Example 56 with RangerServiceDef
use of org.apache.ranger.plugin.model.RangerServiceDef in project nifi by apache.
the class TestRangerBasePluginWithPolicies method testDisabledPolicy.
@Test
public void testDisabledPolicy() {
final String resourceIdentifier1 = "/resource-1";
RangerPolicyResource resource1 = new RangerPolicyResource(resourceIdentifier1);
final Map<String, RangerPolicyResource> policy1Resources = new HashMap<>();
policy1Resources.put(resourceIdentifier1, resource1);
final RangerPolicyItem policy1Item = new RangerPolicyItem();
policy1Item.setAccesses(Stream.of(new RangerPolicyItemAccess("READ")).collect(Collectors.toList()));
final RangerPolicy policy1 = new RangerPolicy();
policy1.setIsEnabled(false);
policy1.setResources(policy1Resources);
policy1.setPolicyItems(Stream.of(policy1Item).collect(Collectors.toList()));
final List<RangerPolicy> policies = new ArrayList<>();
policies.add(policy1);
final RangerServiceDef serviceDef = new RangerServiceDef();
serviceDef.setName("nifi");
final ServicePolicies servicePolicies = new ServicePolicies();
servicePolicies.setPolicies(policies);
servicePolicies.setServiceDef(serviceDef);
// set all the policies in the plugin
final RangerBasePluginWithPolicies pluginWithPolicies = new RangerBasePluginWithPolicies("nifi", "nifi");
pluginWithPolicies.setPolicies(servicePolicies);
// ensure the policy was skipped
assertFalse(pluginWithPolicies.doesPolicyExist(resourceIdentifier1, RequestAction.READ));
assertTrue(pluginWithPolicies.getAccessPolicies().isEmpty());
assertNull(pluginWithPolicies.getAccessPolicy(resourceIdentifier1, RequestAction.READ));
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies)
HashMap(java.util.HashMap)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
ArrayList(java.util.ArrayList)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
Test(org.junit.Test)
Example 57 with RangerServiceDef
use of org.apache.ranger.plugin.model.RangerServiceDef in project ranger by apache.
the class ServiceDBStore method updateServiceDef.
@Override
public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.updateServiceDef(" + serviceDef + ")");
}
Long serviceDefId = serviceDef.getId();
XXServiceDef existing = daoMgr.getXXServiceDef().getById(serviceDefId);
if (existing == null) {
throw restErrorUtil.createRESTException("no service-def exists with ID=" + serviceDef.getId(), MessageEnums.DATA_NOT_FOUND);
}
String existingName = existing.getName();
boolean renamed = !StringUtils.equalsIgnoreCase(serviceDef.getName(), existingName);
if (renamed) {
XXServiceDef renamedSVCDef = daoMgr.getXXServiceDef().findByName(serviceDef.getName());
if (renamedSVCDef != null) {
throw restErrorUtil.createRESTException("another service-def already exists with name '" + serviceDef.getName() + "'. ID=" + renamedSVCDef.getId(), MessageEnums.DATA_NOT_UPDATABLE);
}
}
List<RangerServiceConfigDef> configs = serviceDef.getConfigs() != null ? serviceDef.getConfigs() : new ArrayList<RangerServiceConfigDef>();
List<RangerResourceDef> resources = serviceDef.getResources() != null ? serviceDef.getResources() : new ArrayList<RangerResourceDef>();
List<RangerAccessTypeDef> accessTypes = serviceDef.getAccessTypes() != null ? serviceDef.getAccessTypes() : new ArrayList<RangerAccessTypeDef>();
List<RangerPolicyConditionDef> policyConditions = serviceDef.getPolicyConditions() != null ? serviceDef.getPolicyConditions() : new ArrayList<RangerPolicyConditionDef>();
List<RangerContextEnricherDef> contextEnrichers = serviceDef.getContextEnrichers() != null ? serviceDef.getContextEnrichers() : new ArrayList<RangerContextEnricherDef>();
List<RangerEnumDef> enums = serviceDef.getEnums() != null ? serviceDef.getEnums() : new ArrayList<RangerEnumDef>();
RangerDataMaskDef dataMaskDef = serviceDef.getDataMaskDef();
RangerRowFilterDef rowFilterDef = serviceDef.getRowFilterDef();
RangerServiceDefHelper defHelper = new RangerServiceDefHelper(serviceDef, false);
defHelper.patchServiceDefWithDefaultValues();
serviceDef.setCreateTime(existing.getCreateTime());
serviceDef.setGuid(existing.getGuid());
serviceDef.setVersion(existing.getVersion());
serviceDef = serviceDefService.update(serviceDef);
XXServiceDef createdSvcDef = daoMgr.getXXServiceDef().getById(serviceDefId);
updateChildObjectsOfServiceDef(createdSvcDef, configs, resources, accessTypes, policyConditions, contextEnrichers, enums, dataMaskDef, rowFilterDef);
RangerServiceDef updatedSvcDef = getServiceDef(serviceDefId);
dataHistService.createObjectDataHistory(updatedSvcDef, RangerDataHistService.ACTION_UPDATE);
postUpdate(updatedSvcDef);
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.updateServiceDef(" + serviceDef + "): " + serviceDef);
}
return updatedSvcDef;
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
RangerDataMaskDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskDef)
RangerEnumDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)
VXString(org.apache.ranger.view.VXString)
RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)
RangerRowFilterDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerRowFilterDef)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
RangerServiceConfigDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)
RangerAccessTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)
RangerContextEnricherDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)
RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
Example 58 with RangerServiceDef
use of org.apache.ranger.plugin.model.RangerServiceDef in project ranger by apache.
the class ServiceDBStore method getServicePolicies.
@Override
public ServicePolicies getServicePolicies(String serviceName) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.getServicePolicies(" + serviceName + ")");
}
ServicePolicies ret = null;
XXService serviceDbObj = daoMgr.getXXService().findByName(serviceName);
if (serviceDbObj == null) {
throw new Exception("service does not exist. name=" + serviceName);
}
XXServiceVersionInfo serviceVersionInfoDbObj = daoMgr.getXXServiceVersionInfo().findByServiceName(serviceName);
if (serviceVersionInfoDbObj == null) {
LOG.warn("serviceVersionInfo does not exist. name=" + serviceName);
}
RangerServiceDef serviceDef = getServiceDef(serviceDbObj.getType());
if (serviceDef == null) {
throw new Exception("service-def does not exist. id=" + serviceDbObj.getType());
}
List<RangerPolicy> policies = null;
ServicePolicies.TagPolicies tagPolicies = null;
String auditMode = getAuditMode(serviceDef.getName(), serviceName);
if (serviceDbObj.getIsenabled()) {
if (serviceDbObj.getTagService() != null) {
XXService tagServiceDbObj = daoMgr.getXXService().getById(serviceDbObj.getTagService());
if (tagServiceDbObj != null && tagServiceDbObj.getIsenabled()) {
RangerServiceDef tagServiceDef = getServiceDef(tagServiceDbObj.getType());
if (tagServiceDef == null) {
throw new Exception("service-def does not exist. id=" + tagServiceDbObj.getType());
}
XXServiceVersionInfo tagServiceVersionInfoDbObj = daoMgr.getXXServiceVersionInfo().findByServiceId(serviceDbObj.getTagService());
if (tagServiceVersionInfoDbObj == null) {
LOG.warn("serviceVersionInfo does not exist. name=" + tagServiceDbObj.getName());
}
tagPolicies = new ServicePolicies.TagPolicies();
tagPolicies.setServiceId(tagServiceDbObj.getId());
tagPolicies.setServiceName(tagServiceDbObj.getName());
tagPolicies.setPolicyVersion(tagServiceVersionInfoDbObj == null ? null : tagServiceVersionInfoDbObj.getPolicyVersion());
tagPolicies.setPolicyUpdateTime(tagServiceVersionInfoDbObj == null ? null : tagServiceVersionInfoDbObj.getPolicyUpdateTime());
tagPolicies.setPolicies(getServicePoliciesFromDb(tagServiceDbObj));
tagPolicies.setServiceDef(tagServiceDef);
tagPolicies.setAuditMode(auditMode);
}
}
policies = getServicePoliciesFromDb(serviceDbObj);
} else {
policies = new ArrayList<RangerPolicy>();
}
ret = new ServicePolicies();
ret.setServiceId(serviceDbObj.getId());
ret.setServiceName(serviceDbObj.getName());
ret.setPolicyVersion(serviceVersionInfoDbObj == null ? null : serviceVersionInfoDbObj.getPolicyVersion());
ret.setPolicyUpdateTime(serviceVersionInfoDbObj == null ? null : serviceVersionInfoDbObj.getPolicyUpdateTime());
ret.setPolicies(policies);
ret.setServiceDef(serviceDef);
ret.setAuditMode(auditMode);
ret.setTagPolicies(tagPolicies);
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.getServicePolicies(" + serviceName + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
}
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
VXString(org.apache.ranger.view.VXString)
XXService(org.apache.ranger.entity.XXService)
XXServiceVersionInfo(org.apache.ranger.entity.XXServiceVersionInfo)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
JSONException(org.codehaus.jettison.json.JSONException)
Example 59 with RangerServiceDef
use of org.apache.ranger.plugin.model.RangerServiceDef in project ranger by apache.
the class ServiceDBStore method createServiceDef.
@Override
public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.createServiceDef(" + serviceDef + ")");
}
XXServiceDef xServiceDef = daoMgr.getXXServiceDef().findByName(serviceDef.getName());
if (xServiceDef != null) {
throw restErrorUtil.createRESTException("service-def with name: " + serviceDef.getName() + " already exists", MessageEnums.ERROR_DUPLICATE_OBJECT);
}
List<RangerServiceConfigDef> configs = serviceDef.getConfigs();
List<RangerResourceDef> resources = serviceDef.getResources();
List<RangerAccessTypeDef> accessTypes = serviceDef.getAccessTypes();
List<RangerPolicyConditionDef> policyConditions = serviceDef.getPolicyConditions();
List<RangerContextEnricherDef> contextEnrichers = serviceDef.getContextEnrichers();
List<RangerEnumDef> enums = serviceDef.getEnums();
RangerDataMaskDef dataMaskDef = serviceDef.getDataMaskDef();
RangerRowFilterDef rowFilterDef = serviceDef.getRowFilterDef();
List<RangerDataMaskTypeDef> dataMaskTypes = dataMaskDef == null || dataMaskDef.getMaskTypes() == null ? new ArrayList<RangerDataMaskTypeDef>() : dataMaskDef.getMaskTypes();
List<RangerAccessTypeDef> dataMaskAccessTypes = dataMaskDef == null || dataMaskDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : dataMaskDef.getAccessTypes();
List<RangerResourceDef> dataMaskResources = dataMaskDef == null || dataMaskDef.getResources() == null ? new ArrayList<RangerResourceDef>() : dataMaskDef.getResources();
List<RangerAccessTypeDef> rowFilterAccessTypes = rowFilterDef == null || rowFilterDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : rowFilterDef.getAccessTypes();
List<RangerResourceDef> rowFilterResources = rowFilterDef == null || rowFilterDef.getResources() == null ? new ArrayList<RangerResourceDef>() : rowFilterDef.getResources();
RangerServiceDefHelper defHelper = new RangerServiceDefHelper(serviceDef, false);
defHelper.patchServiceDefWithDefaultValues();
// While creating, value of version should be 1.
serviceDef.setVersion(Long.valueOf(1));
if (populateExistingBaseFields) {
svcDefServiceWithAssignedId.setPopulateExistingBaseFields(true);
daoMgr.getXXServiceDef().setIdentityInsert(true);
svcDefServiceWithAssignedId.create(serviceDef);
svcDefServiceWithAssignedId.setPopulateExistingBaseFields(false);
daoMgr.getXXServiceDef().updateSequence();
daoMgr.getXXServiceDef().setIdentityInsert(false);
} else {
// following fields will be auto populated
serviceDef.setId(null);
serviceDef.setCreateTime(null);
serviceDef.setUpdateTime(null);
serviceDef = serviceDefService.create(serviceDef);
}
Long serviceDefId = serviceDef.getId();
XXServiceDef createdSvcDef = daoMgr.getXXServiceDef().getById(serviceDefId);
XXServiceConfigDefDao xxServiceConfigDao = daoMgr.getXXServiceConfigDef();
for (int i = 0; i < configs.size(); i++) {
RangerServiceConfigDef config = configs.get(i);
XXServiceConfigDef xConfig = new XXServiceConfigDef();
xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xConfig.setOrder(i);
xConfig = xxServiceConfigDao.create(xConfig);
}
XXResourceDefDao xxResDefDao = daoMgr.getXXResourceDef();
for (int i = 0; i < resources.size(); i++) {
RangerResourceDef resource = resources.get(i);
XXResourceDef parent = xxResDefDao.findByNameAndServiceDefId(resource.getParent(), serviceDefId);
Long parentId = (parent != null) ? parent.getId() : null;
XXResourceDef xResource = new XXResourceDef();
xResource = serviceDefService.populateRangerResourceDefToXX(resource, xResource, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xResource.setOrder(i);
xResource.setParent(parentId);
xResource = xxResDefDao.create(xResource);
}
XXAccessTypeDefDao xxATDDao = daoMgr.getXXAccessTypeDef();
for (int i = 0; i < accessTypes.size(); i++) {
RangerAccessTypeDef accessType = accessTypes.get(i);
XXAccessTypeDef xAccessType = new XXAccessTypeDef();
xAccessType = serviceDefService.populateRangerAccessTypeDefToXX(accessType, xAccessType, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xAccessType.setOrder(i);
xAccessType = xxATDDao.create(xAccessType);
Collection<String> impliedGrants = accessType.getImpliedGrants();
XXAccessTypeDefGrantsDao xxATDGrantDao = daoMgr.getXXAccessTypeDefGrants();
for (String impliedGrant : impliedGrants) {
XXAccessTypeDefGrants xImpliedGrant = new XXAccessTypeDefGrants();
xImpliedGrant.setAtdId(xAccessType.getId());
xImpliedGrant.setImpliedGrant(impliedGrant);
xImpliedGrant = xxATDGrantDao.create(xImpliedGrant);
}
}
XXPolicyConditionDefDao xxPolCondDao = daoMgr.getXXPolicyConditionDef();
for (int i = 0; i < policyConditions.size(); i++) {
RangerPolicyConditionDef policyCondition = policyConditions.get(i);
XXPolicyConditionDef xPolicyCondition = new XXPolicyConditionDef();
xPolicyCondition = serviceDefService.populateRangerPolicyConditionDefToXX(policyCondition, xPolicyCondition, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xPolicyCondition.setOrder(i);
xPolicyCondition = xxPolCondDao.create(xPolicyCondition);
}
XXContextEnricherDefDao xxContextEnricherDao = daoMgr.getXXContextEnricherDef();
for (int i = 0; i < contextEnrichers.size(); i++) {
RangerContextEnricherDef contextEnricher = contextEnrichers.get(i);
XXContextEnricherDef xContextEnricher = new XXContextEnricherDef();
xContextEnricher = serviceDefService.populateRangerContextEnricherDefToXX(contextEnricher, xContextEnricher, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xContextEnricher.setOrder(i);
xContextEnricher = xxContextEnricherDao.create(xContextEnricher);
}
XXEnumDefDao xxEnumDefDao = daoMgr.getXXEnumDef();
for (RangerEnumDef vEnum : enums) {
XXEnumDef xEnum = new XXEnumDef();
xEnum = serviceDefService.populateRangerEnumDefToXX(vEnum, xEnum, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xEnum = xxEnumDefDao.create(xEnum);
List<RangerEnumElementDef> elements = vEnum.getElements();
XXEnumElementDefDao xxEnumEleDefDao = daoMgr.getXXEnumElementDef();
for (int i = 0; i < elements.size(); i++) {
RangerEnumElementDef element = elements.get(i);
XXEnumElementDef xElement = new XXEnumElementDef();
xElement = serviceDefService.populateRangerEnumElementDefToXX(element, xElement, xEnum, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xElement.setOrder(i);
xElement = xxEnumEleDefDao.create(xElement);
}
}
XXDataMaskTypeDefDao xxDataMaskDefDao = daoMgr.getXXDataMaskTypeDef();
for (int i = 0; i < dataMaskTypes.size(); i++) {
RangerDataMaskTypeDef dataMask = dataMaskTypes.get(i);
XXDataMaskTypeDef xDataMaskDef = new XXDataMaskTypeDef();
xDataMaskDef = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xDataMaskDef, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xDataMaskDef.setOrder(i);
xDataMaskDef = xxDataMaskDefDao.create(xDataMaskDef);
}
List<XXAccessTypeDef> xxAccessTypeDefs = xxATDDao.findByServiceDefId(createdSvcDef.getId());
for (RangerAccessTypeDef accessType : dataMaskAccessTypes) {
if (!isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
throw restErrorUtil.createRESTException("accessType with name: " + accessType.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (RangerAccessTypeDef accessType : rowFilterAccessTypes) {
if (!isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
throw restErrorUtil.createRESTException("accessType with name: " + accessType.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) {
String dataMaskOptions = null;
String rowFilterOptions = null;
for (RangerAccessTypeDef accessTypeDef : dataMaskAccessTypes) {
if (StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
break;
}
}
for (RangerAccessTypeDef accessTypeDef : rowFilterAccessTypes) {
if (StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
break;
}
}
