Example 6 with RangerServiceDefHelper
use of org.apache.ranger.plugin.model.validation.RangerServiceDefHelper in project ranger by apache.
the class ServiceDBStore method updateServiceDef.
@Override
public RangerServiceDef updateServiceDef(RangerServiceDef serviceDef) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.updateServiceDef(" + serviceDef + ")");
}
Long serviceDefId = serviceDef.getId();
XXServiceDef existing = daoMgr.getXXServiceDef().getById(serviceDefId);
if (existing == null) {
throw restErrorUtil.createRESTException("no service-def exists with ID=" + serviceDef.getId(), MessageEnums.DATA_NOT_FOUND);
}
String existingName = existing.getName();
boolean renamed = !StringUtils.equalsIgnoreCase(serviceDef.getName(), existingName);
if (renamed) {
XXServiceDef renamedSVCDef = daoMgr.getXXServiceDef().findByName(serviceDef.getName());
if (renamedSVCDef != null) {
throw restErrorUtil.createRESTException("another service-def already exists with name '" + serviceDef.getName() + "'. ID=" + renamedSVCDef.getId(), MessageEnums.DATA_NOT_UPDATABLE);
}
}
List<RangerServiceConfigDef> configs = serviceDef.getConfigs() != null ? serviceDef.getConfigs() : new ArrayList<RangerServiceConfigDef>();
List<RangerResourceDef> resources = serviceDef.getResources() != null ? serviceDef.getResources() : new ArrayList<RangerResourceDef>();
List<RangerAccessTypeDef> accessTypes = serviceDef.getAccessTypes() != null ? serviceDef.getAccessTypes() : new ArrayList<RangerAccessTypeDef>();
List<RangerPolicyConditionDef> policyConditions = serviceDef.getPolicyConditions() != null ? serviceDef.getPolicyConditions() : new ArrayList<RangerPolicyConditionDef>();
List<RangerContextEnricherDef> contextEnrichers = serviceDef.getContextEnrichers() != null ? serviceDef.getContextEnrichers() : new ArrayList<RangerContextEnricherDef>();
List<RangerEnumDef> enums = serviceDef.getEnums() != null ? serviceDef.getEnums() : new ArrayList<RangerEnumDef>();
RangerDataMaskDef dataMaskDef = serviceDef.getDataMaskDef();
RangerRowFilterDef rowFilterDef = serviceDef.getRowFilterDef();
RangerServiceDefHelper defHelper = new RangerServiceDefHelper(serviceDef, false);
defHelper.patchServiceDefWithDefaultValues();
serviceDef.setCreateTime(existing.getCreateTime());
serviceDef.setGuid(existing.getGuid());
serviceDef.setVersion(existing.getVersion());
serviceDef = serviceDefService.update(serviceDef);
XXServiceDef createdSvcDef = daoMgr.getXXServiceDef().getById(serviceDefId);
updateChildObjectsOfServiceDef(createdSvcDef, configs, resources, accessTypes, policyConditions, contextEnrichers, enums, dataMaskDef, rowFilterDef);
RangerServiceDef updatedSvcDef = getServiceDef(serviceDefId);
dataHistService.createObjectDataHistory(updatedSvcDef, RangerDataHistService.ACTION_UPDATE);
postUpdate(updatedSvcDef);
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.updateServiceDef(" + serviceDef + "): " + serviceDef);
}
return updatedSvcDef;
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
RangerDataMaskDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskDef)
RangerEnumDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)
VXString(org.apache.ranger.view.VXString)
RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)
RangerRowFilterDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerRowFilterDef)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
RangerServiceConfigDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)
RangerAccessTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)
RangerContextEnricherDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)
RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
Example 7 with RangerServiceDefHelper
use of org.apache.ranger.plugin.model.validation.RangerServiceDefHelper in project ranger by apache.
the class ServiceDBStore method createServiceDef.
@Override
public RangerServiceDef createServiceDef(RangerServiceDef serviceDef) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.createServiceDef(" + serviceDef + ")");
}
XXServiceDef xServiceDef = daoMgr.getXXServiceDef().findByName(serviceDef.getName());
if (xServiceDef != null) {
throw restErrorUtil.createRESTException("service-def with name: " + serviceDef.getName() + " already exists", MessageEnums.ERROR_DUPLICATE_OBJECT);
}
List<RangerServiceConfigDef> configs = serviceDef.getConfigs();
List<RangerResourceDef> resources = serviceDef.getResources();
List<RangerAccessTypeDef> accessTypes = serviceDef.getAccessTypes();
List<RangerPolicyConditionDef> policyConditions = serviceDef.getPolicyConditions();
List<RangerContextEnricherDef> contextEnrichers = serviceDef.getContextEnrichers();
List<RangerEnumDef> enums = serviceDef.getEnums();
RangerDataMaskDef dataMaskDef = serviceDef.getDataMaskDef();
RangerRowFilterDef rowFilterDef = serviceDef.getRowFilterDef();
List<RangerDataMaskTypeDef> dataMaskTypes = dataMaskDef == null || dataMaskDef.getMaskTypes() == null ? new ArrayList<RangerDataMaskTypeDef>() : dataMaskDef.getMaskTypes();
List<RangerAccessTypeDef> dataMaskAccessTypes = dataMaskDef == null || dataMaskDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : dataMaskDef.getAccessTypes();
List<RangerResourceDef> dataMaskResources = dataMaskDef == null || dataMaskDef.getResources() == null ? new ArrayList<RangerResourceDef>() : dataMaskDef.getResources();
List<RangerAccessTypeDef> rowFilterAccessTypes = rowFilterDef == null || rowFilterDef.getAccessTypes() == null ? new ArrayList<RangerAccessTypeDef>() : rowFilterDef.getAccessTypes();
List<RangerResourceDef> rowFilterResources = rowFilterDef == null || rowFilterDef.getResources() == null ? new ArrayList<RangerResourceDef>() : rowFilterDef.getResources();
RangerServiceDefHelper defHelper = new RangerServiceDefHelper(serviceDef, false);
defHelper.patchServiceDefWithDefaultValues();
// While creating, value of version should be 1.
serviceDef.setVersion(Long.valueOf(1));
if (populateExistingBaseFields) {
svcDefServiceWithAssignedId.setPopulateExistingBaseFields(true);
daoMgr.getXXServiceDef().setIdentityInsert(true);
svcDefServiceWithAssignedId.create(serviceDef);
svcDefServiceWithAssignedId.setPopulateExistingBaseFields(false);
daoMgr.getXXServiceDef().updateSequence();
daoMgr.getXXServiceDef().setIdentityInsert(false);
} else {
// following fields will be auto populated
serviceDef.setId(null);
serviceDef.setCreateTime(null);
serviceDef.setUpdateTime(null);
serviceDef = serviceDefService.create(serviceDef);
}
Long serviceDefId = serviceDef.getId();
XXServiceDef createdSvcDef = daoMgr.getXXServiceDef().getById(serviceDefId);
XXServiceConfigDefDao xxServiceConfigDao = daoMgr.getXXServiceConfigDef();
for (int i = 0; i < configs.size(); i++) {
RangerServiceConfigDef config = configs.get(i);
XXServiceConfigDef xConfig = new XXServiceConfigDef();
xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xConfig.setOrder(i);
xConfig = xxServiceConfigDao.create(xConfig);
}
XXResourceDefDao xxResDefDao = daoMgr.getXXResourceDef();
for (int i = 0; i < resources.size(); i++) {
RangerResourceDef resource = resources.get(i);
XXResourceDef parent = xxResDefDao.findByNameAndServiceDefId(resource.getParent(), serviceDefId);
Long parentId = (parent != null) ? parent.getId() : null;
XXResourceDef xResource = new XXResourceDef();
xResource = serviceDefService.populateRangerResourceDefToXX(resource, xResource, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xResource.setOrder(i);
xResource.setParent(parentId);
xResource = xxResDefDao.create(xResource);
}
XXAccessTypeDefDao xxATDDao = daoMgr.getXXAccessTypeDef();
for (int i = 0; i < accessTypes.size(); i++) {
RangerAccessTypeDef accessType = accessTypes.get(i);
XXAccessTypeDef xAccessType = new XXAccessTypeDef();
xAccessType = serviceDefService.populateRangerAccessTypeDefToXX(accessType, xAccessType, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xAccessType.setOrder(i);
xAccessType = xxATDDao.create(xAccessType);
Collection<String> impliedGrants = accessType.getImpliedGrants();
XXAccessTypeDefGrantsDao xxATDGrantDao = daoMgr.getXXAccessTypeDefGrants();
for (String impliedGrant : impliedGrants) {
XXAccessTypeDefGrants xImpliedGrant = new XXAccessTypeDefGrants();
xImpliedGrant.setAtdId(xAccessType.getId());
xImpliedGrant.setImpliedGrant(impliedGrant);
xImpliedGrant = xxATDGrantDao.create(xImpliedGrant);
}
}
XXPolicyConditionDefDao xxPolCondDao = daoMgr.getXXPolicyConditionDef();
for (int i = 0; i < policyConditions.size(); i++) {
RangerPolicyConditionDef policyCondition = policyConditions.get(i);
XXPolicyConditionDef xPolicyCondition = new XXPolicyConditionDef();
xPolicyCondition = serviceDefService.populateRangerPolicyConditionDefToXX(policyCondition, xPolicyCondition, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xPolicyCondition.setOrder(i);
xPolicyCondition = xxPolCondDao.create(xPolicyCondition);
}
XXContextEnricherDefDao xxContextEnricherDao = daoMgr.getXXContextEnricherDef();
for (int i = 0; i < contextEnrichers.size(); i++) {
RangerContextEnricherDef contextEnricher = contextEnrichers.get(i);
XXContextEnricherDef xContextEnricher = new XXContextEnricherDef();
xContextEnricher = serviceDefService.populateRangerContextEnricherDefToXX(contextEnricher, xContextEnricher, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xContextEnricher.setOrder(i);
xContextEnricher = xxContextEnricherDao.create(xContextEnricher);
}
XXEnumDefDao xxEnumDefDao = daoMgr.getXXEnumDef();
for (RangerEnumDef vEnum : enums) {
XXEnumDef xEnum = new XXEnumDef();
xEnum = serviceDefService.populateRangerEnumDefToXX(vEnum, xEnum, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xEnum = xxEnumDefDao.create(xEnum);
List<RangerEnumElementDef> elements = vEnum.getElements();
XXEnumElementDefDao xxEnumEleDefDao = daoMgr.getXXEnumElementDef();
for (int i = 0; i < elements.size(); i++) {
RangerEnumElementDef element = elements.get(i);
XXEnumElementDef xElement = new XXEnumElementDef();
xElement = serviceDefService.populateRangerEnumElementDefToXX(element, xElement, xEnum, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xElement.setOrder(i);
xElement = xxEnumEleDefDao.create(xElement);
}
}
XXDataMaskTypeDefDao xxDataMaskDefDao = daoMgr.getXXDataMaskTypeDef();
for (int i = 0; i < dataMaskTypes.size(); i++) {
RangerDataMaskTypeDef dataMask = dataMaskTypes.get(i);
XXDataMaskTypeDef xDataMaskDef = new XXDataMaskTypeDef();
xDataMaskDef = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xDataMaskDef, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
xDataMaskDef.setOrder(i);
xDataMaskDef = xxDataMaskDefDao.create(xDataMaskDef);
}
List<XXAccessTypeDef> xxAccessTypeDefs = xxATDDao.findByServiceDefId(createdSvcDef.getId());
for (RangerAccessTypeDef accessType : dataMaskAccessTypes) {
if (!isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
throw restErrorUtil.createRESTException("accessType with name: " + accessType.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (RangerAccessTypeDef accessType : rowFilterAccessTypes) {
if (!isAccessTypeInList(accessType.getName(), xxAccessTypeDefs)) {
throw restErrorUtil.createRESTException("accessType with name: " + accessType.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) {
String dataMaskOptions = null;
String rowFilterOptions = null;
for (RangerAccessTypeDef accessTypeDef : dataMaskAccessTypes) {
if (StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
break;
}
}
for (RangerAccessTypeDef accessTypeDef : rowFilterAccessTypes) {
if (StringUtils.equals(accessTypeDef.getName(), xxAccessTypeDef.getName())) {
rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(accessTypeDef);
break;
}
}
if (!StringUtils.equals(dataMaskOptions, xxAccessTypeDef.getDataMaskOptions()) || !StringUtils.equals(rowFilterOptions, xxAccessTypeDef.getRowFilterOptions())) {
xxAccessTypeDef.setDataMaskOptions(dataMaskOptions);
xxAccessTypeDef.setRowFilterOptions(rowFilterOptions);
xxATDDao.update(xxAccessTypeDef);
}
}
List<XXResourceDef> xxResourceDefs = xxResDefDao.findByServiceDefId(createdSvcDef.getId());
for (RangerResourceDef resource : dataMaskResources) {
if (!isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: " + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (RangerResourceDef resource : rowFilterResources) {
if (!isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: " + resource.getName() + " does not exists", MessageEnums.DATA_NOT_FOUND);
}
}
for (XXResourceDef xxResourceDef : xxResourceDefs) {
String dataMaskOptions = null;
String rowFilterOptions = null;
for (RangerResourceDef resource : dataMaskResources) {
if (StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
dataMaskOptions = svcDefServiceWithAssignedId.objectToJson(resource);
break;
}
}
for (RangerResourceDef resource : rowFilterResources) {
if (StringUtils.equals(resource.getName(), xxResourceDef.getName())) {
rowFilterOptions = svcDefServiceWithAssignedId.objectToJson(resource);
break;
}
}
if (!StringUtils.equals(dataMaskOptions, xxResourceDef.getDataMaskOptions()) || !StringUtils.equals(rowFilterOptions, xxResourceDef.getRowFilterOptions())) {
xxResourceDef.setDataMaskOptions(dataMaskOptions);
xxResourceDef.setRowFilterOptions(rowFilterOptions);
xxResDefDao.update(xxResourceDef);
}
}
RangerServiceDef createdServiceDef = serviceDefService.getPopulatedViewObject(createdSvcDef);
dataHistService.createObjectDataHistory(createdServiceDef, RangerDataHistService.ACTION_CREATE);
postCreate(createdServiceDef);
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.createServiceDef(" + serviceDef + "): " + createdServiceDef);
}
return createdServiceDef;
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
XXDataMaskTypeDefDao(org.apache.ranger.db.XXDataMaskTypeDefDao)
RangerDataMaskDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskDef)
XXPolicyConditionDefDao(org.apache.ranger.db.XXPolicyConditionDefDao)
RangerEnumDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)
XXEnumElementDefDao(org.apache.ranger.db.XXEnumElementDefDao)
RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)
RangerRowFilterDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerRowFilterDef)
XXAccessTypeDefDao(org.apache.ranger.db.XXAccessTypeDefDao)
VXString(org.apache.ranger.view.VXString)
XXAccessTypeDefGrants(org.apache.ranger.entity.XXAccessTypeDefGrants)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
XXEnumDefDao(org.apache.ranger.db.XXEnumDefDao)
XXDataMaskTypeDef(org.apache.ranger.entity.XXDataMaskTypeDef)
XXAccessTypeDef(org.apache.ranger.entity.XXAccessTypeDef)
XXServiceConfigDef(org.apache.ranger.entity.XXServiceConfigDef)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
RangerServiceConfigDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)
XXResourceDefDao(org.apache.ranger.db.XXResourceDefDao)
RangerEnumElementDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef)
RangerDataMaskTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskTypeDef)
XXResourceDef(org.apache.ranger.entity.XXResourceDef)
XXAccessTypeDefGrantsDao(org.apache.ranger.db.XXAccessTypeDefGrantsDao)
RangerAccessTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)
XXEnumElementDef(org.apache.ranger.entity.XXEnumElementDef)
RangerContextEnricherDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)
RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)
XXEnumDef(org.apache.ranger.entity.XXEnumDef)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
XXServiceConfigDefDao(org.apache.ranger.db.XXServiceConfigDefDao)
XXContextEnricherDef(org.apache.ranger.entity.XXContextEnricherDef)
XXContextEnricherDefDao(org.apache.ranger.db.XXContextEnricherDefDao)
Example 8 with RangerServiceDefHelper
use of org.apache.ranger.plugin.model.validation.RangerServiceDefHelper in project ranger by apache.
the class RangerPolicyRepository method init.
