Java Code Examples for org.apache.ranger.plugin.model.RangerServiceDef#getAccessTypes()

The following examples show how to use org.apache.ranger.plugin.model.RangerServiceDef#getAccessTypes() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RangerDefaultPolicyEvaluator.java    From ranger with Apache License 2.0 6 votes vote down vote up
private Map<String, Collection<String>> getImpliedAccessGrants(RangerServiceDef serviceDef) {
	Map<String, Collection<String>> ret = null;

	if(serviceDef != null && !CollectionUtils.isEmpty(serviceDef.getAccessTypes())) {
		for(RangerAccessTypeDef accessTypeDef : serviceDef.getAccessTypes()) {
			if(!CollectionUtils.isEmpty(accessTypeDef.getImpliedGrants())) {
				if(ret == null) {
					ret = new HashMap<>();
				}

				Collection<String> impliedAccessGrants = ret.get(accessTypeDef.getName());

				if(impliedAccessGrants == null) {
					impliedAccessGrants = new HashSet<>();

					ret.put(accessTypeDef.getName(), impliedAccessGrants);
				}

				impliedAccessGrants.addAll(accessTypeDef.getImpliedGrants());
			}
		}
	}

	return ret;
}
 
Example 2
Source File: RangerValidator.java    From ranger with Apache License 2.0 5 votes vote down vote up
Set<String> getAccessTypes(RangerServiceDef serviceDef) {
	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerValidator.getAccessTypes(" + serviceDef + ")");
	}

	Set<String> accessTypes = new HashSet<>();
	if (serviceDef == null) {
		LOG.warn("serviceDef passed in was null!");
	} else if (CollectionUtils.isEmpty(serviceDef.getAccessTypes())) {
		LOG.warn("AccessTypeDef collection on serviceDef was null!");
	} else {
		for (RangerAccessTypeDef accessTypeDef : serviceDef.getAccessTypes()) {
			if (accessTypeDef == null) {
				LOG.warn("Access type def was null!");
			} else {
				String accessType = accessTypeDef.getName();
				if (StringUtils.isBlank(accessType)) {
					LOG.warn("Access type def name was null/empty/blank!");
				} else {
					accessTypes.add(accessType);
				}
			}
		}
	}

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerValidator.getAccessTypes(" + serviceDef + "): " + accessTypes);
	}
	return accessTypes;
}
 
Example 3
Source File: PatchForHiveServiceDefUpdate_J10017.java    From ranger with Apache License 2.0 5 votes vote down vote up
private boolean updateServiceDef(RangerServiceDef serviceDef, RangerServiceDef embeddedHiveServiceDef ) throws Exception {
	boolean ret = false;

	List<RangerServiceDef.RangerResourceDef> embeddedHiveResourceDefs   = null;
	List<RangerServiceDef.RangerAccessTypeDef> 	embeddedHiveAccessTypes = null;

	embeddedHiveResourceDefs = embeddedHiveServiceDef.getResources();
	embeddedHiveAccessTypes  = embeddedHiveServiceDef.getAccessTypes();

	if (checkHiveGlobalresourcePresent(embeddedHiveResourceDefs)) {
		// This is to check if HIVESERVICE def is added to the resource definition, if so update the resource def and accessType def
		if (embeddedHiveResourceDefs != null) {
			serviceDef.setResources(embeddedHiveResourceDefs);
		}
		if (embeddedHiveAccessTypes != null) {
			if(!embeddedHiveAccessTypes.toString().equalsIgnoreCase(serviceDef.getAccessTypes().toString())) {
				serviceDef.setAccessTypes(embeddedHiveAccessTypes);
			}
		}
		ret = true;
	}

	RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
	validator.validate(serviceDef, Action.UPDATE);
	svcStore.updateServiceDef(serviceDef);

	return ret;
}
 
Example 4
Source File: PatchForHiveServiceDefUpdate_J10010.java    From ranger with Apache License 2.0 5 votes vote down vote up
private boolean updateServiceDef(RangerServiceDef serviceDef, RangerServiceDef embeddedHiveServiceDef ) throws Exception {
	boolean ret = false;

	List<RangerServiceDef.RangerResourceDef> embeddedHiveResourceDefs   = null;
	List<RangerServiceDef.RangerAccessTypeDef> 	embeddedHiveAccessTypes = null;

	embeddedHiveResourceDefs = embeddedHiveServiceDef.getResources();
	embeddedHiveAccessTypes  = embeddedHiveServiceDef.getAccessTypes();

	if (checkHiveServiceresourcePresent(embeddedHiveResourceDefs)) {
		// This is to check if HIVESERVICE def is added to the resource definition, if so update the resource def and accessType def
		if (embeddedHiveResourceDefs != null) {
			serviceDef.setResources(embeddedHiveResourceDefs);
		}
		if (embeddedHiveAccessTypes != null) {
			if(!embeddedHiveAccessTypes.toString().equalsIgnoreCase(serviceDef.getAccessTypes().toString())) {
				serviceDef.setAccessTypes(embeddedHiveAccessTypes);
			}
		}
		ret = true;
	}

	RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
	validator.validate(serviceDef, Action.UPDATE);
	svcStore.updateServiceDef(serviceDef);

	return ret;
}
 
Example 5
Source File: PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034.java    From ranger with Apache License 2.0 5 votes vote down vote up
private void addResourceEntityLabelAndEntityBusinessMetadataInServiceDef() throws Exception {
    RangerServiceDef ret = null;
    RangerServiceDef embeddedAtlasServiceDef = null;
    XXServiceDef xXServiceDefObj = null;
    RangerServiceDef dbAtlasServiceDef = null;
    List<RangerServiceDef.RangerResourceDef> embeddedAtlasResourceDefs = null;
    List<RangerServiceDef.RangerAccessTypeDef> embeddedAtlasAccessTypes = null;

    embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance()
            .getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
    if (embeddedAtlasServiceDef != null) {
        xXServiceDefObj = daoMgr.getXXServiceDef()
                .findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
        if (xXServiceDefObj == null) {
            logger.info(xXServiceDefObj + ": service-def not found. No patching is needed");
            return;
        }

        dbAtlasServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);

        embeddedAtlasResourceDefs = embeddedAtlasServiceDef.getResources();
        embeddedAtlasAccessTypes = embeddedAtlasServiceDef.getAccessTypes();
        if (checkResourcePresent(embeddedAtlasResourceDefs)) {
            dbAtlasServiceDef.setResources(embeddedAtlasResourceDefs);
            if (checkAccessPresent(embeddedAtlasAccessTypes)) {
                dbAtlasServiceDef.setAccessTypes(embeddedAtlasAccessTypes);
            }
        }

        RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
        validator.validate(dbAtlasServiceDef, Action.UPDATE);
        ret = svcStore.updateServiceDef(dbAtlasServiceDef);
        if (ret == null) {
            logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME
                    + " service-def");
            throw new RuntimeException("Error while updating "
                    + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def");
        }
    }
}
 
Example 6
Source File: PatchForAtlasResourceAndAccessTypeUpdate_J10016.java    From ranger with Apache License 2.0 4 votes vote down vote up
private void updateAtlasResourceAndAccessType() {
	RangerServiceDef ret = null;
	RangerServiceDef embeddedAtlasServiceDef = null;
	XXServiceDef xXServiceDefObj = null;
	RangerServiceDef dbAtlasServiceDef = null;
	List<RangerServiceDef.RangerResourceDef> embeddedAtlasResourceDefs = null;
	List<RangerServiceDef.RangerAccessTypeDef> embeddedAtlasAccessTypes = null;

	try {
		embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance()
				.getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
		if (embeddedAtlasServiceDef != null) {
			xXServiceDefObj = daoMgr.getXXServiceDef()
					.findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
			if (xXServiceDefObj == null) {
				logger.info(xXServiceDefObj + ": service-def not found. No patching is needed");
				return;
			}

			dbAtlasServiceDef = svcDBStore
					.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
			embeddedAtlasResourceDefs = embeddedAtlasServiceDef.getResources();
			embeddedAtlasAccessTypes = embeddedAtlasServiceDef.getAccessTypes();
			if (checkResourcePresent(embeddedAtlasResourceDefs)) {
				dbAtlasServiceDef.setResources(embeddedAtlasResourceDefs);
				if (checkAccessPresent(embeddedAtlasAccessTypes)) {
					dbAtlasServiceDef.setAccessTypes(embeddedAtlasAccessTypes);
				}
			}

			RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
			validator.validate(dbAtlasServiceDef, Action.UPDATE);
			ret = svcStore.updateServiceDef(dbAtlasServiceDef);
			if (ret == null) {
				logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME
						+ " service-def");
				throw new RuntimeException("Error while updating "
						+ EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def");
			} else {
				createDefaultPolicyToExistingService();
				updatePolicyForRelationshipType();
			}
		}
	} catch (Exception e) {
		logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def",e);
	}

