Example 21 with RangerServiceResource
use of org.apache.ranger.plugin.model.RangerServiceResource in project ranger by apache.
the class TagPredicateUtil method addPredicateForServiceResourceServiceName.
private Predicate addPredicateForServiceResourceServiceName(final String serviceName, List<Predicate> predicates) {
if (serviceName == null || StringUtils.isEmpty(serviceName)) {
return null;
}
Predicate ret = new Predicate() {
@Override
public boolean evaluate(Object object) {
boolean ret = false;
if (object == null) {
return ret;
}
if (object instanceof RangerServiceResource) {
RangerServiceResource resource = (RangerServiceResource) object;
ret = StringUtils.equals(resource.getServiceName(), serviceName);
}
return ret;
}
};
if (predicates != null) {
predicates.add(ret);
}
return ret;
}
Also used :
RangerServiceResource(org.apache.ranger.plugin.model.RangerServiceResource)
Predicate(org.apache.commons.collections.Predicate)
Example 22 with RangerServiceResource
use of org.apache.ranger.plugin.model.RangerServiceResource in project ranger by apache.
the class TagPredicateUtil method addPredicateForResourceGuid.
private Predicate addPredicateForResourceGuid(final String id, List<Predicate> predicates) {
if (StringUtils.isEmpty(id)) {
return null;
}
Predicate ret = new Predicate() {
@Override
public boolean evaluate(Object object) {
boolean ret = false;
if (object == null) {
return ret;
}
if (object instanceof RangerServiceResource) {
RangerServiceResource resource = (RangerServiceResource) object;
ret = StringUtils.equals(id, resource.getGuid());
}
return ret;
}
};
if (predicates != null) {
predicates.add(ret);
}
return ret;
}
Also used :
RangerServiceResource(org.apache.ranger.plugin.model.RangerServiceResource)
Predicate(org.apache.commons.collections.Predicate)
Example 23 with RangerServiceResource
use of org.apache.ranger.plugin.model.RangerServiceResource in project ranger by apache.
the class RangerTagEnricher method setServiceTags.
public void setServiceTags(final ServiceTags serviceTags) {
if (serviceTags == null || CollectionUtils.isEmpty(serviceTags.getServiceResources())) {
LOG.info("ServiceTags is null or there are no tagged resources for service " + serviceName);
enrichedServiceTags = null;
} else {
List<RangerServiceResourceMatcher> resourceMatchers = new ArrayList<>();
RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef, false);
List<RangerServiceResource> serviceResources = serviceTags.getServiceResources();
ResourceHierarchies hierarchies = new ResourceHierarchies();
for (RangerServiceResource serviceResource : serviceResources) {
final Collection<String> resourceKeys = serviceResource.getResourceElements().keySet();
for (int policyType : RangerPolicy.POLICY_TYPES) {
Boolean isValidHierarchy = hierarchies.isValidHierarchy(policyType, resourceKeys);
if (isValidHierarchy == null) {
// hierarchy not yet validated
isValidHierarchy = Boolean.FALSE;
for (List<RangerServiceDef.RangerResourceDef> hierarchy : serviceDefHelper.getResourceHierarchies(policyType)) {
if (serviceDefHelper.hierarchyHasAllResources(hierarchy, resourceKeys)) {
isValidHierarchy = Boolean.TRUE;
break;
}
}
hierarchies.addHierarchy(policyType, resourceKeys, isValidHierarchy);
}
if (isValidHierarchy) {
RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher();
matcher.setServiceDef(this.serviceDef);
matcher.setPolicyResources(serviceResource.getResourceElements(), policyType);
if (LOG.isDebugEnabled()) {
LOG.debug("RangerTagEnricher.setServiceTags() - Initializing matcher with (resource=" + serviceResource + ", serviceDef=" + this.serviceDef.getName() + ")");
}
matcher.setServiceDefHelper(serviceDefHelper);
matcher.init();
RangerServiceResourceMatcher serviceResourceMatcher = new RangerServiceResourceMatcher(serviceResource, matcher);
resourceMatchers.add(serviceResourceMatcher);
}
}
}
Map<String, RangerResourceTrie<RangerServiceResourceMatcher>> serviceResourceTrie = null;
if (!disableTrieLookupPrefilter) {
serviceResourceTrie = new HashMap<>();
for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
serviceResourceTrie.put(resourceDef.getName(), new RangerResourceTrie<RangerServiceResourceMatcher>(resourceDef, resourceMatchers));
}
}
Set<RangerTagForEval> tagsForEmptyResourceAndAnyAccess = new HashSet<>();
for (Map.Entry<Long, RangerTag> entry : serviceTags.getTags().entrySet()) {
tagsForEmptyResourceAndAnyAccess.add(new RangerTagForEval(entry.getValue(), RangerPolicyResourceMatcher.MatchType.DESCENDANT));
}
enrichedServiceTags = new EnrichedServiceTags(serviceTags, resourceMatchers, serviceResourceTrie, tagsForEmptyResourceAndAnyAccess);
}
}
Also used :
RangerDefaultPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher)
ArrayList(java.util.ArrayList)
RangerResourceTrie(org.apache.ranger.plugin.util.RangerResourceTrie)
RangerTag(org.apache.ranger.plugin.model.RangerTag)
HashSet(java.util.HashSet)
RangerServiceResource(org.apache.ranger.plugin.model.RangerServiceResource)
RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 24 with RangerServiceResource
use of org.apache.ranger.plugin.model.RangerServiceResource in project ranger by apache.
the class ServiceTagsProcessor method addOrUpdate.
// Map tagdef, tag, serviceResource ids to created ids and use them in tag-resource-mapping
private void addOrUpdate(ServiceTags serviceTags) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceTagsProcessor.createOrUpdate()");
}
Map<Long, RangerTagDef> tagDefsInStore = new HashMap<Long, RangerTagDef>();
Map<Long, RangerServiceResource> resourcesInStore = new HashMap<Long, RangerServiceResource>();
if (MapUtils.isNotEmpty(serviceTags.getTagDefinitions())) {
RangerTagDef tagDef = null;
try {
for (Map.Entry<Long, RangerTagDef> entry : serviceTags.getTagDefinitions().entrySet()) {
tagDef = entry.getValue();
RangerTagDef existing = null;
if (StringUtils.isNotEmpty(tagDef.getGuid())) {
existing = tagStore.getTagDefByGuid(tagDef.getGuid());
}
if (existing == null && StringUtils.isNotEmpty(tagDef.getName())) {
existing = tagStore.getTagDefByName(tagDef.getName());
}
RangerTagDef tagDefInStore = null;
if (existing == null) {
tagDefInStore = tagStore.createTagDef(tagDef);
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("tagDef for name:" + tagDef.getName() + " exists, will not update it");
}
tagDefInStore = existing;
}
tagDefsInStore.put(entry.getKey(), tagDefInStore);
}
} catch (Exception exception) {
LOG.error("createTagDef failed, tagDef=" + tagDef, exception);
throw exception;
}
}
List<RangerServiceResource> resources = serviceTags.getServiceResources();
if (CollectionUtils.isNotEmpty(resources)) {
RangerServiceResource resource = null;
try {
for (int i = 0; i < resources.size(); i++) {
resource = resources.get(i);
RangerServiceResource existing = null;
String resourceSignature = null;
Long resourceId = resource.getId();
if (StringUtils.isNotEmpty(resource.getGuid())) {
existing = tagStore.getServiceResourceByGuid(resource.getGuid());
}
if (existing == null) {
if (MapUtils.isNotEmpty(resource.getResourceElements())) {
RangerServiceResourceSignature serializer = new RangerServiceResourceSignature(resource);
resourceSignature = serializer.getSignature();
resource.setResourceSignature(resourceSignature);
existing = tagStore.getServiceResourceByServiceAndResourceSignature(resource.getServiceName(), resourceSignature);
}
}
RangerServiceResource resourceInStore = null;
if (existing == null) {
resourceInStore = tagStore.createServiceResource(resource);
} else if (StringUtils.isEmpty(resource.getServiceName()) || MapUtils.isEmpty(resource.getResourceElements())) {
resourceInStore = existing;
} else {
resource.setId(existing.getId());
resource.setGuid(existing.getGuid());
resourceInStore = tagStore.updateServiceResource(resource);
}
resourcesInStore.put(resourceId, resourceInStore);
}
} catch (Exception exception) {
LOG.error("createServiceResource failed, resource=" + resource, exception);
throw exception;
}
}
if (MapUtils.isNotEmpty(serviceTags.getResourceToTagIds())) {
for (Map.Entry<Long, List<Long>> entry : serviceTags.getResourceToTagIds().entrySet()) {
Long resourceId = entry.getKey();
RangerServiceResource resourceInStore = resourcesInStore.get(resourceId);
if (resourceInStore == null) {
LOG.error("Resource (id=" + resourceId + ") not found. Skipping tags update");
continue;
}
// Get all tags associated with this resourceId
List<RangerTag> associatedTags = null;
try {
associatedTags = tagStore.getTagsForResourceId(resourceInStore.getId());
} catch (Exception exception) {
LOG.error("RangerTags cannot be retrieved for resource with guid=" + resourceInStore.getGuid());
throw exception;
}
List<RangerTag> tagsToRetain = new ArrayList<RangerTag>();
List<Long> tagIds = entry.getValue();
try {
for (Long tagId : tagIds) {
RangerTag incomingTag = MapUtils.isNotEmpty(serviceTags.getTags()) ? serviceTags.getTags().get(tagId) : null;
if (incomingTag == null) {
LOG.error("Tag (id=" + tagId + ") not found. Skipping addition of this tag for resource (id=" + resourceId + ")");
continue;
}
RangerTag matchingTag = findMatchingTag(incomingTag, associatedTags);
if (matchingTag == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("Did not find matching tag for tagId=" + tagId);
}