private void init(RangerPolicyEngineOptions options) {
RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef, false);
options.setServiceDefHelper(serviceDefHelper);
List<RangerPolicyEvaluator> policyEvaluators = new ArrayList<>();
List<RangerPolicyEvaluator> dataMaskPolicyEvaluators = new ArrayList<>();
List<RangerPolicyEvaluator> rowFilterPolicyEvaluators = new ArrayList<>();
for (RangerPolicy policy : policies) {
if (skipBuildingPolicyEvaluator(policy, options)) {
continue;
}
RangerPolicyEvaluator evaluator = buildPolicyEvaluator(policy, serviceDef, options);
if (evaluator != null) {
if (policy.getPolicyType() == null || policy.getPolicyType() == RangerPolicy.POLICY_TYPE_ACCESS) {
policyEvaluators.add(evaluator);
} else if (policy.getPolicyType() == RangerPolicy.POLICY_TYPE_DATAMASK) {
dataMaskPolicyEvaluators.add(evaluator);
} else if (policy.getPolicyType() == RangerPolicy.POLICY_TYPE_ROWFILTER) {
rowFilterPolicyEvaluators.add(evaluator);
} else {
LOG.warn("RangerPolicyEngine: ignoring policy id=" + policy.getId() + " - invalid policyType '" + policy.getPolicyType() + "'");
}
}
}
RangerPolicyEvaluator.PolicyEvalOrderComparator comparator = new RangerPolicyEvaluator.PolicyEvalOrderComparator();
Collections.sort(policyEvaluators, comparator);
this.policyEvaluators = Collections.unmodifiableList(policyEvaluators);
Collections.sort(dataMaskPolicyEvaluators, comparator);
this.dataMaskPolicyEvaluators = Collections.unmodifiableList(dataMaskPolicyEvaluators);
Collections.sort(rowFilterPolicyEvaluators, comparator);
this.rowFilterPolicyEvaluators = Collections.unmodifiableList(rowFilterPolicyEvaluators);
List<RangerContextEnricher> contextEnrichers = new ArrayList<RangerContextEnricher>();
if (CollectionUtils.isNotEmpty(this.policyEvaluators) || CollectionUtils.isNotEmpty(this.dataMaskPolicyEvaluators) || CollectionUtils.isNotEmpty(this.rowFilterPolicyEvaluators)) {
if (CollectionUtils.isNotEmpty(serviceDef.getContextEnrichers())) {
for (RangerServiceDef.RangerContextEnricherDef enricherDef : serviceDef.getContextEnrichers()) {
if (enricherDef == null) {
continue;
}
if (!options.disableContextEnrichers || options.enableTagEnricherWithLocalRefresher && StringUtils.equals(enricherDef.getEnricher(), RangerTagEnricher.class.getName())) {
// This will be true only if the engine is initialized within ranger-admin
RangerServiceDef.RangerContextEnricherDef contextEnricherDef = enricherDef;
if (options.enableTagEnricherWithLocalRefresher && StringUtils.equals(enricherDef.getEnricher(), RangerTagEnricher.class.getName())) {
contextEnricherDef = new RangerServiceDef.RangerContextEnricherDef(enricherDef.getItemId(), enricherDef.getName(), "org.apache.ranger.common.RangerAdminTagEnricher", null);
}
RangerContextEnricher contextEnricher = buildContextEnricher(contextEnricherDef);
if (contextEnricher != null) {
contextEnrichers.add(contextEnricher);
}
}
}
}
}
this.contextEnrichers = Collections.unmodifiableList(contextEnrichers);
if (LOG.isDebugEnabled()) {
LOG.debug("policy evaluation order: " + this.policyEvaluators.size() + " policies");
int order = 0;
for (RangerPolicyEvaluator policyEvaluator : this.policyEvaluators) {
RangerPolicy policy = policyEvaluator.getPolicy();
LOG.debug("policy evaluation order: #" + (++order) + " - policy id=" + policy.getId() + "; name=" + policy.getName() + "; evalOrder=" + policyEvaluator.getEvalOrder());
}
LOG.debug("dataMask policy evaluation order: " + this.dataMaskPolicyEvaluators.size() + " policies");
order = 0;
for (RangerPolicyEvaluator policyEvaluator : this.dataMaskPolicyEvaluators) {
RangerPolicy policy = policyEvaluator.getPolicy();
LOG.debug("dataMask policy evaluation order: #" + (++order) + " - policy id=" + policy.getId() + "; name=" + policy.getName() + "; evalOrder=" + policyEvaluator.getEvalOrder());
}
LOG.debug("rowFilter policy evaluation order: " + this.rowFilterPolicyEvaluators.size() + " policies");
order = 0;
for (RangerPolicyEvaluator policyEvaluator : this.rowFilterPolicyEvaluators) {
RangerPolicy policy = policyEvaluator.getPolicy();
LOG.debug("rowFilter policy evaluation order: #" + (++order) + " - policy id=" + policy.getId() + "; name=" + policy.getName() + "; evalOrder=" + policyEvaluator.getEvalOrder());
}
}
}
Also used :
ArrayList(java.util.ArrayList)
RangerContextEnricher(org.apache.ranger.plugin.contextenricher.RangerContextEnricher)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)
RangerPolicyEvaluator(org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator)
RangerTagEnricher(org.apache.ranger.plugin.contextenricher.RangerTagEnricher)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
Example 9 with RangerServiceDefHelper
use of org.apache.ranger.plugin.model.validation.RangerServiceDefHelper in project ranger by apache.
the class RangerDefaultPolicyResourceMatcher method init.
