Google Git
Sign in
apache / ranger / a81f3026dfea4c5cb067cb499f914e0c54c89dd2 / . / security-admin / src / main / java / org / apache / ranger / biz / SecurityZoneRefUpdater.java
blob: a6f5533400e7f408b1a67a2a382acbc634e3d62b [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.ranger.biz;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.db.XXSecurityZoneRefGroupDao;
import org.apache.ranger.db.XXSecurityZoneRefResourceDao;
import org.apache.ranger.db.XXSecurityZoneRefServiceDao;
import org.apache.ranger.db.XXSecurityZoneRefTagServiceDao;
import org.apache.ranger.db.XXSecurityZoneRefUserDao;
import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXResourceDef;
import org.apache.ranger.entity.XXSecurityZoneRefGroup;
import org.apache.ranger.entity.XXSecurityZoneRefResource;
import org.apache.ranger.entity.XXSecurityZoneRefService;
import org.apache.ranger.entity.XXSecurityZoneRefTagService;
import org.apache.ranger.entity.XXSecurityZoneRefUser;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.entity.XXUser;
import org.apache.ranger.plugin.model.RangerSecurityZone;
import org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.service.RangerAuditFields;
import org.apache.ranger.service.RangerServiceService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@Component
public class SecurityZoneRefUpdater {
@Autowired
RangerDaoManager daoMgr;
@Autowired
RangerAuditFields<?> rangerAuditFields;
@Autowired
RangerServiceService svcService;
@Autowired
RESTErrorUtil restErrorUtil;
public void createNewZoneMappingForRefTable(RangerSecurityZone rangerSecurityZone) throws Exception {
if(rangerSecurityZone == null) {
return;
}
cleanupRefTables(rangerSecurityZone);
final Long zoneId = rangerSecurityZone == null ? null : rangerSecurityZone.getId();
final Map<String, RangerSecurityZoneService> zoneServices = rangerSecurityZone.getServices();
final Set<String> adminUsers = new HashSet<>();
final Set<String> adminUserGroups = new HashSet<>();
final Set<String> auditUsers = new HashSet<>();
final Set<String> auditUserGroups = new HashSet<>();
final Set<String> tagServices = new HashSet<>();
XXServiceDef xServiceDef = new XXServiceDef();
adminUsers.addAll(rangerSecurityZone.getAdminUsers());
adminUserGroups.addAll(rangerSecurityZone.getAdminUserGroups());
auditUsers.addAll(rangerSecurityZone.getAuditUsers());
auditUserGroups.addAll(rangerSecurityZone.getAuditUserGroups());
tagServices.addAll(rangerSecurityZone.getTagServices());
for(Map.Entry<String, RangerSecurityZoneService> service : zoneServices.entrySet()) {
String serviceName = service.getKey();
if (StringUtils.isBlank(serviceName)) {
continue;
}
XXService xService = daoMgr.getXXService().findByName(serviceName);
RangerService rService = svcService.getPopulatedViewObject(xService);
xServiceDef = daoMgr.getXXServiceDef().findByName(rService.getType());
XXSecurityZoneRefService xZoneService = rangerAuditFields.populateAuditFieldsForCreate(new XXSecurityZoneRefService());
xZoneService.setZoneId(zoneId);
xZoneService.setServiceId(xService.getId());
xZoneService.setServiceName(serviceName);
daoMgr.getXXSecurityZoneRefService().create(xZoneService);
for(Map<String, List<String>> resourceMap:service.getValue().getResources()){//add all resourcedefs in pre defined set
for(Map.Entry<String, List<String>> resource : resourceMap.entrySet()) {
String resourceName = resource.getKey();
if (StringUtils.isBlank(resourceName)) {
continue;
}
XXResourceDef xResourceDef = daoMgr.getXXResourceDef().findByNameAndServiceDefId(resourceName, xServiceDef.getId());
XXSecurityZoneRefResource xZoneResource = rangerAuditFields.populateAuditFieldsForCreate(new XXSecurityZoneRefResource());
xZoneResource.setZoneId(zoneId);
xZoneResource.setResourceDefId(xResourceDef.getId());
xZoneResource.setResourceName(resourceName);
daoMgr.getXXSecurityZoneRefResource().create(xZoneResource);
}
}
}
if(CollectionUtils.isNotEmpty(tagServices)) {
for(String tagService : tagServices) {
if (StringUtils.isBlank(tagService)) {
continue;
}
XXService xService = daoMgr.getXXService().findByName(tagService);
if (xService == null || xService.getType() != RangerConstants.TAG_SERVICE_TYPE) {
throw restErrorUtil.createRESTException("Tag Service named: " + tagService + " does not exist ",
MessageEnums.INVALID_INPUT_DATA);
}
XXSecurityZoneRefTagService xZoneTagService = rangerAuditFields.populateAuditFieldsForCreate(new XXSecurityZoneRefTagService());
xZoneTagService.setZoneId(zoneId);
xZoneTagService.setTagServiceId(xService.getId());
xZoneTagService.setTagServiceName(xService.getName());
daoMgr.getXXSecurityZoneRefTagService().create(xZoneTagService);
}
}
if(CollectionUtils.isNotEmpty(adminUsers)) {
for(String adminUser : adminUsers) {
if (StringUtils.isBlank(adminUser)) {
continue;
}
XXUser xUser = daoMgr.getXXUser().findByUserName(adminUser);
if (xUser == null) {
throw restErrorUtil.createRESTException("user with name: " + adminUser + " does not exist ",
MessageEnums.INVALID_INPUT_DATA);
}
XXSecurityZoneRefUser xZoneAdminUser = rangerAuditFields.populateAuditFieldsForCreate(new XXSecurityZoneRefUser());
xZoneAdminUser.setZoneId(zoneId);
xZoneAdminUser.setUserId(xUser.getId());
xZoneAdminUser.setUserName(adminUser);
xZoneAdminUser.setUserType(1);
daoMgr.getXXSecurityZoneRefUser().create(xZoneAdminUser);
}
}
if(CollectionUtils.isNotEmpty(adminUserGroups)) {
for(String adminUserGroup : adminUserGroups) {
if (StringUtils.isBlank(adminUserGroup)) {
continue;
}
XXGroup xGroup = daoMgr.getXXGroup().findByGroupName(adminUserGroup);
if (xGroup == null) {
throw restErrorUtil.createRESTException("group with name: " + adminUserGroup + " does not exist ",
MessageEnums.INVALID_INPUT_DATA);
}
XXSecurityZoneRefGroup xZoneAdminGroup = rangerAuditFields.populateAuditFieldsForCreate(new XXSecurityZoneRefGroup());
xZoneAdminGroup.setZoneId(zoneId);
xZoneAdminGroup.setGroupId(xGroup.getId());
xZoneAdminGroup.setGroupName(adminUserGroup);
xZoneAdminGroup.setGroupType(1);
daoMgr.getXXSecurityZoneRefGroup().create(xZoneAdminGroup);
}
}
if(CollectionUtils.isNotEmpty(auditUsers)) {
for(String auditUser : auditUsers) {
if (StringUtils.isBlank(auditUser)) {
continue;
}
XXUser xUser = daoMgr.getXXUser().findByUserName(auditUser);
if (xUser == null) {
throw restErrorUtil.createRESTException("user with name: " + auditUser + " does not exist ",
MessageEnums.INVALID_INPUT_DATA);
}
XXSecurityZoneRefUser xZoneAuditUser = rangerAuditFields.populateAuditFieldsForCreate(new XXSecurityZoneRefUser());
xZoneAuditUser.setZoneId(zoneId);
xZoneAuditUser.setUserId(xUser.getId());
xZoneAuditUser.setUserName(auditUser);
xZoneAuditUser.setUserType(0);
daoMgr.getXXSecurityZoneRefUser().create(xZoneAuditUser);
}
}
if(CollectionUtils.isNotEmpty(auditUserGroups)) {
for(String auditUserGroup : auditUserGroups) {
if (StringUtils.isBlank(auditUserGroup)) {
continue;
}
XXGroup xGroup = daoMgr.getXXGroup().findByGroupName(auditUserGroup);
if (xGroup == null) {
throw restErrorUtil.createRESTException("group with name: " + auditUserGroup + " does not exist ",
MessageEnums.INVALID_INPUT_DATA);
}
XXSecurityZoneRefGroup xZoneAuditGroup = rangerAuditFields.populateAuditFieldsForCreate(new XXSecurityZoneRefGroup());
xZoneAuditGroup.setZoneId(zoneId);
xZoneAuditGroup.setGroupId(xGroup.getId());
xZoneAuditGroup.setGroupName(auditUserGroup);
xZoneAuditGroup.setGroupType(0);
daoMgr.getXXSecurityZoneRefGroup().create(xZoneAuditGroup);
}
}
}
public Boolean cleanupRefTables(RangerSecurityZone rangerSecurityZone) {
final Long zoneId = rangerSecurityZone == null ? null : rangerSecurityZone.getId();
if (zoneId == null) {
return false;
}
XXSecurityZoneRefServiceDao xZoneServiceDao = daoMgr.getXXSecurityZoneRefService();
XXSecurityZoneRefTagServiceDao xZoneTagServiceDao = daoMgr.getXXSecurityZoneRefTagService();
XXSecurityZoneRefResourceDao xZoneResourceDao = daoMgr.getXXSecurityZoneRefResource();
XXSecurityZoneRefUserDao xZoneUserDao = daoMgr.getXXSecurityZoneRefUser();
XXSecurityZoneRefGroupDao xZoneGroupDao = daoMgr.getXXSecurityZoneRefGroup();
for (XXSecurityZoneRefService service : xZoneServiceDao.findByZoneId(zoneId)) {
xZoneServiceDao.remove(service);
}
for (XXSecurityZoneRefTagService service : xZoneTagServiceDao.findByZoneId(zoneId)) {
xZoneTagServiceDao.remove(service);
}
for(XXSecurityZoneRefResource resource : xZoneResourceDao.findByZoneId(zoneId)) {
xZoneResourceDao.remove(resource);
}
for(XXSecurityZoneRefUser user : xZoneUserDao.findByZoneId(zoneId)) {
xZoneUserDao.remove(user);
}
for(XXSecurityZoneRefGroup group : xZoneGroupDao.findByZoneId(zoneId)) {
xZoneGroupDao.remove(group);
}
return true;
}
}