Example 26 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class ServiceDBStore method writeCSV.
private StringBuilder writeCSV(List<RangerPolicy> policies, String cSVFileName, HttpServletResponse response) {
response.setContentType("text/csv");
final String LINE_SEPARATOR = "\n";
final String FILE_HEADER = "ID|Name|Resources|Roles|Groups|Users|Accesses|Service Type|Status|Policy Type|Delegate Admin|isRecursive|" + "isExcludes|Service Name|Description|isAuditEnabled|Policy Conditions|Policy Condition Type|Masking Options|Row Filter Expr|Policy Label Name";
StringBuilder csvBuffer = new StringBuilder();
csvBuffer.append(FILE_HEADER);
csvBuffer.append(LINE_SEPARATOR);
if (!CollectionUtils.isEmpty(policies)) {
for (RangerPolicy policy : policies) {
List<RangerPolicyItem> policyItems = policy.getPolicyItems();
List<RangerRowFilterPolicyItem> rowFilterPolicyItems = policy.getRowFilterPolicyItems();
List<RangerDataMaskPolicyItem> dataMaskPolicyItems = policy.getDataMaskPolicyItems();
List<RangerPolicyItem> allowExceptions = policy.getAllowExceptions();
List<RangerPolicyItem> denyExceptions = policy.getDenyExceptions();
List<RangerPolicyItem> denyPolicyItems = policy.getDenyPolicyItems();
XXService xxservice = daoMgr.getXXService().findByName(policy.getService());
String serviceType = "";
if (xxservice != null) {
Long ServiceId = xxservice.getType();
XXServiceDef xxservDef = daoMgr.getXXServiceDef().getById(ServiceId);
if (xxservDef != null) {
serviceType = xxservDef.getName();
}
}
if (CollectionUtils.isNotEmpty(policyItems)) {
for (RangerPolicyItem policyItem : policyItems) {
writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_INCLUDE);
}
} else if (CollectionUtils.isNotEmpty(dataMaskPolicyItems)) {
for (RangerDataMaskPolicyItem dataMaskPolicyItem : dataMaskPolicyItems) {
writeCSVForPolicyItems(policy, null, dataMaskPolicyItem, null, csvBuffer, null);
}
} else if (CollectionUtils.isNotEmpty(rowFilterPolicyItems)) {
for (RangerRowFilterPolicyItem rowFilterPolicyItem : rowFilterPolicyItems) {
writeCSVForPolicyItems(policy, null, null, rowFilterPolicyItem, csvBuffer, null);
}
} else if (serviceType.equalsIgnoreCase(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
if (CollectionUtils.isEmpty(policyItems)) {
RangerPolicyItem policyItem = new RangerPolicyItem();
writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_INCLUDE);
}
} else if (CollectionUtils.isEmpty(policyItems)) {
RangerPolicyItem policyItem = new RangerPolicyItem();
writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_INCLUDE);
}
if (CollectionUtils.isNotEmpty(allowExceptions)) {
for (RangerPolicyItem policyItem : allowExceptions) {
writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_EXCLUDE);
}
}
if (CollectionUtils.isNotEmpty(denyExceptions)) {
for (RangerPolicyItem policyItem : denyExceptions) {
writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_DENY_EXCLUDE);
}
}
if (CollectionUtils.isNotEmpty(denyPolicyItems)) {
for (RangerPolicyItem policyItem : denyPolicyItems) {
writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_DENY_INCLUDE);
}
}
}
}
response.setHeader("Content-Disposition", "attachment; filename=" + cSVFileName);
response.setStatus(HttpServletResponse.SC_OK);
return csvBuffer;
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)
VXString(org.apache.ranger.view.VXString)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
XXService(org.apache.ranger.entity.XXService)
Example 27 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class ServiceDBStore method populateDefaultPolicies.
List<RangerPolicy> populateDefaultPolicies(RangerService service) throws Exception {
List<RangerPolicy> ret = null;
RangerBaseService svc = serviceMgr.getRangerServiceByService(service, this);
if (svc != null) {
List<String> serviceCheckUsers = getServiceCheckUsers(service);
List<String> users = new ArrayList<String>();
/*Need to create ambari service check user before initiating policy creation. */
if (serviceCheckUsers != null) {
for (String userName : serviceCheckUsers) {
if (!StringUtils.isEmpty(userName)) {
VXUser vXUser = null;
XXUser xxUser = daoMgr.getXXUser().findByUserName(userName);
if (xxUser != null) {
vXUser = xUserService.populateViewBean(xxUser);
} else {
vXUser = xUserMgr.createServiceConfigUser(userName);
LOG.info("Creating Ambari Service Check User : " + vXUser.getName());
}
if (vXUser != null) {
users.add(vXUser.getName());
}
}
}
}
List<RangerPolicy> defaultPolicies = svc.getDefaultRangerPolicies();
if (CollectionUtils.isNotEmpty(defaultPolicies)) {
createDefaultPolicyUsersAndGroups(defaultPolicies);
for (RangerPolicy defaultPolicy : defaultPolicies) {
if (CollectionUtils.isNotEmpty(users) && StringUtils.equalsIgnoreCase(defaultPolicy.getService(), service.getName())) {
RangerPolicyItem defaultAllowPolicyItem = CollectionUtils.isNotEmpty(defaultPolicy.getPolicyItems()) ? defaultPolicy.getPolicyItems().get(0) : null;
if (defaultAllowPolicyItem == null) {
LOG.error("There is no allow-policy-item in the default-policy:[" + defaultPolicy + "]");
} else {
RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
policyItem.setUsers(users);
policyItem.setAccesses(defaultAllowPolicyItem.getAccesses());
policyItem.setDelegateAdmin(true);
defaultPolicy.getPolicyItems().add(policyItem);
}
}
boolean isPolicyItemValid = validatePolicyItems(defaultPolicy.getPolicyItems()) && validatePolicyItems(defaultPolicy.getDenyPolicyItems()) && validatePolicyItems(defaultPolicy.getAllowExceptions()) && validatePolicyItems(defaultPolicy.getDenyExceptions()) && validatePolicyItems(defaultPolicy.getDataMaskPolicyItems()) && validatePolicyItems(defaultPolicy.getRowFilterPolicyItems());
if (isPolicyItemValid) {
if (ret == null) {
ret = new ArrayList<>();
}
ret.add(defaultPolicy);
} else {
LOG.warn("Default policy won't be created,since policyItems not valid-either users/groups not present or access not present in policy.");
}
}
}
}
return ret;
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerBaseService(org.apache.ranger.plugin.service.RangerBaseService)
ArrayList(java.util.ArrayList)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
VXString(org.apache.ranger.view.VXString)
VXUser(org.apache.ranger.view.VXUser)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
Example 28 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class ServiceDBStore method getMetricOfTypeDenyConditions.
private String getMetricOfTypeDenyConditions(final SearchCriteria searchCriteria) {
String ret = null;
try {
SearchFilter policyFilter1 = new SearchFilter();
policyFilter1.setMaxRows(200);
policyFilter1.setStartIndex(0);
policyFilter1.setGetCount(true);
policyFilter1.setSortBy("serviceId");
policyFilter1.setSortType("asc");
policyFilter1.setParam("denyCondition", "true");
int denyCount = 0;
Map<String, Integer> denyconditionsonMap = new HashMap<String, Integer>();
PList<RangerServiceDef> paginatedSvcDefs = getPaginatedServiceDefs(policyFilter1);
if (paginatedSvcDefs != null) {
List<RangerServiceDef> rangerServiceDefs = paginatedSvcDefs.getList();
if (rangerServiceDefs != null && !rangerServiceDefs.isEmpty()) {
for (RangerServiceDef rangerServiceDef : rangerServiceDefs) {
if (rangerServiceDef != null) {
String serviceDef = rangerServiceDef.getName();
if (!StringUtils.isEmpty(serviceDef)) {
policyFilter1.setParam("serviceType", serviceDef);
PList<RangerPolicy> policiesList = getPaginatedPolicies(policyFilter1);
if (policiesList != null && policiesList.getListSize() > 0) {
int policyListCount = policiesList.getListSize();
if (policyListCount > 0 && policiesList.getList() != null) {
List<RangerPolicy> policies = policiesList.getList();
for (RangerPolicy policy : policies) {
if (policy != null) {
List<RangerPolicyItem> policyItem = policy.getDenyPolicyItems();