}
 
Example 7
Source File: PatchForPrestoToSupportPresto333_J10038.java    From ranger with Apache License 2.0 4 votes vote down vote up
private void addPresto333Support() throws Exception {
  RangerServiceDef ret = null;
  RangerServiceDef embeddedPrestoServiceDef = null;
  XXServiceDef xXServiceDefObj = null;
  RangerServiceDef dbPrestoServiceDef = null;
  List<RangerServiceDef.RangerResourceDef> embeddedPrestoResourceDefs = null;
  List<RangerServiceDef.RangerAccessTypeDef> embeddedPrestoAccessTypes = null;

  embeddedPrestoServiceDef = EmbeddedServiceDefsUtil.instance()
    .getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_PRESTO_NAME);

  if (embeddedPrestoServiceDef != null) {
    xXServiceDefObj = daoMgr.getXXServiceDef()
      .findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_PRESTO_NAME);
    if (xXServiceDefObj == null) {
      logger.info(xXServiceDefObj + ": service-def not found. No patching is needed");
      return;
    }

    dbPrestoServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_PRESTO_NAME);

    embeddedPrestoResourceDefs = embeddedPrestoServiceDef.getResources();
    embeddedPrestoAccessTypes = embeddedPrestoServiceDef.getAccessTypes();
    if (checkResourcePresent(PRESTO_RESOURCES, embeddedPrestoResourceDefs)) {
      dbPrestoServiceDef.setResources(embeddedPrestoResourceDefs);
      if (checkAccessPresent(PRESTO_ACCESS_TYPES, embeddedPrestoAccessTypes)) {
        dbPrestoServiceDef.setAccessTypes(embeddedPrestoAccessTypes);
      }
    }

    RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
    validator.validate(dbPrestoServiceDef, RangerValidator.Action.UPDATE);
    ret = svcStore.updateServiceDef(dbPrestoServiceDef);
    if (ret == null) {
      logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME
        + " service-def");
      throw new RuntimeException("Error while updating "
        + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def");
    }

  }
}
 
Example 8
Source File: PatchForHiveServiceDefUpdate_J10027.java    From ranger with Apache License 2.0 4 votes vote down vote up
private boolean updateHiveServiceDef() throws Exception {
	RangerServiceDef ret;
	RangerServiceDef embeddedHiveServiceDef;
	RangerServiceDef dbHiveServiceDef;
	List<RangerServiceDef.RangerAccessTypeDef> embeddedHiveAccessTypes;
	XXServiceDef xXServiceDefObj;

	embeddedHiveServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);

	if (embeddedHiveServiceDef != null) {
		xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
		Map<String, String> serviceDefOptionsPreUpdate;
		String jsonPreUpdate;

		if (xXServiceDefObj != null) {
			jsonPreUpdate = xXServiceDefObj.getDefOptions();
			serviceDefOptionsPreUpdate = jsonStringToMap(jsonPreUpdate);
		} else {
			logger.error("Hive service-definition does not exist in the Ranger DAO.");
			return false;
		}
		dbHiveServiceDef = svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);

		if (dbHiveServiceDef != null) {
			embeddedHiveAccessTypes = embeddedHiveServiceDef.getAccessTypes();

			if (embeddedHiveAccessTypes != null) {
				if (checkNewHiveAccessTypesPresent(embeddedHiveAccessTypes)) {
					if (!embeddedHiveAccessTypes.toString().equalsIgnoreCase(dbHiveServiceDef.getAccessTypes().toString())) {
						dbHiveServiceDef.setAccessTypes(embeddedHiveAccessTypes);
					}
				}
			}
		} else {
			logger.error("Hive service-definition does not exist in the db store.");
			return false;
		}
		RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
		validator.validate(dbHiveServiceDef, RangerValidator.Action.UPDATE);

		ret = svcStore.updateServiceDef(dbHiveServiceDef);
		if (ret == null) {
			throw new RuntimeException("Error while updating " + SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME + " service-def");
		}
		xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
		if (xXServiceDefObj != null) {
			String jsonStrPostUpdate = xXServiceDefObj.getDefOptions();
			Map<String, String> serviceDefOptionsPostUpdate = jsonStringToMap(jsonStrPostUpdate);
			if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
				if (serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
					String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
					if (preUpdateValue == null) {
						serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
					} else {
						serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
					}
					xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
					daoMgr.getXXServiceDef().update(xXServiceDefObj);
				}
			}
		} else {
			logger.error("Hive service-definition does not exist in the Ranger DAO.");
			return false;
		}
	} else {
		logger.error("The embedded Hive service-definition does not exist.");
		return false;
	}
	return true;
}
 
