Examples with RangerSecurityZoneService org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService used on opensource projects

Search in sources :

Example 6 with RangerSecurityZoneService

use of org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService in project ranger by apache.

the class RangerSecurityZoneValidatorTest method getRangerSecurityZone.

private RangerSecurityZone getRangerSecurityZone() {
    List<String> resourceList = new ArrayList<String>();
    resourceList.add("/path/myfolder");
    HashMap<String, List<String>> resourcesMap = new HashMap<String, List<String>>();
    resourcesMap.put("hdfs", resourceList);
    List<HashMap<String, List<String>>> resources = new ArrayList<HashMap<String, List<String>>>();
    resources.add(resourcesMap);
    List<String> adminUsers = new ArrayList<String>();
    adminUsers.add("adminUser1");
    List<String> adminGrpUsers = new ArrayList<String>();
    adminGrpUsers.add("adminGrpUser1");
    List<String> aduitUsers = new ArrayList<String>();
    aduitUsers.add("aduitUser1");
    List<String> aduitGrpUsers = new ArrayList<String>();
    aduitUsers.add("aduitGrpUser1");
    RangerSecurityZoneService rangerSecurityZoneService = new RangerSecurityZoneService();
    rangerSecurityZoneService.setResources(resources);
    Map<String, RangerSecurityZone.RangerSecurityZoneService> map = new HashMap<String, RangerSecurityZone.RangerSecurityZoneService>();
    map.put("hdfsSvc", rangerSecurityZoneService);
    RangerSecurityZone rangerSecurityZone = new RangerSecurityZone();
    rangerSecurityZone.setId(1L);
    rangerSecurityZone.setAdminUsers(adminUsers);
    rangerSecurityZone.setAuditUsers(aduitUsers);
    rangerSecurityZone.setAdminUserGroups(adminGrpUsers);
    rangerSecurityZone.setAuditUserGroups(aduitGrpUsers);
    rangerSecurityZone.setName("MyZone");
    rangerSecurityZone.setServices(map);
    rangerSecurityZone.setDescription("MyZone");
    return rangerSecurityZone;
}
Also used : RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) RangerSecurityZoneService(org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService) ArrayList(java.util.ArrayList) List(java.util.List)

Example 7 with RangerSecurityZoneService

use of org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService in project ranger by apache.

the class ServiceDBStore method disassociateZonesForService.

/**
 * Removes given service from security zones.
 * And if given service is the only service
 * associated with security zone, remove zone.
 * @param service
 * @throws Exception
 */
private void disassociateZonesForService(RangerService service) throws Exception {
    String serviceName = service.getName();
    List<String> zonesNameList = daoMgr.getXXSecurityZoneDao().findZonesByServiceName(serviceName);
    if (CollectionUtils.isNotEmpty(zonesNameList)) {
        for (String zoneName : zonesNameList) {
            RangerSecurityZone securityZone = securityZoneStore.getSecurityZoneByName(zoneName);
            Map<String, RangerSecurityZoneService> zoneServices = securityZone.getServices();
            if (zoneServices != null && !zoneServices.isEmpty()) {
                zoneServices.remove(serviceName);
                securityZone.setServices(zoneServices);
                securityZoneStore.updateSecurityZoneById(securityZone);
                if (zoneServices.isEmpty()) {
                    securityZoneStore.deleteSecurityZoneByName(zoneName);
                }
            }
        }
    }
}
Also used : RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone) RangerSecurityZoneService(org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService) VXString(org.apache.ranger.view.VXString)

Example 8 with RangerSecurityZoneService

use of org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService in project ranger by apache.

the class RangerSecurityZoneValidator method validateWithinSecurityZone.

private boolean validateWithinSecurityZone(RangerSecurityZone securityZone, Action action, List<ValidationFailureDetails> failures) {
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("==> RangerPolicyValidator.validateWithinSecurityZone(%s, %s, %s)", securityZone, action, failures));
    }
    boolean ret = true;
    // Validate each service for existence, not being tag-service and each resource-spec for validity
    if (MapUtils.isNotEmpty(securityZone.getServices())) {
        for (Map.Entry<String, RangerSecurityZone.RangerSecurityZoneService> serviceSpecification : securityZone.getServices().entrySet()) {
            String serviceName = serviceSpecification.getKey();
            RangerSecurityZone.RangerSecurityZoneService securityZoneService = serviceSpecification.getValue();
            ret = ret && validateSecurityZoneService(serviceName, securityZoneService, failures);
        }
    } else {
        ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_SERVICES;
        failures.add(new ValidationFailureDetailsBuilder().becauseOf("security zone services").isMissing().field("services").errorCode(error.getErrorCode()).becauseOf(error.getMessage(securityZone.getName())).build());
        ret = false;
    }
    // both admin users and user-groups collections can't be empty
    if (CollectionUtils.isEmpty(securityZone.getAdminUsers()) && CollectionUtils.isEmpty(securityZone.getAdminUserGroups())) {
        ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_USER_AND_GROUPS;
        failures.add(new ValidationFailureDetailsBuilder().field("security zone admin users/user-groups").isMissing().becauseOf(error.getMessage()).errorCode(error.getErrorCode()).build());
        ret = false;
    }
    // both audit users and user-groups collections can't be empty
    if (CollectionUtils.isEmpty(securityZone.getAuditUsers()) && CollectionUtils.isEmpty(securityZone.getAuditUserGroups())) {
        ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_USER_AND_GROUPS;
        failures.add(new ValidationFailureDetailsBuilder().field("security zone audit users/user-groups").isMissing().becauseOf(error.getMessage()).errorCode(error.getErrorCode()).build());
        ret = false;
    }
    if (securityZone.getServices() != null) {
        for (Map.Entry<String, RangerSecurityZoneService> serviceResourceMapEntry : securityZone.getServices().entrySet()) {
            if (serviceResourceMapEntry.getValue().getResources() != null) {
                for (Map<String, List<String>> resource : serviceResourceMapEntry.getValue().getResources()) {
                    if (resource != null) {
                        for (Map.Entry<String, List<String>> entry : resource.entrySet()) {
                            if (CollectionUtils.isEmpty(entry.getValue())) {
                                ValidationErrorCode error = ValidationErrorCode.SECURITY_ZONE_VALIDATION_ERR_MISSING_RESOURCES;
                                failures.add(new ValidationFailureDetailsBuilder().field("security zone resources").subField("resources").isMissing().becauseOf(error.getMessage(serviceResourceMapEntry.getKey())).errorCode(error.getErrorCode()).build());
                                ret = false;
                            }
                        }
                    }
                }
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("<== RangerPolicyValidator.validateWithinSecurityZone(%s, %s, %s) : %s", securityZone, action, failures, ret));
    }
    return ret;
}
Also used : RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone) RangerSecurityZoneService(org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService) RangerSecurityZoneService(org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)

Aggregations

RangerSecurityZoneService (org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService)8 RangerSecurityZone (org.apache.ranger.plugin.model.RangerSecurityZone)6 ArrayList (java.util.ArrayList)5 HashMap (java.util.HashMap)5 List (java.util.List)5 Map (java.util.Map)3 HashSet (java.util.HashSet)2 RangerService (org.apache.ranger.plugin.model.RangerService)2 RangerSecurityZoneList (org.apache.ranger.view.RangerSecurityZoneList)2 WebApplicationException (javax.ws.rs.WebApplicationException)1 XXGroup (org.apache.ranger.entity.XXGroup)1 XXResourceDef (org.apache.ranger.entity.XXResourceDef)1 XXSecurityZoneRefGroup (org.apache.ranger.entity.XXSecurityZoneRefGroup)1 XXSecurityZoneRefResource (org.apache.ranger.entity.XXSecurityZoneRefResource)1 XXSecurityZoneRefService (org.apache.ranger.entity.XXSecurityZoneRefService)1 XXSecurityZoneRefTagService (org.apache.ranger.entity.XXSecurityZoneRefTagService)1 XXSecurityZoneRefUser (org.apache.ranger.entity.XXSecurityZoneRefUser)1 XXService (org.apache.ranger.entity.XXService)1 XXServiceDef (org.apache.ranger.entity.XXServiceDef)1 XXUser (org.apache.ranger.entity.XXUser)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial