Java Code Examples for org.apache.ranger.plugin.model.RangerServiceDef#RangerPolicyConditionDef
The following examples show how to use
org.apache.ranger.plugin.model.RangerServiceDef#RangerPolicyConditionDef .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RangerCustomConditionEvaluator.java From ranger with Apache License 2.0 | 6 votes |
|
private RangerServiceDef.RangerPolicyConditionDef getConditionDef(String conditionName, RangerServiceDef serviceDef) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerCustomConditionEvaluator.getConditionDef(" + conditionName + ")");
}
RangerServiceDef.RangerPolicyConditionDef ret = null;
if (serviceDef != null && CollectionUtils.isNotEmpty(serviceDef.getPolicyConditions())) {
for(RangerServiceDef.RangerPolicyConditionDef conditionDef : serviceDef.getPolicyConditions()) {
if(StringUtils.equals(conditionName, conditionDef.getName())) {
ret = conditionDef;
break;
}
}
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerCustomConditionEvaluator.getConditionDef(" + conditionName + "): " + ret);
}
return ret;
}
Example 2
| Source File: PatchForTagServiceDefUpdate_J10008.java From ranger with Apache License 2.0 | 5 votes |
|
private boolean checkScriptPolicyCondPresent(List<RangerServiceDef.RangerPolicyConditionDef> policyCondDefs) {
boolean ret = false;
for(RangerServiceDef.RangerPolicyConditionDef policyCondDef : policyCondDefs) {
if ( SCRIPT_POLICY_CONDITION_NAME.equals(policyCondDef.getName()) ) {
ret = true ;
break;
}
}
return ret;
}
Example 3
| Source File: PatchForTagServiceDefUpdate_J10008.java From ranger with Apache License 2.0 | 4 votes |
|
private void updateTagServiceDef(){
RangerServiceDef embeddedTagServiceDef = null;
RangerServiceDef dbTagServiceDef = null;
List<RangerServiceDef.RangerPolicyConditionDef> embeddedTagPolicyConditionDefs = null;
XXServiceDef xXServiceDefObj = null;
try{
embeddedTagServiceDef=EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_TAG_NAME);
if(embeddedTagServiceDef!=null){
embeddedTagPolicyConditionDefs = embeddedTagServiceDef.getPolicyConditions();
if (embeddedTagPolicyConditionDefs == null) {
logger.error("Policy Conditions are empyt in tag service def json");
return;
}
if (checkScriptPolicyCondPresent(embeddedTagPolicyConditionDefs) == false) {
logger.error(SCRIPT_POLICY_CONDITION_NAME + "policy condition not found!!");
return;
}
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_TAG_NAME);
if (xXServiceDefObj == null) {
logger.error("Service def for " + SERVICEDBSTORE_SERVICEDEFBYNAME_TAG_NAME + " is not found!!");
return;
}
Map<String, String> serviceDefOptionsPreUpdate=null;
String jsonStrPreUpdate=null;
jsonStrPreUpdate=xXServiceDefObj.getDefOptions();
if (!StringUtils.isEmpty(jsonStrPreUpdate)) {
serviceDefOptionsPreUpdate=jsonUtil.jsonToMap(jsonStrPreUpdate);
}
xXServiceDefObj=null;
dbTagServiceDef=svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_TAG_NAME);
if(dbTagServiceDef!=null){
dbTagServiceDef.setPolicyConditions(embeddedTagPolicyConditionDefs);
RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
validator.validate(dbTagServiceDef, Action.UPDATE);
svcStore.updateServiceDef(dbTagServiceDef);
xXServiceDefObj = daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_TAG_NAME);
if(xXServiceDefObj!=null) {
String jsonStrPostUpdate=xXServiceDefObj.getDefOptions();
Map<String, String> serviceDefOptionsPostUpdate = null;
if (!StringUtils.isEmpty(jsonStrPostUpdate)) {
serviceDefOptionsPostUpdate =jsonUtil.jsonToMap(jsonStrPostUpdate);
}
if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
if(serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
if (preUpdateValue == null) {
serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
} else {
serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
}
xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
daoMgr.getXXServiceDef().update(xXServiceDefObj);
}
}
}
}
}
}catch(Exception e)
{
logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_TAG_NAME+"service-def", e);
}
}
Example 4
| Source File: RangerCustomConditionEvaluator.java From ranger with Apache License 2.0 | 4 votes |
|
public List<RangerConditionEvaluator> getRangerPolicyConditionEvaluator(RangerPolicy policy,
RangerServiceDef serviceDef,
RangerPolicyEngineOptions options) {
List<RangerConditionEvaluator> conditionEvaluators = new ArrayList<>();
if (!getConditionsDisabledOption(options) && CollectionUtils.isNotEmpty(policy.getConditions())) {
RangerPerfTracer perf = null;
long policyId = policy.getId();
if(RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_INIT_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_POLICY_INIT_LOG, "RangerCustomConditionEvaluator.init(policyId=" + policyId + ")");
}
for (RangerPolicy.RangerPolicyItemCondition condition : policy.getConditions()) {
RangerServiceDef.RangerPolicyConditionDef conditionDef = getConditionDef(condition.getType(),serviceDef);
if (conditionDef == null) {
LOG.error("RangerCustomConditionEvaluator.getRangerPolicyConditionEvaluator(policyId=" + policyId + "): conditionDef '" + condition.getType() + "' not found. Ignoring the condition");
continue;
}
RangerConditionEvaluator conditionEvaluator = newConditionEvaluator(conditionDef.getEvaluator());
if (conditionEvaluator != null) {
conditionEvaluator.setServiceDef(serviceDef);
conditionEvaluator.setConditionDef(conditionDef);
conditionEvaluator.setPolicyItemCondition(condition);
RangerPerfTracer perfConditionInit = null;
if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYCONDITION_INIT_LOG)) {
perfConditionInit = RangerPerfTracer.getPerfTracer(PERF_POLICYCONDITION_INIT_LOG, "RangerConditionEvaluator.init(policyId=" + policyId + "policyConditionType=" + condition.getType() + ")");
}
conditionEvaluator.init();
RangerPerfTracer.log(perfConditionInit);
conditionEvaluators.add(conditionEvaluator);
} else {
LOG.error("RangerCustomConditionEvaluator.getRangerPolicyConditionEvaluator(policyId=" + policyId + "): failed to init Policy ConditionEvaluator '" + condition.getType() + "'; evaluatorClassName='" + conditionDef.getEvaluator() + "'");
}
}
RangerPerfTracer.log(perf);
}
return conditionEvaluators;
}
Example 5
| Source File: RangerCustomConditionEvaluator.java From ranger with Apache License 2.0 | 4 votes |
|
public List<RangerConditionEvaluator> getPolicyItemConditionEvaluator(RangerPolicy policy,
RangerPolicyItem policyItem,
RangerServiceDef serviceDef,
RangerPolicyEngineOptions options,
int policyItemIndex) {
List<RangerConditionEvaluator> conditionEvaluators = new ArrayList<>();
if (!getConditionsDisabledOption(options) && CollectionUtils.isNotEmpty(policyItem.getConditions())) {
RangerPerfTracer perf = null;
Long policyId = policy.getId();
if(RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYITEM_INIT_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_POLICYITEM_INIT_LOG, "RangerPolicyItemEvaluator.getRangerPolicyConditionEvaluator(policyId=" + policyId + ",policyItemIndex=" + policyItemIndex + ")");
}
for (RangerPolicyItemCondition condition : policyItem.getConditions()) {
RangerServiceDef.RangerPolicyConditionDef conditionDef = getConditionDef(condition.getType(), serviceDef);
if (conditionDef == null) {
LOG.error("RangerCustomConditionEvaluator.getPolicyItemConditionEvaluator(policyId=" + policyId + "): conditionDef '" + condition.getType() + "' not found. Ignoring the condition");
continue;
}
RangerConditionEvaluator conditionEvaluator = newConditionEvaluator(conditionDef.getEvaluator());
if (conditionEvaluator != null) {
conditionEvaluator.setServiceDef(serviceDef);
conditionEvaluator.setConditionDef(conditionDef);
conditionEvaluator.setPolicyItemCondition(condition);
RangerPerfTracer perfConditionInit = null;
if(RangerPerfTracer.isPerfTraceEnabled(PERF_POLICYCONDITION_INIT_LOG)) {
perfConditionInit = RangerPerfTracer.getPerfTracer(PERF_POLICYCONDITION_INIT_LOG, "RangerConditionEvaluator.init(policyId=" + policyId + ",policyItemIndex=" + policyItemIndex + ",policyConditionType=" + condition.getType() + ")");
}
conditionEvaluator.init();
RangerPerfTracer.log(perfConditionInit);
conditionEvaluators.add(conditionEvaluator);
} else {
LOG.error("RangerCustomConditionEvaluator.getPolicyItemConditionEvaluator(policyId=" + policyId + "): failed to init PolicyItem ConditionEvaluator '" + condition.getType() + "'; evaluatorClassName='" + conditionDef.getEvaluator() + "'");
}
}
RangerPerfTracer.log(perf);
}
return conditionEvaluators;
}
Example 6
| Source File: RangerServiceTag.java From ranger with Apache License 2.0 | 4 votes |
|
@Override
public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceTag.getDefaultRangerPolicies() ");
}
List<RangerPolicy> ret = new ArrayList<RangerPolicy>();
boolean isConditionDefFound = false;
List<RangerServiceDef.RangerPolicyConditionDef> policyConditionDefs = serviceDef.getPolicyConditions();
if (CollectionUtils.isNotEmpty(policyConditionDefs)) {
for (RangerServiceDef.RangerPolicyConditionDef conditionDef : policyConditionDefs) {
if (conditionDef.getName().equals(RANGER_TAG_EXPIRY_CONDITION_NAME)) {
isConditionDefFound = true;
break;
}
}
}
if (isConditionDefFound) {
ret = super.getDefaultRangerPolicies();
String tagResourceName = null;
if (!serviceDef.getResources().isEmpty()) {
tagResourceName = serviceDef.getResources().get(0).getName();
for (RangerPolicy defaultPolicy : ret) {
RangerPolicy.RangerPolicyResource tagPolicyResource = defaultPolicy.getResources().get(tagResourceName);
if (tagPolicyResource != null) {
String value = RANGER_TAG_NAME_EXPIRES_ON;
tagPolicyResource.setValue(value);
defaultPolicy.setName(value);
defaultPolicy.setDescription("Policy for data with " + value + " tag");
List<RangerPolicy.RangerPolicyItem> defaultPolicyItems = defaultPolicy.getPolicyItems();
for (RangerPolicy.RangerPolicyItem defaultPolicyItem : defaultPolicyItems) {
List<String> groups = new ArrayList<String>();
groups.add(GROUP_PUBLIC);
defaultPolicyItem.setGroups(groups);
List<RangerPolicy.RangerPolicyItemCondition> policyItemConditions = new ArrayList<RangerPolicy.RangerPolicyItemCondition>();
List<String> values = new ArrayList<String>();
values.add("yes");
RangerPolicy.RangerPolicyItemCondition policyItemCondition = new RangerPolicy.RangerPolicyItemCondition(RANGER_TAG_EXPIRY_CONDITION_NAME, values);
policyItemConditions.add(policyItemCondition);
defaultPolicyItem.setConditions(policyItemConditions);
defaultPolicyItem.setDelegateAdmin(Boolean.FALSE);
}
defaultPolicy.setDenyPolicyItems(defaultPolicyItems);
defaultPolicy.setPolicyItems(null);
}
}
}
} else {
LOG.error("RangerServiceTag.getDefaultRangerPolicies() - Cannot create default TAG policy: Cannot get tagPolicyConditionDef with name=" + RANGER_TAG_EXPIRY_CONDITION_NAME);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceTag.getDefaultRangerPolicies() : " + ret);
}
return ret;
}
