Examples with RangerPolicyItem org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem used on opensource projects

Search in sources :

Example 11 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class RangerServiceKMS method getDefaultRangerPolicies.

@Override
public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerServiceKMS.getDefaultRangerPolicies() ");
    }
    List<RangerPolicy> ret = super.getDefaultRangerPolicies();
    String adminPrincipal = getConfig().get(ADMIN_USER_PRINCIPAL);
    String adminKeytab = getConfig().get(ADMIN_USER_KEYTAB);
    String authType = getConfig().get(RANGER_AUTH_TYPE, "simple");
    String adminUser = getLookupUser(authType, adminPrincipal, adminKeytab);
    // Add default policies for HDFS, HIVE, HABSE & OM users.
    List<RangerServiceDef.RangerAccessTypeDef> hdfsAccessTypeDefs = new ArrayList<RangerServiceDef.RangerAccessTypeDef>();
    List<RangerServiceDef.RangerAccessTypeDef> omAccessTypeDefs = new ArrayList<RangerServiceDef.RangerAccessTypeDef>();
    List<RangerServiceDef.RangerAccessTypeDef> hiveAccessTypeDefs = new ArrayList<RangerServiceDef.RangerAccessTypeDef>();
    List<RangerServiceDef.RangerAccessTypeDef> hbaseAccessTypeDefs = new ArrayList<RangerServiceDef.RangerAccessTypeDef>();
    for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : serviceDef.getAccessTypes()) {
        if (accessTypeDef.getName().equalsIgnoreCase(ACCESS_TYPE_GET_METADATA)) {
            hdfsAccessTypeDefs.add(accessTypeDef);
            omAccessTypeDefs.add(accessTypeDef);
            hiveAccessTypeDefs.add(accessTypeDef);
        } else if (accessTypeDef.getName().equalsIgnoreCase(ACCESS_TYPE_GENERATE_EEK)) {
            hdfsAccessTypeDefs.add(accessTypeDef);
            omAccessTypeDefs.add(accessTypeDef);
        } else if (accessTypeDef.getName().equalsIgnoreCase(ACCESS_TYPE_DECRYPT_EEK)) {
            hiveAccessTypeDefs.add(accessTypeDef);
            hbaseAccessTypeDefs.add(accessTypeDef);
        }
    }
    for (RangerPolicy defaultPolicy : ret) {
        if (defaultPolicy.getName().contains("all") && StringUtils.isNotBlank(lookUpUser)) {
            RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
            policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
            policyItemForLookupUser.setAccesses(Collections.singletonList(new RangerPolicyItemAccess(ACCESS_TYPE_GET)));
            policyItemForLookupUser.setDelegateAdmin(false);
            defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
        }
        List<RangerPolicy.RangerPolicyItem> policyItems = defaultPolicy.getPolicyItems();
        for (RangerPolicy.RangerPolicyItem item : policyItems) {
            List<String> users = item.getUsers();
            if (StringUtils.isNotBlank(adminUser)) {
                users.add(adminUser);
            }
            item.setUsers(users);
        }
        String hdfsUser = getConfig().get("ranger.kms.service.user.hdfs", "hdfs");
        if (hdfsUser != null && !hdfsUser.isEmpty()) {
            LOG.info("Creating default KMS policy item for " + hdfsUser);
            List<String> users = new ArrayList<String>();
            users.add(hdfsUser);
            RangerPolicy.RangerPolicyItem policyItem = createDefaultPolicyItem(hdfsAccessTypeDefs, users);
            policyItems.add(policyItem);
        }
        final String omUser = getConfig().get("ranger.kms.service.user.om", "om");
        if (StringUtils.isNotEmpty(omUser)) {
            LOG.info("Creating default KMS policy item for " + omUser);
            List<String> users = new ArrayList<String>();
            users.add(omUser);
            RangerPolicy.RangerPolicyItem policyItem = createDefaultPolicyItem(omAccessTypeDefs, users);
            policyItems.add(policyItem);
        }
        String hiveUser = getConfig().get("ranger.kms.service.user.hive", "hive");
        if (hiveUser != null && !hiveUser.isEmpty()) {
            LOG.info("Creating default KMS policy item for " + hiveUser);
            List<String> users = new ArrayList<String>();
            users.add(hiveUser);
            RangerPolicy.RangerPolicyItem policyItem = createDefaultPolicyItem(hiveAccessTypeDefs, users);
            policyItems.add(policyItem);
        }
        String hbaseUser = getConfig().get("ranger.kms.service.user.hbase", "hbase");
        if (hbaseUser != null && !hbaseUser.isEmpty()) {
            LOG.info("Creating default KMS policy item for " + hbaseUser);
            List<String> users = new ArrayList<String>();
            users.add(hbaseUser);
            RangerPolicy.RangerPolicyItem policyItem = createDefaultPolicyItem(hbaseAccessTypeDefs, users);
            policyItems.add(policyItem);
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerServiceKMS.getDefaultRangerPolicies() : " + ret);
    }
    return ret;
}
Also used : ArrayList(java.util.ArrayList) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)

Example 12 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class PatchForMigratingOldRegimePolicyJson_J10046 method buildLists.

private void buildLists(List<? extends RangerPolicyItem> policyItems, Set<String> accesses, Set<String> conditions, Set<String> users, Set<String> groups) {
    for (RangerPolicyItem item : policyItems) {
        for (RangerPolicyItemAccess policyAccess : item.getAccesses()) {
            accesses.add(policyAccess.getType());
        }
        for (RangerPolicyItemCondition policyCondition : item.getConditions()) {
            conditions.add(policyCondition.getType());
        }
        users.addAll(item.getUsers());
        groups.addAll(item.getGroups());
    }
}
Also used : RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) RangerPolicyItemCondition(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)

Example 13 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034 method createDefaultRangerPolicy.

private RangerPolicy createDefaultRangerPolicy(Long xServiceDefId, XXService xxService, String policyName, List<String> accessTypesLableOrBusinessMetadata, List<String> accessTypesReadEntity, List<String> resources) throws Exception {
    RangerPolicy rangerPolicy = getRangerPolicyObject(xxService.getName(), policyName);
    RangerPolicyItem rangerPolicyItemLabelOrBusinessMetadata = new RangerPolicyItem();
    List<RangerPolicyItemAccess> accessesLabelOrBusinessMetadata = getRangerPolicyItemAccessList(accessTypesLableOrBusinessMetadata, xxService, rangerPolicy.getName());
    rangerPolicyItemLabelOrBusinessMetadata.setDelegateAdmin(Boolean.TRUE);
    rangerPolicyItemLabelOrBusinessMetadata.setAccesses(accessesLabelOrBusinessMetadata);
    List<String> usersOfPolicyItem1 = getDefaultPolicyUsers(xxService);
    rangerPolicyItemLabelOrBusinessMetadata.setUsers(usersOfPolicyItem1);
    RangerPolicyItem rangerPolicyItemReadEntity = new RangerPolicyItem();
    List<RangerPolicyItemAccess> accessesReadEntity = getRangerPolicyItemAccessList(accessTypesReadEntity, xxService, rangerPolicy.getName());
    rangerPolicyItemReadEntity.setDelegateAdmin(Boolean.FALSE);
    rangerPolicyItemReadEntity.setAccesses(accessesReadEntity);
    List<String> usersOfPolicyItem2 = new ArrayList<String>();
    usersOfPolicyItem2.add("rangertagsync");
    List<String> groups = Arrays.asList(GROUP_PUBLIC);
    rangerPolicyItemReadEntity.setGroups(groups);
    rangerPolicyItemReadEntity.setUsers(usersOfPolicyItem2);
    List<RangerPolicyItem> rangerPolicyItems = new ArrayList<RangerPolicyItem>();
    rangerPolicyItems.add(rangerPolicyItemLabelOrBusinessMetadata);
    rangerPolicyItems.add(rangerPolicyItemReadEntity);
    rangerPolicy.setPolicyItems(rangerPolicyItems);
    Map<String, RangerPolicyResource> xPolResMap = getRangerPolicyResourceMap(resources, xServiceDefId, xxService.getName(), rangerPolicy.getName());
    rangerPolicy.setResources(xPolResMap);
    logger.info("Creating policy for service id : " + xxService.getId());
    RangerPolicy createdRangerPolicy = svcDBStore.createPolicy(rangerPolicy);
    if (createdRangerPolicy != null) {
        logger.info("Policy created : " + createdRangerPolicy.getName());
    }
    return createdRangerPolicy;
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) ArrayList(java.util.ArrayList) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)

