Example 41 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class UpdateUserAndGroupNamesInJson method updateRangerSecurityZoneJson.
// Update user and group name in security json
private void updateRangerSecurityZoneJson(Map<String, String> usersInDB, Map<String, String> groupsInDB) {
SearchFilter filter = new SearchFilter();
try {
List<RangerSecurityZone> securityZones = securityZoneStore.getSecurityZones(filter);
TransactionTemplate txTemplate = new TransactionTemplate(txManager);
for (RangerSecurityZone securityZone : securityZones) {
updateRangerSecurityZoneUsersAndGroups(securityZone.getAdminUserGroups(), groupsInDB);
updateRangerSecurityZoneUsersAndGroups(securityZone.getAdminUsers(), usersInDB);
updateRangerSecurityZoneUsersAndGroups(securityZone.getAuditUserGroups(), groupsInDB);
updateRangerSecurityZoneUsersAndGroups(securityZone.getAuditUsers(), usersInDB);
SecurityZoneUpdaterThread updaterThread = new SecurityZoneUpdaterThread(txTemplate, securityZone);
updaterThread.setDaemon(true);
updaterThread.start();
updaterThread.join();
String errorMsg = updaterThread.getErrorMsg();
if (StringUtils.isNotEmpty(errorMsg)) {
throw new Exception(errorMsg);
}
}
} catch (Exception ex) {
logger.error("Error in updateRangerSecurityZoneJson()", ex);
}
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
TransactionTemplate(org.springframework.transaction.support.TransactionTemplate)
SearchFilter(org.apache.ranger.plugin.util.SearchFilter)
Example 42 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class SecurityZoneREST method getAllZones.
@GET
@Path("/zones")
public RangerSecurityZoneList getAllZones(@Context HttpServletRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> getAllZones()");
}
if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_SECURITY_ZONE)) {
throw restErrorUtil.createRESTException(STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE, MessageEnums.OPER_NO_PERMISSION);
}
RangerSecurityZoneList ret = new RangerSecurityZoneList();
SearchFilter filter = searchUtil.getSearchFilter(request, securityZoneService.sortFields);
try {
List<RangerSecurityZone> securityZones = securityZoneStore.getSecurityZones(filter);
ret.setSecurityZoneList(securityZones);
if (securityZones != null) {
ret.setTotalCount(securityZones.size());
ret.setSortBy(filter.getSortBy());
ret.setSortType(filter.getSortType());
ret.setResultSize(securityZones.size());
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("getSecurityZones() failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== getAllZones():" + ret);
}
return ret;
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerSecurityZoneList(org.apache.ranger.view.RangerSecurityZoneList)
SearchFilter(org.apache.ranger.plugin.util.SearchFilter)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
Example 43 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class SecurityZoneREST method createSecurityZone.
@POST
@Path("/zones")
public RangerSecurityZone createSecurityZone(RangerSecurityZone securityZone) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> createSecurityZone(" + securityZone + ")");
}
RangerSecurityZone ret;
try {
ensureAdminAccess(securityZone);
removeEmptyEntries(securityZone);
RangerSecurityZoneValidator validator = validatorFactory.getSecurityZoneValidator(svcStore, securityZoneStore);
validator.validate(securityZone, RangerValidator.Action.CREATE);
ret = securityZoneStore.createSecurityZone(securityZone);
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("createSecurityZone(" + securityZone + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== createSecurityZone(" + securityZone + "):" + ret);
}
return ret;
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerSecurityZoneValidator(org.apache.ranger.plugin.model.validation.RangerSecurityZoneValidator)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Example 44 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class SecurityZonePredicateUtil method addPredicateForServiceName.
private Predicate addPredicateForServiceName(final String serviceName, List<Predicate> predicates) {
if (StringUtils.isEmpty(serviceName)) {
return null;
}
Predicate ret = new Predicate() {
@Override
public boolean evaluate(Object object) {
if (object == null) {
return false;
}
boolean ret = false;
if (object instanceof RangerSecurityZone) {
RangerSecurityZone securityZone = (RangerSecurityZone) object;
ret = securityZone.getServices().get(serviceName) != null;
}
return ret;
}
};
if (predicates != null) {
predicates.add(ret);
}
return ret;
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
Predicate(org.apache.commons.collections.Predicate)
Example 45 with RangerSecurityZone
use of org.apache.ranger.plugin.model.RangerSecurityZone in project ranger by apache.
the class RangerSecurityZoneValidatorTest method testValidateSecurityZoneWitoutRangerServiceDefForCreateThrowsError.
@Test
public void testValidateSecurityZoneWitoutRangerServiceDefForCreateThrowsError() throws Exception {
RangerService rangerSvc = getRangerService();
RangerSecurityZone suppliedSecurityZone = getRangerSecurityZone();
Mockito.when(_store.getSecurityZone("MyZone")).thenReturn(null);
Mockito.when(_store.getServiceByName("hdfsSvc")).thenReturn(rangerSvc);
Mockito.when(_store.getServiceDefByName("1")).thenReturn(null);
try {
rangerSecurityZoneValidator.validate(suppliedSecurityZone, RangerValidator.Action.CREATE);
} catch (Exception ex) {
Assert.assertEquals(ex.getMessage(), "(0) Validation failure: error code[3041], reason[Invalid service-type [1]], field[security zone resource service-type], subfield[null], type[] ");
}
}
Also used :
RangerSecurityZone(org.apache.ranger.plugin.model.RangerSecurityZone)
RangerService(org.apache.ranger.plugin.model.RangerService)
Test(org.junit.Test)
Aggregations
RangerSecurityZone (org.apache.ranger.plugin.model.RangerSecurityZone)68
Test (org.junit.Test)40
ArrayList (java.util.ArrayList)27
XXSecurityZone (org.apache.ranger.entity.XXSecurityZone)16
WebApplicationException (javax.ws.rs.WebApplicationException)14
XXSecurityZoneDao (org.apache.ranger.db.XXSecurityZoneDao)12
RangerService (org.apache.ranger.plugin.model.RangerService)11
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)10
SearchFilter (org.apache.ranger.plugin.util.SearchFilter)10
XXTrxLog (org.apache.ranger.entity.XXTrxLog)9
RangerSecurityZoneService (org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService)7
HashMap (java.util.HashMap)6
ValidationErrorCode (org.apache.ranger.plugin.errors.ValidationErrorCode)5
HashSet (java.util.HashSet)4
List (java.util.List)4
XXGlobalStateDao (org.apache.ranger.db.XXGlobalStateDao)4
Map (java.util.Map)3
Path (javax.ws.rs.Path)3
XXServiceDao (org.apache.ranger.db.XXServiceDao)3
XXServiceDefDao (org.apache.ranger.db.XXServiceDefDao)3