Example 9
Source File: PatchForHBaseServiceDefUpdate_J10035.java    From ranger with Apache License 2.0 4 votes vote down vote up
private boolean updateHBaseServiceDef() throws Exception {
    RangerServiceDef ret;
    RangerServiceDef embeddedHBasServiceDef;
    RangerServiceDef dbHBaseServiceDef;
    List<RangerServiceDef.RangerAccessTypeDef> embeddedHBaseAccessTypes;
    XXServiceDef xXServiceDefObj;

    embeddedHBasServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HBASE_NAME);

    if (embeddedHBasServiceDef != null) {
        xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HBASE_NAME);
        Map<String, String> serviceDefOptionsPreUpdate;
        String jsonPreUpdate;

        if (xXServiceDefObj != null) {
            jsonPreUpdate = xXServiceDefObj.getDefOptions();
            serviceDefOptionsPreUpdate = jsonStringToMap(jsonPreUpdate);
        } else {
            logger.error("HBase service-definition does not exist in the Ranger DAO.");
            return false;
        }
        dbHBaseServiceDef = svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HBASE_NAME);

        if (dbHBaseServiceDef != null) {
            embeddedHBaseAccessTypes = embeddedHBasServiceDef.getAccessTypes();

            if (embeddedHBaseAccessTypes != null) {
                if (checkNewHBaseAccessTypesPresent(embeddedHBaseAccessTypes)) {
                    if (!embeddedHBaseAccessTypes.toString().equalsIgnoreCase(dbHBaseServiceDef.getAccessTypes().toString())) {
                        dbHBaseServiceDef.setAccessTypes(embeddedHBaseAccessTypes);
                    }
                }
            }
        } else {
            logger.error("HBase service-definition does not exist in the db store.");
            return false;
        }
        RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
        validator.validate(dbHBaseServiceDef, RangerValidator.Action.UPDATE);

        ret = svcStore.updateServiceDef(dbHBaseServiceDef);
        if (ret == null) {
            throw new RuntimeException("Error while updating " + SERVICEDBSTORE_SERVICEDEFBYNAME_HBASE_NAME + " service-def");
        }
        xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HBASE_NAME);
        if (xXServiceDefObj != null) {
            String jsonStrPostUpdate = xXServiceDefObj.getDefOptions();
            Map<String, String> serviceDefOptionsPostUpdate = jsonStringToMap(jsonStrPostUpdate);
            if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
                if (serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
                    String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
                    if (preUpdateValue == null) {
                        serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
                    } else {
                        serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
                    }
                    xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
                    daoMgr.getXXServiceDef().update(xXServiceDefObj);
                }
            }
        } else {
            logger.error("HBase service-definition does not exist in the Ranger DAO.");
            return false;
        }
    } else {
        logger.error("The embedded HBase service-definition does not exist.");
        return false;
    }
    return true;
}
 
Example 10
Source File: PatchForHiveServiceDefUpdate_J10009.java    From ranger with Apache License 2.0 4 votes vote down vote up
private void updateHiveServiceDef(){
	RangerServiceDef ret  					= null;
	RangerServiceDef embeddedHiveServiceDef = null;
	RangerServiceDef dbHiveServiceDef 		= null;
	List<RangerServiceDef.RangerAccessTypeDef> 	embeddedHiveAccessTypes   = null;
	XXServiceDef xXServiceDefObj			= null;
	try{
		embeddedHiveServiceDef=EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
		if(embeddedHiveServiceDef!=null){

			xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
			Map<String, String> serviceDefOptionsPreUpdate=null;
			String jsonStrPreUpdate=null;
			if(xXServiceDefObj!=null) {
				jsonStrPreUpdate=xXServiceDefObj.getDefOptions();
				serviceDefOptionsPreUpdate=jsonStringToMap(jsonStrPreUpdate);
				xXServiceDefObj=null;
			}
			dbHiveServiceDef=svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);

			if(dbHiveServiceDef!=null){
				embeddedHiveAccessTypes  = embeddedHiveServiceDef.getAccessTypes();
				if (checkHiveAccessType(embeddedHiveAccessTypes)) {
					// This is to check if HiveServiceDef AccessType has the new AccessType and if Present update the dbHiveServiceDef along with new Admin accessType.
					dbHiveServiceDef.setAccessTypes(embeddedHiveAccessTypes);
				}

				RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
				validator.validate(dbHiveServiceDef, Action.UPDATE);

				ret = svcStore.updateServiceDef(dbHiveServiceDef);
				if(ret==null){
					logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def");
					throw new RuntimeException("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def");
				}
				xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
				if(xXServiceDefObj!=null) {
					String jsonStrPostUpdate=xXServiceDefObj.getDefOptions();
					Map<String, String> serviceDefOptionsPostUpdate=jsonStringToMap(jsonStrPostUpdate);
					if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
						if(serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
							String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
							if (preUpdateValue == null) {
								serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
							} else {
								serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
							}
							xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
							daoMgr.getXXServiceDef().update(xXServiceDefObj);
						}
					}
				}
			}
		}
		}catch(Exception e)
		{
			logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def", e);
		}
}
 
