Example 46 with RangerResourceDef
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class RangerPolicyValidator method isValidResourceFlags.
boolean isValidResourceFlags(final Map<String, RangerPolicyResource> inputPolicyResources, final List<ValidationFailureDetails> failures, final List<RangerResourceDef> resourceDefs, final String serviceDefName, final String policyName, boolean isAdmin) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("==> RangerPolicyValidator.isValidResourceFlags(%s, %s, %s, %s, %s, %s)", inputPolicyResources, failures, resourceDefs, serviceDefName, policyName, isAdmin));
}
boolean valid = true;
if (resourceDefs == null) {
LOG.debug("isValidResourceFlags: service Def is null");
} else {
Map<String, RangerPolicyResource> policyResources = getPolicyResourceWithLowerCaseKeys(inputPolicyResources);
for (RangerResourceDef resourceDef : resourceDefs) {
if (resourceDef == null) {
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_RESOURCE_DEF;
failures.add(new ValidationFailureDetailsBuilder().field("resource-def").isAnInternalError().becauseOf(error.getMessage(serviceDefName)).errorCode(error.getErrorCode()).build());
valid = false;
} else if (StringUtils.isBlank(resourceDef.getName())) {
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_RESOURCE_DEF_NAME;
failures.add(new ValidationFailureDetailsBuilder().field("resource-def-name").isAnInternalError().becauseOf(error.getMessage(serviceDefName)).errorCode(error.getErrorCode()).build());
valid = false;
} else {
String resourceName = resourceDef.getName().toLowerCase();
RangerPolicyResource policyResource = policyResources.get(resourceName);
if (policyResource == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("a policy-resource object for resource[" + resourceName + "] on policy [" + policyName + "] was null");
}
} else {
// could be null
boolean excludesSupported = Boolean.TRUE.equals(resourceDef.getExcludesSupported());
// could be null
boolean policyResourceIsExcludes = Boolean.TRUE.equals(policyResource.getIsExcludes());
if (policyResourceIsExcludes && !excludesSupported) {
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_EXCLUDES_NOT_SUPPORTED;
failures.add(new ValidationFailureDetailsBuilder().field("isExcludes").subField(resourceName).isSemanticallyIncorrect().becauseOf(error.getMessage(resourceName)).errorCode(error.getErrorCode()).build());
valid = false;
}
if (policyResourceIsExcludes && !isAdmin) {
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_EXCLUDES_REQUIRES_ADMIN;
failures.add(new ValidationFailureDetailsBuilder().field("isExcludes").subField("isAdmin").isSemanticallyIncorrect().becauseOf(error.getMessage()).errorCode(error.getErrorCode()).build());
valid = false;
}
boolean recursiveSupported = Boolean.TRUE.equals(resourceDef.getRecursiveSupported());
boolean policyIsRecursive = Boolean.TRUE.equals(policyResource.getIsRecursive());
if (policyIsRecursive && !recursiveSupported) {
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_RECURSIVE_NOT_SUPPORTED;
failures.add(new ValidationFailureDetailsBuilder().field("isRecursive").subField(resourceName).isSemanticallyIncorrect().becauseOf(error.getMessage(resourceName)).errorCode(error.getErrorCode()).build());
valid = false;
}
}
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== RangerPolicyValidator.isValidResourceFlags(%s, %s, %s, %s, %s, %s): %s", inputPolicyResources, failures, resourceDefs, serviceDefName, policyName, isAdmin, valid));
}
return valid;
}
Also used :
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
Example 47 with RangerResourceDef
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class RangerServiceDefValidator method isValidResources.
boolean isValidResources(RangerServiceDef serviceDef, List<ValidationFailureDetails> failures) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("==> RangerServiceDefValidator.isValidResources(%s, %s)", serviceDef, failures));
}
boolean valid = true;
List<RangerResourceDef> resources = serviceDef.getResources();
if (CollectionUtils.isEmpty(resources)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_MISSING_FIELD;
failures.add(new ValidationFailureDetailsBuilder().field("resources").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage("resources")).build());
valid = false;
} else {
Set<String> names = new HashSet<String>(resources.size());
Set<Long> ids = new HashSet<Long>(resources.size());
for (RangerResourceDef resource : resources) {
/*
* While id is the natural key, name is a surrogate key. At several places code expects resource name to be unique within a service.
*/
valid = isUnique(resource.getName(), names, "resource name", "resources", failures) && valid;
valid = isUnique(resource.getItemId(), ids, "resource itemId", "resources", failures) && valid;
}
}
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== RangerServiceDefValidator.isValidResources(%s, %s): %s", serviceDef, failures, valid));
}
return valid;
}
Also used :
ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
HashSet(java.util.HashSet)
Example 48 with RangerResourceDef
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class TestRangerServiceDefServiceBase method test6populateXXToRangerResourceDef.
@Test
public void test6populateXXToRangerResourceDef() {
XXResourceDefDao xResourceDefDao = Mockito.mock(XXResourceDefDao.class);
XXResourceDef resourceDefObj = new XXResourceDef();
resourceDefObj.setAddedByUserId(Id);
resourceDefObj.setCreateTime(new Date());
resourceDefObj.setDefid(Id);
resourceDefObj.setDescription("HDFS Repository");
resourceDefObj.setId(Id);
Mockito.when(daoManager.getXXResourceDef()).thenReturn(xResourceDefDao);
RangerResourceDef dbRangerResourceDef = rangerServiceDefService.populateXXToRangerResourceDef(resourceDefObj);
Assert.assertNotNull(dbRangerResourceDef);
Assert.assertEquals(dbRangerResourceDef.getName(), resourceDefObj.getName());
Assert.assertEquals(dbRangerResourceDef.getDescription(), resourceDefObj.getDescription());
Assert.assertEquals(dbRangerResourceDef.getType(), resourceDefObj.getType());
Assert.assertEquals(dbRangerResourceDef.getRbKeyDescription(), resourceDefObj.getRbkeydescription());
Mockito.verify(daoManager).getXXResourceDef();
}
Also used :
XXResourceDefDao(org.apache.ranger.db.XXResourceDefDao)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
Date(java.util.Date)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
Test(org.junit.Test)
Example 49 with RangerResourceDef
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class TestRangerServiceDefServiceBase method rangerServiceDef.
private RangerServiceDef rangerServiceDef() {
List<RangerServiceConfigDef> configs = new ArrayList<RangerServiceConfigDef>();
List<RangerResourceDef> resources = new ArrayList<RangerResourceDef>();
List<RangerAccessTypeDef> accessTypes = new ArrayList<RangerAccessTypeDef>();
List<RangerPolicyConditionDef> policyConditions = new ArrayList<RangerPolicyConditionDef>();
List<RangerContextEnricherDef> contextEnrichers = new ArrayList<RangerContextEnricherDef>();
List<RangerEnumDef> enums = new ArrayList<RangerEnumDef>();
RangerServiceDef rangerServiceDef = new RangerServiceDef();
rangerServiceDef.setId(Id);
rangerServiceDef.setImplClass("RangerServiceHdfs");
rangerServiceDef.setLabel("HDFS Repository");
rangerServiceDef.setDescription("HDFS Repository");
rangerServiceDef.setRbKeyDescription(null);
rangerServiceDef.setUpdatedBy("Admin");
rangerServiceDef.setUpdateTime(new Date());
rangerServiceDef.setConfigs(configs);
rangerServiceDef.setResources(resources);
rangerServiceDef.setAccessTypes(accessTypes);
rangerServiceDef.setPolicyConditions(policyConditions);
rangerServiceDef.setContextEnrichers(contextEnrichers);
rangerServiceDef.setEnums(enums);
return rangerServiceDef;
}
Also used :
RangerServiceConfigDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)
ArrayList(java.util.ArrayList)
RangerEnumDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)
RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)
Date(java.util.Date)
RangerAccessTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)
RangerContextEnricherDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
Example 50 with RangerResourceDef
use of org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef in project ranger by apache.
the class PatchForNifiResourceUpdateExclude_J10011 method updateNifiServiceDef.
private void updateNifiServiceDef() {
RangerServiceDef ret = null;
RangerServiceDef dbNifiServiceDef = null;
try {
dbNifiServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME);
if (dbNifiServiceDef != null) {
List<RangerResourceDef> rRDefList = null;
rRDefList = dbNifiServiceDef.getResources();
if (CollectionUtils.isNotEmpty(rRDefList)) {
for (RangerResourceDef rRDef : rRDefList) {
if (rRDef.getExcludesSupported()) {
rRDef.setExcludesSupported(false);
}
XXResourceDef sdf = daoMgr.getXXResourceDef().findByNameAndServiceDefId(rRDef.getName(), dbNifiServiceDef.getId());
long ResourceDefId = sdf.getId();
List<XXPolicyResource> RangerPolicyResourceList = daoMgr.getXXPolicyResource().findByResDefId(ResourceDefId);
if (CollectionUtils.isNotEmpty(RangerPolicyResourceList)) {
for (XXPolicyResource RangerPolicyResource : RangerPolicyResourceList) {
if (RangerPolicyResource.getIsexcludes()) {
RangerPolicy rPolicy = svcDBStore.getPolicy(RangerPolicyResource.getPolicyid());
rPolicy.setIsEnabled(false);
svcStore.updatePolicy(rPolicy);
}
}
}
}
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbNifiServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbNifiServiceDef);
}
if (ret == null) {
logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME + "service-def");
}
} catch (Exception e) {
logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME + "service-def", e);
}
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXPolicyResource(org.apache.ranger.entity.XXPolicyResource)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
RangerServiceDefValidator(org.apache.ranger.plugin.model.validation.RangerServiceDefValidator)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
Aggregations
RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)50
ArrayList (java.util.ArrayList)19
Test (org.junit.Test)15
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)12
RangerAccessTypeDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)12
Date (java.util.Date)11
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)11
RangerContextEnricherDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)10
RangerEnumDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)10
RangerPolicyConditionDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)10
RangerServiceConfigDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)10
List (java.util.List)7
RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)7
HashSet (java.util.HashSet)5
XXResourceDef (org.apache.ranger.entity.XXResourceDef)5
RangerServiceDefHelper (org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)4
RangerResourceMatcher (org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher)4
VXString (org.apache.ranger.view.VXString)4
HashMap (java.util.HashMap)3
XXResourceDefDao (org.apache.ranger.db.XXResourceDefDao)3