if (policyItem != null && !policyItem.isEmpty()) {
if (denyconditionsonMap.get(serviceDef) != null) {
denyCount = denyconditionsonMap.get(serviceDef) + denyCount + policyItem.size();
} else {
denyCount = denyCount + policyItem.size();
}
}
List<RangerPolicyItem> policyItemExclude = policy.getDenyExceptions();
if (policyItemExclude != null && !policyItemExclude.isEmpty()) {
if (denyconditionsonMap.get(serviceDef) != null) {
denyCount = denyconditionsonMap.get(serviceDef) + denyCount + policyItemExclude.size();
} else {
denyCount = denyCount + policyItemExclude.size();
}
}
}
}
}
}
policyFilter1.removeParam("serviceType");
}
denyconditionsonMap.put(serviceDef, denyCount);
denyCount = 0;
}
}
}
}
Gson gson = new GsonBuilder().create();
String jsonContextDenyCondtionOn = gson.toJson(denyconditionsonMap);
ret = jsonContextDenyCondtionOn;
} catch (Exception e) {
LOG.error("ServiceDBStore.getMetricByType(denyconditions): Error calculating Metric for denyconditions : " + e.getMessage());
}
return ret;
}
Also used :
LinkedHashMap(java.util.LinkedHashMap)
HashMap(java.util.HashMap)
GsonBuilder(com.google.gson.GsonBuilder)
Gson(com.google.gson.Gson)
SearchFilter(org.apache.ranger.plugin.util.SearchFilter)
VXString(org.apache.ranger.view.VXString)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
JSONException(org.codehaus.jettison.json.JSONException)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
Example 29 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class XUserMgr method deleteXGroup.
public void deleteXGroup(Long id, boolean force) {
checkAdminAccess();
blockIfZoneGroup(id);
this.blockIfRoleGroup(id);
xaBizUtil.blockAuditorRoleUser();
XXGroupDao xXGroupDao = daoManager.getXXGroup();
XXGroup xXGroup = xXGroupDao.getById(id);
VXGroup vXGroup = xGroupService.populateViewBean(xXGroup);
if (vXGroup == null || StringUtils.isEmpty(vXGroup.getName())) {
throw restErrorUtil.createRESTException("Group ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA);
}
if (logger.isDebugEnabled()) {
logger.info("Force delete status=" + force + " for group=" + vXGroup.getName());
}
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("xGroupId", id);
VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("groupId", id);
VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("groupId", id);
VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
XXGroupPermissionDao xXGroupPermissionDao = daoManager.getXXGroupPermission();
List<XXGroupPermission> xXGroupPermissions = xXGroupPermissionDao.findByGroupId(id);
XXGroupGroupDao xXGroupGroupDao = daoManager.getXXGroupGroup();
List<XXGroupGroup> xXGroupGroups = xXGroupGroupDao.findByGroupId(id);
XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
List<XXPolicy> xXPolicyList = xXPolicyDao.findByGroupId(id);
logger.warn("Deleting GROUP : " + vXGroup.getName());
if (force) {
// delete XXGroupUser records of matching group
XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
XXUserDao xXUserDao = daoManager.getXXUser();
XXUser xXUser = null;
for (VXGroupUser groupUser : vxGroupUserList.getList()) {
if (groupUser != null) {
xXUser = xXUserDao.getById(groupUser.getUserId());
if (xXUser != null) {
logger.warn("Removing user '" + xXUser.getName() + "' from group '" + groupUser.getName() + "'");
}
xGroupUserDao.remove(groupUser.getId());
}
}
// delete XXPermMap records of matching group
XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
XXResourceDao xXResourceDao = daoManager.getXXResource();
XXResource xXResource = null;
for (VXPermMap vXPermMap : vXPermMapList.getList()) {
if (vXPermMap != null) {
xXResource = xXResourceDao.getById(vXPermMap.getResourceId());
if (xXResource != null) {
logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for group '" + vXPermMap.getGroupName() + "'");
}
xXPermMapDao.remove(vXPermMap.getId());
}
}
// delete XXAuditMap records of matching group
XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
if (vXAuditMap != null) {
xXResource = xXResourceDao.getById(vXAuditMap.getResourceId());
xXAuditMapDao.remove(vXAuditMap.getId());
}
}
// delete XXGroupGroupDao records of group-group mapping
for (XXGroupGroup xXGroupGroup : xXGroupGroups) {
if (xXGroupGroup != null) {
XXGroup xXGroupParent = xXGroupDao.getById(xXGroupGroup.getParentGroupId());
XXGroup xXGroupChild = xXGroupDao.getById(xXGroupGroup.getGroupId());
if (xXGroupParent != null && xXGroupChild != null) {
logger.warn("Removing group '" + xXGroupChild.getName() + "' from group '" + xXGroupParent.getName() + "'");
}
xXGroupGroupDao.remove(xXGroupGroup.getId());
}
}
// delete XXPolicyItemGroupPerm records of group
for (XXPolicy xXPolicy : xXPolicyList) {
RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
removeUserGroupReferences(policyItems, null, vXGroup.getName());
rangerPolicy.setPolicyItems(policyItems);
List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
removeUserGroupReferences(denyPolicyItems, null, vXGroup.getName());
rangerPolicy.setDenyPolicyItems(denyPolicyItems);
List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
removeUserGroupReferences(allowExceptions, null, vXGroup.getName());
rangerPolicy.setAllowExceptions(allowExceptions);
List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
removeUserGroupReferences(denyExceptions, null, vXGroup.getName());
rangerPolicy.setDenyExceptions(denyExceptions);
List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
removeUserGroupReferences(dataMaskItems, null, vXGroup.getName());
rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
removeUserGroupReferences(rowFilterItems, null, vXGroup.getName());
rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
try {
svcStore.updatePolicy(rangerPolicy);
} catch (Throwable excp) {
logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
restErrorUtil.createRESTException(excp.getMessage());
}
}
if (CollectionUtils.isNotEmpty(xXGroupPermissions)) {
for (XXGroupPermission xXGroupPermission : xXGroupPermissions) {
if (xXGroupPermission != null) {
XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXGroupPermission.getModuleId());
if (xXModuleDef != null) {
logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for group '" + xXGroup.getName() + "'");
}
xXGroupPermissionDao.remove(xXGroupPermission.getId());
}
}
}
// delete group from audit filter configs
svcStore.updateServiceAuditConfig(vXGroup.getName(), REMOVE_REF_TYPE.GROUP);
// delete XXGroup
xXGroupDao.remove(id);
// Create XXTrxLog
List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
} else {
boolean hasReferences = false;
if (vxGroupUserList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && CollectionUtils.isNotEmpty(xXPolicyList)) {
hasReferences = true;
}
if (hasReferences == false && vXPermMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && vXAuditMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupGroups)) {
hasReferences = true;
}
if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupPermissions)) {
hasReferences = true;
}
if (hasReferences) {
// change visibility to Hidden
if (vXGroup.getIsVisible() == RangerCommonEnums.IS_VISIBLE) {
vXGroup.setIsVisible(RangerCommonEnums.IS_HIDDEN);
xGroupService.updateResource(vXGroup);
}
} else {
// delete XXGroup
xXGroupDao.remove(id);
// Create XXTrxLog
List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
}
}
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXGroupPermissionDao(org.apache.ranger.db.XXGroupPermissionDao)
XXUserDao(org.apache.ranger.db.XXUserDao)
XXPolicy(org.apache.ranger.entity.XXPolicy)
XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXModuleDef(org.apache.ranger.entity.XXModuleDef)
XXPermMapDao(org.apache.ranger.db.XXPermMapDao)
XXGroupGroupDao(org.apache.ranger.db.XXGroupGroupDao)
XXResourceDao(org.apache.ranger.db.XXResourceDao)
XXGroupPermission(org.apache.ranger.entity.XXGroupPermission)
XXResource(org.apache.ranger.entity.XXResource)
XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao)
RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
XXGroup(org.apache.ranger.entity.XXGroup)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
XXPolicyDao(org.apache.ranger.db.XXPolicyDao)
XXGroupDao(org.apache.ranger.db.XXGroupDao)
XXGroupGroup(org.apache.ranger.entity.XXGroupGroup)
Example 30 with RangerPolicyItem
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem in project ranger by apache.