// create new tag from incoming tag and associate it with service-resource
RangerTag newTag = tagStore.createTag(incomingTag);
RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();
tagResourceMap.setTagId(newTag.getId());
tagResourceMap.setResourceId(resourceInStore.getId());
tagResourceMap = tagStore.createTagResourceMap(tagResourceMap);
associatedTags.add(newTag);
tagsToRetain.add(newTag);
continue;
}
if (LOG.isDebugEnabled()) {
LOG.debug("Found matching tag for tagId=" + tagId + ", matchingTag=" + matchingTag);
}
if (isResourcePrivateTag(incomingTag)) {
if (!isResourcePrivateTag(matchingTag)) {
// create new tag from incoming tag and associate it with service-resource
RangerTag newTag = tagStore.createTag(incomingTag);
RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();
tagResourceMap.setTagId(newTag.getId());
tagResourceMap.setResourceId(resourceInStore.getId());
tagResourceMap = tagStore.createTagResourceMap(tagResourceMap);
associatedTags.add(newTag);
tagsToRetain.add(newTag);
} else {
// Keep this tag, but update it with attribute-values from incoming tag
tagsToRetain.add(matchingTag);
if (StringUtils.equals(incomingTag.getGuid(), matchingTag.getGuid())) {
// matching tag was found because of Guid match
if (LOG.isDebugEnabled()) {
LOG.debug("Updating existing private tag with id=" + matchingTag.getId());
}
// update private tag with new values
incomingTag.setId(matchingTag.getId());
tagStore.updateTag(incomingTag);
}
}
} else {
// shared model
if (isResourcePrivateTag(matchingTag)) {
// create new tag from incoming tag and associate it with service-resource
RangerTag newTag = tagStore.createTag(incomingTag);
RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();
tagResourceMap.setTagId(newTag.getId());
tagResourceMap.setResourceId(resourceInStore.getId());
tagResourceMap = tagStore.createTagResourceMap(tagResourceMap);
associatedTags.add(newTag);
tagsToRetain.add(newTag);
} else {
// Keep this tag, but update it with attribute-values from incoming tag
tagsToRetain.add(matchingTag);
// Update shared tag with new values
incomingTag.setId(matchingTag.getId());
tagStore.updateTag(incomingTag);
// associate with service-resource if not already associated
if (findTagInList(matchingTag, associatedTags) == null) {
RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();
tagResourceMap.setTagId(matchingTag.getId());
tagResourceMap.setResourceId(resourceInStore.getId());
tagResourceMap = tagStore.createTagResourceMap(tagResourceMap);
}
}
}
}
} catch (Exception exception) {
LOG.error("createRangerTagResourceMap failed", exception);
throw exception;
}
if (CollectionUtils.isNotEmpty(associatedTags)) {
Long tagId = null;
try {
for (RangerTag associatedTag : associatedTags) {
if (findTagInList(associatedTag, tagsToRetain) == null) {
tagId = associatedTag.getId();
RangerTagResourceMap tagResourceMap = tagStore.getTagResourceMapForTagAndResourceId(tagId, resourceInStore.getId());
if (tagResourceMap != null) {
tagStore.deleteTagResourceMap(tagResourceMap.getId());
}
if (LOG.isDebugEnabled()) {
LOG.debug("Deleted tagResourceMap(tagId=" + tagId + ", resourceId=" + resourceInStore.getId());
}
}
}
} catch (Exception exception) {
LOG.error("deleteTagResourceMap failed, tagId=" + tagId + ", resourceId=" + resourceInStore.getId());
throw exception;
}
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceTagsProcessor.createOrUpdate()");
}
}
Also used :
RangerTagDef(org.apache.ranger.plugin.model.RangerTagDef)
HashMap(java.util.HashMap)
RangerServiceResource(org.apache.ranger.plugin.model.RangerServiceResource)
ArrayList(java.util.ArrayList)
RangerServiceResourceSignature(org.apache.ranger.plugin.store.RangerServiceResourceSignature)
RangerTag(org.apache.ranger.plugin.model.RangerTag)
ArrayList(java.util.ArrayList)
List(java.util.List)
RangerTagResourceMap(org.apache.ranger.plugin.model.RangerTagResourceMap)
RangerTagResourceMap(org.apache.ranger.plugin.model.RangerTagResourceMap)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 25 with RangerServiceResource
use of org.apache.ranger.plugin.model.RangerServiceResource in project ranger by apache.
