Google Git
Sign in
apache / ranger / e18f17991b97009161891f008975deba6be9aaca / . / security-admin / src / main / java / org / apache / ranger / service / RangerPolicyServiceBase.java
blob: a2929f3c16c250f62075bddfae9db05213b99265 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.ranger.service;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.authorization.utils.JsonUtils;
import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.SearchField;
import org.apache.ranger.common.SortField;
import org.apache.ranger.common.SearchField.DATA_TYPE;
import org.apache.ranger.common.SearchField.SEARCH_TYPE;
import org.apache.ranger.common.SortField.SORT_ORDER;
import org.apache.ranger.entity.XXPolicyBase;
import org.apache.ranger.entity.XXSecurityZone;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerSecurityZone;
import org.apache.ranger.plugin.util.SearchFilter;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.HashMap;
import java.util.Map;
public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends RangerPolicy> extends
RangerBaseModelService<T, V> {
public static final String OPTION_POLICY_VALIDITY_SCHEDULES = "POLICY_VALIDITY_SCHEDULES";
@Autowired
GUIDUtil guidUtil;
public RangerPolicyServiceBase() {
super();
searchFields.add(new SearchField(SearchFilter.SERVICE_TYPE, "xSvcDef.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL,
"XXServiceDef xSvcDef, XXService xSvc", "xSvc.type = xSvcDef.id and xSvc.id = obj.service"));
searchFields.add(new SearchField(SearchFilter.SERVICE_TYPE_ID, "xSvc.type", DATA_TYPE.INTEGER,
SEARCH_TYPE.FULL, "XXService xSvc", "xSvc.id = obj.service"));
searchFields.add(new SearchField(SearchFilter.SERVICE_NAME, "xSvc.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL,
"XXService xSvc", "xSvc.id = obj.service"));
searchFields.add(new SearchField(SearchFilter.SERVICE_ID, "xSvc.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL,
"XXService xSvc", "xSvc.id = obj.service"));
searchFields
.add(new SearchField(SearchFilter.IS_ENABLED, "obj.isEnabled", DATA_TYPE.BOOLEAN, SEARCH_TYPE.FULL));
//might need updation
/*searchFields.add(new SearchField(SearchFilter.IS_RECURSIVE,"xPolRes.isRecursive",DATA_TYPE.BOOLEAN,SEARCH_TYPE.FULL,
"XXPolicyResource xPolRes","obj.id=xPolRes.policyId"));*/
searchFields.add(new SearchField(SearchFilter.POLICY_ID, "obj.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL));
searchFields.add(new SearchField(SearchFilter.POLICY_NAME, "obj.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL));
searchFields.add(new SearchField(SearchFilter.GUID, "obj.guid", DATA_TYPE.STRING, SEARCH_TYPE.FULL));
searchFields.add(new SearchField(SearchFilter.USER, "xUser.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL,
"XXUser xUser, XXPolicyRefUser refUser", "obj.id = refUser.policyId "
+ "and xUser.id = refUser.userId"));
searchFields.add(new SearchField(SearchFilter.GROUP, "xGrp.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL,
"XXGroup xGrp , XXPolicyRefGroup refGroup", "obj.id = refGroup.policyId "
+ "and xGrp.id = refGroup.groupId"));
searchFields.add(new SearchField(SearchFilter.ROLE, "xRole.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL,
"XXRole xRole , XXPolicyRefRole refRole", "obj.id = refRole.policyId "
+ "and xRole.id = refRole.roleId"));
//might need updation
/*searchFields.add(new SearchField(SearchFilter.POL_RESOURCE, "resMap.value", DATA_TYPE.STRING,
SEARCH_TYPE.PARTIAL, "XXPolicyResourceMap resMap, XXPolicyResource polRes",
"resMap.resourceId = polRes.id and polRes.policyId = obj.id"));
/*searchFields.add(new SearchField(SearchFilter.POLICY_LABELS_PARTIAL, "obj.label_name", DATA_TYPE.STRING,
SEARCH_TYPE.PARTIAL));*/
searchFields.add(new SearchField(SearchFilter.POLICY_NAME_PARTIAL, "obj.name", DATA_TYPE.STRING,
SEARCH_TYPE.PARTIAL));
searchFields.add(new SearchField(SearchFilter.POLICY_TYPE, "obj.policyType", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL));
searchFields.add(new SearchField(SearchFilter.ZONE_NAME, "xZone.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL,
"XXSecurityZone xZone", "xZone.id = obj.zoneId"));
searchFields.add(new SearchField(SearchFilter.ZONE_ID, "xZone.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL,
"XXSecurityZone xZone", "xZone.id = obj.zoneId"));
sortFields.add(new SortField(SearchFilter.CREATE_TIME, "obj.createTime"));
sortFields.add(new SortField(SearchFilter.UPDATE_TIME, "obj.updateTime"));
sortFields.add(new SortField(SearchFilter.POLICY_ID, "obj.id", true, SORT_ORDER.ASC));
sortFields.add(new SortField(SearchFilter.POLICY_NAME, "obj.name"));
}
@Override
protected T mapViewToEntityBean(V vObj, T xObj, int OPERATION_CONTEXT) {
XXService xService = daoMgr.getXXService().findByName(vObj.getService());
if (xService == null) {
throw restErrorUtil.createRESTException("No corresponding service found for policyName: " + vObj.getName()
+ "Service Not Found : " + vObj.getService(), MessageEnums.INVALID_INPUT_DATA);
}
Long zoneId = convertZoneNameToZoneId(vObj.getZoneName(), vObj);
xObj.setZoneId(zoneId);
XXServiceDef xServiceDef = daoMgr.getXXServiceDef().getById(xService.getType());
if (xServiceDef != null) {
vObj.setServiceType(xServiceDef.getName());
}
String guid = vObj.getGuid();
if (StringUtils.isEmpty(guid)) {
guid = guidUtil.genGUID();
vObj.setGuid(guid);
}
Integer policyPriority = vObj.getPolicyPriority();
if (policyPriority == null) {
policyPriority = RangerPolicy.POLICY_PRIORITY_NORMAL;
vObj.setPolicyPriority(policyPriority);
}
Integer policyType = vObj.getPolicyType();
if (policyType == null) {
policyType = RangerPolicy.POLICY_TYPE_ACCESS;
vObj.setPolicyType(policyType);
}
xObj.setGuid(guid);
xObj.setVersion(vObj.getVersion());
xObj.setService(xService.getId());
xObj.setName(StringUtils.trim(vObj.getName()));
xObj.setPolicyType(policyType);
xObj.setPolicyPriority(policyPriority);
xObj.setDescription(vObj.getDescription());
xObj.setResourceSignature(vObj.getResourceSignature());
xObj.setIsAuditEnabled(vObj.getIsAuditEnabled());
xObj.setIsEnabled(vObj.getIsEnabled());
String validitySchedules = JsonUtils.listToJson(vObj.getValiditySchedules());
Map<String, Object> options = vObj.getOptions();
if (options == null) {
options = new HashMap<>();
}
if (StringUtils.isNotBlank(validitySchedules)) {
options.put(OPTION_POLICY_VALIDITY_SCHEDULES, validitySchedules);
} else {
options.remove(OPTION_POLICY_VALIDITY_SCHEDULES);
}
xObj.setOptions(JsonUtils.mapToJson(options));
xObj.setPolicyText(JsonUtils.objectToJson(vObj));
return xObj;
}
@Override
protected V mapEntityToViewBean(V vObj, T xObj) {
XXService xService = daoMgr.getXXService().getById(xObj.getService());
XXServiceDef xServiceDef = daoMgr.getXXServiceDef().getById(xService.getType());
vObj.setGuid(xObj.getGuid());
vObj.setVersion(xObj.getVersion());
vObj.setService(xService.getName());
vObj.setServiceType(xServiceDef.getName());
vObj.setName(StringUtils.trim(xObj.getName()));
vObj.setPolicyType(xObj.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS : xObj.getPolicyType());
vObj.setPolicyPriority(xObj.getPolicyPriority() == null ? RangerPolicy.POLICY_PRIORITY_NORMAL : xObj.getPolicyPriority());
vObj.setDescription(xObj.getDescription());
vObj.setResourceSignature(xObj.getResourceSignature());
vObj.setIsEnabled(xObj.getIsEnabled());
vObj.setIsAuditEnabled(xObj.getIsAuditEnabled());
String zoneName = convertZoneIdToZoneName(xObj.getZoneId(), vObj);
vObj.setZoneName(zoneName);
String policyText = xObj.getPolicyText();
RangerPolicy ret = JsonUtils.jsonToObject(policyText, RangerPolicy.class);
if (ret != null) {
vObj.setOptions(ret.getOptions());
vObj.setValiditySchedules(ret.getValiditySchedules());
vObj.setPolicyLabels(ret.getPolicyLabels());
}
return vObj;
}
private Long convertZoneNameToZoneId(String zoneName, V vObj) {
if (StringUtils.isEmpty(zoneName)) return RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID;
XXSecurityZone zone = daoMgr.getXXSecurityZoneDao().findByZoneName(zoneName);
if (zone == null) {
throw restErrorUtil.createRESTException("No corresponding zone found for policyName: " + vObj.getName()
+ "Zone Not Found : " + zoneName, MessageEnums.INVALID_INPUT_DATA);
}
return zone.getId();
}
private String convertZoneIdToZoneName(Long zoneId, V vObj) {
if (zoneId == null) {
throw restErrorUtil.createRESTException("No corresponding zone found for policyName: " + vObj.getName()
+ "Zone Not Found : " + zoneId, MessageEnums.INVALID_INPUT_DATA);
}
if (zoneId.equals(RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID)) {
return StringUtils.EMPTY;
}
XXSecurityZone zone = daoMgr.getXXSecurityZoneDao().findByZoneId(zoneId);
if (zone == null) {
throw restErrorUtil.createRESTException("No corresponding zone found for policyName: " + vObj.getName()
+ "Zone Not Found : " + zoneId, MessageEnums.INVALID_INPUT_DATA);
}
return zone.getName();
}
}