http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java index 517de20..89daaea 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java @@ -30,25 +30,13 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.authorization.utils.StringUtil; import org.apache.ranger.db.RangerDaoManager; -import org.apache.ranger.entity.XXAccessTypeDef; -import org.apache.ranger.entity.XXGroup; -import org.apache.ranger.entity.XXPolicy; -import org.apache.ranger.entity.XXPolicyConditionDef; -import org.apache.ranger.entity.XXPolicyItem; -import org.apache.ranger.entity.XXPolicyItemAccess; -import org.apache.ranger.entity.XXPolicyItemCondition; -import org.apache.ranger.entity.XXPolicyItemGroupPerm; -import org.apache.ranger.entity.XXPolicyItemUserPerm; -import org.apache.ranger.entity.XXPolicyResource; -import org.apache.ranger.entity.XXPolicyResourceMap; -import org.apache.ranger.entity.XXPortalUser; -import org.apache.ranger.entity.XXResourceDef; -import org.apache.ranger.entity.XXService; -import org.apache.ranger.entity.XXUser; +import org.apache.ranger.entity.*; import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator; import org.apache.ranger.plugin.util.RangerPerfTracer; @@ -243,6 +231,7 @@ public class RangerPolicyRetriever { final Map<Long, String> accessTypes = new HashMap<Long, String>(); final Map<Long, String> conditions = new HashMap<Long, String>(); final Map<Long, String> resourceDefs = new HashMap<Long, String>(); + final Map<Long, String> dataMasks = new HashMap<Long, String>(); String getUserName(Long userId) { String ret = null; @@ -377,6 +366,26 @@ public class RangerPolicyRetriever { return ret; } + + String getDataMaskName(Long dataMaskDefId) { + String ret = null; + + if(dataMaskDefId != null) { + ret = dataMasks.get(dataMaskDefId); + + if(ret == null) { + XXDataMaskTypeDef xDataMaskDef = daoMgr.getXXDataMaskTypeDef().getById(dataMaskDefId); + + if(xDataMaskDef != null) { + ret = xDataMaskDef.getName(); + + resourceDefs.put(dataMaskDefId, ret); + } + } + } + + return ret; + } } static List<XXPolicy> asList(XXPolicy policy) { @@ -399,6 +408,7 @@ public class RangerPolicyRetriever { final ListIterator<XXPolicyItemGroupPerm> iterGroupPerms; final ListIterator<XXPolicyItemAccess> iterAccesses; final ListIterator<XXPolicyItemCondition> iterConditions; + final ListIterator<XXPolicyItemDataMaskInfo> iterDataMaskInfos; RetrieverContext(XXService xService) { Long serviceId = xService == null ? null : xService.getId(); @@ -411,6 +421,7 @@ public class RangerPolicyRetriever { List<XXPolicyItemGroupPerm> xGroupPerms = daoMgr.getXXPolicyItemGroupPerm().findByServiceId(serviceId); List<XXPolicyItemAccess> xAccesses = daoMgr.getXXPolicyItemAccess().findByServiceId(serviceId); List<XXPolicyItemCondition> xConditions = daoMgr.getXXPolicyItemCondition().findByServiceId(serviceId); + List<XXPolicyItemDataMaskInfo> xDataMaskInfos = daoMgr.getXXPolicyItemDataMaskInfo().findByServiceId(serviceId); this.service = xService; this.iterPolicy = xPolicies.listIterator(); @@ -421,6 +432,7 @@ public class RangerPolicyRetriever { this.iterGroupPerms = xGroupPerms.listIterator(); this.iterAccesses = xAccesses.listIterator(); this.iterConditions = xConditions.listIterator(); + this.iterDataMaskInfos = xDataMaskInfos.listIterator(); } RetrieverContext(XXPolicy xPolicy) { @@ -438,6 +450,7 @@ public class RangerPolicyRetriever { List<XXPolicyItemGroupPerm> xGroupPerms = daoMgr.getXXPolicyItemGroupPerm().findByPolicyId(policyId); List<XXPolicyItemAccess> xAccesses = daoMgr.getXXPolicyItemAccess().findByPolicyId(policyId); List<XXPolicyItemCondition> xConditions = daoMgr.getXXPolicyItemCondition().findByPolicyId(policyId); + List<XXPolicyItemDataMaskInfo> xDataMaskInfos = daoMgr.getXXPolicyItemDataMaskInfo().findByPolicyId(policyId); this.service = xService; this.iterPolicy = xPolicies.listIterator(); @@ -448,6 +461,7 @@ public class RangerPolicyRetriever { this.iterGroupPerms = xGroupPerms.listIterator(); this.iterAccesses = xAccesses.listIterator(); this.iterConditions = xConditions.listIterator(); + this.iterDataMaskInfos = xDataMaskInfos.listIterator(); } RangerPolicy getNextPolicy() { @@ -534,7 +548,8 @@ public class RangerPolicyRetriever { || iterUserPerms.hasNext() || iterGroupPerms.hasNext() || iterAccesses.hasNext() - || iterConditions.hasNext(); + || iterConditions.hasNext() + || iterDataMaskInfos.hasNext(); return !moreToProcess; } @@ -577,9 +592,30 @@ public class RangerPolicyRetriever { XXPolicyItem xPolicyItem = iterPolicyItems.next(); if(xPolicyItem.getPolicyid().equals(policy.getId())) { - RangerPolicyItem policyItem = new RangerPolicyItem(); + final RangerPolicyItem policyItem; + final RangerDataMaskPolicyItem dataMaskPolicyItem; + + if(xPolicyItem.getItemType() == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATA_MASKING) { + dataMaskPolicyItem = new RangerDataMaskPolicyItem(); + policyItem = dataMaskPolicyItem; + } else { + dataMaskPolicyItem = null; + policyItem = new RangerPolicyItem(); + } - policyItem.setDelegateAdmin(xPolicyItem.getDelegateAdmin()); + + while(iterAccesses.hasNext()) { + XXPolicyItemAccess xAccess = iterAccesses.next(); + + if(xAccess.getPolicyitemid().equals(xPolicyItem.getId())) { + policyItem.getAccesses().add(new RangerPolicyItemAccess(lookupCache.getAccessType(xAccess.getType()), xAccess.getIsallowed())); + } else { + if(iterAccesses.hasPrevious()) { + iterAccesses.previous(); + } + break; + } + } while(iterUserPerms.hasNext()) { XXPolicyItemUserPerm xUserPerm = iterUserPerms.next(); @@ -607,19 +643,6 @@ public class RangerPolicyRetriever { } } - while(iterAccesses.hasNext()) { - XXPolicyItemAccess xAccess = iterAccesses.next(); - - if(xAccess.getPolicyitemid().equals(xPolicyItem.getId())) { - policyItem.getAccesses().add(new RangerPolicyItemAccess(lookupCache.getAccessType(xAccess.getType()), xAccess.getIsallowed())); - } else { - if(iterAccesses.hasPrevious()) { - iterAccesses.previous(); - } - break; - } - } - RangerPolicyItemCondition condition = null; Long prevConditionType = null; while(iterConditions.hasNext()) { @@ -645,6 +668,24 @@ public class RangerPolicyRetriever { } } + policyItem.setDelegateAdmin(xPolicyItem.getDelegateAdmin()); + + if(dataMaskPolicyItem != null) { + while (iterDataMaskInfos.hasNext()) { + XXPolicyItemDataMaskInfo xDataMaskInfo = iterDataMaskInfos.next(); + + if (xDataMaskInfo.getPolicyitemid().equals(xPolicyItem.getId())) { + dataMaskPolicyItem.setDataMaskInfo(new RangerPolicyItemDataMaskInfo(lookupCache.getDataMaskName(xDataMaskInfo.getType()), xDataMaskInfo.getConditionExpr(), xDataMaskInfo.getValueExpr())); + } else { + if (iterDataMaskInfos.hasPrevious()) { + iterDataMaskInfos.previous(); + } + break; + } + } + } + + int itemType = xPolicyItem.getItemType() == null ? RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW : xPolicyItem.getItemType(); if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW) { @@ -655,6 +696,8 @@ public class RangerPolicyRetriever { policy.getAllowExceptions().add(policyItem); } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS) { policy.getDenyExceptions().add(policyItem); + } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATA_MASKING) { + policy.getDataMaskPolicyItems().add(dataMaskPolicyItem); } else { // unknown itemType.. set to default type policy.getPolicyItems().add(policyItem); }
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 432c443..8699d5a 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -30,49 +30,10 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; import org.apache.ranger.common.*; -import org.apache.ranger.db.RangerDaoManager; -import org.apache.ranger.db.XXAccessTypeDefDao; -import org.apache.ranger.db.XXAccessTypeDefGrantsDao; -import org.apache.ranger.db.XXContextEnricherDefDao; -import org.apache.ranger.db.XXEnumDefDao; -import org.apache.ranger.db.XXEnumElementDefDao; -import org.apache.ranger.db.XXPolicyConditionDefDao; -import org.apache.ranger.db.XXPolicyItemAccessDao; -import org.apache.ranger.db.XXPolicyItemConditionDao; -import org.apache.ranger.db.XXPolicyItemDao; -import org.apache.ranger.db.XXPolicyItemGroupPermDao; -import org.apache.ranger.db.XXPolicyItemUserPermDao; -import org.apache.ranger.db.XXPolicyResourceDao; -import org.apache.ranger.db.XXPolicyResourceMapDao; -import org.apache.ranger.db.XXResourceDefDao; -import org.apache.ranger.db.XXServiceConfigDefDao; -import org.apache.ranger.db.XXServiceConfigMapDao; -import org.apache.ranger.db.XXServiceDao; -import org.apache.ranger.entity.XXAccessTypeDef; -import org.apache.ranger.entity.XXAccessTypeDefGrants; -import org.apache.ranger.entity.XXContextEnricherDef; -import org.apache.ranger.entity.XXDBBase; -import org.apache.ranger.entity.XXDataHist; -import org.apache.ranger.entity.XXEnumDef; -import org.apache.ranger.entity.XXEnumElementDef; -import org.apache.ranger.entity.XXGroup; -import org.apache.ranger.entity.XXPolicy; -import org.apache.ranger.entity.XXPolicyConditionDef; -import org.apache.ranger.entity.XXPolicyItem; -import org.apache.ranger.entity.XXPolicyItemAccess; -import org.apache.ranger.entity.XXPolicyItemCondition; -import org.apache.ranger.entity.XXPolicyItemGroupPerm; -import org.apache.ranger.entity.XXPolicyItemUserPerm; -import org.apache.ranger.entity.XXPolicyResource; -import org.apache.ranger.entity.XXPolicyResourceMap; -import org.apache.ranger.entity.XXResourceDef; -import org.apache.ranger.entity.XXService; -import org.apache.ranger.entity.XXServiceConfigDef; -import org.apache.ranger.entity.XXServiceConfigMap; -import org.apache.ranger.entity.XXServiceDef; -import org.apache.ranger.entity.XXTrxLog; -import org.apache.ranger.entity.XXUser; +import org.apache.ranger.db.*; +import org.apache.ranger.entity.*; import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; @@ -82,6 +43,8 @@ import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskDef; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskTypeDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; @@ -249,6 +212,7 @@ public class ServiceDBStore extends AbstractServiceStore { List<RangerPolicyConditionDef> policyConditions = serviceDef.getPolicyConditions(); List<RangerContextEnricherDef> contextEnrichers = serviceDef.getContextEnrichers(); List<RangerEnumDef> enums = serviceDef.getEnums(); + RangerDataMaskDef dataMaskDef = serviceDef.getDataMaskDef(); // While creating, value of version should be 1. @@ -360,6 +324,82 @@ public class ServiceDBStore extends AbstractServiceStore { xElement = xxEnumEleDefDao.create(xElement); } } + + if(dataMaskDef != null) { + List<RangerDataMaskTypeDef> dataMaskTypes = dataMaskDef.getMaskTypes(); + List<String> supportedAccessTypes = dataMaskDef.getSupportedAccessTypes(); + List<String> supportedResources = dataMaskDef.getSupportedResources(); + + if(CollectionUtils.isNotEmpty(dataMaskTypes)) { + XXDataMaskTypeDefDao xxDataMaskDefDao = daoMgr.getXXDataMaskTypeDef(); + for (int i = 0; i < dataMaskTypes.size(); i++) { + RangerDataMaskTypeDef dataMask = dataMaskTypes.get(i); + + XXDataMaskTypeDef xDataMaskDef = new XXDataMaskTypeDef(); + xDataMaskDef = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xDataMaskDef, createdSvcDef, + RangerServiceDefService.OPERATION_CREATE_CONTEXT); + xDataMaskDef.setOrder(i); + xDataMaskDef = xxDataMaskDefDao.create(xDataMaskDef); + } + } + + if(CollectionUtils.isNotEmpty(supportedAccessTypes)) { + List<XXAccessTypeDef> xxAccessTypeDefs = xxATDDao.findByServiceDefId(xServiceDef.getId()); + + for(String accessType : supportedAccessTypes) { + boolean found = false; + for(XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) { + if(StringUtils.equals(xxAccessTypeDef.getName(), accessType)) { + found = true; + break; + } + } + + if(! found) { + throw restErrorUtil.createRESTException("accessType with name: " + + accessType + " does not exists", MessageEnums.DATA_NOT_FOUND); + } + } + + for(XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) { + boolean isDatamaskingSupported = supportedAccessTypes.contains(xxAccessTypeDef.getName()); + + if(xxAccessTypeDef.isDatamaskingSupported() != isDatamaskingSupported) { + xxAccessTypeDef.setDatamaskingSupported(isDatamaskingSupported); + xxATDDao.update(xxAccessTypeDef); + } + } + } + + if(CollectionUtils.isNotEmpty(supportedResources)) { + List<XXResourceDef> xxResourceDefs = xxResDefDao.findByServiceDefId(xServiceDef.getId()); + + for(String resource : supportedResources) { + boolean found = false; + for(XXResourceDef xxResourceDef : xxResourceDefs) { + if(StringUtils.equals(xxResourceDef.getName(), resource)) { + found = true; + break; + } + } + + if(! found) { + throw restErrorUtil.createRESTException("resource with name: " + + resource + " does not exists", MessageEnums.DATA_NOT_FOUND); + } + } + + for(XXResourceDef xxResourceDef : xxResourceDefs) { + boolean isDatamaskingSupported = supportedResources.contains(xxResourceDef.getName()); + + if(xxResourceDef.isDatamaskingSupported() != isDatamaskingSupported) { + xxResourceDef.setDatamaskingSupported(isDatamaskingSupported); + xxResDefDao.update(xxResourceDef); + } + } + } + } + RangerServiceDef createdServiceDef = serviceDefService.getPopulatedViewObject(createdSvcDef); dataHistService.createObjectDataHistory(createdServiceDef, RangerDataHistService.ACTION_CREATE); @@ -406,6 +446,7 @@ public class ServiceDBStore extends AbstractServiceStore { List<RangerPolicyConditionDef> policyConditions = serviceDef.getPolicyConditions() != null ? serviceDef.getPolicyConditions() : new ArrayList<RangerPolicyConditionDef>(); List<RangerContextEnricherDef> contextEnrichers = serviceDef.getContextEnrichers() != null ? serviceDef.getContextEnrichers() : new ArrayList<RangerContextEnricherDef>(); List<RangerEnumDef> enums = serviceDef.getEnums() != null ? serviceDef.getEnums() : new ArrayList<RangerEnumDef>(); + RangerDataMaskDef dataMaskDef = serviceDef.getDataMaskDef(); serviceDef.setCreateTime(existing.getCreateTime()); serviceDef.setGuid(existing.getGuid()); @@ -414,7 +455,7 @@ public class ServiceDBStore extends AbstractServiceStore { serviceDef = serviceDefService.update(serviceDef); XXServiceDef createdSvcDef = daoMgr.getXXServiceDef().getById(serviceDefId); - updateChildObjectsOfServiceDef(createdSvcDef, configs, resources, accessTypes, policyConditions, contextEnrichers, enums); + updateChildObjectsOfServiceDef(createdSvcDef, configs, resources, accessTypes, policyConditions, contextEnrichers, enums, dataMaskDef); RangerServiceDef updatedSvcDef = getServiceDef(serviceDefId); dataHistService.createObjectDataHistory(updatedSvcDef, RangerDataHistService.ACTION_UPDATE); @@ -429,10 +470,10 @@ public class ServiceDBStore extends AbstractServiceStore { return updatedSvcDef; } - public void updateChildObjectsOfServiceDef(XXServiceDef createdSvcDef, List<RangerServiceConfigDef> configs, + private void updateChildObjectsOfServiceDef(XXServiceDef createdSvcDef, List<RangerServiceConfigDef> configs, List<RangerResourceDef> resources, List<RangerAccessTypeDef> accessTypes, List<RangerPolicyConditionDef> policyConditions, List<RangerContextEnricherDef> contextEnrichers, - List<RangerEnumDef> enums) { + List<RangerEnumDef> enums, RangerServiceDef.RangerDataMaskDef dataMaskDef) { Long serviceDefId = createdSvcDef.getId(); @@ -765,6 +806,110 @@ public class ServiceDBStore extends AbstractServiceStore { xxEnumDefDao.remove(xEnumDef); } } + + List<RangerDataMaskTypeDef> dataMasks = dataMaskDef == null || dataMaskDef.getMaskTypes() == null ? new ArrayList<RangerDataMaskTypeDef>() : dataMaskDef.getMaskTypes(); + List<String> supportedAccessTypes = dataMaskDef == null || dataMaskDef.getSupportedAccessTypes() == null ? new ArrayList<String>() : dataMaskDef.getSupportedAccessTypes(); + List<String> supportedResources = dataMaskDef == null || dataMaskDef.getSupportedResources() == null ? new ArrayList<String>() : dataMaskDef.getSupportedResources(); + XXDataMaskTypeDefDao dataMaskTypeDao = daoMgr.getXXDataMaskTypeDef(); + List<XXDataMaskTypeDef> xxDataMaskTypes = dataMaskTypeDao.findByServiceDefId(serviceDefId); + // create or update dataMasks + for (RangerServiceDef.RangerDataMaskTypeDef dataMask : dataMasks) { + boolean found = false; + for (XXDataMaskTypeDef xxDataMask : xxDataMaskTypes) { + if (xxDataMask.getItemId() != null && xxDataMask.getItemId().equals(dataMask.getItemId())) { + if (LOG.isDebugEnabled()) { + LOG.debug("Updating existing dataMask with itemId=" + dataMask.getItemId()); + } + + found = true; + xxDataMask = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xxDataMask, createdSvcDef, + RangerServiceDefService.OPERATION_UPDATE_CONTEXT); + xxDataMask = dataMaskTypeDao.update(xxDataMask); + dataMask = serviceDefService.populateXXToRangerDataMaskTypeDef(xxDataMask); + break; + } + } + + if (!found) { + if (LOG.isDebugEnabled()) { + LOG.debug("Creating dataMask with itemId=" + dataMask.getItemId() + ""); + } + + XXDataMaskTypeDef xxDataMask = new XXDataMaskTypeDef(); + xxDataMask = serviceDefService.populateRangerDataMaskDefToXX(dataMask, xxDataMask, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT); + xxDataMask = dataMaskTypeDao.create(xxDataMask); + } + } + + // remove dataMasks + for (XXDataMaskTypeDef xxDataMask : xxDataMaskTypes) { + boolean found = false; + for (RangerDataMaskTypeDef dataMask : dataMasks) { + if (xxDataMask.getItemId() != null && xxDataMask.getItemId().equals(dataMask.getItemId())) { + found = true; + break; + } + } + if (!found) { + if(LOG.isDebugEnabled()) { + LOG.debug("Deleting dataMask with itemId=" + xxDataMask.getItemId()); + } + + dataMaskTypeDao.remove(xxDataMask); + } + } + + List<XXAccessTypeDef> xxAccessTypeDefs = xxATDDao.findByServiceDefId(serviceDefId); + + for(String accessType : supportedAccessTypes) { + boolean found = false; + for(XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) { + if(StringUtils.equals(xxAccessTypeDef.getName(), accessType)) { + found = true; + break; + } + } + + if(! found) { + throw restErrorUtil.createRESTException("accessType with name: " + + accessType + " does not exists", MessageEnums.DATA_NOT_FOUND); + } + } + + for(XXAccessTypeDef xxAccessTypeDef : xxAccessTypeDefs) { + boolean isDatamaskingSupported = supportedAccessTypes.contains(xxAccessTypeDef.getName()); + + if(xxAccessTypeDef.isDatamaskingSupported() != isDatamaskingSupported) { + xxAccessTypeDef.setDatamaskingSupported(isDatamaskingSupported); + xxATDDao.update(xxAccessTypeDef); + } + } + + List<XXResourceDef> xxResourceDefs = xxResDefDao.findByServiceDefId(serviceDefId); + + for(String resource : supportedResources) { + boolean found = false; + for(XXResourceDef xxResourceDef : xxResourceDefs) { + if(StringUtils.equals(xxResourceDef.getName(), resource)) { + found = true; + break; + } + } + + if(! found) { + throw restErrorUtil.createRESTException("resource with name: " + + resource + " does not exists", MessageEnums.DATA_NOT_FOUND); + } + } + + for(XXResourceDef xxResourceDef : xxResourceDefs) { + boolean isDatamaskingSupported = supportedResources.contains(xxResourceDef.getName()); + + if(xxResourceDef.isDatamaskingSupported() != isDatamaskingSupported) { + xxResourceDef.setDatamaskingSupported(isDatamaskingSupported); + xxResDefDao.update(xxResourceDef); + } + } } @Override @@ -806,6 +951,12 @@ public class ServiceDBStore extends AbstractServiceStore { } } + XXDataMaskTypeDefDao dataMaskDao = daoMgr.getXXDataMaskTypeDef(); + List<XXDataMaskTypeDef> dataMaskDefs = dataMaskDao.findByServiceDefId(serviceDefId); + for(XXDataMaskTypeDef dataMaskDef : dataMaskDefs) { + dataMaskDao.remove(dataMaskDef); + } + List<XXAccessTypeDef> accTypeDefs = daoMgr.getXXAccessTypeDef().findByServiceDefId(serviceDefId); for(XXAccessTypeDef accessType : accTypeDefs) { deleteXXAccessTypeDef(accessType); @@ -1415,6 +1566,7 @@ public class ServiceDBStore extends AbstractServiceStore { List<RangerPolicyItem> denyPolicyItems = policy.getDenyPolicyItems(); List<RangerPolicyItem> allowExceptions = policy.getAllowExceptions(); List<RangerPolicyItem> denyExceptions = policy.getDenyExceptions(); + List<RangerDataMaskPolicyItem> dataMaskItems = policy.getDataMaskPolicyItems(); policy.setVersion(Long.valueOf(1)); updatePolicySignature(policy); @@ -1439,6 +1591,7 @@ public class ServiceDBStore extends AbstractServiceStore { createNewPolicyItemsForPolicy(policy, xCreatedPolicy, denyPolicyItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY); createNewPolicyItemsForPolicy(policy, xCreatedPolicy, allowExceptions, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS); createNewPolicyItemsForPolicy(policy, xCreatedPolicy, denyExceptions, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS); + createNewDataMaskPolicyItemsForPolicy(policy, xCreatedPolicy, dataMaskItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATA_MASKING); handlePolicyUpdate(service); RangerPolicy createdPolicy = policyService.getPopulatedViewObject(xCreatedPolicy); dataHistService.createObjectDataHistory(createdPolicy, RangerDataHistService.ACTION_CREATE); @@ -1491,6 +1644,7 @@ public class ServiceDBStore extends AbstractServiceStore { List<RangerPolicyItem> denyPolicyItems = policy.getDenyPolicyItems(); List<RangerPolicyItem> allowExceptions = policy.getAllowExceptions(); List<RangerPolicyItem> denyExceptions = policy.getDenyExceptions(); + List<RangerDataMaskPolicyItem> dataMaskPolicyItems = policy.getDataMaskPolicyItems(); policy.setCreateTime(xxExisting.getCreateTime()); policy.setGuid(xxExisting.getGuid()); @@ -1511,7 +1665,8 @@ public class ServiceDBStore extends AbstractServiceStore { createNewPolicyItemsForPolicy(policy, newUpdPolicy, denyPolicyItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY); createNewPolicyItemsForPolicy(policy, newUpdPolicy, allowExceptions, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS); createNewPolicyItemsForPolicy(policy, newUpdPolicy, denyExceptions, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS); - + createNewDataMaskPolicyItemsForPolicy(policy, newUpdPolicy, dataMaskPolicyItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATA_MASKING); + handlePolicyUpdate(service); RangerPolicy updPolicy = policyService.getPopulatedViewObject(newUpdPolicy); dataHistService.createObjectDataHistory(updPolicy, RangerDataHistService.ACTION_UPDATE); @@ -2100,93 +2255,132 @@ public class ServiceDBStore extends AbstractServiceStore { } } - private void createNewPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerPolicyItem> policyItems, XXServiceDef xServiceDef, int policyItemType) throws Exception { - - for (int itemOrder = 0; itemOrder < policyItems.size(); itemOrder++) { - RangerPolicyItem policyItem = policyItems.get(itemOrder); - XXPolicyItem xPolicyItem = new XXPolicyItem(); - xPolicyItem = (XXPolicyItem) rangerAuditFields.populateAuditFields( - xPolicyItem, xPolicy); - xPolicyItem.setDelegateAdmin(policyItem.getDelegateAdmin()); - xPolicyItem.setItemType(policyItemType); - xPolicyItem.setIsEnabled(Boolean.TRUE); - xPolicyItem.setComments(null); - xPolicyItem.setPolicyId(policy.getId()); - xPolicyItem.setOrder(itemOrder); - xPolicyItem = daoMgr.getXXPolicyItem().create(xPolicyItem); - - List<RangerPolicyItemAccess> accesses = policyItem.getAccesses(); - for (int i = 0; i < accesses.size(); i++) { - RangerPolicyItemAccess access = accesses.get(i); - - XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef() - .findByNameAndServiceId(access.getType(), - xPolicy.getService()); - if (xAccTypeDef == null) { - throw new Exception(access.getType() + ": is not a valid access-type. policy='"+ policy.getName() + "' service='"+ policy.getService() + "'"); - } + private XXPolicyItem createNewPolicyItemForPolicy(RangerPolicy policy, XXPolicy xPolicy, RangerPolicy.RangerPolicyItem policyItem, XXServiceDef xServiceDef, int itemOrder, int policyItemType) throws Exception { + XXPolicyItem xPolicyItem = new XXPolicyItem(); - XXPolicyItemAccess xPolItemAcc = new XXPolicyItemAccess(); - xPolItemAcc = (XXPolicyItemAccess) rangerAuditFields.populateAuditFields(xPolItemAcc, xPolicyItem); - xPolItemAcc.setIsAllowed(access.getIsAllowed()); + xPolicyItem = (XXPolicyItem) rangerAuditFields.populateAuditFields(xPolicyItem, xPolicy); - xPolItemAcc.setType(xAccTypeDef.getId()); - xPolItemAcc.setPolicyitemid(xPolicyItem.getId()); - xPolItemAcc.setOrder(i); - xPolItemAcc = daoMgr.getXXPolicyItemAccess() - .create(xPolItemAcc); + xPolicyItem.setDelegateAdmin(policyItem.getDelegateAdmin()); + xPolicyItem.setItemType(policyItemType); + xPolicyItem.setIsEnabled(Boolean.TRUE); + xPolicyItem.setComments(null); + xPolicyItem.setPolicyId(policy.getId()); + xPolicyItem.setOrder(itemOrder); + xPolicyItem = daoMgr.getXXPolicyItem().create(xPolicyItem); + + List<RangerPolicyItemAccess> accesses = policyItem.getAccesses(); + for (int i = 0; i < accesses.size(); i++) { + RangerPolicyItemAccess access = accesses.get(i); + + XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef() + .findByNameAndServiceId(access.getType(), + xPolicy.getService()); + if (xAccTypeDef == null) { + throw new Exception(access.getType() + ": is not a valid access-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'"); } - List<String> users = policyItem.getUsers(); - for(int i = 0; i < users.size(); i++) { - String user = users.get(i); - XXUser xUser = daoMgr.getXXUser().findByUserName(user); - if(xUser == null) { - throw new Exception(user + ": user does not exist. policy='"+ policy.getName() + "' service='"+ policy.getService() + "'"); - } - XXPolicyItemUserPerm xUserPerm = new XXPolicyItemUserPerm(); - xUserPerm = (XXPolicyItemUserPerm) rangerAuditFields.populateAuditFields(xUserPerm, xPolicyItem); - xUserPerm.setUserId(xUser.getId()); - xUserPerm.setPolicyItemId(xPolicyItem.getId()); - xUserPerm.setOrder(i); - xUserPerm = daoMgr.getXXPolicyItemUserPerm().create(xUserPerm); + XXPolicyItemAccess xPolItemAcc = new XXPolicyItemAccess(); + + xPolItemAcc = (XXPolicyItemAccess) rangerAuditFields.populateAuditFields(xPolItemAcc, xPolicyItem); + xPolItemAcc.setIsAllowed(access.getIsAllowed()); + xPolItemAcc.setType(xAccTypeDef.getId()); + xPolItemAcc.setPolicyitemid(xPolicyItem.getId()); + xPolItemAcc.setOrder(i); + + daoMgr.getXXPolicyItemAccess().create(xPolItemAcc); + } + + List<String> users = policyItem.getUsers(); + for(int i = 0; i < users.size(); i++) { + String user = users.get(i); + + XXUser xUser = daoMgr.getXXUser().findByUserName(user); + if(xUser == null) { + throw new Exception(user + ": user does not exist. policy='"+ policy.getName() + "' service='"+ policy.getService() + "'"); } - - List<String> groups = policyItem.getGroups(); - for(int i = 0; i < groups.size(); i++) { - String group = groups.get(i); + XXPolicyItemUserPerm xUserPerm = new XXPolicyItemUserPerm(); + xUserPerm = (XXPolicyItemUserPerm) rangerAuditFields.populateAuditFields(xUserPerm, xPolicyItem); + xUserPerm.setUserId(xUser.getId()); + xUserPerm.setPolicyItemId(xPolicyItem.getId()); + xUserPerm.setOrder(i); + xUserPerm = daoMgr.getXXPolicyItemUserPerm().create(xUserPerm); + } - XXGroup xGrp = daoMgr.getXXGroup().findByGroupName(group); - if(xGrp == null) { - throw new Exception(group + ": group does not exist. policy='"+ policy.getName() + "' service='"+ policy.getService() + "'"); - } - XXPolicyItemGroupPerm xGrpPerm = new XXPolicyItemGroupPerm(); - xGrpPerm = (XXPolicyItemGroupPerm) rangerAuditFields.populateAuditFields(xGrpPerm, xPolicyItem); - xGrpPerm.setGroupId(xGrp.getId()); - xGrpPerm.setPolicyItemId(xPolicyItem.getId()); - xGrpPerm.setOrder(i); - xGrpPerm = daoMgr.getXXPolicyItemGroupPerm().create(xGrpPerm); + List<String> groups = policyItem.getGroups(); + for(int i = 0; i < groups.size(); i++) { + String group = groups.get(i); + + XXGroup xGrp = daoMgr.getXXGroup().findByGroupName(group); + if(xGrp == null) { + throw new Exception(group + ": group does not exist. policy='"+ policy.getName() + "' service='"+ policy.getService() + "'"); } - - List<RangerPolicyItemCondition> conditions = policyItem.getConditions(); - for(RangerPolicyItemCondition condition : conditions) { - XXPolicyConditionDef xPolCond = daoMgr - .getXXPolicyConditionDef().findByServiceDefIdAndName( - xServiceDef.getId(), condition.getType()); - - if(xPolCond == null) { - throw new Exception(condition.getType() + ": is not a valid condition-type. policy='"+ policy.getName() + "' service='"+ policy.getService() + "'"); - } - - for(int i = 0; i < condition.getValues().size(); i++) { - String value = condition.getValues().get(i); - XXPolicyItemCondition xPolItemCond = new XXPolicyItemCondition(); - xPolItemCond = (XXPolicyItemCondition) rangerAuditFields.populateAuditFields(xPolItemCond, xPolicyItem); - xPolItemCond.setPolicyItemId(xPolicyItem.getId()); - xPolItemCond.setType(xPolCond.getId()); - xPolItemCond.setValue(value); - xPolItemCond.setOrder(i); - xPolItemCond = daoMgr.getXXPolicyItemCondition().create(xPolItemCond); + XXPolicyItemGroupPerm xGrpPerm = new XXPolicyItemGroupPerm(); + xGrpPerm = (XXPolicyItemGroupPerm) rangerAuditFields.populateAuditFields(xGrpPerm, xPolicyItem); + xGrpPerm.setGroupId(xGrp.getId()); + xGrpPerm.setPolicyItemId(xPolicyItem.getId()); + xGrpPerm.setOrder(i); + xGrpPerm = daoMgr.getXXPolicyItemGroupPerm().create(xGrpPerm); + } + + List<RangerPolicyItemCondition> conditions = policyItem.getConditions(); + for(RangerPolicyItemCondition condition : conditions) { + XXPolicyConditionDef xPolCond = daoMgr + .getXXPolicyConditionDef().findByServiceDefIdAndName( + xServiceDef.getId(), condition.getType()); + + if(xPolCond == null) { + throw new Exception(condition.getType() + ": is not a valid condition-type. policy='"+ xPolicy.getName() + "' service='"+ xPolicy.getService() + "'"); + } + + for(int i = 0; i < condition.getValues().size(); i++) { + String value = condition.getValues().get(i); + XXPolicyItemCondition xPolItemCond = new XXPolicyItemCondition(); + xPolItemCond = (XXPolicyItemCondition) rangerAuditFields.populateAuditFields(xPolItemCond, xPolicyItem); + xPolItemCond.setPolicyItemId(xPolicyItem.getId()); + xPolItemCond.setType(xPolCond.getId()); + xPolItemCond.setValue(value); + xPolItemCond.setOrder(i); + + daoMgr.getXXPolicyItemCondition().create(xPolItemCond); + } + } + + return xPolicyItem; + } + + private void createNewPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerPolicyItem> policyItems, XXServiceDef xServiceDef, int policyItemType) throws Exception { + if(CollectionUtils.isNotEmpty(policyItems)) { + for (int itemOrder = 0; itemOrder < policyItems.size(); itemOrder++) { + RangerPolicyItem policyItem = policyItems.get(itemOrder); + XXPolicyItem xPolicyItem = createNewPolicyItemForPolicy(policy, xPolicy, policyItem, xServiceDef, itemOrder, policyItemType); + } + } + } + + private void createNewDataMaskPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerDataMaskPolicyItem> policyItems, XXServiceDef xServiceDef, int policyItemType) throws Exception { + if(CollectionUtils.isNotEmpty(policyItems)) { + for (int itemOrder = 0; itemOrder < policyItems.size(); itemOrder++) { + RangerDataMaskPolicyItem policyItem = policyItems.get(itemOrder); + + XXPolicyItem xPolicyItem = createNewPolicyItemForPolicy(policy, xPolicy, policyItem, xServiceDef, itemOrder, policyItemType); + + RangerPolicy.RangerPolicyItemDataMaskInfo dataMaskInfo = policyItem.getDataMaskInfo(); + + if(dataMaskInfo != null) { + XXDataMaskTypeDef dataMaskDef = daoMgr.getXXDataMaskTypeDef().findByNameAndServiceId(dataMaskInfo.getDataMaskType(), xPolicy.getService()); + + if(dataMaskDef == null) { + throw new Exception(dataMaskInfo.getDataMaskType() + ": is not a valid datamask-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'"); + } + + XXPolicyItemDataMaskInfo xxDataMaskInfo = new XXPolicyItemDataMaskInfo(); + + xxDataMaskInfo.setPolicyitemid(xPolicyItem.getId()); + xxDataMaskInfo.setType(dataMaskDef.getId()); + xxDataMaskInfo.setConditionExpr(dataMaskInfo.getConditionExpr()); + xxDataMaskInfo.setValueExpr(dataMaskInfo.getValueExpr()); + + xxDataMaskInfo = daoMgr.getXXPolicyItemDataMaskInfo().create(xxDataMaskInfo); } } } @@ -2258,7 +2452,13 @@ public class ServiceDBStore extends AbstractServiceStore { for(XXPolicyItemAccess access : accesses) { polItemAccDao.remove(access); } - + + XXPolicyItemDataMaskInfoDao polItemDataMaskInfoDao = daoMgr.getXXPolicyItemDataMaskInfo(); + List<XXPolicyItemDataMaskInfo> dataMaskInfos = polItemDataMaskInfoDao.findByPolicyItemId(polItemId); + for(XXPolicyItemDataMaskInfo dataMaskInfo : dataMaskInfos) { + polItemDataMaskInfoDao.remove(dataMaskInfo); + } + policyItemDao.remove(policyItem); } return true; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java index e47d10b..6988750 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java +++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java @@ -575,11 +575,19 @@ public class AppConstants extends RangerCommonEnums { * Class type of XXTagResourceMap */ public static final int CLASS_TYPE_XA_TAG_RESOURCE_MAP = 1048; + /** + * CLASS_TYPE_XA_DATAMASK_DEF is an element of enum ClassTypes. Its value is "CLASS_TYPE_XA_DATAMASK_DEF". + */ + public static final int CLASS_TYPE_XA_DATAMASK_DEF = 1049; + /** + * CLASS_TYPE_RANGER_POLICY_ITEM_DATAMASK_INFO is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_POLICY_ITEM_DATAMASK_INFO". + */ + public static final int CLASS_TYPE_RANGER_POLICY_ITEM_DATAMASK_INFO = 1050; /** * Max value for enum ClassTypes_MAX */ - public static final int ClassTypes_MAX = 1048; + public static final int ClassTypes_MAX = 1050; /*************************************************************** * Enum values for Default SortOrder http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java index d9cf87a..5431553 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java +++ b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java @@ -186,7 +186,13 @@ public abstract class RangerDaoManagerBase { if (classType == AppConstants.CLASS_TYPE_XA_TAG_RESOURCE_MAP) { return getXXTagResourceMap(); } - + if (classType == AppConstants.CLASS_TYPE_XA_DATAMASK_DEF) { + return getXXDataMaskTypeDef(); + } + if (classType == AppConstants.CLASS_TYPE_RANGER_POLICY_ITEM_DATAMASK_INFO) { + return getXXPolicyItemDataMaskInfo(); + } + logger.error("No DaoManager found for classType=" + classType, new Throwable()); return null; } @@ -340,6 +346,12 @@ public abstract class RangerDaoManagerBase { if (className.equals("XXTagResourceMap")) { return getXXTagResourceMap(); } + if (className.equals("XXDataMaskTypeDef")) { + return getXXDataMaskTypeDef(); + } + if (className.equals("XXPolicyItemDataMaskInfo")) { + return getXXPolicyItemDataMaskInfo(); + } logger.error("No DaoManager found for className=" + className, new Throwable()); return null; @@ -548,5 +560,11 @@ public abstract class RangerDaoManagerBase { return new XXTagResourceMapDao(this); } + public XXDataMaskTypeDefDao getXXDataMaskTypeDef() { return new XXDataMaskTypeDefDao(this); } + + public XXPolicyItemDataMaskInfoDao getXXPolicyItemDataMaskInfo() { + return new XXPolicyItemDataMaskInfoDao(this); + } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/main/java/org/apache/ranger/db/XXDataMaskTypeDefDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXDataMaskTypeDefDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXDataMaskTypeDefDao.java new file mode 100644 index 0000000..f6e1aff --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/db/XXDataMaskTypeDefDao.java @@ -0,0 +1,62 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.db; + +import java.util.ArrayList; +import java.util.List; + +import javax.persistence.NoResultException; + +import org.apache.ranger.common.db.BaseDao; +import org.apache.ranger.entity.XXDataMaskTypeDef; + +public class XXDataMaskTypeDefDao extends BaseDao<XXDataMaskTypeDef> { + + public XXDataMaskTypeDefDao(RangerDaoManagerBase daoManager) { + super(daoManager); + } + + public List<XXDataMaskTypeDef> findByServiceDefId(Long serviceDefId) { + if (serviceDefId == null) { + return new ArrayList<XXDataMaskTypeDef>(); + } + try { + List<XXDataMaskTypeDef> retList = getEntityManager() + .createNamedQuery("XXDataMaskTypeDef.findByServiceDefId", tClass) + .setParameter("serviceDefId", serviceDefId).getResultList(); + return retList; + } catch (NoResultException e) { + return new ArrayList<XXDataMaskTypeDef>(); + } + } + + public XXDataMaskTypeDef findByNameAndServiceId(String name, Long serviceId) { + if(name == null || serviceId == null) { + return null; + } + try { + return getEntityManager() + .createNamedQuery("XXDataMaskTypeDef.findByNameAndServiceId", tClass) + .setParameter("name", name).setParameter("serviceId", serviceId) + .getSingleResult(); + } catch (NoResultException e) { + return null; + } + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDataMaskInfoDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDataMaskInfoDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDataMaskInfoDao.java new file mode 100644 index 0000000..a8418c6 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDataMaskInfoDao.java @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.db; + +import java.util.ArrayList; +import java.util.List; + +import javax.persistence.NoResultException; + +import org.apache.ranger.common.db.BaseDao; +import org.apache.ranger.entity.XXPolicyItemDataMaskInfo; + +public class XXPolicyItemDataMaskInfoDao extends BaseDao<XXPolicyItemDataMaskInfo> { + + public XXPolicyItemDataMaskInfoDao(RangerDaoManagerBase daoManager) { + super(daoManager); + } + + public List<XXPolicyItemDataMaskInfo> findByPolicyItemId(Long polItemId) { + if(polItemId == null) { + return new ArrayList<XXPolicyItemDataMaskInfo>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemDataMaskInfo.findByPolicyItemId", tClass) + .setParameter("polItemId", polItemId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemDataMaskInfo>(); + } + } + + public List<XXPolicyItemDataMaskInfo> findByPolicyId(Long policyId) { + if(policyId == null) { + return new ArrayList<XXPolicyItemDataMaskInfo>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemDataMaskInfo.findByPolicyId", tClass) + .setParameter("policyId", policyId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemDataMaskInfo>(); + } + } + + public List<XXPolicyItemDataMaskInfo> findByServiceId(Long serviceId) { + if(serviceId == null) { + return new ArrayList<XXPolicyItemDataMaskInfo>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemDataMaskInfo.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemDataMaskInfo>(); + } + } + + public List<XXPolicyItemDataMaskInfo> findByType(Long type) { + if (type == null) { + return new ArrayList<XXPolicyItemDataMaskInfo>(); + } + try { + return getEntityManager().createNamedQuery("XXPolicyItemDataMaskInfo.findByType", tClass) + .setParameter("type", type).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemDataMaskInfo>(); + } + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java index 72eeb1d..62b11ce 100644 --- a/security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java @@ -94,6 +94,15 @@ public class XXAccessTypeDef extends XXDBBase implements java.io.Serializable { protected Integer order; /** + * datamaskingSupported of the XXAccessTypeDef + * <ul> + * </ul> + * + */ + @Column(name = "datamasking_supported") + protected boolean datamaskingSupported; + + /** * This method sets the value to the member attribute <b> id</b> . You * cannot set null to the attribute. * @@ -233,6 +242,14 @@ public class XXAccessTypeDef extends XXDBBase implements java.io.Serializable { return this.order; } + public boolean isDatamaskingSupported() { + return datamaskingSupported; + } + + public void setDatamaskingSupported(boolean datamaskingSupported) { + this.datamaskingSupported = datamaskingSupported; + } + /* * (non-Javadoc) * @@ -302,6 +319,9 @@ public class XXAccessTypeDef extends XXDBBase implements java.io.Serializable { } else if (!rbKeyLabel.equals(other.rbKeyLabel)) { return false; } + if (datamaskingSupported != other.datamaskingSupported) { + return false; + } return true; } @@ -314,7 +334,7 @@ public class XXAccessTypeDef extends XXDBBase implements java.io.Serializable { public String toString() { return "XXAccessTypeDef [" + super.toString() + " id=" + id + ", defId=" + defId + ", itemId=" + itemId + ", name=" + name + ", label=" + label - + ", rbKeyLabel=" + rbKeyLabel + ", order=" + order + "]"; + + ", rbKeyLabel=" + rbKeyLabel + ", datamaskingSupported=" + datamaskingSupported + ", order=" + order + "]"; } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/main/java/org/apache/ranger/entity/XXDataMaskTypeDef.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXDataMaskTypeDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXDataMaskTypeDef.java new file mode 100644 index 0000000..f7480f7 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXDataMaskTypeDef.java @@ -0,0 +1,403 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ranger.entity; + +import javax.persistence.*; +import javax.xml.bind.annotation.XmlRootElement; + +@Entity +@Cacheable +@XmlRootElement +@Table(name = "x_datamask_type_def") +public class XXDataMaskTypeDef extends XXDBBase implements java.io.Serializable { + private static final long serialVersionUID = 1L; + /** + * id of the XXDataMaskTypeDef + * <ul> + * </ul> + * + */ + @Id + @SequenceGenerator(name = "x_datamask_type_def_SEQ", sequenceName = "x_datamask_type_def_SEQ", allocationSize = 1) + @GeneratedValue(strategy = GenerationType.AUTO, generator = "x_datamask_type_def_SEQ") + @Column(name = "id") + protected Long id; + + /** + * defId of the XXDataMaskTypeDef + * <ul> + * </ul> + * + */ + @Column(name = "def_id") + protected Long defId; + + /** + * itemId of the XXDataMaskTypeDef + * <ul> + * </ul> + * + */ + @Column(name = "item_id") + protected Long itemId; + + /** + * name of the XXDataMaskTypeDef + * <ul> + * </ul> + * + */ + @Column(name = "name") + protected String name; + + /** + * label of the XXDataMaskTypeDef + * <ul> + * </ul> + * + */ + @Column(name = "label") + protected String label; + + /** + * description of the XXDataMaskTypeDef + * <ul> + * </ul> + * + */ + @Column(name = "description") + protected String description; + + /** + * dataMaskOptions of the XXDataMaskTypeDef + * <ul> + * </ul> + * + */ + @Column(name = "datamask_options") + protected String dataMaskOptions; + + /** + * rbKeyLabel of the XXDataMaskTypeDef + * <ul> + * </ul> + * + */ + @Column(name = "rb_key_label") + protected String rbKeyLabel; + + /** + * rbKeyDescription of the XXDataMaskTypeDef + * <ul> + * </ul> + * + */ + @Column(name = "rb_key_description") + protected String rbKeyDescription; + + /** + * order of the XXDataMaskTypeDef + * <ul> + * </ul> + * + */ + @Column(name = "sort_order") + protected Integer order; + + /** + * This method sets the value to the member attribute <b> id</b> . You + * cannot set null to the attribute. + * + * @param id + * Value to set member attribute <b> id</b> + */ + public void setId(Long id) { + this.id = id; + } + + /** + * Returns the value for the member attribute <b>id</b> + * + * @return Date - value of member attribute <b>id</b> . + */ + public Long getId() { + return this.id; + } + + /** + * This method sets the value to the member attribute <b> defId</b> . You + * cannot set null to the attribute. + * + * @param defId + * Value to set member attribute <b> defId</b> + */ + public void setDefid(Long defId) { + this.defId = defId; + } + + /** + * Returns the value for the member attribute <b>defId</b> + * + * @return Date - value of member attribute <b>defId</b> . + */ + public Long getDefid() { + return this.defId; + } + + /** + * This method sets the value to the member attribute <b> itemId</b> . You + * cannot set null to the attribute. + * + * @param itemId + * Value to set member attribute <b> itemId</b> + */ + public void setItemId(Long itemId) { + this.itemId = itemId; + } + + /** + * Returns the value for the member attribute <b>itemId</b> + * + * @return Long - value of member attribute <b>itemId</b> . + */ + public Long getItemId() { + return this.itemId; + } + + /** + * This method sets the value to the member attribute <b> name</b> . You + * cannot set null to the attribute. + * + * @param name + * Value to set member attribute <b> name</b> + */ + public void setName(String name) { + this.name = name; + } + + /** + * Returns the value for the member attribute <b>name</b> + * + * @return Date - value of member attribute <b>name</b> . + */ + public String getName() { + return this.name; + } + + /** + * This method sets the value to the member attribute <b> label</b> . You + * cannot set null to the attribute. + * + * @param label + * Value to set member attribute <b> label</b> + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * Returns the value for the member attribute <b>label</b> + * + * @return Date - value of member attribute <b>label</b> . + */ + public String getLabel() { + return this.label; + } + + /** + * This method sets the value to the member attribute <b> description</b> . + * + * @param description + * Value to set member attribute <b> description</b> + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * Returns the value for the member attribute <b>description</b> + * + * @return String - value of member attribute <b>description</b> . + */ + public String getDescription() { + return this.description; + } + + /** + * This method sets the value to the member attribute <b> dataMaskOptions</b> . + * + * @param dataMaskOptions + * Value to set member attribute <b> dataMaskOptions</b> + */ + public void setDataMaskOptions(String dataMaskOptions) { + this.dataMaskOptions = dataMaskOptions; + } + + /** + * Returns the value for the member attribute <b>dataMaskOptions</b> + * + * @return String - value of member attribute <b>dataMaskOptions</b> . + */ + public String getDataMaskOptions() { + return this.dataMaskOptions; + } + + /** + * This method sets the value to the member attribute <b> rbKeyLabel</b> . + * You cannot set null to the attribute. + * + * @param rbKeyLabel + * Value to set member attribute <b> rbKeyLabel</b> + */ + public void setRbkeylabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + /** + * Returns the value for the member attribute <b>rbKeyLabel</b> + * + * @return Date - value of member attribute <b>rbKeyLabel</b> . + */ + public String getRbkeylabel() { + return this.rbKeyLabel; + } + /** + * This method sets the value to the member attribute <b> rbKeyDescription</b> . + * + * @param rbKeyDescription + * Value to set member attribute <b> rbKeyDescription</b> + */ + public void setRbKeyDescription(String rbKeyDescription) { + this.rbKeyDescription = rbKeyDescription; + } + + /** + * Returns the value for the member attribute <b>rbKeyDescription</b> + * + * @return String - value of member attribute <b>rbKeyDescription</b> . + */ + public String getRbKeyDescription() { + return this.rbKeyDescription; + } + + /** + * This method sets the value to the member attribute <b> order</b> . You + * cannot set null to the attribute. + * + * @param order + * Value to set member attribute <b> order</b> + */ + public void setOrder(Integer order) { + this.order = order; + } + + /** + * Returns the value for the member attribute <b>order</b> + * + * @return Date - value of member attribute <b>order</b> . + */ + public Integer getOrder() { + return this.order; + } + + /* + * (non-Javadoc) + * + * @see java.lang.Object#equals(java.lang.Object) + */ + @Override + public boolean equals(Object obj) { + if (!super.equals(obj)) { + return false; + } + if (this == obj) { + return true; + } + if (!super.equals(obj)) { + return false; + } + if (getClass() != obj.getClass()) { + return false; + } + XXDataMaskTypeDef other = (XXDataMaskTypeDef) obj; + if (defId == null) { + if (other.defId != null) { + return false; + } + } else if (!defId.equals(other.defId)) { + return false; + } + if (itemId == null) { + if (other.itemId != null) { + return false; + } + } else if (!itemId.equals(other.itemId)) { + return false; + } + if (id == null) { + if (other.id != null) { + return false; + } + } else if (!id.equals(other.id)) { + return false; + } + if (label == null) { + if (other.label != null) { + return false; + } + } else if (!label.equals(other.label)) { + return false; + } + if (name == null) { + if (other.name != null) { + return false; + } + } else if (!name.equals(other.name)) { + return false; + } + if (order == null) { + if (other.order != null) { + return false; + } + } else if (!order.equals(other.order)) { + return false; + } + if (rbKeyLabel == null) { + if (other.rbKeyLabel != null) { + return false; + } + } else if (!rbKeyLabel.equals(other.rbKeyLabel)) { + return false; + } + return true; + } + + /* + * (non-Javadoc) + * + * @see java.lang.Object#toString() + */ + @Override + public String toString() { + return "XXDataMaskTypeDef [" + super.toString() + " id=" + id + + ", defId=" + defId + ", itemId=" + itemId + ", name=" + name + ", label=" + label + + ", rbKeyLabel=" + rbKeyLabel + ", order=" + order + "]"; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java new file mode 100644 index 0000000..391f5a8 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java @@ -0,0 +1,282 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ranger.entity; + +import javax.persistence.*; +import javax.xml.bind.annotation.XmlRootElement; + +@Entity +@Cacheable +@XmlRootElement +@Table(name = "x_policy_item_datamask") +public class XXPolicyItemDataMaskInfo extends XXDBBase implements + java.io.Serializable { + private static final long serialVersionUID = 1L; + /** + * id of the XXPolicyItemDataMaskInfo + * <ul> + * </ul> + * + */ + @Id + @SequenceGenerator(name = "x_policy_item_datamask_SEQ", sequenceName = "x_policy_item_datamask_SEQ", allocationSize = 1) + @GeneratedValue(strategy = GenerationType.AUTO, generator = "x_policy_item_datamask_SEQ") + @Column(name = "id") + protected Long id; + + /** + * Global Id for the object + * <ul> + * <li>The maximum length for this attribute is <b>512</b>. + * </ul> + * + */ + @Column(name = "guid", unique = true, nullable = false, length = 512) + protected String GUID; + + /** + * policyItemId of the XXPolicyItemDataMaskInfo + * <ul> + * </ul> + * + */ + @Column(name = "policy_item_id") + protected Long policyItemId; + + /** + * type of the XXPolicyItemDataMaskInfo + * <ul> + * </ul> + * + */ + @Column(name = "type") + protected Long type; + + /** + * isAllowed of the XXPolicyItemDataMaskInfo + * <ul> + * </ul> + * + */ + @Column(name = "condition_expr") + protected String conditionExpr; + + /** + * order of the XXPolicyItemDataMaskInfo + * <ul> + * </ul> + * + */ + @Column(name = "value_expr") + protected String valueExpr; + + /** + * This method sets the value to the member attribute <b> id</b> . You + * cannot set null to the attribute. + * + * @param id + * Value to set member attribute <b> id</b> + */ + public void setId(Long id) { + this.id = id; + } + + /** + * Returns the value for the member attribute <b>id</b> + * + * @return Date - value of member attribute <b>id</b> . + */ + public Long getId() { + return this.id; + } + + /** + * @return the gUID + */ + public String getGUID() { + return GUID; + } + + /** + * @param gUID + * the gUID to set + */ + public void setGUID(String gUID) { + GUID = gUID; + } + + /** + * This method sets the value to the member attribute <b> policyItemId</b> . + * You cannot set null to the attribute. + * + * @param policyItemId + * Value to set member attribute <b> policyItemId</b> + */ + public void setPolicyitemid(Long policyItemId) { + this.policyItemId = policyItemId; + } + + /** + * Returns the value for the member attribute <b>policyItemId</b> + * + * @return Date - value of member attribute <b>policyItemId</b> . + */ + public Long getPolicyitemid() { + return this.policyItemId; + } + + /** + * This method sets the value to the member attribute <b> type</b> . You + * cannot set null to the attribute. + * + * @param type + * Value to set member attribute <b> type</b> + */ + public void setType(Long type) { + this.type = type; + } + + /** + * Returns the value for the member attribute <b>type</b> + * + * @return Date - value of member attribute <b>type</b> . + */ + public Long getType() { + return this.type; + } + + /** + * This method sets the value to the member attribute <b> conditionExpr</b> . + * You cannot set null to the attribute. + * + * @param conditionExpr + * Value to set member attribute <b> conditionExpr</b> + */ + public void setConditionExpr(String conditionExpr) { + this.conditionExpr = conditionExpr; + } + + /** + * Returns the value for the member attribute <b>valueExpr</b> + * + * @return String - value of member attribute <b>valueExpr</b> . + */ + public String getConditionExpr() { + return this.valueExpr; + } + + /** + * This method sets the value to the member attribute <b> valueExpr</b> . You + * cannot set null to the attribute. + * + * @param valueExpr + * Value to set member attribute <b> valueExpr</b> + */ + public void setValueExpr(String valueExpr) { + this.valueExpr = valueExpr; + } + + /** + * Returns the value for the member attribute <b>valueExpr</b> + * + * @return String - value of member attribute <b>valueExpr</b> . + */ + public String getValueExpr() { + return this.valueExpr; + } + + /* + * (non-Javadoc) + * + * @see java.lang.Object#equals(java.lang.Object) + */ + @Override + public boolean equals(Object obj) { + if (!super.equals(obj)) { + return false; + } + if (this == obj) { + return true; + } + if (!super.equals(obj)) { + return false; + } + if (getClass() != obj.getClass()) { + return false; + } + XXPolicyItemDataMaskInfo other = (XXPolicyItemDataMaskInfo) obj; + if (id == null) { + if (other.id != null) { + return false; + } + } else if (!id.equals(other.id)) { + return false; + } + if (conditionExpr == null) { + if (other.conditionExpr != null) { + return false; + } + } else if (!conditionExpr.equals(other.conditionExpr)) { + return false; + } + if (valueExpr == null) { + if (other.valueExpr != null) { + return false; + } + } else if (!valueExpr.equals(other.valueExpr)) { + return false; + } + if (policyItemId == null) { + if (other.policyItemId != null) { + return false; + } + } else if (!policyItemId.equals(other.policyItemId)) { + return false; + } + if (type == null) { + if (other.type != null) { + return false; + } + } else if (!type.equals(other.type)) { + return false; + } + if (GUID == null) { + if (other.GUID != null) { + return false; + } + } else if (!GUID.equals(other.GUID)) { + return false; + } + return true; + } + + /* + * (non-Javadoc) + * + * @see java.lang.Object#toString() + */ + @Override + public String toString() { + return "XXPolicyItemDataMaskInfo [" + super.toString() + " id=" + id + + ", guid=" + GUID + ", policyItemId=" + + policyItemId + ", type=" + type + ", conditionExpr=" + conditionExpr + + ", valueExpr=" + valueExpr + "]"; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java index 54f716d..8a2b6e0 100644 --- a/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java @@ -229,6 +229,15 @@ public class XXResourceDef extends XXDBBase implements java.io.Serializable { protected Integer order; /** + * datamaskingSupported of the XXResourceDef + * <ul> + * </ul> + * + */ + @Column(name = "datamasking_supported") + protected boolean datamaskingSupported; + + /** * This method sets the value to the member attribute <b> id</b> . You * cannot set null to the attribute. * @@ -644,6 +653,14 @@ public class XXResourceDef extends XXDBBase implements java.io.Serializable { return this.order; } + public boolean isDatamaskingSupported() { + return datamaskingSupported; + } + + public void setDatamaskingSupported(boolean datamaskingSupported) { + this.datamaskingSupported = datamaskingSupported; + } + /* * (non-Javadoc) * @@ -779,6 +796,9 @@ public class XXResourceDef extends XXDBBase implements java.io.Serializable { } else if (!type.equals(other.type)) { return false; } + if (datamaskingSupported != other.datamaskingSupported) { + return false; + } return true; } @@ -803,7 +823,9 @@ public class XXResourceDef extends XXDBBase implements java.io.Serializable { + ", rbKeyLabel="+ rbKeyLabel + ", rbKeyDescription=" + rbKeyDescription + ", rbKeyValidationMessage=" + rbKeyValidationMessage - + ", order=" + order + "]"; + + ", order=" + order + + ", datamaskingSupported=" + datamaskingSupported + + "]"; } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java index b256a92..1195a50 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java @@ -90,7 +90,7 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends } xObj.setService(xService.getId()); xObj.setName(vObj.getName()); - xObj.setPolicyType(vObj.getPolicyType()); + xObj.setPolicyType(vObj.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS : vObj.getPolicyType()); xObj.setDescription(vObj.getDescription()); xObj.setResourceSignature(vObj.getResourceSignature()); xObj.setIsAuditEnabled(vObj.getIsAuditEnabled()); @@ -107,7 +107,7 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends vObj.setVersion(xObj.getVersion()); vObj.setService(xService.getName()); vObj.setName(xObj.getName()); - vObj.setPolicyType(xObj.getPolicyType()); + vObj.setPolicyType(xObj.getPolicyType() == null ? RangerPolicy.POLICY_TYPE_ACCESS : xObj.getPolicyType()); vObj.setDescription(xObj.getDescription()); vObj.setResourceSignature(xObj.getResourceSignature()); vObj.setIsEnabled(xObj.getIsEnabled()); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java index ee92291..7a172d4 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java @@ -33,19 +33,12 @@ import org.apache.ranger.common.SearchField; import org.apache.ranger.common.SortField; import org.apache.ranger.common.SearchField.DATA_TYPE; import org.apache.ranger.common.SearchField.SEARCH_TYPE; -import org.apache.ranger.entity.XXAccessTypeDef; -import org.apache.ranger.entity.XXContextEnricherDef; -import org.apache.ranger.entity.XXDBBase; -import org.apache.ranger.entity.XXEnumDef; -import org.apache.ranger.entity.XXEnumElementDef; -import org.apache.ranger.entity.XXPolicyConditionDef; -import org.apache.ranger.entity.XXResourceDef; -import org.apache.ranger.entity.XXServiceConfigDef; -import org.apache.ranger.entity.XXServiceDef; -import org.apache.ranger.entity.XXServiceDefBase; +import org.apache.ranger.entity.*; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskDef; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskTypeDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; @@ -120,7 +113,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDefBase, V List<XXPolicyConditionDef> xPolicyConditions = daoMgr.getXXPolicyConditionDef() .findByServiceDefId(serviceDefId); if (!stringUtil.isEmpty(xPolicyConditions)) { - List<RangerPolicyConditionDef> policyConditions = new ArrayList<RangerServiceDef.RangerPolicyConditionDef>(); + List<RangerPolicyConditionDef> policyConditions = new ArrayList<RangerPolicyConditionDef>(); for (XXPolicyConditionDef xPolicyCondDef : xPolicyConditions) { RangerPolicyConditionDef policyCondition = populateXXToRangerPolicyConditionDef(xPolicyCondDef); policyConditions.add(policyCondition); @@ -131,7 +124,7 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDefBase, V List<XXContextEnricherDef> xContextEnrichers = daoMgr.getXXContextEnricherDef() .findByServiceDefId(serviceDefId); if (!stringUtil.isEmpty(xContextEnrichers)) { - List<RangerContextEnricherDef> contextEnrichers = new ArrayList<RangerServiceDef.RangerContextEnricherDef>(); + List<RangerContextEnricherDef> contextEnrichers = new ArrayList<RangerContextEnricherDef>(); for (XXContextEnricherDef xContextEnricherDef : xContextEnrichers) { RangerContextEnricherDef contextEnricher = populateXXToRangerContextEnricherDef(xContextEnricherDef); contextEnrichers.add(contextEnricher); @@ -148,6 +141,36 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDefBase, V } serviceDef.setEnums(enums); } + + RangerDataMaskDef dataMaskDef = new RangerDataMaskDef(); + List<XXDataMaskTypeDef> xDataMaskTypes = daoMgr.getXXDataMaskTypeDef().findByServiceDefId(serviceDefId); + if (!stringUtil.isEmpty(xDataMaskTypes)) { + List<RangerDataMaskTypeDef> dataMaskTypes = new ArrayList<RangerDataMaskTypeDef>(); + for (XXDataMaskTypeDef xDataMaskType : xDataMaskTypes) { + RangerDataMaskTypeDef dataMaskType = populateXXToRangerDataMaskTypeDef(xDataMaskType); + dataMaskTypes.add(dataMaskType); + } + + dataMaskDef.setMaskTypes(dataMaskTypes); + } + + if (!stringUtil.isEmpty(xResources)) { + for (XXResourceDef xResource : xResources) { + if (xResource.isDatamaskingSupported()) { + dataMaskDef.getSupportedResources().add(xResource.getName()); + } + } + } + + if (!stringUtil.isEmpty(xAccessTypes)) { + for (XXAccessTypeDef xAtd : xAccessTypes) { + if(xAtd.isDatamaskingSupported()) { + dataMaskDef.getSupportedAccessTypes().add(xAtd.getName()); + } + } + } + serviceDef.setDataMaskDef(dataMaskDef); + return serviceDef; } @@ -446,6 +469,39 @@ public abstract class RangerServiceDefServiceBase<T extends XXServiceDefBase, V return vObj; } + public XXDataMaskTypeDef populateRangerDataMaskDefToXX(RangerDataMaskTypeDef vObj, XXDataMaskTypeDef xObj, + XXServiceDef serviceDef, int operationContext) { + if(serviceDef == null) { + LOG.error("RangerServiceDefServiceBase.populateRangerDataMaskDefToXX, serviceDef can not be null"); + throw restErrorUtil.createRESTException("RangerServiceDef cannot be null.", MessageEnums.DATA_NOT_FOUND); + } + + xObj = (XXDataMaskTypeDef) rangerAuditFields.populateAuditFields(xObj, serviceDef); + xObj.setDefid(serviceDef.getId()); + xObj.setItemId(vObj.getItemId()); + xObj.setName(vObj.getName()); + xObj.setLabel(vObj.getLabel()); + xObj.setDescription(vObj.getDescription()); + xObj.setDataMaskOptions(mapToJsonString(vObj.getDataMaskOptions())); + xObj.setRbkeylabel(vObj.getRbKeyLabel()); + xObj.setRbKeyDescription(vObj.getRbKeyDescription()); + xObj.setOrder(AppConstants.DEFAULT_SORT_ORDER); + return xObj; + } + + public RangerDataMaskTypeDef populateXXToRangerDataMaskTypeDef(XXDataMaskTypeDef xObj) { + RangerDataMaskTypeDef vObj = new RangerDataMaskTypeDef(); + vObj.setItemId(xObj.getItemId()); + vObj.setName(xObj.getName()); + vObj.setLabel(xObj.getLabel()); + vObj.setDescription(xObj.getDescription()); + vObj.setDataMaskOptions(jsonStringToMap(xObj.getDataMaskOptions())); + vObj.setRbKeyLabel(xObj.getRbkeylabel()); + vObj.setRbKeyDescription(xObj.getRbKeyDescription()); + + return vObj; + } + @SuppressWarnings("unchecked") public RangerServiceDefList searchRangerServiceDefs(SearchFilter searchFilter) { RangerServiceDefList retList = new RangerServiceDefList(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/main/resources/META-INF/jpa_named_queries.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index a75ca93..2bb66ca 100644 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -365,6 +365,16 @@ <query>select obj from XXEnumDef obj where obj.defId = :serviceDefId</query> </named-query> + <!