Java Code Examples for org.apache.ranger.plugin.util.ServicePolicies#SecurityZoneInfo

The following examples show how to use org.apache.ranger.plugin.util.ServicePolicies#SecurityZoneInfo . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ServiceREST.java    From ranger with Apache License 2.0 6 votes vote down vote up
private void patchAssociatedTagServiceInSecurityZoneInfos(ServicePolicies servicePolicies) {
	if (servicePolicies != null && MapUtils.isNotEmpty(servicePolicies.getSecurityZones())) {
		// Get list of zones that associated tag-service (if any) is associated with
		List<String> zonesInAssociatedTagService = new ArrayList<>();

		String tagServiceName = servicePolicies.getTagPolicies() != null ? servicePolicies.getTagPolicies().getServiceName() : null;
		if (StringUtils.isNotEmpty(tagServiceName)) {
			try {
				RangerService tagService = svcStore.getServiceByName(tagServiceName);
				if (tagService != null && tagService.getIsEnabled()) {
					zonesInAssociatedTagService = daoManager.getXXSecurityZoneDao().findZonesByTagServiceName(tagServiceName);
				}
			} catch (Exception exception) {
				LOG.warn("Could not get service associated with [" + tagServiceName + "]", exception);
			}
		}
		if (CollectionUtils.isNotEmpty(zonesInAssociatedTagService)) {
			for (Map.Entry<String, ServicePolicies.SecurityZoneInfo> entry : servicePolicies.getSecurityZones().entrySet()) {
				String zoneName = entry.getKey();
				ServicePolicies.SecurityZoneInfo securityZoneInfo = entry.getValue();

				securityZoneInfo.setContainsAssociatedTagService(zonesInAssociatedTagService.contains(zoneName));
			}
		}
	}
}
 
Example 2
Source File: PolicyEngine.java    From ranger with Apache License 2.0 4 votes vote down vote up
public PolicyEngine cloneWithDelta(ServicePolicies servicePolicies) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> cloneWithDelta(" + Arrays.toString(servicePolicies.getPolicyDeltas().toArray()) + ", " + servicePolicies.getPolicyVersion() + ")");
    }

    final PolicyEngine ret;
    RangerPerfTracer   perf = null;

    if(RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYENGINE_INIT_LOG)) {
        perf = RangerPerfTracer.getPerfTracer(PERF_POLICYENGINE_INIT_LOG, "RangerPolicyEngine.cloneWithDelta()");
    }

    RangerServiceDef serviceDef    = this.getServiceDef();
    String           serviceType   = (serviceDef != null) ? serviceDef.getName() : "";
    boolean          isValidDeltas = false;

    if (CollectionUtils.isNotEmpty(servicePolicies.getPolicyDeltas()) || MapUtils.isNotEmpty(servicePolicies.getSecurityZones())) {
        isValidDeltas = CollectionUtils.isEmpty(servicePolicies.getPolicyDeltas()) || RangerPolicyDeltaUtil.isValidDeltas(servicePolicies.getPolicyDeltas(), serviceType);

        if (isValidDeltas) {
            if (MapUtils.isNotEmpty(servicePolicies.getSecurityZones())) {
                for (Map.Entry<String, ServicePolicies.SecurityZoneInfo> entry : servicePolicies.getSecurityZones().entrySet()) {
                    if (!RangerPolicyDeltaUtil.isValidDeltas(entry.getValue().getPolicyDeltas(), serviceType)) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Invalid policy-deltas for security zone:[" + entry.getKey() + "]");
                        }

                        isValidDeltas = false;
                        break;
                    }
                }
            }
        }
    }

    if (isValidDeltas) {
        ret = new PolicyEngine(this, servicePolicies);
    } else {
        ret = null;
    }

    RangerPerfTracer.log(perf);

    if (LOG.isDebugEnabled()) {
        LOG.debug("<== cloneWithDelta(" + Arrays.toString(servicePolicies.getPolicyDeltas().toArray()) + ", " + servicePolicies.getPolicyVersion() + ")");
    }
    return ret;
}
 
Example 3
Source File: PolicyEngine.java    From ranger with Apache License 2.0 4 votes vote down vote up
private void buildZoneTrie(ServicePolicies servicePolicies) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> PolicyEngine.buildZoneTrie()");
    }

    Map<String, ServicePolicies.SecurityZoneInfo> securityZones = servicePolicies.getSecurityZones();

    if (MapUtils.isNotEmpty(securityZones)) {
        RangerServiceDef                serviceDef = servicePolicies.getServiceDef();
        List<RangerZoneResourceMatcher> matchers   = new ArrayList<>();

        for (Map.Entry<String, ServicePolicies.SecurityZoneInfo> securityZone : securityZones.entrySet()) {
            String                           zoneName    = securityZone.getKey();
            ServicePolicies.SecurityZoneInfo zoneDetails = securityZone.getValue();

            if (LOG.isDebugEnabled()) {
                LOG.debug("Building matchers for zone:[" + zoneName +"]");
            }

            for (Map<String, List<String>> resource : zoneDetails.getResources()) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Building matcher for resource:[" + resource + "] in zone:[" + zoneName +"]");
                }

                Map<String, RangerPolicy.RangerPolicyResource> policyResources = new HashMap<>();

                for (Map.Entry<String, List<String>> entry : resource.entrySet()) {
                    String                            resourceDefName = entry.getKey();
                    List<String>                      resourceValues  = entry.getValue();
                    RangerPolicy.RangerPolicyResource policyResource  = new RangerPolicy.RangerPolicyResource();
                    policyResource.setIsExcludes(false);
                    policyResource.setIsRecursive(EmbeddedServiceDefsUtil.isRecursiveEnabled(serviceDef, resourceDefName));
                    policyResource.setValues(resourceValues);
                    policyResources.put(resourceDefName, policyResource);
                }

                matchers.add(new RangerZoneResourceMatcher(zoneName, policyResources, serviceDef));

                if (LOG.isDebugEnabled()) {
                    LOG.debug("Built matcher for resource:[" + resource +"] in zone:[" + zoneName + "]");
                }
            }

            if (LOG.isDebugEnabled()) {
                LOG.debug("Built all matchers for zone:[" + zoneName +"]");
            }

            if (zoneDetails.getContainsAssociatedTagService()) {
                zoneTagServiceMap.put(zoneName, zoneName);
            }
        }

        if (LOG.isDebugEnabled()) {
            LOG.debug("Built matchers for all Zones");
        }

        for (RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
            resourceZoneTrie.put(resourceDef.getName(), new RangerResourceTrie<>(resourceDef, matchers));
        }
    }

    if (LOG.isDebugEnabled()) {
        LOG.debug("<== PolicyEngine.buildZoneTrie()");
    }
}