Examples with RangerResourceTrie org.apache.ranger.plugin.util.RangerResourceTrie used on opensource projects

Search in sources :

Example 1 with RangerResourceTrie

use of org.apache.ranger.plugin.util.RangerResourceTrie in project ranger by apache.

the class RangerTagEnricher method setServiceTags.

public void setServiceTags(final ServiceTags serviceTags) {
    if (serviceTags == null || CollectionUtils.isEmpty(serviceTags.getServiceResources())) {
        LOG.info("ServiceTags is null or there are no tagged resources for service " + serviceName);
        enrichedServiceTags = null;
    } else {
        List<RangerServiceResourceMatcher> resourceMatchers = new ArrayList<>();
        RangerServiceDefHelper serviceDefHelper = new RangerServiceDefHelper(serviceDef, false);
        List<RangerServiceResource> serviceResources = serviceTags.getServiceResources();
        ResourceHierarchies hierarchies = new ResourceHierarchies();
        for (RangerServiceResource serviceResource : serviceResources) {
            final Collection<String> resourceKeys = serviceResource.getResourceElements().keySet();
            for (int policyType : RangerPolicy.POLICY_TYPES) {
                Boolean isValidHierarchy = hierarchies.isValidHierarchy(policyType, resourceKeys);
                if (isValidHierarchy == null) {
                    // hierarchy not yet validated
                    isValidHierarchy = Boolean.FALSE;
                    for (List<RangerServiceDef.RangerResourceDef> hierarchy : serviceDefHelper.getResourceHierarchies(policyType)) {
                        if (serviceDefHelper.hierarchyHasAllResources(hierarchy, resourceKeys)) {
                            isValidHierarchy = Boolean.TRUE;
                            break;
                        }
                    }
                    hierarchies.addHierarchy(policyType, resourceKeys, isValidHierarchy);
                }
                if (isValidHierarchy) {
                    RangerDefaultPolicyResourceMatcher matcher = new RangerDefaultPolicyResourceMatcher();
                    matcher.setServiceDef(this.serviceDef);
                    matcher.setPolicyResources(serviceResource.getResourceElements(), policyType);
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("RangerTagEnricher.setServiceTags() - Initializing matcher with (resource=" + serviceResource + ", serviceDef=" + this.serviceDef.getName() + ")");
                    }
                    matcher.setServiceDefHelper(serviceDefHelper);
                    matcher.init();
                    RangerServiceResourceMatcher serviceResourceMatcher = new RangerServiceResourceMatcher(serviceResource, matcher);
                    resourceMatchers.add(serviceResourceMatcher);
                }
            }
        }
        Map<String, RangerResourceTrie<RangerServiceResourceMatcher>> serviceResourceTrie = null;
        if (!disableTrieLookupPrefilter) {
            serviceResourceTrie = new HashMap<>();
            for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
                serviceResourceTrie.put(resourceDef.getName(), new RangerResourceTrie<RangerServiceResourceMatcher>(resourceDef, resourceMatchers));
            }
        }
        Set<RangerTagForEval> tagsForEmptyResourceAndAnyAccess = new HashSet<>();
        for (Map.Entry<Long, RangerTag> entry : serviceTags.getTags().entrySet()) {
            tagsForEmptyResourceAndAnyAccess.add(new RangerTagForEval(entry.getValue(), RangerPolicyResourceMatcher.MatchType.DESCENDANT));
        }
        enrichedServiceTags = new EnrichedServiceTags(serviceTags, resourceMatchers, serviceResourceTrie, tagsForEmptyResourceAndAnyAccess);
    }
}
Also used : RangerDefaultPolicyResourceMatcher(org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher) ArrayList(java.util.ArrayList) RangerResourceTrie(org.apache.ranger.plugin.util.RangerResourceTrie) RangerTag(org.apache.ranger.plugin.model.RangerTag) HashSet(java.util.HashSet) RangerServiceResource(org.apache.ranger.plugin.model.RangerServiceResource) RangerServiceDefHelper(org.apache.ranger.plugin.model.validation.RangerServiceDefHelper) RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) HashMap(java.util.HashMap) Map(java.util.Map)

Example 2 with RangerResourceTrie

use of org.apache.ranger.plugin.util.RangerResourceTrie in project ranger by apache.

the class RangerPolicyRepository method getLikelyMatchPolicyEvaluators.

private List<RangerPolicyEvaluator> getLikelyMatchPolicyEvaluators(Map<String, RangerResourceTrie> resourceTrie, RangerAccessResource resource) {
    List<RangerPolicyEvaluator> ret = null;
    Set<String> resourceKeys = resource == null ? null : resource.getKeys();
    if (CollectionUtils.isNotEmpty(resourceKeys)) {
        List<List<RangerPolicyEvaluator>> resourceEvaluatorsList = null;
        List<RangerPolicyEvaluator> smallestList = null;
        for (String resourceName : resourceKeys) {
            RangerResourceTrie trie = resourceTrie.get(resourceName);
            if (trie == null) {
                // if no trie exists for this resource level, ignore and continue to next level
                continue;
            }
            List<RangerPolicyEvaluator> resourceEvaluators = trie.getEvaluatorsForResource(resource.getValue(resourceName));
            if (CollectionUtils.isEmpty(resourceEvaluators)) {
                // no policies for this resource, bail out
                resourceEvaluatorsList = null;
                smallestList = null;
                break;
            }
            if (smallestList == null) {
                smallestList = resourceEvaluators;
            } else {
                if (resourceEvaluatorsList == null) {
                    resourceEvaluatorsList = new ArrayList<>();
                    resourceEvaluatorsList.add(smallestList);
                }
                resourceEvaluatorsList.add(resourceEvaluators);
                if (smallestList.size() > resourceEvaluators.size()) {
                    smallestList = resourceEvaluators;
                }
            }
        }
        if (resourceEvaluatorsList != null) {
            ret = new ArrayList<>(smallestList);
            for (List<RangerPolicyEvaluator> resourceEvaluators : resourceEvaluatorsList) {
                if (resourceEvaluators != smallestList) {
                    // remove policies from ret that are not in resourceEvaluators
                    ret.retainAll(resourceEvaluators);
                    if (CollectionUtils.isEmpty(ret)) {
                        // if no policy exists, bail out and return empty list
                        ret = null;
                        break;
                    }
                }
            }
        } else {
            ret = smallestList;
        }
    }
    if (ret == null) {
        ret = Collections.emptyList();
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerPolicyRepository.getLikelyMatchPolicyEvaluators(" + resource.getAsString() + "): evaluatorCount=" + ret.size());
    }
    return ret;
}
Also used : RangerPolicyEvaluator(org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator) RangerResourceTrie(org.apache.ranger.plugin.util.RangerResourceTrie) ArrayList(java.util.ArrayList) List(java.util.List)

Aggregations

ArrayList (java.util.ArrayList)2 RangerResourceTrie (org.apache.ranger.plugin.util.RangerResourceTrie)2 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Map (java.util.Map)1 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)1 RangerServiceResource (org.apache.ranger.plugin.model.RangerServiceResource)1 RangerTag (org.apache.ranger.plugin.model.RangerTag)1 RangerServiceDefHelper (org.apache.ranger.plugin.model.validation.RangerServiceDefHelper)1 RangerPolicyEvaluator (org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator)1 RangerDefaultPolicyResourceMatcher (org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial