Java Code Examples for org.apache.ranger.plugin.model.RangerServiceDef#getResources()
The following examples show how to use
org.apache.ranger.plugin.model.RangerServiceDef#getResources() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RangerValidator.java From ranger with Apache License 2.0 | 6 votes |
|
Map<String, String> getValidationRegExes(RangerServiceDef serviceDef) {
if (serviceDef == null || CollectionUtils.isEmpty(serviceDef.getResources())) {
return new HashMap<>();
} else {
Map<String, String> result = new HashMap<>();
for (RangerResourceDef resourceDef : serviceDef.getResources()) {
if (resourceDef == null) {
LOG.warn("A resource def in resource def collection is null");
} else {
String name = resourceDef.getName();
String regEx = resourceDef.getValidationRegEx();
if (StringUtils.isBlank(name)) {
LOG.warn("resource name is null/empty/blank");
} else if (StringUtils.isBlank(regEx)) {
LOG.debug("validation regex is null/empty/blank");
} else {
result.put(name, regEx);
}
}
}
return result;
}
}
Example 2
| Source File: PatchForHiveServiceDefUpdate_J10030.java From ranger with Apache License 2.0 | 6 votes |
|
private boolean updateServiceDef(RangerServiceDef serviceDef, RangerServiceDef embeddedHiveServiceDef ) throws Exception {
boolean ret = false;
List<RangerServiceDef.RangerResourceDef> embeddedHiveResourceDefs = null;
embeddedHiveResourceDefs = embeddedHiveServiceDef.getResources();
if (checkHiveURLResourceMatcherPresent(embeddedHiveResourceDefs)) {
// This is to check if URL resource matcher is added to the resource definition, if so update the resource def
if (embeddedHiveResourceDefs != null) {
serviceDef.setResources(embeddedHiveResourceDefs);
}
ret = true;
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(serviceDef, Action.UPDATE);
svcStore.updateServiceDef(serviceDef);
return ret;
}
Example 3
| Source File: RangerServiceDefHelper.java From ranger with Apache License 2.0 | 6 votes |
|
List<RangerResourceDef> getResourceDefs(RangerServiceDef serviceDef, Integer policyType) {
final List<RangerResourceDef> resourceDefs;
if(policyType == null || policyType == RangerPolicy.POLICY_TYPE_ACCESS) {
resourceDefs = serviceDef.getResources();
} else if(policyType == RangerPolicy.POLICY_TYPE_DATAMASK) {
if(serviceDef.getDataMaskDef() != null) {
resourceDefs = serviceDef.getDataMaskDef().getResources();
} else {
resourceDefs = null;
}
} else if(policyType == RangerPolicy.POLICY_TYPE_ROWFILTER) {
if(serviceDef.getRowFilterDef() != null) {
resourceDefs = serviceDef.getRowFilterDef().getResources();
} else {
resourceDefs = null;
}
} else { // unknown policyType; use all resources
resourceDefs = serviceDef.getResources();
}
return resourceDefs;
}
Example 4
| Source File: EmbeddedServiceDefsUtil.java From ranger with Apache License 2.0 | 5 votes |
|
public static boolean isRecursiveEnabled(final RangerServiceDef rangerServiceDef, final String resourceDefName) {
boolean ret = false;
List<RangerServiceDef.RangerResourceDef> resourceDefs = rangerServiceDef.getResources();
for(RangerServiceDef.RangerResourceDef resourceDef:resourceDefs) {
if (resourceDefName.equals(resourceDef.getName())) {
ret = resourceDef.getRecursiveSupported();
break;
}
}
return ret;
}
Example 5
| Source File: ServiceDefUtil.java From ranger with Apache License 2.0 | 5 votes |
|
public static RangerResourceDef getResourceDef(RangerServiceDef serviceDef, String resource) {
RangerResourceDef ret = null;
if(serviceDef != null && resource != null && CollectionUtils.isNotEmpty(serviceDef.getResources())) {
for(RangerResourceDef resourceDef : serviceDef.getResources()) {
if(StringUtils.equalsIgnoreCase(resourceDef.getName(), resource)) {
ret = resourceDef;
break;
}
}
}
return ret;
}
Example 6
| Source File: PatchForHiveServiceDefUpdate_J10017.java From ranger with Apache License 2.0 | 5 votes |
|
private boolean updateServiceDef(RangerServiceDef serviceDef, RangerServiceDef embeddedHiveServiceDef ) throws Exception {
boolean ret = false;
List<RangerServiceDef.RangerResourceDef> embeddedHiveResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedHiveAccessTypes = null;
embeddedHiveResourceDefs = embeddedHiveServiceDef.getResources();
embeddedHiveAccessTypes = embeddedHiveServiceDef.getAccessTypes();
if (checkHiveGlobalresourcePresent(embeddedHiveResourceDefs)) {
// This is to check if HIVESERVICE def is added to the resource definition, if so update the resource def and accessType def
if (embeddedHiveResourceDefs != null) {
serviceDef.setResources(embeddedHiveResourceDefs);
}
if (embeddedHiveAccessTypes != null) {
if(!embeddedHiveAccessTypes.toString().equalsIgnoreCase(serviceDef.getAccessTypes().toString())) {
serviceDef.setAccessTypes(embeddedHiveAccessTypes);
}
}
ret = true;
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(serviceDef, Action.UPDATE);
svcStore.updateServiceDef(serviceDef);
return ret;
}
Example 7
| Source File: PatchForNifiResourceUpdateExclude_J10011.java From ranger with Apache License 2.0 | 5 votes |
|
private void updateNifiServiceDef(){
RangerServiceDef ret = null;
RangerServiceDef dbNifiServiceDef = null;
try {
dbNifiServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME);
if (dbNifiServiceDef != null) {
List<RangerResourceDef> rRDefList = null;
rRDefList = dbNifiServiceDef.getResources();
if (CollectionUtils.isNotEmpty(rRDefList)) {
for (RangerResourceDef rRDef : rRDefList) {
if (rRDef.getExcludesSupported()) {
rRDef.setExcludesSupported(false);
}
XXResourceDef sdf=daoMgr.getXXResourceDef().findByNameAndServiceDefId(rRDef.getName(), dbNifiServiceDef.getId());
long ResourceDefId=sdf.getId();
List<XXPolicyResource> RangerPolicyResourceList=daoMgr.getXXPolicyResource().findByResDefId(ResourceDefId);
if (CollectionUtils.isNotEmpty(RangerPolicyResourceList)){
for(XXPolicyResource RangerPolicyResource : RangerPolicyResourceList){
if(RangerPolicyResource.getIsexcludes()){
RangerPolicy rPolicy=svcDBStore.getPolicy(RangerPolicyResource.getPolicyid());
rPolicy.setIsEnabled(false);
svcStore.updatePolicy(rPolicy);
}
}
}
}
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbNifiServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbNifiServiceDef);
}
if (ret == null) {
logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME+ "service-def");
}
} catch (Exception e) {
logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME + "service-def", e);
}
}
Example 8
| Source File: PatchForHiveServiceDefUpdate_J10010.java From ranger with Apache License 2.0 | 5 votes |
|
private boolean updateServiceDef(RangerServiceDef serviceDef, RangerServiceDef embeddedHiveServiceDef ) throws Exception {
boolean ret = false;
List<RangerServiceDef.RangerResourceDef> embeddedHiveResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedHiveAccessTypes = null;
embeddedHiveResourceDefs = embeddedHiveServiceDef.getResources();
embeddedHiveAccessTypes = embeddedHiveServiceDef.getAccessTypes();
if (checkHiveServiceresourcePresent(embeddedHiveResourceDefs)) {
// This is to check if HIVESERVICE def is added to the resource definition, if so update the resource def and accessType def
if (embeddedHiveResourceDefs != null) {
serviceDef.setResources(embeddedHiveResourceDefs);
}
if (embeddedHiveAccessTypes != null) {
if(!embeddedHiveAccessTypes.toString().equalsIgnoreCase(serviceDef.getAccessTypes().toString())) {
serviceDef.setAccessTypes(embeddedHiveAccessTypes);
}
}
ret = true;
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(serviceDef, Action.UPDATE);
svcStore.updateServiceDef(serviceDef);
return ret;
}
Example 9
| Source File: PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034.java From ranger with Apache License 2.0 | 5 votes |
|
private void addResourceEntityLabelAndEntityBusinessMetadataInServiceDef() throws Exception {
RangerServiceDef ret = null;
RangerServiceDef embeddedAtlasServiceDef = null;
XXServiceDef xXServiceDefObj = null;
RangerServiceDef dbAtlasServiceDef = null;
List<RangerServiceDef.RangerResourceDef> embeddedAtlasResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedAtlasAccessTypes = null;
embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance()
.getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
if (embeddedAtlasServiceDef != null) {
xXServiceDefObj = daoMgr.getXXServiceDef()
.findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
if (xXServiceDefObj == null) {
logger.info(xXServiceDefObj + ": service-def not found. No patching is needed");
return;
}
dbAtlasServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
embeddedAtlasResourceDefs = embeddedAtlasServiceDef.getResources();
embeddedAtlasAccessTypes = embeddedAtlasServiceDef.getAccessTypes();
if (checkResourcePresent(embeddedAtlasResourceDefs)) {
dbAtlasServiceDef.setResources(embeddedAtlasResourceDefs);
if (checkAccessPresent(embeddedAtlasAccessTypes)) {
dbAtlasServiceDef.setAccessTypes(embeddedAtlasAccessTypes);
}
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbAtlasServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbAtlasServiceDef);
if (ret == null) {
logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME
+ " service-def");
throw new RuntimeException("Error while updating "
+ EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def");
}
}
}
Example 10
| Source File: RangerValidator.java From ranger with Apache License 2.0 | 5 votes |
|
Set<String> getAllResourceNames(RangerServiceDef serviceDef) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerValidator.getAllResourceNames(" + serviceDef + ")");
}
Set<String> resourceNames = new HashSet<>();
if (serviceDef == null) {
LOG.warn("serviceDef passed in was null!");
} else if (CollectionUtils.isEmpty(serviceDef.getResources())) {
LOG.warn("ResourceDef collection on serviceDef was null!");
} else {
for (RangerResourceDef resourceTypeDef : serviceDef.getResources()) {
if (resourceTypeDef == null) {
LOG.warn("resource type def was null!");
} else {
String resourceName = resourceTypeDef.getName();
if (StringUtils.isBlank(resourceName)) {
LOG.warn("Resource def name was null/empty/blank!");
} else {
resourceNames.add(resourceName.toLowerCase());
}
}
}
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerValidator.getAllResourceNames(" + serviceDef + "): " + resourceNames);
}
return resourceNames;
}
Example 11
| Source File: RangerValidator.java From ranger with Apache License 2.0 | 5 votes |
|
/**
* Returns names of resource types set to lower-case to allow for case-insensitive comparison.
* @param serviceDef
* @return
*/
Set<String> getMandatoryResourceNames(RangerServiceDef serviceDef) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerValidator.getMandatoryResourceNames(" + serviceDef + ")");
}
Set<String> resourceNames = new HashSet<>();
if (serviceDef == null) {
LOG.warn("serviceDef passed in was null!");
} else if (CollectionUtils.isEmpty(serviceDef.getResources())) {
LOG.warn("ResourceDef collection on serviceDef was null!");
} else {
for (RangerResourceDef resourceTypeDef : serviceDef.getResources()) {
if (resourceTypeDef == null) {
LOG.warn("resource type def was null!");
} else {
Boolean mandatory = resourceTypeDef.getMandatory();
if (mandatory != null && mandatory == true) {
String resourceName = resourceTypeDef.getName();
if (StringUtils.isBlank(resourceName)) {
LOG.warn("Resource def name was null/empty/blank!");
} else {
resourceNames.add(resourceName.toLowerCase());
}
}
}
}
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerValidator.getMandatoryResourceNames(" + serviceDef + "): " + resourceNames);
}
return resourceNames;
}
Example 12
| Source File: RangerServiceDefHelper.java From ranger with Apache License 2.0 | 5 votes |
|
public static Map<String, String> getFilterResourcesForAncestorPolicyFiltering(RangerServiceDef serviceDef, Map<String, String> filterResources) {
Map<String, String> ret = null;
for (RangerResourceDef resourceDef : serviceDef.getResources()) {
String matcherClassName = resourceDef.getMatcher();
if (RangerPathResourceMatcher.class.getName().equals(matcherClassName)) {
String resourceDefName = resourceDef.getName();
final Map<String, String> resourceMatcherOptions = resourceDef.getMatcherOptions();
String delimiter = resourceMatcherOptions.get(RangerPathResourceMatcher.OPTION_PATH_SEPARATOR);
if (StringUtils.isBlank(delimiter)) {
delimiter = Character.toString(RangerPathResourceMatcher.DEFAULT_PATH_SEPARATOR_CHAR);
}
String resourceValue = filterResources.get(resourceDefName);
if (StringUtils.isNotBlank(resourceValue)) {
if (!resourceValue.endsWith(delimiter)) {
resourceValue += delimiter;
}
resourceValue += RangerAbstractResourceMatcher.WILDCARD_ASTERISK;
if (ret == null) {
ret = new HashMap<String, String>();
}
ret.put(resourceDefName, resourceValue);
}
}
}
return ret;
}
Example 13
| Source File: PatchForPrestoToSupportPresto333_J10038.java From ranger with Apache License 2.0 | 4 votes |
|
private void addPresto333Support() throws Exception {
RangerServiceDef ret = null;
RangerServiceDef embeddedPrestoServiceDef = null;
XXServiceDef xXServiceDefObj = null;
RangerServiceDef dbPrestoServiceDef = null;
List<RangerServiceDef.RangerResourceDef> embeddedPrestoResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedPrestoAccessTypes = null;
embeddedPrestoServiceDef = EmbeddedServiceDefsUtil.instance()
.getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_PRESTO_NAME);
if (embeddedPrestoServiceDef != null) {
xXServiceDefObj = daoMgr.getXXServiceDef()
.findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_PRESTO_NAME);
if (xXServiceDefObj == null) {
logger.info(xXServiceDefObj + ": service-def not found. No patching is needed");
return;
}
dbPrestoServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_PRESTO_NAME);
embeddedPrestoResourceDefs = embeddedPrestoServiceDef.getResources();
embeddedPrestoAccessTypes = embeddedPrestoServiceDef.getAccessTypes();
if (checkResourcePresent(PRESTO_RESOURCES, embeddedPrestoResourceDefs)) {
dbPrestoServiceDef.setResources(embeddedPrestoResourceDefs);
if (checkAccessPresent(PRESTO_ACCESS_TYPES, embeddedPrestoAccessTypes)) {
dbPrestoServiceDef.setAccessTypes(embeddedPrestoAccessTypes);
}
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbPrestoServiceDef, RangerValidator.Action.UPDATE);
ret = svcStore.updateServiceDef(dbPrestoServiceDef);
if (ret == null) {
logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME
+ " service-def");
throw new RuntimeException("Error while updating "
+ EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def");
}
}
}
Example 14
| Source File: PolicyEngine.java From ranger with Apache License 2.0 | 4 votes |
|
private void buildZoneTrie(ServicePolicies servicePolicies) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyEngine.buildZoneTrie()");
}
Map<String, ServicePolicies.SecurityZoneInfo> securityZones = servicePolicies.getSecurityZones();
if (MapUtils.isNotEmpty(securityZones)) {
RangerServiceDef serviceDef = servicePolicies.getServiceDef();
List<RangerZoneResourceMatcher> matchers = new ArrayList<>();
for (Map.Entry<String, ServicePolicies.SecurityZoneInfo> securityZone : securityZones.entrySet()) {
String zoneName = securityZone.getKey();
ServicePolicies.SecurityZoneInfo zoneDetails = securityZone.getValue();
if (LOG.isDebugEnabled()) {
LOG.debug("Building matchers for zone:[" + zoneName +"]");
}
for (Map<String, List<String>> resource : zoneDetails.getResources()) {
if (LOG.isDebugEnabled()) {
LOG.debug("Building matcher for resource:[" + resource + "] in zone:[" + zoneName +"]");
}
Map<String, RangerPolicy.RangerPolicyResource> policyResources = new HashMap<>();
for (Map.Entry<String, List<String>> entry : resource.entrySet()) {
String resourceDefName = entry.getKey();
List<String> resourceValues = entry.getValue();
RangerPolicy.RangerPolicyResource policyResource = new RangerPolicy.RangerPolicyResource();
policyResource.setIsExcludes(false);
policyResource.setIsRecursive(EmbeddedServiceDefsUtil.isRecursiveEnabled(serviceDef, resourceDefName));
policyResource.setValues(resourceValues);
policyResources.put(resourceDefName, policyResource);
}
matchers.add(new RangerZoneResourceMatcher(zoneName, policyResources, serviceDef));
if (LOG.isDebugEnabled()) {
LOG.debug("Built matcher for resource:[" + resource +"] in zone:[" + zoneName + "]");
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("Built all matchers for zone:[" + zoneName +"]");
}
if (zoneDetails.getContainsAssociatedTagService()) {
zoneTagServiceMap.put(zoneName, zoneName);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("Built matchers for all Zones");
}
for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
resourceZoneTrie.put(resourceDef.getName(), new RangerResourceTrie<>(resourceDef, matchers));
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyEngine.buildZoneTrie()");
}
}
Example 15
| Source File: PatchForKafkaServiceDefUpdate_J10033.java From ranger with Apache License 2.0 | 4 votes |
|
private void updateKafkaServiceDef(){
RangerServiceDef ret = null;
RangerServiceDef embeddedKafkaServiceDef = null;
RangerServiceDef dbKafkaServiceDef = null;
List<RangerServiceDef.RangerResourceDef> embeddedKafkaResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedKafkaAccessTypes = null;
XXServiceDef xXServiceDefObj = null;
try{
embeddedKafkaServiceDef=EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
if(embeddedKafkaServiceDef!=null){
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
Map<String, String> serviceDefOptionsPreUpdate=null;
String jsonStrPreUpdate=null;
if(xXServiceDefObj!=null) {
jsonStrPreUpdate=xXServiceDefObj.getDefOptions();
serviceDefOptionsPreUpdate=jsonStringToMap(jsonStrPreUpdate);
xXServiceDefObj=null;
}
dbKafkaServiceDef=svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
if(dbKafkaServiceDef!=null){
embeddedKafkaResourceDefs = embeddedKafkaServiceDef.getResources();
embeddedKafkaAccessTypes = embeddedKafkaServiceDef.getAccessTypes();
if (checkNewKafkaresourcePresent(embeddedKafkaResourceDefs)) {
// This is to check if CONSUMERGROUP resource is added to the resource definition, if so update the resource def and accessType def
if (embeddedKafkaResourceDefs != null) {
dbKafkaServiceDef.setResources(embeddedKafkaResourceDefs);
}
if (embeddedKafkaAccessTypes != null) {
if(!embeddedKafkaAccessTypes.toString().equalsIgnoreCase(dbKafkaServiceDef.getAccessTypes().toString())) {
dbKafkaServiceDef.setAccessTypes(embeddedKafkaAccessTypes);
}
}
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbKafkaServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbKafkaServiceDef);
if(ret==null){
logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def");
throw new RuntimeException("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def");
}
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
if(xXServiceDefObj!=null) {
String jsonStrPostUpdate=xXServiceDefObj.getDefOptions();
Map<String, String> serviceDefOptionsPostUpdate=jsonStringToMap(jsonStrPostUpdate);
if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
if(serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
if (preUpdateValue == null) {
serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
} else {
serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
}
xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
daoMgr.getXXServiceDef().update(xXServiceDefObj);
}
}
createDefaultPolicyForNewResources();
}
}
}
}catch(Exception e)
{
logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def", e);
}
}
Example 16
| Source File: PatchForKafkaServiceDefUpdate_J10025.java From ranger with Apache License 2.0 | 4 votes |
|
private void updateKafkaServiceDef(){
RangerServiceDef ret = null;
RangerServiceDef embeddedKafkaServiceDef = null;
RangerServiceDef dbKafkaServiceDef = null;
List<RangerServiceDef.RangerResourceDef> embeddedKafkaResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedKafkaAccessTypes = null;
XXServiceDef xXServiceDefObj = null;
try{
embeddedKafkaServiceDef=EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
if(embeddedKafkaServiceDef!=null){
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
Map<String, String> serviceDefOptionsPreUpdate=null;
String jsonStrPreUpdate=null;
if(xXServiceDefObj!=null) {
jsonStrPreUpdate=xXServiceDefObj.getDefOptions();
serviceDefOptionsPreUpdate=jsonStringToMap(jsonStrPreUpdate);
xXServiceDefObj=null;
}
dbKafkaServiceDef=svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
if(dbKafkaServiceDef!=null){
embeddedKafkaResourceDefs = embeddedKafkaServiceDef.getResources();
embeddedKafkaAccessTypes = embeddedKafkaServiceDef.getAccessTypes();
if (checkNewKafkaresourcePresent(embeddedKafkaResourceDefs)) {
// This is to check if CLUSTER resource is added to the resource definition, if so update the resource def and accessType def
if (embeddedKafkaResourceDefs != null) {
dbKafkaServiceDef.setResources(embeddedKafkaResourceDefs);
}
if (embeddedKafkaAccessTypes != null) {
if(!embeddedKafkaAccessTypes.toString().equalsIgnoreCase(dbKafkaServiceDef.getAccessTypes().toString())) {
dbKafkaServiceDef.setAccessTypes(embeddedKafkaAccessTypes);
}
}
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbKafkaServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbKafkaServiceDef);
if(ret==null){
logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def");
throw new RuntimeException("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def");
}
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
if(xXServiceDefObj!=null) {
String jsonStrPostUpdate=xXServiceDefObj.getDefOptions();
Map<String, String> serviceDefOptionsPostUpdate=jsonStringToMap(jsonStrPostUpdate);
if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
if(serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
if (preUpdateValue == null) {
serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
} else {
serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
}
xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
daoMgr.getXXServiceDef().update(xXServiceDefObj);
}
}
createDefaultPolicyForNewResources();
}
}
}
}catch(Exception e)
{
logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def", e);
}
}
Example 17
| Source File: PatchForKafkaServiceDefUpdate_J10015.java From ranger with Apache License 2.0 | 4 votes |
|
private void updateHiveServiceDef(){
RangerServiceDef ret = null;
RangerServiceDef embeddedKafkaServiceDef = null;
RangerServiceDef dbKafkaServiceDef = null;
List<RangerServiceDef.RangerResourceDef> embeddedKafkaResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedKafkaAccessTypes = null;