Example 11
Source File: PatchForKafkaServiceDefUpdate_J10025.java    From ranger with Apache License 2.0 4 votes vote down vote up
private void updateKafkaServiceDef(){
	RangerServiceDef ret                = null;
	RangerServiceDef embeddedKafkaServiceDef = null;
	RangerServiceDef dbKafkaServiceDef         = null;
	List<RangerServiceDef.RangerResourceDef>   embeddedKafkaResourceDefs  = null;
	List<RangerServiceDef.RangerAccessTypeDef>     embeddedKafkaAccessTypes   = null;
	XXServiceDef xXServiceDefObj         = null;
	try{
		embeddedKafkaServiceDef=EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
		if(embeddedKafkaServiceDef!=null){

			xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
			Map<String, String> serviceDefOptionsPreUpdate=null;
			String jsonStrPreUpdate=null;
			if(xXServiceDefObj!=null) {
				jsonStrPreUpdate=xXServiceDefObj.getDefOptions();
				serviceDefOptionsPreUpdate=jsonStringToMap(jsonStrPreUpdate);
				xXServiceDefObj=null;
			}
			dbKafkaServiceDef=svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);

			if(dbKafkaServiceDef!=null){
				embeddedKafkaResourceDefs = embeddedKafkaServiceDef.getResources();
				embeddedKafkaAccessTypes  = embeddedKafkaServiceDef.getAccessTypes();

				if (checkNewKafkaresourcePresent(embeddedKafkaResourceDefs)) {
					// This is to check if CLUSTER resource is added to the resource definition, if so update the resource def and accessType def
					if (embeddedKafkaResourceDefs != null) {
						dbKafkaServiceDef.setResources(embeddedKafkaResourceDefs);
					}
					if (embeddedKafkaAccessTypes != null) {
						if(!embeddedKafkaAccessTypes.toString().equalsIgnoreCase(dbKafkaServiceDef.getAccessTypes().toString())) {
							dbKafkaServiceDef.setAccessTypes(embeddedKafkaAccessTypes);
						}
					}
				}

				RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
				validator.validate(dbKafkaServiceDef, Action.UPDATE);

				ret = svcStore.updateServiceDef(dbKafkaServiceDef);
				if(ret==null){
					logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def");
					throw new RuntimeException("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def");
				}
				xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
				if(xXServiceDefObj!=null) {
					String jsonStrPostUpdate=xXServiceDefObj.getDefOptions();
					Map<String, String> serviceDefOptionsPostUpdate=jsonStringToMap(jsonStrPostUpdate);
					if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
						if(serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
							String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
							if (preUpdateValue == null) {
								serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
							} else {
								serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
							}
							xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
							daoMgr.getXXServiceDef().update(xXServiceDefObj);
						}
					}
					createDefaultPolicyForNewResources();
				}
			}
		}
	}catch(Exception e)
	{
		logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def", e);
	}
}
 
Example 12
Source File: PatchForAtlasServiceDefUpdate_J10013.java    From ranger with Apache License 2.0 4 votes vote down vote up
private void updateAtlasServiceDef() throws Exception{
	String serviceDefName=EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME;
	XXServiceDefDao serviceDefDao = daoMgr.getXXServiceDef();
	XXServiceDef serviceDef = serviceDefDao.findByName(serviceDefName);
	// if service-def named 'atlas' does not exist then no need to process this patch further.
	if(serviceDef == null) {
		LOG.info(serviceDefName + ": service-def not found. No patching is needed");
		return;
	}
	// if older atlas service-def doesn't exist then no need to process this patch further.
	if(!checkIfHasOlderServiceDef(serviceDef)) {
		LOG.info("Older version of "+serviceDefName + " service-def not found. No patching is needed");
		return;
	}
	String suffix = null;
	for (int i = 1; true; i++) {
		suffix = ".v" + i;
		if (serviceDefDao.findByName(serviceDefName + suffix) == null) {
			break;
		}
	}
	String serviceDefNewName = serviceDefName + suffix;
	LOG.info("Renaming service-def " + serviceDefName + " as " + serviceDefNewName);
	RangerServiceDef dbAtlasServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
	if (EmbeddedServiceDefsUtil.instance().getTagServiceDefId() != -1) {
		RangerServiceDef dbTagServiceDef;
		try {
			dbTagServiceDef = svcDBStore.getServiceDef(EmbeddedServiceDefsUtil.instance().getTagServiceDefId());
			if(dbTagServiceDef!=null) {
				String prefix = serviceDefName + AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR;
				String newPrefix = serviceDefNewName + AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR;

				List<RangerServiceDef.RangerAccessTypeDef> svcDefAccessTypes = dbAtlasServiceDef.getAccessTypes();
				List<RangerServiceDef.RangerAccessTypeDef> tagDefAccessTypes = dbTagServiceDef.getAccessTypes();
				long itemIdOffset = serviceDef.getId() * (MAX_ACCESS_TYPES_IN_SERVICE_DEF + 1);

				boolean updateNeeded = updateTagAccessTypeDefs(svcDefAccessTypes, tagDefAccessTypes, itemIdOffset, prefix,newPrefix);
				if(updateNeeded) {
					svcDBStore.updateServiceDef(dbTagServiceDef);
				}
			}
		} catch (Exception e) {
			LOG.error("updateAtlasServiceDef:" + serviceDef.getName() + "): could not find TAG ServiceDef.. ", e);
		}
	}
	serviceDef.setName(serviceDefNewName);
	serviceDef.setDisplayName(serviceDefNewName);
	serviceDefDao.update(serviceDef);
	LOG.info("Renamed service-def " + serviceDefName + " as " + serviceDefNewName);
	XXServiceDao serviceDao = daoMgr.getXXService();
	List<XXService> services = serviceDao.findByServiceDefId(serviceDef.getId());
	if (CollectionUtils.isNotEmpty(services)) {
		for (XXService service : services) {
			String serviceName = service.getName();
			String serviceNewName = serviceName + suffix;
			LOG.info("Renaming service " + serviceName + " as " + serviceNewName);
			if (serviceDao.findByName(serviceNewName) != null) {
				LOG.warn("Another service named " + serviceNewName + " already exists. Not renaming " + serviceName);
				continue;
			}
			service.setName(serviceNewName);
			service.setDisplayName(serviceNewName);
			serviceDao.update(service);
			LOG.info("Renamed service " + serviceName + " as " + serviceNewName);
		}
	}
}
 
Example 13
Source File: PatchForKafkaServiceDefUpdate_J10015.java    From ranger with Apache License 2.0 4 votes vote down vote up
private void updateHiveServiceDef(){
	RangerServiceDef ret  					 = null;
	RangerServiceDef embeddedKafkaServiceDef = null;
	RangerServiceDef dbKafkaServiceDef 		 = null;
	List<RangerServiceDef.RangerResourceDef> 	embeddedKafkaResourceDefs  = null;
	List<RangerServiceDef.RangerAccessTypeDef> 	embeddedKafkaAccessTypes   = null;
	XXServiceDef xXServiceDefObj			= null;
	try{
		embeddedKafkaServiceDef=EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
		if(embeddedKafkaServiceDef!=null){

			xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
			Map<String, String> serviceDefOptionsPreUpdate=null;
			String jsonStrPreUpdate=null;
			if(xXServiceDefObj!=null) {
				jsonStrPreUpdate=xXServiceDefObj.getDefOptions();
				serviceDefOptionsPreUpdate=jsonStringToMap(jsonStrPreUpdate);
				xXServiceDefObj=null;
			}
			dbKafkaServiceDef=svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);

			if(dbKafkaServiceDef!=null){
				embeddedKafkaResourceDefs = embeddedKafkaServiceDef.getResources();
				embeddedKafkaAccessTypes  = embeddedKafkaServiceDef.getAccessTypes();

				if (checkNewKafkaresourcePresent(embeddedKafkaResourceDefs)) {
					// This is to check if URL def is added to the resource definition, if so update the resource def and accessType def
					if (embeddedKafkaResourceDefs != null) {
						dbKafkaServiceDef.setResources(embeddedKafkaResourceDefs);
					}
					if (embeddedKafkaAccessTypes != null) {
						if(!embeddedKafkaAccessTypes.toString().equalsIgnoreCase(dbKafkaServiceDef.getAccessTypes().toString())) {
							dbKafkaServiceDef.setAccessTypes(embeddedKafkaAccessTypes);
						}
					}
				}

				RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
				validator.validate(dbKafkaServiceDef, Action.UPDATE);

				ret = svcStore.updateServiceDef(dbKafkaServiceDef);
				if(ret==null){
					logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def");
					throw new RuntimeException("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def");
				}
				xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
				if(xXServiceDefObj!=null) {
					String jsonStrPostUpdate=xXServiceDefObj.getDefOptions();
					Map<String, String> serviceDefOptionsPostUpdate=jsonStringToMap(jsonStrPostUpdate);
					if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
						if(serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
							String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
							if (preUpdateValue == null) {
								serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
							} else {
								serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
							}
							xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
							daoMgr.getXXServiceDef().update(xXServiceDefObj);
						}
					}
				}
			}
		}
		}catch(Exception e)
		{
			logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def", e);
		}
}
 