@Override
public void init() {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultPolicyResourceMatcher.init()");
}
allMatchers = null;
needsDynamicEval = false;
validResourceHierarchy = null;
isInitialized = false;
String errorText = "";
RangerPerfTracer perf = null;
if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_RESOURCE_MATCHER_INIT_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_RESOURCE_MATCHER_INIT_LOG, "RangerDefaultPolicyResourceMatcher.init()");
}
if (policyResources != null && !policyResources.isEmpty() && serviceDef != null) {
serviceDefHelper = serviceDefHelper == null ? new RangerServiceDefHelper(serviceDef, false) : serviceDefHelper;
Set<List<RangerResourceDef>> resourceHierarchies = serviceDefHelper.getResourceHierarchies(policyType, policyResources.keySet());
int validHierarchiesCount = 0;
for (List<RangerResourceDef> resourceHierarchy : resourceHierarchies) {
if (isHierarchyValidForResources(resourceHierarchy, policyResources)) {
validHierarchiesCount++;
if (validHierarchiesCount == 1) {
validResourceHierarchy = resourceHierarchy;
} else {
validResourceHierarchy = null;
}
} else {
LOG.warn("RangerDefaultPolicyResourceMatcher.init(): gaps found in policyResources, skipping hierarchy:[" + resourceHierarchies + "]");
}
}
if (validHierarchiesCount > 0) {
allMatchers = new HashMap<>();
for (List<RangerResourceDef> resourceHierarchy : resourceHierarchies) {
for (RangerResourceDef resourceDef : resourceHierarchy) {
String resourceName = resourceDef.getName();
if (allMatchers.containsKey(resourceName)) {
continue;
}
RangerPolicyResource policyResource = policyResources.get(resourceName);
if (policyResource == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("RangerDefaultPolicyResourceMatcher.init(): no matcher created for " + resourceName + ". Continuing ...");
}
continue;
}
RangerResourceMatcher matcher = createResourceMatcher(resourceDef, policyResource);
if (matcher != null) {
if (!needsDynamicEval && matcher.getNeedsDynamicEval()) {
needsDynamicEval = true;
}
allMatchers.put(resourceName, matcher);
} else {
LOG.error("RangerDefaultPolicyResourceMatcher.init(): failed to find matcher for resource " + resourceName);
allMatchers = null;
errorText = "no matcher found for resource " + resourceName;
break;
}
}
if (allMatchers == null) {
break;
}
}
} else {
errorText = "policyResources elements are not part of any valid resourcedef hierarchy.";
}
} else {
errorText = "policyResources is null or empty, or serviceDef is null.";
}
if (allMatchers == null) {
serviceDefHelper = null;
validResourceHierarchy = null;
Set<String> policyResourceKeys = policyResources == null ? null : policyResources.keySet();
String serviceDefName = serviceDef == null ? "" : serviceDef.getName();
StringBuilder keysString = new StringBuilder();
if (CollectionUtils.isNotEmpty(policyResourceKeys)) {
for (String policyResourceKeyName : policyResourceKeys) {
keysString.append(policyResourceKeyName).append(" ");
}
}
LOG.error("RangerDefaultPolicyResourceMatcher.init() failed: " + errorText + " (serviceDef=" + serviceDefName + ", policyResourceKeys=" + keysString.toString());
} else {
isInitialized = true;
}
RangerPerfTracer.log(perf);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultPolicyResourceMatcher.init(): ret=" + isInitialized);
}
}
Also used :
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)
RangerResourceMatcher(org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher)
List(java.util.List)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
Aggregations
RangerServiceDefHelper (org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)9
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)7
ArrayList (java.util.ArrayList)4
RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)4
VXString (org.apache.ranger.view.VXString)4
HashMap (java.util.HashMap)3
List (java.util.List)3
XXServiceDef (org.apache.ranger.entity.XXServiceDef)3
LinkedHashMap (java.util.LinkedHashMap)2
Map (java.util.Map)2
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)2
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)2
RangerAccessTypeDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)2
RangerContextEnricherDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef)2
RangerDataMaskDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskDef)2
RangerEnumDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)2
RangerPolicyConditionDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)2
RangerRowFilterDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerRowFilterDef)2
RangerServiceConfigDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef)2
RangerDefaultPolicyResourceMatcher (org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher)2
