Java Code Examples for org.apache.ranger.plugin.model.RangerPolicy#getId()

The following examples show how to use org.apache.ranger.plugin.model.RangerPolicy#getId() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PolicyRefUpdater.java    From ranger with Apache License 2.0 6 votes vote down vote up 
public Boolean cleanupRefTables(RangerPolicy policy) {
	final Long policyId = policy == null ? null : policy.getId();

	if (policyId == null) {
		return false;
	}

	daoMgr.getXXPolicyRefResource().deleteByPolicyId(policyId);
	daoMgr.getXXPolicyRefRole().deleteByPolicyId(policyId);
	daoMgr.getXXPolicyRefGroup().deleteByPolicyId(policyId);
	daoMgr.getXXPolicyRefUser().deleteByPolicyId(policyId);
	daoMgr.getXXPolicyRefAccessType().deleteByPolicyId(policyId);
	daoMgr.getXXPolicyRefCondition().deleteByPolicyId(policyId);
	daoMgr.getXXPolicyRefDataMaskType().deleteByPolicyId(policyId);

	return true;
}
Example 2
Source File: PublicAPIsv2.java    From ranger with Apache License 2.0 5 votes vote down vote up 
@PUT
@Path("/api/policy/{id}")
@Produces({ "application/json", "application/xml" })
public RangerPolicy updatePolicy(RangerPolicy policy, @PathParam("id") Long id) {
	// if policy.id is specified, it should be same as the param 'id'
	if(policy.getId() == null) {
		policy.setId(id);
	} else if(!policy.getId().equals(id)) {
		throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "policyID mismatch", true);
	}

	return serviceREST.updatePolicy(policy);
}
Example 3
Source File: RangerPolicyRepository.java    From ranger with Apache License 2.0 5 votes vote down vote up 
private boolean scrubPolicy(RangerPolicy policy) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerPolicyRepository.scrubPolicy(" + policy + ")");
    }
    boolean altered = false;
    Long policyId = policy.getId();
    Map<String, RangerPolicy.RangerPolicyResource> resourceMap = policy.getResources();
    for (Map.Entry<String, RangerPolicy.RangerPolicyResource> entry : resourceMap.entrySet()) {
        String resourceName = entry.getKey();
        RangerPolicy.RangerPolicyResource resource = entry.getValue();
        Iterator<String> iterator = resource.getValues().iterator();
        while (iterator.hasNext()) {
            String value = iterator.next();
            if (value == null) {
                LOG.warn("RangerPolicyRepository.scrubPolicyResource: found null resource value for " + resourceName + " in policy " + policyId + "!  Removing...");
                iterator.remove();
                altered = true;
            }
        }
    }

    scrubPolicyItems(policyId, policy.getPolicyItems());
    scrubPolicyItems(policyId, policy.getAllowExceptions());
    scrubPolicyItems(policyId, policy.getDenyPolicyItems());
    scrubPolicyItems(policyId, policy.getDenyExceptions());
    scrubPolicyItems(policyId, policy.getRowFilterPolicyItems());
    scrubPolicyItems(policyId, policy.getDataMaskPolicyItems());

    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerPolicyRepository.scrubPolicy(" + policy + "): " + altered);
    }
    return altered;
}
Example 4
Source File: RangerAbstractPolicyItemEvaluator.java    From ranger with Apache License 2.0 5 votes vote down vote up 
RangerAbstractPolicyItemEvaluator(RangerServiceDef serviceDef, RangerPolicy policy, RangerPolicyItem policyItem, int policyItemType, int policyItemIndex, RangerPolicyEngineOptions options) {
	this.serviceDef     = serviceDef;
	this.policyItem     = policyItem;
	this.policyItemType = policyItemType;
	this.policyItemIndex = policyItemIndex;
	this.options        = options;
	this.policyId       = policy != null && policy.getId() != null ? policy.getId() : -1;
	this.evalOrder      = computeEvalOrder();
	this.policy         = policy;
}
Example 5
Source File: PatchForUpdatingPolicyJson_J10019.java    From ranger with Apache License 2.0 4 votes vote down vote up 
private void portPolicy(String serviceType, RangerPolicy policy) throws Exception {
	logger.info("==> portPolicy(id=" + policy.getId() + ")");

	String policyText = JsonUtils.objectToJson(policy);

	if (StringUtils.isEmpty(policyText)) {
		throw new Exception("Failed to convert policy to json string. Policy: [id=" +  policy.getId() + "; name=" + policy.getName() + "; serviceType=" + serviceType + "]");
	}

	XXPolicyDao policyDao = daoMgr.getXXPolicy();
	XXPolicy    dbBean    = policyDao.getById(policy.getId());

	dbBean.setPolicyText(policyText);

	policyDao.update(dbBean);

	try {
           		Set<String> accesses = new HashSet<>();
           		Set<String> users = new HashSet<>();
           		Set<String> groups = new HashSet<>();
           		Set<String> conditions = new HashSet<>();
           		Set<String> dataMasks = new HashSet<>();

           		buildLists(policy.getPolicyItems(), accesses, conditions, users, groups);
           		buildLists(policy.getDenyPolicyItems(), accesses, conditions, users, groups);
           		buildLists(policy.getAllowExceptions(), accesses, conditions, users, groups);
           		buildLists(policy.getDenyExceptions(), accesses, conditions, users, groups);
           		buildLists(policy.getDataMaskPolicyItems(), accesses, conditions, users, groups);
           		buildLists(policy.getRowFilterPolicyItems(), accesses, conditions, users, groups);

           		buildList(policy.getDataMaskPolicyItems(), dataMasks);

           		addResourceDefRef(serviceType, policy);
           		addUserNameRef(policy.getId(), users);
           		addGroupNameRef(policy.getId(), groups);
           		addAccessDefRef(serviceType, policy.getId(), accesses);
           		addPolicyConditionDefRef(serviceType, policy.getId(), conditions);
           		addDataMaskDefRef(serviceType, policy.getId(), dataMasks);
       	} catch (Exception e) {
	    logger.error("portPoliry(id=" + policy.getId() +") failed!!");
	    logger.error("Offending policy:" + policyText);
	    throw e;
       	}

	logger.info("<== portPolicy(id=" + policy.getId() + ")");
}
Example 6
Source File: PatchForUpdatingPolicyJson_J10019.java    From ranger with Apache License 2.0 4 votes vote down vote up 
private void addResourceDefRef(String serviceType, RangerPolicy policy) throws Exception {
	logger.info("==> addResourceDefRef(id=" + policy.getId() + ")");

	Map<String, Long> serviceDefResourceNameIDMap = resourceNameIdMap.get(serviceType);

	if (serviceDefResourceNameIDMap == null) {
		serviceDefResourceNameIDMap = new HashMap<>();

		resourceNameIdMap.put(serviceType, serviceDefResourceNameIDMap);

		XXServiceDef dbServiceDef = daoMgr.getXXServiceDef().findByName(serviceType);

		for (XXResourceDef resourceDef : daoMgr.getXXResourceDef().findByServiceDefId(dbServiceDef.getId())) {
			serviceDefResourceNameIDMap.put(resourceDef.getName(), resourceDef.getId());
		}
	}

	Map<String, RangerPolicyResource> policyResources = policy.getResources();

	if (MapUtils.isNotEmpty(policyResources)) {
		XXPolicyRefResourceDao policyRefResourceDao = daoMgr.getXXPolicyRefResource();
		Set<String>            resourceNames        = policyResources.keySet();

		for (String resourceName : resourceNames) {
			Long resourceDefId = serviceDefResourceNameIDMap.get(resourceName);

			if (resourceDefId == null) {
				throw new Exception(resourceName + ": unknown resource in policy [id=" +  policy.getId() + "; name=" + policy.getName() + "; serviceType=" + serviceType + "]. Known resources: " + serviceDefResourceNameIDMap.keySet());
			}

			// insert policy-id, resourceDefId, resourceName into Ref table
			XXPolicyRefResource policyRefResource = new XXPolicyRefResource();

			policyRefResource.setPolicyId(policy.getId());
			policyRefResource.setResourceDefId(resourceDefId);
			policyRefResource.setResourceName(resourceName);

			policyRefResourceDao.create(policyRefResource);
		}
	}

	logger.info("<== addResourceDefRef(id=" + policy.getId() + ")");
}
Example 7
Source File: RangerCustomConditionEvaluator.java    From ranger with Apache License 2.0 4 votes vote down vote up 
public List<RangerConditionEvaluator> getRangerPolicyConditionEvaluator(RangerPolicy policy,
                                                                              RangerServiceDef serviceDef,
                                                                              RangerPolicyEngineOptions options) {
    List<RangerConditionEvaluator> conditionEvaluators = new ArrayList<>();

    if (!getConditionsDisabledOption(options) && CollectionUtils.isNotEmpty(policy.getConditions())) {