Example 14
Source File: PatchForHiveServiceDefUpdate_J10007.java    From ranger with Apache License 2.0 4 votes vote down vote up
private void updateHiveServiceDef(){
	RangerServiceDef ret  					= null;
	RangerServiceDef embeddedHiveServiceDef = null;
	RangerServiceDef dbHiveServiceDef 		= null;
	List<RangerServiceDef.RangerResourceDef> 	embeddedHiveResourceDefs  = null;
	List<RangerServiceDef.RangerAccessTypeDef> 	embeddedHiveAccessTypes   = null;
	XXServiceDef xXServiceDefObj			= null;
	try{
		embeddedHiveServiceDef=EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
		if(embeddedHiveServiceDef!=null){

			xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
			Map<String, String> serviceDefOptionsPreUpdate=null;
			String jsonStrPreUpdate=null;
			if(xXServiceDefObj!=null) {
				jsonStrPreUpdate=xXServiceDefObj.getDefOptions();
				serviceDefOptionsPreUpdate=jsonStringToMap(jsonStrPreUpdate);
				xXServiceDefObj=null;
			}
			dbHiveServiceDef=svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
			
			if(dbHiveServiceDef!=null){
				embeddedHiveResourceDefs = embeddedHiveServiceDef.getResources();
				embeddedHiveAccessTypes  = embeddedHiveServiceDef.getAccessTypes();

				if (checkURLresourcePresent(embeddedHiveResourceDefs)) {
					// This is to check if URL def is added to the resource definition, if so update the resource def and accessType def
					if (embeddedHiveResourceDefs != null) {
						dbHiveServiceDef.setResources(embeddedHiveResourceDefs);
					}
					if (embeddedHiveAccessTypes != null) {
						if(!embeddedHiveAccessTypes.toString().equalsIgnoreCase(dbHiveServiceDef.getAccessTypes().toString())) {
							dbHiveServiceDef.setAccessTypes(embeddedHiveAccessTypes);
						}
					}
				}

				RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
				validator.validate(dbHiveServiceDef, Action.UPDATE);

				ret = svcStore.updateServiceDef(dbHiveServiceDef);
				if(ret==null){
					logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def");
					throw new RuntimeException("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def");
				}
				xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
				if(xXServiceDefObj!=null) {
					String jsonStrPostUpdate=xXServiceDefObj.getDefOptions();
					Map<String, String> serviceDefOptionsPostUpdate=jsonStringToMap(jsonStrPostUpdate);
					if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
						if(serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
							String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
							if (preUpdateValue == null) {
								serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
							} else {
								serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
							}
							xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
							daoMgr.getXXServiceDef().update(xXServiceDefObj);
						}
					}
				}
			}
		}
		}catch(Exception e)
		{
			logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def", e);
		}
}
 
Example 15
Source File: PatchForKafkaServiceDefUpdate_J10033.java    From ranger with Apache License 2.0 4 votes vote down vote up
private void updateKafkaServiceDef(){
	RangerServiceDef ret                = null;
	RangerServiceDef embeddedKafkaServiceDef = null;
	RangerServiceDef dbKafkaServiceDef         = null;
	List<RangerServiceDef.RangerResourceDef>   embeddedKafkaResourceDefs  = null;
	List<RangerServiceDef.RangerAccessTypeDef>     embeddedKafkaAccessTypes   = null;
	XXServiceDef xXServiceDefObj         = null;
	try{
		embeddedKafkaServiceDef=EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
		if(embeddedKafkaServiceDef!=null){

			xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
			Map<String, String> serviceDefOptionsPreUpdate=null;
			String jsonStrPreUpdate=null;
			if(xXServiceDefObj!=null) {
				jsonStrPreUpdate=xXServiceDefObj.getDefOptions();
				serviceDefOptionsPreUpdate=jsonStringToMap(jsonStrPreUpdate);
				xXServiceDefObj=null;
			}
			dbKafkaServiceDef=svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);

			if(dbKafkaServiceDef!=null){
				embeddedKafkaResourceDefs = embeddedKafkaServiceDef.getResources();
				embeddedKafkaAccessTypes  = embeddedKafkaServiceDef.getAccessTypes();

				if (checkNewKafkaresourcePresent(embeddedKafkaResourceDefs)) {
					// This is to check if CONSUMERGROUP resource is added to the resource definition, if so update the resource def and accessType def
					if (embeddedKafkaResourceDefs != null) {
						dbKafkaServiceDef.setResources(embeddedKafkaResourceDefs);
					}
					if (embeddedKafkaAccessTypes != null) {
						if(!embeddedKafkaAccessTypes.toString().equalsIgnoreCase(dbKafkaServiceDef.getAccessTypes().toString())) {
							dbKafkaServiceDef.setAccessTypes(embeddedKafkaAccessTypes);
						}
					}
				}

				RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
				validator.validate(dbKafkaServiceDef, Action.UPDATE);

				ret = svcStore.updateServiceDef(dbKafkaServiceDef);
				if(ret==null){
					logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def");
					throw new RuntimeException("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def");
				}
				xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
				if(xXServiceDefObj!=null) {
					String jsonStrPostUpdate=xXServiceDefObj.getDefOptions();
					Map<String, String> serviceDefOptionsPostUpdate=jsonStringToMap(jsonStrPostUpdate);
					if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
						if(serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
							String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
							if (preUpdateValue == null) {
								serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
							} else {
								serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
							}
							xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
							daoMgr.getXXServiceDef().update(xXServiceDefObj);
						}
					}
					createDefaultPolicyForNewResources();
				}
			}
		}
	}catch(Exception e)
	{
		logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def", e);
	}
}
 
Example 16
Source File: RangerServiceDefHelper.java    From ranger with Apache License 2.0 3 votes vote down vote up
static public RangerServiceDef getServiceDefForPolicyFiltering(RangerServiceDef serviceDef) {

		List<RangerResourceDef> modifiedResourceDefs = new ArrayList<RangerResourceDef>();

		for (RangerResourceDef resourceDef : serviceDef.getResources()) {

			final RangerResourceDef modifiedResourceDef;

			String matcherClassName = resourceDef.getMatcher();

			if (RangerPathResourceMatcher.class.getName().equals(matcherClassName)) {

				Map<String, String> modifiedMatcherOptions = new HashMap<String, String>(resourceDef.getMatcherOptions());

				modifiedMatcherOptions.put(RangerAbstractResourceMatcher.OPTION_WILD_CARD, "false");

				modifiedResourceDef = new RangerResourceDef(resourceDef);
				modifiedResourceDef.setMatcherOptions(modifiedMatcherOptions);
				modifiedResourceDef.setRecursiveSupported(false);

			} else {
				modifiedResourceDef = resourceDef;
			}

			modifiedResourceDefs.add(modifiedResourceDef);
		}

		return new RangerServiceDef(serviceDef.getName(), serviceDef.getDisplayName(), serviceDef.getImplClass(), serviceDef.getLabel(),
				serviceDef.getDescription(), serviceDef.getOptions(), serviceDef.getConfigs(), modifiedResourceDefs, serviceDef.getAccessTypes(),
				serviceDef.getPolicyConditions(), serviceDef.getContextEnrichers(), serviceDef.getEnums());
	}
 
Example 17
Source File: ServiceDefUtil.java    From ranger with Apache License 2.0 2 votes vote down vote up
public static RangerServiceDef normalizeAccessTypeDefs(RangerServiceDef serviceDef, final String componentType) {

        if (serviceDef != null && StringUtils.isNotBlank(componentType)) {

            List<RangerServiceDef.RangerAccessTypeDef> accessTypeDefs = serviceDef.getAccessTypes();

            if (CollectionUtils.isNotEmpty(accessTypeDefs)) {

                String prefix = componentType + AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR;

                List<RangerServiceDef.RangerAccessTypeDef> unneededAccessTypeDefs = null;

                for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : accessTypeDefs) {

                    String accessType = accessTypeDef.getName();

                    if (StringUtils.startsWith(accessType, prefix)) {

                        String newAccessType = StringUtils.removeStart(accessType, prefix);

                        accessTypeDef.setName(newAccessType);

                        Collection<String> impliedGrants = accessTypeDef.getImpliedGrants();

                        if (CollectionUtils.isNotEmpty(impliedGrants)) {

                            Collection<String> newImpliedGrants = null;

                            for (String impliedGrant : impliedGrants) {

                                if (StringUtils.startsWith(impliedGrant, prefix)) {

                                    String newImpliedGrant = StringUtils.removeStart(impliedGrant, prefix);

                                    if (newImpliedGrants == null) {
                                        newImpliedGrants = new ArrayList<>();
                                    }

                                    newImpliedGrants.add(newImpliedGrant);
                                }
                            }
                            accessTypeDef.setImpliedGrants(newImpliedGrants);

                        }
                    } else if (StringUtils.contains(accessType, AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR)) {
                        if(unneededAccessTypeDefs == null) {
                            unneededAccessTypeDefs = new ArrayList<>();
                        }

                        unneededAccessTypeDefs.add(accessTypeDef);
                    }
                }

                if(unneededAccessTypeDefs != null) {
                    accessTypeDefs.removeAll(unneededAccessTypeDefs);
                }
            }
        }

        return serviceDef;
    }