Example 1 with RangerPolicyResourceMatcher
use of org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher in project ranger by apache.
the class ServiceDBStore method getMatchers.
List<RangerPolicyResourceMatcher> getMatchers(RangerServiceDef serviceDef, Map<String, String> filterResources, SearchFilter filter) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.getMatchers(filterResources=" + filterResources + ")");
}
List<RangerPolicyResourceMatcher> ret = new ArrayList<RangerPolicyResourceMatcher>();
RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef);
String policyTypeStr = filter.getParam(SearchFilter.POLICY_TYPE);
int[] policyTypes = RangerPolicy.POLICY_TYPES;
if (StringUtils.isNotBlank(policyTypeStr)) {
policyTypes = new int[1];
policyTypes[0] = Integer.parseInt(policyTypeStr);
}
for (Integer policyType : policyTypes) {
Set<List<RangerResourceDef>> validResourceHierarchies = serviceDefHelper.getResourceHierarchies(policyType, filterResources.keySet());
if (LOG.isDebugEnabled()) {
LOG.debug("Found " + validResourceHierarchies.size() + " valid resource hierarchies for key-set " + filterResources.keySet());
}
List<List<RangerResourceDef>> resourceHierarchies = new ArrayList<List<RangerResourceDef>>(validResourceHierarchies);
for (List<RangerResourceDef> validResourceHierarchy : resourceHierarchies) {
if (LOG.isDebugEnabled()) {
LOG.debug("validResourceHierarchy:[" + validResourceHierarchy + "]");
}
Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
for (RangerResourceDef resourceDef : validResourceHierarchy) {
policyResources.put(resourceDef.getName(), new RangerPolicyResource(filterResources.get(resourceDef.getName()), false, resourceDef.getRecursiveSupported()));
}
RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher();
matcher.setServiceDef(serviceDef);
matcher.setPolicyResources(policyResources, policyType);
matcher.init();
ret.add(matcher);
if (LOG.isDebugEnabled()) {
LOG.debug("Added matcher:[" + matcher + "]");
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.getMatchers(filterResources=" + filterResources + ", " + ", count=" + ret.size() + ")");
}
return ret;
}
Also used :
LinkedHashMap(java.util.LinkedHashMap)
HashMap(java.util.HashMap)
RangerDefaultPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher)
RangerPolicyResource(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)
ArrayList(java.util.ArrayList)
VXString(org.apache.ranger.view.VXString)
RangerPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher)
RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)
RangerServiceList(org.apache.ranger.view.RangerServiceList)
ArrayList(java.util.ArrayList)
VXPolicyLabelList(org.apache.ranger.view.VXPolicyLabelList)
List(java.util.List)
RangerExportPolicyList(org.apache.ranger.view.RangerExportPolicyList)
RangerPolicyList(org.apache.ranger.view.RangerPolicyList)
RangerServiceDefList(org.apache.ranger.view.RangerServiceDefList)
PList(org.apache.ranger.plugin.store.PList)
RangerResourceDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)
Example 2 with RangerPolicyResourceMatcher
use of org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher in project ranger by apache.
the class RangerRequestedResources method isMutuallyExcluded.
public boolean isMutuallyExcluded(final List<RangerPolicyResourceMatcher> matchers, final Map<String, Object> evalContext) {
boolean ret = true;
int matchedCount = 0;
if (!CollectionUtils.isEmpty(matchers) && !CollectionUtils.isEmpty(requestedResources) && requestedResources.size() > 1) {
for (RangerAccessResource resource : requestedResources) {
for (RangerPolicyResourceMatcher matcher : matchers) {
if (matcher.isMatch(resource, evalContext) && matchedCount++ > 0) {
ret = false;
break;
}
}
}
}
return ret;
}
Also used :
RangerPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher)
RangerAccessResource(org.apache.ranger.plugin.policyengine.RangerAccessResource)
Example 3 with RangerPolicyResourceMatcher
use of org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher in project ranger by apache.
the class RangerHiveResourcesAccessedTogetherCondition method initializeMatchers.
private void initializeMatchers(List<String> mutuallyExclusiveResources) {
for (String s : mutuallyExclusiveResources) {
String policyResourceSpec = s.trim();
RangerPolicyResourceMatcher matcher = buildMatcher(policyResourceSpec);
if (matcher != null) {
matchers.add(matcher);
}
}
}
Also used :
RangerPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher)
Example 4 with RangerPolicyResourceMatcher
use of org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher in project ranger by apache.
the class RangerHiveResourcesNotAccessedTogetherCondition method initializeMatchers.
private void initializeMatchers(List<String> mutuallyExclusiveResources) {
for (String s : mutuallyExclusiveResources) {
String policyResourceSpec = s.trim();
RangerPolicyResourceMatcher matcher = buildMatcher(policyResourceSpec);
if (matcher != null) {
matchers.add(matcher);
}
}
}
Also used :
RangerPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher)
Example 5 with RangerPolicyResourceMatcher
use of org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher in project ranger by apache.
the class RangerHiveResourcesNotAccessedTogetherCondition method buildMatcher.
private RangerPolicyResourceMatcher buildMatcher(String policyResourceSpec) {
RangerPolicyResourceMatcher matcher = null;
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerHiveResourcesNotAccessedTogetherCondition.buildMatcher(" + policyResourceSpec + ")");
}
// Works only for Hive serviceDef for now
if (serviceDef != null && EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HIVE_NAME.equals(serviceDef.getName())) {
// Parse policyResourceSpec
char separator = '.';
String any = "*";
Map<String, RangerPolicy.RangerPolicyResource> policyResources = new HashMap<>();
String[] elements = StringUtils.split(policyResourceSpec, separator);
RangerPolicy.RangerPolicyResource policyResource;
if (elements.length > 0 && elements.length < 4) {
if (elements.length == 3) {
policyResource = new RangerPolicy.RangerPolicyResource(elements[2]);
} else {
policyResource = new RangerPolicy.RangerPolicyResource(any);
}
policyResources.put("column", policyResource);
if (elements.length >= 2) {
policyResource = new RangerPolicy.RangerPolicyResource(elements[1]);
} else {
policyResource = new RangerPolicy.RangerPolicyResource(any);
}
policyResources.put("table", policyResource);
policyResource = new RangerPolicy.RangerPolicyResource(elements[0]);
policyResources.put("database", policyResource);
matcher = new RangerDefaultPolicyResourceMatcher();
matcher.setPolicyResources(policyResources);
matcher.setServiceDef(serviceDef);
matcher.init();
} else {
LOG.error("RangerHiveResourcesNotAccessedTogetherCondition.buildMatcher() - Incorrect elements in the hierarchy specified (" + elements.length + ")");
}
} else {
LOG.error("RangerHiveResourcesNotAccessedTogetherCondition.buildMatcher() - ServiceDef not set or ServiceDef is not for Hive");
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerHiveResourcesNotAccessedTogetherCondition.buildMatcher(" + policyResourceSpec + ")" + ", matcher=" + matcher);
}
return matcher;
}
Also used :
RangerPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
HashMap(java.util.HashMap)
RangerDefaultPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher)
Aggregations
RangerPolicyResourceMatcher (org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher)8
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)4
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
RangerDefaultPolicyResourceMatcher (org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher)3
LinkedHashMap (java.util.LinkedHashMap)1
List (java.util.List)1
RangerTagForEval (org.apache.ranger.plugin.contextenricher.RangerTagForEval)1
RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)1
RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)1
RangerServiceDefHelper (org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)1
RangerAccessResource (org.apache.ranger.plugin.policyengine.RangerAccessResource)1
RangerPolicyEvaluator (org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator)1
PList (org.apache.ranger.plugin.store.PList)1
RangerExportPolicyList (org.apache.ranger.view.RangerExportPolicyList)1
RangerPolicyList (org.apache.ranger.view.RangerPolicyList)1
RangerServiceDefList (org.apache.ranger.view.RangerServiceDefList)1
RangerServiceList (org.apache.ranger.view.RangerServiceList)1
VXPolicyLabelList (org.apache.ranger.view.VXPolicyLabelList)1
VXString (org.apache.ranger.view.VXString)1
