Java Code Examples for org.apache.ranger.plugin.util.ServicePolicies#SecurityZoneInfo
The following examples show how to use
org.apache.ranger.plugin.util.ServicePolicies#SecurityZoneInfo .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ServiceREST.java From ranger with Apache License 2.0 | 6 votes |
|
private void patchAssociatedTagServiceInSecurityZoneInfos(ServicePolicies servicePolicies) {
if (servicePolicies != null && MapUtils.isNotEmpty(servicePolicies.getSecurityZones())) {
// Get list of zones that associated tag-service (if any) is associated with
List<String> zonesInAssociatedTagService = new ArrayList<>();
String tagServiceName = servicePolicies.getTagPolicies() != null ? servicePolicies.getTagPolicies().getServiceName() : null;
if (StringUtils.isNotEmpty(tagServiceName)) {
try {
RangerService tagService = svcStore.getServiceByName(tagServiceName);
if (tagService != null && tagService.getIsEnabled()) {
zonesInAssociatedTagService = daoManager.getXXSecurityZoneDao().findZonesByTagServiceName(tagServiceName);
}
} catch (Exception exception) {
LOG.warn("Could not get service associated with [" + tagServiceName + "]", exception);
}
}
if (CollectionUtils.isNotEmpty(zonesInAssociatedTagService)) {
for (Map.Entry<String, ServicePolicies.SecurityZoneInfo> entry : servicePolicies.getSecurityZones().entrySet()) {
String zoneName = entry.getKey();
ServicePolicies.SecurityZoneInfo securityZoneInfo = entry.getValue();
securityZoneInfo.setContainsAssociatedTagService(zonesInAssociatedTagService.contains(zoneName));
}
}
}
}
Example 2
| Source File: PolicyEngine.java From ranger with Apache License 2.0 | 4 votes |
|
public PolicyEngine cloneWithDelta(ServicePolicies servicePolicies) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> cloneWithDelta(" + Arrays.toString(servicePolicies.getPolicyDeltas().toArray()) + ", " + servicePolicies.getPolicyVersion() + ")");
}
final PolicyEngine ret;
RangerPerfTracer perf = null;
if(RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYENGINE_INIT_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_POLICYENGINE_INIT_LOG, "RangerPolicyEngine.cloneWithDelta()");
}
RangerServiceDef serviceDef = this.getServiceDef();
String serviceType = (serviceDef != null) ? serviceDef.getName() : "";
boolean isValidDeltas = false;
if (CollectionUtils.isNotEmpty(servicePolicies.getPolicyDeltas()) || MapUtils.isNotEmpty(servicePolicies.getSecurityZones())) {
isValidDeltas = CollectionUtils.isEmpty(servicePolicies.getPolicyDeltas()) || RangerPolicyDeltaUtil.isValidDeltas(servicePolicies.getPolicyDeltas(), serviceType);
if (isValidDeltas) {
if (MapUtils.isNotEmpty(servicePolicies.getSecurityZones())) {
for (Map.Entry<String, ServicePolicies.SecurityZoneInfo> entry : servicePolicies.getSecurityZones().entrySet()) {
if (!RangerPolicyDeltaUtil.isValidDeltas(entry.getValue().getPolicyDeltas(), serviceType)) {
if (LOG.isDebugEnabled()) {
LOG.debug("Invalid policy-deltas for security zone:[" + entry.getKey() + "]");
}
isValidDeltas = false;
break;
}
}
}
}
}
if (isValidDeltas) {
ret = new PolicyEngine(this, servicePolicies);
} else {
ret = null;
}
RangerPerfTracer.log(perf);
if (LOG.isDebugEnabled()) {
LOG.debug("<== cloneWithDelta(" + Arrays.toString(servicePolicies.getPolicyDeltas().toArray()) + ", " + servicePolicies.getPolicyVersion() + ")");
}
return ret;
}
Example 3
| Source File: PolicyEngine.java From ranger with Apache License 2.0 | 4 votes |
|
private void buildZoneTrie(ServicePolicies servicePolicies) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyEngine.buildZoneTrie()");
}
Map<String, ServicePolicies.SecurityZoneInfo> securityZones = servicePolicies.getSecurityZones();
if (MapUtils.isNotEmpty(securityZones)) {
RangerServiceDef serviceDef = servicePolicies.getServiceDef();
List<RangerZoneResourceMatcher> matchers = new ArrayList<>();
for (Map.Entry<String, ServicePolicies.SecurityZoneInfo> securityZone : securityZones.entrySet()) {
String zoneName = securityZone.getKey();
ServicePolicies.SecurityZoneInfo zoneDetails = securityZone.getValue();
if (LOG.isDebugEnabled()) {
LOG.debug("Building matchers for zone:[" + zoneName +"]");
}
for (Map<String, List<String>> resource : zoneDetails.getResources()) {
if (LOG.isDebugEnabled()) {
LOG.debug("Building matcher for resource:[" + resource + "] in zone:[" + zoneName +"]");
}
Map<String, RangerPolicy.RangerPolicyResource> policyResources = new HashMap<>();
for (Map.Entry<String, List<String>> entry : resource.entrySet()) {
String resourceDefName = entry.getKey();
List<String> resourceValues = entry.getValue();
RangerPolicy.RangerPolicyResource policyResource = new RangerPolicy.RangerPolicyResource();
policyResource.setIsExcludes(false);
policyResource.setIsRecursive(EmbeddedServiceDefsUtil.isRecursiveEnabled(serviceDef, resourceDefName));
policyResource.setValues(resourceValues);
policyResources.put(resourceDefName, policyResource);
}
matchers.add(new RangerZoneResourceMatcher(zoneName, policyResources, serviceDef));
if (LOG.isDebugEnabled()) {
LOG.debug("Built matcher for resource:[" + resource +"] in zone:[" + zoneName + "]");
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("Built all matchers for zone:[" + zoneName +"]");
}
if (zoneDetails.getContainsAssociatedTagService()) {
zoneTagServiceMap.put(zoneName, zoneName);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("Built matchers for all Zones");
}
for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
resourceZoneTrie.put(resourceDef.getName(), new RangerResourceTrie<>(resourceDef, matchers));
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyEngine.buildZoneTrie()");
}
}