        RangerPerfTracer perf = null;

        long policyId = policy.getId();

        if(RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_INIT_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_INIT_LOG, "RangerCustomConditionEvaluator.init(policyId=" + policyId + ")");
        }

        for (RangerPolicy.RangerPolicyItemCondition condition : policy.getConditions()) {
            RangerServiceDef.RangerPolicyConditionDef conditionDef = getConditionDef(condition.getType(),serviceDef);

            if (conditionDef == null) {
                LOG.error("RangerCustomConditionEvaluator.getRangerPolicyConditionEvaluator(policyId=" + policyId + "): conditionDef '" + condition.getType() + "' not found. Ignoring the condition");

                continue;
            }

            RangerConditionEvaluator conditionEvaluator = newConditionEvaluator(conditionDef.getEvaluator());

            if (conditionEvaluator != null) {
                conditionEvaluator.setServiceDef(serviceDef);
                conditionEvaluator.setConditionDef(conditionDef);
                conditionEvaluator.setPolicyItemCondition(condition);

                RangerPerfTracer perfConditionInit = null;

                if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYCONDITION_INIT_LOG)) {
                    perfConditionInit = RangerPerfTracer.getPerfTracer(PERF_POLICYCONDITION_INIT_LOG, "RangerConditionEvaluator.init(policyId=" + policyId + "policyConditionType=" + condition.getType() + ")");
                }

                conditionEvaluator.init();

                RangerPerfTracer.log(perfConditionInit);

                conditionEvaluators.add(conditionEvaluator);
            } else {
                LOG.error("RangerCustomConditionEvaluator.getRangerPolicyConditionEvaluator(policyId=" + policyId + "): failed to init Policy ConditionEvaluator '" + condition.getType() + "'; evaluatorClassName='" + conditionDef.getEvaluator() + "'");
            }
        }

        RangerPerfTracer.log(perf);
    }
    return conditionEvaluators;
}
Example 8
Source File: RangerCustomConditionEvaluator.java    From ranger with Apache License 2.0 4 votes vote down vote up 
public List<RangerConditionEvaluator> getPolicyItemConditionEvaluator(RangerPolicy policy,
                                                                       RangerPolicyItem policyItem,
                                                                       RangerServiceDef serviceDef,
                                                                       RangerPolicyEngineOptions options,
                                                                       int policyItemIndex) {

    List<RangerConditionEvaluator> conditionEvaluators = new ArrayList<>();

    if (!getConditionsDisabledOption(options) && CollectionUtils.isNotEmpty(policyItem.getConditions())) {

        RangerPerfTracer perf = null;

        Long policyId = policy.getId();

        if(RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYITEM_INIT_LOG)) {
            perf = RangerPerfTracer.getPerfTracer(PERF_POLICYITEM_INIT_LOG, "RangerPolicyItemEvaluator.getRangerPolicyConditionEvaluator(policyId=" + policyId + ",policyItemIndex=" + policyItemIndex + ")");
        }

        for (RangerPolicyItemCondition condition : policyItem.getConditions()) {
            RangerServiceDef.RangerPolicyConditionDef conditionDef = getConditionDef(condition.getType(), serviceDef);

            if (conditionDef == null) {
                LOG.error("RangerCustomConditionEvaluator.getPolicyItemConditionEvaluator(policyId=" + policyId + "): conditionDef '" + condition.getType() + "' not found. Ignoring the condition");

                continue;
            }

            RangerConditionEvaluator conditionEvaluator = newConditionEvaluator(conditionDef.getEvaluator());

            if (conditionEvaluator != null) {
                conditionEvaluator.setServiceDef(serviceDef);
                conditionEvaluator.setConditionDef(conditionDef);
                conditionEvaluator.setPolicyItemCondition(condition);

                RangerPerfTracer perfConditionInit = null;

                if(RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYCONDITION_INIT_LOG)) {
                    perfConditionInit = RangerPerfTracer.getPerfTracer(PERF_POLICYCONDITION_INIT_LOG, "RangerConditionEvaluator.init(policyId=" + policyId + ",policyItemIndex=" + policyItemIndex + ",policyConditionType=" + condition.getType() + ")");
                }

                conditionEvaluator.init();

                RangerPerfTracer.log(perfConditionInit);

                conditionEvaluators.add(conditionEvaluator);
            } else {
                LOG.error("RangerCustomConditionEvaluator.getPolicyItemConditionEvaluator(policyId=" + policyId + "): failed to init PolicyItem ConditionEvaluator '" + condition.getType() + "'; evaluatorClassName='" + conditionDef.getEvaluator() + "'");
            }
        }
        RangerPerfTracer.log(perf);
    }
    return  conditionEvaluators;
}