Example 6 with VXPermMap
use of org.apache.ranger.view.VXPermMap in project ranger by apache.
the class ServiceUtil method toVXResource.
public VXResource toVXResource(RangerPolicy policy, RangerService service) {
if (policy == null || service == null || toAssetType(service.getType()) == null) {
return null;
}
VXResource ret = new VXResource();
rangerObjectToDataObject(policy, ret);
ret.setAssetName(policy.getService());
ret.setAssetId(service.getId());
ret.setAssetType(toAssetType(service.getType()));
ret.setPolicyName(policy.getName());
ret.setDescription(policy.getDescription());
ret.setGuid(policy.getGuid());
ret.setResourceStatus(policy.getIsEnabled() ? RangerCommonEnums.STATUS_ENABLED : RangerCommonEnums.STATUS_DISABLED);
List<VXAuditMap> auditList = null;
if (policy.getIsAuditEnabled()) {
VXAuditMap auditMap = new VXAuditMap();
auditMap.setResourceId(policy.getId());
auditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);
auditList = new ArrayList<VXAuditMap>();
auditList.add(auditMap);
}
ret.setAuditList(auditList);
for (Map.Entry<String, RangerPolicy.RangerPolicyResource> e : policy.getResources().entrySet()) {
RangerPolicy.RangerPolicyResource res = e.getValue();
String resType = e.getKey();
String resString = getResourceString(res.getValues());
if ("path".equalsIgnoreCase(resType)) {
ret.setName(resString);
ret.setIsRecursive(Boolean.TRUE.equals(res.getIsRecursive()) ? RangerCommonEnums.BOOL_TRUE : RangerCommonEnums.BOOL_FALSE);
} else if ("table".equalsIgnoreCase(resType)) {
ret.setTables(resString);
ret.setTableType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION : RangerCommonEnums.POLICY_INCLUSION);
} else if ("column-family".equalsIgnoreCase(resType)) {
ret.setColumnFamilies(resString);
} else if ("column".equalsIgnoreCase(resType)) {
ret.setColumns(resString);
ret.setColumnType(Boolean.TRUE.equals(res.getIsExcludes()) ? RangerCommonEnums.POLICY_EXCLUSION : RangerCommonEnums.POLICY_INCLUSION);
} else if ("database".equalsIgnoreCase(resType)) {
ret.setDatabases(resString);
} else if ("udf".equalsIgnoreCase(resType)) {
ret.setUdfs(resString);
} else if ("topology".equalsIgnoreCase(resType)) {
ret.setTopologies(resString);
} else if ("service".equalsIgnoreCase(resType)) {
ret.setServices(resString);
}
}
updateResourceName(ret);
List<VXPermMap> permMapList = getVXPermMapList(policy);
ret.setPermMapList(permMapList);
return ret;
}
Also used :
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
VXPermMap(org.apache.ranger.view.VXPermMap)
VXResource(org.apache.ranger.view.VXResource)
VXAuditMap(org.apache.ranger.view.VXAuditMap)
VXAuditMap(org.apache.ranger.view.VXAuditMap)
VXPermMap(org.apache.ranger.view.VXPermMap)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 7 with VXPermMap
use of org.apache.ranger.view.VXPermMap in project ranger by apache.
the class PatchMigration_J10002 method getPolicyItemListForRes.
private List<RangerPolicyItem> getPolicyItemListForRes(XXResource xRes, XXServiceDef svcDef) {
List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>();
SearchCriteria sc = new SearchCriteria();
sc.addParam("resourceId", xRes.getId());
List<VXPermMap> permMapList = xPermMapService.searchXPermMaps(sc).getVXPermMaps();
HashMap<String, List<VXPermMap>> sortedPermMap = new HashMap<String, List<VXPermMap>>();
// re-group the list with permGroup as the key
if (permMapList != null) {
for (VXPermMap permMap : permMapList) {
String permGrp = permMap.getPermGroup();
List<VXPermMap> sortedList = sortedPermMap.get(permGrp);
if (sortedList == null) {
sortedList = new ArrayList<VXPermMap>();
sortedPermMap.put(permGrp, sortedList);
}
sortedList.add(permMap);
}
}
for (Entry<String, List<VXPermMap>> entry : sortedPermMap.entrySet()) {
List<String> userList = new ArrayList<String>();
List<String> groupList = new ArrayList<String>();
List<RangerPolicyItemAccess> accessList = new ArrayList<RangerPolicyItemAccess>();
String ipAddress = null;
RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
for (VXPermMap permMap : entry.getValue()) {
if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
String userName = getUserName(permMap);
if (!userList.contains(userName)) {
userList.add(userName);
}
} else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
String groupName = getGroupName(permMap);
if (!groupList.contains(groupName)) {
groupList.add(groupName);
}
}
String accessType = ServiceUtil.toAccessType(permMap.getPermType());
if (StringUtils.isBlank(accessType) || unsupportedLegacyPermTypes.contains(accessType)) {
logger.info(accessType + ": is not a valid access-type, ignoring accesstype for policy: " + xRes.getPolicyName());
continue;
}
if (StringUtils.equalsIgnoreCase(accessType, "Admin")) {
policyItem.setDelegateAdmin(Boolean.TRUE);
if (svcDef.getId() == EmbeddedServiceDefsUtil.instance().getHBaseServiceDefId()) {
addAccessType(accessType, accessList);
}
} else {
addAccessType(accessType, accessList);
}
ipAddress = permMap.getIpAddress();
}
if (CollectionUtils.isEmpty(accessList)) {
logger.info("no access specified. ignoring policyItem for policy: " + xRes.getPolicyName());
continue;
}
if (CollectionUtils.isEmpty(userList) && CollectionUtils.isEmpty(groupList)) {
logger.info("no user or group specified. ignoring policyItem for policy: " + xRes.getPolicyName());
continue;
}
policyItem.setUsers(userList);
policyItem.setGroups(groupList);
policyItem.setAccesses(accessList);
if (ipAddress != null && !ipAddress.isEmpty()) {
XXPolicyConditionDef policyCond = daoMgr.getXXPolicyConditionDef().findByServiceDefIdAndName(svcDef.getId(), "ip-range");
if (policyCond != null) {
RangerPolicy.RangerPolicyItemCondition ipCondition = new RangerPolicy.RangerPolicyItemCondition("ip-range", Collections.singletonList(ipAddress));
policyItem.getConditions().add(ipCondition);
}
}
policyItems.add(policyItem);
}
return policyItems;
}
Also used :
VXPermMap(org.apache.ranger.view.VXPermMap)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXPolicyConditionDef(org.apache.ranger.entity.XXPolicyConditionDef)
RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 8 with VXPermMap
use of org.apache.ranger.view.VXPermMap in project ranger by apache.
the class XPermMapServiceBase method searchXPermMaps.
/**
* @param searchCriteria
* @return
*/
public VXPermMapList searchXPermMaps(SearchCriteria searchCriteria) {
VXPermMapList returnList = new VXPermMapList();
List<VXPermMap> xPermMapList = new ArrayList<VXPermMap>();
List<T> resultList = searchResources(searchCriteria, searchFields, sortFields, returnList);
// Iterate over the result list and create the return list
for (T gjXPermMap : resultList) {
VXPermMap vXPermMap = populateViewBean(gjXPermMap);
xPermMapList.add(vXPermMap);
}
returnList.setVXPermMaps(xPermMapList);
return returnList;
}
Also used :
VXPermMap(org.apache.ranger.view.VXPermMap)
ArrayList(java.util.ArrayList)
VXPermMapList(org.apache.ranger.view.VXPermMapList)
Example 9 with VXPermMap
use of org.apache.ranger.view.VXPermMap in project ranger by apache.
the class XPolicyService method updatePermGroup.
public List<VXPermMap> updatePermGroup(VXResource vXResource) {
XXResource xxResource = xaDaoMgr.getXXResource().getById(vXResource.getId());
if (xxResource == null) {
logger.info("Resource : " + vXResource.getPolicyName() + " Not Found, while updating PermGroup");
throw restErrorUtil.createRESTException("Resource Not found to update PermGroup", MessageEnums.DATA_NOT_FOUND);
}
Long resId = vXResource.getId();
List<VXPermMap> updatedPermMapList = new ArrayList<VXPermMap>();
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("resourceId", resId);
VXPermMapList currentPermMaps = xPermMapService.searchXPermMaps(searchCriteria);
List<VXPermMap> currentPermMapList = currentPermMaps.getVXPermMaps();
HashMap<String, List<String>> userPermMap = new HashMap<String, List<String>>();
for (VXPermMap currentPermMap : currentPermMapList) {
Long userId = currentPermMap.getUserId();
Long groupId = currentPermMap.getGroupId();
int permFor = currentPermMap.getPermFor();
int permType = currentPermMap.getPermType();
String ipAddress = currentPermMap.getIpAddress();
String uniKey = resId + uniqueKeySeparator + permFor;
if (permFor == AppConstants.XA_PERM_FOR_GROUP) {
uniKey = uniKey + uniqueKeySeparator + groupId;
} else if (permFor == AppConstants.XA_PERM_FOR_USER) {
uniKey = uniKey + uniqueKeySeparator + userId;
}
List<String> permList = userPermMap.get(uniKey);
if (permList == null) {
permList = new ArrayList<String>();
userPermMap.put(uniKey, permList);
}
permList.add("" + permType);
if (stringUtil.isEmpty(ipAddress)) {
permList.add(ipAddress);
}
}
List<List<String>> masterKeyList = new ArrayList<List<String>>();
List<String> proceedKeyList = new ArrayList<String>();
for (Entry<String, List<String>> upMap : userPermMap.entrySet()) {
if (proceedKeyList.contains(upMap.getKey())) {
continue;
}
List<String> keyList = new ArrayList<String>();
keyList.add(upMap.getKey());
proceedKeyList.add(upMap.getKey());
for (Entry<String, List<String>> entry : userPermMap.entrySet()) {
if (proceedKeyList.contains(entry.getKey())) {
continue;
}
boolean result = compareTwoListElements(upMap.getValue(), entry.getValue());
if (result) {
keyList.add(entry.getKey());
proceedKeyList.add(entry.getKey());
}
}
masterKeyList.add(keyList);
}
for (List<String> keyList : masterKeyList) {
Random rand = new Random();
String permGrp = new Date() + " : " + rand.nextInt(9999);
for (String key : keyList) {
SearchCriteria scPermMap = new SearchCriteria();
String[] keyEle = StringUtils.split(key, uniqueKeySeparator);
if (keyEle != null && keyEle.length == 3) {
int permFor = Integer.parseInt(keyEle[1]);
int ugId = Integer.parseInt(keyEle[2]);
scPermMap.addParam("resourceId", resId);
scPermMap.addParam("permFor", permFor);
if (permFor == AppConstants.XA_PERM_FOR_GROUP) {
scPermMap.addParam("groupId", ugId);
} else if (permFor == AppConstants.XA_PERM_FOR_USER) {
scPermMap.addParam("userId", ugId);
}
VXPermMapList permList = xPermMapService.searchXPermMaps(scPermMap);
for (VXPermMap vXPerm : permList.getVXPermMaps()) {
vXPerm.setPermGroup(permGrp);
xPermMapService.updateResource(vXPerm);
updatedPermMapList.add(vXPerm);
}
} else {
logger.info("variable : keyEle, should fulfill the checked" + " condition, but its not fulfilling required " + "condition. Ignoring appropriate permMap from" + " updating permGroup. Key : " + key + "Resource Id : " + resId);
}
}
}
return updatedPermMapList;
}
Also used :
VXPermMap(org.apache.ranger.view.VXPermMap)
XXResource(org.apache.ranger.entity.XXResource)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
ArrayList(java.util.ArrayList)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
Date(java.util.Date)
Random(java.util.Random)
VXResourceList(org.apache.ranger.view.VXResourceList)
ArrayList(java.util.ArrayList)
VXPolicyList(org.apache.ranger.view.VXPolicyList)
VXPermMapList(org.apache.ranger.view.VXPermMapList)
List(java.util.List)
VXAuditMapList(org.apache.ranger.view.VXAuditMapList)
VXPermMapList(org.apache.ranger.view.VXPermMapList)
Example 10 with VXPermMap
use of org.apache.ranger.view.VXPermMap in project ranger by apache.
the class XPolicyService method mapPublicToXAObject.
public VXResource mapPublicToXAObject(VXPolicy vXPolicy, int operationContext) {
VXResource vXResource = new VXResource();
vXResource = super.mapBaseAttributesToXAObject(vXPolicy, vXResource);
vXResource.setName(vXPolicy.getResourceName());
vXResource.setPolicyName(StringUtils.trim(vXPolicy.getPolicyName()));
vXResource.setDescription(vXPolicy.getDescription());
vXResource.setResourceType(getResourceType(vXPolicy));
XXAsset xAsset = xaDaoMgr.getXXAsset().findByAssetName(vXPolicy.getRepositoryName());
if (xAsset == null) {
throw restErrorUtil.createRESTException("The repository for which " + "you're updating policy, doesn't exist.", MessageEnums.INVALID_INPUT_DATA);
}
vXResource.setAssetId(xAsset.getId());
if (operationContext == AbstractBaseResourceService.OPERATION_UPDATE_CONTEXT) {
XXResource xxResource = xaDaoMgr.getXXResource().getById(vXPolicy.getId());
if (xxResource == null) {
logger.error("No policy found with given Id : " + vXPolicy.getId());
throw restErrorUtil.createRESTException("No Policy found with given Id : " + vXResource.getId(), MessageEnums.DATA_NOT_FOUND);
}
/*
* While updating public object we wont have createDate/updateDate,
* so create time, addedById, updatedById, etc. we ll have to take
* from existing object
*/
xxResource.setUpdateTime(DateUtil.getUTCDate());
xResourceService.mapBaseAttributesToViewBean(xxResource, vXResource);
SearchCriteria scAuditMap = new SearchCriteria();
scAuditMap.addParam("resourceId", xxResource.getId());
VXAuditMapList vXAuditMapList = xAuditMapService.searchXAuditMaps(scAuditMap);
List<VXAuditMap> auditList = new ArrayList<VXAuditMap>();
if (vXAuditMapList.getListSize() > 0 && vXPolicy.getIsAuditEnabled()) {
auditList.addAll(vXAuditMapList.getVXAuditMaps());
} else if (vXAuditMapList.getListSize() == 0 && vXPolicy.getIsAuditEnabled()) {
VXAuditMap vXAuditMap = new VXAuditMap();
vXAuditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);
auditList.add(vXAuditMap);
}
List<VXPermMap> permMapList = mapPermObjToPermList(vXPolicy.getPermMapList(), vXPolicy);
vXResource.setAuditList(auditList);
vXResource.setPermMapList(permMapList);
} else if (operationContext == AbstractBaseResourceService.OPERATION_CREATE_CONTEXT) {
if (vXPolicy.getIsAuditEnabled()) {
VXAuditMap vXAuditMap = new VXAuditMap();
vXAuditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);
List<VXAuditMap> auditList = new ArrayList<VXAuditMap>();
auditList.add(vXAuditMap);
vXResource.setAuditList(auditList);
}
if (!stringUtil.isEmpty(vXPolicy.getPermMapList())) {
List<VXPermMap> permMapList = mapPermObjToPermList(vXPolicy.getPermMapList());
vXResource.setPermMapList(permMapList);
}
}
vXResource.setDatabases(vXPolicy.getDatabases());
vXResource.setTables(vXPolicy.getTables());
vXResource.setColumnFamilies(vXPolicy.getColumnFamilies());
vXResource.setColumns(vXPolicy.getColumns());