if (!StringUtils.equals(dataMaskOptions, xxAccessTypeDef.getDataMaskOptions()) || !StringUtils.equals(rowFilterOptions, xxAccessTypeDef.getRowFilterOptions())) {
xxAccessTypeDef.setDataMaskOptions(dataMaskOptions);
xxAccessTypeDef.setRowFilterOptions(rowFilterOptions);
xxATDDao.update(xxAccessTypeDef);
}
}
List<XXResourceDef> xxResourceDefs = xxResDefDao.findByServiceDefId(createdSvcDef.getId());
for (RangerResourceDef resource : dataMaskResources) {
if (!isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: " + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (RangerResourceDef resource : rowFilterResources) {
if (!isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: " + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (XXResourceDef xxResourceDef : xxResourceDefs) {
String dataMaskOptions = null;
String rowFilterOptions = null;
for (RangerResourceDef resource : dataMaskResources) {
if (StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(resource);
break;
}
}
for (RangerResourceDef resource : rowFilterResources) {
if (StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(resource);
break;
}
}
if (!StringUtils.equals(dataMaskOptions, xxResourceDef.getDataMaskOptions()) || !StringUtils.equals(rowFilterOptions, xxResourceDef.getRowFilterOptions())) {
xxResourceDef.setDataMaskOptions(dataMaskOptions);
xxResourceDef.setRowFilterOptions(rowFilterOptions);
xxResDefDao.update(xxResourceDef);
}
}
RangerServiceDef createdServiceDef = serviceDefService.getPopulatedViewObject(createdSvcDef);
dataHistService.createObjectDataHistory(createdServiceDef, RangerDataHistService.ACTION_CREATE);
postCreate(createdServiceDef);
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.createServiceDef(" + serviceDef + "): " + createdServiceDef);
}
return createdServiceDef;
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
XXDataMaskTypeDefDao(org.apache.ranger.db.XXDataMaskTypeDefDao)
RangerDataMaskDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskDef)
XXPolicyConditionDefDao(org.apache.ranger.db.XXPolicyConditionDefDao)
RangerEnumDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)
XXEnumElementDefDao(org.apache.ranger.db.XXEnumElementDefDao)
RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)
RangerRowFilterDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerRowFilterDef)
XXAccessTypeDefDao(org.apache.ranger.db.XXAccessTypeDefDao)
VXString(org.apache.ranger.view.VXString)
XXAccessTypeDefGrants(org.apache.ranger.entity.XXAccessTypeDefGrants)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXEnumDefDao(org.apache.ranger.db.XXEnumDefDao)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
XXServiceConfigDef(org.apache.ranger.entity.XXServiceConfigDef)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
RangerServiceConfigDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)
XXResourceDefDao(org.apache.ranger.db.XXResourceDefDao)
RangerEnumElementDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef)
RangerDataMaskTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskTypeDef)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
XXAccessTypeDefGrantsDao(org.apache.ranger.db.XXAccessTypeDefGrantsDao)
RangerAccessTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)
XXEnumElementDef(org.apache.ranger.entity.XXEnumElementDef)
RangerContextEnricherDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)
RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)
XXEnumDef(org.apache.ranger.entity.XXEnumDef)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
XXServiceConfigDefDao(org.apache.ranger.db.XXServiceConfigDefDao)
XXContextEnricherDef(org.apache.ranger.entity.XXContextEnricherDef)
XXContextEnricherDefDao(org.apache.ranger.db.XXContextEnricherDefDao)
Example 60 with RangerServiceDef
use of org.apache.ranger.plugin.model.RangerServiceDef in project ranger by apache.
the class ServiceDBStore method getServicePolicies.
