Example 21 with RangerPolicyResource
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project ranger by apache.
the class AbstractPredicateUtil method addPredicateForResources.
private Predicate addPredicateForResources(final Map<String, String> resources, List<Predicate> predicates) {
if (MapUtils.isEmpty(resources)) {
return null;
}
Predicate ret = new Predicate() {
@Override
public boolean evaluate(Object object) {
if (object == null) {
return false;
}
boolean ret = false;
if (object instanceof RangerPolicy) {
RangerPolicy policy = (RangerPolicy) object;
if (!MapUtils.isEmpty(policy.getResources())) {
int numFound = 0;
for (String name : resources.keySet()) {
boolean isMatch = false;
RangerPolicyResource policyResource = policy.getResources().get(name);
if (policyResource != null && !CollectionUtils.isEmpty(policyResource.getValues())) {
String val = resources.get(name);
if (policyResource.getValues().contains(val)) {
isMatch = true;
} else {
for (String policyResourceValue : policyResource.getValues()) {
if (FilenameUtils.wildcardMatch(val, policyResourceValue)) {
isMatch = true;
break;
}
}
}
}
if (isMatch) {
numFound++;
} else {
break;
}
}
ret = numFound == resources.size();
}
} else {
ret = true;
}
return ret;
}
};
if (predicates != null) {
predicates.add(ret);
}
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
RangerBaseModelObject(org.apache.ranger.plugin.model.RangerBaseModelObject)
Predicate(org.apache.commons.collections.Predicate)
Example 22 with RangerPolicyResource
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project ranger by apache.
the class RangerPolicyService method compareTwoPolicyResources.
private boolean compareTwoPolicyResources(String value, String oldValue) {
if (value == null && oldValue == null) {
return true;
}
if (value == "" && oldValue == "") {
return true;
}
if (stringUtil.isEmpty(value) || stringUtil.isEmpty(oldValue)) {
return false;
}
ObjectMapper mapper = new ObjectMapper();
try {
Map<String, RangerPolicyResource> obj = mapper.readValue(value, new TypeReference<Map<String, RangerPolicyResource>>() {
});
Map<String, RangerPolicyResource> oldObj = mapper.readValue(oldValue, new TypeReference<Map<String, RangerPolicyResource>>() {
});
if (obj.size() != oldObj.size()) {
return false;
}
for (Map.Entry<String, RangerPolicyResource> entry : obj.entrySet()) {
if (!entry.getValue().equals(oldObj.get(entry.getKey()))) {
return false;
}
}
return true;
} catch (JsonParseException e) {
throw restErrorUtil.createRESTException("Invalid input data: " + e.getMessage(), MessageEnums.INVALID_INPUT_DATA);
} catch (JsonMappingException e) {
throw restErrorUtil.createRESTException("Invalid input data: " + e.getMessage(), MessageEnums.INVALID_INPUT_DATA);
} catch (IOException e) {
throw restErrorUtil.createRESTException("Invalid input data: " + e.getMessage(), MessageEnums.INVALID_INPUT_DATA);
}
}
Also used :
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
JsonMappingException(org.codehaus.jackson.map.JsonMappingException)
IOException(java.io.IOException)
JsonParseException(org.codehaus.jackson.JsonParseException)
HashMap(java.util.HashMap)
Map(java.util.Map)
ObjectMapper(org.codehaus.jackson.map.ObjectMapper)
Example 23 with RangerPolicyResource
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project ranger by apache.
the class ServiceREST method deletePoliciesForResource.
private void deletePoliciesForResource(List<String> sourceServices, List<String> destinationServices, String resource, HttpServletRequest request, List<RangerPolicy> exportPolicies) {
int totalDeletedPilicies = 0;
if (CollectionUtils.isNotEmpty(sourceServices) && CollectionUtils.isNotEmpty(destinationServices)) {
Set<String> exportedPolicyNames = new HashSet<String>();
if (CollectionUtils.isNotEmpty(exportPolicies)) {
for (RangerPolicy rangerPolicy : exportPolicies) {
if (rangerPolicy != null) {
exportedPolicyNames.add(rangerPolicy.getName());
}
}
}
for (int i = 0; i < sourceServices.size(); i++) {
if (!destinationServices.get(i).isEmpty()) {
RangerPolicyList servicePolicies = null;
servicePolicies = getServicePoliciesByName(destinationServices.get(i), request);
if (servicePolicies != null) {
List<RangerPolicy> rangerPolicyList = servicePolicies.getPolicies();
if (CollectionUtils.isNotEmpty(rangerPolicyList)) {
for (RangerPolicy rangerPolicy : rangerPolicyList) {
if (rangerPolicy != null) {
Map<String, RangerPolicy.RangerPolicyResource> rangerPolicyResourceMap = rangerPolicy.getResources();
if (rangerPolicyResourceMap != null) {
RangerPolicy.RangerPolicyResource rangerPolicyResource = null;
if (rangerPolicyResourceMap.containsKey("path")) {
rangerPolicyResource = rangerPolicyResourceMap.get("path");
} else if (rangerPolicyResourceMap.containsKey("database")) {
rangerPolicyResource = rangerPolicyResourceMap.get("database");
}
if (rangerPolicyResource != null) {
if (CollectionUtils.isNotEmpty(rangerPolicyResource.getValues()) && rangerPolicyResource.getValues().size() > 1) {
continue;
}
}
}
if (rangerPolicy.getId() != null) {
if (!exportedPolicyNames.contains(rangerPolicy.getName())) {
deletePolicy(rangerPolicy.getId());
if (LOG.isDebugEnabled()) {
LOG.debug("Policy " + rangerPolicy.getName() + " deleted successfully.");
}
totalDeletedPilicies = totalDeletedPilicies + 1;
}
}
}
}
}
}
}
}
}
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
VXString(org.apache.ranger.view.VXString)
RangerPolicyList(org.apache.ranger.view.RangerPolicyList)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
HashSet(java.util.HashSet)
Example 24 with RangerPolicyResource
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project ranger by apache.
the class ServiceREST method grantAccess.
@POST
@Path("/services/grant/{serviceName}")
@Produces({ "application/json", "application/xml" })
public RESTResponse grantAccess(@PathParam("serviceName") String serviceName, GrantRevokeRequest grantRequest, @Context HttpServletRequest request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.grantAccess(" + serviceName + ", " + grantRequest + ")");
}
RESTResponse ret = new RESTResponse();
RangerPerfTracer perf = null;
if (grantRequest != null) {
if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) {
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.grantAccess(serviceName=" + serviceName + ")");
}
validateGrantRevokeRequest(grantRequest);
String userName = grantRequest.getGrantor();
Set<String> userGroups = CollectionUtils.isNotEmpty(grantRequest.getGrantorGroups()) ? grantRequest.getGrantorGroups() : userMgr.getGroupsForUser(userName);
RangerAccessResource resource = new RangerAccessResourceImpl(StringUtil.toStringObjectMap(grantRequest.getResource()));
VXUser vxUser = xUserService.getXUserByUserName(userName);
if (vxUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR) || vxUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Operation" + " denied. LoggedInUser=" + vxUser.getId() + " ,isn't permitted to perform the action.");
throw restErrorUtil.generateRESTException(vXResponse);
}
boolean isAdmin = hasAdminAccess(serviceName, userName, userGroups, resource);
if (!isAdmin) {
throw restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to grant access");
}
RangerPolicy policy = getExactMatchPolicyForResource(serviceName, resource, userName);
if (policy != null) {
boolean policyUpdated = false;
policyUpdated = ServiceRESTUtil.processGrantRequest(policy, grantRequest);
if (policyUpdated) {
svcStore.updatePolicy(policy);
} else {
LOG.error("processGrantRequest processing failed");
throw new Exception("processGrantRequest processing failed");
}
} else {
policy = new RangerPolicy();
policy.setService(serviceName);
// TODO: better policy name
policy.setName("grant-" + System.currentTimeMillis());
policy.setDescription("created by grant");
policy.setIsAuditEnabled(grantRequest.getEnableAudit());
policy.setCreatedBy(userName);
Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
Set<String> resourceNames = resource.getKeys();
if (!CollectionUtils.isEmpty(resourceNames)) {
for (String resourceName : resourceNames) {
RangerPolicyResource policyResource = new RangerPolicyResource((String) resource.getValue(resourceName));
policyResource.setIsRecursive(grantRequest.getIsRecursive());
policyResources.put(resourceName, policyResource);
}
}
policy.setResources(policyResources);
RangerPolicyItem policyItem = new RangerPolicyItem();
policyItem.setDelegateAdmin(grantRequest.getDelegateAdmin());
policyItem.getUsers().addAll(grantRequest.getUsers());
policyItem.getGroups().addAll(grantRequest.getGroups());
for (String accessType : grantRequest.getAccessTypes()) {
policyItem.getAccesses().add(new RangerPolicyItemAccess(accessType, Boolean.TRUE));
}
policy.getPolicyItems().add(policyItem);
svcStore.createPolicy(policy);
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("grantAccess(" + serviceName + ", " + grantRequest + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
ret.setStatusCode(RESTResponse.STATUS_SUCCESS);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.grantAccess(" + serviceName + ", " + grantRequest + "): " + ret);
}
return ret;
}
Also used :
VXResponse(org.apache.ranger.view.VXResponse)
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
LinkedHashMap(java.util.LinkedHashMap)
HashMap(java.util.HashMap)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
VXString(org.apache.ranger.view.VXString)
VXUser(org.apache.ranger.view.VXUser)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
JsonSyntaxException(com.google.gson.JsonSyntaxException)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
RangerAccessResource(org.apache.ranger.plugin.policyengine.RangerAccessResource)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Example 25 with RangerPolicyResource
use of org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource in project ranger by apache.
the class RangerPolicyFactory method createRangerPolicyResourceMap.
private static Map<String, RangerPolicyResource> createRangerPolicyResourceMap(boolean isAllowed) {
RangerPolicyResource db = new RangerPolicyResource(isAllowed ? pickFewRandomly(KNOWN_DATABASES) : RANDOM_VALUES, false, false);
RangerPolicyResource table = new RangerPolicyResource(isAllowed ? pickFewRandomly(KNOWN_TABLES) : RANDOM_VALUES, false, false);
RangerPolicyResource column = new RangerPolicyResource(isAllowed ? pickFewRandomly(KNOWN_COLUMNS) : RANDOM_VALUES, false, false);
return ImmutableMap.of("database", db, "table", table, "column", column);
}
Also used :
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
Aggregations
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)62
HashMap (java.util.HashMap)38
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)36
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)28
ArrayList (java.util.ArrayList)27
RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)25
Test (org.junit.Test)23
VXString (org.apache.ranger.view.VXString)17
Date (java.util.Date)12
RangerPolicyItemCondition (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition)11
RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)11
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)8
ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)8
XXServiceDef (org.apache.ranger.entity.XXServiceDef)7
RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)7
IOException (java.io.IOException)6
XXService (org.apache.ranger.entity.XXService)5
RangerService (org.apache.ranger.plugin.model.RangerService)5
RangerServiceResource (org.apache.ranger.plugin.model.RangerServiceResource)5
Map (java.util.Map)4
