Example 31 with RangerRole
use of org.apache.ranger.plugin.model.RangerRole in project ranger by apache.
the class RoleDBStore method deleteRole.
@Override
public void deleteRole(Long roleId) throws Exception {
RangerRole role = roleService.read(roleId);
ensureRoleDeleteAllowed(role.getName());
Runnable roleVersionUpdater = new RoleVersionUpdater(daoMgr);
transactionSynchronizationAdapter.executeOnTransactionCommit(roleVersionUpdater);
roleRefUpdater.cleanupRefTables(role);
// delete role from audit filter configs
svcStore.updateServiceAuditConfig(role.getName(), REMOVE_REF_TYPE.ROLE);
roleService.delete(role);
List<XXTrxLog> trxLogList = roleService.getTransactionLog(role, null, "delete");
bizUtil.createTrxLog(trxLogList);
}
Also used :
RangerRole(org.apache.ranger.plugin.model.RangerRole)
Example 32 with RangerRole
use of org.apache.ranger.plugin.model.RangerRole in project ranger by apache.
the class RoleDBStore method deleteRole.
@Override
public void deleteRole(String roleName) throws Exception {
XXRole xxRole = daoMgr.getXXRole().findByRoleName(roleName);
if (xxRole == null) {
throw restErrorUtil.createRESTException("Role with name: " + roleName + " does not exist");
}
ensureRoleDeleteAllowed(roleName);
Runnable roleVersionUpdater = new RoleVersionUpdater(daoMgr);
transactionSynchronizationAdapter.executeOnTransactionCommit(roleVersionUpdater);
RangerRole role = roleService.read(xxRole.getId());
roleRefUpdater.cleanupRefTables(role);
// delete role from audit filter configs
svcStore.updateServiceAuditConfig(role.getName(), REMOVE_REF_TYPE.ROLE);
roleService.delete(role);
List<XXTrxLog> trxLogList = roleService.getTransactionLog(role, null, "delete");
bizUtil.createTrxLog(trxLogList);
}
Also used :
RangerRole(org.apache.ranger.plugin.model.RangerRole)
Example 33 with RangerRole
use of org.apache.ranger.plugin.model.RangerRole in project ranger by apache.
the class RoleDBStore method getRolesForUser.
public RangerRoleList getRolesForUser(SearchFilter filter, RangerRoleList rangerRoleList) throws Exception {
List<RangerRole> roles = new ArrayList<RangerRole>();
List<XXRole> xxRoles = null;
UserSessionBase userSession = ContextUtil.getCurrentUserSession();
if (userSession != null && userSession.getUserRoleList().size() == 1 && userSession.getUserRoleList().contains(RangerConstants.ROLE_USER) && userSession.getLoginId() != null) {
VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession.getLoginId());
xxRoles = daoMgr.getXXRole().findByUserId(loggedInVXUser.getId());
if (CollectionUtils.isNotEmpty(xxRoles)) {
for (XXRole xxRole : xxRoles) {
roles.add(roleService.read(xxRole.getId()));
}
}
if (predicateUtil != null && filter != null && !filter.isEmpty()) {
List<RangerRole> copy = new ArrayList<>(roles);
predicateUtil.applyFilter(copy, filter);
roles = copy;
}
int totalCount = roles.size();
int startIndex = filter.getStartIndex();
int pageSize = filter.getMaxRows();
int toIndex = Math.min(startIndex + pageSize, totalCount);
if (CollectionUtils.isNotEmpty(roles)) {
roles = roles.subList(startIndex, toIndex);
rangerRoleList.setResultSize(roles.size());
rangerRoleList.setPageSize(filter.getMaxRows());
rangerRoleList.setSortBy(filter.getSortBy());
rangerRoleList.setSortType(filter.getSortType());
rangerRoleList.setStartIndex(filter.getStartIndex());
rangerRoleList.setTotalCount(totalCount);
}
} else {
xxRoles = (List<XXRole>) roleService.searchResources(filter, roleService.searchFields, roleService.sortFields, rangerRoleList);
if (CollectionUtils.isNotEmpty(xxRoles)) {
for (XXRole xxRole : xxRoles) {
roles.add(roleService.read(xxRole.getId()));
}
}
}
rangerRoleList.setRoleList(roles);
return rangerRoleList;
}
Also used :
RangerRole(org.apache.ranger.plugin.model.RangerRole)
ArrayList(java.util.ArrayList)
VXUser(org.apache.ranger.view.VXUser)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Example 34 with RangerRole
use of org.apache.ranger.plugin.model.RangerRole in project ranger by apache.
the class RoleDBStore method createRole.
@Override
public RangerRole createRole(RangerRole role, Boolean createNonExistUserGroup) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RoleDBStore.createRole()");
}
XXRole xxRole = daoMgr.getXXRole().findByRoleName(role.getName());
if (xxRole != null) {
throw restErrorUtil.createRESTException("role with name: " + role.getName() + " already exists", MessageEnums.ERROR_DUPLICATE_OBJECT);
}
Runnable roleVersionUpdater = new RoleVersionUpdater(daoMgr);
transactionSynchronizationAdapter.executeOnTransactionCommit(roleVersionUpdater);
roleService.create(role);
RangerRole createdRole = getRole(role.getName());
if (createdRole == null) {
throw new Exception("Cannot create role:[" + role + "]");
}
roleRefUpdater.createNewRoleMappingForRefTable(createdRole, createNonExistUserGroup);
List<XXTrxLog> trxLogList = roleService.getTransactionLog(createdRole, null, "create");
bizUtil.createTrxLog(trxLogList);
return createdRole;
}
Also used :
RangerRole(org.apache.ranger.plugin.model.RangerRole)
Example 35 with RangerRole
use of org.apache.ranger.plugin.model.RangerRole in project ranger by apache.
the class RangerRoleService method mapEntityToViewBean.
@Override
protected RangerRole mapEntityToViewBean(RangerRole rangerRole, XXRole xxRole) {
RangerRole ret = super.mapEntityToViewBean(rangerRole, xxRole);
if (StringUtils.isNotEmpty(xxRole.getRoleText())) {
if (logger.isDebugEnabled()) {
logger.debug("roleText=" + xxRole.getRoleText());
}
RangerRole roleFromJsonData = gsonBuilder.fromJson(xxRole.getRoleText(), RangerRole.class);
if (roleFromJsonData == null) {
logger.info("Cannot read jsonData into RangerRole object in [" + xxRole.getRoleText() + "]!!");
} else {
if (logger.isDebugEnabled()) {
logger.debug("Role object built from JSON :[" + roleFromJsonData + "]");
}
ret.setOptions(roleFromJsonData.getOptions());
ret.setUsers(roleFromJsonData.getUsers());
ret.setGroups(roleFromJsonData.getGroups());
ret.setRoles(roleFromJsonData.getRoles());
ret.setCreatedByUser(roleFromJsonData.getCreatedByUser());
}
} else {
logger.info("Empty string representing jsonData in [" + xxRole + "]!!");
}
return ret;
}
Also used :
RangerRole(org.apache.ranger.plugin.model.RangerRole)
Aggregations
RangerRole (org.apache.ranger.plugin.model.RangerRole)37
Predicate (org.apache.commons.collections.Predicate)7
ArrayList (java.util.ArrayList)6
HashSet (java.util.HashSet)5
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)5
IOException (java.io.IOException)4
SemanticException (org.apache.hadoop.hive.ql.parse.SemanticException)4
HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)4
HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)4
RESTResponse (org.apache.ranger.admin.client.datatype.RESTResponse)4
RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)4
RangerRoles (org.apache.ranger.plugin.util.RangerRoles)4
UserSessionBase (org.apache.ranger.common.UserSessionBase)3
Gson (com.google.gson.Gson)2
GsonBuilder (com.google.gson.GsonBuilder)2
ClientResponse (com.sun.jersey.api.client.ClientResponse)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
PrivilegedAction (java.security.PrivilegedAction)2
HashMap (java.util.HashMap)2
Map (java.util.Map)2
