From c76a1295493727404a286a3acb7fe2bbd7d80c5b Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Tue, 13 Feb 2024 19:57:23 +0530 Subject: [PATCH 01/15] DG-215 Full restrictions on READ indexsearch --- .../override-policies/glossary_policies.json | 113 + auth-agents-common/pom.xml | 6 + .../plugin/service/RangerBasePlugin.java | 12 + auth-common/pom.xml | 31 + .../apache/atlas/plugin/model/GroupInfo.java | 83 + .../plugin/model/NewAccessResourceImpl.java | 253 ++ .../plugin/model/RangerBaseModelObject.java | 170 + .../atlas/plugin/model/RangerPolicy.java | 1734 ++++++++++ .../apache/atlas/plugin/model/RangerRole.java | 192 ++ .../atlas/plugin/model/RangerServiceDef.java | 3064 +++++++++++++++++ .../model/RangerValidityRecurrence.java | 224 ++ .../plugin/model/RangerValiditySchedule.java | 85 + .../apache/atlas/plugin/model/UserInfo.java | 93 + .../apache/atlas/plugin/util/RangerRoles.java | 74 + .../atlas/plugin/util/RangerUserStore.java | 191 + .../plugin/util/RangerUserStoreUtil.java | 60 + .../main/assemblies/atlas-server-package.xml | 5 + .../main/assemblies/standalone-package.xml | 5 + .../model/discovery/IndexSearchParams.java | 5 + .../atlas/model/discovery/SearchParams.java | 9 + pom.xml | 1 + repository/pom.xml | 6 + .../authorizer/JsonToElasticsearchQuery.java | 86 + .../atlas/authorizer/NewAuthorizerUtils.java | 22 + .../authorizers/AuthorizerCommon.java | 72 + .../authorizers/ListAuthorizer.java | 323 ++ .../atlas/authorizer/store/PoliciesStore.java | 181 + .../atlas/authorizer/store/UsersStore.java | 74 + .../discovery/EntityDiscoveryService.java | 50 +- .../bootstrap/AuthPoliciesBootstrapper.java | 19 + 30 files changed, 7242 insertions(+), 1 deletion(-) create mode 100644 addons/override-policies/glossary_policies.json create mode 100644 auth-common/pom.xml create mode 100644 auth-common/src/main/java/org/apache/atlas/plugin/model/GroupInfo.java create mode 100644 auth-common/src/main/java/org/apache/atlas/plugin/model/NewAccessResourceImpl.java create mode 100644 auth-common/src/main/java/org/apache/atlas/plugin/model/RangerBaseModelObject.java create mode 100644 auth-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java create mode 100644 auth-common/src/main/java/org/apache/atlas/plugin/model/RangerRole.java create mode 100644 auth-common/src/main/java/org/apache/atlas/plugin/model/RangerServiceDef.java create mode 100644 auth-common/src/main/java/org/apache/atlas/plugin/model/RangerValidityRecurrence.java create mode 100644 auth-common/src/main/java/org/apache/atlas/plugin/model/RangerValiditySchedule.java create mode 100644 auth-common/src/main/java/org/apache/atlas/plugin/model/UserInfo.java create mode 100644 auth-common/src/main/java/org/apache/atlas/plugin/util/RangerRoles.java create mode 100644 auth-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStore.java create mode 100644 auth-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStoreUtil.java create mode 100644 repository/src/main/java/org/apache/atlas/authorizer/JsonToElasticsearchQuery.java create mode 100644 repository/src/main/java/org/apache/atlas/authorizer/NewAuthorizerUtils.java create mode 100644 repository/src/main/java/org/apache/atlas/authorizer/authorizers/AuthorizerCommon.java create mode 100644 repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java create mode 100644 repository/src/main/java/org/apache/atlas/authorizer/store/PoliciesStore.java create mode 100644 repository/src/main/java/org/apache/atlas/authorizer/store/UsersStore.java diff --git a/addons/override-policies/glossary_policies.json b/addons/override-policies/glossary_policies.json new file mode 100644 index 0000000000..ed2eec66b6 --- /dev/null +++ b/addons/override-policies/glossary_policies.json @@ -0,0 +1,113 @@ +{ + "entities": + [ + { + "typeName": "AuthPolicy", + "customAttributes": { + "internalId": 28 + }, + "attributes": + { + "name": "READ_GLOSSARY", + "qualifiedName": "READ_GLOSSARY", + "policyCategory": "bootstrap", + "policySubCategory": "default", + "policyServiceName": "atlas", + "policyType": "allow", + "policyPriority": 1, + "policyUsers": + [], + "policyGroups": + [], + "policyRoles": + [ + "$admin", + "$api-token-default-access" + ], + "policyResourceCategory": "ENTITY", + "policyResources": + [ + "entity-type:AtlasGlossary", + "entity-classification:*", + "entity:*" + ], + "policyActions": + [ + "entity-read" + ] + } + }, + { + "typeName": "AuthPolicy", + "customAttributes": { + "internalId": 29 + }, + "attributes": + { + "name": "READ_TERM", + "qualifiedName": "READ_TERM", + "policyCategory": "bootstrap", + "policySubCategory": "default", + "policyServiceName": "atlas", + "policyType": "allow", + "policyPriority": 1, + "policyUsers": + [], + "policyGroups": + [], + "policyRoles": + [ + "$admin", + "$api-token-default-access" + ], + "policyResourceCategory": "ENTITY", + "policyResources": + [ + "entity-type:AtlasGlossaryTerm", + "entity-classification:*", + "entity:*" + ], + "policyActions": + [ + "entity-read" + ] + } + }, + { + "typeName": "AuthPolicy", + "customAttributes": { + "internalId": 30 + }, + "attributes": + { + "name": "READ_CATEGORY", + "qualifiedName": "READ_CATEGORY", + "policyCategory": "bootstrap", + "policySubCategory": "default", + "policyServiceName": "atlas", + "policyType": "allow", + "policyPriority": 1, + "policyUsers": + [], + "policyGroups": + [], + "policyRoles": + [ + "$admin", + "$api-token-default-access" + ], + "policyResourceCategory": "ENTITY", + "policyResources": + [ + "entity-type:AtlasGlossaryCategory", + "entity-classification:*", + "entity:*" + ], + "policyActions": + [ + "entity-read" + ] + } + } + ] +} \ No newline at end of file diff --git a/auth-agents-common/pom.xml b/auth-agents-common/pom.xml index aa37156d5f..c2c2af6698 100644 --- a/auth-agents-common/pom.xml +++ b/auth-agents-common/pom.xml @@ -55,6 +55,12 @@ ${project.version} + + org.apache.atlas + auth-common + ${project.version} + + org.apache.atlas auth-audits diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/service/RangerBasePlugin.java b/auth-agents-common/src/main/java/org/apache/atlas/plugin/service/RangerBasePlugin.java index b224cccc7e..2e7ff6e8b8 100644 --- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/service/RangerBasePlugin.java +++ b/auth-agents-common/src/main/java/org/apache/atlas/plugin/service/RangerBasePlugin.java @@ -19,6 +19,8 @@ package org.apache.atlas.plugin.service; +import org.apache.atlas.authorizer.store.PoliciesStore; +import org.apache.atlas.authorizer.store.UsersStore; import org.apache.atlas.type.AtlasTypeRegistry; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.MapUtils; @@ -176,6 +178,7 @@ public RangerRoles getRoles() { public void setRoles(RangerRoles roles) { this.roles = roles; + UsersStore.setAllRoles(roles); RangerPolicyEngine policyEngine = this.policyEngine; @@ -192,6 +195,7 @@ public RangerUserStore getUserStore() { public void setUserStore(RangerUserStore userStore) { this.userStore = userStore; + UsersStore.setUserStore(userStore); // RangerPolicyEngine policyEngine = this.policyEngine; @@ -296,6 +300,14 @@ public void setPolicies(ServicePolicies policies) { LOG.debug("==> setPolicies(" + policies + ")"); } + if (policies != null) { + List resourcePolicies = policies.getPolicies(); + List tagPolicies = policies.getTagPolicies().getPolicies(); + + PoliciesStore.setResourcePolicies(resourcePolicies); + PoliciesStore.setTagPolicies(tagPolicies); + } + // guard against catastrophic failure during policy engine Initialization or try { RangerPolicyEngine oldPolicyEngine = this.policyEngine; diff --git a/auth-common/pom.xml b/auth-common/pom.xml new file mode 100644 index 0000000000..d816422e69 --- /dev/null +++ b/auth-common/pom.xml @@ -0,0 +1,31 @@ + + + + apache-atlas + org.apache.atlas + 3.0.0-SNAPSHOT + + 4.0.0 + + auth-common + + + + org.apache.htrace + htrace-core4 + 4.1.0-incubating + compile + + + commons-collections + commons-collections + + + commons-lang + commons-lang + + + + \ No newline at end of file diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/GroupInfo.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/GroupInfo.java new file mode 100644 index 0000000000..bab8db509d --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/GroupInfo.java @@ -0,0 +1,83 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.model; + +import org.apache.atlas.plugin.util.RangerUserStoreUtil; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; +import java.util.HashMap; +import java.util.Map; + +@JsonInclude(JsonInclude.Include.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class GroupInfo extends RangerBaseModelObject implements java.io.Serializable { + + private static final long serialVersionUID = 1L; + private String name; + private String description; + private Map otherAttributes; + + public GroupInfo() { + this(null, null, null); + } + + public GroupInfo(String name, String description, Map otherAttributes) { + setName(name); + setDescription(description); + setOtherAttributes(otherAttributes); + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getDescription() { + return description; + } + + public void setDescription(String description) { + this.description = description; + } + + public Map getOtherAttributes() { + return otherAttributes; + } + + public void setOtherAttributes(Map otherAttributes) { + this.otherAttributes = otherAttributes == null ? new HashMap<>() : otherAttributes; + } + + @Override + public String toString() { + return "{name=" + name + + ", description=" + description + + ", otherAttributes=" + RangerUserStoreUtil.getPrintableOptions(otherAttributes) + + "}"; + } + +} \ No newline at end of file diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/NewAccessResourceImpl.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/NewAccessResourceImpl.java new file mode 100644 index 0000000000..0841060387 --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/NewAccessResourceImpl.java @@ -0,0 +1,253 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.model; + +import org.apache.atlas.plugin.model.RangerServiceDef.RangerResourceDef; +import org.apache.commons.lang.ObjectUtils; + +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +public class NewAccessResourceImpl { + + private String RESOURCE_SEP = "/"; + private String RESOURCE_NAME_VAL_SEP = "="; + + private String ownerUser; + private Map elements; + private String stringifiedValue; + private String stringifiedCacheKeyValue; + private String leafName; + private RangerServiceDef serviceDef; + + public NewAccessResourceImpl() { + this(null, null); + } + + public NewAccessResourceImpl(Map elements) { + this(elements, null); + } + + public NewAccessResourceImpl(Map elements, String ownerUser) { + this.elements = elements; + this.ownerUser = ownerUser; + } + + public String getOwnerUser() { + return ownerUser; + } + + public boolean exists(String name) { + return elements != null && elements.containsKey(name); + } + + public Object getValue(String name) { + Object ret = null; + + if(elements != null && elements.containsKey(name)) { + ret = elements.get(name); + } + + return ret; + } + + public Set getKeys() { + Set ret = null; + + if(elements != null) { + ret = elements.keySet(); + } + + return ret; + } + + public void setOwnerUser(String ownerUser) { + this.ownerUser = ownerUser; + } + + public void setValue(String name, Object value) { + if(value == null) { + if(elements != null) { + elements.remove(name); + + if(elements.isEmpty()) { + elements = null; + } + } + } else { + if(elements == null) { + elements = new HashMap<>(); + } + elements.put(name, value); + } + + // reset, so that these will be computed again with updated elements + stringifiedValue = stringifiedCacheKeyValue = leafName = null; + } + + public void setServiceDef(final RangerServiceDef serviceDef) { + this.serviceDef = serviceDef; + this.stringifiedValue = this.stringifiedCacheKeyValue = this.leafName = null; + } + + public RangerServiceDef getServiceDef() { + return this.serviceDef; + } + + public String getLeafName() { + String ret = leafName; + + if(ret == null) { + if(serviceDef != null && serviceDef.getResources() != null) { + List resourceDefs = serviceDef.getResources(); + + for(int idx = resourceDefs.size() - 1; idx >= 0; idx--) { + RangerResourceDef resourceDef = resourceDefs.get(idx); + + if(resourceDef != null && exists(resourceDef.getName())) { + ret = leafName = resourceDef.getName(); + break; + } + } + } + } + + return ret; + } + + public String getAsString() { + String ret = stringifiedValue; + + if(ret == null) { + if(serviceDef != null && serviceDef.getResources() != null) { + StringBuilder sb = new StringBuilder(); + + for(RangerResourceDef resourceDef : serviceDef.getResources()) { + if(resourceDef == null || !exists(resourceDef.getName())) { + continue; + } + + if(sb.length() > 0) { + sb.append(RESOURCE_SEP); + } + + sb.append(getValue(resourceDef.getName())); + } + + if(sb.length() > 0) { + ret = stringifiedValue = sb.toString(); + } + } + } + + return ret; + } + + public String getCacheKey() { + String ret = stringifiedCacheKeyValue; + + if(ret == null) { + if(serviceDef != null && serviceDef.getResources() != null) { + StringBuilder sb = new StringBuilder(); + + for(RangerResourceDef resourceDef : serviceDef.getResources()) { + if(resourceDef == null || !exists(resourceDef.getName())) { + continue; + } + + if(sb.length() > 0) { + sb.append(RESOURCE_SEP); + } + + sb.append(resourceDef.getName()).append(RESOURCE_NAME_VAL_SEP).append(getValue(resourceDef.getName())); + } + + if(sb.length() > 0) { + ret = stringifiedCacheKeyValue = sb.toString(); + } + } + } + + return ret; + } + + public Map getAsMap() { + return elements == null ? Collections.EMPTY_MAP : Collections.unmodifiableMap(elements); + } + + public boolean equals(Object obj) { + if(obj == null || !(obj instanceof NewAccessResourceImpl)) { + return false; + } + + if(this == obj) { + return true; + } + + NewAccessResourceImpl other = (NewAccessResourceImpl) obj; + + return ObjectUtils.equals(ownerUser, other.ownerUser) && + ObjectUtils.equals(elements, other.elements); + } + + @Override + public int hashCode() { + int ret = 7; + + ret = 31 * ret + ObjectUtils.hashCode(ownerUser); + ret = 31 * ret + ObjectUtils.hashCode(elements); + + return ret; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerResourceImpl={"); + + sb.append("ownerUser={").append(ownerUser).append("} "); + + sb.append("elements={"); + if(elements != null) { + for(Map.Entry e : elements.entrySet()) { + sb.append(e.getKey()).append("=").append(e.getValue()).append("; "); + } + } + sb.append("} "); + + sb.append("}"); + + return sb; + } + + protected String getStringifiedValue() { return stringifiedValue; } + + protected void setStringifiedValue(String val) { this.stringifiedValue = val; } +} diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerBaseModelObject.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerBaseModelObject.java new file mode 100644 index 0000000000..aa8532da15 --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerBaseModelObject.java @@ -0,0 +1,170 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.model; + +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; +import java.util.Date; + +@JsonInclude(JsonInclude.Include.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerBaseModelObject implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private Long id; + private String guid; + private Boolean isEnabled; + private String createdBy; + private String updatedBy; + private Date createTime; + private Date updateTime; + private Long version; + + public RangerBaseModelObject() { + setIsEnabled(null); + } + + public void updateFrom(RangerBaseModelObject other) { + setIsEnabled(other.getIsEnabled()); + } + + /** + * @return the id + */ + public Long getId() { + return id; + } + /** + * @param id the id to set + */ + public void setId(Long id) { + this.id = id; + } + /** + * @return the guid + */ + public String getGuid() { + return guid; + } + /** + * @param guid the guid to set + */ + public void setGuid(String guid) { + this.guid = guid; + } + /** + * @return the isEnabled + */ + public Boolean getIsEnabled() { + return isEnabled; + } + /** + * @param isEnabled the isEnabled to set + */ + public void setIsEnabled(Boolean isEnabled) { + this.isEnabled = isEnabled == null ? Boolean.TRUE : isEnabled; + } + /** + * @return the createdBy + */ + public String getCreatedBy() { + return createdBy; + } + /** + * @param createdBy the createdBy to set + */ + public void setCreatedBy(String createdBy) { + this.createdBy = createdBy; + } + /** + * @return the updatedBy + */ + public String getUpdatedBy() { + return updatedBy; + } + /** + * @param updatedBy the updatedBy to set + */ + public void setUpdatedBy(String updatedBy) { + this.updatedBy = updatedBy; + } + /** + * @return the createTime + */ + public Date getCreateTime() { + return createTime; + } + /** + * @param createTime the createTime to set + */ + public void setCreateTime(Date createTime) { + this.createTime = createTime; + } + /** + * @return the updateTime + */ + public Date getUpdateTime() { + return updateTime; + } + /** + * @param updateTime the updateTime to set + */ + public void setUpdateTime(Date updateTime) { + this.updateTime = updateTime; + } + /** + * @return the version + */ + public Long getVersion() { + return version; + } + /** + * @param version the version to set + */ + public void setVersion(Long version) { + this.version = version; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("id={").append(id).append("} "); + sb.append("guid={").append(guid).append("} "); + sb.append("isEnabled={").append(isEnabled).append("} "); + sb.append("createdBy={").append(createdBy).append("} "); + sb.append("updatedBy={").append(updatedBy).append("} "); + sb.append("createTime={").append(createTime).append("} "); + sb.append("updateTime={").append(updateTime).append("} "); + sb.append("version={").append(version).append("} "); + + return sb; + } +} diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java new file mode 100644 index 0000000000..fe11b16776 --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java @@ -0,0 +1,1734 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.model; + +import org.apache.commons.collections.CollectionUtils; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonIgnoreProperties; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; +import java.util.ArrayList; +import java.util.Comparator; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerPolicy extends RangerBaseModelObject implements java.io.Serializable { + public static final String POLICY_TYPE_ACCESS = "ACCESS"; + public static final String POLICY_TYPE_DATAMASK = "DATA_MASK"; + public static final String POLICY_TYPE_ROWFILTER = "ROW_FILTER"; + public static final String POLICY_TYPE_AUDIT = "AUDIT"; + + public static final String[] POLICY_TYPES = new String[] { + POLICY_TYPE_ACCESS, + POLICY_TYPE_DATAMASK, + POLICY_TYPE_ROWFILTER + }; + + public static final String MASK_TYPE_NULL = "MASK_NULL"; + public static final String MASK_TYPE_NONE = "MASK_NONE"; + public static final String MASK_TYPE_CUSTOM = "CUSTOM"; + + public static final int POLICY_PRIORITY_NORMAL = 0; + public static final int POLICY_PRIORITY_OVERRIDE = 1; + + public static final String POLICY_PRIORITY_NAME_NORMAL = "NORMAL"; + public static final String POLICY_PRIORITY_NAME_OVERRIDE = "OVERRIDE"; + + public static final Comparator POLICY_ID_COMPARATOR = new PolicyIdComparator(); + + // For future use + private static final long serialVersionUID = 1L; + + private String service; + private String name; + private String policyType; + private Integer policyPriority; + private String description; + private String resourceSignature; + private Boolean isAuditEnabled; + private Map resources; + private List conditions; + private List policyItems; + private List denyPolicyItems; + private List allowExceptions; + private List denyExceptions; + private List dataMaskPolicyItems; + private List rowFilterPolicyItems; + private String serviceType; + private Map options; + private List validitySchedules; + private List policyLabels; + private String zoneName; + private Boolean isDenyAllElse; + private Map attributes; + private String policyFilterCriteria; + private String policyResourceCategory; + + public RangerPolicy() { + this(null, null, null, null, null, null, null, null, null, null, null); + } + + public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables) { + this(service, name, policyType, policyPriority, description, resources, policyItems, resourceSignature, options, validitySchedules, policyLables, null); + } + + public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables, String zoneName) { + this(service, name, policyType, policyPriority, description, resources, policyItems, resourceSignature, options, validitySchedules, policyLables, zoneName, null); + } + + public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables, String zoneName, List conditions) { + this(service, name, policyType, policyPriority, description, resources, policyItems, resourceSignature, options, validitySchedules, policyLables, zoneName, conditions, null); + } + + public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables, String zoneName, List conditions, Boolean isDenyAllElse) { + this(service, name, policyType, policyPriority, description, resources, policyItems, resourceSignature, options, validitySchedules, policyLables, zoneName, conditions, null, null, null); + } + + /** + * @param service + * @param name + * @param policyType + * @param description + * @param resources + * @param policyItems + * @param resourceSignature TODO + */ + public RangerPolicy(String service, String name, String policyType, Integer policyPriority, String description, Map resources, List policyItems, String resourceSignature, Map options, List validitySchedules, List policyLables, String zoneName, List conditions, Boolean isDenyAllElse, String policyFilterCriteria, String policyResourceCategory) { + super(); + + setService(service); + setName(name); + setPolicyType(policyType); + setPolicyPriority(policyPriority); + setDescription(description); + setResourceSignature(resourceSignature); + setIsAuditEnabled(null); + setResources(resources); + setPolicyItems(policyItems); + setDenyPolicyItems(null); + setAllowExceptions(null); + setDenyExceptions(null); + setDataMaskPolicyItems(null); + setRowFilterPolicyItems(null); + setOptions(options); + setValiditySchedules(validitySchedules); + setPolicyLabels(policyLables); + setZoneName(zoneName); + setConditions(conditions); + setIsDenyAllElse(isDenyAllElse); + setPolicyFilterCriteria(null); + setPolicyResourceCategory(null); + + } + + /** + * @param other + */ + public void updateFrom(RangerPolicy other) { + super.updateFrom(other); + + setService(other.getService()); + setName(other.getName()); + setPolicyType(other.getPolicyType()); + setPolicyPriority(other.getPolicyPriority()); + setDescription(other.getDescription()); + setResourceSignature(other.getResourceSignature()); + setIsAuditEnabled(other.getIsAuditEnabled()); + setResources(other.getResources()); + setConditions(other.getConditions()); + setPolicyItems(other.getPolicyItems()); + setDenyPolicyItems(other.getDenyPolicyItems()); + setAllowExceptions(other.getAllowExceptions()); + setDenyExceptions(other.getDenyExceptions()); + setDataMaskPolicyItems(other.getDataMaskPolicyItems()); + setRowFilterPolicyItems(other.getRowFilterPolicyItems()); + setServiceType(other.getServiceType()); + setOptions(other.getOptions()); + setValiditySchedules(other.getValiditySchedules()); + setPolicyLabels(other.getPolicyLabels()); + setZoneName(other.getZoneName()); + setIsDenyAllElse(other.getIsDenyAllElse()); + setPolicyFilterCriteria(other.getPolicyFilterCriteria()); + setPolicyResourceCategory(other.getPolicyResourceCategory()); + } + + public Map getAttributes() { + return attributes; + } + + public void setAttributes(Map attributes) { + this.attributes = attributes; + } + + /** + * @return the type + */ + public String getService() { + return service; + } + + /** + * @param service the type to set + */ + public void setService(String service) { + this.service = service; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the policyType + */ + public String getPolicyType() { + return policyType; + } + + /** + * @param policyType the policyType to set + */ + public void setPolicyType(String policyType) { + this.policyType = policyType; + } + + /** + * @return the policyPriority + */ + public Integer getPolicyPriority() { + return policyPriority; + } + + /** + * @param policyPriority the policyPriority to set + */ + public void setPolicyPriority(Integer policyPriority) { + this.policyPriority = policyPriority == null ? RangerPolicy.POLICY_PRIORITY_NORMAL : policyPriority; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the resourceSignature + */ + public String getResourceSignature() { + return resourceSignature; + } + + /** + * @param resourceSignature the resourceSignature to set + */ + public void setResourceSignature(String resourceSignature) { + this.resourceSignature = resourceSignature; + } + + /** + * @return the isAuditEnabled + */ + public Boolean getIsAuditEnabled() { + return isAuditEnabled; + } + + /** + * @param isAuditEnabled the isEnabled to set + */ + public void setIsAuditEnabled(Boolean isAuditEnabled) { + this.isAuditEnabled = isAuditEnabled == null ? Boolean.TRUE : isAuditEnabled; + } + + public String getServiceType() { + return serviceType; + } + + public void setServiceType(String serviceType) { + this.serviceType = serviceType; + } + + public List getPolicyLabels() { + return policyLabels; + } + + public void setPolicyLabels(List policyLabels) { + if (this.policyLabels == null) { + this.policyLabels = new ArrayList<>(); + } + + if (this.policyLabels == policyLabels) { + return; + } + + this.policyLabels.clear(); + + if (policyLabels != null) { + this.policyLabels.addAll(policyLabels); + } + } + + /** + * @return the resources + */ + public Map getResources() { + return resources; + } + + /** + * @param resources the resources to set + */ + public void setResources(Map resources) { + if(this.resources == null) { + this.resources = new HashMap<>(); + } + + if(this.resources == resources) { + return; + } + + this.resources.clear(); + + if(resources != null) { + for(Map.Entry e : resources.entrySet()) { + this.resources.put(e.getKey(), e.getValue()); + } + } + } + + /** + * @return the policyItems + */ + public List getPolicyItems() { + return