vXResource.setUdfs(vXPolicy.getUdfs());
vXResource.setAssetName(vXPolicy.getRepositoryName());
int assetType = AppConstants.getEnumFor_AssetType(vXPolicy.getRepositoryType());
if (assetType == AppConstants.ASSET_UNKNOWN) {
assetType = xAsset.getAssetType();
vXPolicy.setRepositoryType(AppConstants.getLabelFor_AssetType(assetType));
}
vXResource.setAssetType(assetType);
int resourceStatus = AppConstants.STATUS_ENABLED;
if (!vXPolicy.getIsEnabled()) {
resourceStatus = AppConstants.STATUS_DISABLED;
}
vXResource.setResourceStatus(resourceStatus);
// Allowing to create policy without checking parent permission
vXResource.setCheckParentPermission(AppConstants.BOOL_FALSE);
vXResource.setTopologies(vXPolicy.getTopologies());
vXResource.setServices(vXPolicy.getServices());
/*
* TODO : These parameters are specific for some components. Need to
* take care while adding new component
*/
if (vXPolicy.getRepositoryType().equalsIgnoreCase(AppConstants.getLabelFor_AssetType(AppConstants.ASSET_HIVE))) {
vXResource.setTableType(AppConstants.getEnumFor_PolicyType(vXPolicy.getTableType()));
vXResource.setColumnType(AppConstants.getEnumFor_PolicyType(vXPolicy.getColumnType()));
}
if (vXPolicy.getRepositoryType().equalsIgnoreCase(AppConstants.getLabelFor_AssetType(AppConstants.ASSET_HDFS))) {
vXResource.setIsRecursive(AppConstants.getEnumFor_BooleanValue(vXPolicy.getIsRecursive()));
}
return vXResource;
}
Also used :
VXPermMap(org.apache.ranger.view.VXPermMap)
XXResource(org.apache.ranger.entity.XXResource)
VXResource(org.apache.ranger.view.VXResource)
XXAsset(org.apache.ranger.entity.XXAsset)
ArrayList(java.util.ArrayList)
VXAuditMapList(org.apache.ranger.view.VXAuditMapList)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
VXAuditMap(org.apache.ranger.view.VXAuditMap)
VXResourceList(org.apache.ranger.view.VXResourceList)
ArrayList(java.util.ArrayList)
VXPolicyList(org.apache.ranger.view.VXPolicyList)
VXPermMapList(org.apache.ranger.view.VXPermMapList)
List(java.util.List)
VXAuditMapList(org.apache.ranger.view.VXAuditMapList)
Aggregations
VXPermMap (org.apache.ranger.view.VXPermMap)25
ArrayList (java.util.ArrayList)13
Test (org.junit.Test)10
HashMap (java.util.HashMap)7
List (java.util.List)6
VXResource (org.apache.ranger.view.VXResource)6
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)5
VXPermMapList (org.apache.ranger.view.VXPermMapList)5
VXPermObj (org.apache.ranger.view.VXPermObj)5
VXPolicyList (org.apache.ranger.view.VXPolicyList)5
Date (java.util.Date)4
SearchCriteria (org.apache.ranger.common.SearchCriteria)4
VXAuditMap (org.apache.ranger.view.VXAuditMap)4
LinkedHashMap (java.util.LinkedHashMap)3
Random (java.util.Random)3
WebApplicationException (javax.ws.rs.WebApplicationException)3
RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)3
VXAuditMapList (org.apache.ranger.view.VXAuditMapList)3
VXResourceList (org.apache.ranger.view.VXResourceList)3
Map (java.util.Map)2