private List<RangerPolicy> getServicePolicies(XXService service, SearchFilter filter) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.getServicePolicies()");
}
if (service == null) {
throw new Exception("service does not exist");
}
List<RangerPolicy> ret = null;
ServicePolicies servicePolicies = RangerServicePoliciesCache.getInstance().getServicePolicies(service.getName(), service.getId(), this);
List<RangerPolicy> policies = servicePolicies != null ? servicePolicies.getPolicies() : null;
if (policies != null && filter != null) {
Map<String, String> filterResources = filter.getParamsWithPrefix(SearchFilter.RESOURCE_PREFIX, true);
String resourceMatchScope = filter.getParam(SearchFilter.RESOURCE_MATCH_SCOPE);
boolean useLegacyResourceSearch = true;
if (MapUtils.isNotEmpty(filterResources) && resourceMatchScope != null) {
useLegacyResourceSearch = false;
for (Map.Entry<String, String> entry : filterResources.entrySet()) {
filter.removeParam(SearchFilter.RESOURCE_PREFIX + entry.getKey());
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("Using" + (useLegacyResourceSearch ? " old " : " new ") + "way of filtering service-policies");
}
ret = new ArrayList<RangerPolicy>(policies);
predicateUtil.applyFilter(ret, filter);
if (!useLegacyResourceSearch && CollectionUtils.isNotEmpty(ret)) {
RangerPolicyResourceMatcher.MatchScope scope;
if (StringUtils.equalsIgnoreCase(resourceMatchScope, "self")) {
scope = RangerPolicyResourceMatcher.MatchScope.SELF;
} else if (StringUtils.equalsIgnoreCase(resourceMatchScope, "ancestor")) {
scope = RangerPolicyResourceMatcher.MatchScope.ANCESTOR;
} else if (StringUtils.equalsIgnoreCase(resourceMatchScope, "self_or_ancestor")) {
scope = RangerPolicyResourceMatcher.MatchScope.SELF_OR_ANCESTOR;
} else {
// DESCENDANT match will never happen
scope = RangerPolicyResourceMatcher.MatchScope.SELF_OR_ANCESTOR;
}
RangerServiceDef serviceDef = servicePolicies.getServiceDef();
switch(scope) {
case SELF:
{
serviceDef = RangerServiceDefHelper.getServiceDefForPolicyFiltering(serviceDef);
break;
}
case ANCESTOR:
{
Map<String, String> updatedFilterResources = RangerServiceDefHelper.getFilterResourcesForAncestorPolicyFiltering(serviceDef, filterResources);
if (MapUtils.isNotEmpty(updatedFilterResources)) {
for (Map.Entry<String, String> entry : updatedFilterResources.entrySet()) {
filterResources.put(entry.getKey(), entry.getValue());
}
scope = RangerPolicyResourceMatcher.MatchScope.SELF_OR_ANCESTOR;
}
break;
}
default:
break;
}
ret = applyResourceFilter(serviceDef, ret, filterResources, filter, scope);
}
} else {
ret = policies;
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.getServicePolicies(): count=" + ((ret == null) ? 0 : ret.size()));
}
return ret;
}
Also used :
ServicePolicies(org.apache.ranger.plugin.util.ServicePolicies)
VXString(org.apache.ranger.view.VXString)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
JSONException(org.codehaus.jettison.json.JSONException)
RangerPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
Entry(java.util.Map.Entry)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
Map(java.util.Map)
XXPolicyLabelMap(org.apache.ranger.entity.XXPolicyLabelMap)
LinkedHashMap(java.util.LinkedHashMap)
HashMap(java.util.HashMap)
XXPolicyResourceMap(org.apache.ranger.entity.XXPolicyResourceMap)
XXServiceConfigMap(org.apache.ranger.entity.XXServiceConfigMap)
Aggregations
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)105
Test (org.junit.Test)52
ArrayList (java.util.ArrayList)38
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)19
XXServiceDef (org.apache.ranger.entity.XXServiceDef)18
Date (java.util.Date)15
HashMap (java.util.HashMap)13
ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)13
RangerService (org.apache.ranger.plugin.model.RangerService)12
RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)12
RangerServiceConfigDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)12
RangerAccessTypeDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)11
VXString (org.apache.ranger.view.VXString)10
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)9
RangerContextEnricherDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)9
RangerPolicyConditionDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)9
RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)8
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)8
RangerEnumDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)8
SearchFilter (org.apache.ranger.plugin.util.SearchFilter)7