XXServiceDef xXServiceDefObj = null;
try{
embeddedKafkaServiceDef=EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
if(embeddedKafkaServiceDef!=null){
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
Map<String, String> serviceDefOptionsPreUpdate=null;
String jsonStrPreUpdate=null;
if(xXServiceDefObj!=null) {
jsonStrPreUpdate=xXServiceDefObj.getDefOptions();
serviceDefOptionsPreUpdate=jsonStringToMap(jsonStrPreUpdate);
xXServiceDefObj=null;
}
dbKafkaServiceDef=svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
if(dbKafkaServiceDef!=null){
embeddedKafkaResourceDefs = embeddedKafkaServiceDef.getResources();
embeddedKafkaAccessTypes = embeddedKafkaServiceDef.getAccessTypes();
if (checkNewKafkaresourcePresent(embeddedKafkaResourceDefs)) {
// This is to check if URL def is added to the resource definition, if so update the resource def and accessType def
if (embeddedKafkaResourceDefs != null) {
dbKafkaServiceDef.setResources(embeddedKafkaResourceDefs);
}
if (embeddedKafkaAccessTypes != null) {
if(!embeddedKafkaAccessTypes.toString().equalsIgnoreCase(dbKafkaServiceDef.getAccessTypes().toString())) {
dbKafkaServiceDef.setAccessTypes(embeddedKafkaAccessTypes);
}
}
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbKafkaServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbKafkaServiceDef);
if(ret==null){
logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def");
throw new RuntimeException("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def");
}
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME);
if(xXServiceDefObj!=null) {
String jsonStrPostUpdate=xXServiceDefObj.getDefOptions();
Map<String, String> serviceDefOptionsPostUpdate=jsonStringToMap(jsonStrPostUpdate);
if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
if(serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
if (preUpdateValue == null) {
serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
} else {
serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
}
xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
daoMgr.getXXServiceDef().update(xXServiceDefObj);
}
}
}
}
}
}catch(Exception e)
{
logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME+"service-def", e);
}
}
Example 18
| Source File: PatchForHiveServiceDefUpdate_J10007.java From ranger with Apache License 2.0 | 4 votes |
|
private void updateHiveServiceDef(){
RangerServiceDef ret = null;
RangerServiceDef embeddedHiveServiceDef = null;
RangerServiceDef dbHiveServiceDef = null;
List<RangerServiceDef.RangerResourceDef> embeddedHiveResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedHiveAccessTypes = null;
XXServiceDef xXServiceDefObj = null;
try{
embeddedHiveServiceDef=EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if(embeddedHiveServiceDef!=null){
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
Map<String, String> serviceDefOptionsPreUpdate=null;
String jsonStrPreUpdate=null;
if(xXServiceDefObj!=null) {
jsonStrPreUpdate=xXServiceDefObj.getDefOptions();
serviceDefOptionsPreUpdate=jsonStringToMap(jsonStrPreUpdate);
xXServiceDefObj=null;
}
dbHiveServiceDef=svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if(dbHiveServiceDef!=null){
embeddedHiveResourceDefs = embeddedHiveServiceDef.getResources();
embeddedHiveAccessTypes = embeddedHiveServiceDef.getAccessTypes();
if (checkURLresourcePresent(embeddedHiveResourceDefs)) {
// This is to check if URL def is added to the resource definition, if so update the resource def and accessType def
if (embeddedHiveResourceDefs != null) {
dbHiveServiceDef.setResources(embeddedHiveResourceDefs);
}
if (embeddedHiveAccessTypes != null) {
if(!embeddedHiveAccessTypes.toString().equalsIgnoreCase(dbHiveServiceDef.getAccessTypes().toString())) {
dbHiveServiceDef.setAccessTypes(embeddedHiveAccessTypes);
}
}
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbHiveServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbHiveServiceDef);
if(ret==null){
logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def");