the class ServiceTagsProcessor method replace.
private void replace(ServiceTags serviceTags) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceTagsProcessor.replace()");
}
// Delete those service-resources which are in ranger database but not in provided service-tags
Map<String, RangerServiceResource> serviceResourcesInServiceTagsMap = new HashMap<String, RangerServiceResource>();
List<RangerServiceResource> serviceResourcesInServiceTags = serviceTags.getServiceResources();
for (RangerServiceResource rangerServiceResource : serviceResourcesInServiceTags) {
String guid = rangerServiceResource.getGuid();
if (serviceResourcesInServiceTagsMap.containsKey(guid)) {
LOG.warn("duplicate service-resource found: guid=" + guid);
}
serviceResourcesInServiceTagsMap.put(guid, rangerServiceResource);
}
List<String> serviceResourcesInDb = tagStore.getServiceResourceGuidsByService(serviceTags.getServiceName());
if (CollectionUtils.isNotEmpty(serviceResourcesInDb)) {
for (String dbServiceResourceGuid : serviceResourcesInDb) {
if (!serviceResourcesInServiceTagsMap.containsKey(dbServiceResourceGuid)) {
if (LOG.isDebugEnabled()) {
LOG.debug("Deleting serviceResource(guid=" + dbServiceResourceGuid + ") and its tag-associations...");
}
List<RangerTagResourceMap> tagResourceMaps = tagStore.getTagResourceMapsForResourceGuid(dbServiceResourceGuid);
if (CollectionUtils.isNotEmpty(tagResourceMaps)) {
for (RangerTagResourceMap tagResourceMap : tagResourceMaps) {
tagStore.deleteTagResourceMap(tagResourceMap.getId());
}
}
tagStore.deleteServiceResourceByGuid(dbServiceResourceGuid);
}
}
}
// Add/update resources and other tag-model objects provided in service-tags
addOrUpdate(serviceTags);
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceTagsProcessor.replace()");
}
}
Also used :
RangerServiceResource(org.apache.ranger.plugin.model.RangerServiceResource)
HashMap(java.util.HashMap)
RangerTagResourceMap(org.apache.ranger.plugin.model.RangerTagResourceMap)
Aggregations
RangerServiceResource (org.apache.ranger.plugin.model.RangerServiceResource)65
Test (org.junit.Test)42
HashMap (java.util.HashMap)37
RangerAtlasEntity (org.apache.ranger.tagsync.source.atlasrest.RangerAtlasEntity)30
WebApplicationException (javax.ws.rs.WebApplicationException)17
ExpectedException (org.junit.rules.ExpectedException)14
ArrayList (java.util.ArrayList)10
RangerTagResourceMap (org.apache.ranger.plugin.model.RangerTagResourceMap)7
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)5
Predicate (org.apache.commons.collections.Predicate)4
XXServiceResource (org.apache.ranger.entity.XXServiceResource)4
RangerTag (org.apache.ranger.plugin.model.RangerTag)4
Map (java.util.Map)3
Path (javax.ws.rs.Path)3
Produces (javax.ws.rs.Produces)3
RangerTagDef (org.apache.ranger.plugin.model.RangerTagDef)3
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)3
PUT (javax.ws.rs.PUT)2
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)2
RangerServiceResourceSignature (org.apache.ranger.plugin.store.RangerServiceResourceSignature)2