policyItems; + } + + /** + * @param policyItems the policyItems to set + */ + public void setPolicyItems(List policyItems) { + if(this.policyItems == null) { + this.policyItems = new ArrayList<>(); + } + + if(this.policyItems == policyItems) { + return; + } + + this.policyItems.clear(); + + if(policyItems != null) { + this.policyItems.addAll(policyItems); + } + } + + /** + * @return the denyPolicyItems + */ + public List getDenyPolicyItems() { + return denyPolicyItems; + } + + /** + * @param denyPolicyItems the denyPolicyItems to set + */ + public void setDenyPolicyItems(List denyPolicyItems) { + if(this.denyPolicyItems == null) { + this.denyPolicyItems = new ArrayList<>(); + } + + if(this.denyPolicyItems == denyPolicyItems) { + return; + } + + this.denyPolicyItems.clear(); + + if(denyPolicyItems != null) { + this.denyPolicyItems.addAll(denyPolicyItems); + } + } + + /** + * @return the allowExceptions + */ + public List getAllowExceptions() { + return allowExceptions; + } + + /** + * @param allowExceptions the allowExceptions to set + */ + public void setAllowExceptions(List allowExceptions) { + if(this.allowExceptions == null) { + this.allowExceptions = new ArrayList<>(); + } + + if(this.allowExceptions == allowExceptions) { + return; + } + + this.allowExceptions.clear(); + + if(allowExceptions != null) { + this.allowExceptions.addAll(allowExceptions); + } + } + + /** + * @return the denyExceptions + */ + public List getDenyExceptions() { + return denyExceptions; + } + + /** + * @param denyExceptions the denyExceptions to set + */ + public void setDenyExceptions(List denyExceptions) { + if(this.denyExceptions == null) { + this.denyExceptions = new ArrayList<>(); + } + + if(this.denyExceptions == denyExceptions) { + return; + } + + this.denyExceptions.clear(); + + if(denyExceptions != null) { + this.denyExceptions.addAll(denyExceptions); + } + } + + public List getDataMaskPolicyItems() { + return dataMaskPolicyItems; + } + + public void setDataMaskPolicyItems(List dataMaskPolicyItems) { + if(this.dataMaskPolicyItems == null) { + this.dataMaskPolicyItems = new ArrayList<>(); + } + + if(this.dataMaskPolicyItems == dataMaskPolicyItems) { + return; + } + + this.dataMaskPolicyItems.clear(); + + if(dataMaskPolicyItems != null) { + this.dataMaskPolicyItems.addAll(dataMaskPolicyItems); + } + } + + public List getRowFilterPolicyItems() { + return rowFilterPolicyItems; + } + + public void setRowFilterPolicyItems(List rowFilterPolicyItems) { + if(this.rowFilterPolicyItems == null) { + this.rowFilterPolicyItems = new ArrayList<>(); + } + + if(this.rowFilterPolicyItems == rowFilterPolicyItems) { + return; + } + + this.rowFilterPolicyItems.clear(); + + if(rowFilterPolicyItems != null) { + this.rowFilterPolicyItems.addAll(rowFilterPolicyItems); + } + } + + public Map getOptions() { return options; } + + public void setOptions(Map options) { + if (this.options == null) { + this.options = new HashMap<>(); + } + if (this.options == options) { + return; + } + this.options.clear(); + + if(options != null) { + for(Map.Entry e : options.entrySet()) { + this.options.put(e.getKey(), e.getValue()); + } + } + } + + public List getValiditySchedules() { return validitySchedules; } + + public void setValiditySchedules(List validitySchedules) { + if (this.validitySchedules == null) { + this.validitySchedules = new ArrayList<>(); + } + if (this.validitySchedules == validitySchedules) { + return; + } + this.validitySchedules.clear(); + + if(validitySchedules != null) { + this.validitySchedules.addAll(validitySchedules); + } + } + public String getZoneName() { return zoneName; } + + public void setZoneName(String zoneName) { + this.zoneName = zoneName; + } + + /** + * @return the conditions + */ + public List getConditions() { return conditions; } + /** + * @param conditions the conditions to set + */ + public void setConditions(List conditions) { + this.conditions = conditions; + } + + public Boolean getIsDenyAllElse() { + return isDenyAllElse; + } + + public void setIsDenyAllElse(Boolean isDenyAllElse) { + this.isDenyAllElse = isDenyAllElse == null ? Boolean.FALSE : isDenyAllElse; + } + + public String getPolicyFilterCriteria() { + return policyFilterCriteria; + } + + public void setPolicyFilterCriteria(String policyFilterCriteria) { + this.policyFilterCriteria = policyFilterCriteria; + } + + public String getPolicyResourceCategory() { + return policyResourceCategory; + } + + public void setPolicyResourceCategory(String policyResourceCategory) { + this.policyResourceCategory = policyResourceCategory; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicy={"); + + super.toString(sb); + + sb.append("service={").append(service).append("} "); + sb.append("name={").append(name).append("} "); + sb.append("policyType={").append(policyType).append("} "); + sb.append("policyPriority={").append(policyPriority).append("} "); + sb.append("description={").append(description).append("} "); + sb.append("resourceSignature={").append(resourceSignature).append("} "); + sb.append("isAuditEnabled={").append(isAuditEnabled).append("} "); + sb.append("serviceType={").append(serviceType).append("} "); + + sb.append("resources={"); + if(resources != null) { + for(Map.Entry e : resources.entrySet()) { + sb.append(e.getKey()).append("={"); + e.getValue().toString(sb); + sb.append("} "); + } + } + sb.append("} "); + sb.append("policyLabels={"); + if(policyLabels != null) { + for(String policyLabel : policyLabels) { + if(policyLabel != null) { + sb.append(policyLabel).append(" "); + } + } + } + sb.append("} "); + + sb.append("policyConditions={"); + if(conditions != null) { + for(RangerPolicyItemCondition condition : conditions) { + if(condition != null) { + condition.toString(sb); + } + } + } + sb.append("} "); + + sb.append("policyItems={"); + if(policyItems != null) { + for(RangerPolicyItem policyItem : policyItems) { + if(policyItem != null) { + policyItem.toString(sb); + } + } + } + sb.append("} "); + + sb.append("denyPolicyItems={"); + if(denyPolicyItems != null) { + for(RangerPolicyItem policyItem : denyPolicyItems) { + if(policyItem != null) { + policyItem.toString(sb); + } + } + } + sb.append("} "); + + sb.append("allowExceptions={"); + if(allowExceptions != null) { + for(RangerPolicyItem policyItem : allowExceptions) { + if(policyItem != null) { + policyItem.toString(sb); + } + } + } + sb.append("} "); + + sb.append("denyExceptions={"); + if(denyExceptions != null) { + for(RangerPolicyItem policyItem : denyExceptions) { + if(policyItem != null) { + policyItem.toString(sb); + } + } + } + sb.append("} "); + + sb.append("dataMaskPolicyItems={"); + if(dataMaskPolicyItems != null) { + for(RangerDataMaskPolicyItem dataMaskPolicyItem : dataMaskPolicyItems) { + if(dataMaskPolicyItem != null) { + dataMaskPolicyItem.toString(sb); + } + } + } + sb.append("} "); + + sb.append("rowFilterPolicyItems={"); + if(rowFilterPolicyItems != null) { + for(RangerRowFilterPolicyItem rowFilterPolicyItem : rowFilterPolicyItems) { + if(rowFilterPolicyItem != null) { + rowFilterPolicyItem.toString(sb); + } + } + } + sb.append("} "); + + sb.append("options={"); + if(options != null) { + for(Map.Entry e : options.entrySet()) { + sb.append(e.getKey()).append("={"); + sb.append(e.getValue().toString()); + sb.append("} "); + } + } + sb.append("} "); + + //sb.append("validitySchedules={").append(validitySchedules).append("} "); + sb.append("validitySchedules={"); + if (CollectionUtils.isNotEmpty(validitySchedules)) { + for (RangerValiditySchedule schedule : validitySchedules) { + if (schedule != null) { + sb.append("schedule={").append(schedule).append("}"); + } + } + } + sb.append(", zoneName=").append(zoneName); + + sb.append(", policyFilterCriteria=").append(policyFilterCriteria); + + sb.append(", policyResourceCategory=").append(policyResourceCategory); + + sb.append(", isDenyAllElse={").append(isDenyAllElse).append("} "); + + sb.append("}"); + + sb.append("}"); + + return sb; + } + + static class PolicyIdComparator implements Comparator, java.io.Serializable { + @Override + public int compare(RangerPolicy me, RangerPolicy other) { + return Long.compare(me.getId(), other.getId()); + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerPolicyResource implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private List values; + private Boolean isExcludes; + private Boolean isRecursive; + + public RangerPolicyResource() { + this((List)null, null, null); + } + + public RangerPolicyResource(String value) { + setValue(value); + setIsExcludes(null); + setIsRecursive(null); + } + + public RangerPolicyResource(String value, Boolean isExcludes, Boolean isRecursive) { + setValue(value); + setIsExcludes(isExcludes); + setIsRecursive(isRecursive); + } + + public RangerPolicyResource(List values, Boolean isExcludes, Boolean isRecursive) { + setValues(values); + setIsExcludes(isExcludes); + setIsRecursive(isRecursive); + } + + /** + * @return the values + */ + public List getValues() { + return values; + } + + /** + * @param values the values to set + */ + public void setValues(List values) { + if(this.values == null) { + this.values = new ArrayList<>(); + } + + if(this.values == values) { + return; + } + + this.values.clear(); + + if(values != null) { + this.values.addAll(values); + } + } + + /** + * @param value the value to set + */ + public void setValue(String value) { + if(this.values == null) { + this.values = new ArrayList<>(); + } + + this.values.clear(); + + this.values.add(value); + } + + /** + * @return the isExcludes + */ + public Boolean getIsExcludes() { + return isExcludes; + } + + /** + * @param isExcludes the isExcludes to set + */ + public void setIsExcludes(Boolean isExcludes) { + this.isExcludes = isExcludes == null ? Boolean.FALSE : isExcludes; + } + + /** + * @return the isRecursive + */ + public Boolean getIsRecursive() { + return isRecursive; + } + + /** + * @param isRecursive the isRecursive to set + */ + public void setIsRecursive(Boolean isRecursive) { + this.isRecursive = isRecursive == null ? Boolean.FALSE : isRecursive; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyResource={"); + sb.append("values={"); + if(values != null) { + for(String value : values) { + sb.append(value).append(" "); + } + } + sb.append("} "); + sb.append("isExcludes={").append(isExcludes).append("} "); + sb.append("isRecursive={").append(isRecursive).append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((isExcludes == null) ? 0 : isExcludes.hashCode()); + result = prime * result + + ((isRecursive == null) ? 0 : isRecursive.hashCode()); + result = prime * result + + ((values == null) ? 0 : values.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyResource other = (RangerPolicyResource) obj; + if (isExcludes == null) { + if (other.isExcludes != null) + return false; + } else if (!isExcludes.equals(other.isExcludes)) + return false; + if (isRecursive == null) { + if (other.isRecursive != null) + return false; + } else if (!isRecursive.equals(other.isRecursive)) + return false; + if (values == null) { + if (other.values != null) + return false; + } else if (!values.equals(other.values)) + return false; + return true; + } + + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerPolicyItem implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private List accesses; + private List users; + private List groups; + private List roles; + private List conditions; + private Boolean delegateAdmin; + + public RangerPolicyItem() { + this(null, null, null, null, null, null); + } + + public RangerPolicyItem(List accessTypes, List users, List groups, List roles, List conditions, Boolean delegateAdmin) { + setAccesses(accessTypes); + setUsers(users); + setGroups(groups); + setRoles(roles); + setConditions(conditions); + setDelegateAdmin(delegateAdmin); + } + + /** + * @return the accesses + */ + public List getAccesses() { + return accesses; + } + /** + * @param accesses the accesses to set + */ + public void setAccesses(List accesses) { + if(this.accesses == null) { + this.accesses = new ArrayList<>(); + } + + if(this.accesses == accesses) { + return; + } + + this.accesses.clear(); + + if(accesses != null) { + this.accesses.addAll(accesses); + } + } + /** + * @return the users + */ + public List getUsers() { + return users; + } + /** + * @param users the users to set + */ + public void setUsers(List users) { + if(this.users == null) { + this.users = new ArrayList<>(); + } + + if(this.users == users) { + return; + } + + this.users.clear(); + + if(users != null) { + this.users.addAll(users); + } + } + /** + * @return the groups + */ + public List getGroups() { + return groups; + } + /** + * @param groups the groups to set + */ + public void setGroups(List groups) { + if(this.groups == null) { + this.groups = new ArrayList<>(); + } + + if(this.groups == groups) { + return; + } + + this.groups.clear(); + + if(groups != null) { + this.groups.addAll(groups); + } + } + /** + * @return the roles + */ + public List getRoles() { + return roles; + } + /** + * @param roles the roles to set + */ + public void setRoles(List roles) { + if(this.roles == null) { + this.roles = new ArrayList<>(); + } + + if(this.roles == roles) { + return; + } + + this.roles.clear(); + + if(roles != null) { + this.roles.addAll(roles); + } + } + /** + * @return the conditions + */ + public List getConditions() { + return conditions; + } + /** + * @param conditions the conditions to set + */ + public void setConditions(List conditions) { + if(this.conditions == null) { + this.conditions = new ArrayList<>(); + } + + if(this.conditions == conditions) { + return; + } + + this.conditions.clear(); + + if(conditions != null) { + this.conditions.addAll(conditions); + } + } + + /** + * @return the delegateAdmin + */ + public Boolean getDelegateAdmin() { + return delegateAdmin; + } + + /** + * @param delegateAdmin the delegateAdmin to set + */ + public void setDelegateAdmin(Boolean delegateAdmin) { + this.delegateAdmin = delegateAdmin == null ? Boolean.FALSE : delegateAdmin; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyItem={"); + + sb.append("accessTypes={"); + if(accesses != null) { + for(RangerPolicyItemAccess access : accesses) { + if(access != null) { + access.toString(sb); + } + } + } + sb.append("} "); + + sb.append("users={"); + if(users != null) { + for(String user : users) { + if(user != null) { + sb.append(user).append(" "); + } + } + } + sb.append("} "); + + sb.append("groups={"); + if(groups != null) { + for(String group : groups) { + if(group != null) { + sb.append(group).append(" "); + } + } + } + sb.append("} "); + + sb.append("roles={"); + if(roles != null) { + for(String role : roles) { + if(role != null) { + sb.append(role).append(" "); + } + } + } + sb.append("} "); + + sb.append("conditions={"); + if(conditions != null) { + for(RangerPolicyItemCondition condition : conditions) { + if(condition != null) { + condition.toString(sb); + } + } + } + sb.append("} "); + + sb.append("delegateAdmin={").append(delegateAdmin).append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((accesses == null) ? 0 : accesses.hashCode()); + result = prime * result + + ((conditions == null) ? 0 : conditions.hashCode()); + result = prime * result + + ((delegateAdmin == null) ? 0 : delegateAdmin.hashCode()); + result = prime * result + + ((roles == null) ? 0 : roles.hashCode()); + result = prime * result + + ((groups == null) ? 0 : groups.hashCode()); + result = prime * result + ((users == null) ? 0 : users.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyItem other = (RangerPolicyItem) obj; + if (accesses == null) { + if (other.accesses != null) + return false; + } else if (!accesses.equals(other.accesses)) + return false; + if (conditions == null) { + if (other.conditions != null) + return false; + } else if (!conditions.equals(other.conditions)) + return false; + if (delegateAdmin == null) { + if (other.delegateAdmin != null) + return false; + } else if (!delegateAdmin.equals(other.delegateAdmin)) + return false; + if (roles == null) { + if (other.roles != null) + return false; + } else if (!roles.equals(other.roles)) + return false; + if (groups == null) { + if (other.groups != null) + return false; + } else if (!groups.equals(other.groups)) + return false; + if (users == null) { + if (other.users != null) + return false; + } else if (!users.equals(other.users)) + return false; + return true; + + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerDataMaskPolicyItem extends RangerPolicyItem implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private RangerPolicyItemDataMaskInfo dataMaskInfo; + + public RangerDataMaskPolicyItem() { + this(null, null, null, null, null, null, null); + } + + public RangerDataMaskPolicyItem(List accesses, RangerPolicyItemDataMaskInfo dataMaskDetail, List users, List groups, List roles, List conditions, Boolean delegateAdmin) { + super(accesses, users, groups, roles, conditions, delegateAdmin); + + setDataMaskInfo(dataMaskDetail); + } + + /** + * @return the dataMaskInfo + */ + public RangerPolicyItemDataMaskInfo getDataMaskInfo() { + return dataMaskInfo; + } + + /** + * @param dataMaskInfo the dataMaskInfo to set + */ + public void setDataMaskInfo(RangerPolicyItemDataMaskInfo dataMaskInfo) { + this.dataMaskInfo = dataMaskInfo == null ? new RangerPolicyItemDataMaskInfo() : dataMaskInfo; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = super.hashCode(); + result = prime * result + ((dataMaskInfo == null) ? 0 : dataMaskInfo.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if(! super.equals(obj)) + return false; + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerDataMaskPolicyItem other = (RangerDataMaskPolicyItem) obj; + if (dataMaskInfo == null) { + if (other.dataMaskInfo != null) + return false; + } else if (!dataMaskInfo.equals(other.dataMaskInfo)) + return false; + return true; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerDataMaskPolicyItem={"); + + super.toString(sb); + + sb.append("dataMaskInfo={"); + if(dataMaskInfo != null) { + dataMaskInfo.toString(sb); + } + sb.append("} "); + + sb.append("}"); + + return sb; + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerRowFilterPolicyItem extends RangerPolicyItem implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private RangerPolicyItemRowFilterInfo rowFilterInfo; + + public RangerRowFilterPolicyItem() { + this(null, null, null, null, null, null, null); + } + + public RangerRowFilterPolicyItem(RangerPolicyItemRowFilterInfo rowFilterInfo, List accesses, List users, List groups, List roles, List conditions, Boolean delegateAdmin) { + super(accesses, users, groups, roles, conditions, delegateAdmin); + + setRowFilterInfo(rowFilterInfo); + } + + /** + * @return the rowFilterInfo + */ + public RangerPolicyItemRowFilterInfo getRowFilterInfo() { + return rowFilterInfo; + } + + /** + * @param rowFilterInfo the rowFilterInfo to set + */ + public void setRowFilterInfo(RangerPolicyItemRowFilterInfo rowFilterInfo) { + this.rowFilterInfo = rowFilterInfo == null ? new RangerPolicyItemRowFilterInfo() : rowFilterInfo; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = super.hashCode(); + result = prime * result + ((rowFilterInfo == null) ? 0 : rowFilterInfo.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if(! super.equals(obj)) + return false; + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerRowFilterPolicyItem other = (RangerRowFilterPolicyItem) obj; + if (rowFilterInfo == null) { + if (other.rowFilterInfo != null) + return false; + } else if (!rowFilterInfo.equals(other.rowFilterInfo)) + return false; + return true; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerRowFilterPolicyItem={"); + + super.toString(sb); + + sb.append("rowFilterInfo={"); + if(rowFilterInfo != null) { + rowFilterInfo.toString(sb); + } + sb.append("} "); + + sb.append("}"); + + return sb; + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerPolicyItemAccess implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String type; + private Boolean isAllowed; + + public RangerPolicyItemAccess() { + this(null, null); + } + + public RangerPolicyItemAccess(String type) { + this(type, null); + } + + public RangerPolicyItemAccess(String type, Boolean isAllowed) { + setType(type); + setIsAllowed(isAllowed); + } + + /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** + * @return the isAllowed + */ + public Boolean getIsAllowed() { + return isAllowed; + } + + /** + * @param isAllowed the isAllowed to set + */ + public void setIsAllowed(Boolean isAllowed) { + this.isAllowed = isAllowed == null ? Boolean.TRUE : isAllowed; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyItemAccess={"); + sb.append("type={").append(type).append("} "); + sb.append("isAllowed={").append(isAllowed).append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((isAllowed == null) ? 0 : isAllowed.hashCode()); + result = prime * result + ((type == null) ? 0 : type.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyItemAccess other = (RangerPolicyItemAccess) obj; + if (isAllowed == null) { + if (other.isAllowed != null) + return false; + } else if (!isAllowed.equals(other.isAllowed)) + return false; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + return true; + } + + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerPolicyItemCondition implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String type; + private List values; + + public RangerPolicyItemCondition() { + this(null, null); + } + + public RangerPolicyItemCondition(String type, List values) { + setType(type); + setValues(values); + } + + /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** + * @return the value + */ + public List getValues() { + return values; + } + + /** + * @param values the value to set + */ + public void setValues(List values) { + if (this.values == null) { + this.values = new ArrayList<>(); + } + + if(this.values == values) { + return; + } + + this.values.clear(); + + if(values != null) { + this.values.addAll(values); + } + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyCondition={"); + sb.append("type={").append(type).append("} "); + sb.append("values={"); + if(values != null) { + for(String value : values) { + sb.append(value).append(" "); + } + } + sb.append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((type == null) ? 0 : type.hashCode()); + result = prime * result + + ((values == null) ? 0 : values.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyItemCondition other = (RangerPolicyItemCondition) obj; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + if (values == null) { + if (other.values != null) + return false; + } else if (!values.equals(other.values)) + return false; + return true; + } + + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerPolicyItemDataMaskInfo implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String dataMaskType; + private String conditionExpr; + private String valueExpr; + + public RangerPolicyItemDataMaskInfo() { } + + public RangerPolicyItemDataMaskInfo(String dataMaskType, String conditionExpr, String valueExpr) { + setDataMaskType(dataMaskType); + setConditionExpr(conditionExpr); + setValueExpr(valueExpr); + } + + public RangerPolicyItemDataMaskInfo(RangerPolicyItemDataMaskInfo that) { + this.dataMaskType = that.dataMaskType; + this.conditionExpr = that.conditionExpr; + this.valueExpr = that.valueExpr; + } + + public String getDataMaskType() { + return dataMaskType; + } + + public void setDataMaskType(String dataMaskType) { + this.dataMaskType = dataMaskType; + } + + public String getConditionExpr() { + return conditionExpr; + } + + public void setConditionExpr(String conditionExpr) { + this.conditionExpr = conditionExpr; + } + + public String getValueExpr() { + return valueExpr; + } + + public void setValueExpr(String valueExpr) { + this.valueExpr = valueExpr; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = super.hashCode(); + result = prime * result + ((dataMaskType == null) ? 0 : dataMaskType.hashCode()); + result = prime * result + ((conditionExpr == null) ? 0 : conditionExpr.hashCode()); + result = prime * result + ((valueExpr == null) ? 0 : valueExpr.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyItemDataMaskInfo other = (RangerPolicyItemDataMaskInfo) obj; + if (dataMaskType == null) { + if (other.dataMaskType != null) + return false; + } else if (!dataMaskType.equals(other.dataMaskType)) + return false; + if (conditionExpr == null) { + if (other.conditionExpr != null) + return false; + } else if (!conditionExpr.equals(other.conditionExpr)) + return false; + if (valueExpr == null) { + if (other.valueExpr != null) + return false; + } else if (!valueExpr.equals(other.valueExpr)) + return false; + return true; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyItemDataMaskInfo={"); + + sb.append("dataMaskType={").append(dataMaskType).append("} "); + sb.append("conditionExpr={").append(conditionExpr).append("} "); + sb.append("valueExpr={").append(valueExpr).append("} "); + + sb.append("}"); + + return sb; + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerPolicyItemRowFilterInfo implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String filterExpr; + + public RangerPolicyItemRowFilterInfo() { } + + public RangerPolicyItemRowFilterInfo(String filterExpr) { + setFilterExpr(filterExpr); + } + + public RangerPolicyItemRowFilterInfo(RangerPolicyItemRowFilterInfo that) { + this.filterExpr = that.filterExpr; + } + + public String getFilterExpr() { + return filterExpr; + } + + public void setFilterExpr(String filterExpr) { + this.filterExpr = filterExpr; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = super.hashCode(); + result = prime * result + ((filterExpr == null) ? 0 : filterExpr.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyItemRowFilterInfo other = (RangerPolicyItemRowFilterInfo) obj; + if (filterExpr == null) { + if (other.filterExpr != null) + return false; + } else if (!filterExpr.equals(other.filterExpr)) + return false; + return true; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyItemRowFilterInfo={"); + + sb.append("filterExpr={").append(filterExpr).append("} "); + + sb.append("}"); + + return sb; + } + } +} diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerRole.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerRole.java new file mode 100644 index 0000000000..1ae6970dbe --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerRole.java @@ -0,0 +1,192 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.model; + +import org.apache.commons.collections.MapUtils; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Objects; + +@JsonInclude(JsonInclude.Include.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerRole extends RangerBaseModelObject implements java.io.Serializable { + public static final String KEY_USER = "user"; + public static final String KEY_GROUP = "group"; + + private static final long serialVersionUID = 1L; + private String name; + private String description; + private Map options; + private List users; + private List groups; + private List roles; + private String createdByUser; + + public RangerRole() { + this(null, null, null, null, null, null); + } + + public RangerRole(String name, String description, Map options, List users, List groups) { + this(name, description, options, users, groups, null); + } + + public RangerRole(String name, String description, Map options, List users, List groups, List roles) { + setName(name); + setDescription(description); + setOptions(options); + setUsers(users); + setGroups(groups); + setRoles(roles); + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getDescription() { + return description; + } + + public void setDescription(String description) { + this.description = description; + } + + public Map getOptions() { + return options; + } + + public void setOptions(Map options) { + this.options = options == null ? new HashMap<>() : options; + } + + public List getUsers() { + return users; + } + + public void setUsers(List users) { + this.users = users == null ? new ArrayList<>() : users; + } + + public List getGroups() { + return groups; + } + + public void setGroups(List groups) { + this.groups = groups == null ? new ArrayList<>() : groups; + } + + public List getRoles() { + return roles; + } + + public void setRoles(List roles) { + this.roles = roles == null ? new ArrayList<>() : roles; + } + + public String getCreatedByUser() { + return createdByUser; + } + + public void setCreatedByUser(String createdByUser) { + this.createdByUser = createdByUser; + } + + @Override + public String toString() { + return "{name=" + name + + ", description=" + description + + ", options=" + getPrintableOptions(options) + + ", users=" + users + + ", groups=" + groups + + ", roles=" + roles + + ", createdByUser=" + createdByUser + + "}"; + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RoleMember implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String name; + private boolean isAdmin; + + public RoleMember() { + this(null, false); + } + public RoleMember(String name, boolean isAdmin) { + setName(name); + setIsAdmin(isAdmin); + } + public void setName(String name) { + this.name = name; + } + public void setIsAdmin(boolean isAdmin) { + this.isAdmin = isAdmin; + } + public String getName() { return name; } + public boolean getIsAdmin() { return isAdmin; } + + @Override + public String toString() { + return "{" + name + ", " + isAdmin + "}"; + } + @Override + public int hashCode() { + return Objects.hash(name, isAdmin); + } + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RoleMember other = (RoleMember) obj; + return Objects.equals(name, other.name) && isAdmin == other.isAdmin; + } + } + + private String getPrintableOptions(Map options) { + if (MapUtils.isEmpty(options)) return "{}"; + StringBuilder ret = new StringBuilder(); + ret.append("{"); + for (Map.Entry entry : options.entrySet()) { + ret.append(entry.getKey()).append(", ").append("[").append(entry.getValue()).append("]").append(","); + } + ret.append("}"); + return ret.toString(); + } + +} \ No newline at end of file diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerServiceDef.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerServiceDef.java new file mode 100644 index 0000000000..994e6a7117 --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerServiceDef.java @@ -0,0 +1,3064 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.model; + +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + + +@JsonInclude(JsonInclude.Include.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerServiceDef extends RangerBaseModelObject implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + public static final String OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES = "enableDenyAndExceptionsInPolicies"; + + private String name; + private String displayName; + private String implClass; + private String label; + private String description; + private String rbKeyLabel; + private String rbKeyDescription; + private Map options; + private List configs; + private List resources; + private List accessTypes; + private List policyConditions; + private List contextEnrichers; + private List enums; + private RangerDataMaskDef dataMaskDef; + private RangerRowFilterDef rowFilterDef; + + public RangerServiceDef() { + this(null, null, null, null, null, null, null, null, null, null, null, null, null); + } + + public RangerServiceDef(String name, String implClass, String label, String description, Map options, List configs, List resources, List accessTypes, List policyConditions, List contextEnrichers, List enums) { + this(name, implClass, label, description, options, configs, resources, accessTypes, policyConditions, contextEnrichers, enums, null, null); + } + + /** + * @param name + * @param implClass + * @param label + * @param description + * @param options + * @param configs + * @param resources + * @param accessTypes + * @param policyConditions + * @param contextEnrichers + * @param dataMaskDef + * @param enums + */ + public RangerServiceDef(String name, String implClass, String label, String description, Map options, List configs, List resources, List accessTypes, List policyConditions, List contextEnrichers, List enums, RangerDataMaskDef dataMaskDef, RangerRowFilterDef rowFilterDef) { + super(); + + setName(name); + setImplClass(implClass); + setLabel(label); + setDescription(description); + setConfigs(configs); + setOptions(options); + setResources(resources); + setAccessTypes(accessTypes); + setPolicyConditions(policyConditions); + setContextEnrichers(contextEnrichers); + setEnums(enums); + setDataMaskDef(dataMaskDef); + setRowFilterDef(rowFilterDef); + } + + public RangerServiceDef(String name, String displayName, String implClass, String label, String description, + Map options, List configs, + List modifiedResourceDefs, List accessTypes, + List policyConditions, List contextEnrichers, + List enums) { + this(name, implClass, label, description, options, configs, modifiedResourceDefs, accessTypes, policyConditions, contextEnrichers, enums); + this.setDisplayName(displayName); + } + + /** + * @param other + */ + public void updateFrom(RangerServiceDef other) { + super.updateFrom(other); + + setName(other.getName()); + setDisplayName(other.getDisplayName()); + setImplClass(other.getImplClass()); + setLabel(other.getLabel()); + setDescription(other.getDescription()); + setRbKeyLabel(other.getRbKeyLabel()); + setRbKeyDescription(other.getRbKeyDescription()); + setOptions(other.getOptions()); + setConfigs(other.getConfigs()); + setResources(other.getResources()); + setAccessTypes(other.getAccessTypes()); + setPolicyConditions(other.getPolicyConditions()); + setContextEnrichers(other.getContextEnrichers()); + setEnums(other.getEnums()); + setDataMaskDef(other.getDataMaskDef()); + setRowFilterDef(other.getRowFilterDef()); + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the implClass + */ + public String getImplClass() { + return implClass; + } + + /** + * @param implClass the implClass to set + */ + public void setImplClass(String implClass) { + this.implClass = implClass; + } + + /** + * @return the label + */ + public String getLabel() { + return label; + } + + /** + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the rbKeyLabel + */ + public String getRbKeyLabel() { + return rbKeyLabel; + } + + /** + * @param rbKeyLabel the rbKeyLabel to set + */ + public void setRbKeyLabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + /** + * @return the rbKeyDescription + */ + public String getRbKeyDescription() { + return rbKeyDescription; + } + + /** + * @param rbKeyDescription the rbKeyDescription to set + */ + public void setRbKeyDescription(String rbKeyDescription) { + this.rbKeyDescription = rbKeyDescription; + } + + /** + * @return the configs + */ + public List getConfigs() { + return configs; + } + + /** + * @param configs the configs to set + */ + public void setConfigs(List configs) { + if(this.configs == null) { + this.configs = new ArrayList<>(); + } else + + if(this.configs == configs) { + return; + } + + this.configs.clear(); + + if(configs != null) { + this.configs.addAll(configs); + } + } + + /** + * @return the options + */ + public Map getOptions() { + return options; + } + + /** + * @param options the options to set + */ + public void setOptions(Map options) { + if(this.options == null) { + this.options = new HashMap<>(); + } else if(this.options == options) { + return; + } + + this.options.clear(); + + if(options != null) { + for(Map.Entry entry : options.entrySet()) { + this.options.put(entry.getKey(), entry.getValue()); + } + } + } + + /** + * @return the resources + */ + public List getResources() { + return resources; + } + + /** + * @param resources the resources to set + */ + public void setResources(List resources) { + if(this.resources == null) { + this.resources = new ArrayList<>(); + } + + if(this.resources == resources) { + return; + } + + this.resources.clear(); + + if(resources != null) { + this.resources.addAll(resources); + } + } + + /** + * @return the accessTypes + */ + public List getAccessTypes() { + return accessTypes; + } + + /** + * @param accessTypes the accessTypes to set + */ + public void setAccessTypes(List accessTypes) { + if(this.accessTypes == null) { + this.accessTypes = new ArrayList<>(); + } + + if(this.accessTypes == accessTypes) { + return; + } + + this.accessTypes.clear(); + + if(accessTypes != null) { + this.accessTypes.addAll(accessTypes); + } + } + + /** + * @return the policyConditions + */ + public List getPolicyConditions() { + return policyConditions; + } + + /** + * @param policyConditions the policyConditions to set + */ + public void setPolicyConditions(List policyConditions) { + if(this.policyConditions == null) { + this.policyConditions = new ArrayList<>(); + } + + if(this.policyConditions == policyConditions) { + return; + } + + this.policyConditions.clear(); + + if(policyConditions != null) { + this.policyConditions.addAll(policyConditions); + } + } + + /** + * @return the contextEnrichers + */ + public List getContextEnrichers() { + return contextEnrichers; + } + + /** + * @param contextEnrichers the contextEnrichers to set + */ + public void setContextEnrichers(List contextEnrichers) { + if(this.contextEnrichers == null) { + this.contextEnrichers = new ArrayList<>(); + } + + if(this.contextEnrichers == contextEnrichers) { + return; + } + + this.contextEnrichers.clear(); + + if(contextEnrichers != null) { + this.contextEnrichers.addAll(contextEnrichers); + } + } + + /** + * @return the enums + */ + public List getEnums() { + return enums; + } + + /** + * @param enums the enums to set + */ + public void setEnums(List enums) { + if(this.enums == null) { + this.enums = new ArrayList<>(); + } + + if(this.enums == enums) { + return; + } + + this.enums.clear(); + + if(enums != null) { + this.enums.addAll(enums); + } + } + + public RangerDataMaskDef getDataMaskDef() { + return dataMaskDef; + } + + public void setDataMaskDef(RangerDataMaskDef dataMaskDef) { + this.dataMaskDef = dataMaskDef == null ? new RangerDataMaskDef() : dataMaskDef; + } + + public RangerRowFilterDef getRowFilterDef() { + return rowFilterDef; + } + + public void setRowFilterDef(RangerRowFilterDef rowFilterDef) { + this.rowFilterDef = rowFilterDef == null ? new RangerRowFilterDef() : rowFilterDef; + } + + public String getDisplayName() { + return displayName; + } + + public void setDisplayName(String displayName) { + this.displayName = displayName; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerServiceDef={"); + + super.toString(sb); + + sb.append("name={").append(name).append("} "); + sb.append("displayName={").append(displayName).append("} "); + sb.append("implClass={").append(implClass).append("} "); + sb.append("label={").append(label).append("} "); + sb.append("description={").append(description).append("} "); + sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); + sb.append("rbKeyDescription={").append(rbKeyDescription).append("} "); + + sb.append("options={"); + if(options != null) { + for(Map.Entry entry : options.entrySet()) { + sb.append(entry.getKey()).append("=").append(entry.getValue()).append(" "); + } + } + sb.append("} "); + + sb.append("configs={"); + if(configs != null) { + for(RangerServiceConfigDef config : configs) { + if(config != null) { + config.toString(sb); + } + } + } + sb.append("} "); + + sb.append("resources={"); + if(resources != null) { + for(RangerResourceDef resource : resources) { + if(resource != null) { + resource.toString(sb); + } + } + } + sb.append("} "); + + sb.append("accessTypes={"); + if(accessTypes != null) { + for(RangerAccessTypeDef accessType : accessTypes) { + if(accessType != null) { + accessType.toString(sb); + } + } + } + sb.append("} "); + + sb.append("policyConditions={"); + if(policyConditions != null) { + for(RangerPolicyConditionDef policyCondition : policyConditions) { + if(policyCondition != null) { + policyCondition.toString(sb); + } + } + } + sb.append("} "); + + sb.append("contextEnrichers={"); + if(contextEnrichers != null) { + for(RangerContextEnricherDef contextEnricher : contextEnrichers) { + if(contextEnricher != null) { + contextEnricher.toString(sb); + } + } + } + sb.append("} "); + + sb.append("enums={"); + if(enums != null) { + for(RangerEnumDef e : enums) { + if(e != null) { + e.toString(sb); + } + } + } + sb.append("} "); + + sb.append("dataMaskDef={"); + if(dataMaskDef != null) { + dataMaskDef.toString(sb); + } + sb.append("} "); + + sb.append("rowFilterDef={"); + if(rowFilterDef != null) { + rowFilterDef.toString(sb); + } + sb.append("} "); + + sb.append("}"); + + return sb; + } + + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerEnumDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private Long itemId; + private String name; + private List elements; + private Integer defaultIndex; + + public RangerEnumDef() { + this(null, null, null, null); + } + + public RangerEnumDef(Long itemId, String name, List elements, Integer defaultIndex) { + setItemId(itemId); + setName(name); + setElements(elements); + setDefaultIndex(defaultIndex); + } + + /** + * @return the itemId + */ + public Long getItemId() { + return itemId; + } + + /** + * @param itemId the itemId to set + */ + public void setItemId(Long itemId) { + this.itemId = itemId; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the elements + */ + public List getElements() { + return elements; + } + + /** + * @param elements the elements to set + */ + public void setElements(List elements) { + if(this.elements == null) { + this.elements = new ArrayList<>(); + } + + if(this.elements == elements) { + return; + } + + this.elements.clear(); + + if(elements != null) { + this.elements.addAll(elements); + } + } + + /** + * @return the defaultIndex + */ + public Integer getDefaultIndex() { + return defaultIndex; + } + + /** + * @param defaultIndex the defaultIndex to set + */ + public void setDefaultIndex(Integer defaultIndex) { + this.defaultIndex = (defaultIndex != null && this.elements.size() > defaultIndex) ? defaultIndex : 0; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerEnumDef={"); + sb.append("itemId={").append(itemId).append("} "); + sb.append("name={").append(name).append("} "); + sb.append("elements={"); + if(elements != null) { + for(RangerEnumElementDef element : elements) { + if(element != null) { + element.toString(sb); + } + } + } + sb.append("} "); + sb.append("defaultIndex={").append(defaultIndex).append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((itemId == null) ? 0 : itemId.hashCode()); + result = prime * result + + ((defaultIndex == null) ? 0 : defaultIndex.hashCode()); + result = prime * result + + ((elements == null) ? 0 : elements.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerEnumDef other = (RangerEnumDef) obj; + if (itemId == null) { + if (other.itemId != null) + return false; + } else if (other.itemId == null || !itemId.equals(other.itemId)) + return false; + + if (defaultIndex == null) { + if (other.defaultIndex != null) + return false; + } else if (!defaultIndex.equals(other.defaultIndex)) + return false; + if (elements == null) { + if (other.elements != null) + return false; + } else if (!elements.equals(other.elements)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + return true; + } + } + + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerEnumElementDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private Long itemId; + private String name; + private String label; + private String rbKeyLabel; + + public RangerEnumElementDef() { + this(null, null, null, null); + } + + public RangerEnumElementDef(Long itemId, String name, String label, String rbKeyLabel) { + setItemId(itemId); + setName(name); + setLabel(label); + setRbKeyLabel(rbKeyLabel); + } + + /** + * @return the itemId + */ + public Long getItemId() { + return itemId; + } + + /** + * @param itemId the itemId to set + */ + public void setItemId(Long itemId) { + this.itemId = itemId; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the label + */ + public String getLabel() { + return label; + } + + /** + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @return the rbKeyLabel + */ + public String getRbKeyLabel() { + return rbKeyLabel; + } + + /** + * @param rbKeyLabel the rbKeyLabel to set + */ + public void setRbKeyLabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerEnumElementDef={"); + sb.append("itemId={").append(itemId).append("} "); + sb.append("name={").append(name).append("} "); + sb.append("label={").append(label).append("} "); + sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((itemId == null) ? 0 : itemId.hashCode()); + result = prime * result + ((label == null) ? 0 : label.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime * result + + ((rbKeyLabel == null) ? 0 : rbKeyLabel.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerEnumElementDef other = (RangerEnumElementDef) obj; + if (itemId == null) { + if (other.itemId != null) { + return false; + } + } else if (other.itemId == null || !itemId.equals(other.itemId)) { + return false; + } + + if (label == null) { + if (other.label != null) + return false; + } else if (!label.equals(other.label)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + if (rbKeyLabel == null) { + if (other.rbKeyLabel != null) + return false; + } else if (!rbKeyLabel.equals(other.rbKeyLabel)) + return false; + return true; + } + } + + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerServiceConfigDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private Long itemId; + private String name; + private String type; + private String subType; + private Boolean mandatory; + private String defaultValue; + private String validationRegEx; + private String validationMessage; + private String uiHint; + private String label; + private String description; + private String rbKeyLabel; + private String rbKeyDescription; + private String rbKeyValidationMessage; + + public RangerServiceConfigDef() { + this(null, null, null, null, null, null, null, null, null, null, null, null, null, null); + } + + public RangerServiceConfigDef(Long itemId, String name, String type, String subType, Boolean mandatory, String defaultValue, String validationRegEx, String validationMessage, String uiHint, String label, String description, String rbKeyLabel, String rbKeyDescription, String rbKeyValidationMessage) { + setItemId(itemId); + setName(name); + setType(type); + setSubType(subType); + setMandatory(mandatory); + setDefaultValue(defaultValue); + setValidationRegEx(validationRegEx); + setValidationMessage(validationMessage); + setUiHint(uiHint); + setLabel(label); + setDescription(description); + setRbKeyLabel(rbKeyLabel); + setRbKeyDescription(rbKeyDescription); + setRbKeyValidationMessage(rbKeyValidationMessage); + } + + /** + * @return the itemId + */ + public Long getItemId() { + return itemId; + } + + /** + * @param itemId the itemId to set + */ + public void setItemId(Long itemId) { + this.itemId = itemId; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** + * @return the subType + */ + public String getSubType() { + return subType; + } + + /** + * @param subType the subType to set + */ + public void setSubType(String subType) { + this.subType = subType; + } + + /** + * @return the mandatory + */ + public Boolean getMandatory() { + return mandatory; + } + + /** + * @param mandatory the mandatory to set + */ + public void setMandatory(Boolean mandatory) { + this.mandatory = mandatory == null ? Boolean.FALSE : mandatory; + } + + /** + * @return the defaultValue + */ + public String getDefaultValue() { + return defaultValue; + } + + /** + * @param defaultValue the defaultValue to set + */ + public void setDefaultValue(String defaultValue) { + this.defaultValue = defaultValue; + } + + /** + * @return the validationRegEx + */ + public String getValidationRegEx() { + return validationRegEx; + } + + /** + * @param validationRegEx the validationRegEx to set + */ + public void setValidationRegEx(String validationRegEx) { + this.validationRegEx = validationRegEx; + } + + /** + * @return the validationMessage + */ + public String getValidationMessage() { + return validationMessage; + } + + /** + * @param validationMessage the validationMessage to set + */ + public void setValidationMessage(String validationMessage) { + this.validationMessage = validationMessage; + } + + /** + * @return the uiHint + */ + public String getUiHint() { + return uiHint; + } + + /** + * @param uiHint the uiHint to set + */ + public void setUiHint(String uiHint) { + this.uiHint = uiHint; + } + + /** + * @return the label + */ + public String getLabel() { + return label; + } + + /** + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the rbKeyLabel + */ + public String getRbKeyLabel() { + return rbKeyLabel; + } + + /** + * @param rbKeyLabel the rbKeyLabel to set + */ + public void setRbKeyLabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + /** + * @return the rbKeyDescription + */ + public String getRbKeyDescription() { + return rbKeyDescription; + } + + /** + * @param rbKeyDescription the rbKeyDescription to set + */ + public void setRbKeyDescription(String rbKeyDescription) { + this.rbKeyDescription = rbKeyDescription; + } + + /** + * @return the rbKeyValidationMessage + */ + public String getRbKeyValidationMessage() { + return rbKeyValidationMessage; + } + + /** + * @param rbKeyValidationMessage the rbKeyValidationMessage to set + */ + public void setRbKeyValidationMessage(String rbKeyValidationMessage) { + this.rbKeyValidationMessage = rbKeyValidationMessage; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerServiceConfigDef={"); + sb.append("itemId={").append(name).append("} "); + sb.append("name={").append(name).append("} "); + sb.append("type={").append(type).append("} "); + sb.append("subType={").append(subType).append("} "); + sb.append("mandatory={").append(mandatory).append("} "); + sb.append("defaultValue={").append(defaultValue).append("} "); + sb.append("validationRegEx={").append(validationRegEx).append("} "); + sb.append("validationMessage={").append(validationMessage).append("} "); + sb.append("uiHint={").append(uiHint).append("} "); + sb.append("label={").append(label).append("} "); + sb.append("description={").append(description).append("} "); + sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); + sb.append("rbKeyDescription={").append(rbKeyDescription).append("} "); + sb.append("rbKeyValidationMessage={").append(rbKeyValidationMessage).append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((defaultValue == null) ? 0 : defaultValue.hashCode()); + result = prime * result + + ((description == null) ? 0 : description.hashCode()); + result = prime * result + ((label == null) ? 0 : label.hashCode()); + result = prime * result + + ((mandatory == null) ? 0 : mandatory.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime + * result + + ((rbKeyDescription == null) ? 0 : rbKeyDescription + .hashCode()); + result = prime * result + + ((rbKeyLabel == null) ? 0 : rbKeyLabel.hashCode()); + result = prime + * result + + ((rbKeyValidationMessage == null) ? 0 + : rbKeyValidationMessage.hashCode()); + result = prime * result + + ((subType == null) ? 0 : subType.hashCode()); + result = prime * result + ((type == null) ? 0 : type.hashCode()); + result = prime * result + + ((uiHint == null) ? 0 : uiHint.hashCode()); + result = prime + * result + + ((validationMessage == null) ? 0 : validationMessage + .hashCode()); + result = prime + * result + + ((validationRegEx == null) ? 0 : validationRegEx + .hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerServiceConfigDef other = (RangerServiceConfigDef) obj; + if (defaultValue == null) { + if (other.defaultValue != null) + return false; + } else if (!defaultValue.equals(other.defaultValue)) + return false; + if (description == null) { + if (other.description != null) + return false; + } else if (!description.equals(other.description)) + return false; + if (label == null) { + if (other.label != null) + return false; + } else if (!label.equals(other.label)) + return false; + if (mandatory == null) { + if (other.mandatory != null) + return false; + } else if (!mandatory.equals(other.mandatory)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + if (rbKeyDescription == null) { + if (other.rbKeyDescription != null) + return false; + } else if (!rbKeyDescription.equals(other.rbKeyDescription)) + return false; + if (rbKeyLabel == null) { + if (other.rbKeyLabel != null) + return false; + } else if (!rbKeyLabel.equals(other.rbKeyLabel)) + return false; + if (rbKeyValidationMessage == null) { + if (other.rbKeyValidationMessage != null) + return false; + } else if (!rbKeyValidationMessage + .equals(other.rbKeyValidationMessage)) + return false; + if (subType == null) { + if (other.subType != null) + return false; + } else if (!subType.equals(other.subType)) + return false; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + if (uiHint == null) { + if (other.uiHint != null) + return false; + } else if (!uiHint.equals(other.uiHint)) + return false; + if (validationMessage == null) { + if (other.validationMessage != null) + return false; + } else if (!validationMessage.equals(other.validationMessage)) + return false; + if (validationRegEx == null) { + if (other.validationRegEx != null) + return false; + } else if (!validationRegEx.equals(other.validationRegEx)) + return false; + return true; + } + } + + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerResourceDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private Long itemId = null; + private String name = null; + private String type = null; + private Integer level = null; + private String parent = null; + private Boolean mandatory = null; + private Boolean lookupSupported = null; + private Boolean recursiveSupported = null; + private Boolean excludesSupported = null; + private String matcher = null; + private Map matcherOptions = null; + private String validationRegEx = null; + private String validationMessage = null; + private String uiHint = null; + private String label = null; + private String description = null; + private String rbKeyLabel = null; + private String rbKeyDescription = null; + private String rbKeyValidationMessage = null; + private Set accessTypeRestrictions = null; + private Boolean isValidLeaf = null; + + public RangerResourceDef() { + this(null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null); + } + + public RangerResourceDef(RangerResourceDef other) { + setItemId(other.getItemId()); + setName(other.getName()); + setType(other.getType()); + setLevel(other.getLevel()); + setParent(other.getParent()); + setMandatory(other.getMandatory()); + setLookupSupported(other.getLookupSupported()); + setRecursiveSupported(other.getRecursiveSupported()); + setExcludesSupported(other.getExcludesSupported()); + setMatcher(other.getMatcher()); + setMatcherOptions(other.getMatcherOptions()); + setValidationRegEx(other.getValidationRegEx()); + setValidationMessage(other.getValidationMessage()); + setUiHint(other.getUiHint()); + setLabel(other.getLabel()); + setDescription(other.getDescription()); + setRbKeyLabel(other.getRbKeyLabel()); + setRbKeyDescription(other.getRbKeyDescription()); + setRbKeyValidationMessage(other.getRbKeyValidationMessage()); + setAccessTypeRestrictions(other.getAccessTypeRestrictions()); + setIsValidLeaf(other.getIsValidLeaf()); + } + + public RangerResourceDef(Long itemId, String name, String type, Integer level, String parent, Boolean mandatory, Boolean lookupSupported, Boolean recursiveSupported, Boolean excludesSupported, String matcher, Map matcherOptions, String validationRegEx, String validationMessage, String uiHint, String label, String description, String rbKeyLabel, String rbKeyDescription, String rbKeyValidationMessage, Set accessTypeRestrictions, Boolean isValidLeaf) { + setItemId(itemId); + setName(name); + setType(type); + setLevel(level); + setParent(parent); + setMandatory(mandatory); + setLookupSupported(lookupSupported); + setRecursiveSupported(recursiveSupported); + setExcludesSupported(excludesSupported); + setMatcher(matcher); + setMatcherOptions(matcherOptions); + setValidationRegEx(validationRegEx); + setValidationMessage(validationMessage); + setUiHint(uiHint); + setLabel(label); + setDescription(description); + setRbKeyLabel(rbKeyLabel); + setRbKeyDescription(rbKeyDescription); + setRbKeyValidationMessage(rbKeyValidationMessage); + setAccessTypeRestrictions(accessTypeRestrictions); + setIsValidLeaf(isValidLeaf); + } + + /** + * @return the itemId + */ + public Long getItemId() { + return itemId; + } + + /** + * @param itemId the itemId to set + */ + public void setItemId(Long itemId) { + this.itemId = itemId; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** + * @return the level + */ + public Integer getLevel() { + return level; + } + + /** + * @param level the level to set + */ + public void setLevel(Integer level) { + this.level = level == null ? 1 : level; + } + + /** + * @return the parent + */ + public String getParent() { + return parent; + } + + /** + * @param parent the parent to set + */ + public void setParent(String parent) { + this.parent = parent; + } + + /** + * @return the mandatory + */ + public Boolean getMandatory() { + return mandatory; + } + + /** + * @param mandatory the mandatory to set + */ + public void setMandatory(Boolean mandatory) { + this.mandatory = mandatory == null ? Boolean.FALSE : mandatory; + } + + /** + * @return the lookupSupported + */ + public Boolean getLookupSupported() { + return lookupSupported; + } + + /** + * @param lookupSupported the lookupSupported to set + */ + public void setLookupSupported(Boolean lookupSupported) { + this.lookupSupported = lookupSupported == null ? Boolean.FALSE : lookupSupported; + } + + /** + * @return the recursiveSupported + */ + public Boolean getRecursiveSupported() { + return recursiveSupported; + } + + /** + * @param recursiveSupported the recursiveSupported to set + */ + public void setRecursiveSupported(Boolean recursiveSupported) { + this.recursiveSupported = recursiveSupported == null ? Boolean.FALSE : recursiveSupported; + } + + /** + * @return the excludesSupported + */ + public Boolean getExcludesSupported() { + return excludesSupported; + } + + /** + * @param excludesSupported the excludesSupported to set + */ + public void setExcludesSupported(Boolean excludesSupported) { + this.excludesSupported = excludesSupported == null ? Boolean.FALSE : excludesSupported; + } + + /** + * @return the matcher + */ + public String getMatcher() { + return matcher; + } + + /** + * @param matcher the matcher to set + */ + public void setMatcher(String matcher) { + this.matcher = matcher; + } + + /** + * @return the matcherOptions + */ + public Map getMatcherOptions() { + return matcherOptions; + } + + /** + * @param matcherOptions the matcherOptions to set + */ + public void setMatcherOptions(Map matcherOptions) { + this.matcherOptions = matcherOptions == null ? new HashMap() : new HashMap(matcherOptions); + } + + /** + * @return the validationRegEx + */ + public String getValidationRegEx() { + return validationRegEx; + } + + /** + * @param validationRegEx the validationRegEx to set + */ + public void setValidationRegEx(String validationRegEx) { + this.validationRegEx = validationRegEx; + } + + /** + * @return the validationMessage + */ + public String getValidationMessage() { + return validationMessage; + } + + /** + * @param validationMessage the validationMessage to set + */ + public void setValidationMessage(String validationMessage) { + this.validationMessage = validationMessage; + } + + /** + * @return the uiHint + */ + public String getUiHint() { + return uiHint; + } + + /** + * @param uiHint the uiHint to set + */ + public void setUiHint(String uiHint) { + this.uiHint = uiHint; + } + + /** + * @return the label + */ + public String getLabel() { + return label; + } + + /** + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the rbKeyLabel + */ + public String getRbKeyLabel() { + return rbKeyLabel; + } + + /** + * @param rbKeyLabel the rbKeyLabel to set + */ + public void setRbKeyLabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + /** + * @return the rbKeyDescription + */ + public String getRbKeyDescription() { + return rbKeyDescription; + } + + /** + * @param rbKeyDescription the rbKeyDescription to set + */ + public void setRbKeyDescription(String rbKeyDescription) { + this.rbKeyDescription = rbKeyDescription; + } + + /** + * @return the rbKeyValidationMessage + */ + public String getRbKeyValidationMessage() { + return rbKeyValidationMessage; + } + + /** + * @param rbKeyValidationMessage the rbKeyValidationMessage to set + */ + public void setRbKeyValidationMessage(String rbKeyValidationMessage) { + this.rbKeyValidationMessage = rbKeyValidationMessage; + } + + public Set getAccessTypeRestrictions() { + return accessTypeRestrictions; + } + + public void setAccessTypeRestrictions(Set accessTypeRestrictions) { + this.accessTypeRestrictions = accessTypeRestrictions == null ? new HashSet() : new HashSet(accessTypeRestrictions); + } + + public Boolean getIsValidLeaf() { return isValidLeaf; } + + public void setIsValidLeaf(Boolean isValidLeaf) { + this.isValidLeaf = isValidLeaf; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerResourceDef={"); + sb.append("itemId={").append(itemId).append("} "); + sb.append("name={").append(name).append("} "); + sb.append("type={").append(type).append("} "); + sb.append("level={").append(level).append("} "); + sb.append("parent={").append(parent).append("} "); + sb.append("mandatory={").append(mandatory).append("} "); + sb.append("lookupSupported={").append(lookupSupported).append("} "); + sb.append("recursiveSupported={").append(recursiveSupported).append("} "); + sb.append("excludesSupported={").append(excludesSupported).append("} "); + sb.append("matcher={").append(matcher).append("} "); + sb.append("matcherOptions={").append(matcherOptions).append("} "); + sb.append("validationRegEx={").append(validationRegEx).append("} "); + sb.append("validationMessage={").append(validationMessage).append("} "); + sb.append("uiHint={").append(uiHint).append("} "); + sb.append("label={").append(label).append("} "); + sb.append("description={").append(description).append("} "); + sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); + sb.append("rbKeyDescription={").append(rbKeyDescription).append("} "); + sb.append("rbKeyValidationMessage={").append(rbKeyValidationMessage).append("} "); + sb.append("accessTypeRestrictions={").append(accessTypeRestrictions == null ? "null" : accessTypeRestrictions.toString()).append("} "); + sb.append("isValidLeaf={").append(isValidLeaf == null ? "null" : isValidLeaf.toString()).append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((description == null) ? 0 : description.hashCode()); + result = prime + * result + + ((excludesSupported == null) ? 0 : excludesSupported + .hashCode()); + result = prime * result + ((label == null) ? 0 : label.hashCode()); + result = prime * result + ((level == null) ? 0 : level.hashCode()); + result = prime + * result + + ((lookupSupported == null) ? 0 : lookupSupported + .hashCode()); + result = prime * result + + ((mandatory == null) ? 0 : mandatory.hashCode()); + result = prime * result + + ((matcher == null) ? 0 : matcher.hashCode()); + result = prime + * result + + ((matcherOptions == null) ? 0 : matcherOptions.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime * result + + ((parent == null) ? 0 : parent.hashCode()); + result = prime + * result + + ((rbKeyDescription == null) ? 0 : rbKeyDescription + .hashCode()); + result = prime * result + + ((rbKeyLabel == null) ? 0 : rbKeyLabel.hashCode()); + result = prime + * result + + ((rbKeyValidationMessage == null) ? 0 + : rbKeyValidationMessage.hashCode()); + result = prime + * result + + ((recursiveSupported == null) ? 0 : recursiveSupported + .hashCode()); + result = prime * result + ((type == null) ? 0 : type.hashCode()); + result = prime * result + + ((uiHint == null) ? 0 : uiHint.hashCode()); + result = prime + * result + + ((validationMessage == null) ? 0 : validationMessage + .hashCode()); + result = prime + * result + + ((validationRegEx == null) ? 0 : validationRegEx + .hashCode()); + result = prime + * result + + ((accessTypeRestrictions == null) ? 0 : accessTypeRestrictions.hashCode()); + result = prime + * result + + ((isValidLeaf == null) ? 0 : isValidLeaf.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerResourceDef other = (RangerResourceDef) obj; + if (description == null) { + if (other.description != null) + return false; + } else if (!description.equals(other.description)) + return false; + if (excludesSupported == null) { + if (other.excludesSupported != null) + return false; + } else if (!excludesSupported.equals(other.excludesSupported)) + return false; + if (label == null) { + if (other.label != null) + return false; + } else if (!label.equals(other.label)) + return false; + if (level == null) { + if (other.level != null) + return false; + } else if (!level.equals(other.level)) + return false; + if (lookupSupported == null) { + if (other.lookupSupported != null) + return false; + } else if (!lookupSupported.equals(other.lookupSupported)) + return false; + if (mandatory == null) { + if (other.mandatory != null) + return false; + } else if (!mandatory.equals(other.mandatory)) + return false; + if (matcher == null) { + if (other.matcher != null) + return false; + } else if (!matcher.equals(other.matcher)) + return false; + if (matcherOptions == null) { + if (other.matcherOptions != null) + return false; + } else if (!matcherOptions.equals(other.matcherOptions)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + if (parent == null) { + if (other.parent != null) + return false; + } else if (!parent.equals(other.parent)) + return false; + if (rbKeyDescription == null) { + if (other.rbKeyDescription != null) + return false; + } else if (!rbKeyDescription.equals(other.rbKeyDescription)) + return false; + if (rbKeyLabel == null) { + if (other.rbKeyLabel != null) + return false; + } else if (!rbKeyLabel.equals(other.rbKeyLabel)) + return false; + if (rbKeyValidationMessage == null) { + if (other.rbKeyValidationMessage != null) + return false; + } else if (!rbKeyValidationMessage + .equals(other.rbKeyValidationMessage)) + return false; + if (recursiveSupported == null) { + if (other.recursiveSupported != null) + return false; + } else if (!recursiveSupported.equals(other.recursiveSupported)) + return false; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + if (uiHint == null) { + if (other.uiHint != null) + return false; + } else if (!uiHint.equals(other.uiHint)) + return false; + if (validationMessage == null) { + if (other.validationMessage != null) + return false; + } else if (!validationMessage.equals(other.validationMessage)) + return false; + if (validationRegEx == null) { + if (other.validationRegEx != null) + return false; + } else if (!validationRegEx.equals(other.validationRegEx)) + return false; + if (accessTypeRestrictions == null) { + if (other.accessTypeRestrictions != null) + return false; + } else if (!accessTypeRestrictions.equals(other.accessTypeRestrictions)) + return false; + if (isValidLeaf == null) { + if (other.isValidLeaf != null) + return false; + } else if (!isValidLeaf.equals(other.isValidLeaf)) + return false; + return true; + } + + } + + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerAccessTypeDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private Long itemId; + private String name; + private String label; + private String rbKeyLabel; + private Collection impliedGrants; + + public RangerAccessTypeDef() { + this(null, null, null, null, null); + } + + public RangerAccessTypeDef(Long itemId, String name, String label, String rbKeyLabel, Collection impliedGrants) { + setItemId(itemId); + setName(name); + setLabel(label); + setRbKeyLabel(rbKeyLabel); + setImpliedGrants(impliedGrants); + } + + public RangerAccessTypeDef(RangerAccessTypeDef other) { + setItemId(other.getItemId()); + setName(other.getName()); + setLabel(other.getLabel()); + setRbKeyLabel(other.getRbKeyLabel()); + setImpliedGrants(other.getImpliedGrants()); + } + + /** + * @return the itemId + */ + public Long getItemId() { + return itemId; + } + + /** + * @param itemId the itemId to set + */ + public void setItemId(Long itemId) { + this.itemId = itemId; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the label + */ + public String getLabel() { + return label; + } + + /** + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @return the rbKeyLabel + */ + public String getRbKeyLabel() { + return rbKeyLabel; + } + + /** + * @param rbKeyLabel the rbKeyLabel to set + */ + public void setRbKeyLabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + /** + * @return the impliedGrants + */ + public Collection getImpliedGrants() { + return impliedGrants; + } + + /** + * @param impliedGrants the impliedGrants to set + */ + public void setImpliedGrants(Collection impliedGrants) { + if(this.impliedGrants == null) { + this.impliedGrants = new ArrayList<>(); + } + + if(this.impliedGrants == impliedGrants) { + return; + } + + this.impliedGrants.clear(); + + if(impliedGrants != null) { + this.impliedGrants.addAll(impliedGrants); + } + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerAccessTypeDef={"); + sb.append("itemId={").append(itemId).append("} "); + sb.append("name={").append(name).append("} "); + sb.append("label={").append(label).append("} "); + sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); + + sb.append("impliedGrants={"); + if(impliedGrants != null) { + for(String impliedGrant : impliedGrants) { + if(impliedGrant != null) { + sb.append(impliedGrant).append(" "); + } + } + } + sb.append("} "); + + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((itemId == null) ? 0 : itemId.hashCode()); + result = prime * result + + ((impliedGrants == null) ? 0 : impliedGrants.hashCode()); + result = prime * result + ((label == null) ? 0 : label.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime * result + + ((rbKeyLabel == null) ? 0 : rbKeyLabel.hashCode()); + + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerAccessTypeDef other = (RangerAccessTypeDef) obj; + if (itemId == null) { + if (other.itemId != null) + return false; + } else if (other.itemId == null || !itemId.equals(other.itemId)) + return false; + + if (impliedGrants == null) { + if (other.impliedGrants != null) + return false; + } else if (!impliedGrants.equals(other.impliedGrants)) + return false; + if (label == null) { + if (other.label != null) + return false; + } else if (!label.equals(other.label)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + if (rbKeyLabel == null) { + if (other.rbKeyLabel != null) + return false; + } else if (!rbKeyLabel.equals(other.rbKeyLabel)) + return false; + return true; + } + } + + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerPolicyConditionDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private Long itemId; + private String name; + private String evaluator; + private Map evaluatorOptions; + private String validationRegEx; + private String validationMessage; + private String uiHint; + private String label; + private String description; + private String rbKeyLabel; + private String rbKeyDescription; + private String rbKeyValidationMessage; + + public RangerPolicyConditionDef() { + this(null, null, null, null, null, null, null, null, null, null, null, null); + } + + public RangerPolicyConditionDef(Long itemId, String name, String evaluator, Map evaluatorOptions) { + this(itemId, name, evaluator, evaluatorOptions, null, null, null, null, null, null, null, null); + } + + public RangerPolicyConditionDef(Long itemId, String name, String evaluator, Map evaluatorOptions, String validationRegEx, String vaidationMessage, String uiHint, String label, String description, String rbKeyLabel, String rbKeyDescription, String rbKeyValidationMessage) { //NOPMD + setItemId(itemId); + setName(name); + setEvaluator(evaluator); + setEvaluatorOptions(evaluatorOptions); + setValidationRegEx(validationRegEx); + setValidationMessage(validationMessage); + setUiHint(uiHint); + setLabel(label); + setDescription(description); + setRbKeyLabel(rbKeyLabel); + setRbKeyDescription(rbKeyDescription); + setRbKeyValidationMessage(rbKeyValidationMessage); + } + + /** + * @return the itemId + */ + public Long getItemId() { + return itemId; + } + + /** + * @param itemId the itemId to set + */ + public void setItemId(Long itemId) { + this.itemId = itemId; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the evaluator + */ + public String getEvaluator() { + return evaluator; + } + + /** + * @param evaluator the evaluator to set + */ + public void setEvaluator(String evaluator) { + this.evaluator = evaluator; + } + + /** + * @return the evaluatorOptions + */ + public Map getEvaluatorOptions() { + return evaluatorOptions; + } + + /** + * @param evaluatorOptions the evaluatorOptions to set + */ + public void setEvaluatorOptions(Map evaluatorOptions) { + this.evaluatorOptions = evaluatorOptions == null ? new HashMap() : evaluatorOptions; + } + + /** + * @return the validationRegEx + */ + public String getValidationRegEx() { + return validationRegEx; + } + + /** + * @param validationRegEx the validationRegEx to set + */ + public void setValidationRegEx(String validationRegEx) { + this.validationRegEx = validationRegEx; + } + + /** + * @return the validationMessage + */ + public String getValidationMessage() { + return validationMessage; + } + + /** + * @param validationMessage the validationMessage to set + */ + public void setValidationMessage(String validationMessage) { + this.validationMessage = validationMessage; + } + + /** + * @return the uiHint + */ + public String getUiHint() { + return uiHint; + } + + /** + * @param uiHint the uiHint to set + */ + public void setUiHint(String uiHint) { + this.uiHint = uiHint; + } + + /** + * @return the label + */ + public String getLabel() { + return label; + } + + /** + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the rbKeyLabel + */ + public String getRbKeyLabel() { + return rbKeyLabel; + } + + /** + * @param rbKeyLabel the rbKeyLabel to set + */ + public void setRbKeyLabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + /** + * @return the rbKeyDescription + */ + public String getRbKeyDescription() { + return rbKeyDescription; + } + + /** + * @param rbKeyDescription the rbKeyDescription to set + */ + public void setRbKeyDescription(String rbKeyDescription) { + this.rbKeyDescription = rbKeyDescription; + } + + /** + * @return the rbKeyValidationMessage + */ + public String getRbKeyValidationMessage() { + return rbKeyValidationMessage; + } + + /** + * @param rbKeyValidationMessage the rbKeyValidationMessage to set + */ + public void setRbKeyValidationMessage(String rbKeyValidationMessage) { + this.rbKeyValidationMessage = rbKeyValidationMessage; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerPolicyConditionDef={"); + sb.append("itemId={").append(itemId).append("} "); + sb.append("name={").append(name).append("} "); + sb.append("evaluator={").append(evaluator).append("} "); + sb.append("evaluatorOptions={").append(evaluatorOptions).append("} "); + sb.append("validationRegEx={").append(validationRegEx).append("} "); + sb.append("validationMessage={").append(validationMessage).append("} "); + sb.append("uiHint={").append(uiHint).append("} "); + sb.append("label={").append(label).append("} "); + sb.append("description={").append(description).append("} "); + sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); + sb.append("rbKeyDescription={").append(rbKeyDescription).append("} "); + sb.append("rbKeyValidationMessage={").append(rbKeyValidationMessage).append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((itemId == null) ? 0 : itemId.hashCode()); + result = prime * result + + ((description == null) ? 0 : description.hashCode()); + result = prime * result + + ((evaluator == null) ? 0 : evaluator.hashCode()); + result = prime + * result + + ((evaluatorOptions == null) ? 0 : evaluatorOptions + .hashCode()); + result = prime * result + ((label == null) ? 0 : label.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime + * result + + ((rbKeyDescription == null) ? 0 : rbKeyDescription + .hashCode()); + result = prime * result + + ((rbKeyLabel == null) ? 0 : rbKeyLabel.hashCode()); + result = prime + * result + + ((rbKeyValidationMessage == null) ? 0 + : rbKeyValidationMessage.hashCode()); + result = prime * result + + ((uiHint == null) ? 0 : uiHint.hashCode()); + result = prime + * result + + ((validationMessage == null) ? 0 : validationMessage + .hashCode()); + result = prime + * result + + ((validationRegEx == null) ? 0 : validationRegEx + .hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerPolicyConditionDef other = (RangerPolicyConditionDef) obj; + if (itemId == null) { + if (other.itemId != null) + return false; + } else if (other.itemId != null || !itemId.equals(other.itemId)) { + return false; + } + + if (description == null) { + if (other.description != null) + return false; + } else if (!description.equals(other.description)) + return false; + if (evaluator == null) { + if (other.evaluator != null) + return false; + } else if (!evaluator.equals(other.evaluator)) + return false; + if (evaluatorOptions == null) { + if (other.evaluatorOptions != null) + return false; + } else if (!evaluatorOptions.equals(other.evaluatorOptions)) + return false; + if (label == null) { + if (other.label != null) + return false; + } else if (!label.equals(other.label)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + if (rbKeyDescription == null) { + if (other.rbKeyDescription != null) + return false; + } else if (!rbKeyDescription.equals(other.rbKeyDescription)) + return false; + if (rbKeyLabel == null) { + if (other.rbKeyLabel != null) + return false; + } else if (!rbKeyLabel.equals(other.rbKeyLabel)) + return false; + if (rbKeyValidationMessage == null) { + if (other.rbKeyValidationMessage != null) + return false; + } else if (!rbKeyValidationMessage + .equals(other.rbKeyValidationMessage)) + return false; + if (uiHint == null) { + if (other.uiHint != null) + return false; + } else if (!uiHint.equals(other.uiHint)) + return false; + if (validationMessage == null) { + if (other.validationMessage != null) + return false; + } else if (!validationMessage.equals(other.validationMessage)) + return false; + if (validationRegEx == null) { + if (other.validationRegEx != null) + return false; + } else if (!validationRegEx.equals(other.validationRegEx)) + return false; + return true; + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerContextEnricherDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private Long itemId; + private String name; + private String enricher; + private Map enricherOptions; + + public RangerContextEnricherDef() { + this(null, null, null, null); + } + + public RangerContextEnricherDef(Long itemId, String name, String enricher, Map enricherOptions) { + setItemId(itemId); + setName(name); + setEnricher(enricher); + setEnricherOptions(enricherOptions); + } + + /** + * @return the itemId + */ + public Long getItemId() { + return itemId; + } + + /** + * @param itemId the itemId to set + */ + public void setItemId(Long itemId) { + this.itemId = itemId; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the enricher + */ + public String getEnricher() { + return enricher; + } + + /** + * @param enricher the enricher to set + */ + public void setEnricher(String enricher) { + this.enricher = enricher; + } + + /** + * @return the enricherOptions + */ + public Map getEnricherOptions() { + return enricherOptions; + } + + /** + * @param enricherOptions the enricherOptions to set + */ + public void setEnricherOptions(Map enricherOptions) { + this.enricherOptions = enricherOptions == null ? new HashMap() : enricherOptions; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerContextEnricherDef={"); + sb.append("itemId={").append(itemId).append("} "); + sb.append("name={").append(name).append("} "); + sb.append("enricher={").append(enricher).append("} "); + sb.append("enricherOptions={").append(enricherOptions).append("} "); + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((itemId == null) ? 0 : itemId.hashCode()); + result = prime * result + + ((enricher == null) ? 0 : enricher.hashCode()); + result = prime + * result + + ((enricherOptions == null) ? 0 : enricherOptions + .hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerContextEnricherDef other = (RangerContextEnricherDef) obj; + if (itemId == null) { + if (other.itemId != null) + return false; + } else if (other.itemId == null || !itemId.equals(other.itemId)) + return false; + + if (enricher == null) { + if (other.enricher != null) + return false; + } else if (!enricher.equals(other.enricher)) + return false; + if (enricherOptions == null) { + if (other.enricherOptions != null) + return false; + } else if (!enricherOptions.equals(other.enricherOptions)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + return true; + } + } + + + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerDataMaskDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private List maskTypes; + private List accessTypes; + private List resources; + + + public RangerDataMaskDef() { + setMaskTypes(null); + setAccessTypes(null); + setResources(null); + } + + public RangerDataMaskDef(List maskTypes, List accessTypes, List resources) { + setMaskTypes(maskTypes); + setAccessTypes(accessTypes); + setResources(resources); + } + + public RangerDataMaskDef(RangerDataMaskDef other) { + setMaskTypes(other.getMaskTypes()); + setAccessTypes(other.getAccessTypes()); + setResources(other.getResources()); + } + + public List getMaskTypes() { + return maskTypes; + } + + public void setMaskTypes(List maskTypes) { + if(this.maskTypes == null) { + this.maskTypes = new ArrayList<>(); + } + + if(this.maskTypes == maskTypes) { + return; + } + + this.maskTypes.clear(); + + if(maskTypes != null) { + this.maskTypes.addAll(maskTypes); + } + } + + public List getAccessTypes() { + return accessTypes; + } + + public void setAccessTypes(List accessTypes) { + if(this.accessTypes == null) { + this.accessTypes = new ArrayList<>(); + } + + if(this.accessTypes == accessTypes) { + return; + } + + this.accessTypes.clear(); + + if(accessTypes != null) { + this.accessTypes.addAll(accessTypes); + } + } + + public List getResources() { + return resources; + } + + public void setResources(List resources) { + if(this.resources == null) { + this.resources = new ArrayList<>(); + } + + if(this.resources == resources) { + return; + } + + this.resources.clear(); + + if(resources != null) { + this.resources.addAll(resources); + } + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerDataMaskDef={"); + + sb.append("maskTypes={"); + if(maskTypes != null) { + for(RangerDataMaskTypeDef maskType : maskTypes) { + if(maskType != null) { + sb.append(maskType).append(" "); + } + } + } + sb.append("} "); + + sb.append("accessTypes={"); + if(accessTypes != null) { + for(RangerAccessTypeDef accessType : accessTypes) { + if(accessType != null) { + accessType.toString(sb).append(" "); + } + } + } + sb.append("} "); + + sb.append("resources={"); + if(resources != null) { + for(RangerResourceDef resource : resources) { + if(resource != null) { + resource.toString(sb).append(" "); + } + } + } + sb.append("} "); + + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((maskTypes == null) ? 0 : maskTypes.hashCode()); + result = prime * result + ((accessTypes == null) ? 0 : accessTypes.hashCode()); + result = prime * result + ((resources == null) ? 0 : resources.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerDataMaskDef other = (RangerDataMaskDef) obj; + if (maskTypes == null) { + if (other.maskTypes != null) + return false; + } else if (other.maskTypes == null || !maskTypes.equals(other.maskTypes)) + return false; + + if (accessTypes == null) { + if (other.accessTypes != null) + return false; + } else if (!accessTypes.equals(other.accessTypes)) + return false; + if (resources == null) { + if (other.resources != null) + return false; + } else if (!resources.equals(other.resources)) + return false; + return true; + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerDataMaskTypeDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private Long itemId; + private String name; + private String label; + private String description; + private String transformer; + private Map dataMaskOptions; + private String rbKeyLabel; + private String rbKeyDescription; + + public RangerDataMaskTypeDef() { + this(null, null, null, null, null, null, null, null); + } + + public RangerDataMaskTypeDef(Long itemId, String name, String label, String description, String transformer, Map dataMaskOptions, String rbKeyLabel, String rbKeyDescription) { + setItemId(itemId); + setName(name); + setLabel(label); + setDescription(description); + setTransformer(transformer); + setDataMaskOptions(dataMaskOptions); + setRbKeyLabel(rbKeyLabel); + setRbKeyDescription(rbKeyDescription); + } + + public RangerDataMaskTypeDef(RangerDataMaskTypeDef other) { + setItemId(other.getItemId()); + setName(other.getName()); + setLabel(other.getLabel()); + setDescription(other.getDescription()); + setTransformer(other.getTransformer()); + setDataMaskOptions(other.getDataMaskOptions()); + setRbKeyLabel(other.getRbKeyLabel()); + setRbKeyDescription(other.getRbKeyDescription()); + } + + /** + * @return the itemId + */ + public Long getItemId() { + return itemId; + } + + /** + * @param itemId the itemId to set + */ + public void setItemId(Long itemId) { + this.itemId = itemId; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the label + */ + public String getLabel() { + return label; + } + + /** + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @return the transformer + */ + public String getTransformer() { + return transformer; + } + + /** + * @param transformer the transformer to set + */ + public void setTransformer(String transformer) { + this.transformer = transformer; + } + + /** + * @return the dataMaskOptions + */ + public Map getDataMaskOptions() { + return dataMaskOptions; + } + + /** + * @param dataMaskOptions the dataMaskOptions to set + */ + public void setDataMaskOptions(Map dataMaskOptions) { + this.dataMaskOptions = dataMaskOptions == null ? new HashMap() : dataMaskOptions; + } + + /** + * @return the rbKeyLabel + */ + public String getRbKeyLabel() { + return rbKeyLabel; + } + + /** + * @param rbKeyLabel the rbKeyLabel to set + */ + public void setRbKeyLabel(String rbKeyLabel) { + this.rbKeyLabel = rbKeyLabel; + } + + /** + * @return the rbKeyDescription + */ + public String getRbKeyDescription() { + return rbKeyDescription; + } + + /** + * @param rbKeyDescription the rbKeyDescription to set + */ + public void setRbKeyDescription(String rbKeyDescription) { + this.rbKeyDescription = rbKeyDescription; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerDataMaskTypeDef={"); + sb.append("itemId={").append(itemId).append("} "); + sb.append("name={").append(name).append("} "); + sb.append("label={").append(label).append("} "); + sb.append("description={").append(description).append("} "); + sb.append("transformer={").append(transformer).append("} "); + sb.append("dataMaskOptions={").append(dataMaskOptions).append("} "); + sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); + sb.append("rbKeyDescription={").append(rbKeyDescription).append("} "); + + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((itemId == null) ? 0 : itemId.hashCode()); + result = prime * result + + ((dataMaskOptions == null) ? 0 : dataMaskOptions.hashCode()); + result = prime * result + ((label == null) ? 0 : label.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime * result + + ((rbKeyLabel == null) ? 0 : rbKeyLabel.hashCode()); + result = prime * result + ((description == null) ? 0 : description.hashCode()); + result = prime * result + ((transformer == null) ? 0 : transformer.hashCode()); + result = prime * result + ((rbKeyDescription == null) ? 0 : rbKeyDescription.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerDataMaskTypeDef other = (RangerDataMaskTypeDef) obj; + if (itemId == null) { + if (other.itemId != null) + return false; + } else if (other.itemId == null || !itemId.equals(other.itemId)) + return false; + + if (dataMaskOptions == null) { + if (other.dataMaskOptions != null) + return false; + } else if (!dataMaskOptions.equals(other.dataMaskOptions)) + return false; + if (label == null) { + if (other.label != null) + return false; + } else if (!label.equals(other.label)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + if (rbKeyLabel == null) { + if (other.rbKeyLabel != null) + return false; + } else if (!rbKeyLabel.equals(other.rbKeyLabel)) + return false; + if (description == null) { + if (other.description != null) + return false; + } else if (!description.equals(other.description)) + return false; + if (transformer == null) { + if (other.transformer != null) + return false; + } else if (!transformer.equals(other.transformer)) + return false; + if (rbKeyDescription == null) { + if (other.rbKeyDescription != null) + return false; + } else if (!rbKeyDescription.equals(other.rbKeyDescription)) + return false; + return true; + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerRowFilterDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private List accessTypes; + private List resources; + + + public RangerRowFilterDef() { + setAccessTypes(null); + setResources(null); + } + + public RangerRowFilterDef(List accessTypes, List resources) { + setAccessTypes(accessTypes); + setResources(resources); + } + + public RangerRowFilterDef(RangerRowFilterDef other) { + setAccessTypes(other.getAccessTypes()); + setResources(other.getResources()); + } + + public List getAccessTypes() { + return accessTypes; + } + + public void setAccessTypes(List accessTypes) { + if(this.accessTypes == null) { + this.accessTypes = new ArrayList<>(); + } + + if(this.accessTypes == accessTypes) { + return; + } + + this.accessTypes.clear(); + + if(accessTypes != null) { + this.accessTypes.addAll(accessTypes); + } + } + + public List getResources() { + return resources; + } + + public void setResources(List resources) { + if(this.resources == null) { + this.resources = new ArrayList<>(); + } + + if(this.resources == resources) { + return; + } + + this.resources.clear(); + + if(resources != null) { + this.resources.addAll(resources); + } + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerRowFilterDef={"); + + sb.append("accessTypes={"); + if(accessTypes != null) { + for(RangerAccessTypeDef accessType : accessTypes) { + if(accessType != null) { + accessType.toString(sb).append(" "); + } + } + } + sb.append("} "); + + sb.append("resources={"); + if(resources != null) { + for(RangerResourceDef resource : resources) { + if(resource != null) { + resource.toString(sb).append(" "); + } + } + } + sb.append("} "); + + sb.append("}"); + + return sb; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((accessTypes == null) ? 0 : accessTypes.hashCode()); + result = prime * result + ((resources == null) ? 0 : resources.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + RangerRowFilterDef other = (RangerRowFilterDef) obj; + + if (accessTypes == null) { + if (other.accessTypes != null) + return false; + } else if (!accessTypes.equals(other.accessTypes)) + return false; + if (resources == null) { + if (other.resources != null) + return false; + } else if (!resources.equals(other.resources)) + return false; + return true; + } + } +} diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerValidityRecurrence.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerValidityRecurrence.java new file mode 100644 index 0000000000..449a3d356f --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerValidityRecurrence.java @@ -0,0 +1,224 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.model; + +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; +import java.io.Serializable; + +@JsonInclude(JsonInclude.Include.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) + +public class RangerValidityRecurrence implements Serializable { + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class ValidityInterval { + private final int days; + private final int hours; + private final int minutes; + + public static int getValidityIntervalInMinutes(ValidityInterval interval) { + return interval != null ? + (interval.getDays()*24 + interval.getHours())*60 + interval.getMinutes() : 0; + } + + public ValidityInterval() { + this.days = 0; + this.hours = 0; + this.minutes = 0; + } + public ValidityInterval(int days, int hours, int minutes) { + this.days = days; + this.hours = hours; + this.minutes = minutes; + } + public int getDays() { return days; } + public int getHours() { return hours; } + public int getMinutes() { return minutes; } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("ValidityInterval={"); + + sb.append(" Interval={"); + sb.append("days=").append(days); + sb.append(", hours=").append(hours); + sb.append(", minutes=").append(minutes); + sb.append(" }"); + + return sb.toString(); + } + } + + @JsonInclude(JsonInclude.Include.NON_NULL) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RecurrenceSchedule { + static final String PERMITTED_SPECIAL_CHARACTERS = "*,-"; + static final String PERMITTED_SPECIAL_CHARACTERS_FOR_MINUTES = ","; + public static final String WILDCARD = "*"; + + public enum ScheduleFieldSpec { + minute(0, 59, PERMITTED_SPECIAL_CHARACTERS_FOR_MINUTES), + hour(0, 23, PERMITTED_SPECIAL_CHARACTERS), + dayOfMonth(1, 31, PERMITTED_SPECIAL_CHARACTERS), + dayOfWeek(1, 7, PERMITTED_SPECIAL_CHARACTERS), + month(0, 11, PERMITTED_SPECIAL_CHARACTERS), + year(2017, 2100, PERMITTED_SPECIAL_CHARACTERS), + ; + + public final int minimum; + public final int maximum; + public final String specialChars; + + ScheduleFieldSpec(int minimum, int maximum, String specialChars) { + this.minimum = minimum; + this.maximum = maximum; + this.specialChars = specialChars; + } + } + + + private String minute; + private String hour; + private String dayOfMonth; + private String dayOfWeek; + private String month; + private String year; + + public RecurrenceSchedule() {} + + public RecurrenceSchedule(String minute, String hour, String dayOfMonth, String dayOfWeek, String month, String year) { + setMinute(minute); + setHour(hour); + setDayOfMonth(dayOfMonth); + setDayOfWeek(dayOfWeek); + setMonth(month); + setYear(year); + } + public String getMinute() { return minute;} + public String getHour() { return hour;} + public String getDayOfMonth() { return dayOfMonth;} + public String getDayOfWeek() { return dayOfWeek;} + public String getMonth() { return month;} + public String getYear() { return year;} + + public void setMinute(String minute) { this.minute = minute;} + public void setHour(String hour) { this.hour = hour;} + public void setDayOfMonth(String dayOfMonth) { this.dayOfMonth = dayOfMonth;} + public void setDayOfWeek(String dayOfWeek) { this.dayOfWeek = dayOfWeek;} + public void setMonth(String month) { this.month = month;} + public void setYear(String year) { this.year = year;} + + public void setFieldValue(ScheduleFieldSpec field, String value) { + switch (field) { + case minute: + setMinute(value); + break; + case hour: + setHour(value); + break; + case dayOfMonth: + setDayOfMonth(value); + break; + case dayOfWeek: + setDayOfWeek(value); + break; + case month: + setMonth(value); + break; + case year: + setYear(value); + break; + default: + break; + } + } + + public String getFieldValue(ScheduleFieldSpec field) { + switch (field) { + case minute: + return getMinute(); + case hour: + return getHour(); + case dayOfMonth: + return getDayOfMonth(); + case dayOfWeek: + return getDayOfWeek(); + case month: + return getMonth(); + case year: + return getYear(); + default: + return null; + } + } + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append(" Schedule={"); + sb.append(" minute=").append(minute); + sb.append(", hour=").append(hour); + sb.append(", dayOfMonth=").append(dayOfMonth); + sb.append(", dayOfWeek=").append(dayOfWeek); + sb.append(", month=").append(month); + sb.append(", year=").append(year); + sb.append(" }"); + + return sb.toString(); + } + } + + private RecurrenceSchedule schedule; + private ValidityInterval interval; + + public RangerValidityRecurrence() { + } + + public RangerValidityRecurrence(RecurrenceSchedule schedule, ValidityInterval interval) { + setSchedule(schedule); + setInterval(interval); + } + + public void setSchedule(RecurrenceSchedule schedule) { this.schedule = schedule;} + + public void setInterval(ValidityInterval interval) { this.interval = interval; } + + public RecurrenceSchedule getSchedule() { return schedule;} + + public ValidityInterval getInterval() { + return interval; + } + + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("{RangerValidityRecurrence= {"); + sb.append(schedule).append(interval); + sb.append(" }"); + return sb.toString(); + } +} diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerValiditySchedule.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerValiditySchedule.java new file mode 100644 index 0000000000..f166598e28 --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerValiditySchedule.java @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.model; + +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonAutoDetect; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonIgnoreProperties; +import org.apache.htrace.shaded.fasterxml.jackson.databind.annotation.JsonSerialize; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; +import java.io.Serializable; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +@JsonAutoDetect(fieldVisibility= JsonAutoDetect.Visibility.ANY) +@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL) +@JsonIgnoreProperties(ignoreUnknown=true) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) + +public class RangerValiditySchedule implements Serializable { + + public static final String VALIDITY_SCHEDULE_DATE_STRING_SPECIFICATION = "yyyy/MM/dd HH:mm:ss"; + + private String startTime; + private String endTime; + private String timeZone; + + private List recurrences; + + public RangerValiditySchedule(String startTime, String endTime, String timeZone, List recurrences) { + setTimeZone(timeZone); + setStartTime(startTime); + setEndTime(endTime); + setRecurrences(recurrences); + } + + public RangerValiditySchedule() { + this(null, null, null, null); + } + + public String getTimeZone() { return timeZone; } + public String getStartTime() { return startTime;} + public String getEndTime() { return endTime;} + public List getRecurrences() { return recurrences;} + + public void setTimeZone(String timeZone) { this.timeZone = timeZone; } + public void setStartTime(String startTime) { this.startTime = startTime;} + public void setEndTime(String endTime) { this.endTime = endTime;} + public void setRecurrences(List recurrences) { this.recurrences = recurrences == null ? new ArrayList<>() : recurrences;} + + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("RangerValiditySchedule={"); + + sb.append(", startTime=").append(startTime); + sb.append(", endTime=").append(endTime); + sb.append(", timeZone=").append(timeZone); + + sb.append(", recurrences=").append(Arrays.toString(getRecurrences().toArray())); + + sb.append("}"); + + return sb.toString(); + } +} diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/UserInfo.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/UserInfo.java new file mode 100644 index 0000000000..43b5fe1682 --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/UserInfo.java @@ -0,0 +1,93 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.model; + +import org.apache.atlas.plugin.util.RangerUserStoreUtil; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +@JsonInclude(JsonInclude.Include.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class UserInfo extends RangerBaseModelObject implements java.io.Serializable { + + private static final long serialVersionUID = 1L; + private String name; + private String description; + private Map otherAttributes; + private Set groups; + + public UserInfo() { + this(null, null, null); + } + + public UserInfo(String name, String description, Map otherAttributes) { + setName(name); + setDescription(description); + setOtherAttributes(otherAttributes); + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getDescription() { + return description; + } + + public void setDescription(String description) { + this.description = description; + } + + public Map getOtherAttributes() { + return otherAttributes; + } + + public void setOtherAttributes(Map otherAttributes) { + this.otherAttributes = otherAttributes == null ? new HashMap<>() : otherAttributes; + } + + public Set getGroups(){ + return this.groups; + } + + public void setGroups(Set groups){ + this.groups = groups; + } + + @Override + public String toString() { + return "{name=" + name + + ", description=" + description + + ", otherAttributes=" + RangerUserStoreUtil.getPrintableOptions(otherAttributes) + + ", groups=" + groups + + "}"; + } +} \ No newline at end of file diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/util/RangerRoles.java b/auth-common/src/main/java/org/apache/atlas/plugin/util/RangerRoles.java new file mode 100644 index 0000000000..ddcb6dea58 --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/util/RangerRoles.java @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.util; + +import org.apache.atlas.plugin.model.RangerRole; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; +import java.io.Serializable; +import java.util.Date; +import java.util.Set; + +@JsonInclude(JsonInclude.Include.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerRoles implements Serializable { + private static final long serialVersionUID = 1L; + + private String serviceName; + private Long roleVersion; + private Date roleUpdateTime; + private Set rangerRoles; + + public String getServiceName() { + return serviceName; + } + + public void setServiceName(String serviceName) { + this.serviceName = serviceName; + } + + public Long getRoleVersion() { + return roleVersion; + } + + public void setRoleVersion(Long roleVersion) { + this.roleVersion = roleVersion; + } + + public Date getRoleUpdateTime() { + return roleUpdateTime; + } + + public void setRoleUpdateTime(Date roleUpdateTime) { + this.roleUpdateTime = roleUpdateTime; + } + + public Set getRangerRoles(){ + return this.rangerRoles; + } + + public void setRangerRoles(Set rangerRoles){ + this.rangerRoles = rangerRoles; + } +} diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStore.java b/auth-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStore.java new file mode 100644 index 0000000000..4c661086d3 --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStore.java @@ -0,0 +1,191 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.util; + +import org.apache.atlas.plugin.model.GroupInfo; +import org.apache.atlas.plugin.model.UserInfo; +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections.MapUtils; +import org.apache.commons.lang.StringUtils; +import org.apache.htrace.shaded.fasterxml.jackson.annotation.JsonInclude; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; +import java.io.Serializable; +import java.util.Date; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +@JsonInclude(JsonInclude.Include.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerUserStore implements Serializable { + private static final long serialVersionUID = 1L; + public static final String CLOUD_IDENTITY_NAME = "cloud_id"; + + private Long userStoreVersion; + private Date userStoreUpdateTime; + private Map> userAttrMapping; + private Map> groupAttrMapping ; + private Map> userGroupMapping; + private Map userCloudIdMapping; + private Map groupCloudIdMapping; + private String serviceName; + + public RangerUserStore() {this(-1L, null, null, null);} + + public RangerUserStore(Long userStoreVersion, Set users, Set groups, Map> userGroups) { + setUserStoreVersion(userStoreVersion); + setUserStoreUpdateTime(new Date()); + setUserGroupMapping(userGroups); + buildMap(users, groups); + } + + public String getServiceName() { + return serviceName; + } + + public void setServiceName(String serviceName) { + this.serviceName = serviceName; + } + + public Long getUserStoreVersion() { + return userStoreVersion; + } + + public void setUserStoreVersion(Long userStoreVersion) { + this.userStoreVersion = userStoreVersion; + } + + public Date getUserStoreUpdateTime() { + return userStoreUpdateTime; + } + + public void setUserStoreUpdateTime(Date userStoreUpdateTime) { + this.userStoreUpdateTime = userStoreUpdateTime; + } + + public Map> getUserAttrMapping() { + return userAttrMapping; + } + + public void setUserAttrMapping(Map> userAttrMapping) { + this.userAttrMapping = userAttrMapping; + } + + public Map> getGroupAttrMapping() { + return groupAttrMapping; + } + + public void setGroupAttrMapping(Map> groupAttrMapping) { + this.groupAttrMapping = groupAttrMapping; + } + + public Map> getUserGroupMapping() { + return userGroupMapping; + } + + public void setUserGroupMapping(Map> userGroupMapping) { + this.userGroupMapping = userGroupMapping; + } + + public Map getUserCloudIdMapping() { + return userCloudIdMapping; + } + + public void setUserCloudIdMapping(Map userCloudIdMapping) { + this.userCloudIdMapping = userCloudIdMapping; + } + + public Map getGroupCloudIdMapping() { + return groupCloudIdMapping; + } + + public void setGroupCloudIdMapping(Map groupCloudIdMapping) { + this.groupCloudIdMapping = groupCloudIdMapping; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerUserStore={") + .append("userStoreVersion=").append(userStoreVersion).append(", ") + .append("userStoreUpdateTime=").append(userStoreUpdateTime).append(", "); + sb.append("users={"); + if(MapUtils.isNotEmpty(userAttrMapping)) { + for(String user : userAttrMapping.keySet()) { + sb.append(user); + } + } + sb.append("}, "); + sb.append("groups={"); + if(MapUtils.isNotEmpty(groupAttrMapping)) { + for(String group : groupAttrMapping.keySet()) { + sb.append(group); + } + } + sb.append("}"); + sb.append("}"); + + return sb; + } + + private void buildMap(Set users, Set groups) { + if (CollectionUtils.isNotEmpty(users)) { + userAttrMapping = new HashMap<>(); + userCloudIdMapping = new HashMap<>(); + for (UserInfo user : users) { + String username = user.getName(); + Map userAttrs = user.getOtherAttributes(); + if (MapUtils.isNotEmpty(userAttrs)) { + userAttrMapping.put(username, userAttrs); + String cloudId = userAttrs.get(CLOUD_IDENTITY_NAME); + if (StringUtils.isNotEmpty(cloudId)) { + userCloudIdMapping.put(cloudId, username); + } + } + } + } + if (CollectionUtils.isNotEmpty(groups)) { + groupAttrMapping = new HashMap<>(); + groupCloudIdMapping = new HashMap<>(); + for (GroupInfo group : groups) { + String groupname = group.getName(); + Map groupAttrs = group.getOtherAttributes(); + if (MapUtils.isNotEmpty(groupAttrs)) { + groupAttrMapping.put(groupname, groupAttrs); + String cloudId = groupAttrs.get(CLOUD_IDENTITY_NAME); + if (StringUtils.isNotEmpty(cloudId)) { + groupCloudIdMapping.put(cloudId, groupname); + } + } + } + } + } +} diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStoreUtil.java b/auth-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStoreUtil.java new file mode 100644 index 0000000000..4e3bf599fb --- /dev/null +++ b/auth-common/src/main/java/org/apache/atlas/plugin/util/RangerUserStoreUtil.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.atlas.plugin.util; + +import org.apache.commons.collections.MapUtils; +import org.apache.commons.lang.StringUtils; + +import java.util.Map; + +public class RangerUserStoreUtil { + public static final String CLOUD_IDENTITY_NAME = "cloud_id"; + + public static String getPrintableOptions(Map otherAttributes) { + if (MapUtils.isEmpty(otherAttributes)) return "{}"; + StringBuilder ret = new StringBuilder(); + ret.append("{"); + for (Map.Entry entry : otherAttributes.entrySet()) { + ret.append(entry.getKey()).append(", ").append("[").append(entry.getValue()).append("]").append(","); + } + ret.append("}"); + return ret.toString(); + } + + public static String getAttrVal(Map> attrMap, String name, String attrName) { + String ret = null; + + if (StringUtils.isNotEmpty(name) && StringUtils.isNotEmpty(attrName)) { + Map attrs = attrMap.get(name); + if (MapUtils.isNotEmpty(attrs)) { + ret = attrs.get(attrName); + } + } + return ret; + } + + public String getCloudId(Map> attrMap, String name) { + String cloudId = null; + cloudId = getAttrVal(attrMap, name, CLOUD_IDENTITY_NAME); + return cloudId; + } +} + + diff --git a/distro/src/main/assemblies/atlas-server-package.xml b/distro/src/main/assemblies/atlas-server-package.xml index 9eb71ef7cf..bbf24cb9b3 100755 --- a/distro/src/main/assemblies/atlas-server-package.xml +++ b/distro/src/main/assemblies/atlas-server-package.xml @@ -161,6 +161,11 @@ ../addons/policies policies + + + ../addons/override-policies + override-policies + diff --git a/distro/src/main/assemblies/standalone-package.xml b/distro/src/main/assemblies/standalone-package.xml index 3ef91c047e..b3c81f9a60 100755 --- a/distro/src/main/assemblies/standalone-package.xml +++ b/distro/src/main/assemblies/standalone-package.xml @@ -141,6 +141,11 @@ policies + + ../addons/override-policies + override-policies + + ../addons/hive-bridge/src/bin diff --git a/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java b/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java index 384ac27360..ff76c10a67 100644 --- a/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java +++ b/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java @@ -33,6 +33,11 @@ public String getQuery() { return queryString; } + @Override + public void setQuery(String query) { + this.queryString = query; + } + public Map getDsl() { return dsl; } diff --git a/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java b/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java index acdcfca447..9030654fda 100644 --- a/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java +++ b/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java @@ -18,6 +18,7 @@ public class SearchParams { boolean suppressLogs; boolean excludeMeanings; boolean excludeClassifications; + boolean enableFullRestriction; RequestMetadata requestMetadata = new RequestMetadata(); boolean showHighlights; @@ -26,10 +27,18 @@ public String getQuery() { return getQuery(); } + public boolean getEnableFullRestriction() { + return enableFullRestriction; + } + public Set getAttributes() { return attributes; } + public void setQuery(String query) { + setQuery(query); + } + public void setAttributes(Set attributes) { this.attributes = attributes; } diff --git a/pom.xml b/pom.xml index 1cc9aa70dc..cbe4f00371 100644 --- a/pom.xml +++ b/pom.xml @@ -798,6 +798,7 @@ dashboardv2 dashboardv3 + auth-common auth-agents-cred auth-agents-common auth-audits diff --git a/repository/pom.xml b/repository/pom.xml index 10d8d876fb..2b8e4a5374 100755 --- a/repository/pom.xml +++ b/repository/pom.xml @@ -322,6 +322,12 @@ 3.0.0-SNAPSHOT + + org.apache.atlas + auth-common + 3.0.0-SNAPSHOT + + diff --git a/repository/src/main/java/org/apache/atlas/authorizer/JsonToElasticsearchQuery.java b/repository/src/main/java/org/apache/atlas/authorizer/JsonToElasticsearchQuery.java new file mode 100644 index 0000000000..f7715b1f58 --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/authorizer/JsonToElasticsearchQuery.java @@ -0,0 +1,86 @@ +package org.apache.atlas.authorizer; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; +import com.fasterxml.jackson.databind.node.ObjectNode; +import org.apache.atlas.RequestContext; +import org.apache.atlas.utils.AtlasPerfMetrics; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class JsonToElasticsearchQuery { + private static final Logger LOG = LoggerFactory.getLogger(JsonToElasticsearchQuery.class); + + private static JsonNode convertConditionToQuery(String condition, JsonNode criterion, ObjectMapper mapper) { + if (condition.equals("AND")) { + return mapper.createObjectNode().set("bool", mapper.createObjectNode().set("filter", mapper.createArrayNode())); + } else if (condition.equals("OR")) { + //JsonNode node = mapper.createObjectNode().set("bool", mapper.createObjectNode()); + return mapper.createObjectNode() + .set("bool", mapper.createObjectNode() + .set("should", mapper.createArrayNode())); + } else { + throw new IllegalArgumentException("Unsupported condition: " + condition); + } + } + + public static JsonNode convertJsonToQuery(JsonNode data, ObjectMapper mapper) { + AtlasPerfMetrics.MetricRecorder convertJsonToQueryMetrics = RequestContext.get().startMetricRecord("convertJsonToQuery"); + String condition = data.get("condition").asText(); + JsonNode criterion = data.get("criterion"); + + JsonNode query = convertConditionToQuery(condition, criterion, mapper); + + for (JsonNode crit : criterion) { + if (crit.has("condition")) { + JsonNode nestedQuery = convertJsonToQuery(crit, mapper); + if (condition.equals("AND")) { + ((ArrayNode) query.get("bool").get("filter")).add(nestedQuery); + } else { + ((ArrayNode) query.get("bool").get("should")).add(nestedQuery); + } + } else { + String operator = crit.get("operator").asText(); + String attributeName = crit.get("attributeName").asText(); + String attributeValue = crit.get("attributeValue").asText(); + + switch (operator) { + case "EQUALS": + ObjectNode termNode = ((ArrayNode) query.get("bool").get(condition.equals("AND") ? "filter" : "should")).addObject(); + termNode.putObject("term").put(attributeName, attributeValue); + break; + + case "NOT_EQUALS": + termNode = ((ArrayNode) query.get("bool").get(condition.equals("AND") ? "filter" : "should")).addObject(); + termNode.putObject("bool").putObject("must_not").putObject("term").put(attributeName, attributeValue); + break; + + case "STARTS_WITH": + ObjectNode wildcardNode = ((ArrayNode) query.get("bool").get(condition.equals("AND") ? "filter" : "should")).addObject(); + wildcardNode.putObject("wildcard").put(attributeName, attributeValue + "*"); + break; + + case "ENDS_WITH": + wildcardNode = ((ArrayNode) query.get("bool").get(condition.equals("AND") ? "filter" : "should")).addObject(); + wildcardNode.putObject("wildcard").put(attributeName, "*" + attributeValue); + break; + + case "IN": + ObjectNode termsNode = ((ArrayNode) query.get("bool").get(condition.equals("AND") ? "filter" : "should")).addObject(); + termsNode.putObject("terms").set(attributeName, crit.get("attributeValue")); + break; + + case "NOT_IN": + termsNode = ((ArrayNode) query.get("bool").get(condition.equals("AND") ? "filter" : "should")).addObject(); + termsNode.putObject("bool").putObject("must_not").putObject("terms").put(attributeName, crit.get("attributeValue")); + break; + + default: LOG.warn("Found unknown operator {}", operator); + } + } + } + RequestContext.get().endMetricRecord(convertJsonToQueryMetrics); + return query; + } +} diff --git a/repository/src/main/java/org/apache/atlas/authorizer/NewAuthorizerUtils.java b/repository/src/main/java/org/apache/atlas/authorizer/NewAuthorizerUtils.java new file mode 100644 index 0000000000..dd40df8d36 --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/authorizer/NewAuthorizerUtils.java @@ -0,0 +1,22 @@ +package org.apache.atlas.authorizer; + +import org.apache.atlas.authorizer.authorizers.ListAuthorizer; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.util.List; +import java.util.Map; + +public class NewAuthorizerUtils { + private static final Logger LOG = LoggerFactory.getLogger(NewAuthorizerUtils.class); + + public static final String POLICY_TYPE_ALLOW = "allow"; + public static final String POLICY_TYPE_DENY = "deny"; + public static final int MAX_CLAUSE_LIMIT = 1024; + + public static final String DENY_POLICY_NAME_SUFFIX = "_deny"; + + public static Map getPreFilterDsl(String persona, String purpose, List actions) { + return ListAuthorizer.getElasticsearchDSL(persona, purpose, actions); + } +} diff --git a/repository/src/main/java/org/apache/atlas/authorizer/authorizers/AuthorizerCommon.java b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/AuthorizerCommon.java new file mode 100644 index 0000000000..94d2b9abae --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/AuthorizerCommon.java @@ -0,0 +1,72 @@ +package org.apache.atlas.authorizer.authorizers; + +import org.apache.atlas.exception.AtlasBaseException; +import org.apache.atlas.model.instance.AtlasEntity; +import org.apache.atlas.model.instance.AtlasEntityHeader; +import org.apache.atlas.repository.graphdb.AtlasGraph; +import org.apache.atlas.repository.graphdb.AtlasVertex; +import org.apache.atlas.repository.store.graph.v2.EntityGraphRetriever; +import org.apache.atlas.type.AtlasEntityType; +import org.apache.atlas.type.AtlasTypeRegistry; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Component; + +import javax.inject.Inject; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; + +@Component +public class AuthorizerCommon { + private static final Logger LOG = LoggerFactory.getLogger(AuthorizerCommon.class); + + private static AtlasTypeRegistry typeRegistry; + private static EntityGraphRetriever entityRetriever; + + @Inject + public AuthorizerCommon(AtlasGraph graph, AtlasTypeRegistry typeRegistry) { + this.typeRegistry = typeRegistry; + this.entityRetriever = new EntityGraphRetriever(graph, typeRegistry, true); + } + + public static String getCurrentUserName() { + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + + return auth != null ? auth.getName() : ""; + } + + public static boolean arrayListContains(List listA, List listB) { + for (String listAItem : listA){ + if (listB.contains(listAItem)) { + return true; + } + } + return false; + } + + public static Map getMap(String key, Object value) { + Map map = new HashMap<>(); + map.put(key, value); + return map; + } + + public static AtlasEntityType getEntityTypeByName(String typeName) { + return typeRegistry.getEntityTypeByName(typeName); + } + + public static AtlasEntity toAtlasEntityHeaderWithClassifications(String guid) throws AtlasBaseException { + //return new AtlasEntity(entityRetriever.toAtlasEntityHeaderWithClassifications(guid)); + return new AtlasEntity(entityRetriever.toAtlasEntity(guid)); + } + + public static AtlasEntity toAtlasEntityHeaderWithClassifications(AtlasVertex vertex) throws AtlasBaseException { + //return new AtlasEntity(entityRetriever.toAtlasEntityHeaderWithClassifications(vertex)); + return new AtlasEntity(entityRetriever.toAtlasEntity(vertex)); + } +} diff --git a/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java new file mode 100644 index 0000000000..feaaaa988e --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java @@ -0,0 +1,323 @@ +package org.apache.atlas.authorizer.authorizers; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.common.collect.Lists; +import org.apache.atlas.RequestContext; +import org.apache.atlas.authorize.AtlasAuthorizationUtils; +import org.apache.atlas.authorizer.JsonToElasticsearchQuery; +import org.apache.atlas.authorizer.store.PoliciesStore; +import org.apache.atlas.plugin.model.RangerPolicy; +import org.apache.atlas.type.AtlasType; +import org.apache.atlas.utils.AtlasPerfMetrics; +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections.MapUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.util.ArrayList; +import java.util.Base64; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import static org.apache.atlas.authorizer.NewAuthorizerUtils.DENY_POLICY_NAME_SUFFIX; +import static org.apache.atlas.authorizer.NewAuthorizerUtils.MAX_CLAUSE_LIMIT; +import static org.apache.atlas.authorizer.NewAuthorizerUtils.POLICY_TYPE_ALLOW; +import static org.apache.atlas.authorizer.NewAuthorizerUtils.POLICY_TYPE_DENY; +import static org.apache.atlas.authorizer.authorizers.AuthorizerCommon.getMap; + +public class ListAuthorizer { + private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthorizationUtils.class); + + public static Map getElasticsearchDSL(String persona, String purpose, List actions) { + AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("ListAuthorizer.getElasticsearchDSL"); + Map allowDsl = getElasticsearchDSLForPolicyType(persona, purpose, actions, false, POLICY_TYPE_ALLOW); + Map denyDsl = getElasticsearchDSLForPolicyType(persona, purpose, actions, false, POLICY_TYPE_DENY); + Map finaDsl = new HashMap<>(); + if (allowDsl != null) { + finaDsl.put("filter", allowDsl); + } + if (denyDsl != null) { + finaDsl.put("must_not", denyDsl); + } + + RequestContext.get().endMetricRecord(recorder); + return getMap("bool", finaDsl); + } + + public static Map getElasticsearchDSLForPolicyType(String persona, String purpose, + List actions, boolean requestMatchedPolicyId, + String policyType) { + AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("ListAuthorizer.getElasticsearchDSLForPolicyType."+ policyType); + + List resourcePolicies = PoliciesStore.getRelevantPolicies(persona, purpose, "atlas", actions, policyType); + List tagPolicies = PoliciesStore.getRelevantPolicies(persona, purpose, "atlas_tag", actions, policyType); + + List> shouldClauses = new ArrayList<>(); + if (requestMatchedPolicyId) { + shouldClauses.addAll(getDSLForResourcePoliciesPerPolicy(resourcePolicies)); + shouldClauses.addAll(getDSLForTagPoliciesPerPolicy(tagPolicies)); + } else { + shouldClauses.addAll(getDSLForResourcePolicies(resourcePolicies)); + Map tagDsl = getDSLForTagPolicies(tagPolicies); + if (MapUtils.isNotEmpty(tagDsl)) { + shouldClauses.add(tagDsl); + } + } + + LOG.info("Applicable policies to user {}", resourcePolicies.size() + tagPolicies.size()); + + Map boolClause = new HashMap<>(); + if (shouldClauses.isEmpty()) { + if (POLICY_TYPE_ALLOW.equals(policyType)) { + boolClause.put("must_not", getMap("match_all", new HashMap<>())); + } else { + return null; + } + + } else { + if (shouldClauses.size() > MAX_CLAUSE_LIMIT) { + List> splittedShould = new ArrayList<>(); + List>> partitionedShouldClause = Lists.partition(shouldClauses, MAX_CLAUSE_LIMIT); + + for (List> chunk : partitionedShouldClause) { + splittedShould.add(getMap("bool", getMap("should", chunk))); + } + boolClause.put("should", splittedShould); + + } else { + boolClause.put("should", shouldClauses); + } + + boolClause.put("minimum_should_match", 1); + } + + RequestContext.get().endMetricRecord(recorder); + return getMap("bool", boolClause); + } + + private static List> getDSLForResourcePolicies(List policies) { + + // To reduce the number of clauses + List combinedEntities = new ArrayList<>(); + Set combinedEntityTypes = new HashSet<>(); + List> shouldClauses = new ArrayList<>(); + + for (RangerPolicy policy : policies) { + if (!policy.getResources().isEmpty()) { + List entities = policy.getResources().get("entity").getValues(); + List entityTypesRaw = policy.getResources().get("entity-type").getValues(); + + if (entities.contains("*") && entityTypesRaw.contains("*")) { + Map emptyMap = new HashMap<>(); + shouldClauses.clear(); + shouldClauses.add(getMap("match_all",emptyMap)); + break; + } + + entities.remove("*"); + entityTypesRaw.remove("*"); + + //Set entityTypes = new HashSet<>(); + //entityTypesRaw.forEach(x -> entityTypes.addAll(AuthorizerCommon.getTypeAndSupertypesList(x))); + + if (!entities.isEmpty() && entityTypesRaw.isEmpty()) { + combinedEntities.addAll(entities); + } else if (entities.isEmpty() && !entityTypesRaw.isEmpty()) { + combinedEntityTypes.addAll(entityTypesRaw); + } else if (!entities.isEmpty() && !entityTypesRaw.isEmpty()) { + Map dslForPolicyResources = getDSLForResources(entities, new HashSet<>(entityTypesRaw), null, null); + shouldClauses.add(dslForPolicyResources); + } + } + } + if (!combinedEntities.isEmpty()) { + shouldClauses.add(getDSLForResources(combinedEntities, new HashSet<>(), null, null)); + } + if (!combinedEntityTypes.isEmpty()) { + shouldClauses.add(getDSLForResources(new ArrayList<>(), combinedEntityTypes, null, null)); + } + return shouldClauses; + } + + public static Map getDSLForResources(List entities, Set typeNames, List classifications, String clauseName){ + List> shouldClauses = new ArrayList<>(); + List termsQualifiedNames = new ArrayList<>(); + for (String entity: entities) { + if (!entity.equals("*")) { + if (entity.contains("*") || entity.contains("?")) { + shouldClauses.add(getMap("wildcard", getMap("qualifiedName", entity))); + } else { + termsQualifiedNames.add(entity); + } + } + } + if (!termsQualifiedNames.isEmpty()) { + shouldClauses.add(getMap("terms", getMap("qualifiedName", termsQualifiedNames))); + } + + Map boolClause = new HashMap<>(); + + if (!shouldClauses.isEmpty()) { + boolClause.put("should", shouldClauses); + boolClause.put("minimum_should_match", 1); + } + + List> filterClauses = new ArrayList<>(); + + if (!typeNames.isEmpty() && !typeNames.contains("*")) { + List> typeClauses = new ArrayList<>(); + typeClauses.add(getMap("terms", getMap("__typeName.keyword", typeNames))); + typeClauses.add(getMap("terms", getMap("__superTypeNames.keyword", typeNames))); + + filterClauses.add(getMap("bool", getMap("should", typeClauses))); + } + + if (classifications != null && !classifications.isEmpty() && !classifications.contains("*")) { + List> classificationClauses = new ArrayList<>(); + + classificationClauses.add(getMap("terms", getMap("__traitNames", classifications))); + classificationClauses.add(getMap("terms", getMap("__propagatedTraitNames", classifications))); + + filterClauses.add(getMap("bool", getMap("should", classificationClauses))); + } + + if (!filterClauses.isEmpty()) { + boolClause.put("filter", filterClauses); + } + + if (clauseName != null) { + boolClause.put("_name", clauseName); + } + + return getMap("bool", boolClause); + } + + public static Map getDSLForTagPolicies(List policies) { + // To reduce the number of clauses + Set allTags = new HashSet<>(); + LOG.info("Found {} tag policies", policies.size()); + + for (RangerPolicy policy : policies) { + if (!policy.getResources().isEmpty()) { + LOG.info("policy {}", AtlasType.toJson(policy)); + List tags = policy.getResources().get("tag").getValues(); + if (!tags.isEmpty()) { + allTags.addAll(tags); + } + } + } + if (!allTags.isEmpty()) { + return getDSLForTags(allTags); + } + return null; + } + + public static List> getDSLForAbacPolicies(List policies) { + List dslList = new ArrayList<>(); + ObjectMapper mapper = new ObjectMapper(); + + for (RangerPolicy policy : policies) { + String filterCriteria = policy.getPolicyFilterCriteria(); + if (filterCriteria != null && !filterCriteria.isEmpty() ) { + JsonNode filterCriteriaNode = null; + try { + filterCriteriaNode = mapper.readTree(filterCriteria); + } catch (JsonProcessingException e) { + e.printStackTrace(); + } + if (filterCriteriaNode != null && filterCriteriaNode.get("entity") != null) { + JsonNode entityFilterCriteriaNode = filterCriteriaNode.get("entity"); + JsonNode dsl = JsonToElasticsearchQuery.convertJsonToQuery(entityFilterCriteriaNode, mapper); + dslList.add(dsl.toString()); + } + } + } + + List> clauses = new ArrayList<>(); + for (String dsl: dslList) { + String policyDSLBase64 = Base64.getEncoder().encodeToString(dsl.getBytes());; + clauses.add(getMap("wrapper", getMap("query", policyDSLBase64))); + } + return clauses; + } + + public static List> getDSLForResourcePoliciesPerPolicy(List policies) { + + List> shouldClauses = new ArrayList<>(); + + for (RangerPolicy policy : policies) { + if (!policy.getResources().isEmpty()) { + RangerPolicy.RangerPolicyResource resourceEntity = policy.getResources().get("entity"); + RangerPolicy.RangerPolicyResource resourceTypes = policy.getResources().get("entity-type"); + + if (resourceEntity != null && resourceTypes != null) { + List entities = policy.getResources().get("entity").getValues(); + List entityTypesRaw = policy.getResources().get("entity-type").getValues(); + + if (entities.contains("*") && entityTypesRaw.contains("*")) { + shouldClauses.clear(); + shouldClauses.add(getMap("match_all", getMap("_name", policy.getGuid() + getPolicySuffix(policy)))); + break; + } + + Map dslForPolicyResources = getDSLForResources(entities, new HashSet<>(entityTypesRaw), null, + policy.getGuid() + getPolicySuffix(policy)); + shouldClauses.add(dslForPolicyResources); + } + } + } + return shouldClauses; + } + + public static String getPolicySuffix(RangerPolicy policy) { + if (CollectionUtils.isNotEmpty(policy.getDenyPolicyItems())) { + return DENY_POLICY_NAME_SUFFIX; + } + return ""; + } + + public static List> getDSLForTagPoliciesPerPolicy(List policies) { + List> shouldClauses = new ArrayList<>(); + + LOG.info("Found {} tag policies", policies.size()); + + for (RangerPolicy policy : policies) { + if (!policy.getResources().isEmpty()) { + LOG.info("policy {}", AtlasType.toJson(policy)); + List tags = policy.getResources().get("tag").getValues(); + if (!tags.isEmpty()) { + + List> tagsClauses = new ArrayList<>(); + tagsClauses.add(getMap("terms", getMap("__traitNames", tags))); + tagsClauses.add(getMap("terms", getMap("__propagatedTraitNames", tags))); + + Map shouldMap = getMap("should", tagsClauses); + shouldMap.put("minimum_should_match", 1); + shouldMap.put("_name", policy.getGuid() + getPolicySuffix(policy)); + + Map boolClause = getMap("bool", shouldMap); + shouldClauses.add(boolClause); + } + } + } + + return shouldClauses; + } + + private static Map getDSLForTags(Set tags){ + List> shouldClauses = new ArrayList<>(); + shouldClauses.add(getMap("terms", getMap("__traitNames", tags))); + shouldClauses.add(getMap("terms", getMap("__propagatedTraitNames", tags))); + + Map boolClause = new HashMap<>(); + boolClause.put("should", shouldClauses); + boolClause.put("minimum_should_match", 1); + + return getMap("bool", boolClause); + } +} diff --git a/repository/src/main/java/org/apache/atlas/authorizer/store/PoliciesStore.java b/repository/src/main/java/org/apache/atlas/authorizer/store/PoliciesStore.java new file mode 100644 index 0000000000..0c00f88a54 --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/authorizer/store/PoliciesStore.java @@ -0,0 +1,181 @@ +package org.apache.atlas.authorizer.store; + +import org.apache.atlas.RequestContext; +import org.apache.atlas.authorizer.authorizers.AuthorizerCommon; +import org.apache.atlas.plugin.model.RangerPolicy; +import org.apache.atlas.plugin.util.RangerRoles; +import org.apache.atlas.plugin.util.RangerUserStore; +import org.apache.atlas.utils.AtlasPerfMetrics; +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.util.ArrayList; +import java.util.List; +import java.util.stream.Collectors; + +import static org.apache.atlas.authorizer.NewAuthorizerUtils.POLICY_TYPE_ALLOW; +import static org.apache.atlas.authorizer.NewAuthorizerUtils.POLICY_TYPE_DENY; + +public class PoliciesStore { + + private static final Logger LOG = LoggerFactory.getLogger(PoliciesStore.class); + + private static List resourcePolicies; + private static List tagPolicies; + + public static void setResourcePolicies(List resourcePolicies) { + PoliciesStore.resourcePolicies = resourcePolicies; + } + + private static List getResourcePolicies() { + return resourcePolicies; + } + + public static void setTagPolicies(List tagPolicies) { + PoliciesStore.tagPolicies = tagPolicies; + } + + private static List getTagPolicies() { + return tagPolicies; + } + + public static List getRelevantPolicies(String persona, String purpose, String serviceName, List actions, String policyType) { + return getRelevantPolicies(null, null, serviceName, actions, policyType, false); + } + + public static List getRelevantPolicies(String persona, String purpose, String serviceName, List actions, String policyType, boolean ignoreUser) { + AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("getRelevantPolicies"); + String policyQualifiedNamePrefix = null; + if (persona != null && !persona.isEmpty()) { + policyQualifiedNamePrefix = persona; + } else if (purpose != null && !purpose.isEmpty()) { + policyQualifiedNamePrefix = purpose; + } + + List policies = new ArrayList<>(); + if ("atlas".equals(serviceName)) { + policies = getResourcePolicies(); + } else if ("atlas_tag".equals(serviceName)) { + policies = getTagPolicies(); + } + + List filteredPolicies = null; + if (CollectionUtils.isNotEmpty(policies)) { + filteredPolicies = new ArrayList<>(policies); + filteredPolicies = getFilteredPoliciesForQualifiedName(filteredPolicies, policyQualifiedNamePrefix); + filteredPolicies = getFilteredPoliciesForActions(filteredPolicies, actions, policyType); + + if (!ignoreUser) { + String user = AuthorizerCommon.getCurrentUserName(); + LOG.info("Getting relevant policies for user: {}", user); + + RangerUserStore userStore = UsersStore.getUserStore(); + List groups = UsersStore.getGroupsForUser(user, userStore); + + RangerRoles allRoles = UsersStore.getAllRoles(); + List roles = UsersStore.getRolesForUser(user, allRoles); + roles.addAll(UsersStore.getNestedRolesForUser(roles, allRoles)); + + filteredPolicies = getFilteredPoliciesForUser(filteredPolicies, user, groups, roles, policyType); + } + } else { + filteredPolicies = new ArrayList<>(0); + } + + RequestContext.get().endMetricRecord(recorder); + return filteredPolicies; + } + + static List getFilteredPoliciesForQualifiedName(List policies, String qualifiedNamePrefix) { + AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("getFilteredPoliciesForQualifiedName"); + if (qualifiedNamePrefix != null && !qualifiedNamePrefix.isEmpty()) { + List filteredPolicies = new ArrayList<>(); + for(RangerPolicy policy : policies) { + if (policy.getName().startsWith(qualifiedNamePrefix)) { + filteredPolicies.add(policy); + } + } + return filteredPolicies; + } + + RequestContext.get().endMetricRecord(recorder); + return policies; + } + + private static List getFilteredPoliciesForActions(List policies, List actions, String type) { + AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("getFilteredPoliciesForActions"); + List filteredPolicies = new ArrayList<>(); + + + for(RangerPolicy policy : policies) { + RangerPolicy.RangerPolicyItem policyItem = null; + + if (StringUtils.isNotEmpty(type)) { + if (POLICY_TYPE_ALLOW.equals(type) && !policy.getPolicyItems().isEmpty()) { + policyItem = policy.getPolicyItems().get(0); + } else if (POLICY_TYPE_DENY.equals(type) && !policy.getDenyPolicyItems().isEmpty()) { + policyItem = policy.getDenyPolicyItems().get(0); + } + } else { + if (!policy.getPolicyItems().isEmpty()) { + policyItem = policy.getPolicyItems().get(0); + } else if (!policy.getDenyPolicyItems().isEmpty()) { + policyItem = policy.getDenyPolicyItems().get(0); + } + } + + if (policyItem != null) { + List policyActions = new ArrayList<>(); + if (!policyItem.getAccesses().isEmpty()) { + policyActions = policyItem.getAccesses().stream().map(x -> x.getType()).collect(Collectors.toList()); + } + if (AuthorizerCommon.arrayListContains(policyActions, actions)) { + filteredPolicies.add(policy); + } + } + } + + RequestContext.get().endMetricRecord(recorder); + return filteredPolicies; + } + + private static List getFilteredPoliciesForUser(List policies, String user, List groups, List roles, String type) { + AtlasPerfMetrics.MetricRecorder recorder = RequestContext.get().startMetricRecord("getFilteredPoliciesForUser"); + + List filterPolicies = new ArrayList<>(); + for(RangerPolicy policy : policies) { + RangerPolicy.RangerPolicyItem policyItem = null; + + if (StringUtils.isNotEmpty(type)) { + if (POLICY_TYPE_ALLOW.equals(type) && !policy.getPolicyItems().isEmpty()) { + policyItem = policy.getPolicyItems().get(0); + } else if (POLICY_TYPE_DENY.equals(type) && !policy.getDenyPolicyItems().isEmpty()) { + policyItem = policy.getDenyPolicyItems().get(0); + } + } else { + if (!policy.getPolicyItems().isEmpty()) { + policyItem = policy.getPolicyItems().get(0); + } else if (!policy.getDenyPolicyItems().isEmpty()) { + policyItem = policy.getDenyPolicyItems().get(0); + } + } + + if (policyItem != null) { + List policyUsers = policyItem.getUsers(); + List policyGroups = policyItem.getGroups(); + List policyRoles = policyItem.getRoles(); + if (policyUsers.contains(user) + || policyGroups.contains("public") + || AuthorizerCommon.arrayListContains(policyGroups, groups) + || AuthorizerCommon.arrayListContains(policyRoles, roles)) { + filterPolicies.add(policy); + } + } + } + + RequestContext.get().endMetricRecord(recorder); + return filterPolicies; + } +} diff --git a/repository/src/main/java/org/apache/atlas/authorizer/store/UsersStore.java b/repository/src/main/java/org/apache/atlas/authorizer/store/UsersStore.java new file mode 100644 index 0000000000..83d5f16848 --- /dev/null +++ b/repository/src/main/java/org/apache/atlas/authorizer/store/UsersStore.java @@ -0,0 +1,74 @@ +package org.apache.atlas.authorizer.store; + +import org.apache.atlas.authorizer.authorizers.AuthorizerCommon; +import org.apache.atlas.plugin.model.RangerRole; +import org.apache.atlas.plugin.util.RangerRoles; +import org.apache.atlas.plugin.util.RangerUserStore; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import java.util.Set; + +public class UsersStore { + + private static RangerUserStore userStore; + private static RangerRoles allRoles; + + public static void setUserStore(RangerUserStore userStore) { + UsersStore.userStore = userStore; + } + + public static RangerUserStore getUserStore() { + return userStore; + } + + public static void setAllRoles(RangerRoles allRoles) { + UsersStore.allRoles = allRoles; + } + + public static RangerRoles getAllRoles() { + return allRoles; + } + + public static List getGroupsForUser(String user, RangerUserStore userStore) { + Map> userGroupMapping = userStore.getUserGroupMapping(); + List groups = new ArrayList<>(); + Set groupsSet = userGroupMapping.get(user); + if (groupsSet != null && !groupsSet.isEmpty()) { + groups.addAll(groupsSet); + } + return groups; + } + + public static List getRolesForUser(String user, RangerRoles allRoles) { + List roles = new ArrayList<>(); + Set rangerRoles = allRoles.getRangerRoles(); + for (RangerRole role : rangerRoles) { + List users = role.getUsers(); + for (RangerRole.RoleMember roleUser: users) { + if (roleUser.getName().equals(user)) { + roles.add(role.getName()); + } + } + } + return roles; + } + + public static List getNestedRolesForUser(List userRoles, RangerRoles allRoles) { + List ret = new ArrayList<>(); + Set rangerRoles = allRoles.getRangerRoles(); + for (RangerRole role : rangerRoles) { + List nestedRoles = role.getRoles(); + List nestedRolesName = new ArrayList<>(); + for (RangerRole.RoleMember nestedRole : nestedRoles) { + nestedRolesName.add(nestedRole.getName()); + } + if (AuthorizerCommon.arrayListContains(userRoles, nestedRolesName)) { + ret.add(role.getName()); + } + } + return ret; + } + +} diff --git a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java index da4b3f2d63..bf754914e8 100644 --- a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java +++ b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java @@ -17,11 +17,15 @@ */ package org.apache.atlas.discovery; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ObjectNode; import com.google.common.annotations.VisibleForTesting; import org.apache.atlas.*; import org.apache.atlas.annotation.GraphTransaction; import org.apache.atlas.authorize.AtlasAuthorizationUtils; import org.apache.atlas.authorize.AtlasSearchResultScrubRequest; +import org.apache.atlas.authorizer.NewAuthorizerUtils; import org.apache.atlas.exception.AtlasBaseException; import org.apache.atlas.model.discovery.*; import org.apache.atlas.model.discovery.AtlasSearchResult.AtlasFullTextResult; @@ -996,6 +1000,10 @@ public AtlasSearchResult directIndexSearch(SearchParams searchParams) throws Atl String indexName = getIndexName(params); indexQuery = graph.elasticsearchQuery(indexName); + if (searchParams.getEnableFullRestriction()) { + addPreFiltersToSearchQuery(searchParams); + } + LOG.info(searchParams.getQuery()); AtlasPerfMetrics.MetricRecorder elasticSearchQueryMetric = RequestContext.get().startMetricRecord("elasticSearchQuery"); DirectIndexQueryResult indexQueryResult = indexQuery.vertices(searchParams); RequestContext.get().endMetricRecord(elasticSearchQueryMetric); @@ -1102,7 +1110,10 @@ private void prepareSearchResult(AtlasSearchResult ret, DirectIndexQueryResult i } catch (Exception e) { throw e; } - scrubSearchResults(ret, searchParams.getSuppressLogs()); + + if (!searchParams.getEnableFullRestriction()) { + scrubSearchResults(ret, searchParams.getSuppressLogs()); + } } private Map getMap(String key, Object value) { @@ -1148,4 +1159,41 @@ private String getIndexName(IndexSearchParams params) throws AtlasBaseException throw new AtlasBaseException("ES alias not found for purpose/persona " + params.getPurpose()); } } + + private void addPreFiltersToSearchQuery(SearchParams searchParams) { + try { + String persona = ((IndexSearchParams) searchParams).getPersona(); + String purpose = ((IndexSearchParams) searchParams).getPurpose(); + + AtlasPerfMetrics.MetricRecorder addPreFiltersToSearchQueryMetric = RequestContext.get().startMetricRecord("addPreFiltersToSearchQuery"); + ObjectMapper mapper = new ObjectMapper(); + List> mustClauseList = new ArrayList<>(); + + List actions = new ArrayList<>(); + actions.add("entity-read"); + + Map allPreFiltersBoolClause = NewAuthorizerUtils.getPreFilterDsl(persona, purpose, actions); + mustClauseList.add(allPreFiltersBoolClause); + + String dslString = searchParams.getQuery(); + JsonNode node = mapper.readTree(dslString); + JsonNode userQueryNode = node.get("query"); + if (userQueryNode != null) { + + String userQueryString = userQueryNode.toString(); + + String userQueryBase64 = Base64.getEncoder().encodeToString(userQueryString.getBytes()); + mustClauseList.add(getMap("wrapper", getMap("query", userQueryBase64))); + } + + JsonNode updateQueryNode = mapper.valueToTree(getMap("bool", getMap("must", mustClauseList))); + + ((ObjectNode) node).set("query", updateQueryNode); + searchParams.setQuery(node.toString()); + RequestContext.get().endMetricRecord(addPreFiltersToSearchQueryMetric); + + } catch (Exception e) { + LOG.error("Error -> addPreFiltersToSearchQuery!", e); + } + } } diff --git a/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AuthPoliciesBootstrapper.java b/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AuthPoliciesBootstrapper.java index 9b1327ba1f..5f4015d100 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AuthPoliciesBootstrapper.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AuthPoliciesBootstrapper.java @@ -68,6 +68,11 @@ private void startInternal() { if ("atlas".equalsIgnoreCase(authorizer)) { loadBootstrapAuthPolicies(); + + boolean overridePolicies = ApplicationProperties.get().getBoolean("atlas.authorizer.policy.override", false); + if (overridePolicies) { + overrideBootstrapAuthPolicies(); + } } else { LOG.info("AuthPoliciesBootstrapper: startInternal: Skipping as not needed"); } @@ -96,6 +101,20 @@ private void loadBootstrapAuthPolicies() { LOG.info("<== AuthPoliciesBootstrapper.loadBootstrapAuthPolicies()"); } + private void overrideBootstrapAuthPolicies() { + LOG.info("==> AuthPoliciesBootstrapper.overrideBootstrapAuthPolicies()"); + RequestContext.get().setSkipAuthorizationCheck(true); + try { + String atlasHomeDir = System.getProperty("atlas.home"); + String policiesDirName = (StringUtils.isEmpty(atlasHomeDir) ? "." : atlasHomeDir) + File.separator + "override-policies"; + File topPoliciesDir = new File(policiesDirName); + loadPoliciesInFolder(topPoliciesDir); + } finally { + RequestContext.get().setSkipAuthorizationCheck(false); + } + LOG.info("<== AuthPoliciesBootstrapper.overrideBootstrapAuthPolicies()"); + } + private void loadPoliciesInFolder (File folder) { LOG.info("==> AuthPoliciesBootstrapper.loadPoliciesInFolder({})", folder); From 1ae5fd5ee22fe4038d920d8bb6d1bc26704660d7 Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte <89625355+nikhilbonte21@users.noreply.github.com> Date: Tue, 13 Feb 2024 20:36:37 +0530 Subject: [PATCH 02/15] Update maven.yml --- .github/workflows/maven.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 0977cb36a2..1b464a2bac 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -26,6 +26,7 @@ on: - development - master - lineageondemand + - fullrestrictionsonreads jobs: build: From a5c9f72b15b924d90ab814ec88aabc109b15f0c6 Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Wed, 14 Feb 2024 16:48:23 +0530 Subject: [PATCH 03/15] Refactorings --- .../plugin/model/NewAccessResourceImpl.java | 253 ------------------ .../atlas/plugin/model/RangerPolicy.java | 26 -- .../authorizers/AuthorizerCommon.java | 22 -- .../authorizers/ListAuthorizer.java | 39 +-- .../discovery/EntityDiscoveryService.java | 2 +- 5 files changed, 6 insertions(+), 336 deletions(-) delete mode 100644 auth-common/src/main/java/org/apache/atlas/plugin/model/NewAccessResourceImpl.java diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/NewAccessResourceImpl.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/NewAccessResourceImpl.java deleted file mode 100644 index 0841060387..0000000000 --- a/auth-common/src/main/java/org/apache/atlas/plugin/model/NewAccessResourceImpl.java +++ /dev/null @@ -1,253 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.atlas.plugin.model; - -import org.apache.atlas.plugin.model.RangerServiceDef.RangerResourceDef; -import org.apache.commons.lang.ObjectUtils; - -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; - -public class NewAccessResourceImpl { - - private String RESOURCE_SEP = "/"; - private String RESOURCE_NAME_VAL_SEP = "="; - - private String ownerUser; - private Map elements; - private String stringifiedValue; - private String stringifiedCacheKeyValue; - private String leafName; - private RangerServiceDef serviceDef; - - public NewAccessResourceImpl() { - this(null, null); - } - - public NewAccessResourceImpl(Map elements) { - this(elements, null); - } - - public NewAccessResourceImpl(Map elements, String ownerUser) { - this.elements = elements; - this.ownerUser = ownerUser; - } - - public String getOwnerUser() { - return ownerUser; - } - - public boolean exists(String name) { - return elements != null && elements.containsKey(name); - } - - public Object getValue(String name) { - Object ret = null; - - if(elements != null && elements.containsKey(name)) { - ret = elements.get(name); - } - - return ret; - } - - public Set getKeys() { - Set ret = null; - - if(elements != null) { - ret = elements.keySet(); - } - - return ret; - } - - public void setOwnerUser(String ownerUser) { - this.ownerUser = ownerUser; - } - - public void setValue(String name, Object value) { - if(value == null) { - if(elements != null) { - elements.remove(name); - - if(elements.isEmpty()) { - elements = null; - } - } - } else { - if(elements == null) { - elements = new HashMap<>(); - } - elements.put(name, value); - } - - // reset, so that these will be computed again with updated elements - stringifiedValue = stringifiedCacheKeyValue = leafName = null; - } - - public void setServiceDef(final RangerServiceDef serviceDef) { - this.serviceDef = serviceDef; - this.stringifiedValue = this.stringifiedCacheKeyValue = this.leafName = null; - } - - public RangerServiceDef getServiceDef() { - return this.serviceDef; - } - - public String getLeafName() { - String ret = leafName; - - if(ret == null) { - if(serviceDef != null && serviceDef.getResources() != null) { - List resourceDefs = serviceDef.getResources(); - - for(int idx = resourceDefs.size() - 1; idx >= 0; idx--) { - RangerResourceDef resourceDef = resourceDefs.get(idx); - - if(resourceDef != null && exists(resourceDef.getName())) { - ret = leafName = resourceDef.getName(); - break; - } - } - } - } - - return ret; - } - - public String getAsString() { - String ret = stringifiedValue; - - if(ret == null) { - if(serviceDef != null && serviceDef.getResources() != null) { - StringBuilder sb = new StringBuilder(); - - for(RangerResourceDef resourceDef : serviceDef.getResources()) { - if(resourceDef == null || !exists(resourceDef.getName())) { - continue; - } - - if(sb.length() > 0) { - sb.append(RESOURCE_SEP); - } - - sb.append(getValue(resourceDef.getName())); - } - - if(sb.length() > 0) { - ret = stringifiedValue = sb.toString(); - } - } - } - - return ret; - } - - public String getCacheKey() { - String ret = stringifiedCacheKeyValue; - - if(ret == null) { - if(serviceDef != null && serviceDef.getResources() != null) { - StringBuilder sb = new StringBuilder(); - - for(RangerResourceDef resourceDef : serviceDef.getResources()) { - if(resourceDef == null || !exists(resourceDef.getName())) { - continue; - } - - if(sb.length() > 0) { - sb.append(RESOURCE_SEP); - } - - sb.append(resourceDef.getName()).append(RESOURCE_NAME_VAL_SEP).append(getValue(resourceDef.getName())); - } - - if(sb.length() > 0) { - ret = stringifiedCacheKeyValue = sb.toString(); - } - } - } - - return ret; - } - - public Map getAsMap() { - return elements == null ? Collections.EMPTY_MAP : Collections.unmodifiableMap(elements); - } - - public boolean equals(Object obj) { - if(obj == null || !(obj instanceof NewAccessResourceImpl)) { - return false; - } - - if(this == obj) { - return true; - } - - NewAccessResourceImpl other = (NewAccessResourceImpl) obj; - - return ObjectUtils.equals(ownerUser, other.ownerUser) && - ObjectUtils.equals(elements, other.elements); - } - - @Override - public int hashCode() { - int ret = 7; - - ret = 31 * ret + ObjectUtils.hashCode(ownerUser); - ret = 31 * ret + ObjectUtils.hashCode(elements); - - return ret; - } - - @Override - public String toString( ) { - StringBuilder sb = new StringBuilder(); - - toString(sb); - - return sb.toString(); - } - - public StringBuilder toString(StringBuilder sb) { - sb.append("RangerResourceImpl={"); - - sb.append("ownerUser={").append(ownerUser).append("} "); - - sb.append("elements={"); - if(elements != null) { - for(Map.Entry e : elements.entrySet()) { - sb.append(e.getKey()).append("=").append(e.getValue()).append("; "); - } - } - sb.append("} "); - - sb.append("}"); - - return sb; - } - - protected String getStringifiedValue() { return stringifiedValue; } - - protected void setStringifiedValue(String val) { this.stringifiedValue = val; } -} diff --git a/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java index fe11b16776..be93b492e9 100644 --- a/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java +++ b/auth-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicy.java @@ -85,8 +85,6 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria private String zoneName; private Boolean isDenyAllElse; private Map attributes; - private String policyFilterCriteria; - private String policyResourceCategory; public RangerPolicy() { this(null, null, null, null, null, null, null, null, null, null, null); @@ -140,8 +138,6 @@ public RangerPolicy(String service, String name, String policyType, Integer poli setZoneName(zoneName); setConditions(conditions); setIsDenyAllElse(isDenyAllElse); - setPolicyFilterCriteria(null); - setPolicyResourceCategory(null); } @@ -172,8 +168,6 @@ public void updateFrom(RangerPolicy other) { setPolicyLabels(other.getPolicyLabels()); setZoneName(other.getZoneName()); setIsDenyAllElse(other.getIsDenyAllElse()); - setPolicyFilterCriteria(other.getPolicyFilterCriteria()); - setPolicyResourceCategory(other.getPolicyResourceCategory()); } public Map getAttributes() { @@ -540,22 +534,6 @@ public void setIsDenyAllElse(Boolean isDenyAllElse) { this.isDenyAllElse = isDenyAllElse == null ? Boolean.FALSE : isDenyAllElse; } - public String getPolicyFilterCriteria() { - return policyFilterCriteria; - } - - public void setPolicyFilterCriteria(String policyFilterCriteria) { - this.policyFilterCriteria = policyFilterCriteria; - } - - public String getPolicyResourceCategory() { - return policyResourceCategory; - } - - public void setPolicyResourceCategory(String policyResourceCategory) { - this.policyResourceCategory = policyResourceCategory; - } - @Override public String toString( ) { StringBuilder sb = new StringBuilder(); @@ -689,10 +667,6 @@ public StringBuilder toString(StringBuilder sb) { } sb.append(", zoneName=").append(zoneName); - sb.append(", policyFilterCriteria=").append(policyFilterCriteria); - - sb.append(", policyResourceCategory=").append(policyResourceCategory); - sb.append(", isDenyAllElse={").append(isDenyAllElse).append("} "); sb.append("}"); diff --git a/repository/src/main/java/org/apache/atlas/authorizer/authorizers/AuthorizerCommon.java b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/AuthorizerCommon.java index 94d2b9abae..2cfac9f6db 100644 --- a/repository/src/main/java/org/apache/atlas/authorizer/authorizers/AuthorizerCommon.java +++ b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/AuthorizerCommon.java @@ -1,12 +1,7 @@ package org.apache.atlas.authorizer.authorizers; -import org.apache.atlas.exception.AtlasBaseException; -import org.apache.atlas.model.instance.AtlasEntity; -import org.apache.atlas.model.instance.AtlasEntityHeader; import org.apache.atlas.repository.graphdb.AtlasGraph; -import org.apache.atlas.repository.graphdb.AtlasVertex; import org.apache.atlas.repository.store.graph.v2.EntityGraphRetriever; -import org.apache.atlas.type.AtlasEntityType; import org.apache.atlas.type.AtlasTypeRegistry; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -15,12 +10,9 @@ import org.springframework.stereotype.Component; import javax.inject.Inject; -import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.Set; -import java.util.stream.Collectors; @Component public class AuthorizerCommon { @@ -55,18 +47,4 @@ public static Map getMap(String key, Object value) { map.put(key, value); return map; } - - public static AtlasEntityType getEntityTypeByName(String typeName) { - return typeRegistry.getEntityTypeByName(typeName); - } - - public static AtlasEntity toAtlasEntityHeaderWithClassifications(String guid) throws AtlasBaseException { - //return new AtlasEntity(entityRetriever.toAtlasEntityHeaderWithClassifications(guid)); - return new AtlasEntity(entityRetriever.toAtlasEntity(guid)); - } - - public static AtlasEntity toAtlasEntityHeaderWithClassifications(AtlasVertex vertex) throws AtlasBaseException { - //return new AtlasEntity(entityRetriever.toAtlasEntityHeaderWithClassifications(vertex)); - return new AtlasEntity(entityRetriever.toAtlasEntity(vertex)); - } } diff --git a/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java index feaaaa988e..2b20608d09 100644 --- a/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java +++ b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java @@ -69,7 +69,7 @@ public static Map getElasticsearchDSLForPolicyType(String person } } - LOG.info("Applicable policies to user {}", resourcePolicies.size() + tagPolicies.size()); + //LOG.info("Applicable policies to user {}", resourcePolicies.size() + tagPolicies.size()); Map boolClause = new HashMap<>(); if (shouldClauses.isEmpty()) { @@ -200,11 +200,11 @@ public static Map getDSLForResources(List entities, Set< public static Map getDSLForTagPolicies(List policies) { // To reduce the number of clauses Set allTags = new HashSet<>(); - LOG.info("Found {} tag policies", policies.size()); + //LOG.info("Found {} tag policies", policies.size()); for (RangerPolicy policy : policies) { if (!policy.getResources().isEmpty()) { - LOG.info("policy {}", AtlasType.toJson(policy)); + //LOG.info("policy {}", AtlasType.toJson(policy)); List tags = policy.getResources().get("tag").getValues(); if (!tags.isEmpty()) { allTags.addAll(tags); @@ -217,35 +217,6 @@ public static Map getDSLForTagPolicies(List polici return null; } - public static List> getDSLForAbacPolicies(List policies) { - List dslList = new ArrayList<>(); - ObjectMapper mapper = new ObjectMapper(); - - for (RangerPolicy policy : policies) { - String filterCriteria = policy.getPolicyFilterCriteria(); - if (filterCriteria != null && !filterCriteria.isEmpty() ) { - JsonNode filterCriteriaNode = null; - try { - filterCriteriaNode = mapper.readTree(filterCriteria); - } catch (JsonProcessingException e) { - e.printStackTrace(); - } - if (filterCriteriaNode != null && filterCriteriaNode.get("entity") != null) { - JsonNode entityFilterCriteriaNode = filterCriteriaNode.get("entity"); - JsonNode dsl = JsonToElasticsearchQuery.convertJsonToQuery(entityFilterCriteriaNode, mapper); - dslList.add(dsl.toString()); - } - } - } - - List> clauses = new ArrayList<>(); - for (String dsl: dslList) { - String policyDSLBase64 = Base64.getEncoder().encodeToString(dsl.getBytes());; - clauses.add(getMap("wrapper", getMap("query", policyDSLBase64))); - } - return clauses; - } - public static List> getDSLForResourcePoliciesPerPolicy(List policies) { List> shouldClauses = new ArrayList<>(); @@ -284,11 +255,11 @@ public static String getPolicySuffix(RangerPolicy policy) { public static List> getDSLForTagPoliciesPerPolicy(List policies) { List> shouldClauses = new ArrayList<>(); - LOG.info("Found {} tag policies", policies.size()); + //LOG.info("Found {} tag policies", policies.size()); for (RangerPolicy policy : policies) { if (!policy.getResources().isEmpty()) { - LOG.info("policy {}", AtlasType.toJson(policy)); + //LOG.info("policy {}", AtlasType.toJson(policy)); List tags = policy.getResources().get("tag").getValues(); if (!tags.isEmpty()) { diff --git a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java index bf754914e8..c6c29364a4 100644 --- a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java +++ b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java @@ -1003,7 +1003,7 @@ public AtlasSearchResult directIndexSearch(SearchParams searchParams) throws Atl if (searchParams.getEnableFullRestriction()) { addPreFiltersToSearchQuery(searchParams); } - LOG.info(searchParams.getQuery()); + //LOG.info(searchParams.getQuery()); AtlasPerfMetrics.MetricRecorder elasticSearchQueryMetric = RequestContext.get().startMetricRecord("elasticSearchQuery"); DirectIndexQueryResult indexQueryResult = indexQuery.vertices(searchParams); RequestContext.get().endMetricRecord(elasticSearchQueryMetric); From 42a04048a25f8e2973d0758cfcfeb0fd3541c40d Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Wed, 14 Feb 2024 17:23:01 +0530 Subject: [PATCH 04/15] flag based return query string in response --- .../atlas/model/discovery/IndexSearchParams.java | 11 +++++++---- .../apache/atlas/model/discovery/SearchParams.java | 9 +++++++++ 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java b/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java index ff76c10a67..fe801b4db8 100644 --- a/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java +++ b/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java @@ -77,13 +77,16 @@ public void setRelationAttributes(Set relationAttributes) { @Override public String toString() { - return "IndexSearchParams{" + + String str = "IndexSearchParams{" + "dsl=" + dsl + ", purpose='" + purpose + '\'' + ", persona='" + persona + '\'' + - ", queryString='" + queryString + '\'' + ", allowDeletedRelations=" + allowDeletedRelations + - ", utmTags="+ getUtmTags() + - '}'; + ", utmTags="+ getUtmTags(); + if (returnQueryInResponse) { + str = str + ", queryString='" + queryString + '\''; + } + + return str + '}'; } } diff --git a/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java b/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java index 9030654fda..7302bb7152 100644 --- a/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java +++ b/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java @@ -19,6 +19,7 @@ public class SearchParams { boolean excludeMeanings; boolean excludeClassifications; boolean enableFullRestriction; + boolean returnQueryInResponse; RequestMetadata requestMetadata = new RequestMetadata(); boolean showHighlights; @@ -39,6 +40,14 @@ public void setQuery(String query) { setQuery(query); } + public boolean isReturnQueryInResponse() { + return returnQueryInResponse; + } + + public void setReturnQueryInResponse(boolean returnQueryInResponse) { + this.returnQueryInResponse = returnQueryInResponse; + } + public void setAttributes(Set attributes) { this.attributes = attributes; } From 7e75d6d05ecfc7e27be5cbce8c5f22c10b5b8199 Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Wed, 14 Feb 2024 17:52:20 +0530 Subject: [PATCH 05/15] Revert --- .../atlas/model/discovery/IndexSearchParams.java | 11 ++++------- .../apache/atlas/model/discovery/SearchParams.java | 11 +---------- 2 files changed, 5 insertions(+), 17 deletions(-) diff --git a/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java b/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java index fe801b4db8..ff76c10a67 100644 --- a/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java +++ b/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java @@ -77,16 +77,13 @@ public void setRelationAttributes(Set relationAttributes) { @Override public String toString() { - String str = "IndexSearchParams{" + + return "IndexSearchParams{" + "dsl=" + dsl + ", purpose='" + purpose + '\'' + ", persona='" + persona + '\'' + + ", queryString='" + queryString + '\'' + ", allowDeletedRelations=" + allowDeletedRelations + - ", utmTags="+ getUtmTags(); - if (returnQueryInResponse) { - str = str + ", queryString='" + queryString + '\''; - } - - return str + '}'; + ", utmTags="+ getUtmTags() + + '}'; } } diff --git a/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java b/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java index 7302bb7152..ace2ef21fb 100644 --- a/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java +++ b/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java @@ -19,7 +19,6 @@ public class SearchParams { boolean excludeMeanings; boolean excludeClassifications; boolean enableFullRestriction; - boolean returnQueryInResponse; RequestMetadata requestMetadata = new RequestMetadata(); boolean showHighlights; @@ -39,15 +38,7 @@ public Set getAttributes() { public void setQuery(String query) { setQuery(query); } - - public boolean isReturnQueryInResponse() { - return returnQueryInResponse; - } - - public void setReturnQueryInResponse(boolean returnQueryInResponse) { - this.returnQueryInResponse = returnQueryInResponse; - } - + public void setAttributes(Set attributes) { this.attributes = attributes; } From 8d70da4ac63f48aa32e591cda4390eb40cfbcb41 Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Tue, 20 Feb 2024 15:19:53 +0530 Subject: [PATCH 06/15] print full restrictions flag in toString --- .../org/apache/atlas/model/discovery/IndexSearchParams.java | 1 + .../java/org/apache/atlas/model/discovery/SearchParams.java | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java b/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java index ff76c10a67..3a7913fe97 100644 --- a/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java +++ b/intg/src/main/java/org/apache/atlas/model/discovery/IndexSearchParams.java @@ -84,6 +84,7 @@ public String toString() { ", queryString='" + queryString + '\'' + ", allowDeletedRelations=" + allowDeletedRelations + ", utmTags="+ getUtmTags() + + ", enableFullRestriction="+ enableFullRestriction + '}'; } } diff --git a/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java b/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java index ace2ef21fb..9030654fda 100644 --- a/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java +++ b/intg/src/main/java/org/apache/atlas/model/discovery/SearchParams.java @@ -38,7 +38,7 @@ public Set getAttributes() { public void setQuery(String query) { setQuery(query); } - + public void setAttributes(Set attributes) { this.attributes = attributes; } From f67e1712013480ade5ba38d249faae7b43d0f499 Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Wed, 21 Feb 2024 15:28:00 +0530 Subject: [PATCH 07/15] Ignore full restrictions for Persona/Purpose request --- .../java/org/apache/atlas/discovery/EntityDiscoveryService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java index c6c29364a4..839b62e8ad 100644 --- a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java +++ b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java @@ -1000,7 +1000,7 @@ public AtlasSearchResult directIndexSearch(SearchParams searchParams) throws Atl String indexName = getIndexName(params); indexQuery = graph.elasticsearchQuery(indexName); - if (searchParams.getEnableFullRestriction()) { + if (searchParams.getEnableFullRestriction() && !VERTEX_INDEX_NAME.equals(indexName)) { addPreFiltersToSearchQuery(searchParams); } //LOG.info(searchParams.getQuery()); From 031b00cb767da3a4a3b80770d9c4c64638e643df Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Wed, 21 Feb 2024 16:19:15 +0530 Subject: [PATCH 08/15] Ignore full restrictions for Persona/Purpose request --- .../atlas/discovery/EntityDiscoveryService.java | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java index 839b62e8ad..35f0828830 100644 --- a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java +++ b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java @@ -1000,14 +1000,14 @@ public AtlasSearchResult directIndexSearch(SearchParams searchParams) throws Atl String indexName = getIndexName(params); indexQuery = graph.elasticsearchQuery(indexName); - if (searchParams.getEnableFullRestriction() && !VERTEX_INDEX_NAME.equals(indexName)) { + if (searchParams.getEnableFullRestriction() && VERTEX_INDEX_NAME.equals(indexName)) { addPreFiltersToSearchQuery(searchParams); } //LOG.info(searchParams.getQuery()); AtlasPerfMetrics.MetricRecorder elasticSearchQueryMetric = RequestContext.get().startMetricRecord("elasticSearchQuery"); DirectIndexQueryResult indexQueryResult = indexQuery.vertices(searchParams); RequestContext.get().endMetricRecord(elasticSearchQueryMetric); - prepareSearchResult(ret, indexQueryResult, resultAttributes, true); + prepareSearchResult(ret, indexQueryResult, resultAttributes, true, indexName); ret.setAggregations(indexQueryResult.getAggregationMap()); ret.setApproximateCount(indexQuery.vertexTotals()); @@ -1044,7 +1044,8 @@ public SearchLogSearchResult searchLogs(SearchLogSearchParams searchParams) thro } } - private void prepareSearchResult(AtlasSearchResult ret, DirectIndexQueryResult indexQueryResult, Set resultAttributes, boolean fetchCollapsedResults) throws AtlasBaseException { + private void prepareSearchResult(AtlasSearchResult ret, DirectIndexQueryResult indexQueryResult, Set resultAttributes, + boolean fetchCollapsedResults, String indexName) throws AtlasBaseException { SearchParams searchParams = ret.getSearchParameters(); try { if(LOG.isDebugEnabled()){ @@ -1091,7 +1092,7 @@ private void prepareSearchResult(AtlasSearchResult ret, DirectIndexQueryResult i DirectIndexQueryResult indexQueryCollapsedResult = result.getCollapseVertices(collapseKey); collapseRet.setApproximateCount(indexQueryCollapsedResult.getApproximateCount()); - prepareSearchResult(collapseRet, indexQueryCollapsedResult, collapseResultAttributes, false); + prepareSearchResult(collapseRet, indexQueryCollapsedResult, collapseResultAttributes, false, indexName); collapseRet.setSearchParameters(null); collapse.put(collapseKey, collapseRet); @@ -1111,7 +1112,7 @@ private void prepareSearchResult(AtlasSearchResult ret, DirectIndexQueryResult i throw e; } - if (!searchParams.getEnableFullRestriction()) { + if (!searchParams.getEnableFullRestriction() || !VERTEX_INDEX_NAME.equals(indexName)) { scrubSearchResults(ret, searchParams.getSuppressLogs()); } } From a41823daeadeacabba6abcdc57654872dc32f52b Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Wed, 21 Feb 2024 16:42:25 +0530 Subject: [PATCH 09/15] Revert "Ignore full restrictions for Persona/Purpose request" This reverts commit 031b00cb767da3a4a3b80770d9c4c64638e643df. --- .../atlas/discovery/EntityDiscoveryService.java | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java index 35f0828830..839b62e8ad 100644 --- a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java +++ b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java @@ -1000,14 +1000,14 @@ public AtlasSearchResult directIndexSearch(SearchParams searchParams) throws Atl String indexName = getIndexName(params); indexQuery = graph.elasticsearchQuery(indexName); - if (searchParams.getEnableFullRestriction() && VERTEX_INDEX_NAME.equals(indexName)) { + if (searchParams.getEnableFullRestriction() && !VERTEX_INDEX_NAME.equals(indexName)) { addPreFiltersToSearchQuery(searchParams); } //LOG.info(searchParams.getQuery()); AtlasPerfMetrics.MetricRecorder elasticSearchQueryMetric = RequestContext.get().startMetricRecord("elasticSearchQuery"); DirectIndexQueryResult indexQueryResult = indexQuery.vertices(searchParams); RequestContext.get().endMetricRecord(elasticSearchQueryMetric); - prepareSearchResult(ret, indexQueryResult, resultAttributes, true, indexName); + prepareSearchResult(ret, indexQueryResult, resultAttributes, true); ret.setAggregations(indexQueryResult.getAggregationMap()); ret.setApproximateCount(indexQuery.vertexTotals()); @@ -1044,8 +1044,7 @@ public SearchLogSearchResult searchLogs(SearchLogSearchParams searchParams) thro } } - private void prepareSearchResult(AtlasSearchResult ret, DirectIndexQueryResult indexQueryResult, Set resultAttributes, - boolean fetchCollapsedResults, String indexName) throws AtlasBaseException { + private void prepareSearchResult(AtlasSearchResult ret, DirectIndexQueryResult indexQueryResult, Set resultAttributes, boolean fetchCollapsedResults) throws AtlasBaseException { SearchParams searchParams = ret.getSearchParameters(); try { if(LOG.isDebugEnabled()){ @@ -1092,7 +1091,7 @@ private void prepareSearchResult(AtlasSearchResult ret, DirectIndexQueryResult i DirectIndexQueryResult indexQueryCollapsedResult = result.getCollapseVertices(collapseKey); collapseRet.setApproximateCount(indexQueryCollapsedResult.getApproximateCount()); - prepareSearchResult(collapseRet, indexQueryCollapsedResult, collapseResultAttributes, false, indexName); + prepareSearchResult(collapseRet, indexQueryCollapsedResult, collapseResultAttributes, false); collapseRet.setSearchParameters(null); collapse.put(collapseKey, collapseRet); @@ -1112,7 +1111,7 @@ private void prepareSearchResult(AtlasSearchResult ret, DirectIndexQueryResult i throw e; } - if (!searchParams.getEnableFullRestriction() || !VERTEX_INDEX_NAME.equals(indexName)) { + if (!searchParams.getEnableFullRestriction()) { scrubSearchResults(ret, searchParams.getSuppressLogs()); } } From 78d2fe730bf1eed0cbd700aaaebcbee6eb4b74f0 Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Fri, 23 Feb 2024 12:02:03 +0530 Subject: [PATCH 10/15] revert redundant chnage --- .../java/org/apache/atlas/discovery/EntityDiscoveryService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java index 839b62e8ad..c6c29364a4 100644 --- a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java +++ b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java @@ -1000,7 +1000,7 @@ public AtlasSearchResult directIndexSearch(SearchParams searchParams) throws Atl String indexName = getIndexName(params); indexQuery = graph.elasticsearchQuery(indexName); - if (searchParams.getEnableFullRestriction() && !VERTEX_INDEX_NAME.equals(indexName)) { + if (searchParams.getEnableFullRestriction()) { addPreFiltersToSearchQuery(searchParams); } //LOG.info(searchParams.getQuery()); From 8a1c2176ec2e1a0bac8764a6e98aedb0a5e8804b Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Fri, 23 Feb 2024 17:10:59 +0530 Subject: [PATCH 11/15] Refactorings --- .../authorizers/ListAuthorizer.java | 68 ++++++++++++------- 1 file changed, 44 insertions(+), 24 deletions(-) diff --git a/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java index 2b20608d09..4e41bebfcd 100644 --- a/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java +++ b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java @@ -108,9 +108,17 @@ private static List> getDSLForResourcePolicies(List> shouldClauses = new ArrayList<>(); for (RangerPolicy policy : policies) { - if (!policy.getResources().isEmpty()) { - List entities = policy.getResources().get("entity").getValues(); - List entityTypesRaw = policy.getResources().get("entity-type").getValues(); + if (MapUtils.isNotEmpty(policy.getResources())) { + List entities = new ArrayList<>(0); + List entityTypesRaw = new ArrayList<>(0); + + if (policy.getResources().get("entity") != null) { + entities = policy.getResources().get("entity").getValues(); + } + + if (policy.getResources().get("entity-type") != null) { + entityTypesRaw = policy.getResources().get("entity-type").getValues(); + } if (entities.contains("*") && entityTypesRaw.contains("*")) { Map emptyMap = new HashMap<>(); @@ -203,9 +211,14 @@ public static Map getDSLForTagPolicies(List polici //LOG.info("Found {} tag policies", policies.size()); for (RangerPolicy policy : policies) { - if (!policy.getResources().isEmpty()) { + if (MapUtils.isNotEmpty(policy.getResources())) { //LOG.info("policy {}", AtlasType.toJson(policy)); - List tags = policy.getResources().get("tag").getValues(); + List tags = new ArrayList<>(0); + + if (policy.getResources().get("tag") != null) { + tags = policy.getResources().get("tag").getValues(); + } + if (!tags.isEmpty()) { allTags.addAll(tags); } @@ -222,24 +235,27 @@ public static List> getDSLForResourcePoliciesPerPolicy(List< List> shouldClauses = new ArrayList<>(); for (RangerPolicy policy : policies) { - if (!policy.getResources().isEmpty()) { - RangerPolicy.RangerPolicyResource resourceEntity = policy.getResources().get("entity"); - RangerPolicy.RangerPolicyResource resourceTypes = policy.getResources().get("entity-type"); - - if (resourceEntity != null && resourceTypes != null) { - List entities = policy.getResources().get("entity").getValues(); - List entityTypesRaw = policy.getResources().get("entity-type").getValues(); - - if (entities.contains("*") && entityTypesRaw.contains("*")) { - shouldClauses.clear(); - shouldClauses.add(getMap("match_all", getMap("_name", policy.getGuid() + getPolicySuffix(policy)))); - break; - } - - Map dslForPolicyResources = getDSLForResources(entities, new HashSet<>(entityTypesRaw), null, - policy.getGuid() + getPolicySuffix(policy)); - shouldClauses.add(dslForPolicyResources); + if (MapUtils.isNotEmpty(policy.getResources())) { + List entities = new ArrayList<>(0); + List entityTypesRaw = new ArrayList<>(0); + + if (policy.getResources().get("entity") != null) { + entities = policy.getResources().get("entity").getValues(); } + + if (policy.getResources().get("entity-type") != null) { + entityTypesRaw = policy.getResources().get("entity-type").getValues(); + } + + if (entities.contains("*") && entityTypesRaw.contains("*")) { + shouldClauses.clear(); + shouldClauses.add(getMap("match_all", getMap("_name", policy.getGuid() + getPolicySuffix(policy)))); + break; + } + + Map dslForPolicyResources = getDSLForResources(entities, new HashSet<>(entityTypesRaw), null, + policy.getGuid() + getPolicySuffix(policy)); + shouldClauses.add(dslForPolicyResources); } } return shouldClauses; @@ -258,9 +274,13 @@ public static List> getDSLForTagPoliciesPerPolicy(List tags = policy.getResources().get("tag").getValues(); + List tags = new ArrayList<>(0); + if (policy.getResources().get("tag") != null) { + tags = policy.getResources().get("tag").getValues(); + } + if (!tags.isEmpty()) { List> tagsClauses = new ArrayList<>(); From b7c5ab403083dff656bbdddb0ad20307c2ee6833 Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte <89625355+nikhilbonte21@users.noreply.github.com> Date: Fri, 23 Feb 2024 18:08:21 +0530 Subject: [PATCH 12/15] Update maven.yml --- .github/workflows/maven.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 1b464a2bac..0977cb36a2 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -26,7 +26,6 @@ on: - development - master - lineageondemand - - fullrestrictionsonreads jobs: build: From 51d5e6def0385eac6210b0e39d58a549a2969604 Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Tue, 20 Feb 2024 15:47:29 +0530 Subject: [PATCH 13/15] PLT-860 Persona/Purpose disable/enable issue --- .../accesscontrol/PersonaPreProcessor.java | 20 ++++++--- .../accesscontrol/PurposePreProcessor.java | 41 ++++++++++++------- 2 files changed, 40 insertions(+), 21 deletions(-) diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PersonaPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PersonaPreProcessor.java index 77078f5c53..94c1e5970f 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PersonaPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PersonaPreProcessor.java @@ -18,11 +18,14 @@ package org.apache.atlas.repository.store.graph.v2.preprocessor.accesscontrol; +import com.sun.tools.javac.util.GraphUtils; import org.apache.atlas.RequestContext; import org.apache.atlas.exception.AtlasBaseException; import org.apache.atlas.auth.client.keycloak.AtlasKeycloakClient; import org.apache.atlas.model.instance.AtlasEntity; import org.apache.atlas.model.instance.AtlasObjectId; +import org.apache.atlas.model.instance.AtlasRelatedObjectId; +import org.apache.atlas.model.instance.AtlasRelationship; import org.apache.atlas.model.instance.AtlasStruct; import org.apache.atlas.model.instance.EntityMutations; import org.apache.atlas.repository.graphdb.AtlasGraph; @@ -30,6 +33,7 @@ import org.apache.atlas.repository.store.aliasstore.ESAliasStore; import org.apache.atlas.repository.store.aliasstore.IndexAliasStore; import org.apache.atlas.repository.store.graph.AtlasEntityStore; +import org.apache.atlas.repository.store.graph.v2.AtlasGraphUtilsV2; import org.apache.atlas.repository.store.graph.v2.EntityGraphRetriever; import org.apache.atlas.repository.store.graph.v2.EntityMutationContext; import org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessor; @@ -186,18 +190,22 @@ private void processUpdatePersona(EntityMutationContext context, AtlasStruct ent private void updatePoliciesIsEnabledAttr(EntityMutationContext context, AtlasEntity existingPersonaEntity, boolean enable) throws AtlasBaseException { - List policies = (List) existingPersonaEntity.getRelationshipAttribute(REL_ATTR_POLICIES); + List policies = (List) existingPersonaEntity.getRelationshipAttribute(REL_ATTR_POLICIES); if (CollectionUtils.isNotEmpty(policies)) { AtlasEntityType entityType = typeRegistry.getEntityTypeByName(POLICY_ENTITY_TYPE); - for (AtlasObjectId policy : policies) { - AtlasVertex policyVertex = entityRetriever.getEntityVertex(policy.getGuid()); + for (AtlasRelatedObjectId policy : policies) { + if (policy.getRelationshipStatus() == AtlasRelationship.Status.ACTIVE) { + AtlasVertex policyVertex = entityRetriever.getEntityVertex(policy.getGuid()); - AtlasEntity policyToBeUpdated = entityRetriever.toAtlasEntity(policyVertex); - policyToBeUpdated.setAttribute(ATTR_POLICY_IS_ENABLED, enable); + if (AtlasGraphUtilsV2.getState(policyVertex) == AtlasEntity.Status.ACTIVE) { + AtlasEntity policyToBeUpdated = entityRetriever.toAtlasEntity(policyVertex); + policyToBeUpdated.setAttribute(ATTR_POLICY_IS_ENABLED, enable); - context.addUpdated(policyToBeUpdated.getGuid(), policyToBeUpdated, entityType, policyVertex); + context.addUpdated(policyToBeUpdated.getGuid(), policyToBeUpdated, entityType, policyVertex); + } + } } } } diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PurposePreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PurposePreProcessor.java index ec88e3b134..1bb311e84e 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PurposePreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PurposePreProcessor.java @@ -22,6 +22,8 @@ import org.apache.atlas.exception.AtlasBaseException; import org.apache.atlas.model.instance.AtlasEntity; import org.apache.atlas.model.instance.AtlasObjectId; +import org.apache.atlas.model.instance.AtlasRelatedObjectId; +import org.apache.atlas.model.instance.AtlasRelationship; import org.apache.atlas.model.instance.AtlasStruct; import org.apache.atlas.model.instance.EntityMutations; import org.apache.atlas.repository.graphdb.AtlasGraph; @@ -29,6 +31,7 @@ import org.apache.atlas.repository.store.aliasstore.ESAliasStore; import org.apache.atlas.repository.store.aliasstore.IndexAliasStore; import org.apache.atlas.repository.store.graph.AtlasEntityStore; +import org.apache.atlas.repository.store.graph.v2.AtlasGraphUtilsV2; import org.apache.atlas.repository.store.graph.v2.EntityGraphRetriever; import org.apache.atlas.repository.store.graph.v2.EntityMutationContext; import org.apache.atlas.repository.store.graph.v2.preprocessor.PreProcessor; @@ -145,23 +148,27 @@ private void processUpdatePurpose(EntityMutationContext context, if (!CollectionUtils.isEmpty(newTags) && !CollectionUtils.isEqualCollection(newTags, getPurposeTags(existingPurposeEntity))) { validateUniquenessByTags(graph, newTags, PURPOSE_ENTITY_TYPE); - List policies = (List) existingPurposeEntity.getRelationshipAttribute(REL_ATTR_POLICIES); + List policies = (List) existingPurposeEntity.getRelationshipAttribute(REL_ATTR_POLICIES); if (CollectionUtils.isNotEmpty(policies)) { AtlasEntityType entityType = typeRegistry.getEntityTypeByName(POLICY_ENTITY_TYPE); List newTagsResources = newTags.stream().map(x -> "tag:" + x).collect(Collectors.toList()); - for (AtlasObjectId policy : policies) { - AtlasVertex policyVertex = entityRetriever.getEntityVertex(policy.getGuid()); + for (AtlasRelatedObjectId policy : policies) { + if (policy.getRelationshipStatus() == AtlasRelationship.Status.ACTIVE) { + AtlasVertex policyVertex = entityRetriever.getEntityVertex(policy.getGuid()); - policyVertex.removeProperty(ATTR_POLICY_RESOURCES); + if (AtlasGraphUtilsV2.getState(policyVertex) == AtlasEntity.Status.ACTIVE) { + policyVertex.removeProperty(ATTR_POLICY_RESOURCES); - AtlasEntity policyToBeUpdated = entityRetriever.toAtlasEntity(policyVertex); - policyToBeUpdated.setAttribute(ATTR_POLICY_RESOURCES, newTagsResources); + AtlasEntity policyToBeUpdated = entityRetriever.toAtlasEntity(policyVertex); + policyToBeUpdated.setAttribute(ATTR_POLICY_RESOURCES, newTagsResources); - context.addUpdated(policyToBeUpdated.getGuid(), policyToBeUpdated, entityType, policyVertex); + context.addUpdated(policyToBeUpdated.getGuid(), policyToBeUpdated, entityType, policyVertex); - existingPurposeExtInfo.addReferredEntity(policyToBeUpdated); + existingPurposeExtInfo.addReferredEntity(policyToBeUpdated); + } + } } } @@ -173,21 +180,25 @@ private void processUpdatePurpose(EntityMutationContext context, RequestContext.get().endMetricRecord(metricRecorder); } - private void updatePoliciesIsEnabledAttr(EntityMutationContext context, AtlasEntity existingPersonaEntity, + private void updatePoliciesIsEnabledAttr(EntityMutationContext context, AtlasEntity existingPurposeEntity, boolean enable) throws AtlasBaseException { - List policies = (List) existingPersonaEntity.getRelationshipAttribute(REL_ATTR_POLICIES); + List policies = (List) existingPurposeEntity.getRelationshipAttribute(REL_ATTR_POLICIES); if (CollectionUtils.isNotEmpty(policies)) { AtlasEntityType entityType = typeRegistry.getEntityTypeByName(POLICY_ENTITY_TYPE); - for (AtlasObjectId policy : policies) { - AtlasVertex policyVertex = entityRetriever.getEntityVertex(policy.getGuid()); + for (AtlasRelatedObjectId policy : policies) { + if (policy.getRelationshipStatus() == AtlasRelationship.Status.ACTIVE) { + AtlasVertex policyVertex = entityRetriever.getEntityVertex(policy.getGuid()); - AtlasEntity policyToBeUpdated = entityRetriever.toAtlasEntity(policyVertex); - policyToBeUpdated.setAttribute(ATTR_POLICY_IS_ENABLED, enable); + if (AtlasGraphUtilsV2.getState(policyVertex) == AtlasEntity.Status.ACTIVE) { + AtlasEntity policyToBeUpdated = entityRetriever.toAtlasEntity(policyVertex); + policyToBeUpdated.setAttribute(ATTR_POLICY_IS_ENABLED, enable); - context.addUpdated(policyToBeUpdated.getGuid(), policyToBeUpdated, entityType, policyVertex); + context.addUpdated(policyToBeUpdated.getGuid(), policyToBeUpdated, entityType, policyVertex); + } + } } } } From 828035ffe95df25523a2f10125efa75291b65dcc Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Tue, 20 Feb 2024 15:49:34 +0530 Subject: [PATCH 14/15] PLT-860 refactoring --- .../graph/v2/preprocessor/accesscontrol/PersonaPreProcessor.java | 1 - 1 file changed, 1 deletion(-) diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PersonaPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PersonaPreProcessor.java index 94c1e5970f..3541e3e4a7 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PersonaPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PersonaPreProcessor.java @@ -18,7 +18,6 @@ package org.apache.atlas.repository.store.graph.v2.preprocessor.accesscontrol; -import com.sun.tools.javac.util.GraphUtils; import org.apache.atlas.RequestContext; import org.apache.atlas.exception.AtlasBaseException; import org.apache.atlas.auth.client.keycloak.AtlasKeycloakClient; From 762f147e698918c0028fa2fe27bd37e9333dd60b Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Fri, 22 Mar 2024 16:49:43 +0530 Subject: [PATCH 15/15] Remove wrapping user query --- .../org/apache/atlas/discovery/EntityDiscoveryService.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java index 76e1e798bd..4b76be8cac 100644 --- a/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java +++ b/repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java @@ -1181,21 +1181,24 @@ private void addPreFiltersToSearchQuery(SearchParams searchParams) { Map allPreFiltersBoolClause = NewAuthorizerUtils.getPreFilterDsl(persona, purpose, actions); mustClauseList.add(allPreFiltersBoolClause); + mustClauseList.add((Map) ((IndexSearchParams) searchParams).getDsl().get("query")); + String dslString = searchParams.getQuery(); JsonNode node = mapper.readTree(dslString); - JsonNode userQueryNode = node.get("query"); + /*JsonNode userQueryNode = node.get("query"); if (userQueryNode != null) { String userQueryString = userQueryNode.toString(); String userQueryBase64 = Base64.getEncoder().encodeToString(userQueryString.getBytes()); mustClauseList.add(getMap("wrapper", getMap("query", userQueryBase64))); - } + }*/ JsonNode updateQueryNode = mapper.valueToTree(getMap("bool", getMap("must", mustClauseList))); ((ObjectNode) node).set("query", updateQueryNode); searchParams.setQuery(node.toString()); + RequestContext.get().endMetricRecord(addPreFiltersToSearchQueryMetric); } catch (Exception e) {