Google Git
Sign in
apache / ranger / e3c642e415f1d805236422b0c0f888cb61ce3362 / . / security-admin / src / main / java / org / apache / ranger / biz / SecurityZoneDBStore.java
blob: 12ad7e676c0e4a108fe6b47c90684333a6016e6e [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.ranger.biz;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXSecurityZone;
import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.plugin.model.RangerSecurityZone;
import org.apache.ranger.plugin.store.AbstractPredicateUtil;
import org.apache.ranger.plugin.store.SecurityZonePredicateUtil;
import org.apache.ranger.plugin.store.SecurityZoneStore;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.service.RangerSecurityZoneServiceService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
@Component
public class SecurityZoneDBStore implements SecurityZoneStore {
private static final Log LOG = LogFactory.getLog(SecurityZoneDBStore.class);
private static final String RANGER_GLOBAL_STATE_NAME = "RangerSecurityZone";
@Autowired
RangerSecurityZoneServiceService securityZoneService;
@Autowired
RangerDaoManager daoMgr;
@Autowired
RESTErrorUtil restErrorUtil;
@Autowired
SecurityZoneRefUpdater securityZoneRefUpdater;
@Autowired
RangerBizUtil bizUtil;
AbstractPredicateUtil predicateUtil = null;
public void init() throws Exception {}
@PostConstruct
public void initStore() {
if (LOG.isDebugEnabled()) {
LOG.debug("==> SecurityZoneDBStore.initStore()");
}
predicateUtil = new SecurityZonePredicateUtil();
if (LOG.isDebugEnabled()) {
LOG.debug("<== SecurityZoneDBStore.initStore()");
}
}
@Override
public RangerSecurityZone createSecurityZone(RangerSecurityZone securityZone) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> SecurityZoneDBStore.createSecurityZone()");
}
XXSecurityZone xxSecurityZone = daoMgr.getXXSecurityZoneDao().findByZoneName(securityZone.getName());
if (xxSecurityZone != null) {
throw restErrorUtil.createRESTException("security-zone with name: " + securityZone.getName() + " already exists", MessageEnums.ERROR_DUPLICATE_OBJECT);
}
daoMgr.getXXGlobalState().onGlobalStateChange(RANGER_GLOBAL_STATE_NAME);
RangerSecurityZone createdSecurityZone = securityZoneService.create(securityZone);
if (createdSecurityZone == null) {
throw new Exception("Cannot create security zone:[" + securityZone + "]");
}
securityZoneRefUpdater.createNewZoneMappingForRefTable(createdSecurityZone);
List<XXTrxLog> trxLogList = securityZoneService.getTransactionLog(createdSecurityZone, null, "create");
bizUtil.createTrxLog(trxLogList);
return createdSecurityZone;
}
@Override
public RangerSecurityZone updateSecurityZoneById(RangerSecurityZone securityZone) throws Exception {
XXSecurityZone xxSecurityZone = daoMgr.getXXSecurityZoneDao().findByZoneId(securityZone.getId());
if (xxSecurityZone == null) {
throw restErrorUtil.createRESTException("security-zone with id: " + securityZone.getId() + " does not exist");
}
Gson gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").create();
RangerSecurityZone oldSecurityZone = gsonBuilder.fromJson(xxSecurityZone.getJsonData(), RangerSecurityZone.class);
daoMgr.getXXGlobalState().onGlobalStateChange(RANGER_GLOBAL_STATE_NAME);
RangerSecurityZone updatedSecurityZone = securityZoneService.update(securityZone);
if (updatedSecurityZone == null) {
throw new Exception("Cannot update security zone:[" + securityZone + "]");
}
securityZoneRefUpdater.createNewZoneMappingForRefTable(updatedSecurityZone);
List<XXTrxLog> trxLogList = securityZoneService.getTransactionLog(updatedSecurityZone, oldSecurityZone, "update");
bizUtil.createTrxLog(trxLogList);
return securityZone;
}
@Override
public void deleteSecurityZoneByName(String zoneName) throws Exception {
XXSecurityZone xxSecurityZone = daoMgr.getXXSecurityZoneDao().findByZoneName(zoneName);
if (xxSecurityZone == null) {
throw restErrorUtil.createRESTException("security-zone with name: " + zoneName + " does not exist");
}
RangerSecurityZone securityZone = securityZoneService.read(xxSecurityZone.getId());
daoMgr.getXXGlobalState().onGlobalStateChange(RANGER_GLOBAL_STATE_NAME);
securityZoneRefUpdater.cleanupRefTables(securityZone);
securityZoneService.delete(securityZone);
List<XXTrxLog> trxLogList = securityZoneService.getTransactionLog(securityZone, null, "delete");
bizUtil.createTrxLog(trxLogList);
}
@Override
public void deleteSecurityZoneById(Long zoneId) throws Exception {
RangerSecurityZone securityZone = securityZoneService.read(zoneId);
daoMgr.getXXGlobalState().onGlobalStateChange(RANGER_GLOBAL_STATE_NAME);
securityZoneRefUpdater.cleanupRefTables(securityZone);
securityZoneService.delete(securityZone);
List<XXTrxLog> trxLogList = securityZoneService.getTransactionLog(securityZone, null, "delete");
bizUtil.createTrxLog(trxLogList);
}
@Override
public RangerSecurityZone getSecurityZone(Long id) throws Exception {
return securityZoneService.read(id);
}
@Override
public RangerSecurityZone getSecurityZoneByName(String name) throws Exception {
XXSecurityZone xxSecurityZone = daoMgr.getXXSecurityZoneDao().findByZoneName(name);
if (xxSecurityZone == null) {
throw restErrorUtil.createRESTException("security-zone with name: " + name + " does not exist");
}
return securityZoneService.read(xxSecurityZone.getId());
}
@Override
public List<RangerSecurityZone> getSecurityZones(SearchFilter filter) throws Exception {
List<RangerSecurityZone> ret = new ArrayList<>();
List<XXSecurityZone> xxSecurityZones = daoMgr.getXXSecurityZoneDao().getAll();
for (XXSecurityZone xxSecurityZone : xxSecurityZones) {
if (!xxSecurityZone.getId().equals(RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID)) {
ret.add(securityZoneService.read(xxSecurityZone.getId()));
}
}
if (CollectionUtils.isNotEmpty(ret) && filter != null && !filter.isEmpty()) {
List<RangerSecurityZone> copy = new ArrayList<>(ret);
predicateUtil.applyFilter(copy, filter);
ret = copy;
}
return ret;
}
@Override
public Map<String, RangerSecurityZone.RangerSecurityZoneService> getSecurityZonesForService(String serviceName) {
Map<String, RangerSecurityZone.RangerSecurityZoneService> ret = null;
SearchFilter filter = new SearchFilter();
filter.setParam(SearchFilter.SERVICE_NAME, serviceName);
try {
List<RangerSecurityZone> matchingZones = getSecurityZones(filter);
if (CollectionUtils.isNotEmpty(matchingZones)) {
ret = new HashMap<>();
for (RangerSecurityZone matchingZone : matchingZones) {
ret.put(matchingZone.getName(), matchingZone.getServices().get(serviceName));
}
}
} catch (Exception excp) {
LOG.error("Failed to get security zones for service:[" + serviceName + "]", excp);
}
return ret;
}
}