throw new RuntimeException("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def");
}
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
if(xXServiceDefObj!=null) {
String jsonStrPostUpdate=xXServiceDefObj.getDefOptions();
Map<String, String> serviceDefOptionsPostUpdate=jsonStringToMap(jsonStrPostUpdate);
if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
if(serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
if (preUpdateValue == null) {
serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
} else {
serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
}
xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
daoMgr.getXXServiceDef().update(xXServiceDefObj);
}
}
}
}
}
}catch(Exception e)
{
logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def", e);
}
}
Example 19
| Source File: PatchForAtlasResourceAndAccessTypeUpdate_J10016.java From ranger with Apache License 2.0 | 4 votes |
|
private void updateAtlasResourceAndAccessType() {
RangerServiceDef ret = null;
RangerServiceDef embeddedAtlasServiceDef = null;
XXServiceDef xXServiceDefObj = null;
RangerServiceDef dbAtlasServiceDef = null;
List<RangerServiceDef.RangerResourceDef> embeddedAtlasResourceDefs = null;
List<RangerServiceDef.RangerAccessTypeDef> embeddedAtlasAccessTypes = null;
try {
embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance()
.getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
if (embeddedAtlasServiceDef != null) {
xXServiceDefObj = daoMgr.getXXServiceDef()
.findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
if (xXServiceDefObj == null) {
logger.info(xXServiceDefObj + ": service-def not found. No patching is needed");
return;
}
dbAtlasServiceDef = svcDBStore
.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
embeddedAtlasResourceDefs = embeddedAtlasServiceDef.getResources();
embeddedAtlasAccessTypes = embeddedAtlasServiceDef.getAccessTypes();
if (checkResourcePresent(embeddedAtlasResourceDefs)) {
dbAtlasServiceDef.setResources(embeddedAtlasResourceDefs);
if (checkAccessPresent(embeddedAtlasAccessTypes)) {
dbAtlasServiceDef.setAccessTypes(embeddedAtlasAccessTypes);
}
}
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbAtlasServiceDef, Action.UPDATE);
ret = svcStore.updateServiceDef(dbAtlasServiceDef);
if (ret == null) {
logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME
+ " service-def");
throw new RuntimeException("Error while updating "
+ EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def");
} else {
createDefaultPolicyToExistingService();
updatePolicyForRelationshipType();
}
}
} catch (Exception e) {
logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def",e);
}
}
Example 20
| Source File: RangerServiceDefHelper.java From ranger with Apache License 2.0 | 3 votes |
|
static public RangerServiceDef getServiceDefForPolicyFiltering(RangerServiceDef serviceDef) {
List<RangerResourceDef> modifiedResourceDefs = new ArrayList<RangerResourceDef>();
for (RangerResourceDef resourceDef : serviceDef.getResources()) {
final RangerResourceDef modifiedResourceDef;
String matcherClassName = resourceDef.getMatcher();
if (RangerPathResourceMatcher.class.getName().equals(matcherClassName)) {
Map<String, String> modifiedMatcherOptions = new HashMap<String, String>(resourceDef.getMatcherOptions());
modifiedMatcherOptions.put(RangerAbstractResourceMatcher.OPTION_WILD_CARD, "false");
modifiedResourceDef = new RangerResourceDef(resourceDef);
modifiedResourceDef.setMatcherOptions(modifiedMatcherOptions);
modifiedResourceDef.setRecursiveSupported(false);
} else {
modifiedResourceDef = resourceDef;
}
modifiedResourceDefs.add(modifiedResourceDef);
}
return new RangerServiceDef(serviceDef.getName(), serviceDef.getDisplayName(), serviceDef.getImplClass(), serviceDef.getLabel(),
serviceDef.getDescription(), serviceDef.getOptions(), serviceDef.getConfigs(), modifiedResourceDefs, serviceDef.getAccessTypes(),
serviceDef.getPolicyConditions(), serviceDef.getContextEnrichers(), serviceDef.getEnums());
}
