setBulkMode(oldBulkMode);
daoMgr.getXXPolicyRefRole().batchCreate(xPolRoles);
for (String group : groupNames) {
if (StringUtils.isBlank(group)) {
continue;
}
PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.GROUP, group, xPolicy);
if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
VXResponse gjResponse = new VXResponse();
gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
gjResponse.setMsgDesc("Operation denied. Group name: " + group + " specified in policy does not exist in ranger admin.");
throw restErrorUtil.generateRESTException(gjResponse);
}
}
}
for (String user : userNames) {
if (StringUtils.isBlank(user)) {
continue;
}
PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.USER, user, xPolicy);
if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
VXResponse gjResponse = new VXResponse();
gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
gjResponse.setMsgDesc("Operation denied. User name: " + user + " specified in policy does not exist in ranger admin.");
throw restErrorUtil.generateRESTException(gjResponse);
}
}
}
List<XXPolicyRefAccessType> xPolAccesses = new ArrayList<>();
for (String accessType : accessTypes) {
XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef().findByNameAndServiceId(accessType, xPolicy.getService());
if (xAccTypeDef == null) {
throw new Exception(accessType + ": is not a valid access-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyRefAccessType xPolAccess = rangerAuditFields.populateAuditFields(new XXPolicyRefAccessType(), xPolicy);
xPolAccess.setPolicyId(policy.getId());
xPolAccess.setAccessDefId(xAccTypeDef.getId());
xPolAccess.setAccessTypeName(accessType);
xPolAccesses.add(xPolAccess);
}
daoMgr.getXXPolicyRefAccessType().batchCreate(xPolAccesses);
List<XXPolicyRefCondition> xPolConds = new ArrayList<>();
for (String condition : conditionTypes) {
XXPolicyConditionDef xPolCondDef = daoMgr.getXXPolicyConditionDef().findByServiceDefIdAndName(xServiceDef.getId(), condition);
if (xPolCondDef == null) {
throw new Exception(condition + ": is not a valid condition-type. policy='" + xPolicy.getName() + "' service='" + xPolicy.getService() + "'");
}
XXPolicyRefCondition xPolCond = rangerAuditFields.populateAuditFields(new XXPolicyRefCondition(), xPolicy);
xPolCond.setPolicyId(policy.getId());
xPolCond.setConditionDefId(xPolCondDef.getId());
xPolCond.setConditionName(condition);
xPolConds.add(xPolCond);
}
daoMgr.getXXPolicyRefCondition().batchCreate(xPolConds);
List<XXPolicyRefDataMaskType> xxDataMaskInfos = new ArrayList<>();
for (String dataMaskType : dataMaskTypes) {
XXDataMaskTypeDef dataMaskDef = daoMgr.getXXDataMaskTypeDef().findByNameAndServiceId(dataMaskType, xPolicy.getService());
if (dataMaskDef == null) {
throw new Exception(dataMaskType + ": is not a valid datamask-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyRefDataMaskType xxDataMaskInfo = new XXPolicyRefDataMaskType();
xxDataMaskInfo.setPolicyId(policy.getId());
xxDataMaskInfo.setDataMaskDefId(dataMaskDef.getId());
xxDataMaskInfo.setDataMaskTypeName(dataMaskType);
xxDataMaskInfos.add(xxDataMaskInfo);
}
daoMgr.getXXPolicyRefDataMaskType().batchCreate(xxDataMaskInfos);
}
Also used :
ArrayList(java.util.ArrayList)
XXPolicyRefRole(org.apache.ranger.entity.XXPolicyRefRole)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
XXPolicyRefCondition(org.apache.ranger.entity.XXPolicyRefCondition)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
RangerPolicyItemDataMaskInfo(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo)
HashSet(java.util.HashSet)
VXResponse(org.apache.ranger.view.VXResponse)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
XXPolicyRefAccessType(org.apache.ranger.entity.XXPolicyRefAccessType)
XXPolicyRefDataMaskType(org.apache.ranger.entity.XXPolicyRefDataMaskType)
XXPolicyRefResource(org.apache.ranger.entity.XXPolicyRefResource)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)
Aggregations
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)85
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)65
RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)56
ArrayList (java.util.ArrayList)52
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)35
HashMap (java.util.HashMap)34
Test (org.junit.Test)24
RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)21
VXString (org.apache.ranger.view.VXString)17
Date (java.util.Date)15
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)14
RangerService (org.apache.ranger.plugin.model.RangerService)11
LinkedHashMap (java.util.LinkedHashMap)8
ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)8
RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)7
XXServiceDef (org.apache.ranger.entity.XXServiceDef)6
IOException (java.io.IOException)5
List (java.util.List)5
XXService (org.apache.ranger.entity.XXService)5
RangerRowFilterPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)5
