Example 41 with RangerPolicy
use of org.apache.ranger.plugin.model.RangerPolicy in project ranger by apache.
the class RangerPolicyService method processFieldToCreateTrxLog.
private XXTrxLog processFieldToCreateTrxLog(Field field, String objectName, Field nameField, RangerPolicy vObj, XXPolicy mObj, int action) {
String actionString = "";
field.setAccessible(true);
String fieldName = field.getName();
XXTrxLog xTrxLog = new XXTrxLog();
try {
VTrxLogAttr vTrxLogAttr = trxLogAttrs.get(fieldName);
xTrxLog.setAttributeName(vTrxLogAttr.getAttribUserFriendlyName());
String value = null;
boolean isEnum = vTrxLogAttr.isEnum();
if (isEnum) {
} else if (POLICY_RESOURCE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyResourcesForTrxLog(field.get(vObj));
} else if (POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyItemsForTrxLog(field.get(vObj));
} else if (DENYPOLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyItemsForTrxLog(field.get(vObj));
} else if (POLICY_NAME_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyNameForTrxLog(field.get(vObj));
} else if (ALLOW_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyItemsForTrxLog(field.get(vObj));
} else if (DENY_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyItemsForTrxLog(field.get(vObj));
} else if (DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processDataMaskPolicyItemsForTrxLog(field.get(vObj));
if (vObj.getDataMaskPolicyItems() != null && CollectionUtils.isNotEmpty(vObj.getDataMaskPolicyItems())) {
for (RangerDataMaskPolicyItem policyItem : vObj.getDataMaskPolicyItems()) {
if (policyItem.getDataMaskInfo() != null && policyItem.getDataMaskInfo().getDataMaskType() != null) {
List<XXDataMaskTypeDef> xDataMaskDef = daoMgr.getXXDataMaskTypeDef().getAll();
if (CollectionUtils.isNotEmpty(xDataMaskDef) && xDataMaskDef != null) {
for (XXDataMaskTypeDef xxDataMaskTypeDef : xDataMaskDef) {
if (xxDataMaskTypeDef.getName().equalsIgnoreCase(policyItem.getDataMaskInfo().getDataMaskType())) {
String label = xxDataMaskTypeDef.getLabel();
StringBuilder sbValue = new StringBuilder(value);
label = ",\"DataMasklabel\":\"" + label + "\"";
int sbValueIndex = sbValue.lastIndexOf("}]");
sbValue.insert(sbValueIndex, label);
value = sbValue.toString();
break;
}
}
}
}
}
}
} else if (ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processRowFilterPolicyItemForTrxLog(field.get(vObj));
} else if (IS_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = String.valueOf(processIsEnabledClassFieldNameForTrxLog(field.get(vObj)));
} else if (POLICY_LABELS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPolicyLabelsClassFieldNameForTrxLog(field.get(vObj));
} else if (POLICY_VALIDITYSCHEDULES_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processValiditySchedulesClassFieldNameForTrxLog(field.get(vObj));
} else if (POLICY_PRIORITY_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
value = processPriorityClassFieldNameForTrxLog(field.get(vObj));
} else {
value = "" + field.get(vObj);
}
if (action == OPERATION_CREATE_CONTEXT) {
if (stringUtil.isEmpty(value)) {
return null;
}
xTrxLog.setNewValue(value);
actionString = actionCreate;
} else if (action == OPERATION_DELETE_CONTEXT) {
xTrxLog.setPreviousValue(value);
actionString = actionDelete;
} else if (action == OPERATION_UPDATE_CONTEXT) {
actionString = actionUpdate;
String oldValue = null;
Field[] mFields = mObj.getClass().getDeclaredFields();
for (Field mField : mFields) {
mField.setAccessible(true);
String mFieldName = mField.getName();
if (fieldName.equalsIgnoreCase(mFieldName)) {
if (isEnum) {
} else {
oldValue = mField.get(mObj) + "";
}
break;
}
}
RangerPolicy oldPolicy = populateViewBean(mObj);
if (POLICY_RESOURCE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyResourcesForTrxLog(oldPolicy.getResources());
}
} else if (POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyItemsForTrxLog(oldPolicy.getPolicyItems());
}
} else if (DENYPOLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyItemsForTrxLog(oldPolicy.getDenyPolicyItems());
}
} else if (POLICY_NAME_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyNameForTrxLog(oldPolicy.getName());
}
} else if (POLICY_DESCRIPTION_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyNameForTrxLog(oldPolicy.getDescription());
}
} else if (ALLOW_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyItemsForTrxLog(oldPolicy.getAllowExceptions());
}
} else if (DENY_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyItemsForTrxLog(oldPolicy.getDenyExceptions());
}
} else if (DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processDataMaskPolicyItemsForTrxLog(oldPolicy.getDataMaskPolicyItems());
if (oldPolicy.getDataMaskPolicyItems() != null && CollectionUtils.isNotEmpty(oldPolicy.getDataMaskPolicyItems())) {
for (RangerDataMaskPolicyItem oldPolicyItem : oldPolicy.getDataMaskPolicyItems()) {
if (oldPolicyItem.getDataMaskInfo() != null && oldPolicyItem.getDataMaskInfo().getDataMaskType() != null) {
List<XXDataMaskTypeDef> xDataMaskDef = daoMgr.getXXDataMaskTypeDef().getAll();
if (CollectionUtils.isNotEmpty(xDataMaskDef) && xDataMaskDef != null) {
for (XXDataMaskTypeDef xxDataMaskTypeDef : xDataMaskDef) {
if (xxDataMaskTypeDef.getName().equalsIgnoreCase(oldPolicyItem.getDataMaskInfo().getDataMaskType())) {
String oldLabel = xxDataMaskTypeDef.getLabel();
StringBuilder sbOldValue = new StringBuilder(oldValue);
oldLabel = ",\"DataMasklabel\":\"" + oldLabel + "\"";
int sbValueIndex = sbOldValue.lastIndexOf("}]");
sbOldValue.insert(sbValueIndex, oldLabel);
oldValue = sbOldValue.toString();
break;
}
}
}
}
}
}
}
} else if (ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processRowFilterPolicyItemForTrxLog(oldPolicy.getRowFilterPolicyItems());
}
} else if (IS_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = String.valueOf(processIsEnabledClassFieldNameForTrxLog(oldPolicy.getIsEnabled()));
}
} else if (POLICY_LABELS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
oldValue = processPolicyLabelsClassFieldNameForTrxLog(oldPolicy.getPolicyLabels());
} else if (POLICY_VALIDITYSCHEDULES_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
oldValue = processValiditySchedulesClassFieldNameForTrxLog(oldPolicy.getValiditySchedules());
} else if (POLICY_PRIORITY_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
oldValue = processPriorityClassFieldNameForTrxLog(oldPolicy.getPolicyPriority());
}
if (oldValue == null || oldValue.equalsIgnoreCase(value)) {
return null;
} else if (POLICY_RESOURCE_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// Compare old and new resources
if (compareTwoPolicyResources(value, oldValue)) {
return null;
}
} else if (POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// Compare old and new policyItems
if (compareTwoPolicyItemList(value, oldValue)) {
return null;
}
} else if (POLICY_NAME_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new policyName
if (compareTwoPolicyName(value, oldValue)) {
return null;
}
} else if (DENYPOLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new denyPolicyItem
if (compareTwoPolicyItemList(value, oldValue)) {
return null;
}
} else if (ALLOW_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new allowExceptions
if (compareTwoPolicyItemList(value, oldValue)) {
return null;
}
} else if (DENY_EXCEPTIONS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new denyExceptions
if (compareTwoPolicyItemList(value, oldValue)) {
return null;
}
} else if (POLICY_DESCRIPTION_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new Description
if (org.apache.commons.lang.StringUtils.equals(value, oldValue)) {
return null;
}
} else if (DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new dataMaskPolicyItems
if (compareTwoDataMaskingPolicyItemList(value, oldValue)) {
return null;
}
} else if (ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
// compare old and new rowFilterPolicyItems
if (compareTwoRowFilterPolicyItemList(value, oldValue)) {
return null;
}
} else if (IS_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyNameForTrxLog(String.valueOf(oldPolicy.getIsEnabled()));
}
} else if (IS_AUDIT_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (oldPolicy != null) {
oldValue = processPolicyNameForTrxLog(String.valueOf(oldPolicy.getIsAuditEnabled()));
}
} else if (IS_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (compareTwoPolicyName(value, oldValue)) {
return null;
}
} else if (IS_AUDIT_ENABLED_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (compareTwoPolicyName(value, oldValue)) {
return null;
}
} else if (POLICY_LABELS_CLASS_FIELD_NAME.equalsIgnoreCase(fieldName)) {
if (compareTwoPolicyLabelList(value, oldValue)) {
return null;
}
}
xTrxLog.setPreviousValue(oldValue);
xTrxLog.setNewValue(value);
}
} catch (IllegalArgumentException | IllegalAccessException e) {
logger.error("Process field to create trx log failure.", e);
}
xTrxLog.setAction(actionString);
xTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_POLICY);
xTrxLog.setObjectId(vObj.getId());
xTrxLog.setObjectName(objectName);
XXService parentObj = daoMgr.getXXService().findByName(vObj.getService());
xTrxLog.setParentObjectClassType(AppConstants.CLASS_TYPE_XA_SERVICE);
xTrxLog.setParentObjectId(parentObj.getId());
xTrxLog.setParentObjectName(parentObj.getName());
return xTrxLog;
}
Also used :
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
VTrxLogAttr(org.apache.ranger.common.view.VTrxLogAttr)
Field(java.lang.reflect.Field)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
ArrayList(java.util.ArrayList)
List(java.util.List)
XXService(org.apache.ranger.entity.XXService)
Example 42 with RangerPolicy
use of org.apache.ranger.plugin.model.RangerPolicy in project ranger by apache.
the class RangerPolicyWithAssignedIdService method populateViewBean.
@Override
protected RangerPolicy populateViewBean(XXPolicyWithAssignedId xPolicy) {
RangerPolicyRetriever retriever = new RangerPolicyRetriever(daoMgr);
RangerPolicy vPolicy = retriever.getPolicy(xPolicy.getId());
return vPolicy;
}
Also used :
RangerPolicyRetriever(org.apache.ranger.biz.RangerPolicyRetriever)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
Example 43 with RangerPolicy
use of org.apache.ranger.plugin.model.RangerPolicy in project ranger by apache.
the class RangerServiceHdfs method getDefaultRangerPolicies.
@Override
public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceHdfs.getDefaultRangerPolicies() ");
}
List<RangerPolicy> ret = super.getDefaultRangerPolicies();
String pathResourceName = RangerHdfsAuthorizer.KEY_RESOURCE_PATH;
for (RangerPolicy defaultPolicy : ret) {
RangerPolicy.RangerPolicyResource pathPolicyResource = defaultPolicy.getResources().get(pathResourceName);
if (pathPolicyResource != null) {
List<RangerServiceDef.RangerResourceDef> resourceDefs = serviceDef.getResources();
RangerServiceDef.RangerResourceDef pathResourceDef = null;
for (RangerServiceDef.RangerResourceDef resourceDef : resourceDefs) {
if (resourceDef.getName().equals(pathResourceName)) {
pathResourceDef = resourceDef;
break;
}
}
if (pathResourceDef != null) {
String pathSeparator = pathResourceDef.getMatcherOptions().get(RangerPathResourceMatcher.OPTION_PATH_SEPARATOR);
if (StringUtils.isBlank(pathSeparator)) {
pathSeparator = Character.toString(RangerPathResourceMatcher.DEFAULT_PATH_SEPARATOR_CHAR);
}
String value = pathSeparator + RangerAbstractResourceMatcher.WILDCARD_ASTERISK;
pathPolicyResource.setValue(value);
} else {
LOG.warn("No resourceDef found in HDFS service-definition for '" + pathResourceName + "'");
}
} else {
LOG.warn("No '" + pathResourceName + "' found in default policy");
}
}
try {
// we need to create one policy for keyadmin user for audit to HDFS
RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef);
for (List<RangerServiceDef.RangerResourceDef> aHierarchy : serviceDefHelper.getResourceHierarchies(RangerPolicy.POLICY_TYPE_ACCESS)) {
RangerPolicy policy = getPolicyForKMSAudit(aHierarchy);
if (policy != null) {
ret.add(policy);
}
}
} catch (Exception e) {
LOG.error("Error creating policy for keyadmin for audit to HDFS : " + service.getName(), e);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceHdfs.getDefaultRangerPolicies() : " + ret);
}
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
HadoopException(org.apache.ranger.plugin.client.HadoopException)
Example 44 with RangerPolicy
use of org.apache.ranger.plugin.model.RangerPolicy in project ranger by apache.
the class PatchMigration_J10002 method migratePoliciesToNewSchema.
public void migratePoliciesToNewSchema() throws Exception {
logger.info("==> MigrationPatch.migratePoliciesToNewSchema()");
try {
List<XXResource> resList = daoMgr.getXXResource().getAll();
if (resList.isEmpty()) {
return;
}
svcDBStore.setPopulateExistingBaseFields(true);
for (XXResource xRes : resList) {
if (xRes.getResourceStatus() == AppConstants.STATUS_DELETED) {
continue;
}
XXAsset xAsset = daoMgr.getXXAsset().getById(xRes.getAssetId());
if (xAsset == null) {
logger.error("No Repository found for policyName: " + xRes.getPolicyName());
continue;
}
RangerService service = svcDBStore.getServiceByName(xAsset.getName());
if (service == null) {
logger.error("No Service found for policy. Ignoring migration of such policy, policyName: " + xRes.getPolicyName());
continue;
}
XXPolicy existing = daoMgr.getXXPolicy().findByNameAndServiceId(xRes.getPolicyName(), service.getId());
if (existing != null) {
logger.info("Policy already exists. Ignoring migration of policy: " + existing.getName());
continue;
}
RangerPolicy policy = new RangerPolicy();
policy = mapXResourceToPolicy(policy, xRes, service);
if (policy != null) {
policy = svcDBStore.createPolicy(policy);
policyCounter++;
logger.info("New policy created. policyName: " + policy.getName());
}
}
svcDBStore.setPopulateExistingBaseFields(false);
} catch (Exception e) {
throw new Exception("Error while migrating data to new Plugin Schema.", e);
}
logger.info("<== MigrationPatch.migratePoliciesToNewSchema()");
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXResource(org.apache.ranger.entity.XXResource)
XXAsset(org.apache.ranger.entity.XXAsset)
RangerService(org.apache.ranger.plugin.model.RangerService)
XXPolicy(org.apache.ranger.entity.XXPolicy)
Example 45 with RangerPolicy
use of org.apache.ranger.plugin.model.RangerPolicy in project ranger by apache.
the class AssetREST method searchXResources.
@GET
@Path("/resources")
@Produces({ "application/xml", "application/json" })
public VXResourceList searchXResources(@Context HttpServletRequest request) {
if (logger.isDebugEnabled()) {
logger.debug("==> AssetREST.searchXResources()");
}
VXResourceList ret = new VXResourceList();
SearchFilter filter = searchUtil.getSearchFilterFromLegacyRequest(request, xResourceService.sortFields);
List<RangerPolicy> policies = serviceREST.getPolicies(filter);
if (policies != null) {
List<VXResource> resources = new ArrayList<VXResource>();
for (RangerPolicy policy : policies) {
RangerService service = serviceREST.getServiceByName(policy.getService());
VXResource resource = serviceUtil.toVXResource(policy, service);
if (resource != null) {
resources.add(resource);
}
}
ret.setVXResources(resources);
}
if (logger.isDebugEnabled()) {
logger.debug("<== AssetREST.searchXResources(): count=" + ret.getResultSize());
}
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
ArrayList(java.util.ArrayList)
SearchFilter(org.apache.ranger.plugin.util.SearchFilter)
RangerService(org.apache.ranger.plugin.model.RangerService)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Aggregations
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)196
ArrayList (java.util.ArrayList)78
Test (org.junit.Test)73
RangerService (org.apache.ranger.plugin.model.RangerService)52
VXString (org.apache.ranger.view.VXString)48
HashMap (java.util.HashMap)38
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)36
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)33
SearchFilter (org.apache.ranger.plugin.util.SearchFilter)30
WebApplicationException (javax.ws.rs.WebApplicationException)29
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)27
RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)26
Path (javax.ws.rs.Path)23
Produces (javax.ws.rs.Produces)22
RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)20
Date (java.util.Date)19
IOException (java.io.IOException)18
XXService (org.apache.ranger.entity.XXService)18
ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)16
RangerPolicyList (org.apache.ranger.view.RangerPolicyList)15
