Example 11 with RangerServiceDefValidator
use of org.apache.ranger.plugin.model.validation.RangerServiceDefValidator in project ranger by apache.
the class PatchForHiveServiceDefUpdate_J10006 method updateHiveServiceDef.
private void updateHiveServiceDef() {
RangerServiceDef ret = null;
RangerServiceDef embeddedHiveServiceDef = null;
RangerServiceDef dbHiveServiceDef = null;
RangerDataMaskDef dataMaskDef = null;
RangerRowFilterDef rowFilterDef = null;
XXServiceDef xXServiceDefObj = null;
try {
embeddedHiveServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if (embeddedHiveServiceDef != null) {
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
Map<String, String> serviceDefOptionsPreUpdate = null;
String jsonStrPreUpdate = null;
if (xXServiceDefObj != null) {
jsonStrPreUpdate = xXServiceDefObj.getDefOptions();
serviceDefOptionsPreUpdate = jsonStringToMap(jsonStrPreUpdate);
xXServiceDefObj = null;
}
dataMaskDef = embeddedHiveServiceDef.getDataMaskDef();
rowFilterDef = embeddedHiveServiceDef.getRowFilterDef();
dbHiveServiceDef = svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if (dbHiveServiceDef != null) {
if (dataMaskDef != null) {
dbHiveServiceDef.setDataMaskDef(dataMaskDef);
}
if (rowFilterDef != null) {
dbHiveServiceDef.setRowFilterDef(rowFilterDef);
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbHiveServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbHiveServiceDef);
if (ret == null) {
logger.error("Error while updating " + SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME + "service-def");
System.exit(1);
}
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if (xXServiceDefObj != null) {
String jsonStrPostUpdate = xXServiceDefObj.getDefOptions();
Map<String, String> serviceDefOptionsPostUpdate = jsonStringToMap(jsonStrPostUpdate);
if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
if (serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
if (preUpdateValue == null) {
serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
} else {
serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
}
xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
daoMgr.getXXServiceDef().update(xXServiceDefObj);
}
}
}
}
}
} catch (Exception e) {
logger.error("Error while updating " + SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME + "service-def", e);
}
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
RangerDataMaskDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskDef)
RangerRowFilterDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerRowFilterDef)
RangerServiceDefValidator(org.apache.ranger.plugin.model.validation.RangerServiceDefValidator)
Example 12 with RangerServiceDefValidator
use of org.apache.ranger.plugin.model.validation.RangerServiceDefValidator in project ranger by apache.
the class PatchForHiveServiceDefUpdate_J10009 method updateHiveServiceDef.
private void updateHiveServiceDef() {
RangerServiceDef ret = null;
RangerServiceDef embeddedHiveServiceDef = null;
RangerServiceDef dbHiveServiceDef = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedHiveAccessTypes = null;
XXServiceDef xXServiceDefObj = null;
try {
embeddedHiveServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if (embeddedHiveServiceDef != null) {
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
Map<String, String> serviceDefOptionsPreUpdate = null;
String jsonStrPreUpdate = null;
if (xXServiceDefObj != null) {
jsonStrPreUpdate = xXServiceDefObj.getDefOptions();
serviceDefOptionsPreUpdate = jsonStringToMap(jsonStrPreUpdate);
xXServiceDefObj = null;
}
dbHiveServiceDef = svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if (dbHiveServiceDef != null) {
embeddedHiveAccessTypes = embeddedHiveServiceDef.getAccessTypes();
if (checkHiveAccessType(embeddedHiveAccessTypes)) {
// This is to check if HiveServiceDef AccessType has the new AccessType and if Present update the dbHiveServiceDef along with new Admin accessType.
dbHiveServiceDef.setAccessTypes(embeddedHiveAccessTypes);
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbHiveServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbHiveServiceDef);
if (ret == null) {
logger.error("Error while updating " + SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME + "service-def");
throw new RuntimeException("Error while updating " + SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME + "service-def");
}
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if (xXServiceDefObj != null) {
String jsonStrPostUpdate = xXServiceDefObj.getDefOptions();
Map<String, String> serviceDefOptionsPostUpdate = jsonStringToMap(jsonStrPostUpdate);
if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
if (serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
if (preUpdateValue == null) {
serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
} else {
serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
}
xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
daoMgr.getXXServiceDef().update(xXServiceDefObj);
}
}
}
}
}
} catch (Exception e) {
logger.error("Error while updating " + SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME + "service-def", e);
}
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
RangerServiceDefValidator(org.apache.ranger.plugin.model.validation.RangerServiceDefValidator)
Example 13 with RangerServiceDefValidator
use of org.apache.ranger.plugin.model.validation.RangerServiceDefValidator in project ranger by apache.
the class PatchForHiveServiceDefUpdate_J10017 method updateServiceDef.
private boolean updateServiceDef(RangerServiceDef serviceDef, RangerServiceDef embeddedHiveServiceDef) throws Exception {
boolean ret = false;
List<RangerServiceDef.RangerResourceDef> embeddedHiveResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedHiveAccessTypes = null;
embeddedHiveResourceDefs = embeddedHiveServiceDef.getResources();
embeddedHiveAccessTypes = embeddedHiveServiceDef.getAccessTypes();
if (checkHiveGlobalresourcePresent(embeddedHiveResourceDefs)) {
// This is to check if HIVESERVICE def is added to the resource definition, if so update the resource def and accessType def
if (embeddedHiveResourceDefs != null) {
serviceDef.setResources(embeddedHiveResourceDefs);
}
if (embeddedHiveAccessTypes != null) {
if (!embeddedHiveAccessTypes.toString().equalsIgnoreCase(serviceDef.getAccessTypes().toString())) {
serviceDef.setAccessTypes(embeddedHiveAccessTypes);
}
}
ret = true;
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(serviceDef, Action.UPDATE);
svcStore.updateServiceDef(serviceDef);
return ret;
}
Also used :
RangerServiceDefValidator(org.apache.ranger.plugin.model.validation.RangerServiceDefValidator)
Example 14 with RangerServiceDefValidator
use of org.apache.ranger.plugin.model.validation.RangerServiceDefValidator in project ranger by apache.
the class PatchForOzoneServiceDefUpdate_J10041 method updateOzoneServiceDef.
private boolean updateOzoneServiceDef() throws Exception {
RangerServiceDef ret;
RangerServiceDef embeddedOzoneServiceDef;
RangerServiceDef dbOzoneServiceDef;
List<RangerServiceDef.RangerServiceConfigDef> embeddedOzoneConfigDefs;
List<RangerServiceDef.RangerResourceDef> embeddedOzoneResourceDefs;
List<RangerServiceDef.RangerAccessTypeDef> embeddedOzoneAccessTypes;
XXServiceDef xXServiceDefObj;
embeddedOzoneServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_OZONE_NAME);
if (embeddedOzoneServiceDef != null) {
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_OZONE_NAME);
Map<String, String> serviceDefOptionsPreUpdate;
String jsonPreUpdate;
if (xXServiceDefObj != null) {
jsonPreUpdate = xXServiceDefObj.getDefOptions();
serviceDefOptionsPreUpdate = jsonStringToMap(jsonPreUpdate);
} else {
logger.error("Ozone service-definition does not exist in the Ranger DAO.");
return false;
}
dbOzoneServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_OZONE_NAME);
if (dbOzoneServiceDef != null) {
// Remove old Ozone configs
embeddedOzoneConfigDefs = embeddedOzoneServiceDef.getConfigs();
if (checkNotConfigPresent(embeddedOzoneConfigDefs)) {
dbOzoneServiceDef.setConfigs(embeddedOzoneConfigDefs);
}
// Update volume resource with recursive flag false and key resource with recursive flag true
embeddedOzoneResourceDefs = embeddedOzoneServiceDef.getResources();
if (checkVolKeyResUpdate(embeddedOzoneResourceDefs)) {
dbOzoneServiceDef.setResources(embeddedOzoneResourceDefs);
}
// Add new access types
embeddedOzoneAccessTypes = embeddedOzoneServiceDef.getAccessTypes();
if (embeddedOzoneAccessTypes != null) {
if (checkAccessTypesPresent(embeddedOzoneAccessTypes)) {
if (!embeddedOzoneAccessTypes.toString().equalsIgnoreCase(dbOzoneServiceDef.getAccessTypes().toString())) {
dbOzoneServiceDef.setAccessTypes(embeddedOzoneAccessTypes);
}
}
}
} else {
logger.error("Ozone service-definition does not exist in the db store.");
return false;
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcDBStore);
validator.validate(dbOzoneServiceDef, RangerValidator.Action.UPDATE);
ret = svcDBStore.updateServiceDef(dbOzoneServiceDef);
if (ret == null) {
throw new RuntimeException("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_OZONE_NAME + " service-def");
}
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_OZONE_NAME);
if (xXServiceDefObj != null) {
String jsonStrPostUpdate = xXServiceDefObj.getDefOptions();
Map<String, String> serviceDefOptionsPostUpdate = jsonStringToMap(jsonStrPostUpdate);
if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
if (serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
if (preUpdateValue == null) {
serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
} else {
serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
}
xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
daoMgr.getXXServiceDef().update(xXServiceDefObj);
}
}
} else {
logger.error("Ozone service-definition does not exist in the Ranger DAO.");
return false;
}
List<XXService> dbServices = daoMgr.getXXService().findByServiceDefId(embeddedOzoneServiceDef.getId());
if (CollectionUtils.isNotEmpty(dbServices)) {
for (XXService dbService : dbServices) {
SearchFilter filter = new SearchFilter();
filter.setParam(SearchFilter.SERVICE_NAME, dbService.getName());
updateExisitngOzonePolicies(svcDBStore.getServicePolicies(dbService.getId(), filter));
}
}
} else {
logger.error("The embedded Ozone service-definition does not exist.");
return false;
}
return true;
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
SearchFilter(org.apache.ranger.plugin.util.SearchFilter)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
XXService(org.apache.ranger.entity.XXService)
RangerServiceDefValidator(org.apache.ranger.plugin.model.validation.RangerServiceDefValidator)
Example 15 with RangerServiceDefValidator
use of org.apache.ranger.plugin.model.validation.RangerServiceDefValidator in project ranger by apache.
the class PatchForAtlasAdminAudits_J10043 method addAdminAuditsPermissionInServiceDef.
private void addAdminAuditsPermissionInServiceDef() throws Exception {
RangerServiceDef ret = null;
RangerServiceDef embeddedAtlasServiceDef = null;
XXServiceDef xXServiceDefObj = null;
RangerServiceDef dbAtlasServiceDef = null;
List<RangerServiceDef.RangerResourceDef> embeddedAtlasResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedAtlasAccessTypes = null;
embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
if (embeddedAtlasServiceDef != null) {
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
if (xXServiceDefObj == null) {
logger.info(xXServiceDefObj + ": service-def not found. No patching is needed");
return;
}
dbAtlasServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
embeddedAtlasResourceDefs = embeddedAtlasServiceDef.getResources();
embeddedAtlasAccessTypes = embeddedAtlasServiceDef.getAccessTypes();
if (checkResourcePresent(embeddedAtlasResourceDefs)) {
dbAtlasServiceDef.setResources(embeddedAtlasResourceDefs);
if (checkAccessPresent(embeddedAtlasAccessTypes)) {
dbAtlasServiceDef.setAccessTypes(embeddedAtlasAccessTypes);
}
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbAtlasServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbAtlasServiceDef);
if (ret == null) {
logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def");
throw new RuntimeException("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def");
}
}
}
Also used :
RangerAccessTypeDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef)
RangerServiceDefValidator(org.apache.ranger.plugin.model.validation.RangerServiceDefValidator)
Aggregations
RangerServiceDefValidator (org.apache.ranger.plugin.model.validation.RangerServiceDefValidator)25
RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)21
XXServiceDef (org.apache.ranger.entity.XXServiceDef)18
RangerAccessTypeDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)5
Path (javax.ws.rs.Path)3
Produces (javax.ws.rs.Produces)3
WebApplicationException (javax.ws.rs.WebApplicationException)3
XXResourceDef (org.apache.ranger.entity.XXResourceDef)2
RangerDataMaskDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskDef)2
RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)2
RangerRowFilterDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerRowFilterDef)2
RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)2
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)2
JsonSyntaxException (com.google.gson.JsonSyntaxException)1
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
DELETE (javax.ws.rs.DELETE)1
POST (javax.ws.rs.POST)1
PUT (javax.ws.rs.PUT)1
XXAccessTypeDefDao (org.apache.ranger.db.XXAccessTypeDefDao)1