-- XXDataMaskTypeDef --> + <named-query name="XXDataMaskTypeDef.findByServiceDefId"> + <query>select obj from XXDataMaskTypeDef obj where obj.defId = :serviceDefId</query> + </named-query> + + <named-query name="XXDataMaskTypeDef.findByNameAndServiceId"> + <query>select obj from XXDataMaskTypeDef obj, XXService xSvc where + obj.name = :name and xSvc.id = :serviceId and obj.defId = xSvc.type</query> + </named-query> + <!-- XXServiceConfigMap --> <named-query name="XXServiceConfigMap.findByServiceId"> <query>select obj from XXServiceConfigMap obj where obj.serviceId = :serviceId</query> @@ -558,6 +568,31 @@ </query> </named-query> + <!-- XXPolicyItemDataMaskInfo --> + <named-query name="XXPolicyItemDataMaskInfo.findByPolicyItemId"> + <query>select obj from XXPolicyItemDataMaskInfo obj where obj.policyItemId = :polItemId</query> + </named-query> + + <named-query name="XXPolicyItemDataMaskInfo.findByPolicyId"> + <query>select obj from XXPolicyItemDataMaskInfo obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId = :policyId + order by obj.policyItemId + </query> + </named-query> + + <named-query name="XXPolicyItemDataMaskInfo.findByServiceId"> + <query>select obj from XXPolicyItemDataMaskInfo obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by item.policyId, obj.policyItemId + </query> + </named-query> + + <named-query name="XXPolicyItemDataMaskInfo.findByType"> + <query>select obj from XXPolicyItemDataMaskInfo obj where obj.type = :type</query> + </named-query> + <!-- XXDataHist --> <named-query name="XXDataHist.findLatestByObjectClassTypeAndObjectId"> <query>select obj from XXDataHist obj where obj.objectId = :objectId http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d242dd6e/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java index db958a5..5cb0290 100644 --- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java +++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java @@ -28,51 +28,8 @@ import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.RangerFactory; import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.UserSessionBase; -import org.apache.ranger.db.RangerDaoManager; -import org.apache.ranger.db.XXAccessTypeDefDao; -import org.apache.ranger.db.XXAccessTypeDefGrantsDao; -import org.apache.ranger.db.XXContextEnricherDefDao; -import org.apache.ranger.db.XXDataHistDao; -import org.apache.ranger.db.XXEnumDefDao; -import org.apache.ranger.db.XXEnumElementDefDao; -import org.apache.ranger.db.XXPolicyConditionDefDao; -import org.apache.ranger.db.XXPolicyDao; -import org.apache.ranger.db.XXPolicyItemAccessDao; -import org.apache.ranger.db.XXPolicyItemConditionDao; -import org.apache.ranger.db.XXPolicyItemDao; -import org.apache.ranger.db.XXPolicyItemGroupPermDao; -import org.apache.ranger.db.XXPolicyItemUserPermDao; -import org.apache.ranger.db.XXPolicyResourceDao; -import org.apache.ranger.db.XXPolicyResourceMapDao; -import org.apache.ranger.db.XXResourceDefDao; -import org.apache.ranger.db.XXServiceConfigDefDao; -import org.apache.ranger.db.XXServiceConfigMapDao; -import org.apache.ranger.db.XXServiceDao; -import org.apache.ranger.db.XXServiceDefDao; -import org.apache.ranger.db.XXUserDao; -import org.apache.ranger.entity.XXAccessTypeDef; -import org.apache.ranger.entity.XXAccessTypeDefGrants; -import org.apache.ranger.entity.XXContextEnricherDef; -import org.apache.ranger.entity.XXDBBase; -import org.apache.ranger.entity.XXDataHist; -import org.apache.ranger.entity.XXEnumDef; -import org.apache.ranger.entity.XXEnumElementDef; -import org.apache.ranger.entity.XXPolicy; -import org.apache.ranger.entity.XXPolicyConditionDef; -import org.apache.ranger.entity.XXPolicyItem; -import org.apache.ranger.entity.XXPolicyItemAccess; -import org.apache.ranger.entity.XXPolicyItemCondition; -import org.apache.ranger.entity.XXPolicyItemGroupPerm; -import org.apache.ranger.entity.XXPolicyItemUserPerm; -import org.apache.ranger.entity.XXPolicyResource; -import org.apache.ranger.entity.XXPolicyResourceMap; -import org.apache.ranger.entity.XXResourceDef; -import org.apache.ranger.entity.XXService; -import org.apache.ranger.entity.XXServiceConfigDef; -import org.apache.ranger.entity.XXServiceConfigMap; -import org.apache.ranger.entity.XXServiceDef; -import org.apache.ranger.entity.XXTrxLog; -import org.apache.ranger.entity.XXUser; +import org.apache.ranger.db.*; +import org.apache.ranger.entity.*; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; @@ -490,6 +447,7 @@ public class TestServiceDBStore { XXContextEnricherDefDao xContextEnricherDefDao = Mockito .mock(XXContextEnricherDefDao.class); XXEnumDefDao xEnumDefDao = Mockito.mock(XXEnumDefDao.class); + XXDataMaskTypeDefDao xDataMaskDefDao = Mockito.mock(XXDataMaskTypeDefDao.class); XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class); RangerServiceDef rangerServiceDef = rangerServiceDef(); @@ -596,6 +554,9 @@ public class TestServiceDBStore { Mockito.when(xEnumDefDao.findByServiceDefId(serviceDefId)).thenReturn( enumDefList); + Mockito.when(daoManager.getXXDataMaskTypeDef()).thenReturn(xDataMaskDefDao); + Mockito.when(xDataMaskDefDao.findByServiceDefId(serviceDefId)).thenReturn(new ArrayList<XXDataMaskTypeDef>()); + Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao); Mockito.when(xServiceDao.findByServiceDefId(serviceDefId)).thenReturn(null); @@ -629,6 +590,7 @@ public class TestServiceDBStore { @Test public void test13deleteServiceDef() throws Exception { XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class); + XXDataMaskTypeDefDao xDataMaskDefDao = Mockito.mock(XXDataMaskTypeDefDao.class); XXAccessTypeDefDao xAccessTypeDefDao = Mockito .mock(XXAccessTypeDefDao.class); XXAccessTypeDefGrantsDao xAccessTypeDefGrantsDao = Mockito @@ -1022,6 +984,9 @@ public class TestServiceDBStore { xServiceConfigMapDao.findByServiceId(rangerService.getId())) .thenReturn(svcConfigMapList); + Mockito.when(daoManager.getXXDataMaskTypeDef()).thenReturn(xDataMaskDefDao); + Mockito.when(xDataMaskDefDao.findByServiceDefId(serviceDefId)).thenReturn(new ArrayList<XXDataMaskTypeDef>()); + Mockito.when( rangerAuditFields.populateAuditFields( Mockito.isA(XXServiceConfigMap.class), @@ -1339,6 +1304,7 @@ public class TestServiceDBStore { XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class); XXService xService = Mockito.mock(XXService.class); XXPolicyItemDao xPolicyItemDao = Mockito.mock(XXPolicyItemDao.class); + XXPolicyItemDataMaskInfoDao xxPolicyItemDataMaskInfoDao = Mockito.mock(XXPolicyItemDataMaskInfoDao.class); XXPolicyItemConditionDao xPolicyItemConditionDao = Mockito .mock(XXPolicyItemConditionDao.class); XXPolicyItemGroupPermDao xPolicyItemGroupPermDao = Mockito @@ -1400,6 +1366,8 @@ public class TestServiceDBStore { policyItem.setUpdateTime(new Date()); policyItemList.add(policyItem); + List<XXPolicyItemDataMaskInfo> policyItemDataMaskInfoList = new ArrayList<XXPolicyItemDataMaskInfo>(); + List<XXPolicyItemCondition> policyItemConditionList = new ArrayList<XXPolicyItemCondition>(); XXPolicyItemCondition policyItemCondition = new XXPolicyItemCondition(); policyItemCondition.setAddedByUserId(Id); @@ -1507,6 +1475,9 @@ public class TestServiceDBStore { Mockito.when(xPolicyItemDao.findByPolicyId(policyItem.getId())) .thenReturn(policyItemList); + Mockito.when(daoManager.getXXPolicyItemDataMaskInfo()).thenReturn(xxPolicyItemDataMaskInfoDao); + Mockito.when(xxPolicyItemDataMaskInfoDao.findByPolicyItemId(policyItem.getId())).thenReturn(policyItemDataMaskInfoList); + Mockito.when(daoManager.getXXPolicyItemCondition()).thenReturn( xPolicyItemConditionDao); Mockito.when( @@ -2171,6 +2142,7 @@ public class TestServiceDBStore { XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class); XXService xService = Mockito.mock(XXService.class); XXPolicyItemDao xPolicyItemDao = Mockito.mock(XXPolicyItemDao.class); + XXPolicyItemDataMaskInfoDao xPolicyItemDataMaskInfoDao = Mockito.mock(XXPolicyItemDataMaskInfoDao.class); XXPolicyItemConditionDao xPolicyItemConditionDao = Mockito .mock(XXPolicyItemConditionDao.class); XXPolicyItemGroupPermDao xPolicyItemGroupPermDao = Mockito @@ -2206,6 +2178,8 @@ public class TestServiceDBStore { policyItem.setUpdateTime(new Date()); policyItemList.add(policyItem); + List<XXPolicyItemDataMaskInfo> policyItemDataMaskInfo = new ArrayList<XXPolicyItemDataMaskInfo>(); + List<XXPolicyItemCondition> policyItemConditionList = new ArrayList<XXPolicyItemCondition>(); XXPolicyItemCondition policyItemCondition = new XXPolicyItemCondition(); policyItemCondition.setAddedByUserId(Id); @@ -2306,6 +2280,10 @@ public class TestServiceDBStore { Mockito.when(xPolicyItemDao.findByPolicyId(policyItem.getId())) .thenReturn(policyItemList); + Mockito.when(daoManager.getXXPolicyItemDataMaskInfo()).thenReturn(xPolicyItemDataMaskInfoDao); + Mockito.when(xPolicyItemDataMaskInfoDao.findByPolicyId(policyItem.getId())) + .thenReturn(policyItemDataMaskInfo); + Mockito.when(daoManager.getXXPolicyItemCondition()).thenReturn( xPolicyItemConditionDao); Mockito.when(