Example 14 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class PatchAtlasForClassificationResource_J10047 method checkAndFilterNonClassificationAccessTypeFromPolicy.

private boolean checkAndFilterNonClassificationAccessTypeFromPolicy(List<RangerPolicyItem> policyItems) {
    ListIterator<RangerPolicyItem> policyItemListIterator = policyItems.listIterator();
    boolean isClassificationAccessTypeExist = false;
    while (policyItemListIterator.hasNext()) {
        RangerPolicyItem policyItem = policyItemListIterator.next();
        ListIterator<RangerPolicyItemAccess> itemAccessListIterator = policyItem.getAccesses().listIterator();
        boolean accessPresent = false;
        while (itemAccessListIterator.hasNext()) {
            RangerPolicyItemAccess access = itemAccessListIterator.next();
            if (!ATLAS_ACCESS_TYPES.contains(access.getType())) {
                itemAccessListIterator.remove();
            } else {
                accessPresent = true;
                isClassificationAccessTypeExist = true;
            }
        }
        if (!accessPresent) {
            policyItemListIterator.remove();
        }
    }
    return isClassificationAccessTypeExist;
}
Also used : RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)

Example 15 with RangerPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.

the class PatchAtlasForClassificationResource_J10047 method createAdditionalPolicyWithClassificationForExistingEntityClassificationPolicy.

private void createAdditionalPolicyWithClassificationForExistingEntityClassificationPolicy() throws Exception {
    XXServiceDef xXServiceDefObj = daoMgr.getXXServiceDef().findByName(EMBEDDED_SERVICEDEF_ATLAS_NAME);
    if (xXServiceDefObj == null) {
        logger.debug("ServiceDef not found with name :" + EMBEDDED_SERVICEDEF_ATLAS_NAME);
        return;
    }
    Long xServiceDefId = xXServiceDefObj.getId();
    List<XXService> xxServices = daoMgr.getXXService().findByServiceDefId(xServiceDefId);
    for (XXService xxService : xxServices) {
        List<RangerPolicy> servicePolicies = svcStore.getServicePolicies(xxService.getId(), new SearchFilter());
        for (RangerPolicy policy : servicePolicies) {
            if (!isEntityResource(policy.getResources())) {
                continue;
            }
            List<RangerPolicyItem> policyItems = policy.getPolicyItems();
            List<RangerPolicyItem> denypolicyItems = policy.getDenyPolicyItems();
            boolean policyItemCheck = checkAndFilterNonClassificationAccessTypeFromPolicy(policyItems);
            boolean denyPolicyItemCheck = checkAndFilterNonClassificationAccessTypeFromPolicy(denypolicyItems);
            if (policyItemCheck || denyPolicyItemCheck) {
                policy.setName(policy.getName() + " - " + CLASSIFICATION);
                Map<String, RangerPolicyResource> xPolResMap = policy.getResources();
                RangerPolicyResource resource = xPolResMap.get(ENTITY_CLASSIFICATION);
                xPolResMap.put(CLASSIFICATION, resource);
                policy.setResources(xPolResMap);
                policy.setVersion(1L);
                policy.setGuid(null);
                policy.setId(null);
                policy.setCreateTime(new Date());
                policy.setUpdateTime(new Date());
                svcStore.createPolicy(policy);
                logger.info("New Additional policy created");
            }
        }
    }
    logger.info("<== createAdditionalPolicyWithClassificationForExistingPolicy");
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource) SearchFilter(org.apache.ranger.plugin.util.SearchFilter) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) Date(java.util.Date) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXService(org.apache.ranger.entity.XXService)

Aggregations

RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)85 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)65 RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)56 ArrayList (java.util.ArrayList)52 RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)35 HashMap (java.util.HashMap)34 Test (org.junit.Test)24 RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)21 VXString (org.apache.ranger.view.VXString)17 Date (java.util.Date)15 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)14 RangerService (org.apache.ranger.plugin.model.RangerService)11 LinkedHashMap (java.util.LinkedHashMap)8 ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)8 RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)7 XXServiceDef (org.apache.ranger.entity.XXServiceDef)6 IOException (java.io.IOException)5 List (java.util.List)5 XXService (org.apache.ranger.entity.XXService)5 RangerRowFilterPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial