Example 56 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class ServiceDBStore method createPolicy.
@Override
public RangerPolicy createPolicy(RangerPolicy policy) throws Exception {
RangerService service = getServiceByName(policy.getService());
if (service == null) {
throw new Exception("service does not exist - name=" + policy.getService());
}
XXServiceDef xServiceDef = daoMgr.getXXServiceDef().findByName(service.getType());
if (xServiceDef == null) {
throw new Exception("service-def does not exist - name=" + service.getType());
}
Long zoneId = RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID;
String zoneName = policy.getZoneName();
if (StringUtils.isNotEmpty(zoneName)) {
RangerSecurityZone zone = getSecurityZone(zoneName);
if (zone == null) {
throw new Exception("zone does not exist - name=" + zoneName);
} else {
zoneId = zone.getId();
}
}
XXPolicy existing = daoMgr.getXXPolicy().findByNameAndServiceIdAndZoneId(policy.getName(), service.getId(), zoneId);
if (existing != null) {
throw new Exception("policy already exists: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName() + ". ID=" + existing.getId());
}
List<String> policyLabels = policy.getPolicyLabels();
Set<String> uniquePolicyLabels = new TreeSet<>(policyLabels);
policy.setVersion(Long.valueOf(1));
updatePolicySignature(policy);
if (populateExistingBaseFields) {
assignedIdPolicyService.setPopulateExistingBaseFields(true);
daoMgr.getXXPolicy().setIdentityInsert(true);
policy = assignedIdPolicyService.create(policy, true);
daoMgr.getXXPolicy().setIdentityInsert(false);
daoMgr.getXXPolicy().updateSequence();
assignedIdPolicyService.setPopulateExistingBaseFields(false);
} else {
policy = policyService.create(policy, true);
}
XXPolicy xCreatedPolicy = daoMgr.getXXPolicy().getById(policy.getId());
policyRefUpdater.createNewPolMappingForRefTable(policy, xCreatedPolicy, xServiceDef);
createOrMapLabels(xCreatedPolicy, uniquePolicyLabels);
RangerPolicy createdPolicy = policyService.getPopulatedViewObject(xCreatedPolicy);
boolean updateServiceInfoRoleVersion = false;
if (isSupportsRolesDownloadByService()) {
updateServiceInfoRoleVersion = isRoleDownloadRequired(createdPolicy, service);
}
handlePolicyUpdate(service, RangerPolicyDelta.CHANGE_TYPE_POLICY_CREATE, createdPolicy, updateServiceInfoRoleVersion);
dataHistService.createObjectDataHistory(createdPolicy, RangerDataHistService.ACTION_CREATE);
List<XXTrxLog> trxLogList = getTransactionLogList(createdPolicy, RangerPolicyService.OPERATION_IMPORT_CREATE_CONTEXT, RangerPolicyService.OPERATION_CREATE_CONTEXT);
bizUtil.createTrxLog(trxLogList);
return createdPolicy;
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
VXString(org.apache.ranger.view.VXString)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
XXPolicy(org.apache.ranger.entity.XXPolicy)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
JSONException(org.codehaus.jettison.json.JSONException)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
TreeSet(java.util.TreeSet)
RangerService(org.apache.ranger.plugin.model.RangerService)
Example 57 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class ServiceDBStore method disassociateZonesForService.
/**
* Removes given service from security zones.
* And if given service is the only service
* associated with security zone, remove zone.
* @param service
* @throws Exception
*/
private void disassociateZonesForService(RangerService service) throws Exception {
String serviceName = service.getName();
List<String> zonesNameList = daoMgr.getXXSecurityZoneDao().findZonesByServiceName(serviceName);
if (CollectionUtils.isNotEmpty(zonesNameList)) {
for (String zoneName : zonesNameList) {
RangerSecurityZone securityZone = securityZoneStore.getSecurityZoneByName(zoneName);
Map<String, RangerSecurityZoneService> zoneServices = securityZone.getServices();
if (zoneServices != null && !zoneServices.isEmpty()) {
zoneServices.remove(serviceName);
securityZone.setServices(zoneServices);
securityZoneStore.updateSecurityZoneById(securityZone);
if (zoneServices.isEmpty()) {
securityZoneStore.deleteSecurityZoneByName(zoneName);
}
}
}
}
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
RangerSecurityZoneService(org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService)
VXString(org.apache.ranger.view.VXString)
Example 58 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class SecurityZoneDBStore method getSecurityZonesForService.
@Override
public Map<String, RangerSecurityZone.RangerSecurityZoneService> getSecurityZonesForService(String serviceName) {
Map<String, RangerSecurityZone.RangerSecurityZoneService> ret = null;
SearchFilter filter = new SearchFilter();
filter.setParam(SearchFilter.SERVICE_NAME, serviceName);
try {
List<RangerSecurityZone> matchingZones = getSecurityZones(filter);
if (CollectionUtils.isNotEmpty(matchingZones)) {
ret = new HashMap<>();
for (RangerSecurityZone matchingZone : matchingZones) {
ret.put(matchingZone.getName(), matchingZone.getServices().get(serviceName));
}
}
} catch (Exception excp) {
LOG.error("Failed to get security zones for service:[" + serviceName + "]", excp);
}
return ret;
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
SearchFilter(org.apache.ranger.plugin.util.SearchFilter)
Example 59 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class SecurityZoneDBStore method updateSecurityZoneById.
@Override
public RangerSecurityZone updateSecurityZoneById(RangerSecurityZone securityZone) throws Exception {
XXSecurityZone xxSecurityZone = daoMgr.getXXSecurityZoneDao().findByZoneId(securityZone.getId());
if (xxSecurityZone == null) {
throw restErrorUtil.createRESTException("security-zone with id: " + securityZone.getId() + " does not exist");
}
Gson gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").create();
RangerSecurityZone oldSecurityZone = gsonBuilder.fromJson(xxSecurityZone.getJsonData(), RangerSecurityZone.class);
daoMgr.getXXGlobalState().onGlobalStateChange(RANGER_GLOBAL_STATE_NAME);
RangerSecurityZone updatedSecurityZone = securityZoneService.update(securityZone);
if (updatedSecurityZone == null) {
throw new Exception("Cannot update security zone:[" + securityZone + "]");
}
securityZoneRefUpdater.createNewZoneMappingForRefTable(updatedSecurityZone);
List<XXTrxLog> trxLogList = securityZoneService.getTransactionLog(updatedSecurityZone, oldSecurityZone, "update");
bizUtil.createTrxLog(trxLogList);
return securityZone;
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
GsonBuilder(com.google.gson.GsonBuilder)
Gson(com.google.gson.Gson)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
XXSecurityZone(org.apache.ranger.entity.XXSecurityZone)
Example 60 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class RangerSecurityZoneServiceService method validateForUpdate.
@Override
protected void validateForUpdate(RangerSecurityZone vObj, XXSecurityZone entityObj) {
// Cache service-names in existing zone object
RangerSecurityZone existingZone = new RangerSecurityZone();
existingZone = mapEntityToViewBean(existingZone, entityObj);
serviceNamesInZones.put(entityObj.getId(), existingZone.getServices().keySet());
tagServiceNamesInZones.put(entityObj.getId(), new HashSet<>(existingZone.getTagServices()));
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
Aggregations
RangerSecurityZone (org.apache.ranger.plugin.model.RangerSecurityZone)68
Test (org.junit.Test)40
ArrayList (java.util.ArrayList)27
XXSecurityZone (org.apache.ranger.entity.XXSecurityZone)16
WebApplicationException (javax.ws.rs.WebApplicationException)14
XXSecurityZoneDao (org.apache.ranger.db.XXSecurityZoneDao)12
RangerService (org.apache.ranger.plugin.model.RangerService)11
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)10
SearchFilter (org.apache.ranger.plugin.util.SearchFilter)10
XXTrxLog (org.apache.ranger.entity.XXTrxLog)9
RangerSecurityZoneService (org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService)7
HashMap (java.util.HashMap)6
ValidationErrorCode (org.apache.ranger.plugin.errors.ValidationErrorCode)5
HashSet (java.util.HashSet)4
List (java.util.List)4
XXGlobalStateDao (org.apache.ranger.db.XXGlobalStateDao)4
Map (java.util.Map)3
Path (javax.ws.rs.Path)3
XXServiceDao (org.apache.ranger.db.XXServiceDao)3
XXServiceDefDao (org.apache.ranger.db.XXServiceDefDao)3