the class XUserMgr method deleteXUser.
public synchronized void deleteXUser(Long id, boolean force) {
checkAdminAccess();
xaBizUtil.blockAuditorRoleUser();
XXUserDao xXUserDao = daoManager.getXXUser();
XXUser xXUser = xXUserDao.getById(id);
VXUser vXUser = xUserService.populateViewBean(xXUser);
if (vXUser == null || StringUtils.isEmpty(vXUser.getName())) {
throw restErrorUtil.createRESTException("No user found with id=" + id);
}
XXPortalUserDao xXPortalUserDao = daoManager.getXXPortalUser();
XXPortalUser xXPortalUser = xXPortalUserDao.findByLoginId(vXUser.getName().trim());
VXPortalUser vXPortalUser = null;
if (xXPortalUser != null) {
vXPortalUser = xPortalUserService.populateViewBean(xXPortalUser);
}
if (vXPortalUser == null || StringUtils.isEmpty(vXPortalUser.getLoginId())) {
throw restErrorUtil.createRESTException("No user found with id=" + id);
}
if (logger.isDebugEnabled()) {
logger.debug("Force delete status=" + force + " for user=" + vXUser.getName());
}
restrictSelfAccountDeletion(vXUser.getName().trim());
blockIfZoneUser(id);
this.blockIfRoleUser(id);
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("xUserId", id);
VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("userId", id);
VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("userId", id);
VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
long xXPortalUserId = 0;
xXPortalUserId = vXPortalUser.getId();
XXAuthSessionDao xXAuthSessionDao = daoManager.getXXAuthSession();
XXUserPermissionDao xXUserPermissionDao = daoManager.getXXUserPermission();
XXPortalUserRoleDao xXPortalUserRoleDao = daoManager.getXXPortalUserRole();
List<XXAuthSession> xXAuthSessions = xXAuthSessionDao.getAuthSessionByUserId(xXPortalUserId);
List<XXUserPermission> xXUserPermissions = xXUserPermissionDao.findByUserPermissionId(xXPortalUserId);
List<XXPortalUserRole> xXPortalUserRoles = xXPortalUserRoleDao.findByUserId(xXPortalUserId);
XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
List<XXPolicy> xXPolicyList = xXPolicyDao.findByUserId(id);
logger.warn("Deleting User : " + vXUser.getName());
if (force) {
// delete XXGroupUser mapping
XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
for (VXGroupUser groupUser : vxGroupUserList.getList()) {
if (groupUser != null) {
logger.warn("Removing user '" + vXUser.getName() + "' from group '" + groupUser.getName() + "'");
xGroupUserDao.remove(groupUser.getId());
}
}
// delete XXPermMap records of user
XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
for (VXPermMap vXPermMap : vXPermMapList.getList()) {
if (vXPermMap != null) {
logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for user '" + vXPermMap.getUserName() + "'");
xXPermMapDao.remove(vXPermMap.getId());
}
}
// delete XXAuditMap records of user
XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
if (vXAuditMap != null) {
xXAuditMapDao.remove(vXAuditMap.getId());
}
}
// delete XXPortalUser references
if (vXPortalUser != null) {
xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
if (xXAuthSessions != null && xXAuthSessions.size() > 0) {
logger.warn("Deleting " + xXAuthSessions.size() + " login session records for user '" + vXPortalUser.getLoginId() + "'");
}
for (XXAuthSession xXAuthSession : xXAuthSessions) {
xXAuthSessionDao.remove(xXAuthSession.getId());
}
for (XXUserPermission xXUserPermission : xXUserPermissions) {
if (xXUserPermission != null) {
XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXUserPermission.getModuleId());
if (xXModuleDef != null) {
logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for user '" + vXPortalUser.getLoginId() + "'");
}
xXUserPermissionDao.remove(xXUserPermission.getId());
}
}
for (XXPortalUserRole xXPortalUserRole : xXPortalUserRoles) {
if (xXPortalUserRole != null) {
logger.warn("Deleting '" + xXPortalUserRole.getUserRole() + "' role for user '" + vXPortalUser.getLoginId() + "'");
xXPortalUserRoleDao.remove(xXPortalUserRole.getId());
}
}
}
// delete XXPolicyItemUserPerm records of user
for (XXPolicy xXPolicy : xXPolicyList) {
RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
removeUserGroupReferences(policyItems, vXUser.getName(), null);
rangerPolicy.setPolicyItems(policyItems);
List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
removeUserGroupReferences(denyPolicyItems, vXUser.getName(), null);
rangerPolicy.setDenyPolicyItems(denyPolicyItems);
List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
removeUserGroupReferences(allowExceptions, vXUser.getName(), null);
rangerPolicy.setAllowExceptions(allowExceptions);
List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
removeUserGroupReferences(denyExceptions, vXUser.getName(), null);
rangerPolicy.setDenyExceptions(denyExceptions);
List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
removeUserGroupReferences(dataMaskItems, vXUser.getName(), null);
rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
removeUserGroupReferences(rowFilterItems, vXUser.getName(), null);
rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
try {
svcStore.updatePolicy(rangerPolicy);
} catch (Throwable excp) {
logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
}
}
// delete user from audit filter configs
svcStore.updateServiceAuditConfig(vXUser.getName(), REMOVE_REF_TYPE.USER);
// delete XXUser entry of user
xXUserDao.remove(id);
// delete XXPortal entry of user
logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
xXPortalUserDao.remove(xXPortalUserId);
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
if (xXPortalUser != null) {
trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
}
} else {
boolean hasReferences = false;
if (vxGroupUserList != null && vxGroupUserList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXPolicyList != null && xXPolicyList.size() > 0) {
hasReferences = true;
}
if (hasReferences == false && vXPermMapList != null && vXPermMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && vXAuditMapList != null && vXAuditMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXAuthSessions != null && xXAuthSessions.size() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXUserPermissions != null && xXUserPermissions.size() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXPortalUserRoles != null && xXPortalUserRoles.size() > 0) {
hasReferences = true;
}
if (hasReferences) {
if (vXUser.getIsVisible() != RangerCommonEnums.IS_HIDDEN) {
logger.info("Updating visibility of user '" + vXUser.getName() + "' to Hidden!");
vXUser.setIsVisible(RangerCommonEnums.IS_HIDDEN);
xUserService.updateResource(vXUser);
}
} else {
xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
// delete XXUser entry of user
xXUserDao.remove(id);
// delete XXPortal entry of user
logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
xXPortalUserDao.remove(xXPortalUserId);
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
}
}
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXUserDao(org.apache.ranger.db.XXUserDao)
XXPolicy(org.apache.ranger.entity.XXPolicy)
XXAuthSessionDao(org.apache.ranger.db.XXAuthSessionDao)
XXPortalUserRoleDao(org.apache.ranger.db.XXPortalUserRoleDao)
XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao)
XXModuleDef(org.apache.ranger.entity.XXModuleDef)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXPermMapDao(org.apache.ranger.db.XXPermMapDao)
XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole)
XXUserPermissionDao(org.apache.ranger.db.XXUserPermissionDao)
XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao)
RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
XXAuthSession(org.apache.ranger.entity.XXAuthSession)
XXUserPermission(org.apache.ranger.entity.XXUserPermission)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
XXPortalUser(org.apache.ranger.entity.XXPortalUser)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
XXPortalUserDao(org.apache.ranger.db.XXPortalUserDao)
XXPolicyDao(org.apache.ranger.db.XXPolicyDao)
Aggregations
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)85
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)65
RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)56
ArrayList (java.util.ArrayList)52
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)35
HashMap (java.util.HashMap)34
Test (org.junit.Test)24
RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)21
VXString (org.apache.ranger.view.VXString)17
Date (java.util.Date)15
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)14
RangerService (org.apache.ranger.plugin.model.RangerService)11
LinkedHashMap (java.util.LinkedHashMap)8
ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)8
RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)7
XXServiceDef (org.apache.ranger.entity.XXServiceDef)6
IOException (java.io.IOException)5
List (java.util.List)5
XXService (org.apache.ranger.entity.XXService)5
RangerRowFilterPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)5
